xref: /openbmc/linux/fs/overlayfs/util.c (revision f17f06a0)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2011 Novell Inc.
4  * Copyright (C) 2016 Red Hat, Inc.
5  */
6 
7 #include <linux/fs.h>
8 #include <linux/mount.h>
9 #include <linux/slab.h>
10 #include <linux/cred.h>
11 #include <linux/xattr.h>
12 #include <linux/exportfs.h>
13 #include <linux/uuid.h>
14 #include <linux/namei.h>
15 #include <linux/ratelimit.h>
16 #include "overlayfs.h"
17 
18 int ovl_want_write(struct dentry *dentry)
19 {
20 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
21 	return mnt_want_write(ofs->upper_mnt);
22 }
23 
24 void ovl_drop_write(struct dentry *dentry)
25 {
26 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
27 	mnt_drop_write(ofs->upper_mnt);
28 }
29 
30 struct dentry *ovl_workdir(struct dentry *dentry)
31 {
32 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
33 	return ofs->workdir;
34 }
35 
36 const struct cred *ovl_override_creds(struct super_block *sb)
37 {
38 	struct ovl_fs *ofs = sb->s_fs_info;
39 
40 	return override_creds(ofs->creator_cred);
41 }
42 
43 /*
44  * Check if underlying fs supports file handles and try to determine encoding
45  * type, in order to deduce maximum inode number used by fs.
46  *
47  * Return 0 if file handles are not supported.
48  * Return 1 (FILEID_INO32_GEN) if fs uses the default 32bit inode encoding.
49  * Return -1 if fs uses a non default encoding with unknown inode size.
50  */
51 int ovl_can_decode_fh(struct super_block *sb)
52 {
53 	if (!sb->s_export_op || !sb->s_export_op->fh_to_dentry)
54 		return 0;
55 
56 	return sb->s_export_op->encode_fh ? -1 : FILEID_INO32_GEN;
57 }
58 
59 struct dentry *ovl_indexdir(struct super_block *sb)
60 {
61 	struct ovl_fs *ofs = sb->s_fs_info;
62 
63 	return ofs->indexdir;
64 }
65 
66 /* Index all files on copy up. For now only enabled for NFS export */
67 bool ovl_index_all(struct super_block *sb)
68 {
69 	struct ovl_fs *ofs = sb->s_fs_info;
70 
71 	return ofs->config.nfs_export && ofs->config.index;
72 }
73 
74 /* Verify lower origin on lookup. For now only enabled for NFS export */
75 bool ovl_verify_lower(struct super_block *sb)
76 {
77 	struct ovl_fs *ofs = sb->s_fs_info;
78 
79 	return ofs->config.nfs_export && ofs->config.index;
80 }
81 
82 struct ovl_entry *ovl_alloc_entry(unsigned int numlower)
83 {
84 	size_t size = offsetof(struct ovl_entry, lowerstack[numlower]);
85 	struct ovl_entry *oe = kzalloc(size, GFP_KERNEL);
86 
87 	if (oe)
88 		oe->numlower = numlower;
89 
90 	return oe;
91 }
92 
93 bool ovl_dentry_remote(struct dentry *dentry)
94 {
95 	return dentry->d_flags &
96 		(DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE |
97 		 DCACHE_OP_REAL);
98 }
99 
100 bool ovl_dentry_weird(struct dentry *dentry)
101 {
102 	return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT |
103 				  DCACHE_MANAGE_TRANSIT |
104 				  DCACHE_OP_HASH |
105 				  DCACHE_OP_COMPARE);
106 }
107 
108 enum ovl_path_type ovl_path_type(struct dentry *dentry)
109 {
110 	struct ovl_entry *oe = dentry->d_fsdata;
111 	enum ovl_path_type type = 0;
112 
113 	if (ovl_dentry_upper(dentry)) {
114 		type = __OVL_PATH_UPPER;
115 
116 		/*
117 		 * Non-dir dentry can hold lower dentry of its copy up origin.
