]> Git Repo - linux.git/blame - fs/overlayfs/namei.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovl: whiteout index when union nlink drops to zero
[linux.git] / fs / overlayfs / namei.c
CommitLineData
bbb1e54d
MS		 1/*
2 * Copyright (C) 2011 Novell Inc.
3 * Copyright (C) 2016 Red Hat, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10#include <linux/fs.h>
5b825c3a 11#include <linux/cred.h>
9ee60ce2 12#include <linux/ctype.h>
bbb1e54d
MS		 13#include <linux/namei.h>
14#include <linux/xattr.h>
02b69b28 15#include <linux/ratelimit.h>
a9d01957
AG		 16#include <linux/mount.h>
17#include <linux/exportfs.h>
bbb1e54d 18#include "overlayfs.h"
bbb1e54d 19
e28edc46
MS		 20struct ovl_lookup_data {
21 struct qstr name;
22 bool is_dir;
23 bool opaque;
24 bool stop;
25 bool last;
02b69b28 26 char *redirect;
e28edc46 27};
bbb1e54d 28
02b69b28
MS		 29static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
30 size_t prelen, const char *post)
31{
32 int res;
33 char *s, *next, *buf = NULL;
34
35 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0);
36 if (res < 0) {
37 if (res == -ENODATA || res == -EOPNOTSUPP)
38 return 0;
39 goto fail;
40 }
0ee931c4 41 buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL);
02b69b28
MS		 42 if (!buf)
43 return -ENOMEM;
44
45 if (res == 0)
46 goto invalid;
47
48 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res);
49 if (res < 0)
50 goto fail;
51 if (res == 0)
52 goto invalid;
53 if (buf[0] == '/') {
54 for (s = buf; *s++ == '/'; s = next) {
55 next = strchrnul(s, '/');
56 if (s == next)
57 goto invalid;
58 }
59 } else {
60 if (strchr(buf, '/') != NULL)
61 goto invalid;
62
63 memmove(buf + prelen, buf, res);
64 memcpy(buf, d->name.name, prelen);
65 }
66
67 strcat(buf, post);
68 kfree(d->redirect);
69 d->redirect = buf;
70 d->name.name = d->redirect;
71 d->name.len = strlen(d->redirect);
72
73 return 0;
74
75err_free:
76 kfree(buf);
77 return 0;
78fail:
79 pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res);
80 goto err_free;
81invalid:
82 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
83 goto err_free;
84}
85
a9d01957
AG		 86static int ovl_acceptable(void *ctx, struct dentry *dentry)
87{
e8f9e5b7
AG		 88 /*
89 * A non-dir origin may be disconnected, which is fine, because
90 * we only need it for its unique inode number.
91 */
92 if (!d_is_dir(dentry))
93 return 1;
94
95 /* Don't decode a deleted empty directory */
96 if (d_unhashed(dentry))
97 return 0;
98
99 /* Check if directory belongs to the layer we are decoding from */
100 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
a9d01957
AG		 101}
102
2e1a5328
AG		 103/*
104 * Check validity of an overlay file handle buffer.
105 *
106 * Return 0 for a valid file handle.
107 * Return -ENODATA for "origin unknown".
108 * Return <0 for an invalid file handle.
