namei.c 36 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2011 Novell Inc.
  4. * Copyright (C) 2016 Red Hat, Inc.
  5. */
  6. #include <linux/fs.h>
  7. #include <linux/cred.h>
  8. #include <linux/ctype.h>
  9. #include <linux/hex.h>
  10. #include <linux/namei.h>
  11. #include <linux/xattr.h>
  12. #include <linux/ratelimit.h>
  13. #include <linux/mount.h>
  14. #include <linux/exportfs.h>
  15. #include "overlayfs.h"
  16. struct ovl_lookup_data {
  17. struct super_block *sb;
  18. struct dentry *dentry;
  19. const struct ovl_layer *layer;
  20. struct qstr name;
  21. bool is_dir;
  22. bool opaque;
  23. bool xwhiteouts;
  24. bool stop;
  25. bool last;
  26. char *redirect;
  27. char *upperredirect;
  28. int metacopy;
  29. /* Referring to last redirect xattr */
  30. bool absolute_redirect;
  31. };
  32. static int ovl_check_redirect(const struct path *path, struct ovl_lookup_data *d,
  33. size_t prelen, const char *post)
  34. {
  35. int res;
  36. char *buf;
  37. struct ovl_fs *ofs = OVL_FS(d->sb);
  38. d->absolute_redirect = false;
  39. buf = ovl_get_redirect_xattr(ofs, path, prelen + strlen(post));
  40. if (IS_ERR_OR_NULL(buf))
  41. return PTR_ERR(buf);
  42. if (buf[0] == '/') {
  43. d->absolute_redirect = true;
  44. /*
  45. * One of the ancestor path elements in an absolute path
  46. * lookup in ovl_lookup_layer() could have been opaque and
  47. * that will stop further lookup in lower layers (d->stop=true)
  48. * But we have found an absolute redirect in descendant path
  49. * element and that should force continue lookup in lower
  50. * layers (reset d->stop).
  51. */
  52. d->stop = false;
  53. } else {
  54. res = strlen(buf) + 1;
  55. memmove(buf + prelen, buf, res);
  56. memcpy(buf, d->name.name, prelen);
  57. }
  58. strcat(buf, post);
  59. kfree(d->redirect);
  60. d->redirect = buf;
  61. d->name.name = d->redirect;
  62. d->name.len = strlen(d->redirect);
  63. return 0;
  64. }
  65. static int ovl_acceptable(void *ctx, struct dentry *dentry)
  66. {
  67. /*
  68. * A non-dir origin may be disconnected, which is fine, because
  69. * we only need it for its unique inode number.
  70. */
  71. if (!d_is_dir(dentry))
  72. return 1;
  73. /* Don't decode a deleted empty directory */
  74. if (d_unhashed(dentry))
  75. return 0;
  76. /* Check if directory belongs to the layer we are decoding from */
  77. return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
  78. }
  79. /*
  80. * Check validity of an overlay file handle buffer.
  81. *
  82. * Return 0 for a valid file handle.
  83. * Return -ENODATA for "origin unknown".
  84. * Return <0 for an invalid file handle.
  85. */
  86. int ovl_check_fb_len(struct ovl_fb *fb, int fb_len)
  87. {
  88. if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len)
  89. return -EINVAL;
  90. if (fb->magic != OVL_FH_MAGIC)
  91. return -EINVAL;
  92. /* Treat larger version and unknown flags as "origin unknown" */
  93. if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL)
  94. return -ENODATA;
  95. /* Treat endianness mismatch as "origin unknown" */
  96. if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
  97. (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
  98. return -ENODATA;
  99. return 0;
  100. }
  101. static struct ovl_fh *ovl_get_fh(struct ovl_fs *ofs, struct dentry *upperdentry,
  102. enum ovl_xattr ox)
  103. {
  104. int res, err;
  105. struct ovl_fh *fh = NULL;
  106. res = ovl_getxattr_upper(ofs, upperdentry, ox, NULL, 0);
  107. if (res < 0) {
  108. if (res == -ENODATA || res == -EOPNOTSUPP)
  109. return NULL;
  110. goto fail;
  111. }
  112. /* Zero size value means "copied up but origin unknown" */
  113. if (res == 0)
  114. return NULL;
  115. fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
  116. if (!fh)
  117. return ERR_PTR(-ENOMEM);
  118. res = ovl_getxattr_upper(ofs, upperdentry, ox, fh->buf, res);
  119. if (res < 0)
  120. goto fail;
  121. err = ovl_check_fb_len(&fh->fb, res);
  122. if (err < 0) {
  123. if (err == -ENODATA)
  124. goto out;
  125. goto invalid;
  126. }
  127. return fh;
  128. out:
  129. kfree(fh);
  130. return NULL;
  131. fail:
  132. pr_warn_ratelimited("failed to get origin (%i)\n", res);
  133. goto out;
  134. invalid:
  135. pr_warn_ratelimited("invalid origin (%*phN)\n", res, fh);
  136. goto out;
  137. }
  138. bool ovl_uuid_match(struct ovl_fs *ofs, const struct super_block *sb,
  139. const uuid_t *uuid)
  140. {
  141. /*
  142. * Make sure that the stored uuid matches the uuid of the lower
  143. * layer where file handle will be decoded.
  144. * In case of uuid=off option just make sure that stored uuid is null.
  145. */
  146. return ovl_origin_uuid(ofs) ? uuid_equal(uuid, &sb->s_uuid) :
  147. uuid_is_null(uuid);
  148. }
  149. struct dentry *ovl_decode_real_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
  150. struct vfsmount *mnt, bool connected)
  151. {
  152. struct dentry *real;
  153. int bytes;
  154. if (!capable(CAP_DAC_READ_SEARCH))
  155. return NULL;
  156. if (!ovl_uuid_match(ofs, mnt->mnt_sb, &fh->fb.uuid))
  157. return NULL;
  158. bytes = (fh->fb.len - offsetof(struct ovl_fb, fid));
  159. real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid,
  160. bytes >> 2, (int)fh->fb.type,
  161. connected ? ovl_acceptable : NULL, mnt);
  162. if (IS_ERR(real)) {
  163. /*
  164. * Treat stale file handle to lower file as "origin unknown".
