1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2011 Novell Inc.
4 * Copyright (C) 2016 Red Hat, Inc.
5 */
6
7 #include <linux/fs.h>
8 #include <linux/cred.h>
9 #include <linux/ctype.h>
10 #include <linux/namei.h>
11 #include <linux/xattr.h>
12 #include <linux/ratelimit.h>
13 #include <linux/mount.h>
14 #include <linux/exportfs.h>
15 #include "overlayfs.h"
16
17 struct ovl_lookup_data {
18 struct super_block *sb;
19 struct dentry *dentry;
20 const struct ovl_layer *layer;
21 struct qstr name;
22 bool is_dir;
23 bool opaque;
24 bool xwhiteouts;
25 bool stop;
26 bool last;
27 char *redirect;
28 char *upperredirect;
29 int metacopy;
30 /* Referring to last redirect xattr */
31 bool absolute_redirect;
32 };
33
ovl_check_redirect(const struct path * path,struct ovl_lookup_data * d,size_t prelen,const char * post)34 static int ovl_check_redirect(const struct path *path, struct ovl_lookup_data *d,
35 size_t prelen, const char *post)
36 {
37 int res;
38 char *buf;
39 struct ovl_fs *ofs = OVL_FS(d->sb);
40
41 d->absolute_redirect = false;
42 buf = ovl_get_redirect_xattr(ofs, path, prelen + strlen(post));
43 if (IS_ERR_OR_NULL(buf))
44 return PTR_ERR(buf);
45
46 if (buf[0] == '/') {
47 d->absolute_redirect = true;
48 /*
49 * One of the ancestor path elements in an absolute path
50 * lookup in ovl_lookup_layer() could have been opaque and
51 * that will stop further lookup in lower layers (d->stop=true)
52 * But we have found an absolute redirect in descendant path
53 * element and that should force continue lookup in lower
54 * layers (reset d->stop).
55 */
56 d->stop = false;
57 } else {
58 res = strlen(buf) + 1;
59 memmove(buf + prelen, buf, res);
60 memcpy(buf, d->name.name, prelen);
61 }
62
63 strcat(buf, post);
64 kfree(d->redirect);
65 d->redirect = buf;
66 d->name.name = d->redirect;
67 d->name.len = strlen(d->redirect);
68
69 return 0;
70 }
71
ovl_acceptable(void * ctx,struct dentry * dentry)72 static int ovl_acceptable(void *ctx, struct dentry *dentry)
73 {
74 /*
75 * A non-dir origin may be disconnected, which is fine, because
76 * we only need it for its unique inode number.
77 */
78 if (!d_is_dir(dentry))
79 return 1;
80
81 /* Don't decode a deleted empty directory */
82 if (d_unhashed(dentry))
83 return 0;
84
85 /* Check if directory belongs to the layer we are decoding from */
86 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
87 }
88
89 /*
90 * Check validity of an overlay file handle buffer.
91 *
92 * Return 0 for a valid file handle.
93 * Return -ENODATA for "origin unknown".
94 * Return <0 for an invalid file handle.
95 */
ovl_check_fb_len(struct ovl_fb * fb,int fb_len)96 int ovl_check_fb_len(struct ovl_fb *fb, int fb_len)
97 {
98 if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len)
99 return -EINVAL;
100
101 if (fb->magic != OVL_FH_MAGIC)
102 return -EINVAL;
103
104 /* Treat larger version and unknown flags as "origin unknown" */
105 if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL)
106 return -ENODATA;
107
108 /* Treat endianness mismatch as "origin unknown" */
109 if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
110 (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
111 return -ENODATA;
112
113 return 0;
114 }
115
ovl_get_fh(struct ovl_fs * ofs,struct dentry * upperdentry,enum ovl_xattr ox)116 static struct ovl_fh *ovl_get_fh(struct ovl_fs *ofs, struct dentry *upperdentry,
117 enum ovl_xattr ox)
118 {
119 int res, err;
120 struct ovl_fh *fh = NULL;
121
122 res = ovl_getxattr_upper(ofs, upperdentry, ox, NULL, 0);
123 if (res < 0) {
124 if (res == -ENODATA || res == -EOPNOTSUPP)
125 return NULL;
126 goto fail;
127 }
128 /* Zero size value means "copied up but origin unknown" */
129 if (res == 0)
130 return NULL;
131
132 fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
133 if (!fh)
134 return ERR_PTR(-ENOMEM);
135
136 res = ovl_getxattr_upper(ofs, upperdentry, ox, fh->buf, res);
137 if (res < 0)
138 goto fail;
139
140 err = ovl_check_fb_len(&fh->fb, res);
141 if (err < 0) {
142 if (err == -ENODATA)
143 goto out;
144 goto invalid;
145 }
146
147 return fh;
148
149 out:
150 kfree(fh);
151 return NULL;
152
153 fail:
154 pr_warn_ratelimited("failed to get origin (%i)\n", res);
155 goto out;
156 invalid:
157 pr_warn_ratelimited("invalid origin (%*phN)\n", res, fh);
158 goto out;
159 }
160
ovl_decode_real_fh(struct ovl_fs * ofs,struct ovl_fh * fh,struct vfsmount * mnt,bool connected)161 struct dentry *ovl_decode_real_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
162 struct vfsmount *mnt, bool connected)
163 {
164 struct dentry *real;
165 int bytes;
166
167 if (!capable(CAP_DAC_READ_SEARCH))
168 return NULL;
169
170 /*
171 * Make sure that the stored uuid matches the uuid of the lower
172 * layer where file handle will be decoded.
173 * In case of uuid=off option just make sure that stored uuid is null.
174 */
175 if (ovl_origin_uuid(ofs) ?
176 !uuid_equal(&fh->fb.uuid, &mnt->mnt_sb->s_uuid) :
177 !uuid_is_null(&fh->fb.uuid))
178 return NULL;
179
180 bytes = (fh->fb.len - offsetof(struct ovl_fb, fid));
181 real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid,
182 bytes >> 2, (int)fh->fb.type,
183 connected ? ovl_acceptable : NULL, mnt);
184 if (IS_ERR(real)) {
185 /*
186 * Treat stale file handle to lower file as "origin unknown".