109 */
110static int ovl_check_fh_len(struct ovl_fh *fh, int fh_len)
111{
112 if (fh_len < sizeof(struct ovl_fh) || fh_len < fh->len)
113 return -EINVAL;
114
115 if (fh->magic != OVL_FH_MAGIC)
116 return -EINVAL;
117
118 /* Treat larger version and unknown flags as "origin unknown" */
119 if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL)
120 return -ENODATA;
121
122 /* Treat endianness mismatch as "origin unknown" */
123 if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
124 (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
125 return -ENODATA;
126
127 return 0;
128}
129
05122443 130static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name)
a9d01957 131{
2e1a5328 132 int res, err;
a9d01957 133 struct ovl_fh *fh = NULL;
a9d01957 134
05122443 135 res = vfs_getxattr(dentry, name, NULL, 0);
a9d01957
AG		 136 if (res < 0) {
137 if (res == -ENODATA || res == -EOPNOTSUPP)
138 return NULL;
139 goto fail;
140 }
141 /* Zero size value means "copied up but origin unknown" */
142 if (res == 0)
143 return NULL;
144
2e1a5328 145 fh = kzalloc(res, GFP_KERNEL);
a9d01957
AG		 146 if (!fh)
147 return ERR_PTR(-ENOMEM);
148
05122443 149 res = vfs_getxattr(dentry, name, fh, res);
a9d01957
AG		 150 if (res < 0)
151 goto fail;
152
2e1a5328
AG		 153 err = ovl_check_fh_len(fh, res);
154 if (err < 0) {
155 if (err == -ENODATA)
156 goto out;
a9d01957 157 goto invalid;
2e1a5328 158 }
a9d01957 159
8b88a2e6
AG		 160 return fh;
161
162out:
163 kfree(fh);
164 return NULL;
165
166fail:
167 pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res);
168 goto out;
169invalid:
170 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
171 goto out;
172}
173
2e1a5328 174static struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt)
8b88a2e6 175{
e8f9e5b7 176 struct dentry *real;
8b88a2e6
AG		 177 int bytes;
178
a9d01957
AG		 179 /*
180 * Make sure that the stored uuid matches the uuid of the lower
181 * layer where file handle will be decoded.
182 */
85787090 183 if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
2e1a5328 184 return NULL;
a9d01957 185
8b88a2e6 186 bytes = (fh->len - offsetof(struct ovl_fh, fid));
e8f9e5b7
AG		 187 real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
188 bytes >> 2, (int)fh->type,
189 ovl_acceptable, mnt);
190 if (IS_ERR(real)) {
191 /*
192 * Treat stale file handle to lower file as "origin unknown".
193 * upper file handle could become stale when upper file is
194 * unlinked and this information is needed to handle stale
195 * index entries correctly.
196 */
197 if (real == ERR_PTR(-ESTALE) &&
198 !(fh->flags & OVL_FH_FLAG_PATH_UPPER))
199 real = NULL;
200 return real;
a9d01957
AG		 201 }
202
e8f9e5b7
AG		 203 if (ovl_dentry_weird(real)) {
204 dput(real);
2e1a5328
AG		 205 return NULL;
206 }
a9d01957 207
e8f9e5b7 208 return real;
a9d01957
AG		 209}
210
ee1d6d37
AG		 211static bool ovl_is_opaquedir(struct dentry *dentry)
212{
213 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
214}
215
e28edc46
MS		 216static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
217 const char *name, unsigned int namelen,
02b69b28 218 size_t prelen, const char *post,
e28edc46
MS		 219 struct dentry **ret)
220{
221 struct dentry *this;
222 int err;
223
224 this = lookup_one_len_unlocked(name, base, namelen);
225 if (IS_ERR(this)) {
226 err = PTR_ERR(this);
227 this = NULL;
228 if (err == -ENOENT || err == -ENAMETOOLONG)
229 goto out;
230 goto out_err;
231 }
232 if (!this->d_inode)
233 goto put_and_out;
234
235 if (ovl_dentry_weird(this)) {
236 /* Don't support traversing automounts and other weirdness */
237 err = -EREMOTE;
238 goto out_err;
239 }
240 if (ovl_is_whiteout(this)) {
241 d->stop = d->opaque = true;
242 goto put_and_out;
243 }
244 if (!d_can_lookup(this)) {
245 d->stop = true;
246 if (d->is_dir)
247 goto put_and_out;
248 goto out;
249 }
250 d->is_dir = true;
251 if (!d->last && ovl_is_opaquedir(this)) {
252 d->stop = d->opaque = true;
253 goto out;
254 }
02b69b28
MS		 255 err = ovl_check_redirect(this, d, prelen, post);
