1bbb1e54dSMiklos Szeredi /* 2bbb1e54dSMiklos Szeredi * Copyright (C) 2011 Novell Inc. 3bbb1e54dSMiklos Szeredi * Copyright (C) 2016 Red Hat, Inc. 4bbb1e54dSMiklos Szeredi * 5bbb1e54dSMiklos Szeredi * This program is free software; you can redistribute it and/or modify it 6bbb1e54dSMiklos Szeredi * under the terms of the GNU General Public License version 2 as published by 7bbb1e54dSMiklos Szeredi * the Free Software Foundation. 8bbb1e54dSMiklos Szeredi */ 9bbb1e54dSMiklos Szeredi 10bbb1e54dSMiklos Szeredi #include <linux/fs.h> 115b825c3aSIngo Molnar #include <linux/cred.h> 12bbb1e54dSMiklos Szeredi #include <linux/namei.h> 13bbb1e54dSMiklos Szeredi #include <linux/xattr.h> 1402b69b28SMiklos Szeredi #include <linux/ratelimit.h> 15a9d01957SAmir Goldstein #include <linux/mount.h> 16a9d01957SAmir Goldstein #include <linux/exportfs.h> 17bbb1e54dSMiklos Szeredi #include "overlayfs.h" 18bbb1e54dSMiklos Szeredi 19e28edc46SMiklos Szeredi struct ovl_lookup_data { 20e28edc46SMiklos Szeredi struct qstr name; 21e28edc46SMiklos Szeredi bool is_dir; 22e28edc46SMiklos Szeredi bool opaque; 23e28edc46SMiklos Szeredi bool stop; 24e28edc46SMiklos Szeredi bool last; 2502b69b28SMiklos Szeredi char *redirect; 26e28edc46SMiklos Szeredi }; 27bbb1e54dSMiklos Szeredi 2802b69b28SMiklos Szeredi static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, 2902b69b28SMiklos Szeredi size_t prelen, const char *post) 3002b69b28SMiklos Szeredi { 3102b69b28SMiklos Szeredi int res; 3202b69b28SMiklos Szeredi char *s, *next, *buf = NULL; 3302b69b28SMiklos Szeredi 3402b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); 3502b69b28SMiklos Szeredi if (res < 0) { 3602b69b28SMiklos Szeredi if (res == -ENODATA || res == -EOPNOTSUPP) 3702b69b28SMiklos Szeredi return 0; 3802b69b28SMiklos Szeredi goto fail; 3902b69b28SMiklos Szeredi } 400ee931c4SMichal Hocko buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL); 4102b69b28SMiklos Szeredi if (!buf) 4202b69b28SMiklos Szeredi return -ENOMEM; 4302b69b28SMiklos Szeredi 4402b69b28SMiklos Szeredi if (res == 0) 4502b69b28SMiklos Szeredi goto invalid; 4602b69b28SMiklos Szeredi 4702b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); 4802b69b28SMiklos Szeredi if (res < 0) 4902b69b28SMiklos Szeredi goto fail; 5002b69b28SMiklos Szeredi if (res == 0) 5102b69b28SMiklos Szeredi goto invalid; 5202b69b28SMiklos Szeredi if (buf[0] == '/') { 5302b69b28SMiklos Szeredi for (s = buf; *s++ == '/'; s = next) { 5402b69b28SMiklos Szeredi next = strchrnul(s, '/'); 5502b69b28SMiklos Szeredi if (s == next) 5602b69b28SMiklos Szeredi goto invalid; 5702b69b28SMiklos Szeredi } 5802b69b28SMiklos Szeredi } else { 5902b69b28SMiklos Szeredi if (strchr(buf, '/') != NULL) 6002b69b28SMiklos Szeredi goto invalid; 6102b69b28SMiklos Szeredi 6202b69b28SMiklos Szeredi memmove(buf + prelen, buf, res); 6302b69b28SMiklos Szeredi memcpy(buf, d->name.name, prelen); 6402b69b28SMiklos Szeredi } 6502b69b28SMiklos Szeredi 6602b69b28SMiklos Szeredi strcat(buf, post); 6702b69b28SMiklos Szeredi kfree(d->redirect); 6802b69b28SMiklos Szeredi d->redirect = buf; 6902b69b28SMiklos Szeredi d->name.name = d->redirect; 7002b69b28SMiklos Szeredi d->name.len = strlen(d->redirect); 7102b69b28SMiklos Szeredi 7202b69b28SMiklos Szeredi return 0; 7302b69b28SMiklos Szeredi 7402b69b28SMiklos Szeredi err_free: 7502b69b28SMiklos Szeredi kfree(buf); 7602b69b28SMiklos Szeredi return 0; 7702b69b28SMiklos Szeredi fail: 7802b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); 7902b69b28SMiklos Szeredi goto err_free; 8002b69b28SMiklos Szeredi invalid: 8102b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); 8202b69b28SMiklos Szeredi goto err_free; 8302b69b28SMiklos Szeredi } 8402b69b28SMiklos Szeredi 85a9d01957SAmir Goldstein static int ovl_acceptable(void *ctx, struct dentry *dentry) 86a9d01957SAmir Goldstein { 87e8f9e5b7SAmir Goldstein /* 88e8f9e5b7SAmir Goldstein * A non-dir origin may be disconnected, which is fine, because 89e8f9e5b7SAmir Goldstein * we only need it for its unique inode number. 90e8f9e5b7SAmir Goldstein */ 91e8f9e5b7SAmir Goldstein if (!d_is_dir(dentry)) 92a9d01957SAmir Goldstein return 1; 93e8f9e5b7SAmir Goldstein 94e8f9e5b7SAmir Goldstein /* Don't decode a deleted empty directory */ 95e8f9e5b7SAmir Goldstein if (d_unhashed(dentry)) 96e8f9e5b7SAmir Goldstein return 0; 97e8f9e5b7SAmir Goldstein 98e8f9e5b7SAmir Goldstein /* Check if directory belongs to the layer we are decoding from */ 99e8f9e5b7SAmir Goldstein return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root); 100a9d01957SAmir Goldstein } 101a9d01957SAmir Goldstein 1022e1a5328SAmir Goldstein /* 1032e1a5328SAmir Goldstein * Check validity of an overlay file handle buffer. 1042e1a5328SAmir Goldstein * 1052e1a5328SAmir Goldstein * Return 0 for a valid file handle. 1062e1a5328SAmir Goldstein * Return -ENODATA for "origin unknown". 1072e1a5328SAmir Goldstein * Return <0 for an invalid file handle. 1082e1a5328SAmir Goldstein */ 1092e1a5328SAmir Goldstein static int ovl_check_fh_len(struct ovl_fh *fh, int fh_len) 1102e1a5328SAmir Goldstein { 1112e1a5328SAmir Goldstein if (fh_len < sizeof(struct ovl_fh) || fh_len < fh->len) 1122e1a5328SAmir Goldstein return -EINVAL; 1132e1a5328SAmir Goldstein 1142e1a5328SAmir Goldstein if (fh->magic != OVL_FH_MAGIC) 1152e1a5328SAmir Goldstein return -EINVAL; 1162e1a5328SAmir Goldstein 1172e1a5328SAmir Goldstein /* Treat larger version and unknown flags as "origin unknown" */ 1182e1a5328SAmir Goldstein if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) 1192e1a5328SAmir Goldstein return -ENODATA; 1202e1a5328SAmir Goldstein 1212e1a5328SAmir Goldstein /* Treat endianness mismatch as "origin unknown" */ 1222e1a5328SAmir Goldstein if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && 1232e1a5328SAmir Goldstein (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 1242e1a5328SAmir Goldstein return -ENODATA; 1252e1a5328SAmir Goldstein 1262e1a5328SAmir Goldstein return 0; 1272e1a5328SAmir Goldstein } 