187 * upper file handle could become stale when upper file is
188 * unlinked and this information is needed to handle stale
189 * index entries correctly.
190 */
191 if (real == ERR_PTR(-ESTALE) &&
192 !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER))
193 real = NULL;
194 return real;
195 }
196
197 if (ovl_dentry_weird(real)) {
198 dput(real);
199 return NULL;
200 }
201
202 return real;
203 }
204
ovl_lookup_positive_unlocked(struct ovl_lookup_data * d,const char * name,struct dentry * base,int len,bool drop_negative)205 static struct dentry *ovl_lookup_positive_unlocked(struct ovl_lookup_data *d,
206 const char *name,
207 struct dentry *base, int len,
208 bool drop_negative)
209 {
210 struct dentry *ret = lookup_one_unlocked(mnt_idmap(d->layer->mnt),
211 &QSTR_LEN(name, len), base);
212
213 if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
214 if (drop_negative && ret->d_lockref.count == 1) {
215 spin_lock(&ret->d_lock);
216 /* Recheck condition under lock */
217 if (d_is_negative(ret) && ret->d_lockref.count == 1)
218 __d_drop(ret);
219 spin_unlock(&ret->d_lock);
220 }
221 dput(ret);
222 ret = ERR_PTR(-ENOENT);
223 }
224 return ret;
225 }
226
ovl_lookup_single(struct dentry * base,struct ovl_lookup_data * d,const char * name,unsigned int namelen,size_t prelen,const char * post,struct dentry ** ret,bool drop_negative)227 static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
228 const char *name, unsigned int namelen,
229 size_t prelen, const char *post,
230 struct dentry **ret, bool drop_negative)
231 {
232 struct ovl_fs *ofs = OVL_FS(d->sb);
233 struct dentry *this = NULL;
234 const char *warn;
235 struct path path;
236 int err;
237 bool last_element = !post[0];
238 bool is_upper = d->layer->idx == 0;
239 char val;
240
241 /*
242 * We allow filesystems that are case-folding capable as long as the
243 * layers are consistently enabled in the stack, enabled for every dir
244 * or disabled in all dirs. If someone has modified case folding on a
245 * directory on underlying layer, the warranty of the ovl stack is
246 * voided.
247 */
248 if (ofs->casefold != ovl_dentry_casefolded(base)) {
249 warn = "parent wrong casefold";
250 err = -ESTALE;
251 goto out_warn;
252 }
253
254 this = ovl_lookup_positive_unlocked(d, name, base, namelen, drop_negative);
255 if (IS_ERR(this)) {
256 err = PTR_ERR(this);
257 this = NULL;
258 if (err == -ENOENT || err == -ENAMETOOLONG)
259 goto out;
260 goto out_err;
261 }
262
263 if (ofs->casefold != ovl_dentry_casefolded(this)) {
264 warn = "child wrong casefold";
265 err = -EREMOTE;
266 goto out_warn;
267 }
268
269 if (ovl_dentry_weird(this)) {
270 /* Don't support traversing automounts and other weirdness */
271 warn = "unsupported object type";
272 err = -EREMOTE;
273 goto out_warn;
274 }
275
276 path.dentry = this;
277 path.mnt = d->layer->mnt;
278 if (ovl_path_is_whiteout(ofs, &path)) {
279 d->stop = d->opaque = true;
280 goto put_and_out;
281 }
282 /*
283 * This dentry should be a regular file if previous layer lookup
284 * found a metacopy dentry.
285 */
286 if (last_element && d->metacopy && !d_is_reg(this)) {
287 d->stop = true;
288 goto put_and_out;
289 }
290
291 if (!d_can_lookup(this)) {
292 if (d->is_dir || !last_element) {
293 d->stop = true;
294 goto put_and_out;
295 }
296 err = ovl_check_metacopy_xattr(ofs, &path, NULL);
297 if (err < 0)
298 goto out_err;
299
300 d->metacopy = err;
301 d->stop = !d->metacopy;
302 if (!d->metacopy || d->last)
303 goto out;
304 } else {
305 if (ovl_lookup_trap_inode(d->sb, this)) {
306 /* Caught in a trap of overlapping layers */
307 warn = "overlapping layers";
308 err = -ELOOP;
309 goto out_warn;
310 }
311
312 if (last_element)
313 d->is_dir = true;
314 if (d->last)
315 goto out;
316
317 /* overlay.opaque=x means xwhiteouts directory */
318 val = ovl_get_opaquedir_val(ofs, &path);
319 if (last_element && !is_upper && val == 'x') {
320 d->xwhiteouts = true;
321 ovl_layer_set_xwhiteouts(ofs, d->layer);
322 } else if (val == 'y') {
323 d->stop = true;
324 if (last_element)
325 d->opaque = true;
326 goto out;
327 }
328 }
329 err = ovl_check_redirect(&path, d, prelen, post);
330 if (err)
331 goto out_err;
332 out:
333 *ret = this;
334 return 0;
335
336 put_and_out:
337 dput(this);
338 this = NULL;
339 goto out;
340
341 out_warn:
342 pr_warn_ratelimited("failed lookup in %s (%pd2, name='%.*s', err=%i): %s\n",
343 is_upper ? "upper" : "lower", base,
344 namelen, name, err, warn);
345 out_err:
346 dput(this);
347 return err;
348 }
349
ovl_lookup_layer(struct dentry * base,struct ovl_lookup_data * d,struct dentry ** ret,bool drop_negative)350 static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
351 struct dentry **ret, bool drop_negative)
352 {
353 /* Counting down from the end, since the prefix can change */
354 size_t rem = d->name.len - 1;
355 struct dentry *dentry = NULL;
356 int err;
357
358 if (d->name.name[0] != '/')
359 return ovl_lookup_single(base, d, d->name.name, d->name.len,
360 0, "", ret, drop_negative);
361
362 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
363 const char *s = d->name.name + d->name.len - rem;
364 const char *next = strchrnul(s, '/');
365 size_t thislen = next - s;
366 bool end = !next[0];
367
368 /* Verify we did not go off the rails */