256 if (err)
257 goto out_err;
e28edc46
MS		 258out:
259 *ret = this;
260 return 0;
261
262put_and_out:
263 dput(this);
264 this = NULL;
265 goto out;
266
267out_err:
268 dput(this);
269 return err;
270}
271
272static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
273 struct dentry **ret)
274{
4c7d0c9c
AG		 275 /* Counting down from the end, since the prefix can change */
276 size_t rem = d->name.len - 1;
02b69b28
MS		 277 struct dentry *dentry = NULL;
278 int err;
279
4c7d0c9c 280 if (d->name.name[0] != '/')
02b69b28
MS		 281 return ovl_lookup_single(base, d, d->name.name, d->name.len,
282 0, "", ret);
283
4c7d0c9c
AG		 284 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
285 const char *s = d->name.name + d->name.len - rem;
02b69b28 286 const char *next = strchrnul(s, '/');
4c7d0c9c
AG		 287 size_t thislen = next - s;
288 bool end = !next[0];
02b69b28 289
4c7d0c9c
AG		 290 /* Verify we did not go off the rails */
291 if (WARN_ON(s[-1] != '/'))
02b69b28
MS		 292 return -EIO;
293
4c7d0c9c
AG		 294 err = ovl_lookup_single(base, d, s, thislen,
295 d->name.len - rem, next, &base);
02b69b28
MS		 296 dput(dentry);
297 if (err)
298 return err;
299 dentry = base;
4c7d0c9c
AG		 300 if (end)
301 break;
302
303 rem -= thislen + 1;
304
305 if (WARN_ON(rem >= d->name.len))
306 return -EIO;
02b69b28
MS		 307 }
308 *ret = dentry;
309 return 0;
e28edc46
MS		 310}
311
a9d01957 312
1eff1a1d
AG		 313static int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
314 struct dentry *upperdentry,
2e1a5328 315 struct ovl_path **stackp)
a9d01957 316{
f7d3daca
AG		 317 struct dentry *origin = NULL;
318 int i;
a9d01957 319
1eff1a1d
AG		 320 for (i = 0; i < ofs->numlower; i++) {
321 origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt);
f7d3daca
AG		 322 if (origin)
323 break;
324 }
325
326 if (!origin)
2e1a5328
AG		 327 return -ESTALE;
328 else if (IS_ERR(origin))
329 return PTR_ERR(origin);
330
331 if (!ovl_is_whiteout(upperdentry) &&
332 ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT))
333 goto invalid;
a9d01957 334
415543d5 335 if (!*stackp)
b9343632 336 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
a9d01957
AG		 337 if (!*stackp) {
338 dput(origin);
339 return -ENOMEM;
340 }
1eff1a1d
AG		 341 **stackp = (struct ovl_path){
342 .dentry = origin,
343 .layer = &ofs->lower_layers[i]
344 };
a9d01957
AG		 345
346 return 0;
2e1a5328
AG		 347
348invalid:
349 pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
350 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
351 d_inode(origin)->i_mode & S_IFMT);
352 dput(origin);
353 return -EIO;
354}
355
1eff1a1d 356static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
2e1a5328
AG		 357 struct ovl_path **stackp, unsigned int *ctrp)
358{
05122443 359 struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN);
2e1a5328
AG		 360 int err;
361
362 if (IS_ERR_OR_NULL(fh))
363 return PTR_ERR(fh);
364
1eff1a1d 365 err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp);
2e1a5328
AG		 366 kfree(fh);
367
368 if (err) {
369 if (err == -ESTALE)
370 return 0;
371 return err;
372 }
373
374 if (WARN_ON(*ctrp))
375 return -EIO;
376
377 *ctrp = 1;
378 return 0;
a9d01957
AG		 379}
380
8b88a2e6 381/*
05122443 382 * Verify that @fh matches the file handle stored in xattr @name.
8b88a2e6
AG		 383 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
384 */
05122443
AG		 385static int ovl_verify_fh(struct dentry *dentry, const char *name,
386 const struct ovl_fh *fh)
8b88a2e6 387{
05122443 388 struct ovl_fh *ofh = ovl_get_fh(dentry, name);
8b88a2e6
AG		 389 int err = 0;
390
391 if (!ofh)
392 return -ENODATA;
393
394 if (IS_ERR(ofh))
395 return PTR_ERR(ofh);
396
397 if (fh->len != ofh->len || memcmp(fh, ofh, fh->len))
398 err = -ESTALE;
399
400 kfree(ofh);
401 return err;
402}
403
404/*
05122443 405 * Verify that @real dentry matches the file handle stored in xattr @name.
8b88a2e6 406 *
05122443
AG		 407 * If @set is true and there is no stored file handle, encode @real and store
408 * file handle in xattr @name.