118 		 */
119 		if (oe->numlower) {
120 			if (ovl_test_flag(OVL_CONST_INO, d_inode(dentry)))
121 				type |= __OVL_PATH_ORIGIN;
122 			if (d_is_dir(dentry) ||
123 			    !ovl_has_upperdata(d_inode(dentry)))
124 				type |= __OVL_PATH_MERGE;
125 		}
126 	} else {
127 		if (oe->numlower > 1)
128 			type |= __OVL_PATH_MERGE;
129 	}
130 	return type;
131 }
132 
133 void ovl_path_upper(struct dentry *dentry, struct path *path)
134 {
135 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
136 
137 	path->mnt = ofs->upper_mnt;
138 	path->dentry = ovl_dentry_upper(dentry);
139 }
140 
141 void ovl_path_lower(struct dentry *dentry, struct path *path)
142 {
143 	struct ovl_entry *oe = dentry->d_fsdata;
144 
145 	if (oe->numlower) {
146 		path->mnt = oe->lowerstack[0].layer->mnt;
147 		path->dentry = oe->lowerstack[0].dentry;
148 	} else {
149 		*path = (struct path) { };
150 	}
151 }
152 
153 void ovl_path_lowerdata(struct dentry *dentry, struct path *path)
154 {
155 	struct ovl_entry *oe = dentry->d_fsdata;
156 
157 	if (oe->numlower) {
158 		path->mnt = oe->lowerstack[oe->numlower - 1].layer->mnt;
159 		path->dentry = oe->lowerstack[oe->numlower - 1].dentry;
160 	} else {
161 		*path = (struct path) { };
162 	}
163 }
164 
165 enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path)
166 {
167 	enum ovl_path_type type = ovl_path_type(dentry);
168 
169 	if (!OVL_TYPE_UPPER(type))
170 		ovl_path_lower(dentry, path);
171 	else
172 		ovl_path_upper(dentry, path);
173 
174 	return type;
175 }
176 
177 struct dentry *ovl_dentry_upper(struct dentry *dentry)
178 {
179 	return ovl_upperdentry_dereference(OVL_I(d_inode(dentry)));
180 }
181 
182 struct dentry *ovl_dentry_lower(struct dentry *dentry)
183 {
184 	struct ovl_entry *oe = dentry->d_fsdata;
185 
186 	return oe->numlower ? oe->lowerstack[0].dentry : NULL;
187 }
188 
189 const struct ovl_layer *ovl_layer_lower(struct dentry *dentry)
190 {
191 	struct ovl_entry *oe = dentry->d_fsdata;
192 
193 	return oe->numlower ? oe->lowerstack[0].layer : NULL;
194 }
195 
196 /*
197  * ovl_dentry_lower() could return either a data dentry or metacopy dentry
198  * dependig on what is stored in lowerstack[0]. At times we need to find
199  * lower dentry which has data (and not metacopy dentry). This helper
200  * returns the lower data dentry.
