1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2011 Novell Inc. 4 * Copyright (C) 2016 Red Hat, Inc. 5 */ 6 7 #include <linux/fs.h> 8 #include <linux/mount.h> 9 #include <linux/slab.h> 10 #include <linux/cred.h> 11 #include <linux/xattr.h> 12 #include <linux/exportfs.h> 13 #include <linux/file.h> 14 #include <linux/fileattr.h> 15 #include <linux/uuid.h> 16 #include <linux/namei.h> 17 #include <linux/ratelimit.h> 18 #include "overlayfs.h" 19 ovl_want_write(struct dentry * dentry)20 int ovl_want_write(struct dentry *dentry) 21 { 22 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 23 return mnt_want_write(ovl_upper_mnt(ofs)); 24 } 25 ovl_drop_write(struct dentry * dentry)26 void ovl_drop_write(struct dentry *dentry) 27 { 28 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 29 mnt_drop_write(ovl_upper_mnt(ofs)); 30 } 31 ovl_workdir(struct dentry * dentry)32 struct dentry *ovl_workdir(struct dentry *dentry) 33 { 34 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 35 return ofs->workdir; 36 } 37 ovl_override_creds(struct super_block * sb)38 const struct cred *ovl_override_creds(struct super_block *sb) 39 { 40 struct ovl_fs *ofs = OVL_FS(sb); 41 42 return override_creds(ofs->creator_cred); 43 } 44 45 /* 46 * Check if underlying fs supports file handles and try to determine encoding 47 * type, in order to deduce maximum inode number used by fs. 48 * 49 * Return 0 if file handles are not supported. 50 * Return 1 (FILEID_INO32_GEN) if fs uses the default 32bit inode encoding. 51 * Return -1 if fs uses a non default encoding with unknown inode size. 52 */ ovl_can_decode_fh(struct super_block * sb)53 int ovl_can_decode_fh(struct super_block *sb) 54 { 55 if (!capable(CAP_DAC_READ_SEARCH)) 56 return 0; 57 58 if (!sb->s_export_op || !sb->s_export_op->fh_to_dentry) 59 return 0; 60 61 return sb->s_export_op->encode_fh ? -1 : FILEID_INO32_GEN; 62 } 63 ovl_indexdir(struct super_block * sb)64 struct dentry *ovl_indexdir(struct super_block *sb) 65 { 66 struct ovl_fs *ofs = OVL_FS(sb); 67 68 return ofs->indexdir; 69 } 70 71 /* Index all files on copy up. For now only enabled for NFS export */ ovl_index_all(struct super_block * sb)72 bool ovl_index_all(struct super_block *sb) 73 { 74 struct ovl_fs *ofs = OVL_FS(sb); 75 76 return ofs->config.nfs_export && ofs->config.index; 77 } 78 79 /* Verify lower origin on lookup. For now only enabled for NFS export */ ovl_verify_lower(struct super_block * sb)80 bool ovl_verify_lower(struct super_block *sb) 81 { 82 struct ovl_fs *ofs = OVL_FS(sb); 83 84 return ofs->config.nfs_export && ofs->config.index; 85 } 86 ovl_stack_alloc(unsigned int n)87 struct ovl_path *ovl_stack_alloc(unsigned int n) 88 { 89 return kcalloc(n, sizeof(struct ovl_path), GFP_KERNEL); 90 } 91 ovl_stack_cpy(struct ovl_path * dst,struct ovl_path * src,unsigned int n)92 void ovl_stack_cpy(struct ovl_path *dst, struct ovl_path *src, unsigned int n) 93 { 94 unsigned int i; 95 96 memcpy(dst, src, sizeof(struct ovl_path) * n); 97 for (i = 0; i < n; i++) 98 dget(src[i].dentry); 99 } 100 ovl_stack_put(struct ovl_path * stack,unsigned int n)101 void ovl_stack_put(struct ovl_path *stack, unsigned int n) 102 { 103 unsigned int i; 104 105 for (i = 0; stack && i < n; i++) 106 dput(stack[i].dentry); 107 } 108 ovl_stack_free(struct ovl_path * stack,unsigned int n)109 void ovl_stack_free(struct ovl_path *stack, unsigned int n) 110 { 111 ovl_stack_put(stack, n); 112 kfree(stack); 113 } 114 ovl_alloc_entry(unsigned int numlower)115 struct ovl_entry *ovl_alloc_entry(unsigned int numlower) 116 { 117 size_t size = offsetof(struct ovl_entry, __lowerstack[numlower]); 118 struct ovl_entry *oe = kzalloc(size, GFP_KERNEL); 119 120 if (oe) 121 oe->__numlower = numlower; 122 123 return oe; 124 } 125 ovl_free_entry(struct ovl_entry * oe)126 void ovl_free_entry(struct ovl_entry *oe) 127 { 128 ovl_stack_put(ovl_lowerstack(oe), ovl_numlower(oe)); 129 kfree(oe); 130 } 131 132 #define OVL_D_REVALIDATE (DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE) 133 ovl_dentry_remote(struct dentry * dentry)134 bool ovl_dentry_remote(struct dentry *dentry) 135 { 136 return dentry->d_flags & OVL_D_REVALIDATE; 137 } 138 ovl_dentry_update_reval(struct dentry * dentry,struct dentry * realdentry)139 void ovl_dentry_update_reval(struct dentry *dentry, struct dentry *realdentry) 140 { 141 if (!ovl_dentry_remote(realdentry)) 142 return; 143 144 spin_lock(&dentry->d_lock); 145 dentry->d_flags |= realdentry->d_flags & OVL_D_REVALIDATE; 146 spin_unlock(&dentry->d_lock); 147 } 148 ovl_dentry_init_reval(struct dentry * dentry,struct dentry * upperdentry,struct ovl_entry * oe)149 void ovl_dentry_init_reval(struct dentry *dentry, struct dentry *upperdentry, 150 struct ovl_entry *oe) 151 { 152 return ovl_dentry_init_flags(dentry, upperdentry, oe, OVL_D_REVALIDATE); 153 } 154 ovl_dentry_init_flags(struct dentry * dentry,struct dentry * upperdentry,struct ovl_entry * oe,unsigned int mask)155 void ovl_dentry_init_flags(struct dentry *dentry, struct dentry *upperdentry, 156 struct ovl_entry *oe, unsigned int mask) 157 { 158 struct ovl_path *lowerstack = ovl_lowerstack(oe); 159 unsigned int i, flags = 0; 160 161 if (upperdentry) 162 flags |= upperdentry->d_flags; 163 for (i = 0; i < ovl_numlower(oe) && lowerstack[i].dentry; i++) 164 flags |= lowerstack[i].dentry->d_flags; 165 166 spin_lock(&dentry->d_lock); 167 dentry->d_flags &= ~mask; 168 dentry->d_flags |= flags & mask; 169 spin_unlock(&dentry->d_lock); 170 } 171 ovl_dentry_weird(struct dentry * dentry)172 bool ovl_dentry_weird(struct dentry *dentry) 173 { 174 if (!d_can_lookup(dentry) && !d_is_file(dentry) && !d_is_symlink(dentry)) 175 return true; 176 177 return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT | 178 DCACHE_MANAGE_TRANSIT | 179 DCACHE_OP_HASH | 180 DCACHE_OP_COMPARE); 181 } 182 ovl_path_type(struct dentry * dentry)183 enum ovl_path_type ovl_path_type(struct dentry *dentry) 184 { 185 struct ovl_entry *oe = OVL_E(dentry); 186 enum ovl_path_type type = 0; 187 188 if (ovl_dentry_upper(dentry)) { 189 type = __OVL_PATH_UPPER; 190 191 /* 192 * Non-dir dentry can hold lower dentry of its copy up origin. 