  165. * upper file handle could become stale when upper file is
  166. * unlinked and this information is needed to handle stale
  167. * index entries correctly.
  168. */
  169. if (real == ERR_PTR(-ESTALE) &&
  170. !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER))
  171. real = NULL;
  172. return real;
  173. }
  174. if (ovl_dentry_weird(real)) {
  175. dput(real);
  176. return NULL;
  177. }
  178. return real;
  179. }
  180. static struct dentry *ovl_lookup_positive_unlocked(struct ovl_lookup_data *d,
  181. const char *name,
  182. struct dentry *base, int len,
  183. bool drop_negative)
  184. {
  185. struct dentry *ret = lookup_one_unlocked(mnt_idmap(d->layer->mnt),
  186. &QSTR_LEN(name, len), base);
  187. if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
  188. if (drop_negative && ret->d_lockref.count == 1) {
  189. spin_lock(&ret->d_lock);
  190. /* Recheck condition under lock */
  191. if (d_is_negative(ret) && ret->d_lockref.count == 1)
  192. __d_drop(ret);
  193. spin_unlock(&ret->d_lock);
  194. }
  195. dput(ret);
  196. ret = ERR_PTR(-ENOENT);
  197. }
  198. return ret;
  199. }
  200. static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
  201. const char *name, unsigned int namelen,
  202. size_t prelen, const char *post,
  203. struct dentry **ret, bool drop_negative)
  204. {
  205. struct ovl_fs *ofs = OVL_FS(d->sb);
  206. struct dentry *this = NULL;
  207. const char *warn;
  208. struct path path;
  209. int err;
  210. bool last_element = !post[0];
  211. bool is_upper = d->layer->idx == 0;
  212. char val;
  213. /*
  214. * We allow filesystems that are case-folding capable as long as the
  215. * layers are consistently enabled in the stack, enabled for every dir
  216. * or disabled in all dirs. If someone has modified case folding on a
  217. * directory on underlying layer, the warranty of the ovl stack is
  218. * voided.
  219. */
  220. if (ofs->casefold != ovl_dentry_casefolded(base)) {
  221. warn = "parent wrong casefold";
  222. err = -ESTALE;
  223. goto out_warn;
  224. }
  225. this = ovl_lookup_positive_unlocked(d, name, base, namelen, drop_negative);
  226. if (IS_ERR(this)) {
  227. err = PTR_ERR(this);
  228. this = NULL;
  229. if (err == -ENOENT || err == -ENAMETOOLONG)
  230. goto out;
  231. goto out_err;
  232. }
  233. if (ofs->casefold != ovl_dentry_casefolded(this)) {
  234. warn = "child wrong casefold";
  235. err = -EREMOTE;
  236. goto out_warn;
  237. }
  238. if (ovl_dentry_weird(this)) {
  239. /* Don't support traversing automounts and other weirdness */
  240. warn = "unsupported object type";
  241. err = -EREMOTE;
  242. goto out_warn;
  243. }
  244. path.dentry = this;
  245. path.mnt = d->layer->mnt;
  246. if (ovl_path_is_whiteout(ofs, &path)) {
  247. d->stop = d->opaque = true;
  248. goto put_and_out;
  249. }
  250. /*
  251. * This dentry should be a regular file if previous layer lookup
  252. * found a metacopy dentry.
  253. */
  254. if (last_element && d->metacopy && !d_is_reg(this)) {
  255. d->stop = true;
  256. goto put_and_out;
  257. }
  258. if (!d_can_lookup(this)) {
  259. if (d->is_dir || !last_element) {
  260. d->stop = true;
  261. goto put_and_out;
  262. }
  263. err = ovl_check_metacopy_xattr(ofs, &path, NULL);
  264. if (err < 0)
  265. goto out_err;
  266. d->metacopy = err;
  267. d->stop = !d->metacopy;
  268. if (!d->metacopy || d->last)
  269. goto out;
  270. } else {
  271. if (ovl_lookup_trap_inode(d->sb, this)) {
  272. /* Caught in a trap of overlapping layers */
  273. warn = "overlapping layers";
  274. err = -ELOOP;
  275. goto out_warn;
  276. }
  277. if (last_element)
  278. d->is_dir = true;
  279. if (d->last)
  280. goto out;
  281. /* overlay.opaque=x means xwhiteouts directory */
  282. val = ovl_get_opaquedir_val(ofs, &path);
  283. if (last_element && !is_upper && val == 'x') {
  284. d->xwhiteouts = true;
  285. ovl_layer_set_xwhiteouts(ofs, d->layer);
  286. } else if (val == 'y') {
  287. d->stop = true;
  288. if (last_element)
  289. d->opaque = true;
  290. goto out;
  291. }
  292. }
  293. err = ovl_check_redirect(&path, d, prelen, post);
  294. if (err)
  295. goto out_err;
  296. out:
  297. *ret = this;
  298. return 0;
  299. put_and_out:
  300. dput(this);
  301. this = NULL;
  302. goto out;
  303. out_warn:
  304. pr_warn_ratelimited("failed lookup in %s (%pd2, name='%.*s', err=%i): %s\n",
  305. is_upper ? "upper" : "lower", base,
  306. namelen, name, err, warn);
  307. out_err:
  308. dput(this);
  309. return err;
  310. }
  311. static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
  312. struct dentry **ret, bool drop_negative)
  313. {
  314. /* Counting down from the end, since the prefix can change */
  315. size_t rem = d->name.len - 1;
  316. struct dentry *dentry = NULL;
  317. int err;
  318. if (d->name.name[0] != '/')
  319. return ovl_lookup_single(base, d, d->name.name, d->name.len,
  320. 0, "", ret, drop_negative);
  321. while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
  322. const char *s = d->name.name + d->name.len - rem;
