1bbb1e54dSMiklos Szeredi /* 2bbb1e54dSMiklos Szeredi * Copyright (C) 2011 Novell Inc. 3bbb1e54dSMiklos Szeredi * Copyright (C) 2016 Red Hat, Inc. 4bbb1e54dSMiklos Szeredi * 5bbb1e54dSMiklos Szeredi * This program is free software; you can redistribute it and/or modify it 6bbb1e54dSMiklos Szeredi * under the terms of the GNU General Public License version 2 as published by 7bbb1e54dSMiklos Szeredi * the Free Software Foundation. 8bbb1e54dSMiklos Szeredi */ 9bbb1e54dSMiklos Szeredi 10bbb1e54dSMiklos Szeredi #include <linux/fs.h> 115b825c3aSIngo Molnar #include <linux/cred.h> 129ee60ce2SAmir Goldstein #include <linux/ctype.h> 13bbb1e54dSMiklos Szeredi #include <linux/namei.h> 14bbb1e54dSMiklos Szeredi #include <linux/xattr.h> 1502b69b28SMiklos Szeredi #include <linux/ratelimit.h> 16a9d01957SAmir Goldstein #include <linux/mount.h> 17a9d01957SAmir Goldstein #include <linux/exportfs.h> 18bbb1e54dSMiklos Szeredi #include "overlayfs.h" 19bbb1e54dSMiklos Szeredi 20e28edc46SMiklos Szeredi struct ovl_lookup_data { 21e28edc46SMiklos Szeredi struct qstr name; 22e28edc46SMiklos Szeredi bool is_dir; 23e28edc46SMiklos Szeredi bool opaque; 24e28edc46SMiklos Szeredi bool stop; 25e28edc46SMiklos Szeredi bool last; 2602b69b28SMiklos Szeredi char *redirect; 27e28edc46SMiklos Szeredi }; 28bbb1e54dSMiklos Szeredi 2902b69b28SMiklos Szeredi static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, 3002b69b28SMiklos Szeredi size_t prelen, const char *post) 3102b69b28SMiklos Szeredi { 3202b69b28SMiklos Szeredi int res; 3302b69b28SMiklos Szeredi char *s, *next, *buf = NULL; 3402b69b28SMiklos Szeredi 3502b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); 3602b69b28SMiklos Szeredi if (res < 0) { 3702b69b28SMiklos Szeredi if (res == -ENODATA || res == -EOPNOTSUPP) 3802b69b28SMiklos Szeredi return 0; 3902b69b28SMiklos Szeredi goto fail; 4002b69b28SMiklos Szeredi } 410ee931c4SMichal Hocko buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL); 4202b69b28SMiklos Szeredi if (!buf) 4302b69b28SMiklos Szeredi return -ENOMEM; 4402b69b28SMiklos Szeredi 4502b69b28SMiklos Szeredi if (res == 0) 4602b69b28SMiklos Szeredi goto invalid; 4702b69b28SMiklos Szeredi 4802b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); 4902b69b28SMiklos Szeredi if (res < 0) 5002b69b28SMiklos Szeredi goto fail; 5102b69b28SMiklos Szeredi if (res == 0) 5202b69b28SMiklos Szeredi goto invalid; 5302b69b28SMiklos Szeredi if (buf[0] == '/') { 5402b69b28SMiklos Szeredi for (s = buf; *s++ == '/'; s = next) { 5502b69b28SMiklos Szeredi next = strchrnul(s, '/'); 5602b69b28SMiklos Szeredi if (s == next) 5702b69b28SMiklos Szeredi goto invalid; 5802b69b28SMiklos Szeredi } 5902b69b28SMiklos Szeredi } else { 6002b69b28SMiklos Szeredi if (strchr(buf, '/') != NULL) 6102b69b28SMiklos Szeredi goto invalid; 6202b69b28SMiklos Szeredi 6302b69b28SMiklos Szeredi memmove(buf + prelen, buf, res); 6402b69b28SMiklos Szeredi memcpy(buf, d->name.name, prelen); 6502b69b28SMiklos Szeredi } 6602b69b28SMiklos Szeredi 6702b69b28SMiklos Szeredi strcat(buf, post); 6802b69b28SMiklos Szeredi kfree(d->redirect); 6902b69b28SMiklos Szeredi d->redirect = buf; 7002b69b28SMiklos Szeredi d->name.name = d->redirect; 7102b69b28SMiklos Szeredi d->name.len = strlen(d->redirect); 7202b69b28SMiklos Szeredi 7302b69b28SMiklos Szeredi return 0; 7402b69b28SMiklos Szeredi 7502b69b28SMiklos Szeredi err_free: 7602b69b28SMiklos Szeredi kfree(buf); 7702b69b28SMiklos Szeredi return 0; 7802b69b28SMiklos Szeredi fail: 7902b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); 8002b69b28SMiklos Szeredi goto err_free; 8102b69b28SMiklos Szeredi invalid: 8202b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); 8302b69b28SMiklos Szeredi goto err_free; 8402b69b28SMiklos Szeredi } 8502b69b28SMiklos Szeredi 86a9d01957SAmir Goldstein static int ovl_acceptable(void *ctx, struct dentry *dentry) 87a9d01957SAmir Goldstein { 88e8f9e5b7SAmir Goldstein /* 89e8f9e5b7SAmir Goldstein * A non-dir origin may be disconnected, which is fine, because 90e8f9e5b7SAmir Goldstein * we only need it for its unique inode number. 91e8f9e5b7SAmir Goldstein */ 92e8f9e5b7SAmir Goldstein if (!d_is_dir(dentry)) 93a9d01957SAmir Goldstein return 1; 94e8f9e5b7SAmir Goldstein 95e8f9e5b7SAmir Goldstein /* Don't decode a deleted empty directory */ 96e8f9e5b7SAmir Goldstein if (d_unhashed(dentry)) 97e8f9e5b7SAmir Goldstein return 0; 98e8f9e5b7SAmir Goldstein 99e8f9e5b7SAmir Goldstein /* Check if directory belongs to the layer we are decoding from */ 100e8f9e5b7SAmir Goldstein return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root); 101a9d01957SAmir Goldstein } 102a9d01957SAmir Goldstein 1032e1a5328SAmir Goldstein /* 1042e1a5328SAmir Goldstein * Check validity of an overlay file handle buffer. 1052e1a5328SAmir Goldstein * 1062e1a5328SAmir Goldstein * Return 0 for a valid file handle. 1072e1a5328SAmir Goldstein * Return -ENODATA for "origin unknown". 1082e1a5328SAmir Goldstein * Return <0 for an invalid file handle. 1092e1a5328SAmir Goldstein */ 1108556a420SAmir Goldstein int ovl_check_fh_len(struct ovl_fh *fh, int fh_len) 1112e1a5328SAmir Goldstein { 1122e1a5328SAmir Goldstein if (fh_len < sizeof(struct ovl_fh) || fh_len < fh->len) 1132e1a5328SAmir Goldstein return -EINVAL; 1142e1a5328SAmir Goldstein 1152e1a5328SAmir Goldstein if (fh->magic != OVL_FH_MAGIC) 1162e1a5328SAmir Goldstein return -EINVAL; 1172e1a5328SAmir Goldstein 1182e1a5328SAmir Goldstein /* Treat larger version and unknown flags as "origin unknown" */ 1192e1a5328SAmir Goldstein if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) 1202e1a5328SAmir Goldstein return -ENODATA; 1212e1a5328SAmir Goldstein 1222e1a5328SAmir Goldstein /* Treat endianness mismatch as "origin unknown" */ 1232e1a5328SAmir Goldstein if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && 1242e1a5328SAmir Goldstein (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 1252e1a5328SAmir Goldstein return -ENODATA; 1262e1a5328SAmir Goldstein 1272e1a5328SAmir Goldstein return 0; 1282e1a5328SAmir Goldstein } 1292e1a5328SAmir Goldstein 13005122443SAmir Goldstein static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name) 131a9d01957SAmir Goldstein { 1322e1a5328SAmir Goldstein int res, err; 133a9d01957SAmir Goldstein struct ovl_fh *fh = NULL; 134a9d01957SAmir Goldstein 13505122443SAmir Goldstein res = vfs_getxattr(dentry, name, NULL, 0); 136a9d01957SAmir Goldstein if (res < 0) { 137a9d01957SAmir Goldstein if (res == -ENODATA || res == -EOPNOTSUPP) 138a9d01957SAmir Goldstein return NULL; 139a9d01957SAmir Goldstein goto fail; 140a9d01957SAmir Goldstein } 141a9d01957SAmir Goldstein /* Zero size value means "copied up but origin unknown" */ 142a9d01957SAmir Goldstein if (res == 0) 143a9d01957SAmir Goldstein return NULL; 144a9d01957SAmir Goldstein 1450ee931c4SMichal Hocko fh = kzalloc(res, GFP_KERNEL); 146a9d01957SAmir Goldstein if (!fh) 147a9d01957SAmir Goldstein return ERR_PTR(-ENOMEM); 148a9d01957SAmir Goldstein 14905122443SAmir Goldstein res = vfs_getxattr(dentry, name, fh, res); 150a9d01957SAmir Goldstein if (res < 0) 151a9d01957SAmir Goldstein goto fail; 152a9d01957SAmir Goldstein 1532e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, res); 1542e1a5328SAmir Goldstein if (err < 0) { 1552e1a5328SAmir Goldstein if (err == -ENODATA) 156a9d01957SAmir Goldstein goto out; 1572e1a5328SAmir Goldstein goto invalid; 1582e1a5328SAmir Goldstein } 159a9d01957SAmir Goldstein 1608b88a2e6SAmir Goldstein return fh; 1618b88a2e6SAmir Goldstein 1628b88a2e6SAmir Goldstein out: 1638b88a2e6SAmir Goldstein kfree(fh); 1648b88a2e6SAmir Goldstein return NULL; 1658b88a2e6SAmir Goldstein 1668b88a2e6SAmir Goldstein fail: 1678b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); 1688b88a2e6SAmir Goldstein goto out; 1698b88a2e6SAmir Goldstein invalid: 1708b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); 1718b88a2e6SAmir Goldstein goto out; 1728b88a2e6SAmir Goldstein } 1738b88a2e6SAmir Goldstein 1748556a420SAmir Goldstein struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt) 1758b88a2e6SAmir Goldstein { 176e8f9e5b7SAmir Goldstein struct dentry *real; 1778b88a2e6SAmir Goldstein int bytes; 1788b88a2e6SAmir Goldstein 179a9d01957SAmir Goldstein /* 180a9d01957SAmir Goldstein * Make sure that the stored uuid matches the uuid of the lower 181a9d01957SAmir Goldstein * layer where file handle will be decoded. 182a9d01957SAmir Goldstein */ 18385787090SChristoph Hellwig if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) 1842e1a5328SAmir Goldstein return NULL; 185a9d01957SAmir Goldstein 1868b88a2e6SAmir Goldstein bytes = (fh->len - offsetof(struct ovl_fh, fid)); 187e8f9e5b7SAmir Goldstein real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, 188a9d01957SAmir Goldstein bytes >> 2, (int)fh->type, 189e8f9e5b7SAmir Goldstein ovl_acceptable, mnt); 190e8f9e5b7SAmir Goldstein if (IS_ERR(real)) { 191e8f9e5b7SAmir Goldstein /* 192e8f9e5b7SAmir Goldstein * Treat stale file handle to lower file as "origin unknown". 193e8f9e5b7SAmir Goldstein * upper file handle could become stale when upper file is 194e8f9e5b7SAmir Goldstein * unlinked and this information is needed to handle stale 195e8f9e5b7SAmir Goldstein * index entries correctly. 196e8f9e5b7SAmir Goldstein */ 197e8f9e5b7SAmir Goldstein if (real == ERR_PTR(-ESTALE) && 198e8f9e5b7SAmir Goldstein !(fh->flags & OVL_FH_FLAG_PATH_UPPER)) 199e8f9e5b7SAmir Goldstein real = NULL; 200e8f9e5b7SAmir Goldstein return real; 201a9d01957SAmir Goldstein } 202a9d01957SAmir Goldstein 203e8f9e5b7SAmir Goldstein if (ovl_dentry_weird(real)) { 204e8f9e5b7SAmir Goldstein dput(real); 2052e1a5328SAmir Goldstein return NULL; 2062e1a5328SAmir Goldstein } 2072e1a5328SAmir Goldstein 208e8f9e5b7SAmir Goldstein return real; 209a9d01957SAmir Goldstein } 210a9d01957SAmir Goldstein 211ee1d6d37SAmir Goldstein static bool ovl_is_opaquedir(struct dentry *dentry) 212ee1d6d37SAmir Goldstein { 213ee1d6d37SAmir Goldstein return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE); 214ee1d6d37SAmir Goldstein } 215ee1d6d37SAmir Goldstein 216e28edc46SMiklos Szeredi static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 217e28edc46SMiklos Szeredi const char *name, unsigned int namelen, 21802b69b28SMiklos Szeredi size_t prelen, const char *post, 219e28edc46SMiklos Szeredi struct dentry **ret) 220e28edc46SMiklos Szeredi { 221e28edc46SMiklos Szeredi struct dentry *this; 222e28edc46SMiklos Szeredi int err; 223e28edc46SMiklos Szeredi 224e28edc46SMiklos Szeredi this = lookup_one_len_unlocked(name, base, namelen); 225e28edc46SMiklos Szeredi if (IS_ERR(this)) { 226e28edc46SMiklos Szeredi err = PTR_ERR(this); 227e28edc46SMiklos Szeredi this = NULL; 228e28edc46SMiklos Szeredi if (err == -ENOENT || err == -ENAMETOOLONG) 229e28edc46SMiklos Szeredi goto out; 230e28edc46SMiklos Szeredi goto out_err; 231e28edc46SMiklos Szeredi } 232e28edc46SMiklos Szeredi if (!this->d_inode) 233e28edc46SMiklos Szeredi goto put_and_out; 234e28edc46SMiklos Szeredi 235e28edc46SMiklos Szeredi if (ovl_dentry_weird(this)) { 236e28edc46SMiklos Szeredi /* Don't support traversing automounts and other weirdness */ 237e28edc46SMiklos Szeredi err = -EREMOTE; 238e28edc46SMiklos Szeredi goto out_err; 239e28edc46SMiklos Szeredi } 240e28edc46SMiklos Szeredi if (ovl_is_whiteout(this)) { 241e28edc46SMiklos Szeredi d->stop = d->opaque = true; 242e28edc46SMiklos Szeredi goto put_and_out; 243e28edc46SMiklos Szeredi } 244e28edc46SMiklos Szeredi if (!d_can_lookup(this)) { 245e28edc46SMiklos Szeredi d->stop = true; 246e28edc46SMiklos Szeredi if (d->is_dir) 247e28edc46SMiklos Szeredi goto put_and_out; 248e28edc46SMiklos Szeredi goto out; 249e28edc46SMiklos Szeredi } 250e28edc46SMiklos Szeredi d->is_dir = true; 251e28edc46SMiklos Szeredi if (!d->last && ovl_is_opaquedir(this)) { 252e28edc46SMiklos Szeredi d->stop = d->opaque = true; 253e28edc46SMiklos Szeredi goto out; 254e28edc46SMiklos Szeredi } 25502b69b28SMiklos Szeredi err = ovl_check_redirect(this, d, prelen, post); 25602b69b28SMiklos Szeredi if (err) 25702b69b28SMiklos Szeredi goto out_err; 258e28edc46SMiklos Szeredi out: 259e28edc46SMiklos Szeredi *ret = this; 260e28edc46SMiklos Szeredi return 0; 261e28edc46SMiklos Szeredi 262e28edc46SMiklos Szeredi put_and_out: 263e28edc46SMiklos Szeredi dput(this); 264e28edc46SMiklos Szeredi this = NULL; 265e28edc46SMiklos Szeredi goto out; 266e28edc46SMiklos Szeredi 267e28edc46SMiklos Szeredi out_err: 268e28edc46SMiklos Szeredi dput(this); 269e28edc46SMiklos Szeredi return err; 270e28edc46SMiklos Szeredi } 271e28edc46SMiklos Szeredi 272e28edc46SMiklos Szeredi static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 273e28edc46SMiklos Szeredi struct dentry **ret) 274e28edc46SMiklos Szeredi { 2754c7d0c9cSAmir Goldstein /* Counting down from the end, since the prefix can change */ 2764c7d0c9cSAmir Goldstein size_t rem = d->name.len - 1; 27702b69b28SMiklos Szeredi struct dentry *dentry = NULL; 