]> Git Repo - linux.git/blame - fs/overlayfs/namei.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branches 'asoc/fix/amd', 'asoc/fix/hdmi-codec', 'asoc/fix/rt565...
[linux.git] / fs / overlayfs / namei.c
CommitLineData
bbb1e54d
MS		 1/*
2 * Copyright (C) 2011 Novell Inc.
3 * Copyright (C) 2016 Red Hat, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10#include <linux/fs.h>
5b825c3a 11#include <linux/cred.h>
9ee60ce2 12#include <linux/ctype.h>
bbb1e54d
MS		 13#include <linux/namei.h>
14#include <linux/xattr.h>
02b69b28 15#include <linux/ratelimit.h>
a9d01957
AG		 16#include <linux/mount.h>
17#include <linux/exportfs.h>
bbb1e54d 18#include "overlayfs.h"
bbb1e54d 19
e28edc46
MS		 20struct ovl_lookup_data {
21 struct qstr name;
22 bool is_dir;
23 bool opaque;
24 bool stop;
25 bool last;
02b69b28 26 char *redirect;
e28edc46 27};
bbb1e54d 28
02b69b28
MS		 29static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
30 size_t prelen, const char *post)
31{
32 int res;
33 char *s, *next, *buf = NULL;
34
35 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0);
36 if (res < 0) {
37 if (res == -ENODATA || res == -EOPNOTSUPP)
38 return 0;
39 goto fail;
40 }
0ee931c4 41 buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL);
02b69b28
MS		 42 if (!buf)
43 return -ENOMEM;
44
45 if (res == 0)
46 goto invalid;
47
48 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res);
49 if (res < 0)
50 goto fail;
51 if (res == 0)
52 goto invalid;
53 if (buf[0] == '/') {
54 for (s = buf; *s++ == '/'; s = next) {
55 next = strchrnul(s, '/');
56 if (s == next)
57 goto invalid;
58 }
59 } else {
60 if (strchr(buf, '/') != NULL)
61 goto invalid;
62
63 memmove(buf + prelen, buf, res);
64 memcpy(buf, d->name.name, prelen);
65 }
66
67 strcat(buf, post);
68 kfree(d->redirect);
69 d->redirect = buf;
70 d->name.name = d->redirect;
71 d->name.len = strlen(d->redirect);
72
73 return 0;
74
75err_free:
76 kfree(buf);
77 return 0;
78fail:
79 pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res);
80 goto err_free;
81invalid:
82 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
83 goto err_free;
84}
85
a9d01957
AG		 86static int ovl_acceptable(void *ctx, struct dentry *dentry)
87{
e8f9e5b7
AG		 88 /*
89 * A non-dir origin may be disconnected, which is fine, because
90 * we only need it for its unique inode number.
91 */
92 if (!d_is_dir(dentry))
93 return 1;
94
95 /* Don't decode a deleted empty directory */
96 if (d_unhashed(dentry))
97 return 0;
98
99 /* Check if directory belongs to the layer we are decoding from */
100 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
a9d01957
AG		 101}
102
2e1a5328
AG		 103/*
104 * Check validity of an overlay file handle buffer.
105 *
106 * Return 0 for a valid file handle.
107 * Return -ENODATA for "origin unknown".
108 * Return <0 for an invalid file handle.
109 */
8556a420 110int ovl_check_fh_len(struct ovl_fh *fh, int fh_len)
2e1a5328
AG		 111{
112 if (fh_len < sizeof(struct ovl_fh) || fh_len < fh->len)
113 return -EINVAL;
114
115 if (fh->magic != OVL_FH_MAGIC)
116 return -EINVAL;
117
118 /* Treat larger version and unknown flags as "origin unknown" */
119 if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL)
120 return -ENODATA;
121
122 /* Treat endianness mismatch as "origin unknown" */
123 if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
124 (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
125 return -ENODATA;
126
127 return 0;
128}
129
05122443 130static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name)
a9d01957 131{
2e1a5328 132 int res, err;
a9d01957 133 struct ovl_fh *fh = NULL;
a9d01957 134
05122443 135 res = vfs_getxattr(dentry, name, NULL, 0);
a9d01957
AG		 136 if (res < 0) {
137 if (res == -ENODATA || res == -EOPNOTSUPP)
138 return NULL;
139 goto fail;
140 }
141 /* Zero size value means "copied up but origin unknown" */
142 if (res == 0)
143 return NULL;
144
2e1a5328 145 fh = kzalloc(res, GFP_KERNEL);
a9d01957
AG		 146 if (!fh)
147 return ERR_PTR(-ENOMEM);
148
05122443 149 res = vfs_getxattr(dentry, name, fh, res);
a9d01957
AG		 150 if (res < 0)
151 goto fail;
152
2e1a5328
AG		 153 err = ovl_check_fh_len(fh, res);
154 if (err < 0) {
155 if (err == -ENODATA)
156 goto out;
a9d01957 157 goto invalid;
2e1a5328 158 }
a9d01957 159
8b88a2e6
AG		 160 return fh;
161
162out:
163 kfree(fh);
164 return NULL;
165
166fail:
167 pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res);
168 goto out;
169invalid:
170 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
171 goto out;
172}
173
8556a420 174struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt)
8b88a2e6 175{
e8f9e5b7 176 struct dentry *real;
8b88a2e6
AG		 177 int bytes;
178
a9d01957
AG		 179 /*
180 * Make sure that the stored uuid matches the uuid of the lower
181 * layer where file handle will be decoded.