369 if (WARN_ON(s[-1] != '/'))
370 return -EIO;
371
372 err = ovl_lookup_single(base, d, s, thislen,
373 d->name.len - rem, next, &base,
374 drop_negative);
375 dput(dentry);
376 if (err)
377 return err;
378 dentry = base;
379 if (end)
380 break;
381
382 rem -= thislen + 1;
383
384 if (WARN_ON(rem >= d->name.len))
385 return -EIO;
386 }
387 *ret = dentry;
388 return 0;
389 }
390
ovl_lookup_data_layer(struct dentry * dentry,const char * redirect,const struct ovl_layer * layer,struct path * datapath)391 static int ovl_lookup_data_layer(struct dentry *dentry, const char *redirect,
392 const struct ovl_layer *layer,
393 struct path *datapath)
394 {
395 int err;
396
397 err = vfs_path_lookup(layer->mnt->mnt_root, layer->mnt, redirect,
398 LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | LOOKUP_NO_XDEV,
399 datapath);
400 pr_debug("lookup lowerdata (%pd2, redirect=\"%s\", layer=%d, err=%i)\n",
401 dentry, redirect, layer->idx, err);
402
403 if (err)
404 return err;
405
406 err = -EREMOTE;
407 if (ovl_dentry_weird(datapath->dentry))
408 goto out_path_put;
409
410 err = -ENOENT;
411 /* Only regular file is acceptable as lower data */
412 if (!d_is_reg(datapath->dentry))
413 goto out_path_put;
414
415 return 0;
416
417 out_path_put:
418 path_put(datapath);
419
420 return err;
421 }
422
423 /* Lookup in data-only layers by absolute redirect to layer root */
ovl_lookup_data_layers(struct dentry * dentry,const char * redirect,struct ovl_path * lowerdata)424 static int ovl_lookup_data_layers(struct dentry *dentry, const char *redirect,
425 struct ovl_path *lowerdata)
426 {
427 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
428 const struct ovl_layer *layer;
429 struct path datapath;
430 int err = -ENOENT;
431 int i;
432
433 layer = &ofs->layers[ofs->numlayer - ofs->numdatalayer];
434 for (i = 0; i < ofs->numdatalayer; i++, layer++) {
435 err = ovl_lookup_data_layer(dentry, redirect, layer, &datapath);
436 if (!err) {
437 mntput(datapath.mnt);
438 lowerdata->dentry = datapath.dentry;
439 lowerdata->layer = layer;
440 return 0;
441 }
442 }
443
444 return err;
445 }
446
ovl_check_origin_fh(struct ovl_fs * ofs,struct ovl_fh * fh,bool connected,struct dentry * upperdentry,struct ovl_path ** stackp)447 int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
448 struct dentry *upperdentry, struct ovl_path **stackp)
449 {
450 struct dentry *origin = NULL;
451 int i;
452
453 for (i = 1; i <= ovl_numlowerlayer(ofs); i++) {
454 /*
455 * If lower fs uuid is not unique among lower fs we cannot match
456 * fh->uuid to layer.
457 */
458 if (ofs->layers[i].fsid &&
459 ofs->layers[i].fs->bad_uuid)
460 continue;
461
462 origin = ovl_decode_real_fh(ofs, fh, ofs->layers[i].mnt,
463 connected);
464 if (origin)
465 break;
466 }
467
468 if (!origin)
469 return -ESTALE;
470 else if (IS_ERR(origin))
471 return PTR_ERR(origin);
472
473 if (upperdentry && !ovl_upper_is_whiteout(ofs, upperdentry) &&
474 inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode))
475 goto invalid;
476
477 if (!*stackp)
478 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
479 if (!*stackp) {
480 dput(origin);
481 return -ENOMEM;
482 }
483 **stackp = (struct ovl_path){
484 .dentry = origin,
485 .layer = &ofs->layers[i]
486 };
487
488 return 0;
489
490 invalid:
491 pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
492 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
493 d_inode(origin)->i_mode & S_IFMT);
494 dput(origin);
495 return -ESTALE;
496 }
497
ovl_check_origin(struct ovl_fs * ofs,struct dentry * upperdentry,struct ovl_path ** stackp)498 static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
499 struct ovl_path **stackp)
500 {
501 struct ovl_fh *fh = ovl_get_fh(ofs, upperdentry, OVL_XATTR_ORIGIN);
502 int err;
503
504 if (IS_ERR_OR_NULL(fh))
505 return PTR_ERR(fh);
506
507 err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp);
508 kfree(fh);
509
510 if (err) {
511 if (err == -ESTALE)
512 return 0;
513 return err;
514 }
515
516 return 0;
517 }
518
519 /*
520 * Verify that @fh matches the file handle stored in xattr @name.
521 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
522 */
ovl_verify_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh)523 static int ovl_verify_fh(struct ovl_fs *ofs, struct dentry *dentry,
524 enum ovl_xattr ox, const struct ovl_fh *fh)
525 {
526 struct ovl_fh *ofh = ovl_get_fh(ofs, dentry, ox);
527 int err = 0;
528
529 if (!ofh)
530 return -ENODATA;
531
532 if (IS_ERR(ofh))
533 return PTR_ERR(ofh);
534
535 if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len))
536 err = -ESTALE;
537
538 kfree(ofh);
539 return err;
540 }
541
ovl_verify_set_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh,bool is_upper,bool set)542 int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry,
543 enum ovl_xattr ox, const struct ovl_fh *fh,
544 bool is_upper, bool set)
545 {
546 int err;
547
548 err = ovl_verify_fh(ofs, dentry, ox, fh);
549 if (set && err == -ENODATA)
550 err = ovl_setxattr(ofs, dentry, ox, fh->buf, fh->fb.len);
551
552 return err;
553 }
554
555 /*
556 * Verify that @real dentry matches the file handle stored in xattr @name.
557 *
558 * If @set is true and there is no stored file handle, encode @real and store
559 * file handle in xattr @name.
