1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2011 Novell Inc.
4 * Copyright (C) 2016 Red Hat, Inc.
5 */
6
7 #include <linux/fs.h>
8 #include <linux/cred.h>
9 #include <linux/ctype.h>
10 #include <linux/namei.h>
11 #include <linux/xattr.h>
12 #include <linux/ratelimit.h>
13 #include <linux/mount.h>
14 #include <linux/exportfs.h>
15 #include "overlayfs.h"
16
17 struct ovl_lookup_data {
18 struct super_block *sb;
19 struct dentry *dentry;
20 const struct ovl_layer *layer;
21 struct qstr name;
22 bool is_dir;
23 bool opaque;
24 bool xwhiteouts;
25 bool stop;
26 bool last;
27 char *redirect;
28 char *upperredirect;
29 int metacopy;
30 /* Referring to last redirect xattr */
31 bool absolute_redirect;
32 };
33
ovl_check_redirect(const struct path * path,struct ovl_lookup_data * d,size_t prelen,const char * post)34 static int ovl_check_redirect(const struct path *path, struct ovl_lookup_data *d,
35 size_t prelen, const char *post)
36 {
37 int res;
38 char *buf;
39 struct ovl_fs *ofs = OVL_FS(d->sb);
40
41 d->absolute_redirect = false;
42 buf = ovl_get_redirect_xattr(ofs, path, prelen + strlen(post));
43 if (IS_ERR_OR_NULL(buf))
44 return PTR_ERR(buf);
45
46 if (buf[0] == '/') {
47 d->absolute_redirect = true;
48 /*
49 * One of the ancestor path elements in an absolute path
50 * lookup in ovl_lookup_layer() could have been opaque and
51 * that will stop further lookup in lower layers (d->stop=true)
52 * But we have found an absolute redirect in descendant path
53 * element and that should force continue lookup in lower
54 * layers (reset d->stop).
55 */
56 d->stop = false;
57 } else {
58 res = strlen(buf) + 1;
59 memmove(buf + prelen, buf, res);
60 memcpy(buf, d->name.name, prelen);
61 }
62
63 strcat(buf, post);
64 kfree(d->redirect);
65 d->redirect = buf;
66 d->name.name = d->redirect;
67 d->name.len = strlen(d->redirect);
68
69 return 0;
70 }
71
ovl_acceptable(void * ctx,struct dentry * dentry)72 static int ovl_acceptable(void *ctx, struct dentry *dentry)
73 {
74 /*
75 * A non-dir origin may be disconnected, which is fine, because
76 * we only need it for its unique inode number.
77 */
78 if (!d_is_dir(dentry))
79 return 1;
80
81 /* Don't decode a deleted empty directory */
82 if (d_unhashed(dentry))
83 return 0;
84
85 /* Check if directory belongs to the layer we are decoding from */
86 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
87 }
88
89 /*
90 * Check validity of an overlay file handle buffer.
91 *
92 * Return 0 for a valid file handle.
93 * Return -ENODATA for "origin unknown".
94 * Return <0 for an invalid file handle.
95 */
ovl_check_fb_len(struct ovl_fb * fb,int fb_len)96 int ovl_check_fb_len(struct ovl_fb *fb, int fb_len)
97 {
98 if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len)
99 return -EINVAL;
100
101 if (fb->magic != OVL_FH_MAGIC)
102 return -EINVAL;
103
104 /* Treat larger version and unknown flags as "origin unknown" */
105 if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL)
106 return -ENODATA;
107
108 /* Treat endianness mismatch as "origin unknown" */
109 if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
110 (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
111 return -ENODATA;
112
113 return 0;
114 }
115
ovl_get_fh(struct ovl_fs * ofs,struct dentry * upperdentry,enum ovl_xattr ox)116 static struct ovl_fh *ovl_get_fh(struct ovl_fs *ofs, struct dentry *upperdentry,
117 enum ovl_xattr ox)
118 {
119 int res, err;
120 struct ovl_fh *fh = NULL;
121
122 res = ovl_getxattr_upper(ofs, upperdentry, ox, NULL, 0);
123 if (res < 0) {
124 if (res == -ENODATA || res == -EOPNOTSUPP)
125 return NULL;
126 goto fail;
127 }
128 /* Zero size value means "copied up but origin unknown" */
129 if (res == 0)
130 return NULL;
131
132 fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
133 if (!fh)
134 return ERR_PTR(-ENOMEM);
135
136 res = ovl_getxattr_upper(ofs, upperdentry, ox, fh->buf, res);
137 if (res < 0)
138 goto fail;
139
140 err = ovl_check_fb_len(&fh->fb, res);
141 if (err < 0) {
142 if (err == -ENODATA)
143 goto out;
144 goto invalid;
145 }
146
147 return fh;
148
149 out:
150 kfree(fh);
151 return NULL;
152
153 fail:
154 pr_warn_ratelimited("failed to get origin (%i)\n", res);
155 goto out;
156 invalid:
157 pr_warn_ratelimited("invalid origin (%*phN)\n", res, fh);
158 goto out;
159 }
160
ovl_decode_real_fh(struct ovl_fs * ofs,struct ovl_fh * fh,struct vfsmount * mnt,bool connected)161 struct dentry *ovl_decode_real_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
162 struct vfsmount *mnt, bool connected)
163 {
164 struct dentry *real;
165 int bytes;
166
167 if (!capable(CAP_DAC_READ_SEARCH))
168 return NULL;
169
170 /*
171 * Make sure that the stored uuid matches the uuid of the lower
172 * layer where file handle will be decoded.
173 * In case of uuid=off option just make sure that stored uuid is null.
174 */
175 if (ovl_origin_uuid(ofs) ?
176 !uuid_equal(&fh->fb.uuid, &mnt->mnt_sb->s_uuid) :
177 !uuid_is_null(&fh->fb.uuid))
178 return NULL;
179
180 bytes = (fh->fb.len - offsetof(struct ovl_fb, fid));
181 real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid,
182 bytes >> 2, (int)fh->fb.type,
183 connected ? ovl_acceptable : NULL, mnt);
184 if (IS_ERR(real)) {
185 /*
186 * Treat stale file handle to lower file as "origin unknown".
