1 /* 2 * Copyright (C) 2011 Novell Inc. 3 * Copyright (C) 2016 Red Hat, Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/cred.h> 12 #include <linux/namei.h> 13 #include <linux/xattr.h> 14 #include <linux/ratelimit.h> 15 #include <linux/mount.h> 16 #include <linux/exportfs.h> 17 #include "overlayfs.h" 18 #include "ovl_entry.h" 19 20 struct ovl_lookup_data { 21 struct qstr name; 22 bool is_dir; 23 bool opaque; 24 bool stop; 25 bool last; 26 char *redirect; 27 }; 28 29 static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, 30 size_t prelen, const char *post) 31 { 32 int res; 33 char *s, *next, *buf = NULL; 34 35 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); 36 if (res < 0) { 37 if (res == -ENODATA || res == -EOPNOTSUPP) 38 return 0; 39 goto fail; 40 } 41 buf = kzalloc(prelen + res + strlen(post) + 1, GFP_TEMPORARY); 42 if (!buf) 43 return -ENOMEM; 44 45 if (res == 0) 46 goto invalid; 47 48 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); 49 if (res < 0) 50 goto fail; 51 if (res == 0) 52 goto invalid; 53 if (buf[0] == '/') { 54 for (s = buf; *s++ == '/'; s = next) { 55 next = strchrnul(s, '/'); 56 if (s == next) 57 goto invalid; 58 } 59 } else { 60 if (strchr(buf, '/') != NULL) 61 goto invalid; 62 63 memmove(buf + prelen, buf, res); 64 memcpy(buf, d->name.name, prelen); 65 } 66 67 strcat(buf, post); 68 kfree(d->redirect); 69 d->redirect = buf; 70 d->name.name = d->redirect; 71 d->name.len = strlen(d->redirect); 72 73 return 0; 74 75 err_free: 76 kfree(buf); 77 return 0; 78 fail: 79 pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); 80 goto err_free; 81 invalid: 82 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); 83 goto err_free; 84 } 85 86 static int ovl_acceptable(void *ctx, struct dentry *dentry) 87 { 88 return 1; 89 } 90 91 static struct dentry *ovl_get_origin(struct dentry *dentry, 92 struct vfsmount *mnt) 93 { 94 int res; 95 struct ovl_fh *fh = NULL; 96 struct dentry *origin = NULL; 97 int bytes; 98 99 res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0); 100 if (res < 0) { 101 if (res == -ENODATA || res == -EOPNOTSUPP) 102 return NULL; 103 goto fail; 104 } 105 /* Zero size value means "copied up but origin unknown" */ 106 if (res == 0) 107 return NULL; 108 109 fh = kzalloc(res, GFP_TEMPORARY); 110 if (!fh) 111 return ERR_PTR(-ENOMEM); 112 113 res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, fh, res); 114 if (res < 0) 115 goto fail; 116 117 if (res < sizeof(struct ovl_fh) || res < fh->len) 118 goto invalid; 119 120 if (fh->magic != OVL_FH_MAGIC) 121 goto invalid; 122 123 /* Treat larger version and unknown flags as "origin unknown" */ 124 if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) 125 goto out; 126 127 /* Treat endianness mismatch as "origin unknown" */ 128 if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && 129 (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 130 goto out; 131 132 bytes = (fh->len - offsetof(struct ovl_fh, fid)); 133 134 /* 135 * Make sure that the stored uuid matches the uuid of the lower 136 * layer where file handle will be decoded. 