1 /* 2 * Overlayfs NFS export support. 3 * 4 * Amir Goldstein <amir73il@gmail.com> 5 * 6 * Copyright (C) 2017-2018 CTERA Networks. All Rights Reserved. 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License version 2 as published by 10 * the Free Software Foundation. 11 */ 12 13 #include <linux/fs.h> 14 #include <linux/cred.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/xattr.h> 18 #include <linux/exportfs.h> 19 #include <linux/ratelimit.h> 20 #include "overlayfs.h" 21 22 /* 23 * We only need to encode origin if there is a chance that the same object was 24 * encoded pre copy up and then we need to stay consistent with the same 25 * encoding also after copy up. If non-pure upper is not indexed, then it was 26 * copied up before NFS export was enabled. In that case we don't need to worry 27 * about staying consistent with pre copy up encoding and we encode an upper 28 * file handle. Overlay root dentry is a private case of non-indexed upper. 29 * 30 * The following table summarizes the different file handle encodings used for 31 * different overlay object types: 32 * 33 * Object type | Encoding 34 * -------------------------------- 35 * Pure upper | U 36 * Non-indexed upper | U 37 * Indexed upper | L (*) 38 * Non-upper | L (*) 39 * 40 * U = upper file handle 41 * L = lower file handle 42 * 43 * (*) Connecting an overlay dir from real lower dentry is not always 44 * possible when there are redirects in lower layers. To mitigate this case, 45 * we copy up the lower dir first and then encode an upper dir file handle. 46 */ 47 static bool ovl_should_encode_origin(struct dentry *dentry) 48 { 49 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 50 51 if (!ovl_dentry_lower(dentry)) 52 return false; 53 54 /* 55 * Decoding a merge dir, whose origin's parent is under a redirected 56 * lower dir is not always possible. As a simple aproximation, we do 57 * not encode lower dir file handles when overlay has multiple lower 58 * layers and origin is below the topmost lower layer. 59 * 60 * TODO: copy up only the parent that is under redirected lower. 61 */ 62 if (d_is_dir(dentry) && ofs->upper_mnt && 63 OVL_E(dentry)->lowerstack[0].layer->idx > 1) 64 return false; 65 66 /* Decoding a non-indexed upper from origin is not implemented */ 67 if (ovl_dentry_upper(dentry) && 68 !ovl_test_flag(OVL_INDEX, d_inode(dentry))) 69 return false; 70 71 return true; 72 } 73 74 static int ovl_encode_maybe_copy_up(struct dentry *dentry) 75 { 76 int err; 77 78 if (ovl_dentry_upper(dentry)) 79 return 0; 80 81 err = ovl_want_write(dentry); 82 if (err) 83 return err; 84 85 err = ovl_copy_up(dentry); 86 87 ovl_drop_write(dentry); 88 return err; 89 } 90 91 static int ovl_d_to_fh(struct dentry *dentry, char *buf, int buflen) 92 { 93 struct dentry *origin = ovl_dentry_lower(dentry); 94 struct ovl_fh *fh = NULL; 95 int err; 96 97 /* 98 * If we should not encode a lower dir file handle, copy up and encode 99 * an upper dir file handle. 