27802b69b28SMiklos Szeredi int err; 27902b69b28SMiklos Szeredi 2804c7d0c9cSAmir Goldstein if (d->name.name[0] != '/') 28102b69b28SMiklos Szeredi return ovl_lookup_single(base, d, d->name.name, d->name.len, 28202b69b28SMiklos Szeredi 0, "", ret); 28302b69b28SMiklos Szeredi 2844c7d0c9cSAmir Goldstein while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 2854c7d0c9cSAmir Goldstein const char *s = d->name.name + d->name.len - rem; 28602b69b28SMiklos Szeredi const char *next = strchrnul(s, '/'); 2874c7d0c9cSAmir Goldstein size_t thislen = next - s; 2884c7d0c9cSAmir Goldstein bool end = !next[0]; 28902b69b28SMiklos Szeredi 2904c7d0c9cSAmir Goldstein /* Verify we did not go off the rails */ 2914c7d0c9cSAmir Goldstein if (WARN_ON(s[-1] != '/')) 29202b69b28SMiklos Szeredi return -EIO; 29302b69b28SMiklos Szeredi 2944c7d0c9cSAmir Goldstein err = ovl_lookup_single(base, d, s, thislen, 2954c7d0c9cSAmir Goldstein d->name.len - rem, next, &base); 29602b69b28SMiklos Szeredi dput(dentry); 29702b69b28SMiklos Szeredi if (err) 29802b69b28SMiklos Szeredi return err; 29902b69b28SMiklos Szeredi dentry = base; 3004c7d0c9cSAmir Goldstein if (end) 3014c7d0c9cSAmir Goldstein break; 3024c7d0c9cSAmir Goldstein 3034c7d0c9cSAmir Goldstein rem -= thislen + 1; 3044c7d0c9cSAmir Goldstein 3054c7d0c9cSAmir Goldstein if (WARN_ON(rem >= d->name.len)) 3064c7d0c9cSAmir Goldstein return -EIO; 30702b69b28SMiklos Szeredi } 30802b69b28SMiklos Szeredi *ret = dentry; 30902b69b28SMiklos Szeredi return 0; 310e28edc46SMiklos Szeredi } 311e28edc46SMiklos Szeredi 312a9d01957SAmir Goldstein 313f941866fSAmir Goldstein int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, 314f941866fSAmir Goldstein struct dentry *upperdentry, struct ovl_path **stackp) 315a9d01957SAmir Goldstein { 316f7d3dacaSAmir Goldstein struct dentry *origin = NULL; 317f7d3dacaSAmir Goldstein int i; 318a9d01957SAmir Goldstein 3191eff1a1dSAmir Goldstein for (i = 0; i < ofs->numlower; i++) { 3201eff1a1dSAmir Goldstein origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt); 321f7d3dacaSAmir Goldstein if (origin) 322f7d3dacaSAmir Goldstein break; 323f7d3dacaSAmir Goldstein } 324f7d3dacaSAmir Goldstein 325f7d3dacaSAmir Goldstein if (!origin) 3262e1a5328SAmir Goldstein return -ESTALE; 3272e1a5328SAmir Goldstein else if (IS_ERR(origin)) 3282e1a5328SAmir Goldstein return PTR_ERR(origin); 329f7d3dacaSAmir Goldstein 330f941866fSAmir Goldstein if (upperdentry && !ovl_is_whiteout(upperdentry) && 3312e1a5328SAmir Goldstein ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT)) 3322e1a5328SAmir Goldstein goto invalid; 3332e1a5328SAmir Goldstein 334415543d5SAmir Goldstein if (!*stackp) 335b9343632SChandan Rajendra *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL); 336a9d01957SAmir Goldstein if (!*stackp) { 337a9d01957SAmir Goldstein dput(origin); 338a9d01957SAmir Goldstein return -ENOMEM; 339a9d01957SAmir Goldstein } 3401eff1a1dSAmir Goldstein **stackp = (struct ovl_path){ 3411eff1a1dSAmir Goldstein .dentry = origin, 3421eff1a1dSAmir Goldstein .layer = &ofs->lower_layers[i] 3431eff1a1dSAmir Goldstein }; 344a9d01957SAmir Goldstein 345a9d01957SAmir Goldstein return 0; 3462e1a5328SAmir Goldstein 3472e1a5328SAmir Goldstein invalid: 3482e1a5328SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n", 3492e1a5328SAmir Goldstein upperdentry, d_inode(upperdentry)->i_mode & S_IFMT, 3502e1a5328SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 3512e1a5328SAmir Goldstein dput(origin); 3522e1a5328SAmir Goldstein return -EIO; 3532e1a5328SAmir Goldstein } 3542e1a5328SAmir Goldstein 3551eff1a1dSAmir Goldstein static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry, 3562e1a5328SAmir Goldstein struct ovl_path **stackp, unsigned int *ctrp) 3572e1a5328SAmir Goldstein { 35805122443SAmir Goldstein struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN); 3592e1a5328SAmir Goldstein int err; 3602e1a5328SAmir Goldstein 3612e1a5328SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 3622e1a5328SAmir Goldstein return PTR_ERR(fh); 3632e1a5328SAmir Goldstein 3641eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp); 3652e1a5328SAmir Goldstein kfree(fh); 3662e1a5328SAmir Goldstein 3672e1a5328SAmir Goldstein if (err) { 3682e1a5328SAmir Goldstein if (err == -ESTALE) 3692e1a5328SAmir Goldstein return 0; 3702e1a5328SAmir Goldstein return err; 3712e1a5328SAmir Goldstein } 3722e1a5328SAmir Goldstein 3732e1a5328SAmir Goldstein if (WARN_ON(*ctrp)) 3742e1a5328SAmir Goldstein return -EIO; 3752e1a5328SAmir Goldstein 3762e1a5328SAmir Goldstein *ctrp = 1; 3772e1a5328SAmir Goldstein return 0; 378a9d01957SAmir Goldstein } 379a9d01957SAmir Goldstein 380bbb1e54dSMiklos Szeredi /* 38105122443SAmir Goldstein * Verify that @fh matches the file handle stored in xattr @name. 3828b88a2e6SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, < 0 on error. 3838b88a2e6SAmir Goldstein */ 38405122443SAmir Goldstein static int ovl_verify_fh(struct dentry *dentry, const char *name, 38505122443SAmir Goldstein const struct ovl_fh *fh) 3868b88a2e6SAmir Goldstein { 38705122443SAmir Goldstein struct ovl_fh *ofh = ovl_get_fh(dentry, name); 3888b88a2e6SAmir Goldstein int err = 0; 3898b88a2e6SAmir Goldstein 3908b88a2e6SAmir Goldstein if (!ofh) 3918b88a2e6SAmir Goldstein return -ENODATA; 3928b88a2e6SAmir Goldstein 3938b88a2e6SAmir Goldstein if (IS_ERR(ofh)) 3948b88a2e6SAmir Goldstein return PTR_ERR(ofh); 3958b88a2e6SAmir Goldstein 3968b88a2e6SAmir Goldstein if (fh->len != ofh->len || memcmp(fh, ofh, fh->len)) 3978b88a2e6SAmir Goldstein err = -ESTALE; 3988b88a2e6SAmir Goldstein 3998b88a2e6SAmir Goldstein kfree(ofh); 4008b88a2e6SAmir Goldstein return err; 4018b88a2e6SAmir Goldstein } 4028b88a2e6SAmir Goldstein 4038b88a2e6SAmir Goldstein /* 40405122443SAmir Goldstein * Verify that @real dentry matches the file handle stored in xattr @name. 4058b88a2e6SAmir Goldstein * 40605122443SAmir Goldstein * If @set is true and there is no stored file handle, encode @real and store 40705122443SAmir Goldstein * file handle in xattr @name. 4088b88a2e6SAmir Goldstein * 40905122443SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error. 