8b88a2e6 409 *
05122443 410 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
8b88a2e6 411 */
05122443
AG		 412int ovl_verify_set_fh(struct dentry *dentry, const char *name,
413 struct dentry *real, bool is_upper, bool set)
8b88a2e6
AG		 414{
415 struct inode *inode;
416 struct ovl_fh *fh;
417 int err;
418
05122443 419 fh = ovl_encode_fh(real, is_upper);
8b88a2e6
AG		 420 err = PTR_ERR(fh);
421 if (IS_ERR(fh))
422 goto fail;
423
05122443 424 err = ovl_verify_fh(dentry, name, fh);
8b88a2e6 425 if (set && err == -ENODATA)
05122443 426 err = ovl_do_setxattr(dentry, name, fh, fh->len, 0);
8b88a2e6
AG		 427 if (err)
428 goto fail;
429
430out:
431 kfree(fh);
432 return err;
433
434fail:
05122443
AG		 435 inode = d_inode(real);
436 pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n",
437 is_upper ? "upper" : "origin", real,
438 inode ? inode->i_ino : 0, err);
8b88a2e6
AG		 439 goto out;
440}
441
e8f9e5b7
AG		 442/* Get upper dentry from index */
443static struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
444{
445 struct ovl_fh *fh;
446 struct dentry *upper;
447
448 if (!d_is_dir(index))
449 return dget(index);
450
451 fh = ovl_get_fh(index, OVL_XATTR_UPPER);
452 if (IS_ERR_OR_NULL(fh))
453 return ERR_CAST(fh);
454
455 upper = ovl_decode_fh(fh, ofs->upper_mnt);
456 kfree(fh);
457
458 if (IS_ERR_OR_NULL(upper))
459 return upper ?: ERR_PTR(-ESTALE);
460
461 if (!d_is_dir(upper)) {
462 pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n",
463 index, upper);
464 dput(upper);
465 return ERR_PTR(-EIO);
466 }
467
468 return upper;
469}
470
9ee60ce2
AG		 471/* Is this a leftover from create/whiteout of directory index entry? */
472static bool ovl_is_temp_index(struct dentry *index)
473{
474 return index->d_name.name[0] == '#';
475}
476
415543d5
AG		 477/*
478 * Verify that an index entry name matches the origin file handle stored in
479 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
480 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
481 */
1eff1a1d 482int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
415543d5
AG		 483{
484 struct ovl_fh *fh = NULL;
485 size_t len;
b9343632
CR		 486 struct ovl_path origin = { };
487 struct ovl_path *stack = &origin;
e8f9e5b7 488 struct dentry *upper = NULL;
415543d5
AG		 489 int err;
490
491 if (!d_inode(index))
492 return 0;
493
9ee60ce2
AG		 494 /* Cleanup leftover from index create/cleanup attempt */
495 err = -ESTALE;
496 if (ovl_is_temp_index(index))
497 goto fail;
498
fa0096e3 499 err = -EINVAL;
415543d5
AG		 500 if (index->d_name.len < sizeof(struct ovl_fh)*2)
501 goto fail;
502
503 err = -ENOMEM;
504 len = index->d_name.len / 2;
0ee931c4 505 fh = kzalloc(len, GFP_KERNEL);
415543d5
AG		 506 if (!fh)
507 goto fail;
508
509 err = -EINVAL;
2e1a5328
AG		 510 if (hex2bin((u8 *)fh, index->d_name.name, len))
511 goto fail;
512
513 err = ovl_check_fh_len(fh, len);
514 if (err)
415543d5
AG		 515 goto fail;
516
7db25d36
AG		 517 /*
518 * Whiteout index entries are used as an indication that an exported
519 * overlay file handle should be treated as stale (i.e. after unlink
520 * of the overlay inode). These entries contain no origin xattr.
521 */
522 if (ovl_is_whiteout(index))
523 goto out;
524
e8f9e5b7
AG		 525 /*
526 * Verifying directory index entries are not stale is expensive, so
527 * only verify stale dir index if NFS export is enabled.
528 */
529 if (d_is_dir(index) && !ofs->config.nfs_export)
530 goto out;
531
532 /*
533 * Directory index entries should have 'upper' xattr pointing to the
534 * real upper dir. Non-dir index entries are hardlinks to the upper
535 * real inode. For non-dir index, we can read the copy up origin xattr
536 * directly from the index dentry, but for dir index we first need to
537 * decode the upper directory.