1282e1a5328SAmir Goldstein 12905122443SAmir Goldstein static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name) 130a9d01957SAmir Goldstein { 1312e1a5328SAmir Goldstein int res, err; 132a9d01957SAmir Goldstein struct ovl_fh *fh = NULL; 133a9d01957SAmir Goldstein 13405122443SAmir Goldstein res = vfs_getxattr(dentry, name, NULL, 0); 135a9d01957SAmir Goldstein if (res < 0) { 136a9d01957SAmir Goldstein if (res == -ENODATA || res == -EOPNOTSUPP) 137a9d01957SAmir Goldstein return NULL; 138a9d01957SAmir Goldstein goto fail; 139a9d01957SAmir Goldstein } 140a9d01957SAmir Goldstein /* Zero size value means "copied up but origin unknown" */ 141a9d01957SAmir Goldstein if (res == 0) 142a9d01957SAmir Goldstein return NULL; 143a9d01957SAmir Goldstein 1440ee931c4SMichal Hocko fh = kzalloc(res, GFP_KERNEL); 145a9d01957SAmir Goldstein if (!fh) 146a9d01957SAmir Goldstein return ERR_PTR(-ENOMEM); 147a9d01957SAmir Goldstein 14805122443SAmir Goldstein res = vfs_getxattr(dentry, name, fh, res); 149a9d01957SAmir Goldstein if (res < 0) 150a9d01957SAmir Goldstein goto fail; 151a9d01957SAmir Goldstein 1522e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, res); 1532e1a5328SAmir Goldstein if (err < 0) { 1542e1a5328SAmir Goldstein if (err == -ENODATA) 155a9d01957SAmir Goldstein goto out; 1562e1a5328SAmir Goldstein goto invalid; 1572e1a5328SAmir Goldstein } 158a9d01957SAmir Goldstein 1598b88a2e6SAmir Goldstein return fh; 1608b88a2e6SAmir Goldstein 1618b88a2e6SAmir Goldstein out: 1628b88a2e6SAmir Goldstein kfree(fh); 1638b88a2e6SAmir Goldstein return NULL; 1648b88a2e6SAmir Goldstein 1658b88a2e6SAmir Goldstein fail: 1668b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); 1678b88a2e6SAmir Goldstein goto out; 1688b88a2e6SAmir Goldstein invalid: 1698b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); 1708b88a2e6SAmir Goldstein goto out; 1718b88a2e6SAmir Goldstein } 1728b88a2e6SAmir Goldstein 1732e1a5328SAmir Goldstein static struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt) 1748b88a2e6SAmir Goldstein { 175e8f9e5b7SAmir Goldstein struct dentry *real; 1768b88a2e6SAmir Goldstein int bytes; 1778b88a2e6SAmir Goldstein 178a9d01957SAmir Goldstein /* 179a9d01957SAmir Goldstein * Make sure that the stored uuid matches the uuid of the lower 180a9d01957SAmir Goldstein * layer where file handle will be decoded. 181a9d01957SAmir Goldstein */ 18285787090SChristoph Hellwig if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) 1832e1a5328SAmir Goldstein return NULL; 184a9d01957SAmir Goldstein 1858b88a2e6SAmir Goldstein bytes = (fh->len - offsetof(struct ovl_fh, fid)); 186e8f9e5b7SAmir Goldstein real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, 187a9d01957SAmir Goldstein bytes >> 2, (int)fh->type, 188e8f9e5b7SAmir Goldstein ovl_acceptable, mnt); 189e8f9e5b7SAmir Goldstein if (IS_ERR(real)) { 190e8f9e5b7SAmir Goldstein /* 191e8f9e5b7SAmir Goldstein * Treat stale file handle to lower file as "origin unknown". 192e8f9e5b7SAmir Goldstein * upper file handle could become stale when upper file is 193e8f9e5b7SAmir Goldstein * unlinked and this information is needed to handle stale 194e8f9e5b7SAmir Goldstein * index entries correctly. 195e8f9e5b7SAmir Goldstein */ 196e8f9e5b7SAmir Goldstein if (real == ERR_PTR(-ESTALE) && 197e8f9e5b7SAmir Goldstein !(fh->flags & OVL_FH_FLAG_PATH_UPPER)) 198e8f9e5b7SAmir Goldstein real = NULL; 199e8f9e5b7SAmir Goldstein return real; 200a9d01957SAmir Goldstein } 201a9d01957SAmir Goldstein 202e8f9e5b7SAmir Goldstein if (ovl_dentry_weird(real)) { 203e8f9e5b7SAmir Goldstein dput(real); 2042e1a5328SAmir Goldstein return NULL; 2052e1a5328SAmir Goldstein } 2062e1a5328SAmir Goldstein 207e8f9e5b7SAmir Goldstein return real; 208a9d01957SAmir Goldstein } 209a9d01957SAmir Goldstein 210ee1d6d37SAmir Goldstein static bool ovl_is_opaquedir(struct dentry *dentry) 211ee1d6d37SAmir Goldstein { 212ee1d6d37SAmir Goldstein return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE); 213ee1d6d37SAmir Goldstein } 214ee1d6d37SAmir Goldstein 215e28edc46SMiklos Szeredi static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 216e28edc46SMiklos Szeredi const char *name, unsigned int namelen, 21702b69b28SMiklos Szeredi size_t prelen, const char *post, 218e28edc46SMiklos Szeredi struct dentry **ret) 219e28edc46SMiklos Szeredi { 220e28edc46SMiklos Szeredi struct dentry *this; 221e28edc46SMiklos Szeredi int err; 222e28edc46SMiklos Szeredi 223e28edc46SMiklos Szeredi this = lookup_one_len_unlocked(name, base, namelen); 224e28edc46SMiklos Szeredi if (IS_ERR(this)) { 225e28edc46SMiklos Szeredi err = PTR_ERR(this); 226e28edc46SMiklos Szeredi this = NULL; 227e28edc46SMiklos Szeredi if (err == -ENOENT || err == -ENAMETOOLONG) 228e28edc46SMiklos Szeredi goto out; 229e28edc46SMiklos Szeredi goto out_err; 230e28edc46SMiklos Szeredi } 231e28edc46SMiklos Szeredi if (!this->d_inode) 232e28edc46SMiklos Szeredi goto put_and_out; 233e28edc46SMiklos Szeredi 234e28edc46SMiklos Szeredi if (ovl_dentry_weird(this)) { 235e28edc46SMiklos Szeredi /* Don't support traversing automounts and other weirdness */ 236e28edc46SMiklos Szeredi err = -EREMOTE; 237e28edc46SMiklos Szeredi goto out_err; 238e28edc46SMiklos Szeredi } 239e28edc46SMiklos Szeredi if (ovl_is_whiteout(this)) { 240e28edc46SMiklos Szeredi d->stop = d->opaque = true; 241e28edc46SMiklos Szeredi goto put_and_out; 242e28edc46SMiklos Szeredi } 243e28edc46SMiklos Szeredi if (!d_can_lookup(this)) { 244e28edc46SMiklos Szeredi d->stop = true; 245e28edc46SMiklos Szeredi if (d->is_dir) 246e28edc46SMiklos Szeredi goto put_and_out; 247e28edc46SMiklos Szeredi goto out; 248e28edc46SMiklos Szeredi } 249e28edc46SMiklos Szeredi d->is_dir = true; 250e28edc46SMiklos Szeredi if (!d->last && ovl_is_opaquedir(this)) { 251e28edc46SMiklos Szeredi d->stop = d->opaque = true; 252e28edc46SMiklos Szeredi goto out; 253e28edc46SMiklos Szeredi } 25402b69b28SMiklos Szeredi err = ovl_check_redirect(this, d, prelen, post); 25502b69b28SMiklos Szeredi if (err) 