182 */
85787090 183 if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
2e1a5328 184 return NULL;
a9d01957 185
8b88a2e6 186 bytes = (fh->len - offsetof(struct ovl_fh, fid));
e8f9e5b7
AG		 187 real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
188 bytes >> 2, (int)fh->type,
189 ovl_acceptable, mnt);
190 if (IS_ERR(real)) {
191 /*
192 * Treat stale file handle to lower file as "origin unknown".
193 * upper file handle could become stale when upper file is
194 * unlinked and this information is needed to handle stale
195 * index entries correctly.
196 */
197 if (real == ERR_PTR(-ESTALE) &&
198 !(fh->flags & OVL_FH_FLAG_PATH_UPPER))
199 real = NULL;
200 return real;
a9d01957
AG		 201 }
202
e8f9e5b7
AG		 203 if (ovl_dentry_weird(real)) {
204 dput(real);
2e1a5328
AG		 205 return NULL;
206 }
a9d01957 207
e8f9e5b7 208 return real;
a9d01957
AG		 209}
210
ee1d6d37
AG		 211static bool ovl_is_opaquedir(struct dentry *dentry)
212{
213 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
214}
215
e28edc46
MS		 216static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
217 const char *name, unsigned int namelen,
02b69b28 218 size_t prelen, const char *post,
e28edc46
MS		 219 struct dentry **ret)
220{
221 struct dentry *this;
222 int err;
223
224 this = lookup_one_len_unlocked(name, base, namelen);
225 if (IS_ERR(this)) {
226 err = PTR_ERR(this);
227 this = NULL;
228 if (err == -ENOENT || err == -ENAMETOOLONG)
229 goto out;
230 goto out_err;
231 }
232 if (!this->d_inode)
233 goto put_and_out;
234
235 if (ovl_dentry_weird(this)) {
236 /* Don't support traversing automounts and other weirdness */
237 err = -EREMOTE;
238 goto out_err;
239 }
240 if (ovl_is_whiteout(this)) {
241 d->stop = d->opaque = true;
242 goto put_and_out;
243 }
244 if (!d_can_lookup(this)) {
245 d->stop = true;
246 if (d->is_dir)
247 goto put_and_out;
248 goto out;
249 }
250 d->is_dir = true;
251 if (!d->last && ovl_is_opaquedir(this)) {
252 d->stop = d->opaque = true;
253 goto out;
254 }
02b69b28
MS		 255 err = ovl_check_redirect(this, d, prelen, post);
256 if (err)
257 goto out_err;
e28edc46
MS		 258out:
259 *ret = this;
260 return 0;
261
262put_and_out:
263 dput(this);
264 this = NULL;
265 goto out;
266
267out_err:
268 dput(this);
269 return err;
270}
271
272static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
273 struct dentry **ret)
274{
4c7d0c9c
AG		 275 /* Counting down from the end, since the prefix can change */
276 size_t rem = d->name.len - 1;
02b69b28
MS		 277 struct dentry *dentry = NULL;
278 int err;
279
4c7d0c9c 280 if (d->name.name[0] != '/')
02b69b28
MS		 281 return ovl_lookup_single(base, d, d->name.name, d->name.len,
282 0, "", ret);
283
4c7d0c9c
AG		 284 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
285 const char *s = d->name.name + d->name.len - rem;
02b69b28 286 const char *next = strchrnul(s, '/');
4c7d0c9c
AG		 287 size_t thislen = next - s;
288 bool end = !next[0];
02b69b28 289
4c7d0c9c
AG		 290 /* Verify we did not go off the rails */
291 if (WARN_ON(s[-1] != '/'))
02b69b28
MS		 292 return -EIO;