193 */ 194 if (ovl_numlower(oe)) { 195 if (ovl_test_flag(OVL_CONST_INO, d_inode(dentry))) 196 type |= __OVL_PATH_ORIGIN; 197 if (d_is_dir(dentry) || 198 !ovl_has_upperdata(d_inode(dentry))) 199 type |= __OVL_PATH_MERGE; 200 } 201 } else { 202 if (ovl_numlower(oe) > 1) 203 type |= __OVL_PATH_MERGE; 204 } 205 return type; 206 } 207 ovl_path_upper(struct dentry * dentry,struct path * path)208 void ovl_path_upper(struct dentry *dentry, struct path *path) 209 { 210 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 211 212 path->mnt = ovl_upper_mnt(ofs); 213 path->dentry = ovl_dentry_upper(dentry); 214 } 215 ovl_path_lower(struct dentry * dentry,struct path * path)216 void ovl_path_lower(struct dentry *dentry, struct path *path) 217 { 218 struct ovl_entry *oe = OVL_E(dentry); 219 struct ovl_path *lowerpath = ovl_lowerstack(oe); 220 221 if (ovl_numlower(oe)) { 222 path->mnt = lowerpath->layer->mnt; 223 path->dentry = lowerpath->dentry; 224 } else { 225 *path = (struct path) { }; 226 } 227 } 228 ovl_path_lowerdata(struct dentry * dentry,struct path * path)229 void ovl_path_lowerdata(struct dentry *dentry, struct path *path) 230 { 231 struct ovl_entry *oe = OVL_E(dentry); 232 struct ovl_path *lowerdata = ovl_lowerdata(oe); 233 struct dentry *lowerdata_dentry = ovl_lowerdata_dentry(oe); 234 235 if (lowerdata_dentry) { 236 path->dentry = lowerdata_dentry; 237 /* 238 * Pairs with smp_wmb() in ovl_dentry_set_lowerdata(). 239 * Make sure that if lowerdata->dentry is visible, then 240 * datapath->layer is visible as well. 241 */ 242 smp_rmb(); 243 path->mnt = READ_ONCE(lowerdata->layer)->mnt; 244 } else { 245 *path = (struct path) { }; 246 } 247 } 248 ovl_path_real(struct dentry * dentry,struct path * path)249 enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path) 250 { 251 enum ovl_path_type type = ovl_path_type(dentry); 252 253 if (!OVL_TYPE_UPPER(type)) 254 ovl_path_lower(dentry, path); 255 else 256 ovl_path_upper(dentry, path); 257 258 return type; 259 } 260 ovl_path_realdata(struct dentry * dentry,struct path * path)261 enum ovl_path_type ovl_path_realdata(struct dentry *dentry, struct path *path) 262 { 263 enum ovl_path_type type = ovl_path_type(dentry); 264 265 WARN_ON_ONCE(d_is_dir(dentry)); 266 267 if (!OVL_TYPE_UPPER(type) || OVL_TYPE_MERGE(type)) 268 ovl_path_lowerdata(dentry, path); 269 else 270 ovl_path_upper(dentry, path); 271 272 return type; 273 } 274 ovl_dentry_upper(struct dentry * dentry)275 struct dentry *ovl_dentry_upper(struct dentry *dentry) 276 { 277 return ovl_upperdentry_dereference(OVL_I(d_inode(dentry))); 278 } 279 ovl_dentry_lower(struct dentry * dentry)280 struct dentry *ovl_dentry_lower(struct dentry *dentry) 281 { 282 struct ovl_entry *oe = OVL_E(dentry); 283 284 return ovl_numlower(oe) ? ovl_lowerstack(oe)->dentry : NULL; 285 } 286 ovl_layer_lower(struct dentry * dentry)287 const struct ovl_layer *ovl_layer_lower(struct dentry *dentry) 288 { 289 struct ovl_entry *oe = OVL_E(dentry); 290 291 return ovl_numlower(oe) ? ovl_lowerstack(oe)->layer : NULL; 292 } 293 294 /* 295 * ovl_dentry_lower() could return either a data dentry or metacopy dentry 296 * depending on what is stored in lowerstack[0]. At times we need to find 297 * lower dentry which has data (and not metacopy dentry). This helper 298 * returns the lower data dentry. 299 */ ovl_dentry_lowerdata(struct dentry * dentry)300 struct dentry *ovl_dentry_lowerdata(struct dentry *dentry) 301 { 302 return ovl_lowerdata_dentry(OVL_E(dentry)); 303 } 304 ovl_dentry_set_lowerdata(struct dentry * dentry,struct ovl_path * datapath)305 int ovl_dentry_set_lowerdata(struct dentry *dentry, struct ovl_path *datapath) 306 { 307 struct ovl_entry *oe = OVL_E(dentry); 308 struct ovl_path *lowerdata = ovl_lowerdata(oe); 309 struct dentry *datadentry = datapath->dentry; 310 311 if (WARN_ON_ONCE(ovl_numlower(oe) <= 1)) 312 return -EIO; 313 314 WRITE_ONCE(lowerdata->layer, datapath->layer); 315 /* 316 * Pairs with smp_rmb() in ovl_path_lowerdata(). 317 * Make sure that if lowerdata->dentry is visible, then 318 * lowerdata->layer is visible as well. 319 */ 320 smp_wmb(); 321 WRITE_ONCE(lowerdata->dentry, dget(datadentry)); 322 323 ovl_dentry_update_reval(dentry, datadentry); 324 325 return 0; 326 } 327 ovl_dentry_real(struct dentry * dentry)328 struct dentry *ovl_dentry_real(struct dentry *dentry) 329 { 330 return ovl_dentry_upper(dentry) ?: ovl_dentry_lower(dentry); 331 } 332 ovl_i_dentry_upper(struct inode * inode)333 struct dentry *ovl_i_dentry_upper(struct inode *inode) 334 { 335 return ovl_upperdentry_dereference(OVL_I(inode)); 336 } 337 ovl_i_path_real(struct inode * inode,struct path * path)338 struct inode *ovl_i_path_real(struct inode *inode, struct path *path) 339 { 340 struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode)); 341 342 path->dentry = ovl_i_dentry_upper(inode); 343 if (!path->dentry) { 344 path->dentry = lowerpath->dentry; 345 path->mnt = lowerpath->layer->mnt; 346 } else { 347 path->mnt = ovl_upper_mnt(OVL_FS(inode->i_sb)); 348 } 349 350 return path->dentry ? d_inode_rcu(path->dentry) : NULL; 351 } 352 ovl_inode_upper(struct inode * inode)353 struct