25602b69b28SMiklos Szeredi goto out_err; 257e28edc46SMiklos Szeredi out: 258e28edc46SMiklos Szeredi *ret = this; 259e28edc46SMiklos Szeredi return 0; 260e28edc46SMiklos Szeredi 261e28edc46SMiklos Szeredi put_and_out: 262e28edc46SMiklos Szeredi dput(this); 263e28edc46SMiklos Szeredi this = NULL; 264e28edc46SMiklos Szeredi goto out; 265e28edc46SMiklos Szeredi 266e28edc46SMiklos Szeredi out_err: 267e28edc46SMiklos Szeredi dput(this); 268e28edc46SMiklos Szeredi return err; 269e28edc46SMiklos Szeredi } 270e28edc46SMiklos Szeredi 271e28edc46SMiklos Szeredi static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 272e28edc46SMiklos Szeredi struct dentry **ret) 273e28edc46SMiklos Szeredi { 2744c7d0c9cSAmir Goldstein /* Counting down from the end, since the prefix can change */ 2754c7d0c9cSAmir Goldstein size_t rem = d->name.len - 1; 27602b69b28SMiklos Szeredi struct dentry *dentry = NULL; 27702b69b28SMiklos Szeredi int err; 27802b69b28SMiklos Szeredi 2794c7d0c9cSAmir Goldstein if (d->name.name[0] != '/') 28002b69b28SMiklos Szeredi return ovl_lookup_single(base, d, d->name.name, d->name.len, 28102b69b28SMiklos Szeredi 0, "", ret); 28202b69b28SMiklos Szeredi 2834c7d0c9cSAmir Goldstein while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 2844c7d0c9cSAmir Goldstein const char *s = d->name.name + d->name.len - rem; 28502b69b28SMiklos Szeredi const char *next = strchrnul(s, '/'); 2864c7d0c9cSAmir Goldstein size_t thislen = next - s; 2874c7d0c9cSAmir Goldstein bool end = !next[0]; 28802b69b28SMiklos Szeredi 2894c7d0c9cSAmir Goldstein /* Verify we did not go off the rails */ 2904c7d0c9cSAmir Goldstein if (WARN_ON(s[-1] != '/')) 29102b69b28SMiklos Szeredi return -EIO; 29202b69b28SMiklos Szeredi 2934c7d0c9cSAmir Goldstein err = ovl_lookup_single(base, d, s, thislen, 2944c7d0c9cSAmir Goldstein d->name.len - rem, next, &base); 29502b69b28SMiklos Szeredi dput(dentry); 29602b69b28SMiklos Szeredi if (err) 29702b69b28SMiklos Szeredi return err; 29802b69b28SMiklos Szeredi dentry = base; 2994c7d0c9cSAmir Goldstein if (end) 3004c7d0c9cSAmir Goldstein break; 3014c7d0c9cSAmir Goldstein 3024c7d0c9cSAmir Goldstein rem -= thislen + 1; 3034c7d0c9cSAmir Goldstein 3044c7d0c9cSAmir Goldstein if (WARN_ON(rem >= d->name.len)) 3054c7d0c9cSAmir Goldstein return -EIO; 30602b69b28SMiklos Szeredi } 30702b69b28SMiklos Szeredi *ret = dentry; 30802b69b28SMiklos Szeredi return 0; 309e28edc46SMiklos Szeredi } 310e28edc46SMiklos Szeredi 311a9d01957SAmir Goldstein 3121eff1a1dSAmir Goldstein static int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, 3131eff1a1dSAmir Goldstein struct dentry *upperdentry, 3142e1a5328SAmir Goldstein struct ovl_path **stackp) 315a9d01957SAmir Goldstein { 316f7d3dacaSAmir Goldstein struct dentry *origin = NULL; 317f7d3dacaSAmir Goldstein int i; 318a9d01957SAmir Goldstein 3191eff1a1dSAmir Goldstein for (i = 0; i < ofs->numlower; i++) { 3201eff1a1dSAmir Goldstein origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt); 321f7d3dacaSAmir Goldstein if (origin) 322f7d3dacaSAmir Goldstein break; 323f7d3dacaSAmir Goldstein } 324f7d3dacaSAmir Goldstein 325f7d3dacaSAmir Goldstein if (!origin) 3262e1a5328SAmir Goldstein return -ESTALE; 3272e1a5328SAmir Goldstein else if (IS_ERR(origin)) 3282e1a5328SAmir Goldstein return PTR_ERR(origin); 329f7d3dacaSAmir Goldstein 3302e1a5328SAmir Goldstein if (!ovl_is_whiteout(upperdentry) && 3312e1a5328SAmir Goldstein ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT)) 3322e1a5328SAmir Goldstein goto invalid; 3332e1a5328SAmir Goldstein 334415543d5SAmir Goldstein if (!*stackp) 335b9343632SChandan Rajendra *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL); 336a9d01957SAmir Goldstein if (!*stackp) { 337a9d01957SAmir Goldstein dput(origin); 338a9d01957SAmir Goldstein return -ENOMEM; 339a9d01957SAmir Goldstein } 3401eff1a1dSAmir Goldstein **stackp = (struct ovl_path){ 3411eff1a1dSAmir Goldstein .dentry = origin, 3421eff1a1dSAmir Goldstein .layer = &ofs->lower_layers[i] 3431eff1a1dSAmir Goldstein }; 344a9d01957SAmir Goldstein 345a9d01957SAmir Goldstein return 0; 3462e1a5328SAmir Goldstein 3472e1a5328SAmir Goldstein invalid: 3482e1a5328SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n", 3492e1a5328SAmir Goldstein upperdentry, d_inode(upperdentry)->i_mode & S_IFMT, 3502e1a5328SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 3512e1a5328SAmir Goldstein dput(origin); 3522e1a5328SAmir Goldstein return -EIO; 3532e1a5328SAmir Goldstein } 3542e1a5328SAmir Goldstein 3551eff1a1dSAmir Goldstein static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry, 3562e1a5328SAmir Goldstein struct ovl_path **stackp, unsigned int *ctrp) 3572e1a5328SAmir Goldstein { 35805122443SAmir Goldstein struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN); 3592e1a5328SAmir Goldstein int err; 3602e1a5328SAmir Goldstein 3612e1a5328SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 3622e1a5328SAmir Goldstein return PTR_ERR(fh); 3632e1a5328SAmir Goldstein 3641eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp); 3652e1a5328SAmir Goldstein kfree(fh); 3662e1a5328SAmir Goldstein 3672e1a5328SAmir Goldstein if (err) { 3682e1a5328SAmir Goldstein if (err == -ESTALE) 3692e1a5328SAmir Goldstein return 0; 3702e1a5328SAmir Goldstein return err; 3712e1a5328SAmir Goldstein } 3722e1a5328SAmir Goldstein 3732e1a5328SAmir Goldstein if (WARN_ON(*ctrp)) 3742e1a5328SAmir Goldstein return -EIO; 3752e1a5328SAmir Goldstein 3762e1a5328SAmir Goldstein *ctrp = 1; 3772e1a5328SAmir Goldstein return 0; 378a9d01957SAmir Goldstein } 379a9d01957SAmir Goldstein 380bbb1e54dSMiklos Szeredi /* 38105122443SAmir Goldstein * Verify that @fh matches the file handle stored in xattr @name. 3828b88a2e6SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, < 0 on error. 