xref: /openbmc/linux/fs/overlayfs/util.c (revision b8d312aa)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2011 Novell Inc.
4  * Copyright (C) 2016 Red Hat, Inc.
5  */
6 
7 #include <linux/fs.h>
8 #include <linux/mount.h>
9 #include <linux/slab.h>
10 #include <linux/cred.h>
11 #include <linux/xattr.h>
12 #include <linux/exportfs.h>
13 #include <linux/uuid.h>
14 #include <linux/namei.h>
15 #include <linux/ratelimit.h>
16 #include "overlayfs.h"
17 
18 int ovl_want_write(struct dentry *dentry)
19 {
20 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
21 	return mnt_want_write(ofs->upper_mnt);
22 }
23 
24 void ovl_drop_write(struct dentry *dentry)
25 {
26 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
27 	mnt_drop_write(ofs->upper_mnt);
28 }
29 
30 struct dentry *ovl_workdir(struct dentry *dentry)
31 {
32 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
33 	return ofs->workdir;
34 }
35 
36 const struct cred *ovl_override_creds(struct super_block *sb)
37 {
38 	struct ovl_fs *ofs = sb->s_fs_info;
39 
40 	return override_creds(ofs->creator_cred);
41 }
42 
43 struct super_block *ovl_same_sb(struct super_block *sb)
44 {
45 	struct ovl_fs *ofs = sb->s_fs_info;
46 
47 	if (!ofs->numlowerfs)
48 		return ofs->upper_mnt->mnt_sb;
49 	else if (ofs->numlowerfs == 1 && !ofs->upper_mnt)
50 		return ofs->lower_fs[0].sb;
51 	else
52 		return NULL;
53 }
54 
55 /*
56  * Check if underlying fs supports file handles and try to determine encoding
57  * type, in order to deduce maximum inode number used by fs.
58  *
59  * Return 0 if file handles are not supported.
60  * Return 1 (FILEID_INO32_GEN) if fs uses the default 32bit inode encoding.
61  * Return -1 if fs uses a non default encoding with unknown inode size.
62  */
63 int ovl_can_decode_fh(struct super_block *sb)
64 {
65 	if (!sb->s_export_op || !sb->s_export_op->fh_to_dentry)
66 		return 0;
67 
68 	return sb->s_export_op->encode_fh ? -1 : FILEID_INO32_GEN;
69 }
70 
71 struct dentry *ovl_indexdir(struct super_block *sb)
72 {
73 	struct ovl_fs *ofs = sb->s_fs_info;
74 
75 	return ofs->indexdir;
76 }
77 
78 /* Index all files on copy up. For now only enabled for NFS export */
79 bool ovl_index_all(struct super_block *sb)
80 {
81 	struct ovl_fs *ofs = sb->s_fs_info;
82 
83 	return ofs->config.nfs_export && ofs->config.index;
84 }
85 
86 /* Verify lower origin on lookup. For now only enabled for NFS export */
87 bool ovl_verify_lower(struct super_block *sb)
88 {
89 	struct ovl_fs *ofs = sb->s_fs_info;
90 
91 	return ofs->config.nfs_export && ofs->config.index;
92 }
93 
94 struct ovl_entry *ovl_alloc_entry(unsigned int numlower)
95 {
96 	size_t size = offsetof(struct ovl_entry, lowerstack[numlower]);
97 	struct ovl_entry *oe = kzalloc(size, GFP_KERNEL);
98 
99 	if (oe)
100 		oe->numlower = numlower;
101 
102 	return oe;
103 }
104 
105 bool ovl_dentry_remote(struct dentry *dentry)
106 {
107 	return dentry->d_flags &
108 		(DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE |
109 		 DCACHE_OP_REAL);
110 }
111 
112 bool ovl_dentry_weird(struct dentry *dentry)
113 {
114 	return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT |
115 				  DCACHE_MANAGE_TRANSIT |
116 				  DCACHE_OP_HASH |
117 				  DCACHE_OP_COMPARE);
118 }
119 
120 enum ovl_path_type ovl_path_type(struct dentry *dentry)
121 {
122 	struct ovl_entry *oe = dentry->d_fsdata;
123 	enum ovl_path_type type = 0;
124 
125 	if (ovl_dentry_upper(dentry)) {
126 		type = __OVL_PATH_UPPER;
127 
128 		/*
129 		 * Non-dir dentry can hold lower dentry of its copy up origin.