538 */
539 upper = ovl_index_upper(ofs, index);
540 if (IS_ERR_OR_NULL(upper)) {
541 err = PTR_ERR(upper);
542 if (!err)
543 err = -ESTALE;
415543d5 544 goto fail;
e8f9e5b7 545 }
415543d5 546
e8f9e5b7
AG		 547 err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh);
548 dput(upper);
415543d5
AG		 549 if (err)
550 goto fail;
551
e8f9e5b7
AG		 552 /* Check if non-dir index is orphan and don't warn before cleaning it */
553 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
554 err = ovl_check_origin_fh(ofs, fh, index, &stack);
555 if (err)
556 goto fail;
557
558 if (ovl_get_nlink(origin.dentry, index, 0) == 0)
559 err = -ENOENT;
560 }
caf70cb2 561
415543d5 562out:
e8f9e5b7 563 dput(origin.dentry);
415543d5
AG		 564 kfree(fh);
565 return err;
566
567fail:
61b67471
AG		 568 pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n",
569 index, d_inode(index)->i_mode & S_IFMT, err);
415543d5
AG		 570 goto out;
571}
572
359f392c
AG		 573/*
574 * Lookup in indexdir for the index entry of a lower real inode or a copy up
575 * origin inode. The index entry name is the hex representation of the lower
576 * inode file handle.
577 *
578 * If the index dentry in negative, then either no lower aliases have been
579 * copied up yet, or aliases have been copied up in older kernels and are
580 * not indexed.
581 *
582 * If the index dentry for a copy up origin inode is positive, but points
583 * to an inode different than the upper inode, then either the upper inode
584 * has been copied up and not indexed or it was indexed, but since then
585 * index dir was cleared. Either way, that index cannot be used to indentify
586 * the overlay inode.
587 */
588int ovl_get_index_name(struct dentry *origin, struct qstr *name)
589{
590 int err;
591 struct ovl_fh *fh;
592 char *n, *s;
593
594 fh = ovl_encode_fh(origin, false);
595 if (IS_ERR(fh))
596 return PTR_ERR(fh);
597
598 err = -ENOMEM;
0ee931c4 599 n = kzalloc(fh->len * 2, GFP_KERNEL);
359f392c
AG		 600 if (n) {
601 s = bin2hex(n, fh, fh->len);
602 *name = (struct qstr) QSTR_INIT(n, s - n);
603 err = 0;
604 }
605 kfree(fh);
606
607 return err;
608
609}
610
611static struct dentry *ovl_lookup_index(struct dentry *dentry,
612 struct dentry *upper,
613 struct dentry *origin)
614{
615 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
616 struct dentry *index;
617 struct inode *inode;
618 struct qstr name;
ad1d615c 619 bool is_dir = d_is_dir(origin);
359f392c
AG		 620 int err;
621
622 err = ovl_get_index_name(origin, &name);
623 if (err)
624 return ERR_PTR(err);
625
626 index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
627 if (IS_ERR(index)) {
e0082a0f 628 err = PTR_ERR(index);
7937a56f
AG		 629 if (err == -ENOENT) {
630 index = NULL;
631 goto out;
632 }
359f392c
AG		 633 pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n"
634 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
635 d_inode(origin)->i_ino, name.len, name.name,
636 err);
637 goto out;
638 }
639
0e082555 640 inode = d_inode(index);
359f392c 641 if (d_is_negative(index)) {
6eaf0111 642 goto out_dput;
0e082555
AG		 643 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
644 ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) {
645 /*
646 * Index should always be of the same file type as origin
647 * except for the case of a whiteout index. A whiteout
648 * index should only exist if all lower aliases have been
649 * unlinked, which means that finding a lower origin on lookup
650 * whose index is a whiteout should be treated as an error.