201  */
202 struct dentry *ovl_dentry_lowerdata(struct dentry *dentry)
203 {
204 	struct ovl_entry *oe = dentry->d_fsdata;
205 
206 	return oe->numlower ? oe->lowerstack[oe->numlower - 1].dentry : NULL;
207 }
208 
209 struct dentry *ovl_dentry_real(struct dentry *dentry)
210 {
211 	return ovl_dentry_upper(dentry) ?: ovl_dentry_lower(dentry);
212 }
213 
214 struct dentry *ovl_i_dentry_upper(struct inode *inode)
215 {
216 	return ovl_upperdentry_dereference(OVL_I(inode));
217 }
218 
219 struct inode *ovl_inode_upper(struct inode *inode)
220 {
221 	struct dentry *upperdentry = ovl_i_dentry_upper(inode);
222 
223 	return upperdentry ? d_inode(upperdentry) : NULL;
224 }
225 
226 struct inode *ovl_inode_lower(struct inode *inode)
227 {
228 	return OVL_I(inode)->lower;
229 }
230 
231 struct inode *ovl_inode_real(struct inode *inode)
232 {
233 	return ovl_inode_upper(inode) ?: ovl_inode_lower(inode);
234 }
235 
236 /* Return inode which contains lower data. Do not return metacopy */
237 struct inode *ovl_inode_lowerdata(struct inode *inode)
238 {
239 	if (WARN_ON(!S_ISREG(inode->i_mode)))
240 		return NULL;
241 
242 	return OVL_I(inode)->lowerdata ?: ovl_inode_lower(inode);
243 }
244 
245 /* Return real inode which contains data. Does not return metacopy inode */
246 struct inode *ovl_inode_realdata(struct inode *inode)
247 {
248 	struct inode *upperinode;
249 
250 	upperinode = ovl_inode_upper(inode);
251 	if (upperinode && ovl_has_upperdata(inode))
252 		return upperinode;
253 
254 	return ovl_inode_lowerdata(inode);
255 }
256 
257 struct ovl_dir_cache *ovl_dir_cache(struct inode *inode)
258 {
259 	return OVL_I(inode)->cache;
260 }
261 
262 void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache)
263 {
264 	OVL_I(inode)->cache = cache;
265 }
266 
267 void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry)
268 {
269 	set_bit(flag, &OVL_E(dentry)->flags);
270 }
271 
272 void ovl_dentry_clear_flag(unsigned long flag, struct dentry *dentry)
273 {
274 	clear_bit(flag, &OVL_E(dentry)->flags);
275 }
276 
277 bool ovl_dentry_test_flag(unsigned long flag, struct dentry *dentry)
278 {
279 	return test_bit(flag, &OVL_E(dentry)->flags);
280 }
281 
282 bool ovl_dentry_is_opaque(struct dentry *dentry)
283 {
284 	return ovl_dentry_test_flag(OVL_E_OPAQUE, dentry);
285 }
286 
287 bool ovl_dentry_is_whiteout(struct dentry *dentry)
288 {
289 	return !dentry->d_inode && ovl_dentry_is_opaque(dentry);
290 }
291 
292 void ovl_dentry_set_opaque(struct dentry *dentry)
293 {
294 	ovl_dentry_set_flag(OVL_E_OPAQUE, dentry);
295 }
296 
297 /*
298  * For hard links and decoded file handles, it's possible for ovl_dentry_upper()
299  * to return positive, while there's no actual upper alias for the inode.
300  * Copy up code needs to know about the existence of the upper alias, so it
301  * can't use ovl_dentry_upper().
302  */
303 bool ovl_dentry_has_upper_alias(struct dentry *dentry)
304 {
305 	return ovl_dentry_test_flag(OVL_E_UPPER_ALIAS, dentry);
306 }
307 
308 void ovl_dentry_set_upper_alias(struct dentry *dentry)
309 {
310 	ovl_dentry_set_flag(OVL_E_UPPER_ALIAS, dentry);
311 }
312 
313 static bool ovl_should_check_upperdata(struct inode *inode)
314 {
315 	if (!S_ISREG(inode->i_mode))
316 		return false;
317 
318 	if (!ovl_inode_lower(inode))
319 		return false;
320 
321 	return true;
322 }
323 
324 bool ovl_has_upperdata(struct inode *inode)
325 {
326 	if (!ovl_should_check_upperdata(inode))
327 		return true;
328 
329 	if (!ovl_test_flag(OVL_UPPERDATA, inode))
330 		return false;
331 	/*
332 	 * Pairs with smp_wmb() in ovl_set_upperdata(). Main user of
333 	 * ovl_has_upperdata() is ovl_copy_up_meta_inode_data(). Make sure
334 	 * if setting of OVL_UPPERDATA is visible, then effects of writes
335 	 * before that are visible too.
336 	 */
337 	smp_rmb();
338 	return true;
339 }
340 
341 void ovl_set_upperdata(struct inode *inode)
342 {
343 	/*
344 	 * Pairs with smp_rmb() in ovl_has_upperdata(). Make sure
345 	 * if OVL_UPPERDATA flag is visible, then effects of write operations
346 	 * before it are visible as well.