inode *ovl_inode_upper(struct inode *inode) 354 { 355 struct dentry *upperdentry = ovl_i_dentry_upper(inode); 356 357 return upperdentry ? d_inode(upperdentry) : NULL; 358 } 359 ovl_inode_lower(struct inode * inode)360 struct inode *ovl_inode_lower(struct inode *inode) 361 { 362 struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode)); 363 364 return lowerpath ? d_inode(lowerpath->dentry) : NULL; 365 } 366 ovl_inode_real(struct inode * inode)367 struct inode *ovl_inode_real(struct inode *inode) 368 { 369 return ovl_inode_upper(inode) ?: ovl_inode_lower(inode); 370 } 371 372 /* Return inode which contains lower data. Do not return metacopy */ ovl_inode_lowerdata(struct inode * inode)373 struct inode *ovl_inode_lowerdata(struct inode *inode) 374 { 375 struct dentry *lowerdata = ovl_lowerdata_dentry(OVL_I_E(inode)); 376 377 if (WARN_ON(!S_ISREG(inode->i_mode))) 378 return NULL; 379 380 return lowerdata ? d_inode(lowerdata) : NULL; 381 } 382 383 /* Return real inode which contains data. Does not return metacopy inode */ ovl_inode_realdata(struct inode * inode)384 struct inode *ovl_inode_realdata(struct inode *inode) 385 { 386 struct inode *upperinode; 387 388 upperinode = ovl_inode_upper(inode); 389 if (upperinode && ovl_has_upperdata(inode)) 390 return upperinode; 391 392 return ovl_inode_lowerdata(inode); 393 } 394 ovl_lowerdata_redirect(struct inode * inode)395 const char *ovl_lowerdata_redirect(struct inode *inode) 396 { 397 return inode && S_ISREG(inode->i_mode) ? 398 OVL_I(inode)->lowerdata_redirect : NULL; 399 } 400 ovl_dir_cache(struct inode * inode)401 struct ovl_dir_cache *ovl_dir_cache(struct inode *inode) 402 { 403 return inode && S_ISDIR(inode->i_mode) ? OVL_I(inode)->cache : NULL; 404 } 405 ovl_set_dir_cache(struct inode * inode,struct ovl_dir_cache * cache)406 void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache) 407 { 408 OVL_I(inode)->cache = cache; 409 } 410 ovl_dentry_set_flag(unsigned long flag,struct dentry * dentry)411 void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry) 412 { 413 set_bit(flag, OVL_E_FLAGS(dentry)); 414 } 415 ovl_dentry_clear_flag(unsigned long flag,struct dentry * dentry)416 void ovl_dentry_clear_flag(unsigned long flag, struct dentry *dentry) 417 { 418 clear_bit(flag, OVL_E_FLAGS(dentry)); 419 } 420 ovl_dentry_test_flag(unsigned long flag,struct dentry * dentry)421 bool ovl_dentry_test_flag(unsigned long flag, struct dentry *dentry) 422 { 423 return test_bit(flag, OVL_E_FLAGS(dentry)); 424 } 425 ovl_dentry_is_opaque(struct dentry * dentry)426 bool ovl_dentry_is_opaque(struct dentry *dentry) 427 { 428 return ovl_dentry_test_flag(OVL_E_OPAQUE, dentry); 429 } 430 ovl_dentry_is_whiteout(struct dentry * dentry)431 bool ovl_dentry_is_whiteout(struct dentry *dentry) 432 { 433 return !dentry->d_inode && ovl_dentry_is_opaque(dentry); 434 } 435 ovl_dentry_set_opaque(struct dentry * dentry)436 void ovl_dentry_set_opaque(struct dentry *dentry) 437 { 438 ovl_dentry_set_flag(OVL_E_OPAQUE, dentry); 439 } 440 441 /* 442 * For hard links and decoded file handles, it's possible for ovl_dentry_upper() 443 * to return positive, while there's no actual upper alias for the inode. 444 * Copy up code needs to know about the existence of the upper alias, so it 445 * can't use ovl_dentry_upper(). 446 */ ovl_dentry_has_upper_alias(struct dentry * dentry)447 bool ovl_dentry_has_upper_alias(struct dentry *dentry) 448 { 449 return ovl_dentry_test_flag(OVL_E_UPPER_ALIAS, dentry); 450 } 451 ovl_dentry_set_upper_alias(struct dentry * dentry)452 void ovl_dentry_set_upper_alias(struct dentry *dentry) 453 { 454 ovl_dentry_set_flag(OVL_E_UPPER_ALIAS, dentry); 455 } 456 ovl_should_check_upperdata(struct inode * inode)457 static bool ovl_should_check_upperdata(struct inode *inode) 458 { 459 if (!S_ISREG(inode->i_mode)) 460 return false; 461 462 if (!ovl_inode_lower(inode)) 463 return false; 464 465 return true; 466 } 467 ovl_has_upperdata(struct inode * inode)468 bool ovl_has_upperdata(struct inode *inode) 469 { 470 if (!ovl_should_check_upperdata(inode)) 471 return true; 472 473 if (!ovl_test_flag(OVL_UPPERDATA, inode)) 474 return false; 475 /* 476 * Pairs with smp_wmb() in ovl_set_upperdata(). Main user of 477 * ovl_has_upperdata() is ovl_copy_up_meta_inode_data(). Make sure 478 * if setting of OVL_UPPERDATA is visible, then effects of writes 479 * before that are visible too. 480 */ 481 smp_rmb(); 482 return true; 483 } 484 ovl_set_upperdata(struct inode * inode)485 void ovl_set_upperdata(struct inode *inode) 486 { 487 /* 488 * Pairs with smp_rmb() in ovl_has_upperdata(). Make sure 489 * if OVL_UPPERDATA flag is visible, then effects of write operations 490 * before it are visible as well. 491 */ 492 smp_wmb(); 493 ovl_set_flag(OVL_UPPERDATA, inode); 494 } 495 496 /* Caller should hold ovl_inode->lock */ ovl_dentry_needs_data_copy_up_locked(struct dentry * dentry,int flags)497 bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags) 498 { 499 if (!ovl_open_flags_need_copy_up(flags)) 500 return false; 501 502 return !ovl_test_flag(OVL_UPPERDATA, d_inode(dentry)); 503 } 504 ovl_dentry_needs_data_copy_up(struct dentry * dentry,int flags)505 bool ovl_dentry_needs_data_copy_up(struct dentry *dentry, int flags) 506 { 507 if (!ovl_open_flags_need_copy_up(flags)) 508 return false; 509 510 return !ovl_has_upperdata(d_inode(dentry)); 511 } 512 ovl_dentry_get_redirect(struct dentry * dentry)513 const char *ovl_dentry_get_redirect(struct dentry *dentry) 514 { 515 return OVL_I(d_inode(dentry))->redirect; 516 } 517 ovl_dentry_set_redirect(struct dentry * dentry,const char * redirect)518 