  323. const char *next = strchrnul(s, '/');
  324. size_t thislen = next - s;
  325. bool end = !next[0];
  326. /* Verify we did not go off the rails */
  327. if (WARN_ON(s[-1] != '/'))
  328. return -EIO;
  329. err = ovl_lookup_single(base, d, s, thislen,
  330. d->name.len - rem, next, &base,
  331. drop_negative);
  332. dput(dentry);
  333. if (err)
  334. return err;
  335. dentry = base;
  336. if (end)
  337. break;
  338. rem -= thislen + 1;
  339. if (WARN_ON(rem >= d->name.len))
  340. return -EIO;
  341. }
  342. *ret = dentry;
  343. return 0;
  344. }
  345. static int ovl_lookup_data_layer(struct dentry *dentry, const char *redirect,
  346. const struct ovl_layer *layer,
  347. struct path *datapath)
  348. {
  349. int err;
  350. err = vfs_path_lookup(layer->mnt->mnt_root, layer->mnt, redirect,
  351. LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | LOOKUP_NO_XDEV,
  352. datapath);
  353. pr_debug("lookup lowerdata (%pd2, redirect=\"%s\", layer=%d, err=%i)\n",
  354. dentry, redirect, layer->idx, err);
  355. if (err)
  356. return err;
  357. err = -EREMOTE;
  358. if (ovl_dentry_weird(datapath->dentry))
  359. goto out_path_put;
  360. err = -ENOENT;
  361. /* Only regular file is acceptable as lower data */
  362. if (!d_is_reg(datapath->dentry))
  363. goto out_path_put;
  364. return 0;
  365. out_path_put:
  366. path_put(datapath);
  367. return err;
  368. }
  369. /* Lookup in data-only layers by absolute redirect to layer root */
  370. static int ovl_lookup_data_layers(struct dentry *dentry, const char *redirect,
  371. struct ovl_path *lowerdata)
  372. {
  373. struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
  374. const struct ovl_layer *layer;
  375. struct path datapath;
  376. int err = -ENOENT;
  377. int i;
  378. layer = &ofs->layers[ofs->numlayer - ofs->numdatalayer];
  379. for (i = 0; i < ofs->numdatalayer; i++, layer++) {
  380. err = ovl_lookup_data_layer(dentry, redirect, layer, &datapath);
  381. if (!err) {
  382. mntput(datapath.mnt);
  383. lowerdata->dentry = datapath.dentry;
  384. lowerdata->layer = layer;
  385. return 0;
  386. }
  387. }
  388. return err;
  389. }
  390. int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
  391. struct dentry *upperdentry, struct ovl_path **stackp)
  392. {
  393. struct dentry *origin = NULL;
  394. int i;
  395. for (i = 1; i <= ovl_numlowerlayer(ofs); i++) {
  396. /*
  397. * If lower fs uuid is not unique among lower fs we cannot match
  398. * fh->uuid to layer.
  399. */
  400. if (ofs->layers[i].fsid &&
  401. ofs->layers[i].fs->bad_uuid)
  402. continue;
  403. origin = ovl_decode_real_fh(ofs, fh, ofs->layers[i].mnt,
  404. connected);
  405. if (origin)
  406. break;
  407. }
  408. if (!origin)
  409. return -ESTALE;
  410. else if (IS_ERR(origin))
  411. return PTR_ERR(origin);
  412. if (upperdentry && !ovl_upper_is_whiteout(ofs, upperdentry) &&
  413. inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode))
  414. goto invalid;
  415. if (!*stackp)
  416. *stackp = kmalloc_obj(struct ovl_path);
  417. if (!*stackp) {
  418. dput(origin);
  419. return -ENOMEM;
  420. }
  421. **stackp = (struct ovl_path){
  422. .dentry = origin,
  423. .layer = &ofs->layers[i]
  424. };
  425. return 0;
  426. invalid:
  427. pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
  428. upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
  429. d_inode(origin)->i_mode & S_IFMT);
  430. dput(origin);
  431. return -ESTALE;
  432. }
  433. static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
  434. struct ovl_path **stackp)
  435. {
  436. struct ovl_fh *fh = ovl_get_fh(ofs, upperdentry, OVL_XATTR_ORIGIN);
  437. int err;
  438. if (IS_ERR_OR_NULL(fh))
  439. return PTR_ERR(fh);
  440. err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp);
  441. kfree(fh);
  442. if (err) {
  443. if (err == -ESTALE)
  444. return 0;
  445. return err;
  446. }
  447. return 0;
  448. }
  449. /*
  450. * Verify that @fh matches the file handle stored in xattr @name.
  451. * Return 0 on match, -ESTALE on mismatch, < 0 on error.
  452. */
  453. static int ovl_verify_fh(struct ovl_fs *ofs, struct dentry *dentry,
  454. enum ovl_xattr ox, const struct ovl_fh *fh)
  455. {
  456. struct ovl_fh *ofh = ovl_get_fh(ofs, dentry, ox);
  457. int err = 0;
  458. if (!ofh)
  459. return -ENODATA;
  460. if (IS_ERR(ofh))
  461. return PTR_ERR(ofh);
  462. if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len))
  463. err = -ESTALE;
  464. kfree(ofh);
  465. return err;
  466. }
  467. int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry,
  468. enum ovl_xattr ox, const struct ovl_fh *fh,
  469. bool is_upper, bool set)
  470. {
  471. int err;
  472. err = ovl_verify_fh(ofs, dentry, ox, fh);
  473. if (set && err == -ENODATA)
  474. err = ovl_setxattr(ofs, dentry, ox, fh->buf, fh->fb.len);
  475. return err;
  476. }
  477. /*
  478. * Verify that @real dentry matches the file handle stored in xattr @name.
  479. *
  480. * If @set is true and there is no stored file handle, encode @real and store
  481. * file handle in xattr @name.