130 		 */
131 		if (oe->numlower) {
132 			if (ovl_test_flag(OVL_CONST_INO, d_inode(dentry)))
133 				type |= __OVL_PATH_ORIGIN;
134 			if (d_is_dir(dentry) ||
135 			    !ovl_has_upperdata(d_inode(dentry)))
136 				type |= __OVL_PATH_MERGE;
137 		}
138 	} else {
139 		if (oe->numlower > 1)
140 			type |= __OVL_PATH_MERGE;
141 	}
142 	return type;
143 }
144 
145 void ovl_path_upper(struct dentry *dentry, struct path *path)
146 {
147 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
148 
149 	path->mnt = ofs->upper_mnt;
150 	path->dentry = ovl_dentry_upper(dentry);
151 }
152 
153 void ovl_path_lower(struct dentry *dentry, struct path *path)
154 {
155 	struct ovl_entry *oe = dentry->d_fsdata;
156 
157 	if (oe->numlower) {
158 		path->mnt = oe->lowerstack[0].layer->mnt;
159 		path->dentry = oe->lowerstack[0].dentry;
160 	} else {
161 		*path = (struct path) { };
162 	}
163 }
164 
165 void ovl_path_lowerdata(struct dentry *dentry, struct path *path)
166 {
167 	struct ovl_entry *oe = dentry->d_fsdata;
168 
169 	if (oe->numlower) {
170 		path->mnt = oe->lowerstack[oe->numlower - 1].layer->mnt;
171 		path->dentry = oe->lowerstack[oe->numlower - 1].dentry;
172 	} else {
173 		*path = (struct path) { };
174 	}
175 }
176 
177 enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path)
178 {
179 	enum ovl_path_type type = ovl_path_type(dentry);
180 
181 	if (!OVL_TYPE_UPPER(type))
182 		ovl_path_lower(dentry, path);
183 	else
184 		ovl_path_upper(dentry, path);
185 
186 	return type;
187 }
188 
189 struct dentry *ovl_dentry_upper(struct dentry *dentry)
190 {
191 	return ovl_upperdentry_dereference(OVL_I(d_inode(dentry)));
192 }
193 
194 struct dentry *ovl_dentry_lower(struct dentry *dentry)
195 {
196 	struct ovl_entry *oe = dentry->d_fsdata;
197 
198 	return oe->numlower ? oe->lowerstack[0].dentry : NULL;
199 }
200 
201 struct ovl_layer *ovl_layer_lower(struct dentry *dentry)
202 {
203 	struct ovl_entry *oe = dentry->d_fsdata;
204 
205 	return oe->numlower ? oe->lowerstack[0].layer : NULL;
206 }
207 
208 /*
209  * ovl_dentry_lower() could return either a data dentry or metacopy dentry
210  * dependig on what is stored in lowerstack[0]. At times we need to find
211  * lower dentry which has data (and not metacopy dentry). This helper
212  * returns the lower data dentry.