187 * upper file handle could become stale when upper file is
188 * unlinked and this information is needed to handle stale
189 * index entries correctly.
190 */
191 if (real == ERR_PTR(-ESTALE) &&
192 !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER))
193 real = NULL;
194 return real;
195 }
196
197 if (ovl_dentry_weird(real)) {
198 dput(real);
199 return NULL;
200 }
201
202 return real;
203 }
204
ovl_lookup_positive_unlocked(struct ovl_lookup_data * d,const char * name,struct dentry * base,int len,bool drop_negative)205 static struct dentry *ovl_lookup_positive_unlocked(struct ovl_lookup_data *d,
206 const char *name,
207 struct dentry *base, int len,
208 bool drop_negative)
209 {
210 struct dentry *ret = lookup_one_unlocked(mnt_idmap(d->layer->mnt),
211 &QSTR_LEN(name, len), base);
212
213 if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
214 if (drop_negative && ret->d_lockref.count == 1) {
215 spin_lock(&ret->d_lock);
216 /* Recheck condition under lock */
217 if (d_is_negative(ret) && ret->d_lockref.count == 1)
218 __d_drop(ret);
219 spin_unlock(&ret->d_lock);
220 }
221 dput(ret);
222 ret = ERR_PTR(-ENOENT);
223 }
224 return ret;
225 }
226
ovl_lookup_single(struct dentry * base,struct ovl_lookup_data * d,const char * name,unsigned int namelen,size_t prelen,const char * post,struct dentry ** ret,bool drop_negative)227 static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
228 const char *name, unsigned int namelen,
229 size_t prelen, const char *post,
230 struct dentry **ret, bool drop_negative)
231 {
232 struct ovl_fs *ofs = OVL_FS(d->sb);
233 struct dentry *this;
234 struct path path;
235 int err;
236 bool last_element = !post[0];
237 bool is_upper = d->layer->idx == 0;
238 char val;
239
240 this = ovl_lookup_positive_unlocked(d, name, base, namelen, drop_negative);
241 if (IS_ERR(this)) {
242 err = PTR_ERR(this);
243 this = NULL;
244 if (err == -ENOENT || err == -ENAMETOOLONG)
245 goto out;
246 goto out_err;
247 }
248
249 if (ovl_dentry_weird(this)) {
250 /* Don't support traversing automounts and other weirdness */
251 err = -EREMOTE;
252 goto out_err;
253 }
254
255 path.dentry = this;
256 path.mnt = d->layer->mnt;
257 if (ovl_path_is_whiteout(ofs, &path)) {
258 d->stop = d->opaque = true;
259 goto put_and_out;
260 }
261 /*
262 * This dentry should be a regular file if previous layer lookup
263 * found a metacopy dentry.
264 */
265 if (last_element && d->metacopy && !d_is_reg(this)) {
266 d->stop = true;
267 goto put_and_out;
268 }
269
270 if (!d_can_lookup(this)) {
271 if (d->is_dir || !last_element) {
272 d->stop = true;
273 goto put_and_out;
274 }
275 err = ovl_check_metacopy_xattr(ofs, &path, NULL);
276 if (err < 0)
277 goto out_err;
278
279 d->metacopy = err;
280 d->stop = !d->metacopy;
281 if (!d->metacopy || d->last)
282 goto out;
283 } else {
284 if (ovl_lookup_trap_inode(d->sb, this)) {
285 /* Caught in a trap of overlapping layers */
286 err = -ELOOP;
287 goto out_err;
288 }
289
290 if (last_element)
291 d->is_dir = true;
292 if (d->last)
293 goto out;
294
295 /* overlay.opaque=x means xwhiteouts directory */
296 val = ovl_get_opaquedir_val(ofs, &path);
297 if (last_element && !is_upper && val == 'x') {
298 d->xwhiteouts = true;
299 ovl_layer_set_xwhiteouts(ofs, d->layer);
300 } else if (val == 'y') {
301 d->stop = true;
302 if (last_element)
303 d->opaque = true;
304 goto out;
305 }
306 }
307 err = ovl_check_redirect(&path, d, prelen, post);
308 if (err)
309 goto out_err;
310 out:
311 *ret = this;
312 return 0;
313
314 put_and_out:
315 dput(this);
316 this = NULL;
317 goto out;
318
319 out_err:
320 dput(this);
321 return err;
322 }
323
ovl_lookup_layer(struct dentry * base,struct ovl_lookup_data * d,struct dentry ** ret,bool drop_negative)324 static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
325 struct dentry **ret, bool drop_negative)
326 {
327 /* Counting down from the end, since the prefix can change */
328 size_t rem = d->name.len - 1;
329 struct dentry *dentry = NULL;
330 int err;
331
332 if (d->name.name[0] != '/')
333 return ovl_lookup_single(base, d, d->name.name, d->name.len,
334 0, "", ret, drop_negative);
335
336 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
337 const char *s = d->name.name + d->name.len - rem;
338 const char *next = strchrnul(s, '/');
339 size_t thislen = next - s;
340 bool end = !next[0];
341
342 /* Verify we did not go off the rails */
343 if (WARN_ON(s[-1] != '/'))
344 return -EIO;
345
346 err = ovl_lookup_single(base, d, s, thislen,
347 d->name.len - rem, next, &base,
348 drop_negative);
349 dput(dentry);
350 if (err)
351 return err;
352 dentry = base;
353 if (end)
354 break;
355
356 rem -= thislen + 1;
357
358 if (WARN_ON(rem >= d->name.len))
359 return -EIO;
360 }
361 *ret = dentry;
362 return 0;
363 }
364