  482. *
  483. * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
  484. */
  485. int ovl_verify_origin_xattr(struct ovl_fs *ofs, struct dentry *dentry,
  486. enum ovl_xattr ox, struct dentry *real,
  487. bool is_upper, bool set)
  488. {
  489. struct inode *inode;
  490. struct ovl_fh *fh;
  491. int err;
  492. fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper);
  493. err = PTR_ERR(fh);
  494. if (IS_ERR(fh)) {
  495. fh = NULL;
  496. goto fail;
  497. }
  498. err = ovl_verify_set_fh(ofs, dentry, ox, fh, is_upper, set);
  499. if (err)
  500. goto fail;
  501. out:
  502. kfree(fh);
  503. return err;
  504. fail:
  505. inode = d_inode(real);
  506. pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n",
  507. is_upper ? "upper" : "origin", real,
  508. inode ? inode->i_ino : 0, err);
  509. goto out;
  510. }
  511. /* Get upper dentry from index */
  512. struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index,
  513. bool connected)
  514. {
  515. struct ovl_fh *fh;
  516. struct dentry *upper;
  517. if (!d_is_dir(index))
  518. return dget(index);
  519. fh = ovl_get_fh(ofs, index, OVL_XATTR_UPPER);
  520. if (IS_ERR_OR_NULL(fh))
  521. return ERR_CAST(fh);
  522. upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), connected);
  523. kfree(fh);
  524. if (IS_ERR_OR_NULL(upper))
  525. return upper ?: ERR_PTR(-ESTALE);
  526. if (!d_is_dir(upper)) {
  527. pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n",
  528. index, upper);
  529. dput(upper);
  530. return ERR_PTR(-EIO);
  531. }
  532. return upper;
  533. }
  534. /*
  535. * Verify that an index entry name matches the origin file handle stored in
  536. * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
  537. * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
  538. */
  539. int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
  540. {
  541. struct ovl_fh *fh = NULL;
  542. size_t len;
  543. struct ovl_path origin = { };
  544. struct ovl_path *stack = &origin;
  545. struct dentry *upper = NULL;
  546. int err;
  547. if (!d_inode(index))
  548. return 0;
  549. err = -EINVAL;
  550. if (index->d_name.len < sizeof(struct ovl_fb)*2)
  551. goto fail;
  552. err = -ENOMEM;
  553. len = index->d_name.len / 2;
  554. fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
  555. if (!fh)
  556. goto fail;
  557. err = -EINVAL;
  558. if (hex2bin(fh->buf, index->d_name.name, len))
  559. goto fail;
  560. err = ovl_check_fb_len(&fh->fb, len);
  561. if (err)
  562. goto fail;
  563. /*
  564. * Whiteout index entries are used as an indication that an exported
  565. * overlay file handle should be treated as stale (i.e. after unlink
  566. * of the overlay inode). These entries contain no origin xattr.
  567. */
  568. if (ovl_is_whiteout(index))
  569. goto out;
  570. /*
  571. * Verifying directory index entries are not stale is expensive, so
  572. * only verify stale dir index if NFS export is enabled.
  573. */
  574. if (d_is_dir(index) && !ofs->config.nfs_export)
  575. goto out;
  576. /*
  577. * Directory index entries should have 'upper' xattr pointing to the
  578. * real upper dir. Non-dir index entries are hardlinks to the upper
  579. * real inode. For non-dir index, we can read the copy up origin xattr
  580. * directly from the index dentry, but for dir index we first need to
  581. * decode the upper directory.
  582. */
  583. upper = ovl_index_upper(ofs, index, false);
  584. if (IS_ERR_OR_NULL(upper)) {
  585. err = PTR_ERR(upper);
  586. /*
  587. * Directory index entries with no 'upper' xattr need to be
  588. * removed. When dir index entry has a stale 'upper' xattr,
  589. * we assume that upper dir was removed and we treat the dir
  590. * index as orphan entry that needs to be whited out.
  591. */
  592. if (err == -ESTALE)
  593. goto orphan;
  594. else if (!err)
  595. err = -ESTALE;
  596. goto fail;
  597. }
  598. err = ovl_verify_fh(ofs, upper, OVL_XATTR_ORIGIN, fh);
  599. dput(upper);
  600. if (err)
  601. goto fail;
  602. /* Check if non-dir index is orphan and don't warn before cleaning it */
  603. if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
  604. err = ovl_check_origin_fh(ofs, fh, false, index, &stack);
  605. if (err)
  606. goto fail;
  607. if (ovl_get_nlink(ofs, origin.dentry, index, 0) == 0)
  608. goto orphan;
  609. }
  610. out:
  611. dput(origin.dentry);
  612. kfree(fh);
  613. return err;
  614. fail:
  615. pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n",
  616. index, d_inode(index)->i_mode & S_IFMT, err);
  617. goto out;
  618. orphan:
  619. pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
  620. index, d_inode(index)->i_mode & S_IFMT,
  621. d_inode(index)->i_nlink);
  622. err = -ENOENT;
  623. goto out;
  624. }
  625. int ovl_get_index_name_fh(const struct ovl_fh *fh, struct qstr *name)
  626. {
  627. char *n, *s;
  628. n = kcalloc(fh->fb.len, 2, GFP_KERNEL);
  629. if (!n)
  630. return -ENOMEM;
  631. s = bin2hex(n, fh->buf, fh->fb.len);
  632. *name = (struct qstr) QSTR_INIT(n, s - n);
  633. return 0;
  634. }
  635. /*
  636. * Lookup in indexdir for the index entry of a lower real inode or a copy up
  637. * origin inode. The index entry name is the hex representation of the lower
  638. * inode file handle.
  639. *
  640. * If the index dentry in negative, then either no lower aliases have been
  641. * copied up yet, or aliases have been copied up in older kernels and are
  642. * not indexed.
  643. *
  644. * If the index dentry for a copy up origin inode is positive, but points
  645. * to an inode different than the upper inode, then either the upper inode
  646. * has been copied up and not indexed or it was indexed, but since then
  647. * index dir was cleared. Either way, that index cannot be used to identify
  648. * the overlay inode.