293
4c7d0c9c
AG		 294 err = ovl_lookup_single(base, d, s, thislen,
295 d->name.len - rem, next, &base);
02b69b28
MS		 296 dput(dentry);
297 if (err)
298 return err;
299 dentry = base;
4c7d0c9c
AG		 300 if (end)
301 break;
302
303 rem -= thislen + 1;
304
305 if (WARN_ON(rem >= d->name.len))
306 return -EIO;
02b69b28
MS		 307 }
308 *ret = dentry;
309 return 0;
e28edc46
MS		 310}
311
a9d01957 312
f941866f
AG		 313int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
314 struct dentry *upperdentry, struct ovl_path **stackp)
a9d01957 315{
f7d3daca
AG		 316 struct dentry *origin = NULL;
317 int i;
a9d01957 318
1eff1a1d
AG		 319 for (i = 0; i < ofs->numlower; i++) {
320 origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt);
f7d3daca
AG		 321 if (origin)
322 break;
323 }
324
325 if (!origin)
2e1a5328
AG		 326 return -ESTALE;
327 else if (IS_ERR(origin))
328 return PTR_ERR(origin);
329
f941866f 330 if (upperdentry && !ovl_is_whiteout(upperdentry) &&
2e1a5328
AG		 331 ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT))
332 goto invalid;
a9d01957 333
415543d5 334 if (!*stackp)
b9343632 335 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
a9d01957
AG		 336 if (!*stackp) {
337 dput(origin);
338 return -ENOMEM;
339 }
1eff1a1d
AG		 340 **stackp = (struct ovl_path){
341 .dentry = origin,
342 .layer = &ofs->lower_layers[i]
343 };
a9d01957
AG		 344
345 return 0;
2e1a5328
AG		 346
347invalid:
348 pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
349 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
350 d_inode(origin)->i_mode & S_IFMT);
351 dput(origin);
352 return -EIO;
353}
354
1eff1a1d 355static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
2e1a5328
AG		 356 struct ovl_path **stackp, unsigned int *ctrp)
357{
05122443 358 struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN);
2e1a5328
AG		 359 int err;
360
361 if (IS_ERR_OR_NULL(fh))
362 return PTR_ERR(fh);
363
1eff1a1d 364 err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp);
2e1a5328
AG		 365 kfree(fh);
366
367 if (err) {
368 if (err == -ESTALE)
369 return 0;
370 return err;
371 }
372
373 if (WARN_ON(*ctrp))
374 return -EIO;
375
376 *ctrp = 1;
377 return 0;
a9d01957
AG		 378}
379
8b88a2e6 380/*
05122443 381 * Verify that @fh matches the file handle stored in xattr @name.
8b88a2e6
AG		 382 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
383 */
05122443
AG		 384static int ovl_verify_fh(struct dentry *dentry, const char *name,
385 const struct ovl_fh *fh)
8b88a2e6 386{
05122443 387 struct ovl_fh *ofh = ovl_get_fh(dentry, name);
8b88a2e6
AG		 388 int err = 0;
389
390 if (!ofh)
391 return -ENODATA;
392
393 if (IS_ERR(ofh))
394 return PTR_ERR(ofh);
395
396 if (fh->len != ofh->len || memcmp(fh, ofh, fh->len))
397 err = -ESTALE;
398
399 kfree(ofh);
400 return err;
401}
402
403/*
05122443 404 * Verify that @real dentry matches the file handle stored in xattr @name.
8b88a2e6 405 *
05122443
AG		 406 * If @set is true and there is no stored file handle, encode @real and store
407 * file handle in xattr @name.