ovl_lookup_data_layer(struct dentry * dentry,const char * redirect,const struct ovl_layer * layer,struct path * datapath)365 static int ovl_lookup_data_layer(struct dentry *dentry, const char *redirect,
366 const struct ovl_layer *layer,
367 struct path *datapath)
368 {
369 int err;
370
371 err = vfs_path_lookup(layer->mnt->mnt_root, layer->mnt, redirect,
372 LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | LOOKUP_NO_XDEV,
373 datapath);
374 pr_debug("lookup lowerdata (%pd2, redirect=\"%s\", layer=%d, err=%i)\n",
375 dentry, redirect, layer->idx, err);
376
377 if (err)
378 return err;
379
380 err = -EREMOTE;
381 if (ovl_dentry_weird(datapath->dentry))
382 goto out_path_put;
383
384 err = -ENOENT;
385 /* Only regular file is acceptable as lower data */
386 if (!d_is_reg(datapath->dentry))
387 goto out_path_put;
388
389 return 0;
390
391 out_path_put:
392 path_put(datapath);
393
394 return err;
395 }
396
397 /* Lookup in data-only layers by absolute redirect to layer root */
ovl_lookup_data_layers(struct dentry * dentry,const char * redirect,struct ovl_path * lowerdata)398 static int ovl_lookup_data_layers(struct dentry *dentry, const char *redirect,
399 struct ovl_path *lowerdata)
400 {
401 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
402 const struct ovl_layer *layer;
403 struct path datapath;
404 int err = -ENOENT;
405 int i;
406
407 layer = &ofs->layers[ofs->numlayer - ofs->numdatalayer];
408 for (i = 0; i < ofs->numdatalayer; i++, layer++) {
409 err = ovl_lookup_data_layer(dentry, redirect, layer, &datapath);
410 if (!err) {
411 mntput(datapath.mnt);
412 lowerdata->dentry = datapath.dentry;
413 lowerdata->layer = layer;
414 return 0;
415 }
416 }
417
418 return err;
419 }
420
ovl_check_origin_fh(struct ovl_fs * ofs,struct ovl_fh * fh,bool connected,struct dentry * upperdentry,struct ovl_path ** stackp)421 int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
422 struct dentry *upperdentry, struct ovl_path **stackp)
423 {
424 struct dentry *origin = NULL;
425 int i;
426
427 for (i = 1; i <= ovl_numlowerlayer(ofs); i++) {
428 /*
429 * If lower fs uuid is not unique among lower fs we cannot match
430 * fh->uuid to layer.
431 */
432 if (ofs->layers[i].fsid &&
433 ofs->layers[i].fs->bad_uuid)
434 continue;
435
436 origin = ovl_decode_real_fh(ofs, fh, ofs->layers[i].mnt,
437 connected);
438 if (origin)
439 break;
440 }
441
442 if (!origin)
443 return -ESTALE;
444 else if (IS_ERR(origin))
445 return PTR_ERR(origin);
446
447 if (upperdentry && !ovl_upper_is_whiteout(ofs, upperdentry) &&
448 inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode))
449 goto invalid;
450
451 if (!*stackp)
452 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
453 if (!*stackp) {
454 dput(origin);
455 return -ENOMEM;
456 }
457 **stackp = (struct ovl_path){
458 .dentry = origin,
459 .layer = &ofs->layers[i]
460 };
461
462 return 0;
463
464 invalid:
465 pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
466 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
467 d_inode(origin)->i_mode & S_IFMT);
468 dput(origin);
469 return -ESTALE;
470 }
471
ovl_check_origin(struct ovl_fs * ofs,struct dentry * upperdentry,struct ovl_path ** stackp)472 static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
473 struct ovl_path **stackp)
474 {
475 struct ovl_fh *fh = ovl_get_fh(ofs, upperdentry, OVL_XATTR_ORIGIN);
476 int err;
477
478 if (IS_ERR_OR_NULL(fh))
479 return PTR_ERR(fh);
480
481 err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp);
482 kfree(fh);
483
484 if (err) {
485 if (err == -ESTALE)
486 return 0;
487 return err;
488 }
489
490 return 0;
491 }
492
493 /*
494 * Verify that @fh matches the file handle stored in xattr @name.
495 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
496 */
ovl_verify_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh)497 static int ovl_verify_fh(struct ovl_fs *ofs, struct dentry *dentry,
498 enum ovl_xattr ox, const struct ovl_fh *fh)
499 {
500 struct ovl_fh *ofh = ovl_get_fh(ofs, dentry, ox);
501 int err = 0;
502
503 if (!ofh)
504 return -ENODATA;
505
506 if (IS_ERR(ofh))
507 return PTR_ERR(ofh);
508
509 if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len))
510 err = -ESTALE;
511
512 kfree(ofh);
513 return err;
514 }
515
ovl_verify_set_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh,bool is_upper,bool set)516 int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry,
517 enum ovl_xattr ox, const struct ovl_fh *fh,
518 bool is_upper, bool set)
519 {
520 int err;
521
522 err = ovl_verify_fh(ofs, dentry, ox, fh);
523 if (set && err == -ENODATA)
524 err = ovl_setxattr(ofs, dentry, ox, fh->buf, fh->fb.len);
525
526 return err;
527 }
528
529 /*
530 * Verify that @real dentry matches the file handle stored in xattr @name.
531 *
532 * If @set is true and there is no stored file handle, encode @real and store
533 * file handle in xattr @name.