100 */ 101 if (!ovl_should_encode_origin(dentry)) { 102 err = ovl_encode_maybe_copy_up(dentry); 103 if (err) 104 goto fail; 105 106 origin = NULL; 107 } 108 109 /* Encode an upper or origin file handle */ 110 fh = ovl_encode_fh(origin ?: ovl_dentry_upper(dentry), !origin); 111 err = PTR_ERR(fh); 112 if (IS_ERR(fh)) 113 goto fail; 114 115 err = -EOVERFLOW; 116 if (fh->len > buflen) 117 goto fail; 118 119 memcpy(buf, (char *)fh, fh->len); 120 err = fh->len; 121 122 out: 123 kfree(fh); 124 return err; 125 126 fail: 127 pr_warn_ratelimited("overlayfs: failed to encode file handle (%pd2, err=%i, buflen=%d, len=%d, type=%d)\n", 128 dentry, err, buflen, fh ? (int)fh->len : 0, 129 fh ? fh->type : 0); 130 goto out; 131 } 132 133 static int ovl_dentry_to_fh(struct dentry *dentry, u32 *fid, int *max_len) 134 { 135 int res, len = *max_len << 2; 136 137 res = ovl_d_to_fh(dentry, (char *)fid, len); 138 if (res <= 0) 139 return FILEID_INVALID; 140 141 len = res; 142 143 /* Round up to dwords */ 144 *max_len = (len + 3) >> 2; 145 return OVL_FILEID; 146 } 147 148 static int ovl_encode_inode_fh(struct inode *inode, u32 *fid, int *max_len, 149 struct inode *parent) 150 { 151 struct dentry *dentry; 152 int type; 153 154 /* TODO: encode connectable file handles */ 155 if (parent) 156 return FILEID_INVALID; 157 158 dentry = d_find_any_alias(inode); 159 if (WARN_ON(!dentry)) 160 return FILEID_INVALID; 161 162 type = ovl_dentry_to_fh(dentry, fid, max_len); 163 164 dput(dentry); 165 return type; 166 } 167 168 /* 169 * Find or instantiate an overlay dentry from real dentries and index. 170 */ 171 static struct dentry *ovl_obtain_alias(struct super_block *sb, 172 struct dentry *upper_alias, 173 struct ovl_path *lowerpath, 174 struct dentry *index) 175 { 176 struct dentry *lower = lowerpath ? lowerpath->dentry : NULL; 177 struct dentry *upper = upper_alias ?: index; 178 struct dentry *dentry; 179 struct inode *inode; 180 struct ovl_entry *oe; 181 182 /* We get overlay directory dentries with ovl_lookup_real() */ 183 if (d_is_dir(upper ?: lower)) 184 return ERR_PTR(-EIO); 185 186 inode = ovl_get_inode(sb, dget(upper), lower, index, !!lower); 187 if (IS_ERR(inode)) { 188 dput(upper); 189 return ERR_CAST(inode); 190 } 191 192 if (index) 193 ovl_set_flag(OVL_INDEX, inode); 194 195 dentry = d_find_any_alias(inode); 196 if (!dentry) { 197 dentry = d_alloc_anon(inode->i_sb); 198 if (!dentry) 199 goto nomem; 200 oe = ovl_alloc_entry(lower ? 1 : 0); 201 if (!oe) 202 goto nomem; 203 204 if (lower) { 205 oe->lowerstack->dentry = dget(lower); 206 oe->lowerstack->layer = lowerpath->layer; 207 } 208 dentry->d_fsdata = oe; 209 if (upper_alias) 210 ovl_dentry_set_upper_alias(dentry); 211 } 212 213 return d_instantiate_anon(dentry, inode); 214 215 nomem: 216 iput(inode); 217 dput(dentry); 218 return ERR_PTR(-ENOMEM); 219 } 220 221 /* Get the upper or lower dentry in stach whose on layer @idx */ 222 static struct dentry *ovl_dentry_real_at(struct dentry *dentry, int idx) 223 { 224 struct ovl_entry *oe = dentry->d_fsdata; 225 int i; 226 227 if (!idx) 228 return ovl_dentry_upper(dentry); 229 230 for (i = 0; i < oe->numlower; i++) { 231 if (oe->lowerstack[i].layer->idx == idx) 232 return oe->lowerstack[i].dentry; 233 } 234 235 return NULL; 236 } 237 238 /* 239 * Lookup a child overlay dentry to get a connected overlay dentry whose real 240 * dentry is @real. If @real is on upper layer, we lookup a child overlay 241 * dentry with the same name as the real dentry. Otherwise, we need to consult 242 * index for lookup. 