void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect) 519 { 520 struct ovl_inode *oi = OVL_I(d_inode(dentry)); 521 522 kfree(oi->redirect); 523 oi->redirect = redirect; 524 } 525 ovl_inode_update(struct inode * inode,struct dentry * upperdentry)526 void ovl_inode_update(struct inode *inode, struct dentry *upperdentry) 527 { 528 struct inode *upperinode = d_inode(upperdentry); 529 530 WARN_ON(OVL_I(inode)->__upperdentry); 531 532 /* 533 * Make sure upperdentry is consistent before making it visible 534 */ 535 smp_wmb(); 536 OVL_I(inode)->__upperdentry = upperdentry; 537 if (inode_unhashed(inode)) { 538 inode->i_private = upperinode; 539 __insert_inode_hash(inode, (unsigned long) upperinode); 540 } 541 } 542 ovl_dir_version_inc(struct dentry * dentry,bool impurity)543 static void ovl_dir_version_inc(struct dentry *dentry, bool impurity) 544 { 545 struct inode *inode = d_inode(dentry); 546 547 WARN_ON(!inode_is_locked(inode)); 548 WARN_ON(!d_is_dir(dentry)); 549 /* 550 * Version is used by readdir code to keep cache consistent. 551 * For merge dirs (or dirs with origin) all changes need to be noted. 552 * For non-merge dirs, cache contains only impure entries (i.e. ones 553 * which have been copied up and have origins), so only need to note 554 * changes to impure entries. 555 */ 556 if (!ovl_dir_is_real(inode) || impurity) 557 OVL_I(inode)->version++; 558 } 559 ovl_dir_modified(struct dentry * dentry,bool impurity)560 void ovl_dir_modified(struct dentry *dentry, bool impurity) 561 { 562 /* Copy mtime/ctime */ 563 ovl_copyattr(d_inode(dentry)); 564 565 ovl_dir_version_inc(dentry, impurity); 566 } 567 ovl_inode_version_get(struct inode * inode)568 u64 ovl_inode_version_get(struct inode *inode) 569 { 570 WARN_ON(!inode_is_locked(inode)); 571 return OVL_I(inode)->version; 572 } 573 ovl_is_whiteout(struct dentry * dentry)574 bool ovl_is_whiteout(struct dentry *dentry) 575 { 576 struct inode *inode = dentry->d_inode; 577 578 return inode && IS_WHITEOUT(inode); 579 } 580 ovl_path_open(const struct path * path,int flags)581 struct file *ovl_path_open(const struct path *path, int flags) 582 { 583 struct inode *inode = d_inode(path->dentry); 584 struct mnt_idmap *real_idmap = mnt_idmap(path->mnt); 585 int err, acc_mode; 586 587 if (flags & ~(O_ACCMODE | O_LARGEFILE)) 588 BUG(); 589 590 switch (flags & O_ACCMODE) { 591 case O_RDONLY: 592 acc_mode = MAY_READ; 593 break; 594 case O_WRONLY: 595 acc_mode = MAY_WRITE; 596 break; 597 default: 598 BUG(); 599 } 600 601 err = inode_permission(real_idmap, inode, acc_mode | MAY_OPEN); 602 if (err) 603 return ERR_PTR(err); 604 605 /* O_NOATIME is an optimization, don't fail if not permitted */ 606 if (inode_owner_or_capable(real_idmap, inode)) 607 flags |= O_NOATIME; 608 609 return dentry_open(path, flags, current_cred()); 610 } 611 612 /* Caller should hold ovl_inode->lock */ ovl_already_copied_up_locked(struct dentry * dentry,int flags)613 static bool ovl_already_copied_up_locked(struct dentry *dentry, int flags) 614 { 615 bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED; 616 617 if (ovl_dentry_upper(dentry) && 618 (ovl_dentry_has_upper_alias(dentry) || disconnected) && 619 !ovl_dentry_needs_data_copy_up_locked(dentry, flags)) 620 return true; 621 622 return false; 623 } 624 ovl_already_copied_up(struct dentry * dentry,int flags)625 bool ovl_already_copied_up(struct dentry *dentry, int flags) 626 { 627 bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED; 628 629 /* 630 * Check if copy-up has happened as well as for upper alias (in 631 * case of hard links) is there. 632 * 633 * Both checks are lockless: 634 * - false negatives: will recheck under oi->lock 635 * - false positives: 636 * + ovl_dentry_upper() uses memory barriers to ensure the 637 * upper dentry is up-to-date 638 * + ovl_dentry_has_upper_alias() relies on locking of 639 * upper parent i_rwsem to prevent reordering copy-up 640 * with rename. 641 */ 642 if (ovl_dentry_upper(dentry) && 643 (ovl_dentry_has_upper_alias(dentry) || disconnected) && 644 !ovl_dentry_needs_data_copy_up(dentry, flags)) 645 return true; 646 647 return false; 648 } 649 ovl_copy_up_start(struct dentry * dentry,int flags)650 int ovl_copy_up_start(struct dentry *dentry, int flags) 651 { 652 struct inode *inode = d_inode(dentry); 653 int err; 654 655 err = ovl_inode_lock_interruptible(inode); 656 if (!err && ovl_already_copied_up_locked(dentry, flags)) { 657 err = 1; /* Already copied up */ 658 ovl_inode_unlock(inode); 659 } 660 661 return err; 662 } 663 ovl_copy_up_end(struct dentry * dentry)664 void ovl_copy_up_end(struct dentry *dentry) 665 { 666 ovl_inode_unlock(d_inode(dentry)); 667 } 668 ovl_path_check_origin_xattr(struct ovl_fs * ofs,const struct path * path)669 bool ovl_path_check_origin_xattr(struct ovl_fs *ofs, const struct path *path) 670 { 671 int res; 672 673 res = ovl_path_getxattr(ofs, path, OVL_XATTR_ORIGIN, NULL, 0); 674 675 /* Zero size value means "copied up but origin unknown" */ 676 if (res >= 0) 677 return true; 678 679 return false; 680 } 681 682 /* 683 * Load persistent uuid from xattr into s_uuid if found, or store a new 684 * random generated value in s_uuid and in xattr. 685 */ ovl_init_uuid_xattr(struct super_block * sb,struct ovl_fs * ofs,const struct path * upperpath)686 bool ovl_init_uuid_xattr(struct super_block *sb, struct ovl_fs *ofs, 687 const struct path *upperpath) 688 { 689 bool set = false; 690 int res; 691 692 /* Try to load existing persistent uuid */ 693 res = ovl_path_getxattr(ofs, upperpath, OVL_XATTR_UUID, sb->s_uuid.b, 694 UUID_SIZE); 695 if (res == UUID_SIZE) 696 return true; 697 698 if (res != -ENODATA) 699 goto fail; 700 701 /* 702 * With uuid=auto, if uuid xattr is found, it will be used. 703 * If uuid xattrs is not found, generate a persistent uuid only on mount 704 * of new overlays where upper root dir is not yet marked as impure. 