1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2011 Novell Inc.
4 * Copyright (C) 2016 Red Hat, Inc.
5 */
6
7 #include <linux/fs.h>
8 #include <linux/cred.h>
9 #include <linux/ctype.h>
10 #include <linux/namei.h>
11 #include <linux/xattr.h>
12 #include <linux/ratelimit.h>
13 #include <linux/mount.h>
14 #include <linux/exportfs.h>
15 #include "overlayfs.h"
16
17 struct ovl_lookup_data {
18 struct super_block *sb;
19 struct dentry *dentry;
20 const struct ovl_layer *layer;
21 struct qstr name;
22 bool is_dir;
23 bool opaque;
24 bool xwhiteouts;
25 bool stop;
26 bool last;
27 char *redirect;
28 char *upperredirect;
29 int metacopy;
30 /* Referring to last redirect xattr */
31 bool absolute_redirect;
32 };
33
ovl_check_redirect(const struct path * path,struct ovl_lookup_data * d,size_t prelen,const char * post)34 static int ovl_check_redirect(const struct path *path, struct ovl_lookup_data *d,
35 size_t prelen, const char *post)
36 {
37 int res;
38 char *buf;
39 struct ovl_fs *ofs = OVL_FS(d->sb);
40
41 d->absolute_redirect = false;
42 buf = ovl_get_redirect_xattr(ofs, path, prelen + strlen(post));
43 if (IS_ERR_OR_NULL(buf))
44 return PTR_ERR(buf);
45
46 if (buf[0] == '/') {
47 d->absolute_redirect = true;
48 /*
49 * One of the ancestor path elements in an absolute path
50 * lookup in ovl_lookup_layer() could have been opaque and
51 * that will stop further lookup in lower layers (d->stop=true)
52 * But we have found an absolute redirect in descendant path
53 * element and that should force continue lookup in lower
54 * layers (reset d->stop).
55 */
56 d->stop = false;
57 } else {
58 res = strlen(buf) + 1;
59 memmove(buf + prelen, buf, res);
60 memcpy(buf, d->name.name, prelen);
61 }
62
63 strcat(buf, post);
64 kfree(d->redirect);
65 d->redirect = buf;
66 d->name.name = d->redirect;
67 d->name.len = strlen(d->redirect);
68
69 return 0;
70 }
71
ovl_acceptable(void * ctx,struct dentry * dentry)72 static int ovl_acceptable(void *ctx, struct dentry *dentry)
73 {
74 /*
75 * A non-dir origin may be disconnected, which is fine, because
76 * we only need it for its unique inode number.
77 */
78 if (!d_is_dir(dentry))
79 return 1;
80
81 /* Don't decode a deleted empty directory */
82 if (d_unhashed(dentry))
83 return 0;
84
85 /* Check if directory belongs to the layer we are decoding from */
86 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
87 }
88
89 /*
90 * Check validity of an overlay file handle buffer.
91 *
92 * Return 0 for a valid file handle.
93 * Return -ENODATA for "origin unknown".
94 * Return <0 for an invalid file handle.
95 */
ovl_check_fb_len(struct ovl_fb * fb,int fb_len)96 int ovl_check_fb_len(struct ovl_fb *fb, int fb_len)
97 {
98 if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len)
99 return -EINVAL;
100
101 if (fb->magic != OVL_FH_MAGIC)
102 return -EINVAL;
103
104 /* Treat larger version and unknown flags as "origin unknown" */
105 if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL)
106 return -ENODATA;
107
108 /* Treat endianness mismatch as "origin unknown" */
109 if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
110 (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
111 return -ENODATA;
112
113 return 0;
114 }
115
ovl_get_fh(struct ovl_fs * ofs,struct dentry * upperdentry,enum ovl_xattr ox)116 static struct ovl_fh *ovl_get_fh(struct ovl_fs *ofs, struct dentry *upperdentry,
117 enum ovl_xattr ox)
118 {
119 int res, err;
120 struct ovl_fh *fh = NULL;
121
122 res = ovl_getxattr_upper(ofs, upperdentry, ox, NULL, 0);
123 if (res < 0) {
124 if (res == -ENODATA || res == -EOPNOTSUPP)
125 return NULL;
126 goto fail;
127 }
128 /* Zero size value means "copied up but origin unknown" */
129 if (res == 0)
130 return NULL;
131
132 fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
133 if (!fh)
134 return ERR_PTR(-ENOMEM);
135
136 res = ovl_getxattr_upper(ofs, upperdentry, ox, fh->buf, res);
137 if (res < 0)
138 goto fail;
139
140 err = ovl_check_fb_len(&fh->fb, res);
141 if (err < 0) {
142 if (err == -ENODATA)
143 goto out;
144 goto invalid;
145 }
146
147 return fh;
148
149 out:
150 kfree(fh);
151 return NULL;
152
153 fail:
154 pr_warn_ratelimited("failed to get origin (%i)\n", res);
155 goto out;
156 invalid:
157 pr_warn_ratelimited("invalid origin (%*phN)\n", res, fh);
158 goto out;
159 }
160
ovl_decode_real_fh(struct ovl_fs * ofs,struct ovl_fh * fh,struct vfsmount * mnt,bool connected)161 struct dentry *ovl_decode_real_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
162 struct vfsmount *mnt, bool connected)
163 {
164 struct dentry *real;
165 int bytes;
166
167 if (!capable(CAP_DAC_READ_SEARCH))
168 return NULL;
169
170 /*
171 * Make sure that the stored uuid matches the uuid of the lower
172 * layer where file handle will be decoded.
173 * In case of uuid=off option just make sure that stored uuid is null.
174 */
175 if (ovl_origin_uuid(ofs) ?
176 !uuid_equal(&fh->fb.uuid, &mnt->mnt_sb->s_uuid) :
177 !uuid_is_null(&fh->fb.uuid))
178 return NULL;
179
180 bytes = (fh->fb.len - offsetof(struct ovl_fb, fid));
181 real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid,
182 bytes >> 2, (int)fh->fb.type,
183 connected ? ovl_acceptable : NULL, mnt);
184 if (IS_ERR(real)) {
185 /*
186 * Treat stale file handle to lower file as "origin unknown".
