1 /* 2 * Copyright (C) 2011 Novell Inc. 3 * Copyright (C) 2016 Red Hat, Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/cred.h> 12 #include <linux/namei.h> 13 #include <linux/xattr.h> 14 #include <linux/ratelimit.h> 15 #include <linux/mount.h> 16 #include <linux/exportfs.h> 17 #include "overlayfs.h" 18 #include "ovl_entry.h" 19 20 struct ovl_lookup_data { 21 struct qstr name; 22 bool is_dir; 23 bool opaque; 24 bool stop; 25 bool last; 26 char *redirect; 27 }; 28 29 static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, 30 size_t prelen, const char *post) 31 { 32 int res; 33 char *s, *next, *buf = NULL; 34 35 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); 36 if (res < 0) { 37 if (res == -ENODATA || res == -EOPNOTSUPP) 38 return 0; 39 goto fail; 40 } 41 buf = kzalloc(prelen + res + strlen(post) + 1, GFP_TEMPORARY); 42 if (!buf) 43 return -ENOMEM; 44 45 if (res == 0) 46 goto invalid; 47 48 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); 49 if (res < 0) 50 goto fail; 51 if (res == 0) 52 goto invalid; 53 if (buf[0] == '/') { 54 for (s = buf; *s++ == '/'; s = next) { 55 next = strchrnul(s, '/'); 56 if (s == next) 57 goto invalid; 58 } 59 } else { 60 if (strchr(buf, '/') != NULL) 61 goto invalid; 62 63 memmove(buf + prelen, buf, res); 64 memcpy(buf, d->name.name, prelen); 65 } 66 67 strcat(buf, post); 68 kfree(d->redirect); 69 d->redirect = buf; 70 d->name.name = d->redirect; 71 d->name.len = strlen(d->redirect); 72 73 return 0; 74 75 err_free: 76 kfree(buf); 77 return 0; 78 fail: 79 pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); 80 goto err_free; 81 invalid: 82 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); 83 goto err_free; 84 } 85 86 static int ovl_acceptable(void *ctx, struct dentry *dentry) 87 { 88 return 1; 89 } 90 91 static struct dentry *ovl_get_origin(struct dentry *dentry, 92 struct vfsmount *mnt) 93 { 94 int res; 95 struct ovl_fh *fh = NULL; 96 struct dentry *origin = NULL; 97 int bytes; 98 99 res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0); 100 if (res < 0) { 101 if (res == -ENODATA || res == -EOPNOTSUPP) 102 return NULL; 103 goto fail; 104 } 105 /* Zero size value means "copied up but origin unknown" */ 106 if (res == 0) 107 return NULL; 108 109 fh = kzalloc(res, GFP_TEMPORARY); 110 if (!fh) 111 return ERR_PTR(-ENOMEM); 112 113 res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, fh, res); 114 if (res < 0) 115 goto fail; 116 117 if (res < sizeof(struct ovl_fh) || res < fh->len) 118 goto invalid; 119 120 if (fh->magic != OVL_FH_MAGIC) 121 goto invalid; 122 123 /* Treat larger version and unknown flags as "origin unknown" */ 124 if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) 125 goto out; 126 127 /* Treat endianness mismatch as "origin unknown" */ 128 if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && 129 (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 130 goto out; 131 132 bytes = (fh->len - offsetof(struct ovl_fh, fid)); 133 134 /* 135 * Make sure that the stored uuid matches the uuid of the lower 136 * layer where file handle will be decoded. 