705 * An upper dir is marked as impure on copy up or lookup of its subdirs. 706 */ 707 if (ofs->config.uuid == OVL_UUID_AUTO) { 708 res = ovl_path_getxattr(ofs, upperpath, OVL_XATTR_IMPURE, NULL, 709 0); 710 if (res > 0) { 711 /* Any mount of old overlay - downgrade to uuid=null */ 712 ofs->config.uuid = OVL_UUID_NULL; 713 return true; 714 } else if (res == -ENODATA) { 715 /* First mount of new overlay - upgrade to uuid=on */ 716 ofs->config.uuid = OVL_UUID_ON; 717 } else if (res < 0) { 718 goto fail; 719 } 720 721 } 722 723 /* Generate overlay instance uuid */ 724 uuid_gen(&sb->s_uuid); 725 726 /* Try to store persistent uuid */ 727 set = true; 728 res = ovl_setxattr(ofs, upperpath->dentry, OVL_XATTR_UUID, sb->s_uuid.b, 729 UUID_SIZE); 730 if (res == 0) 731 return true; 732 733 fail: 734 memset(sb->s_uuid.b, 0, UUID_SIZE); 735 ofs->config.uuid = OVL_UUID_NULL; 736 pr_warn("failed to %s uuid (%pd2, err=%i); falling back to uuid=null.\n", 737 set ? "set" : "get", upperpath->dentry, res); 738 return false; 739 } 740 ovl_path_check_dir_xattr(struct ovl_fs * ofs,const struct path * path,enum ovl_xattr ox)741 bool ovl_path_check_dir_xattr(struct ovl_fs *ofs, const struct path *path, 742 enum ovl_xattr ox) 743 { 744 int res; 745 char val; 746 747 if (!d_is_dir(path->dentry)) 748 return false; 749 750 res = ovl_path_getxattr(ofs, path, ox, &val, 1); 751 if (res == 1 && val == 'y') 752 return true; 753 754 return false; 755 } 756 757 #define OVL_XATTR_OPAQUE_POSTFIX "opaque" 758 #define OVL_XATTR_REDIRECT_POSTFIX "redirect" 759 #define OVL_XATTR_ORIGIN_POSTFIX "origin" 760 #define OVL_XATTR_IMPURE_POSTFIX "impure" 761 #define OVL_XATTR_NLINK_POSTFIX "nlink" 762 #define OVL_XATTR_UPPER_POSTFIX "upper" 763 #define OVL_XATTR_UUID_POSTFIX "uuid" 764 #define OVL_XATTR_METACOPY_POSTFIX "metacopy" 765 #define OVL_XATTR_PROTATTR_POSTFIX "protattr" 766 767 #define OVL_XATTR_TAB_ENTRY(x) \ 768 [x] = { [false] = OVL_XATTR_TRUSTED_PREFIX x ## _POSTFIX, \ 769 [true] = OVL_XATTR_USER_PREFIX x ## _POSTFIX } 770 771 const char *const ovl_xattr_table[][2] = { 772 OVL_XATTR_TAB_ENTRY(OVL_XATTR_OPAQUE), 773 OVL_XATTR_TAB_ENTRY(OVL_XATTR_REDIRECT), 774 OVL_XATTR_TAB_ENTRY(OVL_XATTR_ORIGIN), 775 OVL_XATTR_TAB_ENTRY(OVL_XATTR_IMPURE), 776 OVL_XATTR_TAB_ENTRY(OVL_XATTR_NLINK), 777 OVL_XATTR_TAB_ENTRY(OVL_XATTR_UPPER), 778 OVL_XATTR_TAB_ENTRY(OVL_XATTR_UUID), 779 OVL_XATTR_TAB_ENTRY(OVL_XATTR_METACOPY), 780 OVL_XATTR_TAB_ENTRY(OVL_XATTR_PROTATTR), 781 }; 782 ovl_check_setxattr(struct ovl_fs * ofs,struct dentry * upperdentry,enum ovl_xattr ox,const void * value,size_t size,int xerr)783 int ovl_check_setxattr(struct ovl_fs *ofs, struct dentry *upperdentry, 784 enum ovl_xattr ox, const void *value, size_t size, 785 int xerr) 786 { 787 int err; 788 789 if (ofs->noxattr) 790 return xerr; 791 792 err = ovl_setxattr(ofs, upperdentry, ox, value, size); 793 794 if (err == -EOPNOTSUPP) { 795 pr_warn("cannot set %s xattr on upper\n", ovl_xattr(ofs, ox)); 796 ofs->noxattr = true; 797 return xerr; 798 } 799 800 return err; 801 } 802 ovl_set_impure(struct dentry * dentry,struct dentry * upperdentry)803 int ovl_set_impure(struct dentry *dentry, struct dentry *upperdentry) 804 { 805 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 806 int err; 807 808 if (ovl_test_flag(OVL_IMPURE, d_inode(dentry))) 809 return 0; 810 811 /* 812 * Do not fail when upper doesn't support xattrs. 813 * Upper inodes won't have origin nor redirect xattr anyway. 814 */ 815 err = ovl_check_setxattr(ofs, upperdentry, OVL_XATTR_IMPURE, "y", 1, 0); 816 if (!err) 817 ovl_set_flag(OVL_IMPURE, d_inode(dentry)); 818 819 return err; 820 } 821 822 823 #define OVL_PROTATTR_MAX 32 /* Reserved for future flags */ 824 ovl_check_protattr(struct inode * inode,struct dentry * upper)825 void ovl_check_protattr(struct inode *inode, struct dentry *upper) 826 { 827 struct ovl_fs *ofs = OVL_FS(inode->i_sb); 828 u32 iflags = inode->i_flags & OVL_PROT_I_FLAGS_MASK; 829 char buf[OVL_PROTATTR_MAX+1]; 830 int res, n; 831 832 res = ovl_getxattr_upper(ofs, upper, OVL_XATTR_PROTATTR, buf, 833 OVL_PROTATTR_MAX); 834 if (res < 0) 835 return; 836 837 /* 838 * Initialize inode flags from overlay.protattr xattr and upper inode 839 * flags. If upper inode has those fileattr flags set (i.e. from old 840 * kernel), we do not clear them on ovl_get_inode(), but we will clear 841 * them on next fileattr_set(). 842 */ 843 for (n = 0; n < res; n++) { 844 if (buf[n] == 'a') 845 iflags |= S_APPEND; 846 else if (buf[n] == 'i') 847 iflags |= S_IMMUTABLE; 848 else 849 break; 850 } 851 852 if (!res || n < res) { 853 pr_warn_ratelimited("incompatible overlay.protattr format (%pd2, len=%d)\n", 854 upper, res); 855 } else { 856 inode_set_flags(inode, iflags, OVL_PROT_I_FLAGS_MASK); 857 } 858 } 859 ovl_set_protattr(struct inode * inode,struct dentry * upper,struct fileattr * fa)860 int ovl_set_protattr(struct inode *inode, struct dentry *upper, 861 struct fileattr *fa) 862 { 863 struct ovl_fs *ofs = OVL_FS(inode->i_sb); 864 char buf[OVL_PROTATTR_MAX]; 865 int len = 0, err = 0; 866 u32 iflags = 0; 867 868 BUILD_BUG_ON(HWEIGHT32(OVL_PROT_FS_FLAGS_MASK) > OVL_PROTATTR_MAX); 869 870 if (fa->flags & FS_APPEND_FL) { 871 buf[len++] = 'a'; 872 iflags |= S_APPEND; 873 } 874 if (fa->flags & FS_IMMUTABLE_FL) { 875 buf[len++] = 'i'; 876 iflags |= S_IMMUTABLE; 877 } 878 879 /* 880 * Do not allow to set protection flags when upper doesn't support 881 * xattrs, because we do not set those fileattr flags on upper inode. 