651 */
652 pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
653 index, d_inode(index)->i_mode & S_IFMT,
654 d_inode(origin)->i_mode & S_IFMT);
359f392c 655 goto fail;
ad1d615c
AG		 656 } else if (is_dir) {
657 if (!upper) {
658 pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
659 origin, index);
660 goto fail;
661 }
359f392c 662
ad1d615c
AG		 663 /* Verify that dir index 'upper' xattr points to upper dir */
664 err = ovl_verify_upper(index, upper, false);
665 if (err) {
666 if (err == -ESTALE) {
667 pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
668 upper, origin, index);
669 }
670 goto fail;
671 }
672 } else if (upper && d_inode(upper) != inode) {
673 goto out_dput;
674 }
359f392c
AG		 675out:
676 kfree(name.name);
677 return index;
678
6eaf0111
AG		 679out_dput:
680 dput(index);
681 index = NULL;
682 goto out;
683
359f392c
AG		 684fail:
685 dput(index);
686 index = ERR_PTR(-EIO);
687 goto out;
688}
689
bbb1e54d
MS		 690/*
691 * Returns next layer in stack starting from top.
692 * Returns -1 if this is the last layer.
693 */
694int ovl_path_next(int idx, struct dentry *dentry, struct path *path)
695{
696 struct ovl_entry *oe = dentry->d_fsdata;
697
698 BUG_ON(idx < 0);
699 if (idx == 0) {
700 ovl_path_upper(dentry, path);
701 if (path->dentry)
702 return oe->numlower ? 1 : -1;
703 idx++;
704 }
705 BUG_ON(idx > oe->numlower);
b9343632
CR		 706 path->dentry = oe->lowerstack[idx - 1].dentry;
707 path->mnt = oe->lowerstack[idx - 1].layer->mnt;
bbb1e54d
MS		 708
709 return (idx < oe->numlower) ? idx + 1 : -1;
710}
711
9678e630
AG		 712/* Fix missing 'origin' xattr */
713static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower,
714 struct dentry *upper)
715{
716 int err;
717
718 if (ovl_check_origin_xattr(upper))
719 return 0;
720
721 err = ovl_want_write(dentry);
722 if (err)
723 return err;
724
725 err = ovl_set_origin(dentry, lower, upper);
726 if (!err)
727 err = ovl_set_impure(dentry->d_parent, upper->d_parent);
728
729 ovl_drop_write(dentry);
730 return err;
731}
732
bbb1e54d
MS		 733struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
734 unsigned int flags)
735{
736 struct ovl_entry *oe;
737 const struct cred *old_cred;
6b2d5fe4 738 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
bbb1e54d 739 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
c22205d0 740 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata;
b9343632 741 struct ovl_path *stack = NULL;
bbb1e54d 742 struct dentry *upperdir, *upperdentry = NULL;
ad1d615c 743 struct dentry *origin = NULL;
359f392c 744 struct dentry *index = NULL;
bbb1e54d
MS		 745 unsigned int ctr = 0;
746 struct inode *inode = NULL;
747 bool upperopaque = false;
02b69b28 748 char *upperredirect = NULL;
bbb1e54d
MS		 749 struct dentry *this;
750 unsigned int i;
751 int err;
e28edc46
MS		 752 struct ovl_lookup_data d = {
753 .name = dentry->d_name,
754 .is_dir = false,
755 .opaque = false,
756 .stop = false,
757 .last = !poe->numlower,
02b69b28 758 .redirect = NULL,
e28edc46 759 };
bbb1e54d 760
6b2d5fe4
MS		 761 if (dentry->d_name.len > ofs->namelen)
762 return ERR_PTR(-ENAMETOOLONG);
763
bbb1e54d 764 old_cred = ovl_override_creds(dentry->d_sb);
09d8b586 765 upperdir = ovl_dentry_upper(dentry->d_parent);
bbb1e54d 766 if (upperdir) {
e28edc46
MS		 767 err = ovl_lookup_layer(upperdir, &d, &upperdentry);
768 if (err)
bbb1e54d
MS		 769 goto out;
770
e28edc46
MS		 771 if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) {
772 dput(upperdentry);
773 err = -EREMOTE;
774 goto out;
bbb1e54d 775 }
a9d01957
AG		 776 if (upperdentry && !d.is_dir) {
777 BUG_ON(!d.stop || d.redirect);
f7d3daca
AG		 778 /*
779 * Lookup copy up origin by decoding origin file handle.