534 *
535 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
536 */
ovl_verify_origin_xattr(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,struct dentry * real,bool is_upper,bool set)537 int ovl_verify_origin_xattr(struct ovl_fs *ofs, struct dentry *dentry,
538 enum ovl_xattr ox, struct dentry *real,
539 bool is_upper, bool set)
540 {
541 struct inode *inode;
542 struct ovl_fh *fh;
543 int err;
544
545 fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper);
546 err = PTR_ERR(fh);
547 if (IS_ERR(fh)) {
548 fh = NULL;
549 goto fail;
550 }
551
552 err = ovl_verify_set_fh(ofs, dentry, ox, fh, is_upper, set);
553 if (err)
554 goto fail;
555
556 out:
557 kfree(fh);
558 return err;
559
560 fail:
561 inode = d_inode(real);
562 pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n",
563 is_upper ? "upper" : "origin", real,
564 inode ? inode->i_ino : 0, err);
565 goto out;
566 }
567
568
569 /* Get upper dentry from index */
ovl_index_upper(struct ovl_fs * ofs,struct dentry * index,bool connected)570 struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index,
571 bool connected)
572 {
573 struct ovl_fh *fh;
574 struct dentry *upper;
575
576 if (!d_is_dir(index))
577 return dget(index);
578
579 fh = ovl_get_fh(ofs, index, OVL_XATTR_UPPER);
580 if (IS_ERR_OR_NULL(fh))
581 return ERR_CAST(fh);
582
583 upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), connected);
584 kfree(fh);
585
586 if (IS_ERR_OR_NULL(upper))
587 return upper ?: ERR_PTR(-ESTALE);
588
589 if (!d_is_dir(upper)) {
590 pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n",
591 index, upper);
592 dput(upper);
593 return ERR_PTR(-EIO);
594 }
595
596 return upper;
597 }
598
599 /*
600 * Verify that an index entry name matches the origin file handle stored in
601 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
602 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
603 */
ovl_verify_index(struct ovl_fs * ofs,struct dentry * index)604 int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
605 {
606 struct ovl_fh *fh = NULL;
607 size_t len;
608 struct ovl_path origin = { };
609 struct ovl_path *stack = &origin;
610 struct dentry *upper = NULL;
611 int err;
612
613 if (!d_inode(index))
614 return 0;
615
616 err = -EINVAL;
617 if (index->d_name.len < sizeof(struct ovl_fb)*2)
618 goto fail;
619
620 err = -ENOMEM;
621 len = index->d_name.len / 2;
622 fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
623 if (!fh)
624 goto fail;
625
626 err = -EINVAL;
627 if (hex2bin(fh->buf, index->d_name.name, len))
628 goto fail;
629
630 err = ovl_check_fb_len(&fh->fb, len);
631 if (err)
632 goto fail;
633
634 /*
635 * Whiteout index entries are used as an indication that an exported
636 * overlay file handle should be treated as stale (i.e. after unlink
637 * of the overlay inode). These entries contain no origin xattr.
638 */
639 if (ovl_is_whiteout(index))
640 goto out;
641
642 /*
643 * Verifying directory index entries are not stale is expensive, so
644 * only verify stale dir index if NFS export is enabled.
645 */
646 if (d_is_dir(index) && !ofs->config.nfs_export)
647 goto out;
648
649 /*
650 * Directory index entries should have 'upper' xattr pointing to the
651 * real upper dir. Non-dir index entries are hardlinks to the upper
652 * real inode. For non-dir index, we can read the copy up origin xattr
653 * directly from the index dentry, but for dir index we first need to
654 * decode the upper directory.
655 */
656 upper = ovl_index_upper(ofs, index, false);
657 if (IS_ERR_OR_NULL(upper)) {
658 err = PTR_ERR(upper);
659 /*
660 * Directory index entries with no 'upper' xattr need to be
661 * removed. When dir index entry has a stale 'upper' xattr,
662 * we assume that upper dir was removed and we treat the dir
663 * index as orphan entry that needs to be whited out.
664 */
665 if (err == -ESTALE)
666 goto orphan;
667 else if (!err)
668 err = -ESTALE;
669 goto fail;
670 }
671
672 err = ovl_verify_fh(ofs, upper, OVL_XATTR_ORIGIN, fh);
673 dput(upper);
674 if (err)
675 goto fail;
676
677 /* Check if non-dir index is orphan and don't warn before cleaning it */
678 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
679 err = ovl_check_origin_fh(ofs, fh, false, index, &stack);
680 if (err)
681 goto fail;
682
683 if (ovl_get_nlink(ofs, origin.dentry, index, 0) == 0)
684 goto orphan;
685 }
686
687 out:
688 dput(origin.dentry);
689 kfree(fh);
690 return err;
691
692 fail:
693 pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n",
694 index, d_inode(index)->i_mode & S_IFMT, err);
695 goto out;
696
697 orphan:
698 pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
699 index, d_inode(index)->i_mode & S_IFMT,
700 d_inode(index)->i_nlink);
701 err = -ENOENT;
702 goto out;
703 }
704
ovl_get_index_name_fh(const struct ovl_fh * fh,struct qstr * name)705 int ovl_get_index_name_fh(const struct ovl_fh *fh, struct qstr *name)
706 {
707 char *n, *s;
708
709 n = kcalloc(fh->fb.len, 2, GFP_KERNEL);
710 if (!n)
711 return -ENOMEM;
712
713 s = bin2hex(n, fh->buf, fh->fb.len);
714 *name = (struct qstr) QSTR_INIT(n, s - n);
715
716 return 0;
717
718 }
719
720 /*
721 * Lookup in indexdir for the index entry of a lower real inode or a copy up
722 * origin inode. The index entry name is the hex representation of the lower
723 * inode file handle.
724 *
725 * If the index dentry in negative, then either no lower aliases have been
726 * copied up yet, or aliases have been copied up in older kernels and are
727 * not indexed.
728 *
729 * If the index dentry for a copy up origin inode is positive, but points
730 * to an inode different than the upper inode, then either the upper inode
731 * has been copied up and not indexed or it was indexed, but since then
732 * index dir was cleared. Either way, that index cannot be used to identify
733 * the overlay inode.