3838b88a2e6SAmir Goldstein */ 38405122443SAmir Goldstein static int ovl_verify_fh(struct dentry *dentry, const char *name, 38505122443SAmir Goldstein const struct ovl_fh *fh) 3868b88a2e6SAmir Goldstein { 38705122443SAmir Goldstein struct ovl_fh *ofh = ovl_get_fh(dentry, name); 3888b88a2e6SAmir Goldstein int err = 0; 3898b88a2e6SAmir Goldstein 3908b88a2e6SAmir Goldstein if (!ofh) 3918b88a2e6SAmir Goldstein return -ENODATA; 3928b88a2e6SAmir Goldstein 3938b88a2e6SAmir Goldstein if (IS_ERR(ofh)) 3948b88a2e6SAmir Goldstein return PTR_ERR(ofh); 3958b88a2e6SAmir Goldstein 3968b88a2e6SAmir Goldstein if (fh->len != ofh->len || memcmp(fh, ofh, fh->len)) 3978b88a2e6SAmir Goldstein err = -ESTALE; 3988b88a2e6SAmir Goldstein 3998b88a2e6SAmir Goldstein kfree(ofh); 4008b88a2e6SAmir Goldstein return err; 4018b88a2e6SAmir Goldstein } 4028b88a2e6SAmir Goldstein 4038b88a2e6SAmir Goldstein /* 40405122443SAmir Goldstein * Verify that @real dentry matches the file handle stored in xattr @name. 4058b88a2e6SAmir Goldstein * 40605122443SAmir Goldstein * If @set is true and there is no stored file handle, encode @real and store 40705122443SAmir Goldstein * file handle in xattr @name. 4088b88a2e6SAmir Goldstein * 40905122443SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error. 4108b88a2e6SAmir Goldstein */ 41105122443SAmir Goldstein int ovl_verify_set_fh(struct dentry *dentry, const char *name, 41205122443SAmir Goldstein struct dentry *real, bool is_upper, bool set) 4138b88a2e6SAmir Goldstein { 4148b88a2e6SAmir Goldstein struct inode *inode; 4158b88a2e6SAmir Goldstein struct ovl_fh *fh; 4168b88a2e6SAmir Goldstein int err; 4178b88a2e6SAmir Goldstein 41805122443SAmir Goldstein fh = ovl_encode_fh(real, is_upper); 4198b88a2e6SAmir Goldstein err = PTR_ERR(fh); 4208b88a2e6SAmir Goldstein if (IS_ERR(fh)) 4218b88a2e6SAmir Goldstein goto fail; 4228b88a2e6SAmir Goldstein 42305122443SAmir Goldstein err = ovl_verify_fh(dentry, name, fh); 4248b88a2e6SAmir Goldstein if (set && err == -ENODATA) 42505122443SAmir Goldstein err = ovl_do_setxattr(dentry, name, fh, fh->len, 0); 4268b88a2e6SAmir Goldstein if (err) 4278b88a2e6SAmir Goldstein goto fail; 4288b88a2e6SAmir Goldstein 4298b88a2e6SAmir Goldstein out: 4308b88a2e6SAmir Goldstein kfree(fh); 4318b88a2e6SAmir Goldstein return err; 4328b88a2e6SAmir Goldstein 4338b88a2e6SAmir Goldstein fail: 43405122443SAmir Goldstein inode = d_inode(real); 43505122443SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n", 43605122443SAmir Goldstein is_upper ? "upper" : "origin", real, 43705122443SAmir Goldstein inode ? inode->i_ino : 0, err); 4388b88a2e6SAmir Goldstein goto out; 4398b88a2e6SAmir Goldstein } 4408b88a2e6SAmir Goldstein 441e8f9e5b7SAmir Goldstein /* Get upper dentry from index */ 442e8f9e5b7SAmir Goldstein static struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index) 443e8f9e5b7SAmir Goldstein { 444e8f9e5b7SAmir Goldstein struct ovl_fh *fh; 445e8f9e5b7SAmir Goldstein struct dentry *upper; 446e8f9e5b7SAmir Goldstein 447e8f9e5b7SAmir Goldstein if (!d_is_dir(index)) 448e8f9e5b7SAmir Goldstein return dget(index); 449e8f9e5b7SAmir Goldstein 450e8f9e5b7SAmir Goldstein fh = ovl_get_fh(index, OVL_XATTR_UPPER); 451e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 452e8f9e5b7SAmir Goldstein return ERR_CAST(fh); 453e8f9e5b7SAmir Goldstein 454e8f9e5b7SAmir Goldstein upper = ovl_decode_fh(fh, ofs->upper_mnt); 455e8f9e5b7SAmir Goldstein kfree(fh); 456e8f9e5b7SAmir Goldstein 457e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) 458e8f9e5b7SAmir Goldstein return upper ?: ERR_PTR(-ESTALE); 459e8f9e5b7SAmir Goldstein 460e8f9e5b7SAmir Goldstein if (!d_is_dir(upper)) { 461e8f9e5b7SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n", 462e8f9e5b7SAmir Goldstein index, upper); 463e8f9e5b7SAmir Goldstein dput(upper); 464e8f9e5b7SAmir Goldstein return ERR_PTR(-EIO); 465e8f9e5b7SAmir Goldstein } 466e8f9e5b7SAmir Goldstein 467e8f9e5b7SAmir Goldstein return upper; 468e8f9e5b7SAmir Goldstein } 469e8f9e5b7SAmir Goldstein 4708b88a2e6SAmir Goldstein /* 471415543d5SAmir Goldstein * Verify that an index entry name matches the origin file handle stored in 472415543d5SAmir Goldstein * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path. 473415543d5SAmir Goldstein * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error. 474415543d5SAmir Goldstein */ 4751eff1a1dSAmir Goldstein int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index) 476415543d5SAmir Goldstein { 477415543d5SAmir Goldstein struct ovl_fh *fh = NULL; 478415543d5SAmir Goldstein size_t len; 479b9343632SChandan Rajendra struct ovl_path origin = { }; 480b9343632SChandan Rajendra struct ovl_path *stack = &origin; 481e8f9e5b7SAmir Goldstein struct dentry *upper = NULL; 482415543d5SAmir Goldstein int err; 483415543d5SAmir Goldstein 484415543d5SAmir Goldstein if (!d_inode(index)) 485415543d5SAmir Goldstein return 0; 486415543d5SAmir Goldstein 487fa0096e3SAmir Goldstein err = -EINVAL; 488415543d5SAmir Goldstein if (index->d_name.len < sizeof(struct ovl_fh)*2) 489415543d5SAmir Goldstein goto fail; 490415543d5SAmir Goldstein 491415543d5SAmir Goldstein err = -ENOMEM; 492415543d5SAmir Goldstein len = index->d_name.len / 2; 4930ee931c4SMichal Hocko fh = kzalloc(len, GFP_KERNEL); 494415543d5SAmir Goldstein if (!fh) 495415543d5SAmir Goldstein goto fail; 496415543d5SAmir Goldstein 497415543d5SAmir Goldstein err = -EINVAL; 4982e1a5328SAmir Goldstein if (hex2bin((u8 *)fh, index->d_name.name, len)) 4992e1a5328SAmir Goldstein goto fail; 5002e1a5328SAmir Goldstein 5012e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, len); 5022e1a5328SAmir Goldstein if (err) 503415543d5SAmir Goldstein goto fail; 504415543d5SAmir Goldstein 5057db25d36SAmir Goldstein /* 5067db25d36SAmir Goldstein * Whiteout index entries are used as an indication that an exported 5077db25d36SAmir Goldstein * overlay file handle should be treated as stale (i.e. after unlink 5087db25d36SAmir Goldstein * of the overlay inode). These entries contain no origin xattr. 5097db25d36SAmir Goldstein */ 5107db25d36SAmir Goldstein if (ovl_is_whiteout(index)) 5117db25d36SAmir Goldstein goto out; 5127db25d36SAmir Goldstein 513e8f9e5b7SAmir Goldstein /* 514e8f9e5b7SAmir Goldstein * Verifying directory index entries are not stale is expensive, so 515e8f9e5b7SAmir Goldstein * only verify stale dir index if NFS export is enabled. 