4108b88a2e6SAmir Goldstein */ 41105122443SAmir Goldstein int ovl_verify_set_fh(struct dentry *dentry, const char *name, 41205122443SAmir Goldstein struct dentry *real, bool is_upper, bool set) 4138b88a2e6SAmir Goldstein { 4148b88a2e6SAmir Goldstein struct inode *inode; 4158b88a2e6SAmir Goldstein struct ovl_fh *fh; 4168b88a2e6SAmir Goldstein int err; 4178b88a2e6SAmir Goldstein 41805122443SAmir Goldstein fh = ovl_encode_fh(real, is_upper); 4198b88a2e6SAmir Goldstein err = PTR_ERR(fh); 4208b88a2e6SAmir Goldstein if (IS_ERR(fh)) 4218b88a2e6SAmir Goldstein goto fail; 4228b88a2e6SAmir Goldstein 42305122443SAmir Goldstein err = ovl_verify_fh(dentry, name, fh); 4248b88a2e6SAmir Goldstein if (set && err == -ENODATA) 42505122443SAmir Goldstein err = ovl_do_setxattr(dentry, name, fh, fh->len, 0); 4268b88a2e6SAmir Goldstein if (err) 4278b88a2e6SAmir Goldstein goto fail; 4288b88a2e6SAmir Goldstein 4298b88a2e6SAmir Goldstein out: 4308b88a2e6SAmir Goldstein kfree(fh); 4318b88a2e6SAmir Goldstein return err; 4328b88a2e6SAmir Goldstein 4338b88a2e6SAmir Goldstein fail: 43405122443SAmir Goldstein inode = d_inode(real); 43505122443SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n", 43605122443SAmir Goldstein is_upper ? "upper" : "origin", real, 43705122443SAmir Goldstein inode ? inode->i_ino : 0, err); 4388b88a2e6SAmir Goldstein goto out; 4398b88a2e6SAmir Goldstein } 4408b88a2e6SAmir Goldstein 441e8f9e5b7SAmir Goldstein /* Get upper dentry from index */ 4423b0bfc6eSAmir Goldstein struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index) 443e8f9e5b7SAmir Goldstein { 444e8f9e5b7SAmir Goldstein struct ovl_fh *fh; 445e8f9e5b7SAmir Goldstein struct dentry *upper; 446e8f9e5b7SAmir Goldstein 447e8f9e5b7SAmir Goldstein if (!d_is_dir(index)) 448e8f9e5b7SAmir Goldstein return dget(index); 449e8f9e5b7SAmir Goldstein 450e8f9e5b7SAmir Goldstein fh = ovl_get_fh(index, OVL_XATTR_UPPER); 451e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 452e8f9e5b7SAmir Goldstein return ERR_CAST(fh); 453e8f9e5b7SAmir Goldstein 454e8f9e5b7SAmir Goldstein upper = ovl_decode_fh(fh, ofs->upper_mnt); 455e8f9e5b7SAmir Goldstein kfree(fh); 456e8f9e5b7SAmir Goldstein 457e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) 458e8f9e5b7SAmir Goldstein return upper ?: ERR_PTR(-ESTALE); 459e8f9e5b7SAmir Goldstein 460e8f9e5b7SAmir Goldstein if (!d_is_dir(upper)) { 461e8f9e5b7SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n", 462e8f9e5b7SAmir Goldstein index, upper); 463e8f9e5b7SAmir Goldstein dput(upper); 464e8f9e5b7SAmir Goldstein return ERR_PTR(-EIO); 465e8f9e5b7SAmir Goldstein } 466e8f9e5b7SAmir Goldstein 467e8f9e5b7SAmir Goldstein return upper; 468e8f9e5b7SAmir Goldstein } 469e8f9e5b7SAmir Goldstein 4709ee60ce2SAmir Goldstein /* Is this a leftover from create/whiteout of directory index entry? */ 4719ee60ce2SAmir Goldstein static bool ovl_is_temp_index(struct dentry *index) 4729ee60ce2SAmir Goldstein { 4739ee60ce2SAmir Goldstein return index->d_name.name[0] == '#'; 4749ee60ce2SAmir Goldstein } 4759ee60ce2SAmir Goldstein 4768b88a2e6SAmir Goldstein /* 477415543d5SAmir Goldstein * Verify that an index entry name matches the origin file handle stored in 478415543d5SAmir Goldstein * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path. 479415543d5SAmir Goldstein * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error. 480415543d5SAmir Goldstein */ 4811eff1a1dSAmir Goldstein int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index) 482415543d5SAmir Goldstein { 483415543d5SAmir Goldstein struct ovl_fh *fh = NULL; 484415543d5SAmir Goldstein size_t len; 485b9343632SChandan Rajendra struct ovl_path origin = { }; 486b9343632SChandan Rajendra struct ovl_path *stack = &origin; 487e8f9e5b7SAmir Goldstein struct dentry *upper = NULL; 488415543d5SAmir Goldstein int err; 489415543d5SAmir Goldstein 490415543d5SAmir Goldstein if (!d_inode(index)) 491415543d5SAmir Goldstein return 0; 492415543d5SAmir Goldstein 4939ee60ce2SAmir Goldstein /* Cleanup leftover from index create/cleanup attempt */ 4949ee60ce2SAmir Goldstein err = -ESTALE; 4959ee60ce2SAmir Goldstein if (ovl_is_temp_index(index)) 4969ee60ce2SAmir Goldstein goto fail; 4979ee60ce2SAmir Goldstein 498fa0096e3SAmir Goldstein err = -EINVAL; 499415543d5SAmir Goldstein if (index->d_name.len < sizeof(struct ovl_fh)*2) 500415543d5SAmir Goldstein goto fail; 501415543d5SAmir Goldstein 502415543d5SAmir Goldstein err = -ENOMEM; 503415543d5SAmir Goldstein len = index->d_name.len / 2; 5040ee931c4SMichal Hocko fh = kzalloc(len, GFP_KERNEL); 505415543d5SAmir Goldstein if (!fh) 506415543d5SAmir Goldstein goto fail; 507415543d5SAmir Goldstein 508415543d5SAmir Goldstein err = -EINVAL; 5092e1a5328SAmir Goldstein if (hex2bin((u8 *)fh, index->d_name.name, len)) 5102e1a5328SAmir Goldstein goto fail; 5112e1a5328SAmir Goldstein 5122e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, len); 5132e1a5328SAmir Goldstein if (err) 514415543d5SAmir Goldstein goto fail; 515415543d5SAmir Goldstein 5167db25d36SAmir Goldstein /* 5177db25d36SAmir Goldstein * Whiteout index entries are used as an indication that an exported 5187db25d36SAmir Goldstein * overlay file handle should be treated as stale (i.e. after unlink 5197db25d36SAmir Goldstein * of the overlay inode). These entries contain no origin xattr. 5207db25d36SAmir Goldstein */ 5217db25d36SAmir Goldstein if (ovl_is_whiteout(index)) 5227db25d36SAmir Goldstein goto out; 5237db25d36SAmir Goldstein 524e8f9e5b7SAmir Goldstein /* 525e8f9e5b7SAmir Goldstein * Verifying directory index entries are not stale is expensive, so 526e8f9e5b7SAmir Goldstein * only verify stale dir index if NFS export is enabled. 527e8f9e5b7SAmir Goldstein */ 528e8f9e5b7SAmir Goldstein if (d_is_dir(index) && !ofs->config.nfs_export) 529e8f9e5b7SAmir Goldstein goto out; 530e8f9e5b7SAmir Goldstein 531e8f9e5b7SAmir Goldstein /* 532e8f9e5b7SAmir Goldstein * Directory index entries should have 'upper' xattr pointing to the 533e8f9e5b7SAmir Goldstein * real upper dir. Non-dir index entries are hardlinks to the upper 534e8f9e5b7SAmir Goldstein * real inode. For non-dir index, we can read the copy up origin xattr 535e8f9e5b7SAmir Goldstein * directly from the index dentry, but for dir index we first need to 536e8f9e5b7SAmir Goldstein * decode the upper directory. 