347 	 */
348 	smp_wmb();
349 	ovl_set_flag(OVL_UPPERDATA, inode);
350 }
351 
352 /* Caller should hold ovl_inode->lock */
353 bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags)
354 {
355 	if (!ovl_open_flags_need_copy_up(flags))
356 		return false;
357 
358 	return !ovl_test_flag(OVL_UPPERDATA, d_inode(dentry));
359 }
360 
361 bool ovl_dentry_needs_data_copy_up(struct dentry *dentry, int flags)
362 {
363 	if (!ovl_open_flags_need_copy_up(flags))
364 		return false;
365 
366 	return !ovl_has_upperdata(d_inode(dentry));
367 }
368 
369 bool ovl_redirect_dir(struct super_block *sb)
370 {
371 	struct ovl_fs *ofs = sb->s_fs_info;
372 
373 	return ofs->config.redirect_dir && !ofs->noxattr;
374 }
375 
376 const char *ovl_dentry_get_redirect(struct dentry *dentry)
377 {
378 	return OVL_I(d_inode(dentry))->redirect;
379 }
380 
381 void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect)
382 {
383 	struct ovl_inode *oi = OVL_I(d_inode(dentry));
384 
385 	kfree(oi->redirect);
386 	oi->redirect = redirect;
387 }
388 
389 void ovl_inode_init(struct inode *inode, struct dentry *upperdentry,
390 		    struct dentry *lowerdentry, struct dentry *lowerdata)
391 {
392 	struct inode *realinode = d_inode(upperdentry ?: lowerdentry);
393 
394 	if (upperdentry)
395 		OVL_I(inode)->__upperdentry = upperdentry;
396 	if (lowerdentry)
397 		OVL_I(inode)->lower = igrab(d_inode(lowerdentry));
398 	if (lowerdata)
399 		OVL_I(inode)->lowerdata = igrab(d_inode(lowerdata));
400 
401 	ovl_copyattr(realinode, inode);
402 	ovl_copyflags(realinode, inode);
403 	if (!inode->i_ino)
404 		inode->i_ino = realinode->i_ino;
405 }
406 
407 void ovl_inode_update(struct inode *inode, struct dentry *upperdentry)
408 {
409 	struct inode *upperinode = d_inode(upperdentry);
410 
411 	WARN_ON(OVL_I(inode)->__upperdentry);
412 
413 	/*
414 	 * Make sure upperdentry is consistent before making it visible
415 	 */
416 	smp_wmb();
417 	OVL_I(inode)->__upperdentry = upperdentry;
418 	if (inode_unhashed(inode)) {
419 		if (!inode->i_ino)
420 			inode->i_ino = upperinode->i_ino;
421 		inode->i_private = upperinode;
422 		__insert_inode_hash(inode, (unsigned long) upperinode);
423 	}
424 }
425 
426 static void ovl_dentry_version_inc(struct dentry *dentry, bool impurity)
427 {
428 	struct inode *inode = d_inode(dentry);
429 
430 	WARN_ON(!inode_is_locked(inode));
431 	/*
432 	 * Version is used by readdir code to keep cache consistent.  For merge
433 	 * dirs all changes need to be noted.  For non-merge dirs, cache only
434 	 * contains impure (ones which have been copied up and have origins)
435 	 * entries, so only need to note changes to impure entries.