882 * Remove xattr if it exist and all protection flags are cleared. 883 */ 884 if (len) { 885 err = ovl_check_setxattr(ofs, upper, OVL_XATTR_PROTATTR, 886 buf, len, -EPERM); 887 } else if (inode->i_flags & OVL_PROT_I_FLAGS_MASK) { 888 err = ovl_removexattr(ofs, upper, OVL_XATTR_PROTATTR); 889 if (err == -EOPNOTSUPP || err == -ENODATA) 890 err = 0; 891 } 892 if (err) 893 return err; 894 895 inode_set_flags(inode, iflags, OVL_PROT_I_FLAGS_MASK); 896 897 /* Mask out the fileattr flags that should not be set in upper inode */ 898 fa->flags &= ~OVL_PROT_FS_FLAGS_MASK; 899 fa->fsx_xflags &= ~OVL_PROT_FSX_FLAGS_MASK; 900 901 return 0; 902 } 903 904 /** 905 * Caller must hold a reference to inode to prevent it from being freed while 906 * it is marked inuse. 907 */ ovl_inuse_trylock(struct dentry * dentry)908 bool ovl_inuse_trylock(struct dentry *dentry) 909 { 910 struct inode *inode = d_inode(dentry); 911 bool locked = false; 912 913 spin_lock(&inode->i_lock); 914 if (!(inode->i_state & I_OVL_INUSE)) { 915 inode->i_state |= I_OVL_INUSE; 916 locked = true; 917 } 918 spin_unlock(&inode->i_lock); 919 920 return locked; 921 } 922 ovl_inuse_unlock(struct dentry * dentry)923 void ovl_inuse_unlock(struct dentry *dentry) 924 { 925 if (dentry) { 926 struct inode *inode = d_inode(dentry); 927 928 spin_lock(&inode->i_lock); 929 WARN_ON(!(inode->i_state & I_OVL_INUSE)); 930 inode->i_state &= ~I_OVL_INUSE; 931 spin_unlock(&inode->i_lock); 932 } 933 } 934 ovl_is_inuse(struct dentry * dentry)935 bool ovl_is_inuse(struct dentry *dentry) 936 { 937 struct inode *inode = d_inode(dentry); 938 bool inuse; 939 940 spin_lock(&inode->i_lock); 941 inuse = (inode->i_state & I_OVL_INUSE); 942 spin_unlock(&inode->i_lock); 943 944 return inuse; 945 } 946 947 /* 948 * Does this overlay dentry need to be indexed on copy up? 949 */ ovl_need_index(struct dentry * dentry)950 bool ovl_need_index(struct dentry *dentry) 951 { 952 struct dentry *lower = ovl_dentry_lower(dentry); 953 954 if (!lower || !ovl_indexdir(dentry->d_sb)) 955 return false; 956 957 /* Index all files for NFS export and consistency verification */ 958 if (ovl_index_all(dentry->d_sb)) 959 return true; 960 961 /* Index only lower hardlinks on copy up */ 962 if (!d_is_dir(lower) && d_inode(lower)->i_nlink > 1) 963 return true; 964 965 return false; 966 } 967 968 /* Caller must hold OVL_I(inode)->lock */ ovl_cleanup_index(struct dentry * dentry)969 static void ovl_cleanup_index(struct dentry *dentry) 970 { 971 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 972 struct dentry *indexdir = ovl_indexdir(dentry->d_sb); 973 struct inode *dir = indexdir->d_inode; 974 struct dentry *lowerdentry = ovl_dentry_lower(dentry); 975 struct dentry *upperdentry = ovl_dentry_upper(dentry); 976 struct dentry *index = NULL; 977 struct inode *inode; 978 struct qstr name = { }; 979 int err; 980 981 err = ovl_get_index_name(ofs, lowerdentry, &name); 982 if (err) 983 goto fail; 984 985 inode = d_inode(upperdentry); 986 if (!S_ISDIR(inode->i_mode) && inode->i_nlink != 1) { 987 pr_warn_ratelimited("cleanup linked index (%pd2, ino=%lu, nlink=%u)\n", 988 upperdentry, inode->i_ino, inode->i_nlink); 989 /* 990 * We either have a bug with persistent union nlink or a lower 991 * hardlink was added while overlay is mounted. Adding a lower 992 * hardlink and then unlinking all overlay hardlinks would drop 993 * overlay nlink to zero before all upper inodes are unlinked. 994 * As a safety measure, when that situation is detected, set 995 * the overlay nlink to the index inode nlink minus one for the 996 * index entry itself. 997 */ 998 set_nlink(d_inode(dentry), inode->i_nlink - 1); 999 ovl_set_nlink_upper(dentry); 1000 goto out; 1001 } 1002 1003 inode_lock_nested(dir, I_MUTEX_PARENT); 1004 index = ovl_lookup_upper(ofs, name.name, indexdir, name.len); 1005 err = PTR_ERR(index); 1006 if (IS_ERR(index)) { 1007 index = NULL; 1008 } else if (ovl_index_all(dentry->d_sb)) { 1009 /* Whiteout orphan index to block future open by handle */ 1010 err = ovl_cleanup_and_whiteout(OVL_FS(dentry->d_sb), 1011 dir, index); 1012 } else { 1013 /* Cleanup orphan index entries */ 1014 err = ovl_cleanup(ofs, dir, index); 1015 } 1016 1017 inode_unlock(dir); 1018 if (err) 1019 goto fail; 1020 1021 out: 1022 kfree(name.name); 1023 dput(index); 1024 return; 1025 1026 fail: 1027 pr_err("cleanup index of '%pd2' failed (%i)\n", dentry, err); 1028 goto out; 1029 } 1030 1031 /* 1032 * Operations that change overlay inode and upper inode nlink need to be 1033 * synchronized with copy up for persistent nlink accounting. 1034 */ ovl_nlink_start(struct dentry * dentry)1035 int ovl_nlink_start(struct dentry *dentry) 1036 { 1037 struct inode *inode = d_inode(dentry); 1038 const struct cred *old_cred; 1039 int err; 1040 1041 if (WARN_ON(!inode)) 1042 return -ENOENT; 1043 1044 /* 1045 * With inodes index is enabled, we store the union overlay nlink 1046 * in an xattr on the index inode. When whiting out an indexed lower, 1047 * we need to decrement the overlay persistent nlink, but before the 1048 * first copy up, we have no upper index inode to store the xattr. 1049 * 1050 * As a workaround, before whiteout/rename over an indexed lower, 1051 * copy up to create the upper index. Creating the upper index will 1052 * initialize the overlay nlink, so it could be dropped if unlink 1053 * or rename succeeds. 1054 * 1055 * TODO: implement metadata only index copy up when called with 1056 * ovl_copy_up_flags(dentry, O_PATH). 