  649. */
  650. int ovl_get_index_name(struct ovl_fs *ofs, struct dentry *origin,
  651. struct qstr *name)
  652. {
  653. struct ovl_fh *fh;
  654. int err;
  655. fh = ovl_encode_real_fh(ofs, d_inode(origin), false);
  656. if (IS_ERR(fh))
  657. return PTR_ERR(fh);
  658. err = ovl_get_index_name_fh(fh, name);
  659. kfree(fh);
  660. return err;
  661. }
  662. /* Lookup index by file handle for NFS export */
  663. struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
  664. {
  665. struct dentry *index;
  666. struct qstr name;
  667. int err;
  668. err = ovl_get_index_name_fh(fh, &name);
  669. if (err)
  670. return ERR_PTR(err);
  671. index = lookup_noperm_positive_unlocked(&name, ofs->workdir);
  672. kfree(name.name);
  673. if (IS_ERR(index)) {
  674. if (PTR_ERR(index) == -ENOENT)
  675. index = NULL;
  676. return index;
  677. }
  678. if (ovl_is_whiteout(index))
  679. err = -ESTALE;
  680. else if (ovl_dentry_weird(index))
  681. err = -EIO;
  682. else
  683. return index;
  684. dput(index);
  685. return ERR_PTR(err);
  686. }
  687. struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
  688. struct dentry *origin, bool verify)
  689. {
  690. struct dentry *index;
  691. struct inode *inode;
  692. struct qstr name;
  693. bool is_dir = d_is_dir(origin);
  694. int err;
  695. err = ovl_get_index_name(ofs, origin, &name);
  696. if (err)
  697. return ERR_PTR(err);
  698. index = lookup_one_positive_unlocked(ovl_upper_mnt_idmap(ofs), &name,
  699. ofs->workdir);
  700. if (IS_ERR(index)) {
  701. err = PTR_ERR(index);
  702. if (err == -ENOENT) {
  703. index = NULL;
  704. goto out;
  705. }
  706. pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n"
  707. "overlayfs: mount with '-o index=off' to disable inodes index.\n",
  708. d_inode(origin)->i_ino, name.len, name.name,
  709. err);
  710. goto out;
  711. }
  712. inode = d_inode(index);
  713. if (ovl_is_whiteout(index) && !verify) {
  714. /*
  715. * When index lookup is called with !verify for decoding an
  716. * overlay file handle, a whiteout index implies that decode
  717. * should treat file handle as stale and no need to print a
  718. * warning about it.
  719. */
  720. dput(index);
  721. index = ERR_PTR(-ESTALE);
  722. goto out;
  723. } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
  724. inode_wrong_type(inode, d_inode(origin)->i_mode)) {
  725. /*
  726. * Index should always be of the same file type as origin
  727. * except for the case of a whiteout index. A whiteout
  728. * index should only exist if all lower aliases have been
  729. * unlinked, which means that finding a lower origin on lookup
  730. * whose index is a whiteout should be treated as an error.
  731. */
  732. pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
  733. index, d_inode(index)->i_mode & S_IFMT,
  734. d_inode(origin)->i_mode & S_IFMT);
  735. goto fail;
  736. } else if (is_dir && verify) {
  737. if (!upper) {
  738. pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
  739. origin, index);
  740. goto fail;
  741. }
  742. /* Verify that dir index 'upper' xattr points to upper dir */
  743. err = ovl_verify_upper(ofs, index, upper, false);
  744. if (err) {
  745. if (err == -ESTALE) {
  746. pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
  747. upper, origin, index);
  748. }
  749. goto fail;
  750. }
  751. } else if (upper && d_inode(upper) != inode) {
  752. goto out_dput;
  753. }
  754. out:
  755. kfree(name.name);
  756. return index;
  757. out_dput:
  758. dput(index);
  759. index = NULL;
  760. goto out;
  761. fail:
  762. dput(index);
  763. index = ERR_PTR(-EIO);
  764. goto out;
  765. }
  766. /*
  767. * Returns next layer in stack starting from top.
  768. * Returns -1 if this is the last layer.
  769. */
  770. int ovl_path_next(int idx, struct dentry *dentry, struct path *path,
  771. const struct ovl_layer **layer)
  772. {
  773. struct ovl_entry *oe = OVL_E(dentry);
  774. struct ovl_path *lowerstack = ovl_lowerstack(oe);
  775. BUG_ON(idx < 0);
  776. if (idx == 0) {
  777. ovl_path_upper(dentry, path);
  778. if (path->dentry) {
  779. *layer = &OVL_FS(dentry->d_sb)->layers[0];
  780. return ovl_numlower(oe) ? 1 : -1;
  781. }
  782. idx++;
  783. }
  784. BUG_ON(idx > ovl_numlower(oe));
  785. path->dentry = lowerstack[idx - 1].dentry;
  786. *layer = lowerstack[idx - 1].layer;
  787. path->mnt = (*layer)->mnt;
  788. return (idx < ovl_numlower(oe)) ? idx + 1 : -1;
  789. }
  790. /* Fix missing 'origin' xattr */
  791. static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry,
  792. struct dentry *lower, struct dentry *upper)
  793. {
  794. const struct ovl_fh *fh;
  795. int err;
  796. if (ovl_check_origin_xattr(ofs, upper))
  797. return 0;
  798. fh = ovl_get_origin_fh(ofs, lower);
  799. if (IS_ERR(fh))
  800. return PTR_ERR(fh);
  801. err = ovl_want_write(dentry);
  802. if (err)
  803. goto out;
  804. err = ovl_set_origin_fh(ofs, fh, upper);
  805. if (!err)
  806. err = ovl_set_impure(dentry->d_parent, upper->d_parent);
  807. ovl_drop_write(dentry);
  808. out:
  809. kfree(fh);
  810. return err;
  811. }
  812. static int ovl_maybe_validate_verity(struct dentry *dentry)
  813. {
  814. struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
  815. struct inode *inode = d_inode(dentry);
  816. struct path datapath, metapath;
  817. int err;
  818. if (!ofs->config.verity_mode ||
  819. !ovl_is_metacopy_dentry(dentry) ||
  820. ovl_test_flag(OVL_VERIFIED_DIGEST, inode))
  821. return 0;
  822. if (!ovl_test_flag(OVL_HAS_DIGEST, inode)) {
  823. if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) {
  824. pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n",
  825. dentry);
  826. return -EIO;
  827. }
  828. return 0;
  829. }
  830. ovl_path_lowerdata(dentry, &datapath);