137 */ 138 if (uuid_be_cmp(fh->uuid, *(uuid_be *) &mnt->mnt_sb->s_uuid)) 139 goto out; 140 141 origin = exportfs_decode_fh(mnt, (struct fid *)fh->fid, 142 bytes >> 2, (int)fh->type, 143 ovl_acceptable, NULL); 144 if (IS_ERR(origin)) { 145 /* Treat stale file handle as "origin unknown" */ 146 if (origin == ERR_PTR(-ESTALE)) 147 origin = NULL; 148 goto out; 149 } 150 151 if (ovl_dentry_weird(origin) || 152 ((d_inode(origin)->i_mode ^ d_inode(dentry)->i_mode) & S_IFMT)) { 153 dput(origin); 154 origin = NULL; 155 goto invalid; 156 } 157 158 out: 159 kfree(fh); 160 return origin; 161 162 fail: 163 pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); 164 goto out; 165 invalid: 166 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); 167 goto out; 168 } 169 170 static bool ovl_is_opaquedir(struct dentry *dentry) 171 { 172 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE); 173 } 174 175 static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 176 const char *name, unsigned int namelen, 177 size_t prelen, const char *post, 178 struct dentry **ret) 179 { 180 struct dentry *this; 181 int err; 182 183 this = lookup_one_len_unlocked(name, base, namelen); 184 if (IS_ERR(this)) { 185 err = PTR_ERR(this); 186 this = NULL; 187 if (err == -ENOENT || err == -ENAMETOOLONG) 188 goto out; 189 goto out_err; 190 } 191 if (!this->d_inode) 192 goto put_and_out; 193 194 if (ovl_dentry_weird(this)) { 195 /* Don't support traversing automounts and other weirdness */ 196 err = -EREMOTE; 197 goto out_err; 198 } 199 if (ovl_is_whiteout(this)) { 200 d->stop = d->opaque = true; 201 goto put_and_out; 202 } 203 if (!d_can_lookup(this)) { 204 d->stop = true; 205 if (d->is_dir) 206 goto put_and_out; 207 goto out; 208 } 209 d->is_dir = true; 210 if (!d->last && ovl_is_opaquedir(this)) { 211 d->stop = d->opaque = true; 212 goto out; 213 } 214 err = ovl_check_redirect(this, d, prelen, post); 215 if (err) 216 goto out_err; 217 out: 218 *ret = this; 219 return 0; 220 221 put_and_out: 222 dput(this); 223 this = NULL; 224 goto out; 225 226 out_err: 227 dput(this); 228 return err; 229 } 230 231 static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 232 struct dentry **ret) 233 { 234 /* Counting down from the end, since the prefix can change */ 235 size_t rem = d->name.len - 1; 236 struct dentry *dentry = NULL; 237 int err; 238 239 if (d->name.name[0] != '/') 240 return ovl_lookup_single(base, d, d->name.name, d->name.len, 241 0, "", ret); 242 243 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 244 const char *s = d->name.name + d->name.len - rem; 245 const char *next = strchrnul(s, '/'); 246 size_t thislen = next - s; 247 bool end = !next[0]; 248 249 /* Verify we did not go off the rails */ 250 if (WARN_ON(s[-1] != '/')) 251 return -EIO; 252 253 err = ovl_lookup_single(base, d, s, thislen, 254 d->name.len - rem, next, &base); 255 dput(dentry); 256 if (err) 257 return err; 258 dentry = base; 259 if (end) 260 break; 261 262 rem -= thislen + 1; 263 264 if (WARN_ON(rem >= d->name.len)) 265 return -EIO; 266 } 267 *ret = dentry; 268 return 0; 269 } 270 271 272 static int ovl_check_origin(struct dentry *dentry, struct dentry *upperdentry, 273 struct path **stackp, unsigned int *ctrp) 274 { 275 struct super_block *same_sb = ovl_same_sb(dentry->d_sb); 276 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 277 struct vfsmount *mnt; 278 struct dentry *origin; 279 280 