537e8f9e5b7SAmir Goldstein */ 538e8f9e5b7SAmir Goldstein upper = ovl_index_upper(ofs, index); 539e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) { 540e8f9e5b7SAmir Goldstein err = PTR_ERR(upper); 54124f0b172SAmir Goldstein /* 54224f0b172SAmir Goldstein * Directory index entries with no 'upper' xattr need to be 54324f0b172SAmir Goldstein * removed. When dir index entry has a stale 'upper' xattr, 54424f0b172SAmir Goldstein * we assume that upper dir was removed and we treat the dir 54524f0b172SAmir Goldstein * index as orphan entry that needs to be whited out. 54624f0b172SAmir Goldstein */ 54724f0b172SAmir Goldstein if (err == -ESTALE) 54824f0b172SAmir Goldstein goto orphan; 54924f0b172SAmir Goldstein else if (!err) 550e8f9e5b7SAmir Goldstein err = -ESTALE; 551e8f9e5b7SAmir Goldstein goto fail; 552e8f9e5b7SAmir Goldstein } 553e8f9e5b7SAmir Goldstein 554e8f9e5b7SAmir Goldstein err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh); 555e8f9e5b7SAmir Goldstein dput(upper); 556415543d5SAmir Goldstein if (err) 557415543d5SAmir Goldstein goto fail; 558415543d5SAmir Goldstein 559e8f9e5b7SAmir Goldstein /* Check if non-dir index is orphan and don't warn before cleaning it */ 560e8f9e5b7SAmir Goldstein if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) { 5611eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, index, &stack); 562415543d5SAmir Goldstein if (err) 563415543d5SAmir Goldstein goto fail; 564415543d5SAmir Goldstein 565e8f9e5b7SAmir Goldstein if (ovl_get_nlink(origin.dentry, index, 0) == 0) 56624f0b172SAmir Goldstein goto orphan; 567e8f9e5b7SAmir Goldstein } 568caf70cb2SAmir Goldstein 569415543d5SAmir Goldstein out: 570e8f9e5b7SAmir Goldstein dput(origin.dentry); 571415543d5SAmir Goldstein kfree(fh); 572415543d5SAmir Goldstein return err; 573415543d5SAmir Goldstein 574415543d5SAmir Goldstein fail: 57561b67471SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n", 57661b67471SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, err); 577415543d5SAmir Goldstein goto out; 57824f0b172SAmir Goldstein 57924f0b172SAmir Goldstein orphan: 58024f0b172SAmir Goldstein pr_warn_ratelimited("overlayfs: orphan index entry (%pd2, ftype=%x, nlink=%u)\n", 58124f0b172SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 58224f0b172SAmir Goldstein d_inode(index)->i_nlink); 58324f0b172SAmir Goldstein err = -ENOENT; 58424f0b172SAmir Goldstein goto out; 585415543d5SAmir Goldstein } 586415543d5SAmir Goldstein 58791ffe7beSAmir Goldstein static int ovl_get_index_name_fh(struct ovl_fh *fh, struct qstr *name) 58891ffe7beSAmir Goldstein { 58991ffe7beSAmir Goldstein char *n, *s; 59091ffe7beSAmir Goldstein 59191ffe7beSAmir Goldstein n = kzalloc(fh->len * 2, GFP_KERNEL); 59291ffe7beSAmir Goldstein if (!n) 59391ffe7beSAmir Goldstein return -ENOMEM; 59491ffe7beSAmir Goldstein 59591ffe7beSAmir Goldstein s = bin2hex(n, fh, fh->len); 59691ffe7beSAmir Goldstein *name = (struct qstr) QSTR_INIT(n, s - n); 59791ffe7beSAmir Goldstein 59891ffe7beSAmir Goldstein return 0; 59991ffe7beSAmir Goldstein 60091ffe7beSAmir Goldstein } 60191ffe7beSAmir Goldstein 602415543d5SAmir Goldstein /* 603359f392cSAmir Goldstein * Lookup in indexdir for the index entry of a lower real inode or a copy up 604359f392cSAmir Goldstein * origin inode. The index entry name is the hex representation of the lower 605359f392cSAmir Goldstein * inode file handle. 606359f392cSAmir Goldstein * 607359f392cSAmir Goldstein * If the index dentry in negative, then either no lower aliases have been 608359f392cSAmir Goldstein * copied up yet, or aliases have been copied up in older kernels and are 609359f392cSAmir Goldstein * not indexed. 610359f392cSAmir Goldstein * 611359f392cSAmir Goldstein * If the index dentry for a copy up origin inode is positive, but points 612359f392cSAmir Goldstein * to an inode different than the upper inode, then either the upper inode 613359f392cSAmir Goldstein * has been copied up and not indexed or it was indexed, but since then 614359f392cSAmir Goldstein * index dir was cleared. Either way, that index cannot be used to indentify 615359f392cSAmir Goldstein * the overlay inode. 616359f392cSAmir Goldstein */ 617359f392cSAmir Goldstein int ovl_get_index_name(struct dentry *origin, struct qstr *name) 618359f392cSAmir Goldstein { 619359f392cSAmir Goldstein struct ovl_fh *fh; 62091ffe7beSAmir Goldstein int err; 621359f392cSAmir Goldstein 622359f392cSAmir Goldstein fh = ovl_encode_fh(origin, false); 623359f392cSAmir Goldstein if (IS_ERR(fh)) 624359f392cSAmir Goldstein return PTR_ERR(fh); 625359f392cSAmir Goldstein 62691ffe7beSAmir Goldstein err = ovl_get_index_name_fh(fh, name); 62791ffe7beSAmir Goldstein 628359f392cSAmir Goldstein kfree(fh); 629359f392cSAmir Goldstein return err; 63091ffe7beSAmir Goldstein } 631359f392cSAmir Goldstein 63291ffe7beSAmir Goldstein /* Lookup index by file handle for NFS export */ 63391ffe7beSAmir Goldstein struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh) 63491ffe7beSAmir Goldstein { 63591ffe7beSAmir Goldstein struct dentry *index; 63691ffe7beSAmir Goldstein struct qstr name; 63791ffe7beSAmir Goldstein int err; 63891ffe7beSAmir Goldstein 63991ffe7beSAmir Goldstein err = ovl_get_index_name_fh(fh, &name); 64091ffe7beSAmir Goldstein if (err) 64191ffe7beSAmir Goldstein return ERR_PTR(err); 64291ffe7beSAmir Goldstein 64391ffe7beSAmir Goldstein index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); 64491ffe7beSAmir Goldstein kfree(name.name); 64591ffe7beSAmir Goldstein if (IS_ERR(index)) { 64691ffe7beSAmir Goldstein if (PTR_ERR(index) == -ENOENT) 64791ffe7beSAmir Goldstein index = NULL; 64891ffe7beSAmir Goldstein return index; 64991ffe7beSAmir Goldstein } 65091ffe7beSAmir Goldstein 65191ffe7beSAmir Goldstein if (d_is_negative(index)) 65291ffe7beSAmir Goldstein err = 0; 65391ffe7beSAmir Goldstein else if (ovl_is_whiteout(index)) 65491ffe7beSAmir Goldstein err = -ESTALE; 65591ffe7beSAmir Goldstein else if (ovl_dentry_weird(index)) 65691ffe7beSAmir Goldstein err = -EIO; 65791ffe7beSAmir Goldstein else 65891ffe7beSAmir Goldstein return index; 65991ffe7beSAmir Goldstein 66091ffe7beSAmir Goldstein dput(index); 66191ffe7beSAmir Goldstein return ERR_PTR(err); 662359f392cSAmir Goldstein } 663359f392cSAmir Goldstein 66406170154SAmir Goldstein struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper, 66506170154SAmir Goldstein struct dentry *origin, bool verify) 666359f392cSAmir Goldstein { 667359f392cSAmir Goldstein struct dentry *index; 668359f392cSAmir Goldstein struct inode *inode; 669359f392cSAmir Goldstein struct qstr name; 670ad1d615cSAmir Goldstein bool is_dir = d_is_dir(origin); 671359f392cSAmir Goldstein int err; 672359f392cSAmir Goldstein 673359f392cSAmir Goldstein err = ovl_get_index_name(origin, &name); 674359f392cSAmir Goldstein if (err) 675359f392cSAmir Goldstein return ERR_PTR(err); 676359f392cSAmir Goldstein 677359f392cSAmir Goldstein index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); 678359f392cSAmir Goldstein if (IS_ERR(index)) { 679e0082a0fSAmir Goldstein err = PTR_ERR(index); 6807937a56fSAmir Goldstein if (err == -ENOENT) { 6817937a56fSAmir Goldstein index = NULL; 6827937a56fSAmir Goldstein goto out; 6837937a56fSAmir Goldstein } 684359f392cSAmir Goldstein pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n" 685359f392cSAmir Goldstein "overlayfs: mount with '-o index=off' to disable inodes index.