8b88a2e6 408 *
05122443 409 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
8b88a2e6 410 */
05122443
AG		 411int ovl_verify_set_fh(struct dentry *dentry, const char *name,
412 struct dentry *real, bool is_upper, bool set)
8b88a2e6
AG		 413{
414 struct inode *inode;
415 struct ovl_fh *fh;
416 int err;
417
05122443 418 fh = ovl_encode_fh(real, is_upper);
8b88a2e6
AG		 419 err = PTR_ERR(fh);
420 if (IS_ERR(fh))
421 goto fail;
422
05122443 423 err = ovl_verify_fh(dentry, name, fh);
8b88a2e6 424 if (set && err == -ENODATA)
05122443 425 err = ovl_do_setxattr(dentry, name, fh, fh->len, 0);
8b88a2e6
AG		 426 if (err)
427 goto fail;
428
429out:
430 kfree(fh);
431 return err;
432
433fail:
05122443
AG		 434 inode = d_inode(real);
435 pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n",
436 is_upper ? "upper" : "origin", real,
437 inode ? inode->i_ino : 0, err);
8b88a2e6
AG		 438 goto out;
439}
440
e8f9e5b7 441/* Get upper dentry from index */
3b0bfc6e 442struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
e8f9e5b7
AG		 443{
444 struct ovl_fh *fh;
445 struct dentry *upper;
446
447 if (!d_is_dir(index))
448 return dget(index);
449
450 fh = ovl_get_fh(index, OVL_XATTR_UPPER);
451 if (IS_ERR_OR_NULL(fh))
452 return ERR_CAST(fh);
453
454 upper = ovl_decode_fh(fh, ofs->upper_mnt);
455 kfree(fh);
456
457 if (IS_ERR_OR_NULL(upper))
458 return upper ?: ERR_PTR(-ESTALE);
459
460 if (!d_is_dir(upper)) {
461 pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n",
462 index, upper);
463 dput(upper);
464 return ERR_PTR(-EIO);
465 }
466
467 return upper;
468}
469
9ee60ce2
AG		 470/* Is this a leftover from create/whiteout of directory index entry? */
471static bool ovl_is_temp_index(struct dentry *index)
472{
473 return index->d_name.name[0] == '#';
474}
475
415543d5
AG		 476/*
477 * Verify that an index entry name matches the origin file handle stored in
478 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
479 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
480 */
1eff1a1d 481int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
415543d5
AG		 482{
483 struct ovl_fh *fh = NULL;
484 size_t len;
b9343632
CR		 485 struct ovl_path origin = { };
486 struct ovl_path *stack = &origin;
e8f9e5b7 487 struct dentry *upper = NULL;
415543d5
AG		 488 int err;
489
490 if (!d_inode(index))
491 return 0;
492
9ee60ce2
AG		 493 /* Cleanup leftover from index create/cleanup attempt */
494 err = -ESTALE;
495 if (ovl_is_temp_index(index))
496 goto fail;
497
fa0096e3 498 err = -EINVAL;
415543d5
AG		 499 if (index->d_name.len < sizeof(struct ovl_fh)*2)
500 goto fail;
501
502 err = -ENOMEM;
503 len = index->d_name.len / 2;
0ee931c4 504 fh = kzalloc(len, GFP_KERNEL);
415543d5
AG		 505 if (!fh)
506 goto fail;
507
508 err = -EINVAL;
2e1a5328
AG		 509 if (hex2bin((u8 *)fh, index->d_name.name, len))
510 goto fail;
511
512 err = ovl_check_fh_len(fh, len);
513 if (err)
415543d5
AG		 514 goto fail;
515
7db25d36
AG		 516 /*
517 * Whiteout index entries are used as an indication that an exported
518 * overlay file handle should be treated as stale (i.e. after unlink
519 * of the overlay inode). These entries contain no origin xattr.
520 */
521 if (ovl_is_whiteout(index))
522 goto out;
523
e8f9e5b7
AG		 524 /*
525 * Verifying directory index entries are not stale is expensive, so
526 * only verify stale dir index if NFS export is enabled.
527 */
528 if (d_is_dir(index) && !ofs->config.nfs_export)
529 goto out;
530
531 /*
532 * Directory index entries should have 'upper' xattr pointing to the
533 * real upper dir. Non-dir index entries are hardlinks to the upper
534 * real inode. For non-dir index, we can read the copy up origin xattr
535 * directly from the index dentry, but for dir index we first need to
536 * decode the upper directory.
537 */
538 upper = ovl_index_upper(ofs, index);
539 if (IS_ERR_OR_NULL(upper)) {
540 err = PTR_ERR(upper);
24f0b172
AG		 541 /*
542 * Directory index entries with no 'upper' xattr need to be
543 * removed. When dir index entry has a stale 'upper' xattr,
544 * we assume that upper dir was removed and we treat the dir
545 * index as orphan entry that needs to be whited out.