187 * upper file handle could become stale when upper file is
188 * unlinked and this information is needed to handle stale
189 * index entries correctly.
190 */
191 if (real == ERR_PTR(-ESTALE) &&
192 !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER))
193 real = NULL;
194 return real;
195 }
196
197 if (ovl_dentry_weird(real)) {
198 dput(real);
199 return NULL;
200 }
201
202 return real;
203 }
204
ovl_lookup_positive_unlocked(struct ovl_lookup_data * d,const char * name,struct dentry * base,int len,bool drop_negative)205 static struct dentry *ovl_lookup_positive_unlocked(struct ovl_lookup_data *d,
206 const char *name,
207 struct dentry *base, int len,
208 bool drop_negative)
209 {
210 struct dentry *ret = lookup_one_unlocked(mnt_idmap(d->layer->mnt),
211 &QSTR_LEN(name, len), base);
212
213 if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
214 if (drop_negative && ret->d_lockref.count == 1) {
215 spin_lock(&ret->d_lock);
216 /* Recheck condition under lock */
217 if (d_is_negative(ret) && ret->d_lockref.count == 1)
218 __d_drop(ret);
219 spin_unlock(&ret->d_lock);
220 }
221 dput(ret);
222 ret = ERR_PTR(-ENOENT);
223 }
224 return ret;
225 }
226
ovl_lookup_single(struct dentry * base,struct ovl_lookup_data * d,const char * name,unsigned int namelen,size_t prelen,const char * post,struct dentry ** ret,bool drop_negative)227 static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
228 const char *name, unsigned int namelen,
229 size_t prelen, const char *post,
230 struct dentry **ret, bool drop_negative)
231 {
232 struct ovl_fs *ofs = OVL_FS(d->sb);
233 struct dentry *this = NULL;
234 const char *warn;
235 struct path path;
236 int err;
237 bool last_element = !post[0];
238 bool is_upper = d->layer->idx == 0;
239 char val;
240
241 /*
242 * We allow filesystems that are case-folding capable but deny composing
243 * ovl stack from case-folded directories. If someone has enabled case
244 * folding on a directory on underlying layer, the warranty of the ovl
245 * stack is voided.
246 */
247 if (ovl_dentry_casefolded(base)) {
248 warn = "case folded parent";
249 err = -ESTALE;
250 goto out_warn;
251 }
252
253 this = ovl_lookup_positive_unlocked(d, name, base, namelen, drop_negative);
254 if (IS_ERR(this)) {
255 err = PTR_ERR(this);
256 this = NULL;
257 if (err == -ENOENT || err == -ENAMETOOLONG)
258 goto out;
259 goto out_err;
260 }
261
262 if (ovl_dentry_casefolded(this)) {
263 warn = "case folded child";
264 err = -EREMOTE;
265 goto out_warn;
266 }
267
268 if (ovl_dentry_weird(this)) {
269 /* Don't support traversing automounts and other weirdness */
270 warn = "unsupported object type";
271 err = -EREMOTE;
272 goto out_warn;
273 }
274
275 path.dentry = this;
276 path.mnt = d->layer->mnt;
277 if (ovl_path_is_whiteout(ofs, &path)) {
278 d->stop = d->opaque = true;
279 goto put_and_out;
280 }
281 /*
282 * This dentry should be a regular file if previous layer lookup
283 * found a metacopy dentry.
284 */
285 if (last_element && d->metacopy && !d_is_reg(this)) {
286 d->stop = true;
287 goto put_and_out;
288 }
289
290 if (!d_can_lookup(this)) {
291 if (d->is_dir || !last_element) {
292 d->stop = true;
293 goto put_and_out;
294 }
295 err = ovl_check_metacopy_xattr(ofs, &path, NULL);
296 if (err < 0)
297 goto out_err;
298
299 d->metacopy = err;
300 d->stop = !d->metacopy;
301 if (!d->metacopy || d->last)
302 goto out;
303 } else {
304 if (ovl_lookup_trap_inode(d->sb, this)) {
305 /* Caught in a trap of overlapping layers */
306 warn = "overlapping layers";
307 err = -ELOOP;
308 goto out_warn;
309 }
310
311 if (last_element)
312 d->is_dir = true;
313 if (d->last)
314 goto out;
315
316 /* overlay.opaque=x means xwhiteouts directory */
317 val = ovl_get_opaquedir_val(ofs, &path);
318 if (last_element && !is_upper && val == 'x') {
319 d->xwhiteouts = true;
320 ovl_layer_set_xwhiteouts(ofs, d->layer);
321 } else if (val == 'y') {
322 d->stop = true;
323 if (last_element)
324 d->opaque = true;
325 goto out;
326 }
327 }
328 err = ovl_check_redirect(&path, d, prelen, post);
329 if (err)
330 goto out_err;
331 out:
332 *ret = this;
333 return 0;
334
335 put_and_out:
336 dput(this);
337 this = NULL;
338 goto out;
339
340 out_warn:
341 pr_warn_ratelimited("failed lookup in %s (%pd2, name='%.*s', err=%i): %s\n",
342 is_upper ? "upper" : "lower", base,
343 namelen, name, err, warn);
344 out_err:
345 dput(this);
346 return err;
347 }
348
ovl_lookup_layer(struct dentry * base,struct ovl_lookup_data * d,struct dentry ** ret,bool drop_negative)349 static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
350 struct dentry **ret, bool drop_negative)
351 {
352 /* Counting down from the end, since the prefix can change */
353 size_t rem = d->name.len - 1;
354 struct dentry *dentry = NULL;
355 int err;
356
357 if (d->name.name[0] != '/')
358 return ovl_lookup_single(base, d, d->name.name, d->name.len,
359 0, "", ret, drop_negative);
360
361 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
362 const char *s = d->name.name + d->name.len - rem;
363 const char *next = strchrnul(s, '/');
364 size_t thislen = next - s;
365 bool end = !next[0];
366
367 /* Verify we did not go off the rails */
368 if (WARN_ON(s[-1] != '/'))
369 return -EIO;