213  */
214 struct dentry *ovl_dentry_lowerdata(struct dentry *dentry)
215 {
216 	struct ovl_entry *oe = dentry->d_fsdata;
217 
218 	return oe->numlower ? oe->lowerstack[oe->numlower - 1].dentry : NULL;
219 }
220 
221 struct dentry *ovl_dentry_real(struct dentry *dentry)
222 {
223 	return ovl_dentry_upper(dentry) ?: ovl_dentry_lower(dentry);
224 }
225 
226 struct dentry *ovl_i_dentry_upper(struct inode *inode)
227 {
228 	return ovl_upperdentry_dereference(OVL_I(inode));
229 }
230 
231 struct inode *ovl_inode_upper(struct inode *inode)
232 {
233 	struct dentry *upperdentry = ovl_i_dentry_upper(inode);
234 
235 	return upperdentry ? d_inode(upperdentry) : NULL;
236 }
237 
238 struct inode *ovl_inode_lower(struct inode *inode)
239 {
240 	return OVL_I(inode)->lower;
241 }
242 
243 struct inode *ovl_inode_real(struct inode *inode)
244 {
245 	return ovl_inode_upper(inode) ?: ovl_inode_lower(inode);
246 }
247 
248 /* Return inode which contains lower data. Do not return metacopy */
249 struct inode *ovl_inode_lowerdata(struct inode *inode)
250 {
251 	if (WARN_ON(!S_ISREG(inode->i_mode)))
252 		return NULL;
253 
254 	return OVL_I(inode)->lowerdata ?: ovl_inode_lower(inode);
255 }
256 
257 /* Return real inode which contains data. Does not return metacopy inode */
258 struct inode *ovl_inode_realdata(struct inode *inode)
259 {
260 	struct inode *upperinode;
261 
262 	upperinode = ovl_inode_upper(inode);
263 	if (upperinode && ovl_has_upperdata(inode))
264 		return upperinode;
265 
266 	return ovl_inode_lowerdata(inode);
267 }
268 
269 struct ovl_dir_cache *ovl_dir_cache(struct inode *inode)
270 {
271 	return OVL_I(inode)->cache;
272 }
273 
274 void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache)
275 {
276 	OVL_I(inode)->cache = cache;
277 }
278 
279 void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry)
280 {
281 	set_bit(flag, &OVL_E(dentry)->flags);
282 }
283 
284 void ovl_dentry_clear_flag(unsigned long flag, struct dentry *dentry)
285 {
286 	clear_bit(flag, &OVL_E(dentry)->flags);
287 }
288 
289 bool ovl_dentry_test_flag(unsigned long flag, struct dentry *dentry)
290 {
291 	return test_bit(flag, &OVL_E(dentry)->flags);
292 }
293 
294 bool ovl_dentry_is_opaque(struct dentry *dentry)
295 {
296 	return ovl_dentry_test_flag(OVL_E_OPAQUE, dentry);
297 }
298 
299 bool ovl_dentry_is_whiteout(struct dentry *dentry)
300 {
301 	return !dentry->d_inode && ovl_dentry_is_opaque(dentry);
302 }
303 
304 void ovl_dentry_set_opaque(struct dentry *dentry)
305 {
306 	ovl_dentry_set_flag(OVL_E_OPAQUE, dentry);
307 }
308 
309 /*
310  * For hard links and decoded file handles, it's possible for ovl_dentry_upper()
311  * to return positive, while there's no actual upper alias for the inode.
312  * Copy up code needs to know about the existence of the upper alias, so it
313  * can't use ovl_dentry_upper().
314  */
315 bool ovl_dentry_has_upper_alias(struct dentry *dentry)
316 {
317 	return ovl_dentry_test_flag(OVL_E_UPPER_ALIAS, dentry);
318 }
319 
320 void ovl_dentry_set_upper_alias(struct dentry *dentry)
321 {
322 	ovl_dentry_set_flag(OVL_E_UPPER_ALIAS, dentry);
323 }
324 
325 static bool ovl_should_check_upperdata(struct inode *inode)
326 {
327 	if (!S_ISREG(inode->i_mode))
328 		return false;
329 
330 	if (!ovl_inode_lower(inode))
331 		return false;
332 
333 	return true;
334 }
335 
336 bool ovl_has_upperdata(struct inode *inode)
337 {
338 	if (!ovl_should_check_upperdata(inode))
339 		return true;
340 
341 	if (!ovl_test_flag(OVL_UPPERDATA, inode))
342 		return false;
343 	/*
344 	 * Pairs with smp_wmb() in ovl_set_upperdata(). Main user of
345 	 * ovl_has_upperdata() is ovl_copy_up_meta_inode_data(). Make sure
346 	 * if setting of OVL_UPPERDATA is visible, then effects of writes
347 	 * before that are visible too.