780 * We may get a disconnected dentry, which is fine,
781 * because we only need to hold the origin inode in
782 * cache and use its inode number. We may even get a
783 * connected dentry, that is not under any of the lower
784 * layers root. That is also fine for using it's inode
785 * number - it's the same as if we held a reference
786 * to a dentry in lower layer that was moved under us.
787 */
1eff1a1d 788 err = ovl_check_origin(ofs, upperdentry, &stack, &ctr);
a9d01957 789 if (err)
5455f92b 790 goto out_put_upper;
a9d01957 791 }
02b69b28
MS		 792
793 if (d.redirect) {
0ce5cdc9 794 err = -ENOMEM;
02b69b28
MS		 795 upperredirect = kstrdup(d.redirect, GFP_KERNEL);
796 if (!upperredirect)
797 goto out_put_upper;
798 if (d.redirect[0] == '/')
c22205d0 799 poe = roe;
02b69b28 800 }
e28edc46 801 upperopaque = d.opaque;
bbb1e54d
MS		 802 }
803
e28edc46 804 if (!d.stop && poe->numlower) {
bbb1e54d 805 err = -ENOMEM;
b9343632 806 stack = kcalloc(ofs->numlower, sizeof(struct ovl_path),
0ee931c4 807 GFP_KERNEL);
bbb1e54d
MS		 808 if (!stack)
809 goto out_put_upper;
810 }
811
e28edc46 812 for (i = 0; !d.stop && i < poe->numlower; i++) {
b9343632 813 struct ovl_path lower = poe->lowerstack[i];
bbb1e54d 814
e28edc46 815 d.last = i == poe->numlower - 1;
b9343632 816 err = ovl_lookup_layer(lower.dentry, &d, &this);
e28edc46 817 if (err)
bbb1e54d 818 goto out_put;
6b2d5fe4 819
bbb1e54d
MS		 820 if (!this)
821 continue;
bbb1e54d 822
9678e630
AG		 823 /*
824 * If no origin fh is stored in upper of a merge dir, store fh
825 * of lower dir and set upper parent "impure".
826 */
827 if (upperdentry && !ctr && !ofs->noxattr) {
828 err = ovl_fix_origin(dentry, this, upperdentry);
829 if (err) {
830 dput(this);
831 goto out_put;
832 }
833 }
834
37b12916
AG		 835 /*
836 * When "verify_lower" feature is enabled, do not merge with a
ad1d615c
AG		 837 * lower dir that does not match a stored origin xattr. In any
838 * case, only verified origin is used for index lookup.
37b12916
AG		 839 */
840 if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) {
841 err = ovl_verify_origin(upperdentry, this, false);
842 if (err) {
843 dput(this);
844 break;
845 }
ad1d615c
AG		 846
847 /* Bless lower dir as verified origin */
848 origin = this;
37b12916
AG		 849 }
850
bbb1e54d 851 stack[ctr].dentry = this;
b9343632 852 stack[ctr].layer = lower.layer;
bbb1e54d 853 ctr++;
02b69b28
MS		 854
855 if (d.stop)
856 break;
857
438c84c2
MS		 858 /*
859 * Following redirects can have security consequences: it's like
860 * a symlink into the lower layer without the permission checks.
861 * This is only a problem if the upper layer is untrusted (e.g
862 * comes from an USB drive). This can allow a non-readable file
863 * or directory to become readable.
864 *
865 * Only following redirects when redirects are enabled disables
866 * this attack vector when not necessary.
867 */
868 err = -EPERM;
869 if (d.redirect && !ofs->config.redirect_follow) {
f8167817
AG		 870 pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n",
871 dentry);
438c84c2
MS		 872 goto out_put;
873 }
874
c22205d0
AG		 875 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
876 poe = roe;
02b69b28 877 /* Find the current layer on the root dentry */
d583ed7d 878 i = lower.layer->idx - 1;
02b69b28 879 }
bbb1e54d
MS		 880 }
881
ad1d615c
AG		 882 /*
883 * Lookup index by lower inode and verify it matches upper inode.
884 * We only trust dir index if we verified that lower dir matches
885 * origin, otherwise dir index entries may be inconsistent and we
886 * ignore them. Always lookup index of non-dir and non-upper.