if (!same_sb || !roe->numlower) 281 return 0; 282 283 /* 284 * Since all layers are on the same fs, we use the first layer for 285 * decoding the file handle. We may get a disconnected dentry, 286 * which is fine, because we only need to hold the origin inode in 287 * cache and use its inode number. We may even get a connected dentry, 288 * that is not under the first layer's root. That is also fine for 289 * using it's inode number - it's the same as if we held a reference 290 * to a dentry in first layer that was moved under us. 291 */ 292 mnt = roe->lowerstack[0].mnt; 293 294 origin = ovl_get_origin(upperdentry, mnt); 295 if (IS_ERR_OR_NULL(origin)) 296 return PTR_ERR(origin); 297 298 BUG_ON(*stackp || *ctrp); 299 *stackp = kmalloc(sizeof(struct path), GFP_TEMPORARY); 300 if (!*stackp) { 301 dput(origin); 302 return -ENOMEM; 303 } 304 **stackp = (struct path) { .dentry = origin, .mnt = mnt }; 305 *ctrp = 1; 306 307 return 0; 308 } 309 310 /* 311 * Returns next layer in stack starting from top. 312 * Returns -1 if this is the last layer. 313 */ 314 int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 315 { 316 struct ovl_entry *oe = dentry->d_fsdata; 317 318 BUG_ON(idx < 0); 319 if (idx == 0) { 320 ovl_path_upper(dentry, path); 321 if (path->dentry) 322 return oe->numlower ? 1 : -1; 323 idx++; 324 } 325 BUG_ON(idx > oe->numlower); 326 *path = oe->lowerstack[idx - 1]; 327 328 return (idx < oe->numlower) ? idx + 1 : -1; 329 } 330 331 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 332 unsigned int flags) 333 { 334 struct ovl_entry *oe; 335 const struct cred *old_cred; 336 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 337 struct ovl_entry *poe = dentry->d_parent->d_fsdata; 338 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 339 struct path *stack = NULL; 340 struct dentry *upperdir, *upperdentry = NULL; 341 unsigned int ctr = 0; 342 struct inode *inode = NULL; 343 bool upperopaque = false; 344 bool upperimpure = false; 345 char *upperredirect = NULL; 346 struct dentry *this; 347 unsigned int i; 348 int err; 349 struct ovl_lookup_data d = { 350 .name = dentry->d_name, 351 .is_dir = false, 352 .opaque = false, 353 .stop = false, 354 .last = !poe->numlower, 355 .redirect = NULL, 356 }; 357 358 if (dentry->d_name.len > ofs->namelen) 359 return ERR_PTR(-ENAMETOOLONG); 360 361 old_cred = ovl_override_creds(dentry->d_sb); 362 upperdir = ovl_upperdentry_dereference(poe); 363 if (upperdir) { 364 err = ovl_lookup_layer(upperdir, &d, &upperdentry); 365 if (err) 366 goto out; 367 368 if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { 369 dput(upperdentry); 370 err = -EREMOTE; 371 goto out; 372 } 373 if (upperdentry && !d.is_dir) { 374 BUG_ON(!d.stop || d.redirect); 375 err = ovl_check_origin(dentry, upperdentry, 376 &stack, &ctr); 377 if (err) 378 goto out; 379 } 380 381 if (d.redirect) { 382 upperredirect = kstrdup(d.redirect, GFP_KERNEL); 383 if (!upperredirect) 384 goto out_put_upper; 385 if (d.redirect[0] == '/') 386 poe = roe; 387 } 388 upperopaque = d.opaque; 389 if (upperdentry && d.is_dir) 390 upperimpure = ovl_is_impuredir(upperdentry); 391 } 392 393 if (!d.stop && poe->numlower) { 394 err = -ENOMEM; 395 stack = kcalloc(ofs->numlower, sizeof(struct path), 396 