560 *
561 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
562 */
ovl_verify_origin_xattr(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,struct dentry * real,bool is_upper,bool set)563 int ovl_verify_origin_xattr(struct ovl_fs *ofs, struct dentry *dentry,
564 enum ovl_xattr ox, struct dentry *real,
565 bool is_upper, bool set)
566 {
567 struct inode *inode;
568 struct ovl_fh *fh;
569 int err;
570
571 fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper);
572 err = PTR_ERR(fh);
573 if (IS_ERR(fh)) {
574 fh = NULL;
575 goto fail;
576 }
577
578 err = ovl_verify_set_fh(ofs, dentry, ox, fh, is_upper, set);
579 if (err)
580 goto fail;
581
582 out:
583 kfree(fh);
584 return err;
585
586 fail:
587 inode = d_inode(real);
588 pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n",
589 is_upper ? "upper" : "origin", real,
590 inode ? inode->i_ino : 0, err);
591 goto out;
592 }
593
594
595 /* Get upper dentry from index */
ovl_index_upper(struct ovl_fs * ofs,struct dentry * index,bool connected)596 struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index,
597 bool connected)
598 {
599 struct ovl_fh *fh;
600 struct dentry *upper;
601
602 if (!d_is_dir(index))
603 return dget(index);
604
605 fh = ovl_get_fh(ofs, index, OVL_XATTR_UPPER);
606 if (IS_ERR_OR_NULL(fh))
607 return ERR_CAST(fh);
608
609 upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), connected);
610 kfree(fh);
611
612 if (IS_ERR_OR_NULL(upper))
613 return upper ?: ERR_PTR(-ESTALE);
614
615 if (!d_is_dir(upper)) {
616 pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n",
617 index, upper);
618 dput(upper);
619 return ERR_PTR(-EIO);
620 }
621
622 return upper;
623 }
624
625 /*
626 * Verify that an index entry name matches the origin file handle stored in
627 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
628 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
629 */
ovl_verify_index(struct ovl_fs * ofs,struct dentry * index)630 int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
631 {
632 struct ovl_fh *fh = NULL;
633 size_t len;
634 struct ovl_path origin = { };
635 struct ovl_path *stack = &origin;
636 struct dentry *upper = NULL;
637 int err;
638
639 if (!d_inode(index))
640 return 0;
641
642 err = -EINVAL;
643 if (index->d_name.len < sizeof(struct ovl_fb)*2)
644 goto fail;
645
646 err = -ENOMEM;
647 len = index->d_name.len / 2;
648 fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
649 if (!fh)
650 goto fail;
651
652 err = -EINVAL;
653 if (hex2bin(fh->buf, index->d_name.name, len))
654 goto fail;
655
656 err = ovl_check_fb_len(&fh->fb, len);
657 if (err)
658 goto fail;
659
660 /*
661 * Whiteout index entries are used as an indication that an exported
662 * overlay file handle should be treated as stale (i.e. after unlink
663 * of the overlay inode). These entries contain no origin xattr.
664 */
665 if (ovl_is_whiteout(index))
666 goto out;
667
668 /*
669 * Verifying directory index entries are not stale is expensive, so
670 * only verify stale dir index if NFS export is enabled.
671 */
672 if (d_is_dir(index) && !ofs->config.nfs_export)
673 goto out;
674
675 /*
676 * Directory index entries should have 'upper' xattr pointing to the
677 * real upper dir. Non-dir index entries are hardlinks to the upper
678 * real inode. For non-dir index, we can read the copy up origin xattr
679 * directly from the index dentry, but for dir index we first need to
680 * decode the upper directory.
681 */
682 upper = ovl_index_upper(ofs, index, false);
683 if (IS_ERR_OR_NULL(upper)) {
684 err = PTR_ERR(upper);
685 /*
686 * Directory index entries with no 'upper' xattr need to be
687 * removed. When dir index entry has a stale 'upper' xattr,
688 * we assume that upper dir was removed and we treat the dir
689 * index as orphan entry that needs to be whited out.
690 */
691 if (err == -ESTALE)
692 goto orphan;
693 else if (!err)
694 err = -ESTALE;
695 goto fail;
696 }
697
698 err = ovl_verify_fh(ofs, upper, OVL_XATTR_ORIGIN, fh);
699 dput(upper);
700 if (err)
701 goto fail;
702
703 /* Check if non-dir index is orphan and don't warn before cleaning it */
704 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
705 err = ovl_check_origin_fh(ofs, fh, false, index, &stack);
706 if (err)
707 goto fail;
708
709 if (ovl_get_nlink(ofs, origin.dentry, index, 0) == 0)
710 goto orphan;
711 }
712
713 out:
714 dput(origin.dentry);
715 kfree(fh);
716 return err;
717
718 fail:
719 pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n",
720 index, d_inode(index)->i_mode & S_IFMT, err);
721 goto out;
722
723 orphan:
724 pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
725 index, d_inode(index)->i_mode & S_IFMT,
726 d_inode(index)->i_nlink);
727 err = -ENOENT;
728 goto out;
729 }
730
ovl_get_index_name_fh(const struct ovl_fh * fh,struct qstr * name)731 int ovl_get_index_name_fh(const struct ovl_fh *fh, struct qstr *name)
732 {
733 char *n, *s;
734
735 n = kcalloc(fh->fb.len, 2, GFP_KERNEL);
736 if (!n)
737 return -ENOMEM;
738
739 s = bin2hex(n, fh->buf, fh->fb.len);
740 *name = (struct qstr) QSTR_INIT(n, s - n);
741
742 return 0;
743
744 }
745
746 /*
747 * Lookup in indexdir for the index entry of a lower real inode or a copy up
748 * origin inode. The index entry name is the hex representation of the lower
749 * inode file handle.
750 *
751 * If the index dentry in negative, then either no lower aliases have been
752 * copied up yet, or aliases have been copied up in older kernels and are
753 * not indexed.
754 *
755 * If the index dentry for a copy up origin inode is positive, but points
756 * to an inode different than the upper inode, then either the upper inode
757 * has been copied up and not indexed or it was indexed, but since then
758 * index dir was cleared. Either way, that index cannot be used to identify
759 * the overlay inode.