436 	 */
437 	if (OVL_TYPE_MERGE(ovl_path_type(dentry)) || impurity)
438 		OVL_I(inode)->version++;
439 }
440 
441 void ovl_dir_modified(struct dentry *dentry, bool impurity)
442 {
443 	/* Copy mtime/ctime */
444 	ovl_copyattr(d_inode(ovl_dentry_upper(dentry)), d_inode(dentry));
445 
446 	ovl_dentry_version_inc(dentry, impurity);
447 }
448 
449 u64 ovl_dentry_version_get(struct dentry *dentry)
450 {
451 	struct inode *inode = d_inode(dentry);
452 
453 	WARN_ON(!inode_is_locked(inode));
454 	return OVL_I(inode)->version;
455 }
456 
457 bool ovl_is_whiteout(struct dentry *dentry)
458 {
459 	struct inode *inode = dentry->d_inode;
460 
461 	return inode && IS_WHITEOUT(inode);
462 }
463 
464 struct file *ovl_path_open(struct path *path, int flags)
465 {
466 	return dentry_open(path, flags | O_NOATIME, current_cred());
467 }
468 
469 /* Caller should hold ovl_inode->lock */
470 static bool ovl_already_copied_up_locked(struct dentry *dentry, int flags)
471 {
472 	bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED;
473 
474 	if (ovl_dentry_upper(dentry) &&
475 	    (ovl_dentry_has_upper_alias(dentry) || disconnected) &&
476 	    !ovl_dentry_needs_data_copy_up_locked(dentry, flags))
477 		return true;
478 
479 	return false;
480 }
481 
482 bool ovl_already_copied_up(struct dentry *dentry, int flags)
483 {
484 	bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED;
485 
486 	/*
487 	 * Check if copy-up has happened as well as for upper alias (in
488 	 * case of hard links) is there.
489 	 *
490 	 * Both checks are lockless:
491 	 *  - false negatives: will recheck under oi->lock
492 	 *  - false positives:
493 	 *    + ovl_dentry_upper() uses memory barriers to ensure the
494 	 *      upper dentry is up-to-date
495 	 *    + ovl_dentry_has_upper_alias() relies on locking of
496 	 *      upper parent i_rwsem to prevent reordering copy-up
497 	 *      with rename.
498 	 */
499 	if (ovl_dentry_upper(dentry) &&
500 	    (ovl_dentry_has_upper_alias(dentry) || disconnected) &&
501 	    !ovl_dentry_needs_data_copy_up(dentry, flags))
502 		return true;
503 
504 	return false;
505 }
506 
507 int ovl_copy_up_start(struct dentry *dentry, int flags)
508 {
509 	struct inode *inode = d_inode(dentry);
510 	int err;
511 
512 	err = ovl_inode_lock(inode);
513 	if (!err && ovl_already_copied_up_locked(dentry, flags)) {
514 		err = 1; /* Already copied up */
515 		ovl_inode_unlock(inode);
516 	}
517 
518 	return err;
519 }
520 
521 void ovl_copy_up_end(struct dentry *dentry)
522 {
523 	ovl_inode_unlock(d_inode(dentry));
524 }
525 
526 bool ovl_check_origin_xattr(struct dentry *dentry)
527 {
528 	int res;
529 
530 	res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0);
531 
532 	/* Zero size value means "copied up but origin unknown" */
533 	if (res >= 0)
534 		return true;
535 
536 	return false;
537 }
538 
539 bool ovl_check_dir_xattr(struct dentry *dentry, const char *name)
540 {
541 	int res;
542 	char val;
543 
544 	if (!d_is_dir(dentry))
545 		return false;
546 
547 	res = vfs_getxattr(dentry, name, &val, 1);
548 	if (res == 1 && val == 'y')
549 		return true;
550 
551 	return false;
552 }
553 
554 int ovl_check_setxattr(struct dentry *dentry, struct dentry *upperdentry,
555 		       const char *name, const void *value, size_t size,
556 		       int xerr)
557 {
558 	int err;
559 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
560 
561 	if (ofs->noxattr)
562 		return xerr;
563 
564 	err = ovl_do_setxattr(upperdentry, name, value, size, 0);
565 
566 	if (err == -EOPNOTSUPP) {
567 		pr_warn("cannot set %s xattr on upper\n", name);
568 		ofs->noxattr = true;
569 		return xerr;
570 	}
571 
572 	return err;
573 }
574 
575 int ovl_set_impure(struct dentry *dentry, struct dentry *upperdentry)
576 {
577 	int err;
578 
579 	if (ovl_test_flag(OVL_IMPURE, d_inode(dentry)))
580 		return 0;
581 
582 	/*
583 	 * Do not fail when upper doesn't support xattrs.