137 */ 138 if (uuid_be_cmp(fh->uuid, *(uuid_be *) &mnt->mnt_sb->s_uuid)) 139 goto out; 140 141 origin = exportfs_decode_fh(mnt, (struct fid *)fh->fid, 142 bytes >> 2, (int)fh->type, 143 ovl_acceptable, NULL); 144 if (IS_ERR(origin)) { 145 /* Treat stale file handle as "origin unknown" */ 146 if (origin == ERR_PTR(-ESTALE)) 147 origin = NULL; 148 goto out; 149 } 150 151 if (ovl_dentry_weird(origin) || 152 ((d_inode(origin)->i_mode ^ d_inode(dentry)->i_mode) & S_IFMT)) { 153 dput(origin); 154 origin = NULL; 155 goto invalid; 156 } 157 158 out: 159 kfree(fh); 160 return origin; 161 162 fail: 163 pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); 164 goto out; 165 invalid: 166 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); 167 goto out; 168 } 169 170 static bool ovl_is_opaquedir(struct dentry *dentry) 171 { 172 int res; 173 char val; 174 175 if (!d_is_dir(dentry)) 176 return false; 177 178 res = vfs_getxattr(dentry, OVL_XATTR_OPAQUE, &val, 1); 179 if (res == 1 && val == 'y') 180 return true; 181 182 return false; 183 } 184 185 static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 186 const char *name, unsigned int namelen, 187 size_t prelen, const char *post, 188 struct dentry **ret) 189 { 190 struct dentry *this; 191 int err; 192 193 this = lookup_one_len_unlocked(name, base, namelen); 194 if (IS_ERR(this)) { 195 err = PTR_ERR(this); 196 this = NULL; 197 if (err == -ENOENT || err == -ENAMETOOLONG) 198 goto out; 199 goto out_err; 200 } 201 if (!this->d_inode) 202 goto put_and_out; 203 204 if (ovl_dentry_weird(this)) { 205 /* Don't support traversing automounts and other weirdness */ 206 err = -EREMOTE; 207 goto out_err; 208 } 209 if (ovl_is_whiteout(this)) { 210 d->stop = d->opaque = true; 211 goto put_and_out; 212 } 213 if (!d_can_lookup(this)) { 214 d->stop = true; 215 if (d->is_dir) 216 goto put_and_out; 217 goto out; 218 } 219 d->is_dir = true; 220 if (!d->last && ovl_is_opaquedir(this)) { 221 d->stop = d->opaque = true; 222 goto out; 223 } 224 err = ovl_check_redirect(this, d, prelen, post); 225 if (err) 226 goto out_err; 227 out: 228 *ret = this; 229 return 0; 230 231 put_and_out: 232 dput(this); 233 this = NULL; 234 goto out; 235 236 out_err: 237 dput(this); 238 return err; 239 } 240 241 static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 242 struct dentry **ret) 243 { 244 /* Counting down from the end, since the prefix can change */ 245 size_t rem = d->name.len - 1; 246 struct dentry *dentry = NULL; 247 int err; 248 249 if (d->name.name[0] != '/') 250 return ovl_lookup_single(base, d, d->name.name, d->name.len, 251 0, "", ret); 252 253 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 254 const char *s = d->name.name + d->name.len - rem; 255 const char *next = strchrnul(s, '/'); 256 size_t thislen = next - s; 257 bool end = !next[0]; 258 259 /* Verify we did not go off the rails */ 260 if (WARN_ON(s[-1] != '/')) 261 return -EIO; 262 263 err = ovl_lookup_single(base, d, s, thislen, 264 d->name.len - rem, next, &base); 265 dput(dentry); 266 if (err) 267 return err; 268 dentry = base; 269 if (end) 270 break; 271 272 rem -= thislen + 1; 273 274 if (WARN_ON(rem >= d->name.len)) 275 return -EIO; 276 } 277 *ret = dentry; 278 return 0; 279 } 280 281 282 static int ovl_check_origin(struct dentry *dentry, struct dentry *upperdentry, 283 struct path **stackp, unsigned int *ctrp) 284 { 285 struct super_block *same_sb = ovl_same_sb(dentry->d_sb); 286 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 287 struct vfsmount *mnt; 288 struct dentry *origin; 289 290 if (!same_sb || !roe->numlower) 291 return 0; 292 293 /* 294 * Since all layers are on the same fs, we use the first layer for 295 * decoding the file handle. We may get a disconnected dentry, 296 * which is fine, because we only need to hold the origin inode in 297 * cache and use its inode number. We may even get a connected dentry, 298 * that is not under the first layer's root. That is also fine for 299 * using it's inode number - it's the same as if we held a reference 300 * to a dentry in first layer that was moved under us. 301 */ 302 mnt = roe->lowerstack[0].mnt; 303 304 origin = ovl_get_origin(upperdentry, mnt); 305 if (IS_ERR_OR_NULL(origin)) 306 return PTR_ERR(origin); 307 308 BUG_ON(*stackp || *ctrp); 309 *stackp = kmalloc(sizeof(struct path), GFP_TEMPORARY); 310 if (!*stackp) { 311 dput(origin); 312 return -ENOMEM; 313 } 314 **stackp = (struct path) { .dentry = origin, .mnt = mnt }; 315 *ctrp = 1; 316 317 return 0; 318 } 319 320 /* 321 * Returns next layer in stack starting from top. 322 * Returns -1 if this is the last layer. 323 */ 324 int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 325 { 326 struct ovl_entry *oe = dentry->d_fsdata; 327 328 BUG_ON(idx < 0); 329 if (idx == 0) { 330 ovl_path_upper(dentry, path); 331 if (path->dentry) 332 return oe->numlower ? 1 : -1; 333 idx++; 334 } 335 BUG_ON(idx > oe->numlower); 336 *path = oe->lowerstack[idx - 1]; 337 338 return (idx < oe->numlower) ? idx + 1 : -1; 339 } 340 341 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 342 unsigned int flags) 343 { 344 struct ovl_entry *oe; 345 const struct cred *old_cred; 346 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 347 struct ovl_entry *poe = dentry->d_parent->d_fsdata; 348 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 349 struct path *stack = NULL; 350 struct dentry *upperdir, *upperdentry = NULL; 351 unsigned int ctr = 0; 352 struct inode *inode = NULL; 353 bool upperopaque = false; 354 char *upperredirect = NULL; 355 struct dentry *this; 356 unsigned int i; 357 int err; 358 struct ovl_lookup_data d = { 359 .name = dentry->d_name, 360 .is_dir = false, 361 .opaque = false, 362 .stop = false, 363 .last = !poe->numlower, 364 .redirect = NULL, 365 }; 366 367 if (dentry->d_name.len > ofs->namelen) 368 return ERR_PTR(-ENAMETOOLONG); 369 370 old_cred = ovl_override_creds(dentry->d_sb); 371 upperdir = ovl_upperdentry_dereference(poe); 372 if (upperdir) { 373 err = ovl_lookup_layer(upperdir, &d, &upperdentry); 374 if (err) 375 goto out; 376 377 if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { 378 dput(upperdentry); 379 err = -EREMOTE; 380 goto out; 381 } 382 if (upperdentry && !d.is_dir) { 383 BUG_ON(!d.stop || d.redirect); 384 err = ovl_check_origin(dentry, upperdentry, 385 &stack, &ctr); 386 if (err) 387 goto out; 388 } 389 390 if (d.redirect) { 391 upperredirect = kstrdup(d.redirect, GFP_KERNEL); 392 if (!upperredirect) 393 goto out_put_upper; 394 if (d.redirect[0] == '/') 395 poe = roe; 396 } 397 upperopaque = d.opaque; 398 } 399 400 if (!d.stop && poe->numlower) { 401 err = -ENOMEM; 402 stack = kcalloc(ofs->numlower, sizeof(struct