370
371 err = ovl_lookup_single(base, d, s, thislen,
372 d->name.len - rem, next, &base,
373 drop_negative);
374 dput(dentry);
375 if (err)
376 return err;
377 dentry = base;
378 if (end)
379 break;
380
381 rem -= thislen + 1;
382
383 if (WARN_ON(rem >= d->name.len))
384 return -EIO;
385 }
386 *ret = dentry;
387 return 0;
388 }
389
ovl_lookup_data_layer(struct dentry * dentry,const char * redirect,const struct ovl_layer * layer,struct path * datapath)390 static int ovl_lookup_data_layer(struct dentry *dentry, const char *redirect,
391 const struct ovl_layer *layer,
392 struct path *datapath)
393 {
394 int err;
395
396 err = vfs_path_lookup(layer->mnt->mnt_root, layer->mnt, redirect,
397 LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | LOOKUP_NO_XDEV,
398 datapath);
399 pr_debug("lookup lowerdata (%pd2, redirect=\"%s\", layer=%d, err=%i)\n",
400 dentry, redirect, layer->idx, err);
401
402 if (err)
403 return err;
404
405 err = -EREMOTE;
406 if (ovl_dentry_weird(datapath->dentry))
407 goto out_path_put;
408
409 err = -ENOENT;
410 /* Only regular file is acceptable as lower data */
411 if (!d_is_reg(datapath->dentry))
412 goto out_path_put;
413
414 return 0;
415
416 out_path_put:
417 path_put(datapath);
418
419 return err;
420 }
421
422 /* Lookup in data-only layers by absolute redirect to layer root */
ovl_lookup_data_layers(struct dentry * dentry,const char * redirect,struct ovl_path * lowerdata)423 static int ovl_lookup_data_layers(struct dentry *dentry, const char *redirect,
424 struct ovl_path *lowerdata)
425 {
426 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
427 const struct ovl_layer *layer;
428 struct path datapath;
429 int err = -ENOENT;
430 int i;
431
432 layer = &ofs->layers[ofs->numlayer - ofs->numdatalayer];
433 for (i = 0; i < ofs->numdatalayer; i++, layer++) {
434 err = ovl_lookup_data_layer(dentry, redirect, layer, &datapath);
435 if (!err) {
436 mntput(datapath.mnt);
437 lowerdata->dentry = datapath.dentry;
438 lowerdata->layer = layer;
439 return 0;
440 }
441 }
442
443 return err;
444 }
445
ovl_check_origin_fh(struct ovl_fs * ofs,struct ovl_fh * fh,bool connected,struct dentry * upperdentry,struct ovl_path ** stackp)446 int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
447 struct dentry *upperdentry, struct ovl_path **stackp)
448 {
449 struct dentry *origin = NULL;
450 int i;
451
452 for (i = 1; i <= ovl_numlowerlayer(ofs); i++) {
453 /*
454 * If lower fs uuid is not unique among lower fs we cannot match
455 * fh->uuid to layer.
456 */
457 if (ofs->layers[i].fsid &&
458 ofs->layers[i].fs->bad_uuid)
459 continue;
460
461 origin = ovl_decode_real_fh(ofs, fh, ofs->layers[i].mnt,
462 connected);
463 if (origin)
464 break;
465 }
466
467 if (!origin)
468 return -ESTALE;
469 else if (IS_ERR(origin))
470 return PTR_ERR(origin);
471
472 if (upperdentry && !ovl_upper_is_whiteout(ofs, upperdentry) &&
473 inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode))
474 goto invalid;
475
476 if (!*stackp)
477 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
478 if (!*stackp) {
479 dput(origin);
480 return -ENOMEM;
481 }
482 **stackp = (struct ovl_path){
483 .dentry = origin,
484 .layer = &ofs->layers[i]
485 };
486
487 return 0;
488
489 invalid:
490 pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
491 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
492 d_inode(origin)->i_mode & S_IFMT);
493 dput(origin);
494 return -ESTALE;
495 }
496
ovl_check_origin(struct ovl_fs * ofs,struct dentry * upperdentry,struct ovl_path ** stackp)497 static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
498 struct ovl_path **stackp)
499 {
500 struct ovl_fh *fh = ovl_get_fh(ofs, upperdentry, OVL_XATTR_ORIGIN);
501 int err;
502
503 if (IS_ERR_OR_NULL(fh))
504 return PTR_ERR(fh);
505
506 err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp);
507 kfree(fh);
508
509 if (err) {
510 if (err == -ESTALE)
511 return 0;
512 return err;
513 }
514
515 return 0;
516 }
517
518 /*
519 * Verify that @fh matches the file handle stored in xattr @name.
520 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
521 */
ovl_verify_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh)522 static int ovl_verify_fh(struct ovl_fs *ofs, struct dentry *dentry,
523 enum ovl_xattr ox, const struct ovl_fh *fh)
524 {
525 struct ovl_fh *ofh = ovl_get_fh(ofs, dentry, ox);
526 int err = 0;
527
528 if (!ofh)
529 return -ENODATA;
530
531 if (IS_ERR(ofh))
532 return PTR_ERR(ofh);
533
534 if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len))
535 err = -ESTALE;
536
537 kfree(ofh);
538 return err;
539 }
540
ovl_verify_set_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh,bool is_upper,bool set)541 int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry,
542 enum ovl_xattr ox, const struct ovl_fh *fh,
543 bool is_upper, bool set)
544 {
545 int err;
546
547 err = ovl_verify_fh(ofs, dentry, ox, fh);
548 if (set && err == -ENODATA)
549 err = ovl_setxattr(ofs, dentry, ox, fh->buf, fh->fb.len);
550
551 return err;
552 }
553
554 /*
555 * Verify that @real dentry matches the file handle stored in xattr @name.
556 *
557 * If @set is true and there is no stored file handle, encode @real and store
558 * file handle in xattr @name.