516e8f9e5b7SAmir Goldstein */ 517e8f9e5b7SAmir Goldstein if (d_is_dir(index) && !ofs->config.nfs_export) 518e8f9e5b7SAmir Goldstein goto out; 519e8f9e5b7SAmir Goldstein 520e8f9e5b7SAmir Goldstein /* 521e8f9e5b7SAmir Goldstein * Directory index entries should have 'upper' xattr pointing to the 522e8f9e5b7SAmir Goldstein * real upper dir. Non-dir index entries are hardlinks to the upper 523e8f9e5b7SAmir Goldstein * real inode. For non-dir index, we can read the copy up origin xattr 524e8f9e5b7SAmir Goldstein * directly from the index dentry, but for dir index we first need to 525e8f9e5b7SAmir Goldstein * decode the upper directory. 526e8f9e5b7SAmir Goldstein */ 527e8f9e5b7SAmir Goldstein upper = ovl_index_upper(ofs, index); 528e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) { 529e8f9e5b7SAmir Goldstein err = PTR_ERR(upper); 530e8f9e5b7SAmir Goldstein if (!err) 531e8f9e5b7SAmir Goldstein err = -ESTALE; 532e8f9e5b7SAmir Goldstein goto fail; 533e8f9e5b7SAmir Goldstein } 534e8f9e5b7SAmir Goldstein 535e8f9e5b7SAmir Goldstein err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh); 536e8f9e5b7SAmir Goldstein dput(upper); 537415543d5SAmir Goldstein if (err) 538415543d5SAmir Goldstein goto fail; 539415543d5SAmir Goldstein 540e8f9e5b7SAmir Goldstein /* Check if non-dir index is orphan and don't warn before cleaning it */ 541e8f9e5b7SAmir Goldstein if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) { 5421eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, index, &stack); 543415543d5SAmir Goldstein if (err) 544415543d5SAmir Goldstein goto fail; 545415543d5SAmir Goldstein 546e8f9e5b7SAmir Goldstein if (ovl_get_nlink(origin.dentry, index, 0) == 0) 547caf70cb2SAmir Goldstein err = -ENOENT; 548e8f9e5b7SAmir Goldstein } 549caf70cb2SAmir Goldstein 550415543d5SAmir Goldstein out: 551e8f9e5b7SAmir Goldstein dput(origin.dentry); 552415543d5SAmir Goldstein kfree(fh); 553415543d5SAmir Goldstein return err; 554415543d5SAmir Goldstein 555415543d5SAmir Goldstein fail: 55661b67471SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n", 55761b67471SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, err); 558415543d5SAmir Goldstein goto out; 559415543d5SAmir Goldstein } 560415543d5SAmir Goldstein 561415543d5SAmir Goldstein /* 562359f392cSAmir Goldstein * Lookup in indexdir for the index entry of a lower real inode or a copy up 563359f392cSAmir Goldstein * origin inode. The index entry name is the hex representation of the lower 564359f392cSAmir Goldstein * inode file handle. 565359f392cSAmir Goldstein * 566359f392cSAmir Goldstein * If the index dentry in negative, then either no lower aliases have been 567359f392cSAmir Goldstein * copied up yet, or aliases have been copied up in older kernels and are 568359f392cSAmir Goldstein * not indexed. 569359f392cSAmir Goldstein * 570359f392cSAmir Goldstein * If the index dentry for a copy up origin inode is positive, but points 571359f392cSAmir Goldstein * to an inode different than the upper inode, then either the upper inode 572359f392cSAmir Goldstein * has been copied up and not indexed or it was indexed, but since then 573359f392cSAmir Goldstein * index dir was cleared. Either way, that index cannot be used to indentify 574359f392cSAmir Goldstein * the overlay inode. 575359f392cSAmir Goldstein */ 576359f392cSAmir Goldstein int ovl_get_index_name(struct dentry *origin, struct qstr *name) 577359f392cSAmir Goldstein { 578359f392cSAmir Goldstein int err; 579359f392cSAmir Goldstein struct ovl_fh *fh; 580359f392cSAmir Goldstein char *n, *s; 581359f392cSAmir Goldstein 582359f392cSAmir Goldstein fh = ovl_encode_fh(origin, false); 583359f392cSAmir Goldstein if (IS_ERR(fh)) 584359f392cSAmir Goldstein return PTR_ERR(fh); 585359f392cSAmir Goldstein 586359f392cSAmir Goldstein err = -ENOMEM; 5870ee931c4SMichal Hocko n = kzalloc(fh->len * 2, GFP_KERNEL); 588359f392cSAmir Goldstein if (n) { 589359f392cSAmir Goldstein s = bin2hex(n, fh, fh->len); 590359f392cSAmir Goldstein *name = (struct qstr) QSTR_INIT(n, s - n); 591359f392cSAmir Goldstein err = 0; 592359f392cSAmir Goldstein } 593359f392cSAmir Goldstein kfree(fh); 594359f392cSAmir Goldstein 595359f392cSAmir Goldstein return err; 596359f392cSAmir Goldstein 597359f392cSAmir Goldstein } 598359f392cSAmir Goldstein 599359f392cSAmir Goldstein static struct dentry *ovl_lookup_index(struct dentry *dentry, 600359f392cSAmir Goldstein struct dentry *upper, 601359f392cSAmir Goldstein struct dentry *origin) 602359f392cSAmir Goldstein { 603359f392cSAmir Goldstein struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 604359f392cSAmir Goldstein struct dentry *index; 605359f392cSAmir Goldstein struct inode *inode; 606359f392cSAmir Goldstein struct qstr name; 607ad1d615cSAmir Goldstein bool is_dir = d_is_dir(origin); 608359f392cSAmir Goldstein int err; 609359f392cSAmir Goldstein 610359f392cSAmir Goldstein err = ovl_get_index_name(origin, &name); 611359f392cSAmir Goldstein if (err) 612359f392cSAmir Goldstein return ERR_PTR(err); 613359f392cSAmir Goldstein 614359f392cSAmir Goldstein index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); 615359f392cSAmir Goldstein if (IS_ERR(index)) { 616e0082a0fSAmir Goldstein err = PTR_ERR(index); 6177937a56fSAmir Goldstein if (err == -ENOENT) { 6187937a56fSAmir Goldstein index = NULL; 6197937a56fSAmir Goldstein goto out; 6207937a56fSAmir Goldstein } 621359f392cSAmir Goldstein pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n" 622359f392cSAmir Goldstein "overlayfs: mount with '-o index=off' to disable inodes index.