1057 */ 1058 if (ovl_need_index(dentry) && !ovl_dentry_has_upper_alias(dentry)) { 1059 err = ovl_copy_up(dentry); 1060 if (err) 1061 return err; 1062 } 1063 1064 err = ovl_inode_lock_interruptible(inode); 1065 if (err) 1066 return err; 1067 1068 if (d_is_dir(dentry) || !ovl_test_flag(OVL_INDEX, inode)) 1069 goto out; 1070 1071 old_cred = ovl_override_creds(dentry->d_sb); 1072 /* 1073 * The overlay inode nlink should be incremented/decremented IFF the 1074 * upper operation succeeds, along with nlink change of upper inode. 1075 * Therefore, before link/unlink/rename, we store the union nlink 1076 * value relative to the upper inode nlink in an upper inode xattr. 1077 */ 1078 err = ovl_set_nlink_upper(dentry); 1079 revert_creds(old_cred); 1080 1081 out: 1082 if (err) 1083 ovl_inode_unlock(inode); 1084 1085 return err; 1086 } 1087 ovl_nlink_end(struct dentry * dentry)1088 void ovl_nlink_end(struct dentry *dentry) 1089 { 1090 struct inode *inode = d_inode(dentry); 1091 1092 if (ovl_test_flag(OVL_INDEX, inode) && inode->i_nlink == 0) { 1093 const struct cred *old_cred; 1094 1095 old_cred = ovl_override_creds(dentry->d_sb); 1096 ovl_cleanup_index(dentry); 1097 revert_creds(old_cred); 1098 } 1099 1100 ovl_inode_unlock(inode); 1101 } 1102 ovl_lock_rename_workdir(struct dentry * workdir,struct dentry * upperdir)1103 int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir) 1104 { 1105 /* Workdir should not be the same as upperdir */ 1106 if (workdir == upperdir) 1107 goto err; 1108 1109 /* Workdir should not be subdir of upperdir and vice versa */ 1110 if (lock_rename(workdir, upperdir) != NULL) 1111 goto err_unlock; 1112 1113 return 0; 1114 1115 err_unlock: 1116 unlock_rename(workdir, upperdir); 1117 err: 1118 pr_err("failed to lock workdir+upperdir\n"); 1119 return -EIO; 1120 } 1121 1122 /* 1123 * err < 0, 0 if no metacopy xattr, metacopy data size if xattr found. 1124 * an empty xattr returns OVL_METACOPY_MIN_SIZE to distinguish from no xattr value. 1125 */ ovl_check_metacopy_xattr(struct ovl_fs * ofs,const struct path * path,struct ovl_metacopy * data)1126 int ovl_check_metacopy_xattr(struct ovl_fs *ofs, const struct path *path, 1127 struct ovl_metacopy *data) 1128 { 1129 int res; 1130 1131 /* Only regular files can have metacopy xattr */ 1132 if (!S_ISREG(d_inode(path->dentry)->i_mode)) 1133 return 0; 1134 1135 res = ovl_path_getxattr(ofs, path, OVL_XATTR_METACOPY, 1136 data, data ? OVL_METACOPY_MAX_SIZE : 0); 1137 if (res < 0) { 1138 if (res == -ENODATA || res == -EOPNOTSUPP) 1139 return 0; 1140 /* 1141 * getxattr on user.* may fail with EACCES in case there's no 1142 * read permission on the inode. Not much we can do, other than 1143 * tell the caller that this is not a metacopy inode. 1144 */ 1145 if (ofs->config.userxattr && res == -EACCES) 1146 return 0; 1147 goto out; 1148 } 1149 1150 if (res == 0) { 1151 /* Emulate empty data for zero size metacopy xattr */ 1152 res = OVL_METACOPY_MIN_SIZE; 1153 if (data) { 1154 memset(data, 0, res); 1155 data->len = res; 1156 } 1157 } else if (res < OVL_METACOPY_MIN_SIZE) { 1158 pr_warn_ratelimited("metacopy file '%pd' has too small xattr\n", 1159 path->dentry); 1160 return -EIO; 1161 } else if (data) { 1162 if (data->version != 0) { 1163 pr_warn_ratelimited("metacopy file '%pd' has unsupported version\n", 1164 path->dentry); 1165 return -EIO; 1166 } 1167 if (res != data->len) { 1168 pr_warn_ratelimited("metacopy file '%pd' has invalid xattr size\n", 1169 path->dentry); 1170 return -EIO; 1171 } 1172 } 1173 1174 return res; 1175 out: 1176 pr_warn_ratelimited("failed to get metacopy (%i)\n", res); 1177 return res; 1178 } 1179 ovl_set_metacopy_xattr(struct ovl_fs * ofs,struct dentry * d,struct ovl_metacopy * metacopy)1180 int ovl_set_metacopy_xattr(struct ovl_fs *ofs, struct dentry *d, struct ovl_metacopy *metacopy) 1181 { 1182 size_t len = metacopy->len; 1183 1184 /* If no flags or digest fall back to empty metacopy file */ 1185 if (metacopy->version == 0 && metacopy->flags == 0 && metacopy->digest_algo == 0) 1186 len = 0; 1187 1188 return ovl_check_setxattr(ofs, d, OVL_XATTR_METACOPY, 1189 metacopy, len, -EOPNOTSUPP); 1190 } 1191 ovl_is_metacopy_dentry(struct dentry * dentry)1192 bool ovl_is_metacopy_dentry(struct dentry *dentry) 1193 { 1194 struct ovl_entry *oe = OVL_E(dentry); 1195 1196 if (!d_is_reg(dentry)) 1197 return false; 1198 1199 if (ovl_dentry_upper(dentry)) { 1200 if (!ovl_has_upperdata(d_inode(dentry))) 1201 return true; 1202 return false; 1203 } 1204 1205 return (ovl_numlower(oe) > 1); 1206 } 1207 ovl_get_redirect_xattr(struct ovl_fs * ofs,const struct path * path,int padding)1208 char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding) 1209 { 1210 int res; 1211 char *s, *next, *buf = NULL; 1212 1213 res = ovl_path_getxattr(ofs, path, OVL_XATTR_REDIRECT, NULL, 0); 1214 if (res == -ENODATA || res == -EOPNOTSUPP) 1215 return NULL; 1216 if (res < 0) 1217 goto fail; 1218 if (res == 0) 1219 goto invalid; 1220 1221 buf = kzalloc(res + padding + 1, GFP_KERNEL); 1222 if (!buf) 1223 return ERR_PTR(-ENOMEM); 1224 1225 res = ovl_path_getxattr(ofs, path, OVL_XATTR_REDIRECT, buf, res); 1226 if (res < 0) 1227 goto fail; 1228 if (res == 0) 1229 goto invalid; 1230 1231 if (buf[0] == '/') { 1232 for (s = buf; *s++ == '/'; s = next) { 1233 next = strchrnul(s, '/'); 1234 if (s == next) 1235 goto invalid; 1236 } 1237 } else { 1238 if (strchr(buf, '/') != NULL) 1239 goto invalid; 1240 } 1241 1242 return buf; 1243 invalid: 1244 pr_warn_ratelimited("invalid redirect (%s)\n", buf); 1245 res = -EINVAL; 1246 goto err_free; 1247 fail: 1248 pr_warn_ratelimited("failed to get redirect (%i)\n", res); 1249 err_free: 1250 kfree(buf); 1251 return ERR_PTR(res); 1252 } 1253 1254 /* Call with mounter creds as it may open the file */ ovl_ensure_verity_loaded(struct path * datapath)1255 int ovl_ensure_verity_loaded(struct path *datapath) 1256 { 1257 struct inode *inode = d_inode(datapath->dentry); 1258 struct file *filp; 1259 1260 if (!fsverity_active(inode) && IS_VERITY(inode)) { 1261 /* 1262 * If this inode was not yet opened, the verity info hasn't been 1263 * loaded yet, so we need to do that here to force it into memory. 