  831. if (!datapath.dentry)
  832. return -EIO;
  833. ovl_path_real(dentry, &metapath);
  834. if (!metapath.dentry)
  835. return -EIO;
  836. err = ovl_inode_lock_interruptible(inode);
  837. if (err)
  838. return err;
  839. if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) {
  840. with_ovl_creds(dentry->d_sb)
  841. err = ovl_validate_verity(ofs, &metapath, &datapath);
  842. if (err == 0)
  843. ovl_set_flag(OVL_VERIFIED_DIGEST, inode);
  844. }
  845. ovl_inode_unlock(inode);
  846. return err;
  847. }
  848. /* Lazy lookup of lowerdata */
  849. static int ovl_maybe_lookup_lowerdata(struct dentry *dentry)
  850. {
  851. struct inode *inode = d_inode(dentry);
  852. const char *redirect = ovl_lowerdata_redirect(inode);
  853. struct ovl_path datapath = {};
  854. int err;
  855. if (!redirect || ovl_dentry_lowerdata(dentry))
  856. return 0;
  857. if (redirect[0] != '/')
  858. return -EIO;
  859. err = ovl_inode_lock_interruptible(inode);
  860. if (err)
  861. return err;
  862. err = 0;
  863. /* Someone got here before us? */
  864. if (ovl_dentry_lowerdata(dentry))
  865. goto out;
  866. with_ovl_creds(dentry->d_sb)
  867. err = ovl_lookup_data_layers(dentry, redirect, &datapath);
  868. if (err)
  869. goto out_err;
  870. err = ovl_dentry_set_lowerdata(dentry, &datapath);
  871. if (err)
  872. goto out_err;
  873. out:
  874. ovl_inode_unlock(inode);
  875. dput(datapath.dentry);
  876. return err;
  877. out_err:
  878. pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n",
  879. dentry, err);
  880. goto out;
  881. }
  882. int ovl_verify_lowerdata(struct dentry *dentry)
  883. {
  884. int err;
  885. err = ovl_maybe_lookup_lowerdata(dentry);
  886. if (err)
  887. return err;
  888. return ovl_maybe_validate_verity(dentry);
  889. }
  890. /*
  891. * Following redirects/metacopy can have security consequences: it's like a
  892. * symlink into the lower layer without the permission checks.
  893. *
  894. * This is only a problem if the upper layer is untrusted (e.g comes from an USB
  895. * drive). This can allow a non-readable file or directory to become readable.
  896. *
  897. * Only following redirects when redirects are enabled disables this attack
  898. * vector when not necessary.
  899. */
  900. static bool ovl_check_follow_redirect(struct ovl_lookup_data *d)
  901. {
  902. struct ovl_fs *ofs = OVL_FS(d->sb);
  903. if (d->metacopy && !ofs->config.metacopy) {
  904. pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", d->dentry);
  905. return false;
  906. }
  907. if ((d->redirect || d->upperredirect) && !ovl_redirect_follow(ofs)) {
  908. pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", d->dentry);
  909. return false;
  910. }
  911. return true;
  912. }
  913. struct ovl_lookup_ctx {
  914. struct dentry *dentry;
  915. struct ovl_entry *oe;
  916. struct ovl_path *stack;
  917. struct ovl_path *origin_path;
  918. struct dentry *upperdentry;
  919. struct dentry *index;
  920. struct inode *inode;
  921. unsigned int ctr;
  922. };
  923. static int ovl_lookup_layers(struct ovl_lookup_ctx *ctx, struct ovl_lookup_data *d)
  924. {
  925. struct dentry *dentry = ctx->dentry;
  926. struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
  927. struct ovl_entry *poe = OVL_E(dentry->d_parent);
  928. struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root);
  929. bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer);
  930. struct dentry *upperdir;
  931. struct dentry *this;
  932. struct dentry *origin = NULL;
  933. bool upperopaque = false;
  934. bool uppermetacopy = false;
  935. int metacopy_size = 0;
  936. unsigned int i;
  937. int err;
  938. upperdir = ovl_dentry_upper(dentry->d_parent);
  939. if (upperdir) {
  940. d->layer = &ofs->layers[0];
  941. err = ovl_lookup_layer(upperdir, d, &ctx->upperdentry, true);
  942. if (err)
  943. return err;
  944. if (ctx->upperdentry && ctx->upperdentry->d_flags & DCACHE_OP_REAL)
  945. return -EREMOTE;
  946. if (ctx->upperdentry && !d->is_dir) {
  947. /*
  948. * Lookup copy up origin by decoding origin file handle.
  949. * We may get a disconnected dentry, which is fine,
  950. * because we only need to hold the origin inode in
  951. * cache and use its inode number. We may even get a
  952. * connected dentry, that is not under any of the lower
  953. * layers root. That is also fine for using it's inode
  954. * number - it's the same as if we held a reference
  955. * to a dentry in lower layer that was moved under us.
  956. */
  957. err = ovl_check_origin(ofs, ctx->upperdentry, &ctx->origin_path);
  958. if (err)
  959. return err;
  960. if (d->metacopy)
  961. uppermetacopy = true;
  962. metacopy_size = d->metacopy;
  963. }
  964. if (d->redirect) {
  965. err = -ENOMEM;
  966. d->upperredirect = kstrdup(d->redirect, GFP_KERNEL);
  967. if (!d->upperredirect)
  968. return err;
  969. if (d->redirect[0] == '/')
  970. poe = roe;
  971. }
  972. upperopaque = d->opaque;
  973. }
  974. if (!d->stop && ovl_numlower(poe)) {
  975. err = -ENOMEM;
  976. ctx->stack = ovl_stack_alloc(ofs->numlayer - 1);
  977. if (!ctx->stack)
  978. return err;
  979. }
  980. for (i = 0; !d->stop && i < ovl_numlower(poe); i++) {
  981. struct ovl_path lower = ovl_lowerstack(poe)[i];
  982. if (!ovl_check_follow_redirect(d)) {
  983. err = -EPERM;
  984. return err;
  985. }
  986. if (!check_redirect)
  987. d->last = i == ovl_numlower(poe) - 1;
  988. else if (d->is_dir || !ofs->numdatalayer)
  989. d->last = lower.layer->idx == ovl_numlower(roe);
  990. d->layer = lower.layer;
  991. err = ovl_lookup_layer(lower.dentry, d, &this, false);
  992. if (err)
  993. return err;
  994. if (!this)
  995. continue;
  996. /*
  997. * If no origin fh is stored in upper of a merge dir, store fh
  998. * of lower dir and set upper parent "impure".