GFP_TEMPORARY); 397 if (!stack) 398 goto out_put_upper; 399 } 400 401 for (i = 0; !d.stop && i < poe->numlower; i++) { 402 struct path lowerpath = poe->lowerstack[i]; 403 404 d.last = i == poe->numlower - 1; 405 err = ovl_lookup_layer(lowerpath.dentry, &d, &this); 406 if (err) 407 goto out_put; 408 409 if (!this) 410 continue; 411 412 stack[ctr].dentry = this; 413 stack[ctr].mnt = lowerpath.mnt; 414 ctr++; 415 416 if (d.stop) 417 break; 418 419 if (d.redirect && d.redirect[0] == '/' && poe != roe) { 420 poe = roe; 421 422 /* Find the current layer on the root dentry */ 423 for (i = 0; i < poe->numlower; i++) 424 if (poe->lowerstack[i].mnt == lowerpath.mnt) 425 break; 426 if (WARN_ON(i == poe->numlower)) 427 break; 428 } 429 } 430 431 oe = ovl_alloc_entry(ctr); 432 err = -ENOMEM; 433 if (!oe) 434 goto out_put; 435 436 if (upperdentry || ctr) { 437 struct dentry *realdentry; 438 struct inode *realinode; 439 440 realdentry = upperdentry ? upperdentry : stack[0].dentry; 441 realinode = d_inode(realdentry); 442 443 err = -ENOMEM; 444 if (upperdentry && !d_is_dir(upperdentry)) { 445 inode = ovl_get_inode(dentry->d_sb, realinode); 446 } else { 447 inode = ovl_new_inode(dentry->d_sb, realinode->i_mode, 448 realinode->i_rdev); 449 if (inode) 450 ovl_inode_init(inode, realinode, !!upperdentry); 451 } 452 if (!inode) 453 goto out_free_oe; 454 ovl_copyattr(realdentry->d_inode, inode); 455 } 456 457 revert_creds(old_cred); 458 oe->opaque = upperopaque; 459 oe->impure = upperimpure; 460 oe->redirect = upperredirect; 461 oe->__upperdentry = upperdentry; 462 memcpy(oe->lowerstack, stack, sizeof(struct path) * ctr); 463 kfree(stack); 464 kfree(d.redirect); 465 dentry->d_fsdata = oe; 466 d_add(dentry, inode); 467 468 return NULL; 469 470 out_free_oe: 471 kfree(oe); 472 out_put: 473 for (i = 0; i < ctr; i++) 474 dput(stack[i].dentry); 475 kfree(stack); 476 out_put_upper: 477 dput(upperdentry); 478 kfree(upperredirect); 479 out: 480 kfree(d.redirect); 481 revert_creds(old_cred); 482 return ERR_PTR(err); 483 } 484 485 bool ovl_lower_positive(struct dentry *dentry) 486 { 487 struct ovl_entry *oe = dentry->d_fsdata; 488 struct ovl_entry *poe = dentry->d_parent->d_fsdata; 489 const struct qstr *name = &dentry->d_name; 490 unsigned int i; 491 bool positive = false; 492 bool done = false; 493 494 /* 495 * If dentry is negative, then lower is positive iff this is a 496 * whiteout. 497 */ 498 if (!dentry->d_inode) 499 return oe->opaque; 500 501 /* Negative upper -> positive lower */ 502 if (!oe->__upperdentry) 503 return true; 504 505 /* Positive upper -> have to look up lower to see whether it exists */ 506 for (i = 0; !done && !positive && i < poe->numlower; i++) { 507 struct dentry *this; 508 struct dentry *lowerdir = poe->lowerstack[i].dentry; 509 510 this = lookup_one_len_unlocked(name->name, lowerdir, 511 name->len); 512 if (IS_ERR(this)) { 513 switch (PTR_ERR(this)) { 514 case -ENOENT: 515 case -ENAMETOOLONG: 516 break; 517 518 default: 519 /* 520 * Assume something is there, we just couldn't 521 * access it. 522 */ 523 positive = true; 524 break; 525 } 526 } else { 527 if (this->d_inode) { 528 positive = !ovl_is_whiteout(this); 529 done = true; 530 } 531 dput(this); 532 } 533 } 534 535 return positive; 536 } 537