559 *
560 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
561 */
ovl_verify_origin_xattr(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,struct dentry * real,bool is_upper,bool set)562 int ovl_verify_origin_xattr(struct ovl_fs *ofs, struct dentry *dentry,
563 enum ovl_xattr ox, struct dentry *real,
564 bool is_upper, bool set)
565 {
566 struct inode *inode;
567 struct ovl_fh *fh;
568 int err;
569
570 fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper);
571 err = PTR_ERR(fh);
572 if (IS_ERR(fh)) {
573 fh = NULL;
574 goto fail;
575 }
576
577 err = ovl_verify_set_fh(ofs, dentry, ox, fh, is_upper, set);
578 if (err)
579 goto fail;
580
581 out:
582 kfree(fh);
583 return err;
584
585 fail:
586 inode = d_inode(real);
587 pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n",
588 is_upper ? "upper" : "origin", real,
589 inode ? inode->i_ino : 0, err);
590 goto out;
591 }
592
593
594 /* Get upper dentry from index */
ovl_index_upper(struct ovl_fs * ofs,struct dentry * index,bool connected)595 struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index,
596 bool connected)
597 {
598 struct ovl_fh *fh;
599 struct dentry *upper;
600
601 if (!d_is_dir(index))
602 return dget(index);
603
604 fh = ovl_get_fh(ofs, index, OVL_XATTR_UPPER);
605 if (IS_ERR_OR_NULL(fh))
606 return ERR_CAST(fh);
607
608 upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), connected);
609 kfree(fh);
610
611 if (IS_ERR_OR_NULL(upper))
612 return upper ?: ERR_PTR(-ESTALE);
613
614 if (!d_is_dir(upper)) {
615 pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n",
616 index, upper);
617 dput(upper);
618 return ERR_PTR(-EIO);
619 }
620
621 return upper;
622 }
623
624 /*
625 * Verify that an index entry name matches the origin file handle stored in
626 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
627 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
628 */
ovl_verify_index(struct ovl_fs * ofs,struct dentry * index)629 int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
630 {
631 struct ovl_fh *fh = NULL;
632 size_t len;
633 struct ovl_path origin = { };
634 struct ovl_path *stack = &origin;
635 struct dentry *upper = NULL;
636 int err;
637
638 if (!d_inode(index))
639 return 0;
640
641 err = -EINVAL;
642 if (index->d_name.len < sizeof(struct ovl_fb)*2)
643 goto fail;
644
645 err = -ENOMEM;
646 len = index->d_name.len / 2;
647 fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
648 if (!fh)
649 goto fail;
650
651 err = -EINVAL;
652 if (hex2bin(fh->buf, index->d_name.name, len))
653 goto fail;
654
655 err = ovl_check_fb_len(&fh->fb, len);
656 if (err)
657 goto fail;
658
659 /*
660 * Whiteout index entries are used as an indication that an exported
661 * overlay file handle should be treated as stale (i.e. after unlink
662 * of the overlay inode). These entries contain no origin xattr.
663 */
664 if (ovl_is_whiteout(index))
665 goto out;
666
667 /*
668 * Verifying directory index entries are not stale is expensive, so
669 * only verify stale dir index if NFS export is enabled.
670 */
671 if (d_is_dir(index) && !ofs->config.nfs_export)
672 goto out;
673
674 /*
675 * Directory index entries should have 'upper' xattr pointing to the
676 * real upper dir. Non-dir index entries are hardlinks to the upper
677 * real inode. For non-dir index, we can read the copy up origin xattr
678 * directly from the index dentry, but for dir index we first need to
679 * decode the upper directory.
680 */
681 upper = ovl_index_upper(ofs, index, false);
682 if (IS_ERR_OR_NULL(upper)) {
683 err = PTR_ERR(upper);
684 /*
685 * Directory index entries with no 'upper' xattr need to be
686 * removed. When dir index entry has a stale 'upper' xattr,
687 * we assume that upper dir was removed and we treat the dir
688 * index as orphan entry that needs to be whited out.
689 */
690 if (err == -ESTALE)
691 goto orphan;
692 else if (!err)
693 err = -ESTALE;
694 goto fail;
695 }
696
697 err = ovl_verify_fh(ofs, upper, OVL_XATTR_ORIGIN, fh);
698 dput(upper);
699 if (err)
700 goto fail;
701
702 /* Check if non-dir index is orphan and don't warn before cleaning it */
703 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
704 err = ovl_check_origin_fh(ofs, fh, false, index, &stack);
705 if (err)
706 goto fail;
707
708 if (ovl_get_nlink(ofs, origin.dentry, index, 0) == 0)
709 goto orphan;
710 }
711
712 out:
713 dput(origin.dentry);
714 kfree(fh);
715 return err;
716
717 fail:
718 pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n",
719 index, d_inode(index)->i_mode & S_IFMT, err);
720 goto out;
721
722 orphan:
723 pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
724 index, d_inode(index)->i_mode & S_IFMT,
725 d_inode(index)->i_nlink);
726 err = -ENOENT;
727 goto out;
728 }
729
ovl_get_index_name_fh(const struct ovl_fh * fh,struct qstr * name)730 int ovl_get_index_name_fh(const struct ovl_fh *fh, struct qstr *name)
731 {
732 char *n, *s;
733
734 n = kcalloc(fh->fb.len, 2, GFP_KERNEL);
735 if (!n)
736 return -ENOMEM;
737
738 s = bin2hex(n, fh->buf, fh->fb.len);
739 *name = (struct qstr) QSTR_INIT(n, s - n);
740
741 return 0;
742
743 }
744
745 /*
746 * Lookup in indexdir for the index entry of a lower real inode or a copy up
747 * origin inode. The index entry name is the hex representation of the lower
748 * inode file handle.
749 *
750 * If the index dentry in negative, then either no lower aliases have been
751 * copied up yet, or aliases have been copied up in older kernels and are
752 * not indexed.
753 *
754 * If the index dentry for a copy up origin inode is positive, but points
755 * to an inode different than the upper inode, then either the upper inode
756 * has been copied up and not indexed or it was indexed, but since then
757 * index dir was cleared. Either way, that index cannot be used to identify
758 * the overlay inode.