\n", 623359f392cSAmir Goldstein d_inode(origin)->i_ino, name.len, name.name, 624359f392cSAmir Goldstein err); 625359f392cSAmir Goldstein goto out; 626359f392cSAmir Goldstein } 627359f392cSAmir Goldstein 6280e082555SAmir Goldstein inode = d_inode(index); 629359f392cSAmir Goldstein if (d_is_negative(index)) { 6306eaf0111SAmir Goldstein goto out_dput; 6310e082555SAmir Goldstein } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || 6320e082555SAmir Goldstein ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) { 6330e082555SAmir Goldstein /* 6340e082555SAmir Goldstein * Index should always be of the same file type as origin 6350e082555SAmir Goldstein * except for the case of a whiteout index. A whiteout 6360e082555SAmir Goldstein * index should only exist if all lower aliases have been 6370e082555SAmir Goldstein * unlinked, which means that finding a lower origin on lookup 6380e082555SAmir Goldstein * whose index is a whiteout should be treated as an error. 6390e082555SAmir Goldstein */ 6400e082555SAmir Goldstein pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n", 6410e082555SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 6420e082555SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 643359f392cSAmir Goldstein goto fail; 644ad1d615cSAmir Goldstein } else if (is_dir) { 645ad1d615cSAmir Goldstein if (!upper) { 646ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n", 647ad1d615cSAmir Goldstein origin, index); 648ad1d615cSAmir Goldstein goto fail; 649359f392cSAmir Goldstein } 650359f392cSAmir Goldstein 651ad1d615cSAmir Goldstein /* Verify that dir index 'upper' xattr points to upper dir */ 652ad1d615cSAmir Goldstein err = ovl_verify_upper(index, upper, false); 653ad1d615cSAmir Goldstein if (err) { 654ad1d615cSAmir Goldstein if (err == -ESTALE) { 655ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n", 656ad1d615cSAmir Goldstein upper, origin, index); 657ad1d615cSAmir Goldstein } 658ad1d615cSAmir Goldstein goto fail; 659ad1d615cSAmir Goldstein } 660ad1d615cSAmir Goldstein } else if (upper && d_inode(upper) != inode) { 661ad1d615cSAmir Goldstein goto out_dput; 662ad1d615cSAmir Goldstein } 663359f392cSAmir Goldstein out: 664359f392cSAmir Goldstein kfree(name.name); 665359f392cSAmir Goldstein return index; 666359f392cSAmir Goldstein 6676eaf0111SAmir Goldstein out_dput: 6686eaf0111SAmir Goldstein dput(index); 6696eaf0111SAmir Goldstein index = NULL; 6706eaf0111SAmir Goldstein goto out; 6716eaf0111SAmir Goldstein 672359f392cSAmir Goldstein fail: 673359f392cSAmir Goldstein dput(index); 674359f392cSAmir Goldstein index = ERR_PTR(-EIO); 675359f392cSAmir Goldstein goto out; 676359f392cSAmir Goldstein } 677359f392cSAmir Goldstein 678359f392cSAmir Goldstein /* 679bbb1e54dSMiklos Szeredi * Returns next layer in stack starting from top. 680bbb1e54dSMiklos Szeredi * Returns -1 if this is the last layer. 681bbb1e54dSMiklos Szeredi */ 682bbb1e54dSMiklos Szeredi int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 683bbb1e54dSMiklos Szeredi { 684bbb1e54dSMiklos Szeredi struct ovl_entry *oe = dentry->d_fsdata; 685bbb1e54dSMiklos Szeredi 686bbb1e54dSMiklos Szeredi BUG_ON(idx < 0); 687bbb1e54dSMiklos Szeredi if (idx == 0) { 688bbb1e54dSMiklos Szeredi ovl_path_upper(dentry, path); 689bbb1e54dSMiklos Szeredi if (path->dentry) 690bbb1e54dSMiklos Szeredi return oe->numlower ? 1 : -1; 691bbb1e54dSMiklos Szeredi idx++; 692bbb1e54dSMiklos Szeredi } 693bbb1e54dSMiklos Szeredi BUG_ON(idx > oe->numlower); 694b9343632SChandan Rajendra path->dentry = oe->lowerstack[idx - 1].dentry; 695b9343632SChandan Rajendra path->mnt = oe->lowerstack[idx - 1].layer->mnt; 696bbb1e54dSMiklos Szeredi 697bbb1e54dSMiklos Szeredi return (idx < oe->numlower) ? idx + 1 : -1; 698bbb1e54dSMiklos Szeredi } 699bbb1e54dSMiklos Szeredi 7009678e630SAmir Goldstein /* Fix missing 'origin' xattr */ 7019678e630SAmir Goldstein static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower, 7029678e630SAmir Goldstein struct dentry *upper) 7039678e630SAmir Goldstein { 7049678e630SAmir Goldstein int err; 7059678e630SAmir Goldstein 7069678e630SAmir Goldstein if (ovl_check_origin_xattr(upper)) 7079678e630SAmir Goldstein return 0; 7089678e630SAmir Goldstein 7099678e630SAmir Goldstein err = ovl_want_write(dentry); 7109678e630SAmir Goldstein if (err) 7119678e630SAmir Goldstein return err; 7129678e630SAmir Goldstein 7139678e630SAmir Goldstein err = ovl_set_origin(dentry, lower, upper); 7149678e630SAmir Goldstein if (!err) 7159678e630SAmir Goldstein err = ovl_set_impure(dentry->d_parent, upper->d_parent); 7169678e630SAmir Goldstein 7179678e630SAmir Goldstein ovl_drop_write(dentry); 7189678e630SAmir Goldstein return err; 7199678e630SAmir Goldstein } 7209678e630SAmir Goldstein 721bbb1e54dSMiklos Szeredi struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 722bbb1e54dSMiklos Szeredi unsigned int flags) 723bbb1e54dSMiklos Szeredi { 724bbb1e54dSMiklos Szeredi struct ovl_entry *oe; 725bbb1e54dSMiklos Szeredi const struct cred *old_cred; 7266b2d5fe4SMiklos Szeredi struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 727bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 728c22205d0SAmir Goldstein struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 729b9343632SChandan Rajendra struct ovl_path *stack = NULL; 730bbb1e54dSMiklos Szeredi struct dentry *upperdir, *upperdentry = NULL; 731ad1d615cSAmir Goldstein struct dentry *origin = NULL; 732359f392cSAmir Goldstein struct dentry *index = NULL; 733bbb1e54dSMiklos Szeredi unsigned int ctr = 0; 734bbb1e54dSMiklos Szeredi struct inode *inode = NULL; 735bbb1e54dSMiklos Szeredi bool upperopaque = false; 73602b69b28SMiklos Szeredi char *upperredirect = NULL; 737bbb1e54dSMiklos Szeredi struct dentry *this; 738bbb1e54dSMiklos Szeredi unsigned int i; 739bbb1e54dSMiklos Szeredi int err; 740e28edc46SMiklos Szeredi struct ovl_lookup_data d = { 741e28edc46SMiklos Szeredi .name = dentry->d_name, 742e28edc46SMiklos Szeredi .is_dir = false, 743e28edc46SMiklos Szeredi .opaque = false, 744e28edc46SMiklos Szeredi .stop = false, 745e28edc46SMiklos Szeredi .last = !poe->numlower, 74602b69b28SMiklos Szeredi .redirect = NULL, 747e28edc46SMiklos Szeredi }; 748bbb1e54dSMiklos Szeredi 7496b2d5fe4SMiklos Szeredi if (dentry->d_name.len > ofs->namelen) 7506b2d5fe4SMiklos