243 */ 244 static struct dentry *ovl_lookup_real_one(struct dentry *connected, 245 struct dentry *real, 246 struct ovl_layer *layer) 247 { 248 struct inode *dir = d_inode(connected); 249 struct dentry *this, *parent = NULL; 250 struct name_snapshot name; 251 int err; 252 253 /* 254 * Lookup child overlay dentry by real name. The dir mutex protects us 255 * from racing with overlay rename. If the overlay dentry that is above 256 * real has already been moved to a parent that is not under the 257 * connected overlay dir, we return -ECHILD and restart the lookup of 258 * connected real path from the top. 259 */ 260 inode_lock_nested(dir, I_MUTEX_PARENT); 261 err = -ECHILD; 262 parent = dget_parent(real); 263 if (ovl_dentry_real_at(connected, layer->idx) != parent) 264 goto fail; 265 266 /* 267 * We also need to take a snapshot of real dentry name to protect us 268 * from racing with underlying layer rename. In this case, we don't 269 * care about returning ESTALE, only from dereferencing a free name 270 * pointer because we hold no lock on the real dentry. 271 */ 272 take_dentry_name_snapshot(&name, real); 273 this = lookup_one_len(name.name, connected, strlen(name.name)); 274 err = PTR_ERR(this); 275 if (IS_ERR(this)) { 276 goto fail; 277 } else if (!this || !this->d_inode) { 278 dput(this); 279 err = -ENOENT; 280 goto fail; 281 } else if (ovl_dentry_real_at(this, layer->idx) != real) { 282 dput(this); 283 err = -ESTALE; 284 goto fail; 285 } 286 287 out: 288 release_dentry_name_snapshot(&name); 289 dput(parent); 290 inode_unlock(dir); 291 return this; 292 293 fail: 294 pr_warn_ratelimited("overlayfs: failed to lookup one by real (%pd2, layer=%d, connected=%pd2, err=%i)\n", 295 real, layer->idx, connected, err); 296 this = ERR_PTR(err); 297 goto out; 298 } 299 300 static struct dentry *ovl_lookup_real(struct super_block *sb, 301 struct dentry *real, 302 struct ovl_layer *layer); 303 304 /* 305 * Lookup an indexed or hashed overlay dentry by real inode. 306 */ 307 static struct dentry *ovl_lookup_real_inode(struct super_block *sb, 308 struct dentry *real, 309 struct ovl_layer *layer) 310 { 311 struct ovl_fs *ofs = sb->s_fs_info; 312 struct ovl_layer upper_layer = { .mnt = ofs->upper_mnt }; 313 struct dentry *index = NULL; 314 struct dentry *this = NULL; 315 struct inode *inode; 316 317 /* 318 * Decoding upper dir from index is expensive, so first try to lookup 319 * overlay dentry in inode/dcache. 320 */ 321 inode = ovl_lookup_inode(sb, real, !layer->idx); 322 if (IS_ERR(inode)) 323 return ERR_CAST(inode); 324 if (inode) { 325 this = d_find_any_alias(inode); 326 iput(inode); 327 } 328 329 /* 330 * For decoded lower dir file handle, lookup index by origin to check 331 * if lower dir was copied up and and/or removed. 332 */ 333 if (!this && layer->idx && ofs->indexdir && !WARN_ON(!d_is_dir(real))) { 334 index = ovl_lookup_index(ofs, NULL, real, false); 335 if (IS_ERR(index)) 336 return index; 337 } 338 339 /* Get connected upper overlay dir from index */ 340 if (index) { 341 struct dentry *upper = ovl_index_upper(ofs, index); 342 343 dput(index); 344 if (IS_ERR_OR_NULL(upper)) 345 return upper; 346 347 /* 348 * ovl_lookup_real() in lower layer may call recursively once to 349 * ovl_lookup_real() in upper layer. The first level call walks 350 * back lower parents to the topmost indexed parent. The second 351 * recursive call walks back from indexed upper to the topmost 352 * connected/hashed upper parent (or up to root). 