759 */
ovl_get_index_name(struct ovl_fs * ofs,struct dentry * origin,struct qstr * name)760 int ovl_get_index_name(struct ovl_fs *ofs, struct dentry *origin,
761 struct qstr *name)
762 {
763 struct ovl_fh *fh;
764 int err;
765
766 fh = ovl_encode_real_fh(ofs, d_inode(origin), false);
767 if (IS_ERR(fh))
768 return PTR_ERR(fh);
769
770 err = ovl_get_index_name_fh(fh, name);
771
772 kfree(fh);
773 return err;
774 }
775
776 /* Lookup index by file handle for NFS export */
ovl_get_index_fh(struct ovl_fs * ofs,struct ovl_fh * fh)777 struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
778 {
779 struct dentry *index;
780 struct qstr name;
781 int err;
782
783 err = ovl_get_index_name_fh(fh, &name);
784 if (err)
785 return ERR_PTR(err);
786
787 index = lookup_noperm_positive_unlocked(&name, ofs->workdir);
788 kfree(name.name);
789 if (IS_ERR(index)) {
790 if (PTR_ERR(index) == -ENOENT)
791 index = NULL;
792 return index;
793 }
794
795 if (ovl_is_whiteout(index))
796 err = -ESTALE;
797 else if (ovl_dentry_weird(index))
798 err = -EIO;
799 else
800 return index;
801
802 dput(index);
803 return ERR_PTR(err);
804 }
805
ovl_lookup_index(struct ovl_fs * ofs,struct dentry * upper,struct dentry * origin,bool verify)806 struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
807 struct dentry *origin, bool verify)
808 {
809 struct dentry *index;
810 struct inode *inode;
811 struct qstr name;
812 bool is_dir = d_is_dir(origin);
813 int err;
814
815 err = ovl_get_index_name(ofs, origin, &name);
816 if (err)
817 return ERR_PTR(err);
818
819 index = lookup_one_positive_unlocked(ovl_upper_mnt_idmap(ofs), &name,
820 ofs->workdir);
821 if (IS_ERR(index)) {
822 err = PTR_ERR(index);
823 if (err == -ENOENT) {
824 index = NULL;
825 goto out;
826 }
827 pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n"
828 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
829 d_inode(origin)->i_ino, name.len, name.name,
830 err);
831 goto out;
832 }
833
834 inode = d_inode(index);
835 if (ovl_is_whiteout(index) && !verify) {
836 /*
837 * When index lookup is called with !verify for decoding an
838 * overlay file handle, a whiteout index implies that decode
839 * should treat file handle as stale and no need to print a
840 * warning about it.
841 */
842 dput(index);
843 index = ERR_PTR(-ESTALE);
844 goto out;
845 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
846 inode_wrong_type(inode, d_inode(origin)->i_mode)) {
847 /*
848 * Index should always be of the same file type as origin
849 * except for the case of a whiteout index. A whiteout
850 * index should only exist if all lower aliases have been
851 * unlinked, which means that finding a lower origin on lookup
852 * whose index is a whiteout should be treated as an error.
853 */
854 pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
855 index, d_inode(index)->i_mode & S_IFMT,
856 d_inode(origin)->i_mode & S_IFMT);
857 goto fail;
858 } else if (is_dir && verify) {
859 if (!upper) {
860 pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
861 origin, index);
862 goto fail;
863 }
864
865 /* Verify that dir index 'upper' xattr points to upper dir */
866 err = ovl_verify_upper(ofs, index, upper, false);
867 if (err) {
868 if (err == -ESTALE) {
869 pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
870 upper, origin, index);
871 }
872 goto fail;
873 }
874 } else if (upper && d_inode(upper) != inode) {
875 goto out_dput;
876 }
877 out:
878 kfree(name.name);
879 return index;
880
881 out_dput:
882 dput(index);
883 index = NULL;
884 goto out;
885
886 fail:
887 dput(index);
888 index = ERR_PTR(-EIO);
889 goto out;
890 }
891
892 /*
893 * Returns next layer in stack starting from top.
894 * Returns -1 if this is the last layer.
895 */
ovl_path_next(int idx,struct dentry * dentry,struct path * path,const struct ovl_layer ** layer)896 int ovl_path_next(int idx, struct dentry *dentry, struct path *path,
897 const struct ovl_layer **layer)
898 {
899 struct ovl_entry *oe = OVL_E(dentry);
900 struct ovl_path *lowerstack = ovl_lowerstack(oe);
901
902 BUG_ON(idx < 0);
903 if (idx == 0) {
904 ovl_path_upper(dentry, path);
905 if (path->dentry) {
906 *layer = &OVL_FS(dentry->d_sb)->layers[0];
907 return ovl_numlower(oe) ? 1 : -1;
908 }
909 idx++;
910 }
911 BUG_ON(idx > ovl_numlower(oe));
912 path->dentry = lowerstack[idx - 1].dentry;
913 *layer = lowerstack[idx - 1].layer;
914 path->mnt = (*layer)->mnt;
915
916 return (idx < ovl_numlower(oe)) ? idx + 1 : -1;
917 }
918
919 /* Fix missing 'origin' xattr */
ovl_fix_origin(struct ovl_fs * ofs,struct dentry * dentry,struct dentry * lower,struct dentry * upper)920 static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry,
921 struct dentry *lower, struct dentry *upper)
922 {
923 const struct ovl_fh *fh;
924 int err;
925
926 if (ovl_check_origin_xattr(ofs, upper))
927 return 0;
928
929 fh = ovl_get_origin_fh(ofs, lower);
930 if (IS_ERR(fh))
931 return PTR_ERR(fh);
932
933 err = ovl_want_write(dentry);
934 if (err)
935 goto out;
936
937 err = ovl_set_origin_fh(ofs, fh, upper);
938 if (!err)
939 err = ovl_set_impure(dentry->d_parent, upper->d_parent);
940
941 ovl_drop_write(dentry);
942 out:
943 kfree(fh);
944 return err;
945 }
946
ovl_maybe_validate_verity(struct dentry * dentry)947 static int ovl_maybe_validate_verity(struct dentry *dentry)
948 {