760 */
ovl_get_index_name(struct ovl_fs * ofs,struct dentry * origin,struct qstr * name)761 int ovl_get_index_name(struct ovl_fs *ofs, struct dentry *origin,
762 struct qstr *name)
763 {
764 struct ovl_fh *fh;
765 int err;
766
767 fh = ovl_encode_real_fh(ofs, d_inode(origin), false);
768 if (IS_ERR(fh))
769 return PTR_ERR(fh);
770
771 err = ovl_get_index_name_fh(fh, name);
772
773 kfree(fh);
774 return err;
775 }
776
777 /* Lookup index by file handle for NFS export */
ovl_get_index_fh(struct ovl_fs * ofs,struct ovl_fh * fh)778 struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
779 {
780 struct dentry *index;
781 struct qstr name;
782 int err;
783
784 err = ovl_get_index_name_fh(fh, &name);
785 if (err)
786 return ERR_PTR(err);
787
788 index = lookup_noperm_positive_unlocked(&name, ofs->workdir);
789 kfree(name.name);
790 if (IS_ERR(index)) {
791 if (PTR_ERR(index) == -ENOENT)
792 index = NULL;
793 return index;
794 }
795
796 if (ovl_is_whiteout(index))
797 err = -ESTALE;
798 else if (ovl_dentry_weird(index))
799 err = -EIO;
800 else
801 return index;
802
803 dput(index);
804 return ERR_PTR(err);
805 }
806
ovl_lookup_index(struct ovl_fs * ofs,struct dentry * upper,struct dentry * origin,bool verify)807 struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
808 struct dentry *origin, bool verify)
809 {
810 struct dentry *index;
811 struct inode *inode;
812 struct qstr name;
813 bool is_dir = d_is_dir(origin);
814 int err;
815
816 err = ovl_get_index_name(ofs, origin, &name);
817 if (err)
818 return ERR_PTR(err);
819
820 index = lookup_one_positive_unlocked(ovl_upper_mnt_idmap(ofs), &name,
821 ofs->workdir);
822 if (IS_ERR(index)) {
823 err = PTR_ERR(index);
824 if (err == -ENOENT) {
825 index = NULL;
826 goto out;
827 }
828 pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n"
829 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
830 d_inode(origin)->i_ino, name.len, name.name,
831 err);
832 goto out;
833 }
834
835 inode = d_inode(index);
836 if (ovl_is_whiteout(index) && !verify) {
837 /*
838 * When index lookup is called with !verify for decoding an
839 * overlay file handle, a whiteout index implies that decode
840 * should treat file handle as stale and no need to print a
841 * warning about it.
842 */
843 dput(index);
844 index = ERR_PTR(-ESTALE);
845 goto out;
846 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
847 inode_wrong_type(inode, d_inode(origin)->i_mode)) {
848 /*
849 * Index should always be of the same file type as origin
850 * except for the case of a whiteout index. A whiteout
851 * index should only exist if all lower aliases have been
852 * unlinked, which means that finding a lower origin on lookup
853 * whose index is a whiteout should be treated as an error.
854 */
855 pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
856 index, d_inode(index)->i_mode & S_IFMT,
857 d_inode(origin)->i_mode & S_IFMT);
858 goto fail;
859 } else if (is_dir && verify) {
860 if (!upper) {
861 pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
862 origin, index);
863 goto fail;
864 }
865
866 /* Verify that dir index 'upper' xattr points to upper dir */
867 err = ovl_verify_upper(ofs, index, upper, false);
868 if (err) {
869 if (err == -ESTALE) {
870 pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
871 upper, origin, index);
872 }
873 goto fail;
874 }
875 } else if (upper && d_inode(upper) != inode) {
876 goto out_dput;
877 }
878 out:
879 kfree(name.name);
880 return index;
881
882 out_dput:
883 dput(index);
884 index = NULL;
885 goto out;
886
887 fail:
888 dput(index);
889 index = ERR_PTR(-EIO);
890 goto out;
891 }
892
893 /*
894 * Returns next layer in stack starting from top.
895 * Returns -1 if this is the last layer.
896 */
ovl_path_next(int idx,struct dentry * dentry,struct path * path,const struct ovl_layer ** layer)897 int ovl_path_next(int idx, struct dentry *dentry, struct path *path,
898 const struct ovl_layer **layer)
899 {
900 struct ovl_entry *oe = OVL_E(dentry);
901 struct ovl_path *lowerstack = ovl_lowerstack(oe);
902
903 BUG_ON(idx < 0);
904 if (idx == 0) {
905 ovl_path_upper(dentry, path);
906 if (path->dentry) {
907 *layer = &OVL_FS(dentry->d_sb)->layers[0];
908 return ovl_numlower(oe) ? 1 : -1;
909 }
910 idx++;
911 }
912 BUG_ON(idx > ovl_numlower(oe));
913 path->dentry = lowerstack[idx - 1].dentry;
914 *layer = lowerstack[idx - 1].layer;
915 path->mnt = (*layer)->mnt;
916
917 return (idx < ovl_numlower(oe)) ? idx + 1 : -1;
918 }
919
920 /* Fix missing 'origin' xattr */
ovl_fix_origin(struct ovl_fs * ofs,struct dentry * dentry,struct dentry * lower,struct dentry * upper)921 static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry,
922 struct dentry *lower, struct dentry *upper)
923 {
924 const struct ovl_fh *fh;
925 int err;
926
927 if (ovl_check_origin_xattr(ofs, upper))
928 return 0;
929
930 fh = ovl_get_origin_fh(ofs, lower);
931 if (IS_ERR(fh))
932 return PTR_ERR(fh);
933
934 err = ovl_want_write(dentry);
935 if (err)
936 goto out;
937
938 err = ovl_set_origin_fh(ofs, fh, upper);
939 if (!err)
940 err = ovl_set_impure(dentry->d_parent, upper->d_parent);
941
942 ovl_drop_write(dentry);
943 out:
944 kfree(fh);
945 return err;
946 }
947
ovl_maybe_validate_verity(struct dentry * dentry)948 static int ovl_maybe_validate_verity(struct dentry *dentry)
949 {