\n", 686359f392cSAmir Goldstein d_inode(origin)->i_ino, name.len, name.name, 687359f392cSAmir Goldstein err); 688359f392cSAmir Goldstein goto out; 689359f392cSAmir Goldstein } 690359f392cSAmir Goldstein 6910e082555SAmir Goldstein inode = d_inode(index); 692359f392cSAmir Goldstein if (d_is_negative(index)) { 6936eaf0111SAmir Goldstein goto out_dput; 69406170154SAmir Goldstein } else if (ovl_is_whiteout(index) && !verify) { 69506170154SAmir Goldstein /* 69606170154SAmir Goldstein * When index lookup is called with !verify for decoding an 69706170154SAmir Goldstein * overlay file handle, a whiteout index implies that decode 69806170154SAmir Goldstein * should treat file handle as stale and no need to print a 69906170154SAmir Goldstein * warning about it. 70006170154SAmir Goldstein */ 70106170154SAmir Goldstein dput(index); 70206170154SAmir Goldstein index = ERR_PTR(-ESTALE); 70306170154SAmir Goldstein goto out; 7040e082555SAmir Goldstein } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || 7050e082555SAmir Goldstein ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) { 7060e082555SAmir Goldstein /* 7070e082555SAmir Goldstein * Index should always be of the same file type as origin 7080e082555SAmir Goldstein * except for the case of a whiteout index. A whiteout 7090e082555SAmir Goldstein * index should only exist if all lower aliases have been 7100e082555SAmir Goldstein * unlinked, which means that finding a lower origin on lookup 7110e082555SAmir Goldstein * whose index is a whiteout should be treated as an error. 7120e082555SAmir Goldstein */ 7130e082555SAmir Goldstein pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n", 7140e082555SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 7150e082555SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 716359f392cSAmir Goldstein goto fail; 71706170154SAmir Goldstein } else if (is_dir && verify) { 718ad1d615cSAmir Goldstein if (!upper) { 719ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n", 720ad1d615cSAmir Goldstein origin, index); 721ad1d615cSAmir Goldstein goto fail; 722359f392cSAmir Goldstein } 723359f392cSAmir Goldstein 724ad1d615cSAmir Goldstein /* Verify that dir index 'upper' xattr points to upper dir */ 725ad1d615cSAmir Goldstein err = ovl_verify_upper(index, upper, false); 726ad1d615cSAmir Goldstein if (err) { 727ad1d615cSAmir Goldstein if (err == -ESTALE) { 728ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n", 729ad1d615cSAmir Goldstein upper, origin, index); 730ad1d615cSAmir Goldstein } 731ad1d615cSAmir Goldstein goto fail; 732ad1d615cSAmir Goldstein } 733ad1d615cSAmir Goldstein } else if (upper && d_inode(upper) != inode) { 734ad1d615cSAmir Goldstein goto out_dput; 735ad1d615cSAmir Goldstein } 736359f392cSAmir Goldstein out: 737359f392cSAmir Goldstein kfree(name.name); 738359f392cSAmir Goldstein return index; 739359f392cSAmir Goldstein 7406eaf0111SAmir Goldstein out_dput: 7416eaf0111SAmir Goldstein dput(index); 7426eaf0111SAmir Goldstein index = NULL; 7436eaf0111SAmir Goldstein goto out; 7446eaf0111SAmir Goldstein 745359f392cSAmir Goldstein fail: 746359f392cSAmir Goldstein dput(index); 747359f392cSAmir Goldstein index = ERR_PTR(-EIO); 748359f392cSAmir Goldstein goto out; 749359f392cSAmir Goldstein } 750359f392cSAmir Goldstein 751359f392cSAmir Goldstein /* 752bbb1e54dSMiklos Szeredi * Returns next layer in stack starting from top. 753bbb1e54dSMiklos Szeredi * Returns -1 if this is the last layer. 754bbb1e54dSMiklos Szeredi */ 755bbb1e54dSMiklos Szeredi int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 756bbb1e54dSMiklos Szeredi { 757bbb1e54dSMiklos Szeredi struct ovl_entry *oe = dentry->d_fsdata; 758bbb1e54dSMiklos Szeredi 759bbb1e54dSMiklos Szeredi BUG_ON(idx < 0); 760bbb1e54dSMiklos Szeredi if (idx == 0) { 761bbb1e54dSMiklos Szeredi ovl_path_upper(dentry, path); 762bbb1e54dSMiklos Szeredi if (path->dentry) 763bbb1e54dSMiklos Szeredi return oe->numlower ? 1 : -1; 764bbb1e54dSMiklos Szeredi idx++; 765bbb1e54dSMiklos Szeredi } 766bbb1e54dSMiklos Szeredi BUG_ON(idx > oe->numlower); 767b9343632SChandan Rajendra path->dentry = oe->lowerstack[idx - 1].dentry; 768b9343632SChandan Rajendra path->mnt = oe->lowerstack[idx - 1].layer->mnt; 769bbb1e54dSMiklos Szeredi 770bbb1e54dSMiklos Szeredi return (idx < oe->numlower) ? idx + 1 : -1; 771bbb1e54dSMiklos Szeredi } 772bbb1e54dSMiklos Szeredi 7739678e630SAmir Goldstein /* Fix missing 'origin' xattr */ 7749678e630SAmir Goldstein static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower, 7759678e630SAmir Goldstein struct dentry *upper) 7769678e630SAmir Goldstein { 7779678e630SAmir Goldstein int err; 7789678e630SAmir Goldstein 7799678e630SAmir Goldstein if (ovl_check_origin_xattr(upper)) 7809678e630SAmir Goldstein return 0; 7819678e630SAmir Goldstein 7829678e630SAmir Goldstein err = ovl_want_write(dentry); 7839678e630SAmir Goldstein if (err) 7849678e630SAmir Goldstein return err; 7859678e630SAmir Goldstein 7869678e630SAmir Goldstein err = ovl_set_origin(dentry, lower, upper); 7879678e630SAmir Goldstein if (!err) 7889678e630SAmir Goldstein err = ovl_set_impure(dentry->d_parent, upper->d_parent); 7899678e630SAmir Goldstein 7909678e630SAmir Goldstein ovl_drop_write(dentry); 7919678e630SAmir Goldstein return err; 7929678e630SAmir Goldstein } 7939678e630SAmir Goldstein 794bbb1e54dSMiklos Szeredi struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 795bbb1e54dSMiklos Szeredi unsigned int flags) 796bbb1e54dSMiklos Szeredi { 797bbb1e54dSMiklos Szeredi struct ovl_entry *oe; 798bbb1e54dSMiklos Szeredi const struct cred *old_cred; 7996b2d5fe4SMiklos Szeredi struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 800bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 801c22205d0SAmir Goldstein struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 802b9343632SChandan Rajendra struct ovl_path *stack = NULL; 803bbb1e54dSMiklos Szeredi struct dentry *upperdir, *upperdentry = NULL; 804ad1d615cSAmir Goldstein struct dentry *origin = NULL; 805359f392cSAmir