734 */
ovl_get_index_name(struct ovl_fs * ofs,struct dentry * origin,struct qstr * name)735 int ovl_get_index_name(struct ovl_fs *ofs, struct dentry *origin,
736 struct qstr *name)
737 {
738 struct ovl_fh *fh;
739 int err;
740
741 fh = ovl_encode_real_fh(ofs, d_inode(origin), false);
742 if (IS_ERR(fh))
743 return PTR_ERR(fh);
744
745 err = ovl_get_index_name_fh(fh, name);
746
747 kfree(fh);
748 return err;
749 }
750
751 /* Lookup index by file handle for NFS export */
ovl_get_index_fh(struct ovl_fs * ofs,struct ovl_fh * fh)752 struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
753 {
754 struct dentry *index;
755 struct qstr name;
756 int err;
757
758 err = ovl_get_index_name_fh(fh, &name);
759 if (err)
760 return ERR_PTR(err);
761
762 index = lookup_noperm_positive_unlocked(&name, ofs->workdir);
763 kfree(name.name);
764 if (IS_ERR(index)) {
765 if (PTR_ERR(index) == -ENOENT)
766 index = NULL;
767 return index;
768 }
769
770 if (ovl_is_whiteout(index))
771 err = -ESTALE;
772 else if (ovl_dentry_weird(index))
773 err = -EIO;
774 else
775 return index;
776
777 dput(index);
778 return ERR_PTR(err);
779 }
780
ovl_lookup_index(struct ovl_fs * ofs,struct dentry * upper,struct dentry * origin,bool verify)781 struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
782 struct dentry *origin, bool verify)
783 {
784 struct dentry *index;
785 struct inode *inode;
786 struct qstr name;
787 bool is_dir = d_is_dir(origin);
788 int err;
789
790 err = ovl_get_index_name(ofs, origin, &name);
791 if (err)
792 return ERR_PTR(err);
793
794 index = lookup_one_positive_unlocked(ovl_upper_mnt_idmap(ofs), &name,
795 ofs->workdir);
796 if (IS_ERR(index)) {
797 err = PTR_ERR(index);
798 if (err == -ENOENT) {
799 index = NULL;
800 goto out;
801 }
802 pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n"
803 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
804 d_inode(origin)->i_ino, name.len, name.name,
805 err);
806 goto out;
807 }
808
809 inode = d_inode(index);
810 if (ovl_is_whiteout(index) && !verify) {
811 /*
812 * When index lookup is called with !verify for decoding an
813 * overlay file handle, a whiteout index implies that decode
814 * should treat file handle as stale and no need to print a
815 * warning about it.
816 */
817 dput(index);
818 index = ERR_PTR(-ESTALE);
819 goto out;
820 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
821 inode_wrong_type(inode, d_inode(origin)->i_mode)) {
822 /*
823 * Index should always be of the same file type as origin
824 * except for the case of a whiteout index. A whiteout
825 * index should only exist if all lower aliases have been
826 * unlinked, which means that finding a lower origin on lookup
827 * whose index is a whiteout should be treated as an error.
828 */
829 pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
830 index, d_inode(index)->i_mode & S_IFMT,
831 d_inode(origin)->i_mode & S_IFMT);
832 goto fail;
833 } else if (is_dir && verify) {
834 if (!upper) {
835 pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
836 origin, index);
837 goto fail;
838 }
839
840 /* Verify that dir index 'upper' xattr points to upper dir */
841 err = ovl_verify_upper(ofs, index, upper, false);
842 if (err) {
843 if (err == -ESTALE) {
844 pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
845 upper, origin, index);
846 }
847 goto fail;
848 }
849 } else if (upper && d_inode(upper) != inode) {
850 goto out_dput;
851 }
852 out:
853 kfree(name.name);
854 return index;
855
856 out_dput:
857 dput(index);
858 index = NULL;
859 goto out;
860
861 fail:
862 dput(index);
863 index = ERR_PTR(-EIO);
864 goto out;
865 }
866
867 /*
868 * Returns next layer in stack starting from top.
869 * Returns -1 if this is the last layer.
870 */
ovl_path_next(int idx,struct dentry * dentry,struct path * path,const struct ovl_layer ** layer)871 int ovl_path_next(int idx, struct dentry *dentry, struct path *path,
872 const struct ovl_layer **layer)
873 {
874 struct ovl_entry *oe = OVL_E(dentry);
875 struct ovl_path *lowerstack = ovl_lowerstack(oe);
876
877 BUG_ON(idx < 0);
878 if (idx == 0) {
879 ovl_path_upper(dentry, path);
880 if (path->dentry) {
881 *layer = &OVL_FS(dentry->d_sb)->layers[0];
882 return ovl_numlower(oe) ? 1 : -1;
883 }
884 idx++;
885 }
886 BUG_ON(idx > ovl_numlower(oe));
887 path->dentry = lowerstack[idx - 1].dentry;
888 *layer = lowerstack[idx - 1].layer;
889 path->mnt = (*layer)->mnt;
890
891 return (idx < ovl_numlower(oe)) ? idx + 1 : -1;
892 }
893
894 /* Fix missing 'origin' xattr */
ovl_fix_origin(struct ovl_fs * ofs,struct dentry * dentry,struct dentry * lower,struct dentry * upper)895 static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry,
896 struct dentry *lower, struct dentry *upper)
897 {
898 const struct ovl_fh *fh;
899 int err;
900
901 if (ovl_check_origin_xattr(ofs, upper))
902 return 0;
903
904 fh = ovl_get_origin_fh(ofs, lower);
905 if (IS_ERR(fh))
906 return PTR_ERR(fh);
907
908 err = ovl_want_write(dentry);
909 if (err)
910 goto out;
911
912 err = ovl_set_origin_fh(ofs, fh, upper);
913 if (!err)
914 err = ovl_set_impure(dentry->d_parent, upper->d_parent);
915
916 ovl_drop_write(dentry);
917 out:
918 kfree(fh);
919 return err;
920 }
921
ovl_maybe_validate_verity(struct dentry * dentry)922 static int ovl_maybe_validate_verity(struct dentry *dentry)