950 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
951 struct inode *inode = d_inode(dentry);
952 struct path datapath, metapath;
953 int err;
954
955 if (!ofs->config.verity_mode ||
956 !ovl_is_metacopy_dentry(dentry) ||
957 ovl_test_flag(OVL_VERIFIED_DIGEST, inode))
958 return 0;
959
960 if (!ovl_test_flag(OVL_HAS_DIGEST, inode)) {
961 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) {
962 pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n",
963 dentry);
964 return -EIO;
965 }
966 return 0;
967 }
968
969 ovl_path_lowerdata(dentry, &datapath);
970 if (!datapath.dentry)
971 return -EIO;
972
973 ovl_path_real(dentry, &metapath);
974 if (!metapath.dentry)
975 return -EIO;
976
977 err = ovl_inode_lock_interruptible(inode);
978 if (err)
979 return err;
980
981 if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) {
982 const struct cred *old_cred;
983
984 old_cred = ovl_override_creds(dentry->d_sb);
985
986 err = ovl_validate_verity(ofs, &metapath, &datapath);
987 if (err == 0)
988 ovl_set_flag(OVL_VERIFIED_DIGEST, inode);
989
990 ovl_revert_creds(old_cred);
991 }
992
993 ovl_inode_unlock(inode);
994
995 return err;
996 }
997
998 /* Lazy lookup of lowerdata */
ovl_maybe_lookup_lowerdata(struct dentry * dentry)999 static int ovl_maybe_lookup_lowerdata(struct dentry *dentry)
1000 {
1001 struct inode *inode = d_inode(dentry);
1002 const char *redirect = ovl_lowerdata_redirect(inode);
1003 struct ovl_path datapath = {};
1004 const struct cred *old_cred;
1005 int err;
1006
1007 if (!redirect || ovl_dentry_lowerdata(dentry))
1008 return 0;
1009
1010 if (redirect[0] != '/')
1011 return -EIO;
1012
1013 err = ovl_inode_lock_interruptible(inode);
1014 if (err)
1015 return err;
1016
1017 err = 0;
1018 /* Someone got here before us? */
1019 if (ovl_dentry_lowerdata(dentry))
1020 goto out;
1021
1022 old_cred = ovl_override_creds(dentry->d_sb);
1023 err = ovl_lookup_data_layers(dentry, redirect, &datapath);
1024 ovl_revert_creds(old_cred);
1025 if (err)
1026 goto out_err;
1027
1028 err = ovl_dentry_set_lowerdata(dentry, &datapath);
1029 if (err)
1030 goto out_err;
1031
1032 out:
1033 ovl_inode_unlock(inode);
1034 dput(datapath.dentry);
1035
1036 return err;
1037
1038 out_err:
1039 pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n",
1040 dentry, err);
1041 goto out;
1042 }
1043
ovl_verify_lowerdata(struct dentry * dentry)1044 int ovl_verify_lowerdata(struct dentry *dentry)
1045 {
1046 int err;
1047
1048 err = ovl_maybe_lookup_lowerdata(dentry);
1049 if (err)
1050 return err;
1051
1052 return ovl_maybe_validate_verity(dentry);
1053 }
1054
1055 /*
1056 * Following redirects/metacopy can have security consequences: it's like a
1057 * symlink into the lower layer without the permission checks.
1058 *
1059 * This is only a problem if the upper layer is untrusted (e.g comes from an USB
1060 * drive). This can allow a non-readable file or directory to become readable.
1061 *
1062 * Only following redirects when redirects are enabled disables this attack
1063 * vector when not necessary.
1064 */
ovl_check_follow_redirect(struct ovl_lookup_data * d)1065 static bool ovl_check_follow_redirect(struct ovl_lookup_data *d)
1066 {
1067 struct ovl_fs *ofs = OVL_FS(d->sb);
1068
1069 if (d->metacopy && !ofs->config.metacopy) {
1070 pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", d->dentry);
1071 return false;
1072 }
1073 if ((d->redirect || d->upperredirect) && !ovl_redirect_follow(ofs)) {
1074 pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", d->dentry);
1075 return false;
1076 }
1077 return true;
1078 }
1079
ovl_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)1080 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
1081 unsigned int flags)
1082 {
1083 struct ovl_entry *oe = NULL;
1084 const struct cred *old_cred;
1085 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
1086 struct ovl_entry *poe = OVL_E(dentry->d_parent);
1087 struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root);
1088 struct ovl_path *stack = NULL, *origin_path = NULL;
1089 struct dentry *upperdir, *upperdentry = NULL;
1090 struct dentry *origin = NULL;
1091 struct dentry *index = NULL;
1092 unsigned int ctr = 0;
1093 struct inode *inode = NULL;
1094 bool upperopaque = false;
1095 bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer);
1096 struct dentry *this;
1097 unsigned int i;
1098 int err;
1099 bool uppermetacopy = false;
1100 int metacopy_size = 0;
1101 struct ovl_lookup_data d = {
1102 .sb = dentry->d_sb,
1103 .dentry = dentry,
1104 .name = dentry->d_name,
1105 .is_dir = false,
1106 .opaque = false,
1107 .stop = false,
1108 .last = check_redirect ? false : !ovl_numlower(poe),
1109 .redirect = NULL,
1110 .upperredirect = NULL,
1111 .metacopy = 0,
1112 };
1113
1114 if (dentry->d_name.len > ofs->namelen)
1115 return ERR_PTR(-ENAMETOOLONG);
1116
1117 old_cred = ovl_override_creds(dentry->d_sb);
1118 upperdir = ovl_dentry_upper(dentry->d_parent);
1119 if (upperdir) {
1120 d.layer = &ofs->layers[0];
1121 err = ovl_lookup_layer(upperdir, &d, &upperdentry, true);
1122 if (err)
1123 goto out;
1124
1125 if (upperdentry && upperdentry->d_flags & DCACHE_OP_REAL) {
1126 dput(upperdentry);
1127 err = -EREMOTE;
1128 goto out;
1129 }
1130 if (upperdentry && !d.is_dir) {
1131 /*
1132 * Lookup copy up origin by decoding origin file handle.