353 */ 354 this = ovl_lookup_real(sb, upper, &upper_layer); 355 dput(upper); 356 } 357 358 if (!this) 359 return NULL; 360 361 if (WARN_ON(ovl_dentry_real_at(this, layer->idx) != real)) { 362 dput(this); 363 this = ERR_PTR(-EIO); 364 } 365 366 return this; 367 } 368 369 /* 370 * Lookup an indexed or hashed overlay dentry, whose real dentry is an 371 * ancestor of @real. 372 */ 373 static struct dentry *ovl_lookup_real_ancestor(struct super_block *sb, 374 struct dentry *real, 375 struct ovl_layer *layer) 376 { 377 struct dentry *next, *parent = NULL; 378 struct dentry *ancestor = ERR_PTR(-EIO); 379 380 if (real == layer->mnt->mnt_root) 381 return dget(sb->s_root); 382 383 /* Find the topmost indexed or hashed ancestor */ 384 next = dget(real); 385 for (;;) { 386 parent = dget_parent(next); 387 388 /* 389 * Lookup a matching overlay dentry in inode/dentry 390 * cache or in index by real inode. 391 */ 392 ancestor = ovl_lookup_real_inode(sb, next, layer); 393 if (ancestor) 394 break; 395 396 if (parent == layer->mnt->mnt_root) { 397 ancestor = dget(sb->s_root); 398 break; 399 } 400 401 /* 402 * If @real has been moved out of the layer root directory, 403 * we will eventully hit the real fs root. This cannot happen 404 * by legit overlay rename, so we return error in that case. 405 */ 406 if (parent == next) { 407 ancestor = ERR_PTR(-EXDEV); 408 break; 409 } 410 411 dput(next); 412 next = parent; 413 } 414 415 dput(parent); 416 dput(next); 417 418 return ancestor; 419 } 420 421 /* 422 * Lookup a connected overlay dentry whose real dentry is @real. 423 * If @real is on upper layer, we lookup a child overlay dentry with the same 424 * path the real dentry. Otherwise, we need to consult index for lookup. 425 */ 426 static struct dentry *ovl_lookup_real(struct super_block *sb, 427 struct dentry *real, 428 struct ovl_layer *layer) 429 { 430 struct dentry *connected; 431 int err = 0; 432 433 connected = ovl_lookup_real_ancestor(sb, real, layer); 434 if (IS_ERR(connected)) 435 return connected; 436 437 while (!err) { 438 struct dentry *next, *this; 439 struct dentry *parent = NULL; 440 struct dentry *real_connected = ovl_dentry_real_at(connected, 441 layer->idx); 442 443 if (real_connected == real) 444 break; 445 446 /* Find the topmost dentry not yet connected */ 447 next = dget(real); 448 for (;;) { 449 parent = dget_parent(next); 450 451 if (parent == real_connected) 452 break; 453 454 /* 455 * If real has been moved out of 'real_connected', 456 * we will not find 'real_connected' and hit the layer 457 * root. In that case, we need to restart connecting. 