348 	 */
349 	smp_rmb();
350 	return true;
351 }
352 
353 void ovl_set_upperdata(struct inode *inode)
354 {
355 	/*
356 	 * Pairs with smp_rmb() in ovl_has_upperdata(). Make sure
357 	 * if OVL_UPPERDATA flag is visible, then effects of write operations
358 	 * before it are visible as well.
359 	 */
360 	smp_wmb();
361 	ovl_set_flag(OVL_UPPERDATA, inode);
362 }
363 
364 /* Caller should hold ovl_inode->lock */
365 bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags)
366 {
367 	if (!ovl_open_flags_need_copy_up(flags))
368 		return false;
369 
370 	return !ovl_test_flag(OVL_UPPERDATA, d_inode(dentry));
371 }
372 
373 bool ovl_dentry_needs_data_copy_up(struct dentry *dentry, int flags)
374 {
375 	if (!ovl_open_flags_need_copy_up(flags))
376 		return false;
377 
378 	return !ovl_has_upperdata(d_inode(dentry));
379 }
380 
381 bool ovl_redirect_dir(struct super_block *sb)
382 {
383 	struct ovl_fs *ofs = sb->s_fs_info;
384 
385 	return ofs->config.redirect_dir && !ofs->noxattr;
386 }
387 
388 const char *ovl_dentry_get_redirect(struct dentry *dentry)
389 {
390 	return OVL_I(d_inode(dentry))->redirect;
391 }
392 
393 void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect)
394 {
395 	struct ovl_inode *oi = OVL_I(d_inode(dentry));
396 
397 	kfree(oi->redirect);
398 	oi->redirect = redirect;
399 }
400 
401 void ovl_inode_init(struct inode *inode, struct dentry *upperdentry,
402 		    struct dentry *lowerdentry, struct dentry *lowerdata)
403 {
404 	struct inode *realinode = d_inode(upperdentry ?: lowerdentry);
405 
406 	if (upperdentry)
407 		OVL_I(inode)->__upperdentry = upperdentry;
408 	if (lowerdentry)
409 		OVL_I(inode)->lower = igrab(d_inode(lowerdentry));
410 	if (lowerdata)
411 		OVL_I(inode)->lowerdata = igrab(d_inode(lowerdata));
412 
413 	ovl_copyattr(realinode, inode);
414 	ovl_copyflags(realinode, inode);
415 	if (!inode->i_ino)
416 		inode->i_ino = realinode->i_ino;
417 }
418 
419 void ovl_inode_update(struct inode *inode, struct dentry *upperdentry)
420 {
421 	struct inode *upperinode = d_inode(upperdentry);
422 
423 	WARN_ON(OVL_I(inode)->__upperdentry);
424 
425 	/*
426 	 * Make sure upperdentry is consistent before making it visible
427 	 */
428 	smp_wmb();
429 	OVL_I(inode)->__upperdentry = upperdentry;
430 	if (inode_unhashed(inode)) {
431 		if (!inode->i_ino)
432 			inode->i_ino = upperinode->i_ino;
433 		inode->i_private = upperinode;
434 		__insert_inode_hash(inode, (unsigned long) upperinode);
435 	}
436 }
437 
438 static void ovl_dentry_version_inc(struct dentry *dentry, bool impurity)
439 {
440 	struct inode *inode = d_inode(dentry);
441 
442 	WARN_ON(!inode_is_locked(inode));
443 	/*
444 	 * Version is used by readdir code to keep cache consistent.  For merge
445 	 * dirs all changes need to be noted.  For non-merge dirs, cache only
446 	 * contains impure (ones which have been copied up and have origins)
447 	 * entries, so only need to note changes to impure entries.