584 	 * Upper inodes won't have origin nor redirect xattr anyway.
585 	 */
586 	err = ovl_check_setxattr(dentry, upperdentry, OVL_XATTR_IMPURE,
587 				 "y", 1, 0);
588 	if (!err)
589 		ovl_set_flag(OVL_IMPURE, d_inode(dentry));
590 
591 	return err;
592 }
593 
594 void ovl_set_flag(unsigned long flag, struct inode *inode)
595 {
596 	set_bit(flag, &OVL_I(inode)->flags);
597 }
598 
599 void ovl_clear_flag(unsigned long flag, struct inode *inode)
600 {
601 	clear_bit(flag, &OVL_I(inode)->flags);
602 }
603 
604 bool ovl_test_flag(unsigned long flag, struct inode *inode)
605 {
606 	return test_bit(flag, &OVL_I(inode)->flags);
607 }
608 
609 /**
610  * Caller must hold a reference to inode to prevent it from being freed while
611  * it is marked inuse.
612  */
613 bool ovl_inuse_trylock(struct dentry *dentry)
614 {
615 	struct inode *inode = d_inode(dentry);
616 	bool locked = false;
617 
618 	spin_lock(&inode->i_lock);
619 	if (!(inode->i_state & I_OVL_INUSE)) {
620 		inode->i_state |= I_OVL_INUSE;
621 		locked = true;
622 	}
623 	spin_unlock(&inode->i_lock);
624 
625 	return locked;
626 }
627 
628 void ovl_inuse_unlock(struct dentry *dentry)
629 {
630 	if (dentry) {
631 		struct inode *inode = d_inode(dentry);
632 
633 		spin_lock(&inode->i_lock);
634 		WARN_ON(!(inode->i_state & I_OVL_INUSE));
635 		inode->i_state &= ~I_OVL_INUSE;
636 		spin_unlock(&inode->i_lock);
637 	}
638 }
639 
640 bool ovl_is_inuse(struct dentry *dentry)
641 {
642 	struct inode *inode = d_inode(dentry);
643 	bool inuse;
644 
645 	spin_lock(&inode->i_lock);
646 	inuse = (inode->i_state & I_OVL_INUSE);
647 	spin_unlock(&inode->i_lock);
648 
649 	return inuse;
650 }
651 
652 /*
653  * Does this overlay dentry need to be indexed on copy up?
654  */
655 bool ovl_need_index(struct dentry *dentry)
656 {
657 	struct dentry *lower = ovl_dentry_lower(dentry);
658 
659 	if (!lower || !ovl_indexdir(dentry->d_sb))
660 		return false;
661 
662 	/* Index all files for NFS export and consistency verification */
663 	if (ovl_index_all(dentry->d_sb))
664 		return true;
665 
666 	/* Index only lower hardlinks on copy up */
667 	if (!d_is_dir(lower) && d_inode(lower)->i_nlink > 1)
668 		return true;
669 
670 	return false;
671 }
672 
673 /* Caller must hold OVL_I(inode)->lock */
674 static void ovl_cleanup_index(struct dentry *dentry)
675 {
676 	struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
677 	struct inode *dir = indexdir->d_inode;
678 	struct dentry *lowerdentry = ovl_dentry_lower(dentry);
679 	struct dentry *upperdentry = ovl_dentry_upper(dentry);
680 	struct dentry *index = NULL;
681 	struct inode *inode;
682 	struct qstr name = { };
683 	int err;
684 
685 	err = ovl_get_index_name(lowerdentry, &name);
686 	if (err)
687 		goto fail;
688 
689 	inode = d_inode(upperdentry);
690 	if (!S_ISDIR(inode->i_mode) && inode->i_nlink != 1) {
691 		pr_warn_ratelimited("cleanup linked index (%pd2, ino=%lu, nlink=%u)\n",
692 				    upperdentry, inode->i_ino, inode->i_nlink);
693 		/*
694 		 * We either have a bug with persistent union nlink or a lower
695 		 * hardlink was added while overlay is mounted. Adding a lower
696 		 * hardlink and then unlinking all overlay hardlinks would drop
697 		 * overlay nlink to zero before all upper inodes are unlinked.