path), 403 GFP_TEMPORARY); 404 if (!stack) 405 goto out_put_upper; 406 } 407 408 for (i = 0; !d.stop && i < poe->numlower; i++) { 409 struct path lowerpath = poe->lowerstack[i]; 410 411 d.last = i == poe->numlower - 1; 412 err = ovl_lookup_layer(lowerpath.dentry, &d, &this); 413 if (err) 414 goto out_put; 415 416 if (!this) 417 continue; 418 419 stack[ctr].dentry = this; 420 stack[ctr].mnt = lowerpath.mnt; 421 ctr++; 422 423 if (d.stop) 424 break; 425 426 if (d.redirect && d.redirect[0] == '/' && poe != roe) { 427 poe = roe; 428 429 /* Find the current layer on the root dentry */ 430 for (i = 0; i < poe->numlower; i++) 431 if (poe->lowerstack[i].mnt == lowerpath.mnt) 432 break; 433 if (WARN_ON(i == poe->numlower)) 434 break; 435 } 436 } 437 438 oe = ovl_alloc_entry(ctr); 439 err = -ENOMEM; 440 if (!oe) 441 goto out_put; 442 443 if (upperdentry || ctr) { 444 struct dentry *realdentry; 445 struct inode *realinode; 446 447 realdentry = upperdentry ? upperdentry : stack[0].dentry; 448 realinode = d_inode(realdentry); 449 450 err = -ENOMEM; 451 if (upperdentry && !d_is_dir(upperdentry)) { 452 inode = ovl_get_inode(dentry->d_sb, realinode); 453 } else { 454 inode = ovl_new_inode(dentry->d_sb, realinode->i_mode, 455 realinode->i_rdev); 456 if (inode) 457 ovl_inode_init(inode, realinode, !!upperdentry); 458 } 459 if (!inode) 460 goto out_free_oe; 461 ovl_copyattr(realdentry->d_inode, inode); 462 } 463 464 revert_creds(old_cred); 465 oe->opaque = upperopaque; 466 oe->redirect = upperredirect; 467 oe->__upperdentry = upperdentry; 468 memcpy(oe->lowerstack, stack, sizeof(struct path) * ctr); 469 kfree(stack); 470 kfree(d.redirect); 471 dentry->d_fsdata = oe; 472 d_add(dentry, inode); 473 474 return NULL; 475 476 out_free_oe: 477 kfree(oe); 478 out_put: 479 for (i = 0; i < ctr; i++) 480 dput(stack[i].dentry); 481 kfree(stack); 482 out_put_upper: 483 dput(upperdentry); 484 kfree(upperredirect); 485 out: 486 kfree(d.redirect); 487 revert_creds(old_cred); 488 return ERR_PTR(err); 489 } 490 491 bool ovl_lower_positive(struct dentry *dentry) 492 { 493 struct ovl_entry *oe = dentry->d_fsdata; 494 struct ovl_entry *poe = dentry->d_parent->d_fsdata; 495 const struct qstr *name = &dentry->d_name; 496 unsigned int i; 497 bool positive = false; 498 bool done = false; 499 500 /* 501 * If dentry is negative, then lower is positive iff this is a 502 * whiteout. 503 */ 504 if (!dentry->d_inode) 505 return oe->opaque; 506 507 /* Negative upper -> positive lower */ 508 if (!oe->__upperdentry) 509 return true; 510 511 /* Positive upper -> have to look up lower to see whether it exists */ 512 for (i = 0; !done && !positive && i < poe->numlower; i++) { 513 struct dentry *this; 514 struct dentry *lowerdir = poe->lowerstack[i].dentry; 515 516 this = lookup_one_len_unlocked(name->name, lowerdir, 517 name->len); 518 if (IS_ERR(this)) { 519 switch (PTR_ERR(this)) { 520 case -ENOENT: 521 case -ENAMETOOLONG: 522 break; 523 524 default: 525 /* 526 * Assume something is there, we just couldn't 527 * access it. 528 */ 529 positive = true; 530 break; 531 } 532 } else { 533 if (this->d_inode) { 534 positive = !ovl_is_whiteout(this); 535 done = true; 536 } 537 dput(this); 538 } 539 } 540 541 return positive; 542 } 543