448 	 */
449 	if (OVL_TYPE_MERGE(ovl_path_type(dentry)) || impurity)
450 		OVL_I(inode)->version++;
451 }
452 
453 void ovl_dir_modified(struct dentry *dentry, bool impurity)
454 {
455 	/* Copy mtime/ctime */
456 	ovl_copyattr(d_inode(ovl_dentry_upper(dentry)), d_inode(dentry));
457 
458 	ovl_dentry_version_inc(dentry, impurity);
459 }
460 
461 u64 ovl_dentry_version_get(struct dentry *dentry)
462 {
463 	struct inode *inode = d_inode(dentry);
464 
465 	WARN_ON(!inode_is_locked(inode));
466 	return OVL_I(inode)->version;
467 }
468 
469 bool ovl_is_whiteout(struct dentry *dentry)
470 {
471 	struct inode *inode = dentry->d_inode;
472 
473 	return inode && IS_WHITEOUT(inode);
474 }
475 
476 struct file *ovl_path_open(struct path *path, int flags)
477 {
478 	return dentry_open(path, flags | O_NOATIME, current_cred());
479 }
480 
481 /* Caller should hold ovl_inode->lock */
482 static bool ovl_already_copied_up_locked(struct dentry *dentry, int flags)
483 {
484 	bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED;
485 
486 	if (ovl_dentry_upper(dentry) &&
487 	    (ovl_dentry_has_upper_alias(dentry) || disconnected) &&
488 	    !ovl_dentry_needs_data_copy_up_locked(dentry, flags))
489 		return true;
490 
491 	return false;
492 }
493 
494 bool ovl_already_copied_up(struct dentry *dentry, int flags)
495 {
496 	bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED;
497 
498 	/*
499 	 * Check if copy-up has happened as well as for upper alias (in
500 	 * case of hard links) is there.
501 	 *
502 	 * Both checks are lockless:
503 	 *  - false negatives: will recheck under oi->lock
504 	 *  - false positives:
505 	 *    + ovl_dentry_upper() uses memory barriers to ensure the
506 	 *      upper dentry is up-to-date
507 	 *    + ovl_dentry_has_upper_alias() relies on locking of
508 	 *      upper parent i_rwsem to prevent reordering copy-up
509 	 *      with rename.
510 	 */
511 	if (ovl_dentry_upper(dentry) &&
512 	    (ovl_dentry_has_upper_alias(dentry) || disconnected) &&
513 	    !ovl_dentry_needs_data_copy_up(dentry, flags))
514 		return true;
515 
516 	return false;
517 }
518 
519 int ovl_copy_up_start(struct dentry *dentry, int flags)
520 {
521 	struct inode *inode = d_inode(dentry);
522 	int err;
523 
524 	err = ovl_inode_lock(inode);
525 	if (!err && ovl_already_copied_up_locked(dentry, flags)) {
526 		err = 1; /* Already copied up */
527 		ovl_inode_unlock(inode);
528 	}
529 
530 	return err;
531 }
532 
533 void ovl_copy_up_end(struct dentry *dentry)
534 {
535 	ovl_inode_unlock(d_inode(dentry));
536 }
537 
538 bool ovl_check_origin_xattr(struct dentry *dentry)
539 {
540 	int res;
541 
542 	res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0);
543 
544 	/* Zero size value means "copied up but origin unknown" */
545 	if (res >= 0)
546 		return true;
547 
548 	return false;
549 }
550 
551 bool ovl_check_dir_xattr(struct dentry *dentry, const char *name)
552 {
553 	int res;
554 	char val;
555 
556 	if (!d_is_dir(dentry))
557 		return false;
558 
559 	res = vfs_getxattr(dentry, name, &val, 1);
560 	if (res == 1 && val == 'y')
561 		return true;
562 
563 	return false;
564 }
565 
566 int ovl_check_setxattr(struct dentry *dentry, struct dentry *upperdentry,
567 		       const char *name, const void *value, size_t size,
568 		       int xerr)
569 {
570 	int err;
571 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
572 
573 	if (ofs->noxattr)
574 		return xerr;
575 
576 	err = ovl_do_setxattr(upperdentry, name, value, size, 0);
577 
578 	if (err == -EOPNOTSUPP) {
579 		pr_warn("overlayfs: cannot set %s xattr on upper\n", name);
580 		ofs->noxattr = true;
581 		return xerr;
582 	}
583 
584 	return err;
585 }
586 
587 int ovl_set_impure(struct dentry *dentry, struct dentry *upperdentry)
588 {
589 	int err;
590 
591 	if (ovl_test_flag(OVL_IMPURE, d_inode(dentry)))
592 		return 0;
593 
594 	/*
595 	 * Do not fail when upper doesn't support xattrs.