458 * This game can go on forever in the worst case. We 459 * may want to consider taking s_vfs_rename_mutex if 460 * this happens more than once. 461 */ 462 if (parent == layer->mnt->mnt_root) { 463 dput(connected); 464 connected = dget(sb->s_root); 465 break; 466 } 467 468 /* 469 * If real file has been moved out of the layer root 470 * directory, we will eventully hit the real fs root. 471 * This cannot happen by legit overlay rename, so we 472 * return error in that case. 473 */ 474 if (parent == next) { 475 err = -EXDEV; 476 break; 477 } 478 479 dput(next); 480 next = parent; 481 } 482 483 if (!err) { 484 this = ovl_lookup_real_one(connected, next, layer); 485 if (IS_ERR(this)) 486 err = PTR_ERR(this); 487 488 /* 489 * Lookup of child in overlay can fail when racing with 490 * overlay rename of child away from 'connected' parent. 491 * In this case, we need to restart the lookup from the 492 * top, because we cannot trust that 'real_connected' is 493 * still an ancestor of 'real'. There is a good chance 494 * that the renamed overlay ancestor is now in cache, so 495 * ovl_lookup_real_ancestor() will find it and we can 496 * continue to connect exactly from where lookup failed. 497 */ 498 if (err == -ECHILD) { 499 this = ovl_lookup_real_ancestor(sb, real, 500 layer); 501 err = IS_ERR(this) ? PTR_ERR(this) : 0; 502 } 503 if (!err) { 504 dput(connected); 505 connected = this; 506 } 507 } 508 509 dput(parent); 510 dput(next); 511 } 512 513 if (err) 514 goto fail; 515 516 return connected; 517 518 fail: 519 pr_warn_ratelimited("overlayfs: failed to lookup by real (%pd2, layer=%d, connected=%pd2, err=%i)\n", 520 real, layer->idx, connected, err); 521 dput(connected); 522 return ERR_PTR(err); 523 } 524 525 /* 526 * Get an overlay dentry from upper/lower real dentries and index. 527 */ 528 static struct dentry *ovl_get_dentry(struct super_block *sb, 529 struct dentry *upper, 530 struct ovl_path *lowerpath, 531 struct dentry *index) 532 { 533 struct ovl_fs *ofs = sb->s_fs_info; 534 struct ovl_layer upper_layer = { .mnt = ofs->upper_mnt }; 535 struct ovl_layer *layer = upper ? &upper_layer : lowerpath->layer; 536 struct dentry *real = upper ?: (index ?: lowerpath->dentry); 537 538 /* 539 * Obtain a disconnected overlay dentry from a non-dir real dentry 540 * and index. 541 */ 542 if (!d_is_dir(real)) 543 return ovl_obtain_alias(sb, upper, lowerpath, index); 544 545 /* Removed empty directory? */ 546 if ((real->d_flags & DCACHE_DISCONNECTED) || d_unhashed(real)) 547 return ERR_PTR(-ENOENT); 548 549 /* 550 * If real dentry is connected and hashed, get a connected overlay 551 * dentry whose real dentry is @real. 552 */ 553 return ovl_lookup_real(sb, real, layer); 554 } 555 556 static struct dentry *ovl_upper_fh_to_d(struct super_block *sb, 557 struct ovl_fh *fh) 558 { 559 struct ovl_fs *ofs = sb->s_fs_info; 560 struct dentry *dentry; 561 struct dentry *upper; 562 563 if (!ofs->upper_mnt) 564 return ERR_PTR(-EACCES); 565 566 upper = ovl_decode_fh(fh, ofs->upper_mnt); 567 if (IS_ERR_OR_NULL(upper)) 568 return upper; 569 570 dentry = ovl_get_dentry(sb, upper, NULL, NULL); 571 dput(upper); 572 573 return dentry; 574 } 575 576 static struct dentry *ovl_lower_fh_to_d(struct super_block *sb, 577 struct ovl_fh *fh) 578 { 579 struct ovl_fs *ofs = sb->s_fs_info; 580 struct ovl_path origin = { }; 581 struct ovl_path *stack = &origin; 582 struct dentry *dentry = NULL; 583 struct dentry *index = NULL; 584 struct inode *inode = NULL; 585 bool is_deleted = false; 586 int err; 587 588 /* First lookup indexed upper by fh */ 589 if (ofs->indexdir) { 590 index = ovl_get_index_fh(ofs, fh); 591 