1264 */ 1265 filp = kernel_file_open(datapath, O_RDONLY, inode, current_cred()); 1266 if (IS_ERR(filp)) 1267 return PTR_ERR(filp); 1268 fput(filp); 1269 } 1270 1271 return 0; 1272 } 1273 ovl_validate_verity(struct ovl_fs * ofs,struct path * metapath,struct path * datapath)1274 int ovl_validate_verity(struct ovl_fs *ofs, 1275 struct path *metapath, 1276 struct path *datapath) 1277 { 1278 struct ovl_metacopy metacopy_data; 1279 u8 actual_digest[FS_VERITY_MAX_DIGEST_SIZE]; 1280 int xattr_digest_size, digest_size; 1281 int xattr_size, err; 1282 u8 verity_algo; 1283 1284 if (!ofs->config.verity_mode || 1285 /* Verity only works on regular files */ 1286 !S_ISREG(d_inode(metapath->dentry)->i_mode)) 1287 return 0; 1288 1289 xattr_size = ovl_check_metacopy_xattr(ofs, metapath, &metacopy_data); 1290 if (xattr_size < 0) 1291 return xattr_size; 1292 1293 if (!xattr_size || !metacopy_data.digest_algo) { 1294 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) { 1295 pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n", 1296 metapath->dentry); 1297 return -EIO; 1298 } 1299 return 0; 1300 } 1301 1302 xattr_digest_size = ovl_metadata_digest_size(&metacopy_data); 1303 1304 err = ovl_ensure_verity_loaded(datapath); 1305 if (err < 0) { 1306 pr_warn_ratelimited("lower file '%pd' failed to load fs-verity info\n", 1307 datapath->dentry); 1308 return -EIO; 1309 } 1310 1311 digest_size = fsverity_get_digest(d_inode(datapath->dentry), actual_digest, 1312 &verity_algo, NULL); 1313 if (digest_size == 0) { 1314 pr_warn_ratelimited("lower file '%pd' has no fs-verity digest\n", datapath->dentry); 1315 return -EIO; 1316 } 1317 1318 if (xattr_digest_size != digest_size || 1319 metacopy_data.digest_algo != verity_algo || 1320 memcmp(metacopy_data.digest, actual_digest, xattr_digest_size) != 0) { 1321 pr_warn_ratelimited("lower file '%pd' has the wrong fs-verity digest\n", 1322 datapath->dentry); 1323 return -EIO; 1324 } 1325 1326 return 0; 1327 } 1328 ovl_get_verity_digest(struct ovl_fs * ofs,struct path * src,struct ovl_metacopy * metacopy)1329 int ovl_get_verity_digest(struct ovl_fs *ofs, struct path *src, 1330 struct ovl_metacopy *metacopy) 1331 { 1332 int err, digest_size; 1333 1334 if (!ofs->config.verity_mode || !S_ISREG(d_inode(src->dentry)->i_mode)) 1335 return 0; 1336 1337 err = ovl_ensure_verity_loaded(src); 1338 if (err < 0) { 1339 pr_warn_ratelimited("lower file '%pd' failed to load fs-verity info\n", 1340 src->dentry); 1341 return -EIO; 1342 } 1343 1344 digest_size = fsverity_get_digest(d_inode(src->dentry), 1345 metacopy->digest, &metacopy->digest_algo, NULL); 1346 if (digest_size == 0 || 1347 WARN_ON_ONCE(digest_size > FS_VERITY_MAX_DIGEST_SIZE)) { 1348 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) { 1349 pr_warn_ratelimited("lower file '%pd' has no fs-verity digest\n", 1350 src->dentry); 1351 return -EIO; 1352 } 1353 return 0; 1354 } 1355 1356 metacopy->len += digest_size; 1357 return 0; 1358 } 1359 1360 /* 1361 * ovl_sync_status() - Check fs sync status for volatile mounts 1362 * 1363 * Returns 1 if this is not a volatile mount and a real sync is required. 1364 * 1365 * Returns 0 if syncing can be skipped because mount is volatile, and no errors 1366 * have occurred on the upperdir since the mount. 1367 * 1368 * Returns -errno if it is a volatile mount, and the error that occurred since 1369 * the last mount. If the error code changes, it'll return the latest error 1370 * code. 1371 */ 1372 ovl_sync_status(struct ovl_fs * ofs)1373 int ovl_sync_status(struct ovl_fs *ofs) 1374 { 1375 struct vfsmount *mnt; 1376 1377 if (ovl_should_sync(ofs)) 1378 return 1; 1379 1380 mnt = ovl_upper_mnt(ofs); 1381 if (!mnt) 1382 return 0; 1383 1384 return errseq_check(&mnt->mnt_sb->s_wb_err, ofs->errseq); 1385 } 1386 1387 /* 1388 * ovl_copyattr() - copy inode attributes from layer to ovl inode 1389 * 1390 * When overlay copies inode information from an upper or lower layer to the 1391 * relevant overlay inode it will apply the idmapping of the upper or lower 1392 * layer when doing so ensuring that the ovl inode ownership will correctly 1393 * reflect the ownership of the idmapped upper or lower layer. For example, an 1394 * idmapped upper or lower layer mapping id 1001 to id 1000 will take care to 1395 * map any lower or upper inode owned by id 1001 to id 1000. These mapping 1396 * helpers are nops when the relevant layer isn't idmapped. 1397 */ ovl_copyattr(struct inode * inode)1398 void ovl_copyattr(struct inode *inode) 1399 { 1400 struct path realpath; 1401 struct inode *realinode; 1402 struct mnt_idmap *real_idmap; 1403 vfsuid_t vfsuid; 1404 vfsgid_t vfsgid; 1405 1406 realinode = ovl_i_path_real(inode, &realpath); 1407 real_idmap = mnt_idmap(realpath.mnt); 1408 1409 vfsuid = i_uid_into_vfsuid(real_idmap, realinode); 1410 vfsgid = i_gid_into_vfsgid(real_idmap, realinode); 1411 1412 inode->i_uid = vfsuid_into_kuid(vfsuid); 1413 inode->i_gid = vfsgid_into_kgid(vfsgid); 1414 inode->i_mode = realinode->i_mode; 1415 inode->i_atime = realinode->i_atime; 1416 inode->i_mtime = realinode->i_mtime; 1417 inode_set_ctime_to_ts(inode, inode_get_ctime(realinode)); 1418 i_size_write(inode, i_size_read(realinode)); 1419 } 1420