1133 * We may get a disconnected dentry, which is fine,
1134 * because we only need to hold the origin inode in
1135 * cache and use its inode number. We may even get a
1136 * connected dentry, that is not under any of the lower
1137 * layers root. That is also fine for using it's inode
1138 * number - it's the same as if we held a reference
1139 * to a dentry in lower layer that was moved under us.
1140 */
1141 err = ovl_check_origin(ofs, upperdentry, &origin_path);
1142 if (err)
1143 goto out_put_upper;
1144
1145 if (d.metacopy)
1146 uppermetacopy = true;
1147 metacopy_size = d.metacopy;
1148 }
1149
1150 if (d.redirect) {
1151 err = -ENOMEM;
1152 d.upperredirect = kstrdup(d.redirect, GFP_KERNEL);
1153 if (!d.upperredirect)
1154 goto out_put_upper;
1155 if (d.redirect[0] == '/')
1156 poe = roe;
1157 }
1158 upperopaque = d.opaque;
1159 }
1160
1161 if (!d.stop && ovl_numlower(poe)) {
1162 err = -ENOMEM;
1163 stack = ovl_stack_alloc(ofs->numlayer - 1);
1164 if (!stack)
1165 goto out_put_upper;
1166 }
1167
1168 for (i = 0; !d.stop && i < ovl_numlower(poe); i++) {
1169 struct ovl_path lower = ovl_lowerstack(poe)[i];
1170
1171 if (!ovl_check_follow_redirect(&d)) {
1172 err = -EPERM;
1173 goto out_put;
1174 }
1175
1176 if (!check_redirect)
1177 d.last = i == ovl_numlower(poe) - 1;
1178 else if (d.is_dir || !ofs->numdatalayer)
1179 d.last = lower.layer->idx == ovl_numlower(roe);
1180
1181 d.layer = lower.layer;
1182 err = ovl_lookup_layer(lower.dentry, &d, &this, false);
1183 if (err)
1184 goto out_put;
1185
1186 if (!this)
1187 continue;
1188
1189 /*
1190 * If no origin fh is stored in upper of a merge dir, store fh
1191 * of lower dir and set upper parent "impure".
1192 */
1193 if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) {
1194 err = ovl_fix_origin(ofs, dentry, this, upperdentry);
1195 if (err) {
1196 dput(this);
1197 goto out_put;
1198 }
1199 }
1200
1201 /*
1202 * When "verify_lower" feature is enabled, do not merge with a
1203 * lower dir that does not match a stored origin xattr. In any
1204 * case, only verified origin is used for index lookup.
1205 *
1206 * For non-dir dentry, if index=on, then ensure origin
1207 * matches the dentry found using path based lookup,
1208 * otherwise error out.
1209 */
1210 if (upperdentry && !ctr &&
1211 ((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
1212 (!d.is_dir && ofs->config.index && origin_path))) {
1213 err = ovl_verify_origin(ofs, upperdentry, this, false);
1214 if (err) {
1215 dput(this);
1216 if (d.is_dir)
1217 break;
1218 goto out_put;
1219 }
1220 origin = this;
1221 }
1222
1223 if (!upperdentry && !d.is_dir && !ctr && d.metacopy)
1224 metacopy_size = d.metacopy;
1225
1226 if (d.metacopy && ctr) {
1227 /*
1228 * Do not store intermediate metacopy dentries in
1229 * lower chain, except top most lower metacopy dentry.
1230 * Continue the loop so that if there is an absolute
1231 * redirect on this dentry, poe can be reset to roe.
1232 */
1233 dput(this);
1234 this = NULL;
1235 } else {
1236 stack[ctr].dentry = this;
1237 stack[ctr].layer = lower.layer;
1238 ctr++;
1239 }
1240
1241 if (d.stop)
1242 break;
1243
1244 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
1245 poe = roe;
1246 /* Find the current layer on the root dentry */
1247 i = lower.layer->idx - 1;
1248 }
1249 }
1250
1251 /*
1252 * Defer lookup of lowerdata in data-only layers to first access.
1253 * Don't require redirect=follow and metacopy=on in this case.
1254 */
1255 if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) {
1256 d.metacopy = 0;
1257 ctr++;
1258 } else if (!ovl_check_follow_redirect(&d)) {
1259 err = -EPERM;
1260 goto out_put;
1261 }
1262
1263 /*
1264 * For regular non-metacopy upper dentries, there is no lower
1265 * path based lookup, hence ctr will be zero. If a dentry is found
1266 * using ORIGIN xattr on upper, install it in stack.
1267 *
1268 * For metacopy dentry, path based lookup will find lower dentries.
1269 * Just make sure a corresponding data dentry has been found.
1270 */
1271 if (d.metacopy || (uppermetacopy && !ctr)) {
1272 pr_warn_ratelimited("metacopy with no lower data found - abort lookup (%pd2)\n",
1273 dentry);
1274 err = -EIO;
1275 goto out_put;
1276 } else if (!d.is_dir && upperdentry && !ctr && origin_path) {
1277 if (WARN_ON(stack != NULL)) {
1278 err = -EIO;
1279 goto out_put;
1280 }
1281 stack = origin_path;
1282 ctr = 1;
1283 origin = origin_path->dentry;
1284 origin_path = NULL;
1285 }
1286
1287 /*
1288 * Always lookup index if there is no-upperdentry.
1289 *
1290 * For the case of upperdentry, we have set origin by now if it
1291 * needed to be set. There are basically three cases.
1292 *
1293 * For directories, lookup index by lower inode and verify it matches
1294 * upper inode. We only trust dir index if we verified that lower dir
1295 * matches origin, otherwise dir index entries may be inconsistent
1296 * and we ignore them.
1297 *
1298 * For regular upper, we already set origin if upper had ORIGIN
1299 * xattr. There is no verification though as there is no path
1300 * based dentry lookup in lower in this case.
1301 *
1302 * For metacopy upper, we set a verified origin already if index
1303 * is enabled and if upper had an ORIGIN xattr.