923 {
924 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
925 struct inode *inode = d_inode(dentry);
926 struct path datapath, metapath;
927 int err;
928
929 if (!ofs->config.verity_mode ||
930 !ovl_is_metacopy_dentry(dentry) ||
931 ovl_test_flag(OVL_VERIFIED_DIGEST, inode))
932 return 0;
933
934 if (!ovl_test_flag(OVL_HAS_DIGEST, inode)) {
935 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) {
936 pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n",
937 dentry);
938 return -EIO;
939 }
940 return 0;
941 }
942
943 ovl_path_lowerdata(dentry, &datapath);
944 if (!datapath.dentry)
945 return -EIO;
946
947 ovl_path_real(dentry, &metapath);
948 if (!metapath.dentry)
949 return -EIO;
950
951 err = ovl_inode_lock_interruptible(inode);
952 if (err)
953 return err;
954
955 if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) {
956 const struct cred *old_cred;
957
958 old_cred = ovl_override_creds(dentry->d_sb);
959
960 err = ovl_validate_verity(ofs, &metapath, &datapath);
961 if (err == 0)
962 ovl_set_flag(OVL_VERIFIED_DIGEST, inode);
963
964 ovl_revert_creds(old_cred);
965 }
966
967 ovl_inode_unlock(inode);
968
969 return err;
970 }
971
972 /* Lazy lookup of lowerdata */
ovl_maybe_lookup_lowerdata(struct dentry * dentry)973 static int ovl_maybe_lookup_lowerdata(struct dentry *dentry)
974 {
975 struct inode *inode = d_inode(dentry);
976 const char *redirect = ovl_lowerdata_redirect(inode);
977 struct ovl_path datapath = {};
978 const struct cred *old_cred;
979 int err;
980
981 if (!redirect || ovl_dentry_lowerdata(dentry))
982 return 0;
983
984 if (redirect[0] != '/')
985 return -EIO;
986
987 err = ovl_inode_lock_interruptible(inode);
988 if (err)
989 return err;
990
991 err = 0;
992 /* Someone got here before us? */
993 if (ovl_dentry_lowerdata(dentry))
994 goto out;
995
996 old_cred = ovl_override_creds(dentry->d_sb);
997 err = ovl_lookup_data_layers(dentry, redirect, &datapath);
998 ovl_revert_creds(old_cred);
999 if (err)
1000 goto out_err;
1001
1002 err = ovl_dentry_set_lowerdata(dentry, &datapath);
1003 if (err)
1004 goto out_err;
1005
1006 out:
1007 ovl_inode_unlock(inode);
1008 dput(datapath.dentry);
1009
1010 return err;
1011
1012 out_err:
1013 pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n",
1014 dentry, err);
1015 goto out;
1016 }
1017
ovl_verify_lowerdata(struct dentry * dentry)1018 int ovl_verify_lowerdata(struct dentry *dentry)
1019 {
1020 int err;
1021
1022 err = ovl_maybe_lookup_lowerdata(dentry);
1023 if (err)
1024 return err;
1025
1026 return ovl_maybe_validate_verity(dentry);
1027 }
1028
1029 /*
1030 * Following redirects/metacopy can have security consequences: it's like a
1031 * symlink into the lower layer without the permission checks.
1032 *
1033 * This is only a problem if the upper layer is untrusted (e.g comes from an USB
1034 * drive). This can allow a non-readable file or directory to become readable.
1035 *
1036 * Only following redirects when redirects are enabled disables this attack
1037 * vector when not necessary.
1038 */
ovl_check_follow_redirect(struct ovl_lookup_data * d)1039 static bool ovl_check_follow_redirect(struct ovl_lookup_data *d)
1040 {
1041 struct ovl_fs *ofs = OVL_FS(d->sb);
1042
1043 if (d->metacopy && !ofs->config.metacopy) {
1044 pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", d->dentry);
1045 return false;
1046 }
1047 if ((d->redirect || d->upperredirect) && !ovl_redirect_follow(ofs)) {
1048 pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", d->dentry);
1049 return false;
1050 }
1051 return true;
1052 }
1053
ovl_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)1054 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
1055 unsigned int flags)
1056 {
1057 struct ovl_entry *oe = NULL;
1058 const struct cred *old_cred;
1059 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
1060 struct ovl_entry *poe = OVL_E(dentry->d_parent);
1061 struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root);
1062 struct ovl_path *stack = NULL, *origin_path = NULL;
1063 struct dentry *upperdir, *upperdentry = NULL;
1064 struct dentry *origin = NULL;
1065 struct dentry *index = NULL;
1066 unsigned int ctr = 0;
1067 struct inode *inode = NULL;
1068 bool upperopaque = false;
1069 bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer);
1070 struct dentry *this;
1071 unsigned int i;
1072 int err;
1073 bool uppermetacopy = false;
1074 int metacopy_size = 0;
1075 struct ovl_lookup_data d = {
1076 .sb = dentry->d_sb,
1077 .dentry = dentry,
1078 .name = dentry->d_name,
1079 .is_dir = false,
1080 .opaque = false,
1081 .stop = false,
1082 .last = check_redirect ? false : !ovl_numlower(poe),
1083 .redirect = NULL,
1084 .upperredirect = NULL,
1085 .metacopy = 0,
1086 };
1087
1088 if (dentry->d_name.len > ofs->namelen)
1089 return ERR_PTR(-ENAMETOOLONG);
1090
1091 old_cred = ovl_override_creds(dentry->d_sb);
1092 upperdir = ovl_dentry_upper(dentry->d_parent);
1093 if (upperdir) {
1094 d.layer = &ofs->layers[0];
1095 err = ovl_lookup_layer(upperdir, &d, &upperdentry, true);
1096 if (err)
1097 goto out;
1098
1099 if (upperdentry && upperdentry->d_flags & DCACHE_OP_REAL) {
1100 dput(upperdentry);
1101 err = -EREMOTE;
1102 goto out;
1103 }
1104 if (upperdentry && !d.is_dir) {
1105 /*
1106 * Lookup copy up origin by decoding origin file handle.