546 */
547 if (err == -ESTALE)
548 goto orphan;
549 else if (!err)
e8f9e5b7 550 err = -ESTALE;
415543d5 551 goto fail;
e8f9e5b7 552 }
415543d5 553
e8f9e5b7
AG		 554 err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh);
555 dput(upper);
415543d5
AG		 556 if (err)
557 goto fail;
558
e8f9e5b7
AG		 559 /* Check if non-dir index is orphan and don't warn before cleaning it */
560 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
561 err = ovl_check_origin_fh(ofs, fh, index, &stack);
562 if (err)
563 goto fail;
564
565 if (ovl_get_nlink(origin.dentry, index, 0) == 0)
24f0b172 566 goto orphan;
e8f9e5b7 567 }
caf70cb2 568
415543d5 569out:
e8f9e5b7 570 dput(origin.dentry);
415543d5
AG		 571 kfree(fh);
572 return err;
573
574fail:
61b67471
AG		 575 pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n",
576 index, d_inode(index)->i_mode & S_IFMT, err);
415543d5 577 goto out;
24f0b172
AG		 578
579orphan:
580 pr_warn_ratelimited("overlayfs: orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
581 index, d_inode(index)->i_mode & S_IFMT,
582 d_inode(index)->i_nlink);
583 err = -ENOENT;
584 goto out;
415543d5
AG		 585}
586
91ffe7be
AG		 587static int ovl_get_index_name_fh(struct ovl_fh *fh, struct qstr *name)
588{
589 char *n, *s;
590
591 n = kzalloc(fh->len * 2, GFP_KERNEL);
592 if (!n)
593 return -ENOMEM;
594
595 s = bin2hex(n, fh, fh->len);
596 *name = (struct qstr) QSTR_INIT(n, s - n);
597
598 return 0;
599
600}
601
359f392c
AG		 602/*
603 * Lookup in indexdir for the index entry of a lower real inode or a copy up
604 * origin inode. The index entry name is the hex representation of the lower
605 * inode file handle.
606 *
607 * If the index dentry in negative, then either no lower aliases have been
608 * copied up yet, or aliases have been copied up in older kernels and are
609 * not indexed.
610 *
611 * If the index dentry for a copy up origin inode is positive, but points
612 * to an inode different than the upper inode, then either the upper inode
613 * has been copied up and not indexed or it was indexed, but since then
614 * index dir was cleared. Either way, that index cannot be used to indentify
615 * the overlay inode.
616 */
617int ovl_get_index_name(struct dentry *origin, struct qstr *name)
618{
359f392c 619 struct ovl_fh *fh;
91ffe7be 620 int err;
359f392c
AG		 621
622 fh = ovl_encode_fh(origin, false);
623 if (IS_ERR(fh))
624 return PTR_ERR(fh);
625
91ffe7be 626 err = ovl_get_index_name_fh(fh, name);
359f392c 627
91ffe7be 628 kfree(fh);
359f392c 629 return err;
91ffe7be
AG		 630}
631
632/* Lookup index by file handle for NFS export */
633struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
634{
635 struct dentry *index;
636 struct qstr name;
637 int err;
638
639 err = ovl_get_index_name_fh(fh, &name);
640 if (err)
641 return ERR_PTR(err);
642
643 index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
644 kfree(name.name);
645 if (IS_ERR(index)) {
646 if (PTR_ERR(index) == -ENOENT)
647 index = NULL;
648 return index;
649 }
650
651 if (d_is_negative(index))
652 err = 0;
653 else if (ovl_is_whiteout(index))
654 err = -ESTALE;
655 else if (ovl_dentry_weird(index))
656 err = -EIO;
657 else
658 return index;
359f392c 659
91ffe7be
AG		 660 dput(index);
661 return ERR_PTR(err);
359f392c
AG		 662}
663
06170154
AG		 664struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
665 struct dentry *origin, bool verify)
359f392c 666{
359f392c
AG		 667 struct dentry *index;
668 struct inode *inode;
669 struct qstr name;
ad1d615c 670 bool is_dir = d_is_dir(origin);
359f392c
AG		 671 int err;
672
673 err = ovl_get_index_name(origin, &name);
674 if (err)
675 return ERR_PTR(err);
676
677 index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
678 if (IS_ERR(index)) {
e0082a0f 679 err = PTR_ERR(index);
7937a56f
AG		 680 if (err == -ENOENT) {
681 index = NULL;
682 goto out;
683 }
359f392c
AG		 684 pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n"
685 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
686 d_inode(origin)->i_ino, name.len, name.name,
687 err);
688 goto out;
689 }
690
0e082555 691 inode = d_inode(index);
359f392c 692 if (d_is_negative(index)) {
6eaf0111 693 goto out_dput;
06170154
AG		 694 } else if (ovl_is_whiteout(index) && !verify) {
695 /*
696 * When index lookup is called with !verify for decoding an
697 * overlay file handle, a whiteout index implies that decode
698 * should treat file handle as stale and no need to print a
699 * warning about it.