596 	 * Upper inodes won't have origin nor redirect xattr anyway.
597 	 */
598 	err = ovl_check_setxattr(dentry, upperdentry, OVL_XATTR_IMPURE,
599 				 "y", 1, 0);
600 	if (!err)
601 		ovl_set_flag(OVL_IMPURE, d_inode(dentry));
602 
603 	return err;
604 }
605 
606 void ovl_set_flag(unsigned long flag, struct inode *inode)
607 {
608 	set_bit(flag, &OVL_I(inode)->flags);
609 }
610 
611 void ovl_clear_flag(unsigned long flag, struct inode *inode)
612 {
613 	clear_bit(flag, &OVL_I(inode)->flags);
614 }
615 
616 bool ovl_test_flag(unsigned long flag, struct inode *inode)
617 {
618 	return test_bit(flag, &OVL_I(inode)->flags);
619 }
620 
621 /**
622  * Caller must hold a reference to inode to prevent it from being freed while
623  * it is marked inuse.
624  */
625 bool ovl_inuse_trylock(struct dentry *dentry)
626 {
627 	struct inode *inode = d_inode(dentry);
628 	bool locked = false;
629 
630 	spin_lock(&inode->i_lock);
631 	if (!(inode->i_state & I_OVL_INUSE)) {
632 		inode->i_state |= I_OVL_INUSE;
633 		locked = true;
634 	}
635 	spin_unlock(&inode->i_lock);
636 
637 	return locked;
638 }
639 
640 void ovl_inuse_unlock(struct dentry *dentry)
641 {
642 	if (dentry) {
643 		struct inode *inode = d_inode(dentry);
644 
645 		spin_lock(&inode->i_lock);
646 		WARN_ON(!(inode->i_state & I_OVL_INUSE));
647 		inode->i_state &= ~I_OVL_INUSE;
648 		spin_unlock(&inode->i_lock);
649 	}
650 }
651 
652 bool ovl_is_inuse(struct dentry *dentry)
653 {
654 	struct inode *inode = d_inode(dentry);
655 	bool inuse;
656 
657 	spin_lock(&inode->i_lock);
658 	inuse = (inode->i_state & I_OVL_INUSE);
659 	spin_unlock(&inode->i_lock);
660 
661 	return inuse;
662 }
663 
664 /*
665  * Does this overlay dentry need to be indexed on copy up?
666  */
667 bool ovl_need_index(struct dentry *dentry)
668 {
669 	struct dentry *lower = ovl_dentry_lower(dentry);
670 
671 	if (!lower || !ovl_indexdir(dentry->d_sb))
672 		return false;
673 
674 	/* Index all files for NFS export and consistency verification */
675 	if (ovl_index_all(dentry->d_sb))
676 		return true;
677 
678 	/* Index only lower hardlinks on copy up */
679 	if (!d_is_dir(lower) && d_inode(lower)->i_nlink > 1)
680 		return true;
681 
682 	return false;
683 }
684 
685 /* Caller must hold OVL_I(inode)->lock */
686 static void ovl_cleanup_index(struct dentry *dentry)
687 {
688 	struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
689 	struct inode *dir = indexdir->d_inode;
690 	struct dentry *lowerdentry = ovl_dentry_lower(dentry);
691 	struct dentry *upperdentry = ovl_dentry_upper(dentry);
692 	struct dentry *index = NULL;
693 	struct inode *inode;
694 	struct qstr name = { };
695 	int err;
696 
697 	err = ovl_get_index_name(lowerdentry, &name);
698 	if (err)
699 		goto fail;
700 
701 	inode = d_inode(upperdentry);
702 	if (!S_ISDIR(inode->i_mode) && inode->i_nlink != 1) {
703 		pr_warn_ratelimited("overlayfs: cleanup linked index (%pd2, ino=%lu, nlink=%u)\n",
704 				    upperdentry, inode->i_ino, inode->i_nlink);
705 		/*
706 		 * We either have a bug with persistent union nlink or a lower
707 		 * hardlink was added while overlay is mounted. Adding a lower
708 		 * hardlink and then unlinking all overlay hardlinks would drop
709 		 * overlay nlink to zero before all upper inodes are unlinked.