1107 * We may get a disconnected dentry, which is fine,
1108 * because we only need to hold the origin inode in
1109 * cache and use its inode number. We may even get a
1110 * connected dentry, that is not under any of the lower
1111 * layers root. That is also fine for using it's inode
1112 * number - it's the same as if we held a reference
1113 * to a dentry in lower layer that was moved under us.
1114 */
1115 err = ovl_check_origin(ofs, upperdentry, &origin_path);
1116 if (err)
1117 goto out_put_upper;
1118
1119 if (d.metacopy)
1120 uppermetacopy = true;
1121 metacopy_size = d.metacopy;
1122 }
1123
1124 if (d.redirect) {
1125 err = -ENOMEM;
1126 d.upperredirect = kstrdup(d.redirect, GFP_KERNEL);
1127 if (!d.upperredirect)
1128 goto out_put_upper;
1129 if (d.redirect[0] == '/')
1130 poe = roe;
1131 }
1132 upperopaque = d.opaque;
1133 }
1134
1135 if (!d.stop && ovl_numlower(poe)) {
1136 err = -ENOMEM;
1137 stack = ovl_stack_alloc(ofs->numlayer - 1);
1138 if (!stack)
1139 goto out_put_upper;
1140 }
1141
1142 for (i = 0; !d.stop && i < ovl_numlower(poe); i++) {
1143 struct ovl_path lower = ovl_lowerstack(poe)[i];
1144
1145 if (!ovl_check_follow_redirect(&d)) {
1146 err = -EPERM;
1147 goto out_put;
1148 }
1149
1150 if (!check_redirect)
1151 d.last = i == ovl_numlower(poe) - 1;
1152 else if (d.is_dir || !ofs->numdatalayer)
1153 d.last = lower.layer->idx == ovl_numlower(roe);
1154
1155 d.layer = lower.layer;
1156 err = ovl_lookup_layer(lower.dentry, &d, &this, false);
1157 if (err)
1158 goto out_put;
1159
1160 if (!this)
1161 continue;
1162
1163 /*
1164 * If no origin fh is stored in upper of a merge dir, store fh
1165 * of lower dir and set upper parent "impure".
1166 */
1167 if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) {
1168 err = ovl_fix_origin(ofs, dentry, this, upperdentry);
1169 if (err) {
1170 dput(this);
1171 goto out_put;
1172 }
1173 }
1174
1175 /*
1176 * When "verify_lower" feature is enabled, do not merge with a
1177 * lower dir that does not match a stored origin xattr. In any
1178 * case, only verified origin is used for index lookup.
1179 *
1180 * For non-dir dentry, if index=on, then ensure origin
1181 * matches the dentry found using path based lookup,
1182 * otherwise error out.
1183 */
1184 if (upperdentry && !ctr &&
1185 ((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
1186 (!d.is_dir && ofs->config.index && origin_path))) {
1187 err = ovl_verify_origin(ofs, upperdentry, this, false);
1188 if (err) {
1189 dput(this);
1190 if (d.is_dir)
1191 break;
1192 goto out_put;
1193 }
1194 origin = this;
1195 }
1196
1197 if (!upperdentry && !d.is_dir && !ctr && d.metacopy)
1198 metacopy_size = d.metacopy;
1199
1200 if (d.metacopy && ctr) {
1201 /*
1202 * Do not store intermediate metacopy dentries in
1203 * lower chain, except top most lower metacopy dentry.
1204 * Continue the loop so that if there is an absolute
1205 * redirect on this dentry, poe can be reset to roe.
1206 */
1207 dput(this);
1208 this = NULL;
1209 } else {
1210 stack[ctr].dentry = this;
1211 stack[ctr].layer = lower.layer;
1212 ctr++;
1213 }
1214
1215 if (d.stop)
1216 break;
1217
1218 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
1219 poe = roe;
1220 /* Find the current layer on the root dentry */
1221 i = lower.layer->idx - 1;
1222 }
1223 }
1224
1225 /*
1226 * Defer lookup of lowerdata in data-only layers to first access.
1227 * Don't require redirect=follow and metacopy=on in this case.
1228 */
1229 if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) {
1230 d.metacopy = 0;
1231 ctr++;
1232 } else if (!ovl_check_follow_redirect(&d)) {
1233 err = -EPERM;
1234 goto out_put;
1235 }
1236
1237 /*
1238 * For regular non-metacopy upper dentries, there is no lower
1239 * path based lookup, hence ctr will be zero. If a dentry is found
1240 * using ORIGIN xattr on upper, install it in stack.
1241 *
1242 * For metacopy dentry, path based lookup will find lower dentries.
1243 * Just make sure a corresponding data dentry has been found.
1244 */
1245 if (d.metacopy || (uppermetacopy && !ctr)) {
1246 pr_warn_ratelimited("metacopy with no lower data found - abort lookup (%pd2)\n",
1247 dentry);
1248 err = -EIO;
1249 goto out_put;
1250 } else if (!d.is_dir && upperdentry && !ctr && origin_path) {
1251 if (WARN_ON(stack != NULL)) {
1252 err = -EIO;
1253 goto out_put;
1254 }
1255 stack = origin_path;
1256 ctr = 1;
1257 origin = origin_path->dentry;
1258 origin_path = NULL;
1259 }
1260
1261 /*
1262 * Always lookup index if there is no-upperdentry.
1263 *
1264 * For the case of upperdentry, we have set origin by now if it
1265 * needed to be set. There are basically three cases.
1266 *
1267 * For directories, lookup index by lower inode and verify it matches
1268 * upper inode. We only trust dir index if we verified that lower dir
1269 * matches origin, otherwise dir index entries may be inconsistent
1270 * and we ignore them.
1271 *
1272 * For regular upper, we already set origin if upper had ORIGIN
1273 * xattr. There is no verification though as there is no path
1274 * based dentry lookup in lower in this case.
1275 *
1276 * For metacopy upper, we set a verified origin already if index
1277 * is enabled and if upper had an ORIGIN xattr.