700 */
701 dput(index);
702 index = ERR_PTR(-ESTALE);
703 goto out;
0e082555
AG		 704 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
705 ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) {
706 /*
707 * Index should always be of the same file type as origin
708 * except for the case of a whiteout index. A whiteout
709 * index should only exist if all lower aliases have been
710 * unlinked, which means that finding a lower origin on lookup
711 * whose index is a whiteout should be treated as an error.
712 */
713 pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
714 index, d_inode(index)->i_mode & S_IFMT,
715 d_inode(origin)->i_mode & S_IFMT);
359f392c 716 goto fail;
06170154 717 } else if (is_dir && verify) {
ad1d615c
AG		 718 if (!upper) {
719 pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
720 origin, index);
721 goto fail;
722 }
359f392c 723
ad1d615c
AG		 724 /* Verify that dir index 'upper' xattr points to upper dir */
725 err = ovl_verify_upper(index, upper, false);
726 if (err) {
727 if (err == -ESTALE) {
728 pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
729 upper, origin, index);
730 }
731 goto fail;
732 }
733 } else if (upper && d_inode(upper) != inode) {
734 goto out_dput;
735 }
359f392c
AG		 736out:
737 kfree(name.name);
738 return index;
739
6eaf0111
AG		 740out_dput:
741 dput(index);
742 index = NULL;
743 goto out;
744
359f392c
AG		 745fail:
746 dput(index);
747 index = ERR_PTR(-EIO);
748 goto out;
749}
750
bbb1e54d
MS		 751/*
752 * Returns next layer in stack starting from top.
753 * Returns -1 if this is the last layer.
754 */
755int ovl_path_next(int idx, struct dentry *dentry, struct path *path)
756{
757 struct ovl_entry *oe = dentry->d_fsdata;
758
759 BUG_ON(idx < 0);
760 if (idx == 0) {
761 ovl_path_upper(dentry, path);
762 if (path->dentry)
763 return oe->numlower ? 1 : -1;
764 idx++;
765 }
766 BUG_ON(idx > oe->numlower);
b9343632
CR		 767 path->dentry = oe->lowerstack[idx - 1].dentry;
768 path->mnt = oe->lowerstack[idx - 1].layer->mnt;
bbb1e54d
MS		 769
770 return (idx < oe->numlower) ? idx + 1 : -1;
771}
772
9678e630
AG		 773/* Fix missing 'origin' xattr */
774static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower,
775 struct dentry *upper)
776{
777 int err;
778
779 if (ovl_check_origin_xattr(upper))
780 return 0;
781
782 err = ovl_want_write(dentry);
783 if (err)
784 return err;
785
786 err = ovl_set_origin(dentry, lower, upper);
787 if (!err)
788 err = ovl_set_impure(dentry->d_parent, upper->d_parent);
789
790 ovl_drop_write(dentry);
791 return err;
792}
793
bbb1e54d
MS		 794struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
795 unsigned int flags)
796{
797 struct ovl_entry *oe;
798 const struct cred *old_cred;
6b2d5fe4 799 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
bbb1e54d 800 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
c22205d0 801 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata;
b9343632 802 struct ovl_path *stack = NULL;
bbb1e54d 803 struct dentry *upperdir, *upperdentry = NULL;
ad1d615c 804 struct dentry *origin = NULL;
359f392c 805 struct dentry *index = NULL;
bbb1e54d
MS		 806 unsigned int ctr = 0;
807 struct inode *inode = NULL;
808 bool upperopaque = false;
02b69b28 809 char *upperredirect = NULL;
bbb1e54d
MS		 810 struct dentry *this;
811 unsigned int i;
812 int err;
e28edc46
MS		 813 struct ovl_lookup_data d = {
814 .name = dentry->d_name,
815 .is_dir = false,
816 .opaque = false,
817 .stop = false,
818 .last = !poe->numlower,
02b69b28 819 .redirect = NULL,
e28edc46 820 };
bbb1e54d 821
6b2d5fe4
MS		 822 if (dentry->d_name.len > ofs->namelen)
823 return ERR_PTR(-ENAMETOOLONG);
824
bbb1e54d 825 old_cred = ovl_override_creds(dentry->d_sb);
09d8b586 826 upperdir = ovl_dentry_upper(dentry->d_parent);
bbb1e54d 827 if (upperdir) {
e28edc46
MS		 828 err = ovl_lookup_layer(upperdir, &d, &upperdentry);
829 if (err)
bbb1e54d
MS		 830 goto out;
831
e28edc46
MS		 832 if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) {
833 dput(upperdentry);
834 err = -EREMOTE;
835 goto out;
bbb1e54d 836 }
a9d01957
AG		 837 if (upperdentry && !d.is_dir) {
838 BUG_ON(!d.stop || d.redirect);
f7d3daca
AG		 839 /*
840 * Lookup copy up origin by decoding origin file handle.