Szeredi return ERR_PTR(-ENAMETOOLONG); 7516b2d5fe4SMiklos Szeredi 752bbb1e54dSMiklos Szeredi old_cred = ovl_override_creds(dentry->d_sb); 75309d8b586SMiklos Szeredi upperdir = ovl_dentry_upper(dentry->d_parent); 754bbb1e54dSMiklos Szeredi if (upperdir) { 755e28edc46SMiklos Szeredi err = ovl_lookup_layer(upperdir, &d, &upperdentry); 756e28edc46SMiklos Szeredi if (err) 757bbb1e54dSMiklos Szeredi goto out; 758bbb1e54dSMiklos Szeredi 759e28edc46SMiklos Szeredi if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { 760e28edc46SMiklos Szeredi dput(upperdentry); 761bbb1e54dSMiklos Szeredi err = -EREMOTE; 762bbb1e54dSMiklos Szeredi goto out; 763bbb1e54dSMiklos Szeredi } 764a9d01957SAmir Goldstein if (upperdentry && !d.is_dir) { 765a9d01957SAmir Goldstein BUG_ON(!d.stop || d.redirect); 766f7d3dacaSAmir Goldstein /* 767f7d3dacaSAmir Goldstein * Lookup copy up origin by decoding origin file handle. 768f7d3dacaSAmir Goldstein * We may get a disconnected dentry, which is fine, 769f7d3dacaSAmir Goldstein * because we only need to hold the origin inode in 770f7d3dacaSAmir Goldstein * cache and use its inode number. We may even get a 771f7d3dacaSAmir Goldstein * connected dentry, that is not under any of the lower 772f7d3dacaSAmir Goldstein * layers root. That is also fine for using it's inode 773f7d3dacaSAmir Goldstein * number - it's the same as if we held a reference 774f7d3dacaSAmir Goldstein * to a dentry in lower layer that was moved under us. 775f7d3dacaSAmir Goldstein */ 7761eff1a1dSAmir Goldstein err = ovl_check_origin(ofs, upperdentry, &stack, &ctr); 777a9d01957SAmir Goldstein if (err) 7785455f92bSVivek Goyal goto out_put_upper; 779a9d01957SAmir Goldstein } 78002b69b28SMiklos Szeredi 78102b69b28SMiklos Szeredi if (d.redirect) { 7820ce5cdc9SDan Carpenter err = -ENOMEM; 78302b69b28SMiklos Szeredi upperredirect = kstrdup(d.redirect, GFP_KERNEL); 78402b69b28SMiklos Szeredi if (!upperredirect) 78502b69b28SMiklos Szeredi goto out_put_upper; 78602b69b28SMiklos Szeredi if (d.redirect[0] == '/') 787c22205d0SAmir Goldstein poe = roe; 78802b69b28SMiklos Szeredi } 789e28edc46SMiklos Szeredi upperopaque = d.opaque; 790bbb1e54dSMiklos Szeredi } 791bbb1e54dSMiklos Szeredi 792e28edc46SMiklos Szeredi if (!d.stop && poe->numlower) { 793bbb1e54dSMiklos Szeredi err = -ENOMEM; 794b9343632SChandan Rajendra stack = kcalloc(ofs->numlower, sizeof(struct ovl_path), 7950ee931c4SMichal Hocko GFP_KERNEL); 796bbb1e54dSMiklos Szeredi if (!stack) 797bbb1e54dSMiklos Szeredi goto out_put_upper; 798bbb1e54dSMiklos Szeredi } 799bbb1e54dSMiklos Szeredi 800e28edc46SMiklos Szeredi for (i = 0; !d.stop && i < poe->numlower; i++) { 801b9343632SChandan Rajendra struct ovl_path lower = poe->lowerstack[i]; 802bbb1e54dSMiklos Szeredi 803e28edc46SMiklos Szeredi d.last = i == poe->numlower - 1; 804b9343632SChandan Rajendra err = ovl_lookup_layer(lower.dentry, &d, &this); 805e28edc46SMiklos Szeredi if (err) 806bbb1e54dSMiklos Szeredi goto out_put; 8076b2d5fe4SMiklos Szeredi 808bbb1e54dSMiklos Szeredi if (!this) 809bbb1e54dSMiklos Szeredi continue; 810bbb1e54dSMiklos Szeredi 8119678e630SAmir Goldstein /* 8129678e630SAmir Goldstein * If no origin fh is stored in upper of a merge dir, store fh 8139678e630SAmir Goldstein * of lower dir and set upper parent "impure". 8149678e630SAmir Goldstein */ 8159678e630SAmir Goldstein if (upperdentry && !ctr && !ofs->noxattr) { 8169678e630SAmir Goldstein err = ovl_fix_origin(dentry, this, upperdentry); 8179678e630SAmir Goldstein if (err) { 8189678e630SAmir Goldstein dput(this); 8199678e630SAmir Goldstein goto out_put; 8209678e630SAmir Goldstein } 8219678e630SAmir Goldstein } 8229678e630SAmir Goldstein 82337b12916SAmir Goldstein /* 82437b12916SAmir Goldstein * When "verify_lower" feature is enabled, do not merge with a 825ad1d615cSAmir Goldstein * lower dir that does not match a stored origin xattr. In any 826ad1d615cSAmir Goldstein * case, only verified origin is used for index lookup. 82737b12916SAmir Goldstein */ 82837b12916SAmir Goldstein if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) { 82937b12916SAmir Goldstein err = ovl_verify_origin(upperdentry, this, false); 83037b12916SAmir Goldstein if (err) { 83137b12916SAmir Goldstein dput(this); 83237b12916SAmir Goldstein break; 83337b12916SAmir Goldstein } 834ad1d615cSAmir Goldstein 835ad1d615cSAmir Goldstein /* Bless lower dir as verified origin */ 836ad1d615cSAmir Goldstein origin = this; 83737b12916SAmir Goldstein } 83837b12916SAmir Goldstein 839bbb1e54dSMiklos Szeredi stack[ctr].dentry = this; 840b9343632SChandan Rajendra stack[ctr].layer = lower.layer; 841bbb1e54dSMiklos Szeredi ctr++; 84202b69b28SMiklos Szeredi 84302b69b28SMiklos Szeredi if (d.stop) 84402b69b28SMiklos Szeredi break; 84502b69b28SMiklos Szeredi 846438c84c2SMiklos Szeredi /* 847438c84c2SMiklos Szeredi * Following redirects can have security consequences: it's like 848438c84c2SMiklos Szeredi * a symlink into the lower layer without the permission checks. 849438c84c2SMiklos Szeredi * This is only a problem if the upper layer is untrusted (e.g 850438c84c2SMiklos Szeredi * comes from an USB drive). This can allow a non-readable file 851438c84c2SMiklos Szeredi * or directory to become readable. 852438c84c2SMiklos Szeredi * 853438c84c2SMiklos Szeredi * Only following redirects when redirects are enabled disables 854438c84c2SMiklos Szeredi * this attack vector when not necessary. 855438c84c2SMiklos Szeredi */ 856438c84c2SMiklos Szeredi err = -EPERM; 857438c84c2SMiklos Szeredi if (d.redirect && !ofs->config.redirect_follow) { 858f8167817SAmir Goldstein pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n", 859f8167817SAmir Goldstein dentry); 860438c84c2SMiklos Szeredi goto out_put; 861438c84c2SMiklos Szeredi } 862438c84c2SMiklos Szeredi 863c22205d0SAmir Goldstein if (d.redirect && d.redirect[0] == '/' && poe != roe) { 864c22205d0SAmir Goldstein poe = roe; 86502b69b28SMiklos Szeredi /* Find the current layer on the root dentry */ 866d583ed7dSAmir Goldstein i = lower.layer->idx - 1; 86702b69b28SMiklos Szeredi } 868bbb1e54dSMiklos Szeredi } 869bbb1e54dSMiklos Szeredi 870ad1d615cSAmir Goldstein /* 871ad1d615cSAmir Goldstein * Lookup index by lower inode and verify it matches upper inode. 