949 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
950 struct inode *inode = d_inode(dentry);
951 struct path datapath, metapath;
952 int err;
953
954 if (!ofs->config.verity_mode ||
955 !ovl_is_metacopy_dentry(dentry) ||
956 ovl_test_flag(OVL_VERIFIED_DIGEST, inode))
957 return 0;
958
959 if (!ovl_test_flag(OVL_HAS_DIGEST, inode)) {
960 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) {
961 pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n",
962 dentry);
963 return -EIO;
964 }
965 return 0;
966 }
967
968 ovl_path_lowerdata(dentry, &datapath);
969 if (!datapath.dentry)
970 return -EIO;
971
972 ovl_path_real(dentry, &metapath);
973 if (!metapath.dentry)
974 return -EIO;
975
976 err = ovl_inode_lock_interruptible(inode);
977 if (err)
978 return err;
979
980 if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) {
981 const struct cred *old_cred;
982
983 old_cred = ovl_override_creds(dentry->d_sb);
984
985 err = ovl_validate_verity(ofs, &metapath, &datapath);
986 if (err == 0)
987 ovl_set_flag(OVL_VERIFIED_DIGEST, inode);
988
989 ovl_revert_creds(old_cred);
990 }
991
992 ovl_inode_unlock(inode);
993
994 return err;
995 }
996
997 /* Lazy lookup of lowerdata */
ovl_maybe_lookup_lowerdata(struct dentry * dentry)998 static int ovl_maybe_lookup_lowerdata(struct dentry *dentry)
999 {
1000 struct inode *inode = d_inode(dentry);
1001 const char *redirect = ovl_lowerdata_redirect(inode);
1002 struct ovl_path datapath = {};
1003 const struct cred *old_cred;
1004 int err;
1005
1006 if (!redirect || ovl_dentry_lowerdata(dentry))
1007 return 0;
1008
1009 if (redirect[0] != '/')
1010 return -EIO;
1011
1012 err = ovl_inode_lock_interruptible(inode);
1013 if (err)
1014 return err;
1015
1016 err = 0;
1017 /* Someone got here before us? */
1018 if (ovl_dentry_lowerdata(dentry))
1019 goto out;
1020
1021 old_cred = ovl_override_creds(dentry->d_sb);
1022 err = ovl_lookup_data_layers(dentry, redirect, &datapath);
1023 ovl_revert_creds(old_cred);
1024 if (err)
1025 goto out_err;
1026
1027 err = ovl_dentry_set_lowerdata(dentry, &datapath);
1028 if (err)
1029 goto out_err;
1030
1031 out:
1032 ovl_inode_unlock(inode);
1033 dput(datapath.dentry);
1034
1035 return err;
1036
1037 out_err:
1038 pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n",
1039 dentry, err);
1040 goto out;
1041 }
1042
ovl_verify_lowerdata(struct dentry * dentry)1043 int ovl_verify_lowerdata(struct dentry *dentry)
1044 {
1045 int err;
1046
1047 err = ovl_maybe_lookup_lowerdata(dentry);
1048 if (err)
1049 return err;
1050
1051 return ovl_maybe_validate_verity(dentry);
1052 }
1053
1054 /*
1055 * Following redirects/metacopy can have security consequences: it's like a
1056 * symlink into the lower layer without the permission checks.
1057 *
1058 * This is only a problem if the upper layer is untrusted (e.g comes from an USB
1059 * drive). This can allow a non-readable file or directory to become readable.
1060 *
1061 * Only following redirects when redirects are enabled disables this attack
1062 * vector when not necessary.
1063 */
ovl_check_follow_redirect(struct ovl_lookup_data * d)1064 static bool ovl_check_follow_redirect(struct ovl_lookup_data *d)
1065 {
1066 struct ovl_fs *ofs = OVL_FS(d->sb);
1067
1068 if (d->metacopy && !ofs->config.metacopy) {
1069 pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", d->dentry);
1070 return false;
1071 }
1072 if ((d->redirect || d->upperredirect) && !ovl_redirect_follow(ofs)) {
1073 pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", d->dentry);
1074 return false;
1075 }
1076 return true;
1077 }
1078
ovl_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)1079 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
1080 unsigned int flags)
1081 {
1082 struct ovl_entry *oe = NULL;
1083 const struct cred *old_cred;
1084 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
1085 struct ovl_entry *poe = OVL_E(dentry->d_parent);
1086 struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root);
1087 struct ovl_path *stack = NULL, *origin_path = NULL;
1088 struct dentry *upperdir, *upperdentry = NULL;
1089 struct dentry *origin = NULL;
1090 struct dentry *index = NULL;
1091 unsigned int ctr = 0;
1092 struct inode *inode = NULL;
1093 bool upperopaque = false;
1094 bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer);
1095 struct dentry *this;
1096 unsigned int i;
1097 int err;
1098 bool uppermetacopy = false;
1099 int metacopy_size = 0;
1100 struct ovl_lookup_data d = {
1101 .sb = dentry->d_sb,
1102 .dentry = dentry,
1103 .name = dentry->d_name,
1104 .is_dir = false,
1105 .opaque = false,
1106 .stop = false,
1107 .last = check_redirect ? false : !ovl_numlower(poe),
1108 .redirect = NULL,
1109 .upperredirect = NULL,
1110 .metacopy = 0,
1111 };
1112
1113 if (dentry->d_name.len > ofs->namelen)
1114 return ERR_PTR(-ENAMETOOLONG);
1115
1116 old_cred = ovl_override_creds(dentry->d_sb);
1117 upperdir = ovl_dentry_upper(dentry->d_parent);
1118 if (upperdir) {
1119 d.layer = &ofs->layers[0];
1120 err = ovl_lookup_layer(upperdir, &d, &upperdentry, true);
1121 if (err)
1122 goto out;
1123
1124 if (upperdentry && upperdentry->d_flags & DCACHE_OP_REAL) {
1125 dput(upperdentry);
1126 err = -EREMOTE;
1127 goto out;
1128 }
1129 if (upperdentry && !d.is_dir) {
1130 /*
1131 * Lookup copy up origin by decoding origin file handle.