1304 *
1305 */
1306 if (!upperdentry && ctr)
1307 origin = stack[0].dentry;
1308
1309 if (origin && ovl_indexdir(dentry->d_sb) &&
1310 (!d.is_dir || ovl_index_all(dentry->d_sb))) {
1311 index = ovl_lookup_index(ofs, upperdentry, origin, true);
1312 if (IS_ERR(index)) {
1313 err = PTR_ERR(index);
1314 index = NULL;
1315 goto out_put;
1316 }
1317 }
1318
1319 if (ctr) {
1320 oe = ovl_alloc_entry(ctr);
1321 err = -ENOMEM;
1322 if (!oe)
1323 goto out_put;
1324
1325 ovl_stack_cpy(ovl_lowerstack(oe), stack, ctr);
1326 }
1327
1328 if (upperopaque)
1329 ovl_dentry_set_opaque(dentry);
1330 if (d.xwhiteouts)
1331 ovl_dentry_set_xwhiteouts(dentry);
1332
1333 if (upperdentry)
1334 ovl_dentry_set_upper_alias(dentry);
1335 else if (index) {
1336 struct path upperpath = {
1337 .dentry = upperdentry = dget(index),
1338 .mnt = ovl_upper_mnt(ofs),
1339 };
1340
1341 /*
1342 * It's safe to assign upperredirect here: the previous
1343 * assignment happens only if upperdentry is non-NULL, and
1344 * this one only if upperdentry is NULL.
1345 */
1346 d.upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
1347 if (IS_ERR(d.upperredirect)) {
1348 err = PTR_ERR(d.upperredirect);
1349 d.upperredirect = NULL;
1350 goto out_free_oe;
1351 }
1352
1353 err = ovl_check_metacopy_xattr(ofs, &upperpath, NULL);
1354 if (err < 0)
1355 goto out_free_oe;
1356 d.metacopy = uppermetacopy = err;
1357 metacopy_size = err;
1358
1359 if (!ovl_check_follow_redirect(&d)) {
1360 err = -EPERM;
1361 goto out_free_oe;
1362 }
1363 }
1364
1365 if (upperdentry || ctr) {
1366 struct ovl_inode_params oip = {
1367 .upperdentry = upperdentry,
1368 .oe = oe,
1369 .index = index,
1370 .redirect = d.upperredirect,
1371 };
1372
1373 /* Store lowerdata redirect for lazy lookup */
1374 if (ctr > 1 && !d.is_dir && !stack[ctr - 1].dentry) {
1375 oip.lowerdata_redirect = d.redirect;
1376 d.redirect = NULL;
1377 }
1378 inode = ovl_get_inode(dentry->d_sb, &oip);
1379 err = PTR_ERR(inode);
1380 if (IS_ERR(inode))
1381 goto out_free_oe;
1382 if (upperdentry && !uppermetacopy)
1383 ovl_set_flag(OVL_UPPERDATA, inode);
1384
1385 if (metacopy_size > OVL_METACOPY_MIN_SIZE)
1386 ovl_set_flag(OVL_HAS_DIGEST, inode);
1387 }
1388
1389 ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode));
1390
1391 ovl_revert_creds(old_cred);
1392 if (origin_path) {
1393 dput(origin_path->dentry);
1394 kfree(origin_path);
1395 }
1396 dput(index);
1397 ovl_stack_free(stack, ctr);
1398 kfree(d.redirect);
1399 return d_splice_alias(inode, dentry);
1400
1401 out_free_oe:
1402 ovl_free_entry(oe);
1403 out_put:
1404 dput(index);
1405 ovl_stack_free(stack, ctr);
1406 out_put_upper:
1407 if (origin_path) {
1408 dput(origin_path->dentry);
1409 kfree(origin_path);
1410 }
1411 dput(upperdentry);
1412 kfree(d.upperredirect);
1413 out:
1414 kfree(d.redirect);
1415 ovl_revert_creds(old_cred);
1416 return ERR_PTR(err);
1417 }
1418
ovl_lower_positive(struct dentry * dentry)1419 bool ovl_lower_positive(struct dentry *dentry)
1420 {
1421 struct ovl_entry *poe = OVL_E(dentry->d_parent);
1422 const struct qstr *name = &dentry->d_name;
1423 const struct cred *old_cred;
1424 unsigned int i;
1425 bool positive = false;
1426 bool done = false;
1427
1428 /*
1429 * If dentry is negative, then lower is positive iff this is a
1430 * whiteout.
1431 */
1432 if (!dentry->d_inode)
1433 return ovl_dentry_is_opaque(dentry);
1434
1435 /* Negative upper -> positive lower */
1436 if (!ovl_dentry_upper(dentry))
1437 return true;
1438
1439 old_cred = ovl_override_creds(dentry->d_sb);
1440 /* Positive upper -> have to look up lower to see whether it exists */
1441 for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) {
1442 struct dentry *this;
1443 struct ovl_path *parentpath = &ovl_lowerstack(poe)[i];
1444
1445 /*
1446 * We need to make a non-const copy of dentry->d_name,
1447 * because lookup_one_positive_unlocked() will hash name
1448 * with parentpath base, which is on another (lower fs).
1449 */
1450 this = lookup_one_positive_unlocked(
1451 mnt_idmap(parentpath->layer->mnt),
1452 &QSTR_LEN(name->name, name->len),
1453 parentpath->dentry);
1454 if (IS_ERR(this)) {
1455 switch (PTR_ERR(this)) {
1456 case -ENOENT:
1457 case -ENAMETOOLONG:
1458 break;
1459
1460 default:
1461 /*
1462 * Assume something is there, we just couldn't
1463 * access it.
1464 */
1465 positive = true;
1466 break;
1467 }
1468 } else {
1469 struct path path = {
1470 .dentry = this,
1471 .mnt = parentpath->layer->mnt,
1472 };
1473 positive = !ovl_path_is_whiteout(OVL_FS(dentry->d_sb), &path);
1474 done = true;
1475 dput(this);
1476 }
1477 }
1478 ovl_revert_creds(old_cred);
1479
1480 return positive;
1481 }
1482