  999. */
  1000. if (ctx->upperdentry && !ctx->ctr && !ofs->noxattr && d->is_dir) {
  1001. err = ovl_fix_origin(ofs, dentry, this, ctx->upperdentry);
  1002. if (err) {
  1003. dput(this);
  1004. return err;
  1005. }
  1006. }
  1007. /*
  1008. * When "verify_lower" feature is enabled, do not merge with a
  1009. * lower dir that does not match a stored origin xattr. In any
  1010. * case, only verified origin is used for index lookup.
  1011. *
  1012. * For non-dir dentry, if index=on, then ensure origin
  1013. * matches the dentry found using path based lookup,
  1014. * otherwise error out.
  1015. */
  1016. if (ctx->upperdentry && !ctx->ctr &&
  1017. ((d->is_dir && ovl_verify_lower(dentry->d_sb)) ||
  1018. (!d->is_dir && ofs->config.index && ctx->origin_path))) {
  1019. err = ovl_verify_origin(ofs, ctx->upperdentry, this, false);
  1020. if (err) {
  1021. dput(this);
  1022. if (d->is_dir)
  1023. break;
  1024. return err;
  1025. }
  1026. origin = this;
  1027. }
  1028. if (!ctx->upperdentry && !d->is_dir && !ctx->ctr && d->metacopy)
  1029. metacopy_size = d->metacopy;
  1030. if (d->metacopy && ctx->ctr) {
  1031. /*
  1032. * Do not store intermediate metacopy dentries in
  1033. * lower chain, except top most lower metacopy dentry.
  1034. * Continue the loop so that if there is an absolute
  1035. * redirect on this dentry, poe can be reset to roe.
  1036. */
  1037. dput(this);
  1038. this = NULL;
  1039. } else {
  1040. ctx->stack[ctx->ctr].dentry = this;
  1041. ctx->stack[ctx->ctr].layer = lower.layer;
  1042. ctx->ctr++;
  1043. }
  1044. if (d->stop)
  1045. break;
  1046. if (d->redirect && d->redirect[0] == '/' && poe != roe) {
  1047. poe = roe;
  1048. /* Find the current layer on the root dentry */
  1049. i = lower.layer->idx - 1;
  1050. }
  1051. }
  1052. /*
  1053. * Defer lookup of lowerdata in data-only layers to first access.
  1054. * Don't require redirect=follow and metacopy=on in this case.
  1055. */
  1056. if (d->metacopy && ctx->ctr && ofs->numdatalayer && d->absolute_redirect) {
  1057. d->metacopy = 0;
  1058. ctx->ctr++;
  1059. } else if (!ovl_check_follow_redirect(d)) {
  1060. err = -EPERM;
  1061. return err;
  1062. }
  1063. /*
  1064. * For regular non-metacopy upper dentries, there is no lower
  1065. * path based lookup, hence ctr will be zero. If a dentry is found
  1066. * using ORIGIN xattr on upper, install it in stack.
  1067. *
  1068. * For metacopy dentry, path based lookup will find lower dentries.
  1069. * Just make sure a corresponding data dentry has been found.
  1070. */
  1071. if (d->metacopy || (uppermetacopy && !ctx->ctr)) {
  1072. pr_warn_ratelimited("metacopy with no lower data found - abort lookup (%pd2)\n",
  1073. dentry);
  1074. err = -EIO;
  1075. return err;
  1076. } else if (!d->is_dir && ctx->upperdentry && !ctx->ctr && ctx->origin_path) {
  1077. if (WARN_ON(ctx->stack != NULL)) {
  1078. err = -EIO;
  1079. return err;
  1080. }
  1081. ctx->stack = ctx->origin_path;
  1082. ctx->ctr = 1;
  1083. origin = ctx->origin_path->dentry;
  1084. ctx->origin_path = NULL;
  1085. }
  1086. /*
  1087. * Always lookup index if there is no-upperdentry.
  1088. *
  1089. * For the case of upperdentry, we have set origin by now if it
  1090. * needed to be set. There are basically three cases.
  1091. *
  1092. * For directories, lookup index by lower inode and verify it matches
  1093. * upper inode. We only trust dir index if we verified that lower dir
  1094. * matches origin, otherwise dir index entries may be inconsistent
  1095. * and we ignore them.
  1096. *
  1097. * For regular upper, we already set origin if upper had ORIGIN
  1098. * xattr. There is no verification though as there is no path
  1099. * based dentry lookup in lower in this case.
  1100. *
  1101. * For metacopy upper, we set a verified origin already if index
  1102. * is enabled and if upper had an ORIGIN xattr.
  1103. *
  1104. */
  1105. if (!ctx->upperdentry && ctx->ctr)
  1106. origin = ctx->stack[0].dentry;
  1107. if (origin && ovl_indexdir(dentry->d_sb) &&
  1108. (!d->is_dir || ovl_index_all(dentry->d_sb))) {
  1109. ctx->index = ovl_lookup_index(ofs, ctx->upperdentry, origin, true);
  1110. if (IS_ERR(ctx->index)) {
  1111. err = PTR_ERR(ctx->index);
  1112. ctx->index = NULL;
  1113. return err;
  1114. }
  1115. }
  1116. if (ctx->ctr) {
  1117. ctx->oe = ovl_alloc_entry(ctx->ctr);
  1118. err = -ENOMEM;
  1119. if (!ctx->oe)
  1120. return err;
  1121. ovl_stack_cpy(ovl_lowerstack(ctx->oe), ctx->stack, ctx->ctr);
  1122. }
  1123. if (upperopaque)
  1124. ovl_dentry_set_opaque(dentry);
  1125. if (d->xwhiteouts)
  1126. ovl_dentry_set_xwhiteouts(dentry);
  1127. if (ctx->upperdentry)
  1128. ovl_dentry_set_upper_alias(dentry);
  1129. else if (ctx->index) {
  1130. char *upperredirect;
  1131. struct path upperpath = {
  1132. .dentry = ctx->upperdentry = dget(ctx->index),
  1133. .mnt = ovl_upper_mnt(ofs),
  1134. };
  1135. /*
  1136. * It's safe to assign upperredirect here: the previous
  1137. * assignment happens only if upperdentry is non-NULL, and
  1138. * this one only if upperdentry is NULL.