err = PTR_ERR(index); 592 if (IS_ERR(index)) { 593 if (err != -ESTALE) 594 return ERR_PTR(err); 595 596 /* Found a whiteout index - treat as deleted inode */ 597 is_deleted = true; 598 index = NULL; 599 } 600 } 601 602 /* Then try to get upper dir by index */ 603 if (index && d_is_dir(index)) { 604 struct dentry *upper = ovl_index_upper(ofs, index); 605 606 err = PTR_ERR(upper); 607 if (IS_ERR_OR_NULL(upper)) 608 goto out_err; 609 610 dentry = ovl_get_dentry(sb, upper, NULL, NULL); 611 dput(upper); 612 goto out; 613 } 614 615 /* Then lookup origin by fh */ 616 err = ovl_check_origin_fh(ofs, fh, NULL, &stack); 617 if (err) { 618 goto out_err; 619 } else if (index) { 620 err = ovl_verify_origin(index, origin.dentry, false); 621 if (err) 622 goto out_err; 623 } else if (is_deleted) { 624 /* Lookup deleted non-dir by origin inode */ 625 if (!d_is_dir(origin.dentry)) 626 inode = ovl_lookup_inode(sb, origin.dentry, false); 627 err = -ESTALE; 628 if (!inode || atomic_read(&inode->i_count) == 1) 629 goto out_err; 630 631 /* Deleted but still open? */ 632 index = dget(ovl_i_dentry_upper(inode)); 633 } 634 635 dentry = ovl_get_dentry(sb, NULL, &origin, index); 636 637 out: 638 dput(origin.dentry); 639 dput(index); 640 iput(inode); 641 return dentry; 642 643 out_err: 644 dentry = ERR_PTR(err); 645 goto out; 646 } 647 648 static struct dentry *ovl_fh_to_dentry(struct super_block *sb, struct fid *fid, 649 int fh_len, int fh_type) 650 { 651 struct dentry *dentry = NULL; 652 struct ovl_fh *fh = (struct ovl_fh *) fid; 653 int len = fh_len << 2; 654 unsigned int flags = 0; 655 int err; 656 657 err = -EINVAL; 658 if (fh_type != OVL_FILEID) 659 goto out_err; 660 661 err = ovl_check_fh_len(fh, len); 662 if (err) 663 goto out_err; 664 665 flags = fh->flags; 666 dentry = (flags & OVL_FH_FLAG_PATH_UPPER) ? 667 ovl_upper_fh_to_d(sb, fh) : 668 ovl_lower_fh_to_d(sb, fh); 669 err = PTR_ERR(dentry); 670 if (IS_ERR(dentry) && err != -ESTALE) 671 goto out_err; 672 673 return dentry; 674 675 out_err: 676 pr_warn_ratelimited("overlayfs: failed to decode file handle (len=%d, type=%d, flags=%x, err=%i)\n", 677 len, fh_type, flags, err); 678 return ERR_PTR(err); 679 } 680 681 static struct dentry *ovl_fh_to_parent(struct super_block *sb, struct fid *fid, 682 int fh_len, int fh_type) 683 { 684 pr_warn_ratelimited("overlayfs: connectable file handles not supported; use 'no_subtree_check' exportfs option.\n"); 685 return ERR_PTR(-EACCES); 686 } 687 688 static int ovl_get_name(struct dentry *parent, char *name, 689 struct dentry *child) 690 { 691 /* 692 * ovl_fh_to_dentry() returns connected dir overlay dentries and 693 * ovl_fh_to_parent() is not implemented, so we should not get here. 694 */ 695 WARN_ON_ONCE(1); 696 return -EIO; 697 } 698 699 static struct dentry *ovl_get_parent(struct dentry *dentry) 700 { 701 /* 702 * ovl_fh_to_dentry() returns connected dir overlay dentries, so we 703 * should not get here. 704 */ 705 WARN_ON_ONCE(1); 706 return ERR_PTR(-EIO); 707 } 708 709 const struct export_operations ovl_export_operations = { 710 .encode_fh = ovl_encode_inode_fh, 711 .fh_to_dentry = ovl_fh_to_dentry, 712 .fh_to_parent = ovl_fh_to_parent, 713 .get_name = ovl_get_name, 714 .get_parent = ovl_get_parent, 715 }; 716