Goldstein struct dentry *index = NULL; 806bbb1e54dSMiklos Szeredi unsigned int ctr = 0; 807bbb1e54dSMiklos Szeredi struct inode *inode = NULL; 808bbb1e54dSMiklos Szeredi bool upperopaque = false; 80902b69b28SMiklos Szeredi char *upperredirect = NULL; 810bbb1e54dSMiklos Szeredi struct dentry *this; 811bbb1e54dSMiklos Szeredi unsigned int i; 812bbb1e54dSMiklos Szeredi int err; 813e28edc46SMiklos Szeredi struct ovl_lookup_data d = { 814e28edc46SMiklos Szeredi .name = dentry->d_name, 815e28edc46SMiklos Szeredi .is_dir = false, 816e28edc46SMiklos Szeredi .opaque = false, 817e28edc46SMiklos Szeredi .stop = false, 818e28edc46SMiklos Szeredi .last = !poe->numlower, 81902b69b28SMiklos Szeredi .redirect = NULL, 820e28edc46SMiklos Szeredi }; 821bbb1e54dSMiklos Szeredi 8226b2d5fe4SMiklos Szeredi if (dentry->d_name.len > ofs->namelen) 8236b2d5fe4SMiklos Szeredi return ERR_PTR(-ENAMETOOLONG); 8246b2d5fe4SMiklos Szeredi 825bbb1e54dSMiklos Szeredi old_cred = ovl_override_creds(dentry->d_sb); 82609d8b586SMiklos Szeredi upperdir = ovl_dentry_upper(dentry->d_parent); 827bbb1e54dSMiklos Szeredi if (upperdir) { 828e28edc46SMiklos Szeredi err = ovl_lookup_layer(upperdir, &d, &upperdentry); 829e28edc46SMiklos Szeredi if (err) 830bbb1e54dSMiklos Szeredi goto out; 831bbb1e54dSMiklos Szeredi 832e28edc46SMiklos Szeredi if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { 833e28edc46SMiklos Szeredi dput(upperdentry); 834bbb1e54dSMiklos Szeredi err = -EREMOTE; 835bbb1e54dSMiklos Szeredi goto out; 836bbb1e54dSMiklos Szeredi } 837a9d01957SAmir Goldstein if (upperdentry && !d.is_dir) { 838a9d01957SAmir Goldstein BUG_ON(!d.stop || d.redirect); 839f7d3dacaSAmir Goldstein /* 840f7d3dacaSAmir Goldstein * Lookup copy up origin by decoding origin file handle. 841f7d3dacaSAmir Goldstein * We may get a disconnected dentry, which is fine, 842f7d3dacaSAmir Goldstein * because we only need to hold the origin inode in 843f7d3dacaSAmir Goldstein * cache and use its inode number. We may even get a 844f7d3dacaSAmir Goldstein * connected dentry, that is not under any of the lower 845f7d3dacaSAmir Goldstein * layers root. That is also fine for using it's inode 846f7d3dacaSAmir Goldstein * number - it's the same as if we held a reference 847f7d3dacaSAmir Goldstein * to a dentry in lower layer that was moved under us. 848f7d3dacaSAmir Goldstein */ 8491eff1a1dSAmir Goldstein err = ovl_check_origin(ofs, upperdentry, &stack, &ctr); 850a9d01957SAmir Goldstein if (err) 8515455f92bSVivek Goyal goto out_put_upper; 852a9d01957SAmir Goldstein } 85302b69b28SMiklos Szeredi 85402b69b28SMiklos Szeredi if (d.redirect) { 8550ce5cdc9SDan Carpenter err = -ENOMEM; 85602b69b28SMiklos Szeredi upperredirect = kstrdup(d.redirect, GFP_KERNEL); 85702b69b28SMiklos Szeredi if (!upperredirect) 85802b69b28SMiklos Szeredi goto out_put_upper; 85902b69b28SMiklos Szeredi if (d.redirect[0] == '/') 860c22205d0SAmir Goldstein poe = roe; 86102b69b28SMiklos Szeredi } 862e28edc46SMiklos Szeredi upperopaque = d.opaque; 863bbb1e54dSMiklos Szeredi } 864bbb1e54dSMiklos Szeredi 865e28edc46SMiklos Szeredi if (!d.stop && poe->numlower) { 866bbb1e54dSMiklos Szeredi err = -ENOMEM; 867b9343632SChandan Rajendra stack = kcalloc(ofs->numlower, sizeof(struct ovl_path), 8680ee931c4SMichal Hocko GFP_KERNEL); 869bbb1e54dSMiklos Szeredi if (!stack) 870bbb1e54dSMiklos Szeredi goto out_put_upper; 871bbb1e54dSMiklos Szeredi } 872bbb1e54dSMiklos Szeredi 873e28edc46SMiklos Szeredi for (i = 0; !d.stop && i < poe->numlower; i++) { 874b9343632SChandan Rajendra struct ovl_path lower = poe->lowerstack[i]; 875bbb1e54dSMiklos Szeredi 876e28edc46SMiklos Szeredi d.last = i == poe->numlower - 1; 877b9343632SChandan Rajendra err = ovl_lookup_layer(lower.dentry, &d, &this); 878e28edc46SMiklos Szeredi if (err) 879bbb1e54dSMiklos Szeredi goto out_put; 8806b2d5fe4SMiklos Szeredi 881bbb1e54dSMiklos Szeredi if (!this) 882bbb1e54dSMiklos Szeredi continue; 883bbb1e54dSMiklos Szeredi 8849678e630SAmir Goldstein /* 8859678e630SAmir Goldstein * If no origin fh is stored in upper of a merge dir, store fh 8869678e630SAmir Goldstein * of lower dir and set upper parent "impure". 8879678e630SAmir Goldstein */ 8889678e630SAmir Goldstein if (upperdentry && !ctr && !ofs->noxattr) { 8899678e630SAmir Goldstein err = ovl_fix_origin(dentry, this, upperdentry); 8909678e630SAmir Goldstein if (err) { 8919678e630SAmir Goldstein dput(this); 8929678e630SAmir Goldstein goto out_put; 8939678e630SAmir Goldstein } 8949678e630SAmir Goldstein } 8959678e630SAmir Goldstein 89637b12916SAmir Goldstein /* 89737b12916SAmir Goldstein * When "verify_lower" feature is enabled, do not merge with a 898ad1d615cSAmir Goldstein * lower dir that does not match a stored origin xattr. In any 899ad1d615cSAmir Goldstein * case, only verified origin is used for index lookup. 90037b12916SAmir Goldstein */ 90137b12916SAmir Goldstein if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) { 90237b12916SAmir Goldstein err = ovl_verify_origin(upperdentry, this, false); 90337b12916SAmir Goldstein if (err) { 90437b12916SAmir Goldstein dput(this); 90537b12916SAmir Goldstein break; 90637b12916SAmir Goldstein } 907ad1d615cSAmir Goldstein 908ad1d615cSAmir Goldstein /* Bless lower dir as verified origin */ 909ad1d615cSAmir Goldstein origin = this; 91037b12916SAmir Goldstein } 91137b12916SAmir Goldstein 912bbb1e54dSMiklos Szeredi stack[ctr].dentry = this; 913b9343632SChandan Rajendra stack[ctr].layer = lower.layer; 914bbb1e54dSMiklos Szeredi ctr++; 91502b69b28SMiklos Szeredi 91602b69b28SMiklos Szeredi if (d.stop) 91702b69b28SMiklos Szeredi break; 91802b69b28SMiklos Szeredi 919438c84c2SMiklos Szeredi /* 920438c84c2SMiklos Szeredi * Following redirects can have security consequences: it's like 921438c84c2SMiklos Szeredi * a symlink into the lower layer without the permission checks. 922438c84c2SMiklos Szeredi * This is only a problem if the upper layer is untrusted (e.g 923438c84c2SMiklos Szeredi * comes from an USB drive). This can allow a non-readable file 924438c84c2SMiklos Szeredi * or directory to become readable. 925438c84c2SMiklos Szeredi * 926438c84c2SMiklos Szeredi * Only following redirects when redirects are enabled disables 927438c84c2SMiklos Szeredi * this attack vector when not necessary. 