  1139. */
  1140. upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
  1141. if (IS_ERR(upperredirect))
  1142. return PTR_ERR(upperredirect);
  1143. d->upperredirect = upperredirect;
  1144. err = ovl_check_metacopy_xattr(ofs, &upperpath, NULL);
  1145. if (err < 0)
  1146. return err;
  1147. d->metacopy = uppermetacopy = err;
  1148. metacopy_size = err;
  1149. if (!ovl_check_follow_redirect(d)) {
  1150. err = -EPERM;
  1151. return err;
  1152. }
  1153. }
  1154. if (ctx->upperdentry || ctx->ctr) {
  1155. struct inode *inode;
  1156. struct ovl_inode_params oip = {
  1157. .upperdentry = ctx->upperdentry,
  1158. .oe = ctx->oe,
  1159. .index = ctx->index,
  1160. .redirect = d->upperredirect,
  1161. };
  1162. /* Store lowerdata redirect for lazy lookup */
  1163. if (ctx->ctr > 1 && !d->is_dir && !ctx->stack[ctx->ctr - 1].dentry) {
  1164. oip.lowerdata_redirect = d->redirect;
  1165. d->redirect = NULL;
  1166. }
  1167. inode = ovl_get_inode(dentry->d_sb, &oip);
  1168. if (IS_ERR(inode))
  1169. return PTR_ERR(inode);
  1170. ctx->inode = inode;
  1171. if (ctx->upperdentry && !uppermetacopy)
  1172. ovl_set_flag(OVL_UPPERDATA, ctx->inode);
  1173. if (metacopy_size > OVL_METACOPY_MIN_SIZE)
  1174. ovl_set_flag(OVL_HAS_DIGEST, ctx->inode);
  1175. }
  1176. ovl_dentry_init_reval(dentry, ctx->upperdentry, OVL_I_E(ctx->inode));
  1177. return 0;
  1178. }
  1179. struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
  1180. unsigned int flags)
  1181. {
  1182. struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
  1183. struct ovl_entry *poe = OVL_E(dentry->d_parent);
  1184. bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer);
  1185. int err;
  1186. struct ovl_lookup_ctx ctx = {
  1187. .dentry = dentry,
  1188. };
  1189. struct ovl_lookup_data d = {
  1190. .sb = dentry->d_sb,
  1191. .dentry = dentry,
  1192. .name = dentry->d_name,
  1193. .last = check_redirect ? false : !ovl_numlower(poe),
  1194. };
  1195. if (dentry->d_name.len > ofs->namelen)
  1196. return ERR_PTR(-ENAMETOOLONG);
  1197. with_ovl_creds(dentry->d_sb)
  1198. err = ovl_lookup_layers(&ctx, &d);
  1199. if (ctx.origin_path) {
  1200. dput(ctx.origin_path->dentry);
  1201. kfree(ctx.origin_path);
  1202. }
  1203. dput(ctx.index);
  1204. ovl_stack_free(ctx.stack, ctx.ctr);
  1205. kfree(d.redirect);
  1206. if (err) {
  1207. ovl_free_entry(ctx.oe);
  1208. dput(ctx.upperdentry);
  1209. kfree(d.upperredirect);
  1210. return ERR_PTR(err);
  1211. }
  1212. return d_splice_alias(ctx.inode, dentry);
  1213. }
  1214. bool ovl_lower_positive(struct dentry *dentry)
  1215. {
  1216. struct ovl_entry *poe = OVL_E(dentry->d_parent);
  1217. const struct qstr *name = &dentry->d_name;
  1218. unsigned int i;
  1219. bool positive = false;
  1220. bool done = false;
  1221. /*
  1222. * If dentry is negative, then lower is positive iff this is a
  1223. * whiteout.
  1224. */
  1225. if (!dentry->d_inode)
  1226. return ovl_dentry_is_opaque(dentry);
  1227. /* Negative upper -> positive lower */
  1228. if (!ovl_dentry_upper(dentry))
  1229. return true;
  1230. with_ovl_creds(dentry->d_sb) {
  1231. /* Positive upper -> have to look up lower to see whether it exists */
  1232. for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) {
  1233. struct dentry *this;
  1234. struct ovl_path *parentpath = &ovl_lowerstack(poe)[i];
  1235. /*
  1236. * We need to make a non-const copy of dentry->d_name,
  1237. * because lookup_one_positive_unlocked() will hash name
  1238. * with parentpath base, which is on another (lower fs).
  1239. */
  1240. this = lookup_one_positive_unlocked(mnt_idmap(parentpath->layer->mnt),
  1241. &QSTR_LEN(name->name, name->len),
  1242. parentpath->dentry);
  1243. if (IS_ERR(this)) {
  1244. switch (PTR_ERR(this)) {
  1245. case -ENOENT:
  1246. case -ENAMETOOLONG:
  1247. break;
  1248. default:
  1249. /*
  1250. * Assume something is there, we just couldn't
  1251. * access it.
  1252. */
  1253. positive = true;
  1254. break;
  1255. }
  1256. } else {
  1257. struct path path = {
  1258. .dentry = this,
  1259. .mnt = parentpath->layer->mnt,
  1260. };
  1261. positive = !ovl_path_is_whiteout(OVL_FS(dentry->d_sb), &path);
  1262. done = true;
  1263. dput(this);
  1264. }
  1265. }
  1266. }
  1267. return positive;
  1268. }