1132 * We may get a disconnected dentry, which is fine,
1133 * because we only need to hold the origin inode in
1134 * cache and use its inode number. We may even get a
1135 * connected dentry, that is not under any of the lower
1136 * layers root. That is also fine for using it's inode
1137 * number - it's the same as if we held a reference
1138 * to a dentry in lower layer that was moved under us.
1139 */
1140 err = ovl_check_origin(ofs, upperdentry, &origin_path);
1141 if (err)
1142 goto out_put_upper;
1143
1144 if (d.metacopy)
1145 uppermetacopy = true;
1146 metacopy_size = d.metacopy;
1147 }
1148
1149 if (d.redirect) {
1150 err = -ENOMEM;
1151 d.upperredirect = kstrdup(d.redirect, GFP_KERNEL);
1152 if (!d.upperredirect)
1153 goto out_put_upper;
1154 if (d.redirect[0] == '/')
1155 poe = roe;
1156 }
1157 upperopaque = d.opaque;
1158 }
1159
1160 if (!d.stop && ovl_numlower(poe)) {
1161 err = -ENOMEM;
1162 stack = ovl_stack_alloc(ofs->numlayer - 1);
1163 if (!stack)
1164 goto out_put_upper;
1165 }
1166
1167 for (i = 0; !d.stop && i < ovl_numlower(poe); i++) {
1168 struct ovl_path lower = ovl_lowerstack(poe)[i];
1169
1170 if (!ovl_check_follow_redirect(&d)) {
1171 err = -EPERM;
1172 goto out_put;
1173 }
1174
1175 if (!check_redirect)
1176 d.last = i == ovl_numlower(poe) - 1;
1177 else if (d.is_dir || !ofs->numdatalayer)
1178 d.last = lower.layer->idx == ovl_numlower(roe);
1179
1180 d.layer = lower.layer;
1181 err = ovl_lookup_layer(lower.dentry, &d, &this, false);
1182 if (err)
1183 goto out_put;
1184
1185 if (!this)
1186 continue;
1187
1188 /*
1189 * If no origin fh is stored in upper of a merge dir, store fh
1190 * of lower dir and set upper parent "impure".
1191 */
1192 if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) {
1193 err = ovl_fix_origin(ofs, dentry, this, upperdentry);
1194 if (err) {
1195 dput(this);
1196 goto out_put;
1197 }
1198 }
1199
1200 /*
1201 * When "verify_lower" feature is enabled, do not merge with a
1202 * lower dir that does not match a stored origin xattr. In any
1203 * case, only verified origin is used for index lookup.
1204 *
1205 * For non-dir dentry, if index=on, then ensure origin
1206 * matches the dentry found using path based lookup,
1207 * otherwise error out.
1208 */
1209 if (upperdentry && !ctr &&
1210 ((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
1211 (!d.is_dir && ofs->config.index && origin_path))) {
1212 err = ovl_verify_origin(ofs, upperdentry, this, false);
1213 if (err) {
1214 dput(this);
1215 if (d.is_dir)
1216 break;
1217 goto out_put;
1218 }
1219 origin = this;
1220 }
1221
1222 if (!upperdentry && !d.is_dir && !ctr && d.metacopy)
1223 metacopy_size = d.metacopy;
1224
1225 if (d.metacopy && ctr) {
1226 /*
1227 * Do not store intermediate metacopy dentries in
1228 * lower chain, except top most lower metacopy dentry.
1229 * Continue the loop so that if there is an absolute
1230 * redirect on this dentry, poe can be reset to roe.
1231 */
1232 dput(this);
1233 this = NULL;
1234 } else {
1235 stack[ctr].dentry = this;
1236 stack[ctr].layer = lower.layer;
1237 ctr++;
1238 }
1239
1240 if (d.stop)
1241 break;
1242
1243 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
1244 poe = roe;
1245 /* Find the current layer on the root dentry */
1246 i = lower.layer->idx - 1;
1247 }
1248 }
1249
1250 /*
1251 * Defer lookup of lowerdata in data-only layers to first access.
1252 * Don't require redirect=follow and metacopy=on in this case.
1253 */
1254 if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) {
1255 d.metacopy = 0;
1256 ctr++;
1257 } else if (!ovl_check_follow_redirect(&d)) {
1258 err = -EPERM;
1259 goto out_put;
1260 }
1261
1262 /*
1263 * For regular non-metacopy upper dentries, there is no lower
1264 * path based lookup, hence ctr will be zero. If a dentry is found
1265 * using ORIGIN xattr on upper, install it in stack.
1266 *
1267 * For metacopy dentry, path based lookup will find lower dentries.
1268 * Just make sure a corresponding data dentry has been found.
1269 */
1270 if (d.metacopy || (uppermetacopy && !ctr)) {
1271 pr_warn_ratelimited("metacopy with no lower data found - abort lookup (%pd2)\n",
1272 dentry);
1273 err = -EIO;
1274 goto out_put;
1275 } else if (!d.is_dir && upperdentry && !ctr && origin_path) {
1276 if (WARN_ON(stack != NULL)) {
1277 err = -EIO;
1278 goto out_put;
1279 }
1280 stack = origin_path;
1281 ctr = 1;
1282 origin = origin_path->dentry;
1283 origin_path = NULL;
1284 }
1285
1286 /*
1287 * Always lookup index if there is no-upperdentry.
1288 *
1289 * For the case of upperdentry, we have set origin by now if it
1290 * needed to be set. There are basically three cases.
1291 *
1292 * For directories, lookup index by lower inode and verify it matches
1293 * upper inode. We only trust dir index if we verified that lower dir
1294 * matches origin, otherwise dir index entries may be inconsistent
1295 * and we ignore them.
1296 *
1297 * For regular upper, we already set origin if upper had ORIGIN
1298 * xattr. There is no verification though as there is no path
1299 * based dentry lookup in lower in this case.
1300 *
1301 * For metacopy upper, we set a verified origin already if index
1302 * is enabled and if upper had an ORIGIN xattr.