710 		 * As a safety measure, when that situation is detected, set
711 		 * the overlay nlink to the index inode nlink minus one for the
712 		 * index entry itself.
713 		 */
714 		set_nlink(d_inode(dentry), inode->i_nlink - 1);
715 		ovl_set_nlink_upper(dentry);
716 		goto out;
717 	}
718 
719 	inode_lock_nested(dir, I_MUTEX_PARENT);
720 	index = lookup_one_len(name.name, indexdir, name.len);
721 	err = PTR_ERR(index);
722 	if (IS_ERR(index)) {
723 		index = NULL;
724 	} else if (ovl_index_all(dentry->d_sb)) {
725 		/* Whiteout orphan index to block future open by handle */
726 		err = ovl_cleanup_and_whiteout(indexdir, dir, index);
727 	} else {
728 		/* Cleanup orphan index entries */
729 		err = ovl_cleanup(dir, index);
730 	}
731 
732 	inode_unlock(dir);
733 	if (err)
734 		goto fail;
735 
736 out:
737 	kfree(name.name);
738 	dput(index);
739 	return;
740 
741 fail:
742 	pr_err("overlayfs: cleanup index of '%pd2' failed (%i)\n", dentry, err);
743 	goto out;
744 }
745 
746 /*
747  * Operations that change overlay inode and upper inode nlink need to be
748  * synchronized with copy up for persistent nlink accounting.
749  */
750 int ovl_nlink_start(struct dentry *dentry)
751 {
752 	struct inode *inode = d_inode(dentry);
753 	const struct cred *old_cred;
754 	int err;
755 
756 	if (WARN_ON(!inode))
757 		return -ENOENT;
758 
759 	/*
760 	 * With inodes index is enabled, we store the union overlay nlink
761 	 * in an xattr on the index inode. When whiting out an indexed lower,
762 	 * we need to decrement the overlay persistent nlink, but before the
763 	 * first copy up, we have no upper index inode to store the xattr.
764 	 *
765 	 * As a workaround, before whiteout/rename over an indexed lower,
766 	 * copy up to create the upper index. Creating the upper index will
767 	 * initialize the overlay nlink, so it could be dropped if unlink
768 	 * or rename succeeds.
769 	 *
770 	 * TODO: implement metadata only index copy up when called with
771 	 *       ovl_copy_up_flags(dentry, O_PATH).
772 	 */
773 	if (ovl_need_index(dentry) && !ovl_dentry_has_upper_alias(dentry)) {
774 		err = ovl_copy_up(dentry);
775 		if (err)
776 			return err;
777 	}
778 
779 	err = ovl_inode_lock(inode);
780 	if (err)
781 		return err;
782 
783 	if (d_is_dir(dentry) || !ovl_test_flag(OVL_INDEX, inode))
784 		goto out;
785 
786 	old_cred = ovl_override_creds(dentry->d_sb);
787 	/*
788 	 * The overlay inode nlink should be incremented/decremented IFF the
789 	 * upper operation succeeds, along with nlink change of upper inode.
790 	 * Therefore, before link/unlink/rename, we store the union nlink
791 	 * value relative to the upper inode nlink in an upper inode xattr.