1278 *
1279 */
1280 if (!upperdentry && ctr)
1281 origin = stack[0].dentry;
1282
1283 if (origin && ovl_indexdir(dentry->d_sb) &&
1284 (!d.is_dir || ovl_index_all(dentry->d_sb))) {
1285 index = ovl_lookup_index(ofs, upperdentry, origin, true);
1286 if (IS_ERR(index)) {
1287 err = PTR_ERR(index);
1288 index = NULL;
1289 goto out_put;
1290 }
1291 }
1292
1293 if (ctr) {
1294 oe = ovl_alloc_entry(ctr);
1295 err = -ENOMEM;
1296 if (!oe)
1297 goto out_put;
1298
1299 ovl_stack_cpy(ovl_lowerstack(oe), stack, ctr);
1300 }
1301
1302 if (upperopaque)
1303 ovl_dentry_set_opaque(dentry);
1304 if (d.xwhiteouts)
1305 ovl_dentry_set_xwhiteouts(dentry);
1306
1307 if (upperdentry)
1308 ovl_dentry_set_upper_alias(dentry);
1309 else if (index) {
1310 struct path upperpath = {
1311 .dentry = upperdentry = dget(index),
1312 .mnt = ovl_upper_mnt(ofs),
1313 };
1314
1315 /*
1316 * It's safe to assign upperredirect here: the previous
1317 * assignment happens only if upperdentry is non-NULL, and
1318 * this one only if upperdentry is NULL.
1319 */
1320 d.upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
1321 if (IS_ERR(d.upperredirect)) {
1322 err = PTR_ERR(d.upperredirect);
1323 d.upperredirect = NULL;
1324 goto out_free_oe;
1325 }
1326
1327 err = ovl_check_metacopy_xattr(ofs, &upperpath, NULL);
1328 if (err < 0)
1329 goto out_free_oe;
1330 d.metacopy = uppermetacopy = err;
1331 metacopy_size = err;
1332
1333 if (!ovl_check_follow_redirect(&d)) {
1334 err = -EPERM;
1335 goto out_free_oe;
1336 }
1337 }
1338
1339 if (upperdentry || ctr) {
1340 struct ovl_inode_params oip = {
1341 .upperdentry = upperdentry,
1342 .oe = oe,
1343 .index = index,
1344 .redirect = d.upperredirect,
1345 };
1346
1347 /* Store lowerdata redirect for lazy lookup */
1348 if (ctr > 1 && !d.is_dir && !stack[ctr - 1].dentry) {
1349 oip.lowerdata_redirect = d.redirect;
1350 d.redirect = NULL;
1351 }
1352 inode = ovl_get_inode(dentry->d_sb, &oip);
1353 err = PTR_ERR(inode);
1354 if (IS_ERR(inode))
1355 goto out_free_oe;
1356 if (upperdentry && !uppermetacopy)
1357 ovl_set_flag(OVL_UPPERDATA, inode);
1358
1359 if (metacopy_size > OVL_METACOPY_MIN_SIZE)
1360 ovl_set_flag(OVL_HAS_DIGEST, inode);
1361 }
1362
1363 ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode));
1364
1365 ovl_revert_creds(old_cred);
1366 if (origin_path) {
1367 dput(origin_path->dentry);
1368 kfree(origin_path);
1369 }
1370 dput(index);
1371 ovl_stack_free(stack, ctr);
1372 kfree(d.redirect);
1373 return d_splice_alias(inode, dentry);
1374
1375 out_free_oe:
1376 ovl_free_entry(oe);
1377 out_put:
1378 dput(index);
1379 ovl_stack_free(stack, ctr);
1380 out_put_upper:
1381 if (origin_path) {
1382 dput(origin_path->dentry);
1383 kfree(origin_path);
1384 }
1385 dput(upperdentry);
1386 kfree(d.upperredirect);
1387 out:
1388 kfree(d.redirect);
1389 ovl_revert_creds(old_cred);
1390 return ERR_PTR(err);
1391 }
1392
ovl_lower_positive(struct dentry * dentry)1393 bool ovl_lower_positive(struct dentry *dentry)
1394 {
1395 struct ovl_entry *poe = OVL_E(dentry->d_parent);
1396 const struct qstr *name = &dentry->d_name;
1397 const struct cred *old_cred;
1398 unsigned int i;
1399 bool positive = false;
1400 bool done = false;
1401
1402 /*
1403 * If dentry is negative, then lower is positive iff this is a
1404 * whiteout.
1405 */
1406 if (!dentry->d_inode)
1407 return ovl_dentry_is_opaque(dentry);
1408
1409 /* Negative upper -> positive lower */
1410 if (!ovl_dentry_upper(dentry))
1411 return true;
1412
1413 old_cred = ovl_override_creds(dentry->d_sb);
1414 /* Positive upper -> have to look up lower to see whether it exists */
1415 for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) {
1416 struct dentry *this;
1417 struct ovl_path *parentpath = &ovl_lowerstack(poe)[i];
1418
1419 /*
1420 * We need to make a non-const copy of dentry->d_name,
1421 * because lookup_one_positive_unlocked() will hash name
1422 * with parentpath base, which is on another (lower fs).
1423 */
1424 this = lookup_one_positive_unlocked(
1425 mnt_idmap(parentpath->layer->mnt),
1426 &QSTR_LEN(name->name, name->len),
1427 parentpath->dentry);
1428 if (IS_ERR(this)) {
1429 switch (PTR_ERR(this)) {
1430 case -ENOENT:
1431 case -ENAMETOOLONG:
1432 break;
1433
1434 default:
1435 /*
1436 * Assume something is there, we just couldn't
1437 * access it.
1438 */
1439 positive = true;
1440 break;
1441 }
1442 } else {
1443 struct path path = {
1444 .dentry = this,
1445 .mnt = parentpath->layer->mnt,
1446 };
1447 positive = !ovl_path_is_whiteout(OVL_FS(dentry->d_sb), &path);
1448 done = true;
1449 dput(this);
1450 }
1451 }
1452 ovl_revert_creds(old_cred);
1453
1454 return positive;
1455 }
1456