928438c84c2SMiklos Szeredi */ 929438c84c2SMiklos Szeredi err = -EPERM; 930438c84c2SMiklos Szeredi if (d.redirect && !ofs->config.redirect_follow) { 931f8167817SAmir Goldstein pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n", 932f8167817SAmir Goldstein dentry); 933438c84c2SMiklos Szeredi goto out_put; 934438c84c2SMiklos Szeredi } 935438c84c2SMiklos Szeredi 936c22205d0SAmir Goldstein if (d.redirect && d.redirect[0] == '/' && poe != roe) { 937c22205d0SAmir Goldstein poe = roe; 93802b69b28SMiklos Szeredi /* Find the current layer on the root dentry */ 939d583ed7dSAmir Goldstein i = lower.layer->idx - 1; 94002b69b28SMiklos Szeredi } 941bbb1e54dSMiklos Szeredi } 942bbb1e54dSMiklos Szeredi 943ad1d615cSAmir Goldstein /* 944ad1d615cSAmir Goldstein * Lookup index by lower inode and verify it matches upper inode. 945ad1d615cSAmir Goldstein * We only trust dir index if we verified that lower dir matches 946ad1d615cSAmir Goldstein * origin, otherwise dir index entries may be inconsistent and we 947ad1d615cSAmir Goldstein * ignore them. Always lookup index of non-dir and non-upper. 948ad1d615cSAmir Goldstein */ 949ad1d615cSAmir Goldstein if (ctr && (!upperdentry || !d.is_dir)) 950ad1d615cSAmir Goldstein origin = stack[0].dentry; 951359f392cSAmir Goldstein 952ad1d615cSAmir Goldstein if (origin && ovl_indexdir(dentry->d_sb) && 953ad1d615cSAmir Goldstein (!d.is_dir || ovl_index_all(dentry->d_sb))) { 95406170154SAmir Goldstein index = ovl_lookup_index(ofs, upperdentry, origin, true); 955359f392cSAmir Goldstein if (IS_ERR(index)) { 956359f392cSAmir Goldstein err = PTR_ERR(index); 957359f392cSAmir Goldstein index = NULL; 958359f392cSAmir Goldstein goto out_put; 959359f392cSAmir Goldstein } 960359f392cSAmir Goldstein } 961359f392cSAmir Goldstein 962bbb1e54dSMiklos Szeredi oe = ovl_alloc_entry(ctr); 963bbb1e54dSMiklos Szeredi err = -ENOMEM; 964bbb1e54dSMiklos Szeredi if (!oe) 965bbb1e54dSMiklos Szeredi goto out_put; 966bbb1e54dSMiklos Szeredi 967b9343632SChandan Rajendra memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr); 968e6d2ebddSMiklos Szeredi dentry->d_fsdata = oe; 969e6d2ebddSMiklos Szeredi 970c62520a8SAmir Goldstein if (upperopaque) 971c62520a8SAmir Goldstein ovl_dentry_set_opaque(dentry); 972c62520a8SAmir Goldstein 97355acc661SMiklos Szeredi if (upperdentry) 97455acc661SMiklos Szeredi ovl_dentry_set_upper_alias(dentry); 97555acc661SMiklos Szeredi else if (index) 976359f392cSAmir Goldstein upperdentry = dget(index); 977359f392cSAmir Goldstein 978e6d2ebddSMiklos Szeredi if (upperdentry || ctr) { 9790aceb53eSAmir Goldstein inode = ovl_get_inode(dentry->d_sb, upperdentry, origin, index, 9800aceb53eSAmir Goldstein ctr); 981b9ac5c27SMiklos Szeredi err = PTR_ERR(inode); 982b9ac5c27SMiklos Szeredi if (IS_ERR(inode)) 983e6d2ebddSMiklos Szeredi goto out_free_oe; 984cf31c463SMiklos Szeredi 985cf31c463SMiklos Szeredi OVL_I(inode)->redirect = upperredirect; 986359f392cSAmir Goldstein if (index) 987359f392cSAmir Goldstein ovl_set_flag(OVL_INDEX, inode); 988e6d2ebddSMiklos Szeredi } 989e6d2ebddSMiklos Szeredi 990e6d2ebddSMiklos Szeredi revert_creds(old_cred); 991359f392cSAmir Goldstein dput(index); 992bbb1e54dSMiklos Szeredi kfree(stack); 99302b69b28SMiklos Szeredi kfree(d.redirect); 994829c28beSAmir Goldstein return d_splice_alias(inode, dentry); 995bbb1e54dSMiklos Szeredi 996bbb1e54dSMiklos Szeredi out_free_oe: 997e6d2ebddSMiklos Szeredi dentry->d_fsdata = NULL; 998bbb1e54dSMiklos Szeredi kfree(oe); 999bbb1e54dSMiklos Szeredi out_put: 1000359f392cSAmir Goldstein dput(index); 1001bbb1e54dSMiklos Szeredi for (i = 0; i < ctr; i++) 1002bbb1e54dSMiklos Szeredi dput(stack[i].dentry); 1003bbb1e54dSMiklos Szeredi kfree(stack); 1004bbb1e54dSMiklos Szeredi out_put_upper: 1005bbb1e54dSMiklos Szeredi dput(upperdentry); 100602b69b28SMiklos Szeredi kfree(upperredirect); 1007bbb1e54dSMiklos Szeredi out: 100802b69b28SMiklos Szeredi kfree(d.redirect); 1009bbb1e54dSMiklos Szeredi revert_creds(old_cred); 1010bbb1e54dSMiklos Szeredi return ERR_PTR(err); 1011bbb1e54dSMiklos Szeredi } 1012bbb1e54dSMiklos Szeredi 1013bbb1e54dSMiklos Szeredi bool ovl_lower_positive(struct dentry *dentry) 1014bbb1e54dSMiklos Szeredi { 1015bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 1016bbb1e54dSMiklos Szeredi const struct qstr *name = &dentry->d_name; 10176d0a8a90SAmir Goldstein const struct cred *old_cred; 1018bbb1e54dSMiklos Szeredi unsigned int i; 1019bbb1e54dSMiklos Szeredi bool positive = false; 1020bbb1e54dSMiklos Szeredi bool done = false; 1021bbb1e54dSMiklos Szeredi 1022bbb1e54dSMiklos Szeredi /* 1023bbb1e54dSMiklos Szeredi * If dentry is negative, then lower is positive iff this is a 1024bbb1e54dSMiklos Szeredi * whiteout. 1025bbb1e54dSMiklos Szeredi */ 1026bbb1e54dSMiklos Szeredi if (!dentry->d_inode) 1027c62520a8SAmir Goldstein return ovl_dentry_is_opaque(dentry); 1028bbb1e54dSMiklos Szeredi 1029bbb1e54dSMiklos Szeredi /* Negative upper -> positive lower */ 103009d8b586SMiklos Szeredi if (!ovl_dentry_upper(dentry)) 1031bbb1e54dSMiklos Szeredi return true; 1032bbb1e54dSMiklos Szeredi 10336d0a8a90SAmir Goldstein old_cred = ovl_override_creds(dentry->d_sb); 1034bbb1e54dSMiklos Szeredi /* Positive upper -> have to look up lower to see whether it exists */ 1035bbb1e54dSMiklos Szeredi for (i = 0; !done && !positive && i < poe->numlower; i++) { 1036bbb1e54dSMiklos Szeredi struct dentry *this; 1037bbb1e54dSMiklos Szeredi struct dentry *lowerdir = poe->lowerstack[i].dentry; 1038bbb1e54dSMiklos Szeredi 1039bbb1e54dSMiklos Szeredi this = lookup_one_len_unlocked(name->name, lowerdir, 1040bbb1e54dSMiklos Szeredi name->len); 1041bbb1e54dSMiklos Szeredi if (IS_ERR(this)) { 1042bbb1e54dSMiklos Szeredi switch (PTR_ERR(this)) { 1043bbb1e54dSMiklos Szeredi case -ENOENT: 1044bbb1e54dSMiklos Szeredi case -ENAMETOOLONG: 1045bbb1e54dSMiklos Szeredi break; 1046bbb1e54dSMiklos Szeredi 1047bbb1e54dSMiklos Szeredi default: 1048bbb1e54dSMiklos Szeredi /* 1049bbb1e54dSMiklos Szeredi * Assume something is there, we just couldn't 1050bbb1e54dSMiklos Szeredi * access it. 1051bbb1e54dSMiklos Szeredi */ 1052bbb1e54dSMiklos Szeredi positive = true; 1053bbb1e54dSMiklos Szeredi break; 1054bbb1e54dSMiklos Szeredi } 1055bbb1e54dSMiklos Szeredi } else { 1056bbb1e54dSMiklos Szeredi if (this->d_inode) { 1057bbb1e54dSMiklos Szeredi positive = !ovl_is_whiteout(this); 1058bbb1e54dSMiklos Szeredi done = true; 1059bbb1e54dSMiklos Szeredi } 1060bbb1e54dSMiklos Szeredi dput(this); 1061bbb1e54dSMiklos Szeredi } 1062bbb1e54dSMiklos Szeredi } 10636d0a8a90SAmir Goldstein revert_creds(old_cred); 1064bbb1e54dSMiklos Szeredi 1065bbb1e54dSMiklos Szeredi return positive; 1066bbb1e54dSMiklos Szeredi } 1067