698 		 * As a safety measure, when that situation is detected, set
699 		 * the overlay nlink to the index inode nlink minus one for the
700 		 * index entry itself.
701 		 */
702 		set_nlink(d_inode(dentry), inode->i_nlink - 1);
703 		ovl_set_nlink_upper(dentry);
704 		goto out;
705 	}
706 
707 	inode_lock_nested(dir, I_MUTEX_PARENT);
708 	index = lookup_one_len(name.name, indexdir, name.len);
709 	err = PTR_ERR(index);
710 	if (IS_ERR(index)) {
711 		index = NULL;
712 	} else if (ovl_index_all(dentry->d_sb)) {
713 		/* Whiteout orphan index to block future open by handle */
714 		err = ovl_cleanup_and_whiteout(indexdir, dir, index);
715 	} else {
716 		/* Cleanup orphan index entries */
717 		err = ovl_cleanup(dir, index);
718 	}
719 
720 	inode_unlock(dir);
721 	if (err)
722 		goto fail;
723 
724 out:
725 	kfree(name.name);
726 	dput(index);
727 	return;
728 
729 fail:
730 	pr_err("cleanup index of '%pd2' failed (%i)\n", dentry, err);
731 	goto out;
732 }
733 
734 /*
735  * Operations that change overlay inode and upper inode nlink need to be
736  * synchronized with copy up for persistent nlink accounting.
737  */
738 int ovl_nlink_start(struct dentry *dentry)
739 {
740 	struct inode *inode = d_inode(dentry);
741 	const struct cred *old_cred;
742 	int err;
743 
744 	if (WARN_ON(!inode))
745 		return -ENOENT;
746 
747 	/*
748 	 * With inodes index is enabled, we store the union overlay nlink
749 	 * in an xattr on the index inode. When whiting out an indexed lower,
750 	 * we need to decrement the overlay persistent nlink, but before the
751 	 * first copy up, we have no upper index inode to store the xattr.
752 	 *
753 	 * As a workaround, before whiteout/rename over an indexed lower,
754 	 * copy up to create the upper index. Creating the upper index will
755 	 * initialize the overlay nlink, so it could be dropped if unlink
756 	 * or rename succeeds.
757 	 *
758 	 * TODO: implement metadata only index copy up when called with
759 	 *       ovl_copy_up_flags(dentry, O_PATH).
760 	 */
761 	if (ovl_need_index(dentry) && !ovl_dentry_has_upper_alias(dentry)) {
762 		err = ovl_copy_up(dentry);
763 		if (err)
764 			return err;
765 	}
766 
767 	err = ovl_inode_lock(inode);
768 	if (err)
769 		return err;
770 
771 	if (d_is_dir(dentry) || !ovl_test_flag(OVL_INDEX, inode))
772 		goto out;
773 
774 	old_cred = ovl_override_creds(dentry->d_sb);
775 	/*
776 	 * The overlay inode nlink should be incremented/decremented IFF the
777 	 * upper operation succeeds, along with nlink change of upper inode.
778 	 * Therefore, before link/unlink/rename, we store the union nlink
779 	 * value relative to the upper inode nlink in an upper inode xattr.