1303 *
1304 */
1305 if (!upperdentry && ctr)
1306 origin = stack[0].dentry;
1307
1308 if (origin && ovl_indexdir(dentry->d_sb) &&
1309 (!d.is_dir || ovl_index_all(dentry->d_sb))) {
1310 index = ovl_lookup_index(ofs, upperdentry, origin, true);
1311 if (IS_ERR(index)) {
1312 err = PTR_ERR(index);
1313 index = NULL;
1314 goto out_put;
1315 }
1316 }
1317
1318 if (ctr) {
1319 oe = ovl_alloc_entry(ctr);
1320 err = -ENOMEM;
1321 if (!oe)
1322 goto out_put;
1323
1324 ovl_stack_cpy(ovl_lowerstack(oe), stack, ctr);
1325 }
1326
1327 if (upperopaque)
1328 ovl_dentry_set_opaque(dentry);
1329 if (d.xwhiteouts)
1330 ovl_dentry_set_xwhiteouts(dentry);
1331
1332 if (upperdentry)
1333 ovl_dentry_set_upper_alias(dentry);
1334 else if (index) {
1335 struct path upperpath = {
1336 .dentry = upperdentry = dget(index),
1337 .mnt = ovl_upper_mnt(ofs),
1338 };
1339
1340 /*
1341 * It's safe to assign upperredirect here: the previous
1342 * assignment happens only if upperdentry is non-NULL, and
1343 * this one only if upperdentry is NULL.
1344 */
1345 d.upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
1346 if (IS_ERR(d.upperredirect)) {
1347 err = PTR_ERR(d.upperredirect);
1348 d.upperredirect = NULL;
1349 goto out_free_oe;
1350 }
1351
1352 err = ovl_check_metacopy_xattr(ofs, &upperpath, NULL);
1353 if (err < 0)
1354 goto out_free_oe;
1355 d.metacopy = uppermetacopy = err;
1356 metacopy_size = err;
1357
1358 if (!ovl_check_follow_redirect(&d)) {
1359 err = -EPERM;
1360 goto out_free_oe;
1361 }
1362 }
1363
1364 if (upperdentry || ctr) {
1365 struct ovl_inode_params oip = {
1366 .upperdentry = upperdentry,
1367 .oe = oe,
1368 .index = index,
1369 .redirect = d.upperredirect,
1370 };
1371
1372 /* Store lowerdata redirect for lazy lookup */
1373 if (ctr > 1 && !d.is_dir && !stack[ctr - 1].dentry) {
1374 oip.lowerdata_redirect = d.redirect;
1375 d.redirect = NULL;
1376 }
1377 inode = ovl_get_inode(dentry->d_sb, &oip);
1378 err = PTR_ERR(inode);
1379 if (IS_ERR(inode))
1380 goto out_free_oe;
1381 if (upperdentry && !uppermetacopy)
1382 ovl_set_flag(OVL_UPPERDATA, inode);
1383
1384 if (metacopy_size > OVL_METACOPY_MIN_SIZE)
1385 ovl_set_flag(OVL_HAS_DIGEST, inode);
1386 }
1387
1388 ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode));
1389
1390 ovl_revert_creds(old_cred);
1391 if (origin_path) {
1392 dput(origin_path->dentry);
1393 kfree(origin_path);
1394 }
1395 dput(index);
1396 ovl_stack_free(stack, ctr);
1397 kfree(d.redirect);
1398 return d_splice_alias(inode, dentry);
1399
1400 out_free_oe:
1401 ovl_free_entry(oe);
1402 out_put:
1403 dput(index);
1404 ovl_stack_free(stack, ctr);
1405 out_put_upper:
1406 if (origin_path) {
1407 dput(origin_path->dentry);
1408 kfree(origin_path);
1409 }
1410 dput(upperdentry);
1411 kfree(d.upperredirect);
1412 out:
1413 kfree(d.redirect);
1414 ovl_revert_creds(old_cred);
1415 return ERR_PTR(err);
1416 }
1417
ovl_lower_positive(struct dentry * dentry)1418 bool ovl_lower_positive(struct dentry *dentry)
1419 {
1420 struct ovl_entry *poe = OVL_E(dentry->d_parent);
1421 const struct qstr *name = &dentry->d_name;
1422 const struct cred *old_cred;
1423 unsigned int i;
1424 bool positive = false;
1425 bool done = false;
1426
1427 /*
1428 * If dentry is negative, then lower is positive iff this is a
1429 * whiteout.
1430 */
1431 if (!dentry->d_inode)
1432 return ovl_dentry_is_opaque(dentry);
1433
1434 /* Negative upper -> positive lower */
1435 if (!ovl_dentry_upper(dentry))
1436 return true;
1437
1438 old_cred = ovl_override_creds(dentry->d_sb);
1439 /* Positive upper -> have to look up lower to see whether it exists */
1440 for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) {
1441 struct dentry *this;
1442 struct ovl_path *parentpath = &ovl_lowerstack(poe)[i];
1443
1444 /*
1445 * We need to make a non-const copy of dentry->d_name,
1446 * because lookup_one_positive_unlocked() will hash name
1447 * with parentpath base, which is on another (lower fs).
1448 */
1449 this = lookup_one_positive_unlocked(
1450 mnt_idmap(parentpath->layer->mnt),
1451 &QSTR_LEN(name->name, name->len),
1452 parentpath->dentry);
1453 if (IS_ERR(this)) {
1454 switch (PTR_ERR(this)) {
1455 case -ENOENT:
1456 case -ENAMETOOLONG:
1457 break;
1458
1459 default:
1460 /*
1461 * Assume something is there, we just couldn't
1462 * access it.
1463 */
1464 positive = true;
1465 break;
1466 }
1467 } else {
1468 struct path path = {
1469 .dentry = this,
1470 .mnt = parentpath->layer->mnt,
1471 };
1472 positive = !ovl_path_is_whiteout(OVL_FS(dentry->d_sb), &path);
1473 done = true;
1474 dput(this);
1475 }
1476 }
1477 ovl_revert_creds(old_cred);
1478
1479 return positive;
1480 }
1481