872ad1d615cSAmir Goldstein * We only trust dir index if we verified that lower dir matches 873ad1d615cSAmir Goldstein * origin, otherwise dir index entries may be inconsistent and we 874ad1d615cSAmir Goldstein * ignore them. Always lookup index of non-dir and non-upper. 875ad1d615cSAmir Goldstein */ 876ad1d615cSAmir Goldstein if (ctr && (!upperdentry || !d.is_dir)) 877ad1d615cSAmir Goldstein origin = stack[0].dentry; 878359f392cSAmir Goldstein 879ad1d615cSAmir Goldstein if (origin && ovl_indexdir(dentry->d_sb) && 880ad1d615cSAmir Goldstein (!d.is_dir || ovl_index_all(dentry->d_sb))) { 881359f392cSAmir Goldstein index = ovl_lookup_index(dentry, upperdentry, origin); 882359f392cSAmir Goldstein if (IS_ERR(index)) { 883359f392cSAmir Goldstein err = PTR_ERR(index); 884359f392cSAmir Goldstein index = NULL; 885359f392cSAmir Goldstein goto out_put; 886359f392cSAmir Goldstein } 887359f392cSAmir Goldstein } 888359f392cSAmir Goldstein 889bbb1e54dSMiklos Szeredi oe = ovl_alloc_entry(ctr); 890bbb1e54dSMiklos Szeredi err = -ENOMEM; 891bbb1e54dSMiklos Szeredi if (!oe) 892bbb1e54dSMiklos Szeredi goto out_put; 893bbb1e54dSMiklos Szeredi 894bbb1e54dSMiklos Szeredi oe->opaque = upperopaque; 895b9343632SChandan Rajendra memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr); 896e6d2ebddSMiklos Szeredi dentry->d_fsdata = oe; 897e6d2ebddSMiklos Szeredi 89855acc661SMiklos Szeredi if (upperdentry) 89955acc661SMiklos Szeredi ovl_dentry_set_upper_alias(dentry); 90055acc661SMiklos Szeredi else if (index) 901359f392cSAmir Goldstein upperdentry = dget(index); 902359f392cSAmir Goldstein 903e6d2ebddSMiklos Szeredi if (upperdentry || ctr) { 9046eaf0111SAmir Goldstein inode = ovl_get_inode(dentry, upperdentry, index); 905b9ac5c27SMiklos Szeredi err = PTR_ERR(inode); 906b9ac5c27SMiklos Szeredi if (IS_ERR(inode)) 907e6d2ebddSMiklos Szeredi goto out_free_oe; 908cf31c463SMiklos Szeredi 909cf31c463SMiklos Szeredi OVL_I(inode)->redirect = upperredirect; 910359f392cSAmir Goldstein if (index) 911359f392cSAmir Goldstein ovl_set_flag(OVL_INDEX, inode); 912e6d2ebddSMiklos Szeredi } 913e6d2ebddSMiklos Szeredi 914e6d2ebddSMiklos Szeredi revert_creds(old_cred); 915359f392cSAmir Goldstein dput(index); 916bbb1e54dSMiklos Szeredi kfree(stack); 91702b69b28SMiklos Szeredi kfree(d.redirect); 918bbb1e54dSMiklos Szeredi d_add(dentry, inode); 919bbb1e54dSMiklos Szeredi 920bbb1e54dSMiklos Szeredi return NULL; 921bbb1e54dSMiklos Szeredi 922bbb1e54dSMiklos Szeredi out_free_oe: 923e6d2ebddSMiklos Szeredi dentry->d_fsdata = NULL; 924bbb1e54dSMiklos Szeredi kfree(oe); 925bbb1e54dSMiklos Szeredi out_put: 926359f392cSAmir Goldstein dput(index); 927bbb1e54dSMiklos Szeredi for (i = 0; i < ctr; i++) 928bbb1e54dSMiklos Szeredi dput(stack[i].dentry); 929bbb1e54dSMiklos Szeredi kfree(stack); 930bbb1e54dSMiklos Szeredi out_put_upper: 931bbb1e54dSMiklos Szeredi dput(upperdentry); 93202b69b28SMiklos Szeredi kfree(upperredirect); 933bbb1e54dSMiklos Szeredi out: 93402b69b28SMiklos Szeredi kfree(d.redirect); 935bbb1e54dSMiklos Szeredi revert_creds(old_cred); 936bbb1e54dSMiklos Szeredi return ERR_PTR(err); 937bbb1e54dSMiklos Szeredi } 938bbb1e54dSMiklos Szeredi 939bbb1e54dSMiklos Szeredi bool ovl_lower_positive(struct dentry *dentry) 940bbb1e54dSMiklos Szeredi { 941bbb1e54dSMiklos Szeredi struct ovl_entry *oe = dentry->d_fsdata; 942bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 943bbb1e54dSMiklos Szeredi const struct qstr *name = &dentry->d_name; 9446d0a8a90SAmir Goldstein const struct cred *old_cred; 945bbb1e54dSMiklos Szeredi unsigned int i; 946bbb1e54dSMiklos Szeredi bool positive = false; 947bbb1e54dSMiklos Szeredi bool done = false; 948bbb1e54dSMiklos Szeredi 949bbb1e54dSMiklos Szeredi /* 950bbb1e54dSMiklos Szeredi * If dentry is negative, then lower is positive iff this is a 951bbb1e54dSMiklos Szeredi * whiteout. 952bbb1e54dSMiklos Szeredi */ 953bbb1e54dSMiklos Szeredi if (!dentry->d_inode) 954bbb1e54dSMiklos Szeredi return oe->opaque; 955bbb1e54dSMiklos Szeredi 956bbb1e54dSMiklos Szeredi /* Negative upper -> positive lower */ 95709d8b586SMiklos Szeredi if (!ovl_dentry_upper(dentry)) 958bbb1e54dSMiklos Szeredi return true; 959bbb1e54dSMiklos Szeredi 9606d0a8a90SAmir Goldstein old_cred = ovl_override_creds(dentry->d_sb); 961bbb1e54dSMiklos Szeredi /* Positive upper -> have to look up lower to see whether it exists */ 962bbb1e54dSMiklos Szeredi for (i = 0; !done && !positive && i < poe->numlower; i++) { 963bbb1e54dSMiklos Szeredi struct dentry *this; 964bbb1e54dSMiklos Szeredi struct dentry *lowerdir = poe->lowerstack[i].dentry; 965bbb1e54dSMiklos Szeredi 966bbb1e54dSMiklos Szeredi this = lookup_one_len_unlocked(name->name, lowerdir, 967bbb1e54dSMiklos Szeredi name->len); 968bbb1e54dSMiklos Szeredi if (IS_ERR(this)) { 969bbb1e54dSMiklos Szeredi switch (PTR_ERR(this)) { 970bbb1e54dSMiklos Szeredi case -ENOENT: 971bbb1e54dSMiklos Szeredi case -ENAMETOOLONG: 972bbb1e54dSMiklos Szeredi break; 973bbb1e54dSMiklos Szeredi 974bbb1e54dSMiklos Szeredi default: 975bbb1e54dSMiklos Szeredi /* 976bbb1e54dSMiklos Szeredi * Assume something is there, we just couldn't 977bbb1e54dSMiklos Szeredi * access it. 978bbb1e54dSMiklos Szeredi */ 979bbb1e54dSMiklos Szeredi positive = true; 980bbb1e54dSMiklos Szeredi break; 981bbb1e54dSMiklos Szeredi } 982bbb1e54dSMiklos Szeredi } else { 983bbb1e54dSMiklos Szeredi if (this->d_inode) { 984bbb1e54dSMiklos Szeredi positive = !ovl_is_whiteout(this); 985bbb1e54dSMiklos Szeredi done = true; 986bbb1e54dSMiklos Szeredi } 987bbb1e54dSMiklos Szeredi dput(this); 988bbb1e54dSMiklos Szeredi } 989bbb1e54dSMiklos Szeredi } 9906d0a8a90SAmir Goldstein revert_creds(old_cred); 991bbb1e54dSMiklos Szeredi 992bbb1e54dSMiklos Szeredi return positive; 993bbb1e54dSMiklos Szeredi } 994