780 	 */
781 	err = ovl_set_nlink_upper(dentry);
782 	revert_creds(old_cred);
783 
784 out:
785 	if (err)
786 		ovl_inode_unlock(inode);
787 
788 	return err;
789 }
790 
791 void ovl_nlink_end(struct dentry *dentry)
792 {
793 	struct inode *inode = d_inode(dentry);
794 
795 	if (ovl_test_flag(OVL_INDEX, inode) && inode->i_nlink == 0) {
796 		const struct cred *old_cred;
797 
798 		old_cred = ovl_override_creds(dentry->d_sb);
799 		ovl_cleanup_index(dentry);
800 		revert_creds(old_cred);
801 	}
802 
803 	ovl_inode_unlock(inode);
804 }
805 
806 int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir)
807 {
808 	/* Workdir should not be the same as upperdir */
809 	if (workdir == upperdir)
810 		goto err;
811 
812 	/* Workdir should not be subdir of upperdir and vice versa */
813 	if (lock_rename(workdir, upperdir) != NULL)
814 		goto err_unlock;
815 
816 	return 0;
817 
818 err_unlock:
819 	unlock_rename(workdir, upperdir);
820 err:
821 	pr_err("failed to lock workdir+upperdir\n");
822 	return -EIO;
823 }
824 
825 /* err < 0, 0 if no metacopy xattr, 1 if metacopy xattr found */
826 int ovl_check_metacopy_xattr(struct dentry *dentry)
827 {
828 	int res;
829 
830 	/* Only regular files can have metacopy xattr */
831 	if (!S_ISREG(d_inode(dentry)->i_mode))
832 		return 0;
833 
834 	res = vfs_getxattr(dentry, OVL_XATTR_METACOPY, NULL, 0);
835 	if (res < 0) {
836 		if (res == -ENODATA || res == -EOPNOTSUPP)
837 			return 0;
838 		goto out;
839 	}
840 
841 	return 1;
842 out:
843 	pr_warn_ratelimited("failed to get metacopy (%i)\n", res);
844 	return res;
845 }
846 
847 bool ovl_is_metacopy_dentry(struct dentry *dentry)
848 {
849 	struct ovl_entry *oe = dentry->d_fsdata;
850 
851 	if (!d_is_reg(dentry))
852 		return false;
853 
854 	if (ovl_dentry_upper(dentry)) {
855 		if (!ovl_has_upperdata(d_inode(dentry)))
856 			return true;
857 		return false;
858 	}
859 
860 	return (oe->numlower > 1);
861 }
862 
863 ssize_t ovl_getxattr(struct dentry *dentry, char *name, char **value,
864 		     size_t padding)
865 {
866 	ssize_t res;
867 	char *buf = NULL;
868 
869 	res = vfs_getxattr(dentry, name, NULL, 0);
870 	if (res < 0) {
871 		if (res == -ENODATA || res == -EOPNOTSUPP)
872 			return -ENODATA;
873 		goto fail;
874 	}
875 
876 	if (res != 0) {
877 		buf = kzalloc(res + padding, GFP_KERNEL);
878 		if (!buf)
879 			return -ENOMEM;
880 
881 		res = vfs_getxattr(dentry, name, buf, res);
882 		if (res < 0)
883 			goto fail;
884 	}
885 	*value = buf;
886 
887 	return res;
888 
889 fail:
890 	pr_warn_ratelimited("failed to get xattr %s: err=%zi)\n",
891 			    name, res);
892 	kfree(buf);
893 	return res;
894 }
895 
896 char *ovl_get_redirect_xattr(struct dentry *dentry, int padding)
897 {
898 	int res;
899 	char *s, *next, *buf = NULL;
900 
901 	res = ovl_getxattr(dentry, OVL_XATTR_REDIRECT, &buf, padding + 1);
902 	if (res == -ENODATA)
903 		return NULL;
904 	if (res < 0)
905 		return ERR_PTR(res);
906 	if (res == 0)
907 		goto invalid;
908 
909 	if (buf[0] == '/') {
910 		for (s = buf; *s++ == '/'; s = next) {
911 			next = strchrnul(s, '/');
912 			if (s == next)
913 				goto invalid;
914 		}
915 	} else {
916 		if (strchr(buf, '/') != NULL)
917 			goto invalid;
918 	}
919 
920 	return buf;
921 invalid:
922 	pr_warn_ratelimited("invalid redirect (%s)\n", buf);
923 	res = -EINVAL;
924 	kfree(buf);
925 	return ERR_PTR(res);
926 }
927