887 */
888 if (ctr && (!upperdentry || !d.is_dir))
889 origin = stack[0].dentry;
359f392c 890
ad1d615c
AG		 891 if (origin && ovl_indexdir(dentry->d_sb) &&
892 (!d.is_dir || ovl_index_all(dentry->d_sb))) {
359f392c
AG		 893 index = ovl_lookup_index(dentry, upperdentry, origin);
894 if (IS_ERR(index)) {
895 err = PTR_ERR(index);
896 index = NULL;
897 goto out_put;
898 }
899 }
900
bbb1e54d
MS		 901 oe = ovl_alloc_entry(ctr);
902 err = -ENOMEM;
903 if (!oe)
904 goto out_put;
905
e6d2ebdd 906 oe->opaque = upperopaque;
b9343632 907 memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
e6d2ebdd 908 dentry->d_fsdata = oe;
bbb1e54d 909
55acc661
MS		 910 if (upperdentry)
911 ovl_dentry_set_upper_alias(dentry);
912 else if (index)
359f392c
AG		 913 upperdentry = dget(index);
914
e6d2ebdd 915 if (upperdentry || ctr) {
6eaf0111 916 inode = ovl_get_inode(dentry, upperdentry, index);
b9ac5c27
MS		 917 err = PTR_ERR(inode);
918 if (IS_ERR(inode))
bbb1e54d 919 goto out_free_oe;
cf31c463
MS		 920
921 OVL_I(inode)->redirect = upperredirect;
359f392c
AG		 922 if (index)
923 ovl_set_flag(OVL_INDEX, inode);
bbb1e54d
MS		 924 }
925
926 revert_creds(old_cred);
359f392c 927 dput(index);
bbb1e54d 928 kfree(stack);
02b69b28 929 kfree(d.redirect);
bbb1e54d
MS		 930 d_add(dentry, inode);
931
932 return NULL;
933
934out_free_oe:
e6d2ebdd 935 dentry->d_fsdata = NULL;
bbb1e54d
MS		 936 kfree(oe);
937out_put:
359f392c 938 dput(index);
bbb1e54d
MS		 939 for (i = 0; i < ctr; i++)
940 dput(stack[i].dentry);
941 kfree(stack);
942out_put_upper:
943 dput(upperdentry);
02b69b28 944 kfree(upperredirect);
bbb1e54d 945out:
02b69b28 946 kfree(d.redirect);
bbb1e54d
MS		 947 revert_creds(old_cred);
948 return ERR_PTR(err);
949}
950
951bool ovl_lower_positive(struct dentry *dentry)
952{
953 struct ovl_entry *oe = dentry->d_fsdata;
954 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
955 const struct qstr *name = &dentry->d_name;
6d0a8a90 956 const struct cred *old_cred;
bbb1e54d
MS		 957 unsigned int i;
958 bool positive = false;
959 bool done = false;
960
961 /*
962 * If dentry is negative, then lower is positive iff this is a
963 * whiteout.
964 */
965 if (!dentry->d_inode)
966 return oe->opaque;
967
968 /* Negative upper -> positive lower */
09d8b586 969 if (!ovl_dentry_upper(dentry))
bbb1e54d
MS		 970 return true;
971
6d0a8a90 972 old_cred = ovl_override_creds(dentry->d_sb);
bbb1e54d
MS		 973 /* Positive upper -> have to look up lower to see whether it exists */
974 for (i = 0; !done && !positive && i < poe->numlower; i++) {
975 struct dentry *this;
976 struct dentry *lowerdir = poe->lowerstack[i].dentry;
977
978 this = lookup_one_len_unlocked(name->name, lowerdir,
979 name->len);
980 if (IS_ERR(this)) {
981 switch (PTR_ERR(this)) {
982 case -ENOENT:
983 case -ENAMETOOLONG:
984 break;
985
986 default:
987 /*
988 * Assume something is there, we just couldn't
989 * access it.
990 */
991 positive = true;
992 break;
993 }
994 } else {
995 if (this->d_inode) {
996 positive = !ovl_is_whiteout(this);
997 done = true;
998 }
999 dput(this);
1000 }
1001 }
6d0a8a90 1002 revert_creds(old_cred);
bbb1e54d
MS		 1003
1004 return positive;
1005}
Empty description
This page took 0.319303 seconds and 4 git commands to generate.