792 	 */
793 	err = ovl_set_nlink_upper(dentry);
794 	revert_creds(old_cred);
795 
796 out:
797 	if (err)
798 		ovl_inode_unlock(inode);
799 
800 	return err;
801 }
802 
803 void ovl_nlink_end(struct dentry *dentry)
804 {
805 	struct inode *inode = d_inode(dentry);
806 
807 	if (ovl_test_flag(OVL_INDEX, inode) && inode->i_nlink == 0) {
808 		const struct cred *old_cred;
809 
810 		old_cred = ovl_override_creds(dentry->d_sb);
811 		ovl_cleanup_index(dentry);
812 		revert_creds(old_cred);
813 	}
814 
815 	ovl_inode_unlock(inode);
816 }
817 
818 int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir)
819 {
820 	/* Workdir should not be the same as upperdir */
821 	if (workdir == upperdir)
822 		goto err;
823 
824 	/* Workdir should not be subdir of upperdir and vice versa */
825 	if (lock_rename(workdir, upperdir) != NULL)
826 		goto err_unlock;
827 
828 	return 0;
829 
830 err_unlock:
831 	unlock_rename(workdir, upperdir);
832 err:
833 	pr_err("overlayfs: failed to lock workdir+upperdir\n");
834 	return -EIO;
835 }
836 
837 /* err < 0, 0 if no metacopy xattr, 1 if metacopy xattr found */
838 int ovl_check_metacopy_xattr(struct dentry *dentry)
839 {
840 	int res;
841 
842 	/* Only regular files can have metacopy xattr */
843 	if (!S_ISREG(d_inode(dentry)->i_mode))
844 		return 0;
845 
846 	res = vfs_getxattr(dentry, OVL_XATTR_METACOPY, NULL, 0);
847 	if (res < 0) {
848 		if (res == -ENODATA || res == -EOPNOTSUPP)
849 			return 0;
850 		goto out;
851 	}
852 
853 	return 1;
854 out:
855 	pr_warn_ratelimited("overlayfs: failed to get metacopy (%i)\n", res);
856 	return res;
857 }
858 
859 bool ovl_is_metacopy_dentry(struct dentry *dentry)
860 {
861 	struct ovl_entry *oe = dentry->d_fsdata;
862 
863 	if (!d_is_reg(dentry))
864 		return false;
865 
866 	if (ovl_dentry_upper(dentry)) {
867 		if (!ovl_has_upperdata(d_inode(dentry)))
868 			return true;
869 		return false;
870 	}
871 
872 	return (oe->numlower > 1);
873 }
874 
875 ssize_t ovl_getxattr(struct dentry *dentry, char *name, char **value,
876 		     size_t padding)
877 {
878 	ssize_t res;
879 	char *buf = NULL;
880 
881 	res = vfs_getxattr(dentry, name, NULL, 0);
882 	if (res < 0) {
883 		if (res == -ENODATA || res == -EOPNOTSUPP)
884 			return -ENODATA;
885 		goto fail;
886 	}
887 
888 	if (res != 0) {
889 		buf = kzalloc(res + padding, GFP_KERNEL);
890 		if (!buf)
891 			return -ENOMEM;
892 
893 		res = vfs_getxattr(dentry, name, buf, res);
894 		if (res < 0)
895 			goto fail;
896 	}
897 	*value = buf;
898 
899 	return res;
900 
901 fail:
902 	pr_warn_ratelimited("overlayfs: failed to get xattr %s: err=%zi)\n",
903 			    name, res);
904 	kfree(buf);
905 	return res;
906 }
907 
908 char *ovl_get_redirect_xattr(struct dentry *dentry, int padding)
909 {
910 	int res;
911 	char *s, *next, *buf = NULL;
912 
913 	res = ovl_getxattr(dentry, OVL_XATTR_REDIRECT, &buf, padding + 1);
914 	if (res == -ENODATA)
915 		return NULL;
916 	if (res < 0)
917 		return ERR_PTR(res);
918 	if (res == 0)
919 		goto invalid;
920 
921 	if (buf[0] == '/') {
922 		for (s = buf; *s++ == '/'; s = next) {
923 			next = strchrnul(s, '/');
924 			if (s == next)
925 				goto invalid;
926 		}
927 	} else {
928 		if (strchr(buf, '/') != NULL)
929 			goto invalid;
930 	}
931 
932 	return buf;
933 invalid:
934 	pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
935 	res = -EINVAL;
936 	kfree(buf);
937 	return ERR_PTR(res);
938 }
939