841 * We may get a disconnected dentry, which is fine,
842 * because we only need to hold the origin inode in
843 * cache and use its inode number. We may even get a
844 * connected dentry, that is not under any of the lower
845 * layers root. That is also fine for using it's inode
846 * number - it's the same as if we held a reference
847 * to a dentry in lower layer that was moved under us.
848 */
1eff1a1d 849 err = ovl_check_origin(ofs, upperdentry, &stack, &ctr);
a9d01957 850 if (err)
5455f92b 851 goto out_put_upper;
a9d01957 852 }
02b69b28
MS		 853
854 if (d.redirect) {
0ce5cdc9 855 err = -ENOMEM;
02b69b28
MS		 856 upperredirect = kstrdup(d.redirect, GFP_KERNEL);
857 if (!upperredirect)
858 goto out_put_upper;
859 if (d.redirect[0] == '/')
c22205d0 860 poe = roe;
02b69b28 861 }
e28edc46 862 upperopaque = d.opaque;
bbb1e54d
MS		 863 }
864
e28edc46 865 if (!d.stop && poe->numlower) {
bbb1e54d 866 err = -ENOMEM;
b9343632 867 stack = kcalloc(ofs->numlower, sizeof(struct ovl_path),
0ee931c4 868 GFP_KERNEL);
bbb1e54d
MS		 869 if (!stack)
870 goto out_put_upper;
871 }
872
e28edc46 873 for (i = 0; !d.stop && i < poe->numlower; i++) {
b9343632 874 struct ovl_path lower = poe->lowerstack[i];
bbb1e54d 875
e28edc46 876 d.last = i == poe->numlower - 1;
b9343632 877 err = ovl_lookup_layer(lower.dentry, &d, &this);
e28edc46 878 if (err)
bbb1e54d 879 goto out_put;
6b2d5fe4 880
bbb1e54d
MS		 881 if (!this)
882 continue;
bbb1e54d 883
9678e630
AG		 884 /*
885 * If no origin fh is stored in upper of a merge dir, store fh
886 * of lower dir and set upper parent "impure".
887 */
888 if (upperdentry && !ctr && !ofs->noxattr) {
889 err = ovl_fix_origin(dentry, this, upperdentry);
890 if (err) {
891 dput(this);
892 goto out_put;
893 }
894 }
895
37b12916
AG		 896 /*
897 * When "verify_lower" feature is enabled, do not merge with a
ad1d615c
AG		 898 * lower dir that does not match a stored origin xattr. In any
899 * case, only verified origin is used for index lookup.
37b12916
AG		 900 */
901 if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) {
902 err = ovl_verify_origin(upperdentry, this, false);
903 if (err) {
904 dput(this);
905 break;
906 }
ad1d615c
AG		 907
908 /* Bless lower dir as verified origin */
909 origin = this;
37b12916
AG		 910 }
911
bbb1e54d 912 stack[ctr].dentry = this;
b9343632 913 stack[ctr].layer = lower.layer;
bbb1e54d 914 ctr++;
02b69b28 915
438c84c2
MS		 916 /*
917 * Following redirects can have security consequences: it's like
918 * a symlink into the lower layer without the permission checks.
919 * This is only a problem if the upper layer is untrusted (e.g
920 * comes from an USB drive). This can allow a non-readable file
921 * or directory to become readable.
922 *
923 * Only following redirects when redirects are enabled disables
924 * this attack vector when not necessary.
925 */
926 err = -EPERM;
927 if (d.redirect && !ofs->config.redirect_follow) {
f8167817
AG		 928 pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n",
929 dentry);
438c84c2
MS		 930 goto out_put;
931 }
932
d1fe96c0
VG		 933 if (d.stop)
934 break;
935
c22205d0
AG		 936 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
937 poe = roe;
02b69b28 938 /* Find the current layer on the root dentry */
d583ed7d 939 i = lower.layer->idx - 1;
02b69b28 940 }
bbb1e54d
MS		 941 }
942
ad1d615c
AG		 943 /*
944 * Lookup index by lower inode and verify it matches upper inode.
945 * We only trust dir index if we verified that lower dir matches
946 * origin, otherwise dir index entries may be inconsistent and we
947 * ignore them. Always lookup index of non-dir and non-upper.
948 */
949 if (ctr && (!upperdentry || !d.is_dir))
950 origin = stack[0].dentry;
359f392c 951
ad1d615c
AG		 952 if (origin && ovl_indexdir(dentry->d_sb) &&
953 (!d.is_dir || ovl_index_all(dentry->d_sb))) {
06170154 954 index = ovl_lookup_index(ofs, upperdentry, origin, true);
359f392c
AG		 955 if (IS_ERR(index)) {
956 err = PTR_ERR(index);
957 index = NULL;
958 goto out_put;
959 }
960 }
961
bbb1e54d
MS		 962 oe = ovl_alloc_entry(ctr);
963 err = -ENOMEM;
964 if (!oe)
965 goto out_put;
966
b9343632 967 memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
e6d2ebdd 968 dentry->d_fsdata = oe;
bbb1e54d 969
c62520a8
AG		 970 if (upperopaque)
971 ovl_dentry_set_opaque(dentry);
972
55acc661
MS		 973 if (upperdentry)
974 ovl_dentry_set_upper_alias(dentry);
975 else if (index)
359f392c
AG		 976 upperdentry = dget(index);
977
e6d2ebdd 978 if (upperdentry || ctr) {
2aed489d
AG		 979 if (ctr)
980 origin = stack[0].dentry;
0aceb53e
AG		 981 inode = ovl_get_inode(dentry->d_sb, upperdentry, origin, index,
982 ctr);
b9ac5c27
MS		 983 err = PTR_ERR(inode);
984 if (IS_ERR(inode))
bbb1e54d 985 goto out_free_oe;
cf31c463
MS		 986
987 OVL_I(inode)->redirect = upperredirect;
359f392c
AG		 988 if (index)
989 ovl_set_flag(OVL_INDEX, inode);
bbb1e54d
MS		 990 }
991
992 revert_creds(old_cred);
359f392c 993 dput(index);
bbb1e54d 994 kfree(stack);
02b69b28 995 kfree(d.redirect);
829c28be 996 return d_splice_alias(inode, dentry);
bbb1e54d
MS		 997
998out_free_oe:
e6d2ebdd 999 dentry->d_fsdata = NULL;
bbb1e54d
MS		 1000 kfree(oe);
1001out_put:
359f392c 1002 dput(index);
bbb1e54d
MS		 1003 for (i = 0; i < ctr; i++)
1004 dput(stack[i].dentry);
1005 kfree(stack);
1006out_put_upper:
1007 dput(upperdentry);
02b69b28 1008 kfree(upperredirect);
bbb1e54d 1009out:
02b69b28 1010 kfree(d.redirect);
bbb1e54d
MS		 1011 revert_creds(old_cred);
1012 return ERR_PTR(err);
1013}
1014
1015bool ovl_lower_positive(struct dentry *dentry)
1016{
bbb1e54d
MS		 1017 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
1018 const struct qstr *name = &dentry->d_name;
6d0a8a90 1019 const struct cred *old_cred;
bbb1e54d
MS		 1020 unsigned int i;
1021 bool positive = false;
1022 bool done = false;
1023
1024 /*
1025 * If dentry is negative, then lower is positive iff this is a
1026 * whiteout.
1027 */
1028 if (!dentry->d_inode)
c62520a8 1029 return ovl_dentry_is_opaque(dentry);
bbb1e54d
MS		 1030
1031 /* Negative upper -> positive lower */
09d8b586 1032 if (!ovl_dentry_upper(dentry))
bbb1e54d
MS		 1033 return true;
1034
6d0a8a90 1035 old_cred = ovl_override_creds(dentry->d_sb);
bbb1e54d
MS		 1036 /* Positive upper -> have to look up lower to see whether it exists */
1037 for (i = 0; !done && !positive && i < poe->numlower; i++) {
1038 struct dentry *this;
1039 struct dentry *lowerdir = poe->lowerstack[i].dentry;
1040
1041 this = lookup_one_len_unlocked(name->name, lowerdir,
1042 name->len);
1043 if (IS_ERR(this)) {
1044 switch (PTR_ERR(this)) {
1045 case -ENOENT:
1046 case -ENAMETOOLONG:
1047 break;
1048
1049 default:
1050 /*
1051 * Assume something is there, we just couldn't
1052 * access it.
1053 */
1054 positive = true;
1055 break;
1056 }
1057 } else {
1058 if (this->d_inode) {
1059 positive = !ovl_is_whiteout(this);
1060 done = true;
1061 }
1062 dput(this);
1063 }
1064 }
6d0a8a90 1065 revert_creds(old_cred);
bbb1e54d
MS		 1066
1067 return positive;
1068}
Empty description
This page took 0.315716 seconds and 4 git commands to generate.