xref: /linux/fs/overlayfs/export.c (revision 4eca0ef49af9b2b0c52ef2b58e045ab34629796b)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Overlayfs NFS export support.
4  *
5  * Amir Goldstein <amir73il@gmail.com>
6  *
7  * Copyright (C) 2017-2018 CTERA Networks. All Rights Reserved.
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/cred.h>
12 #include <linux/mount.h>
13 #include <linux/namei.h>
14 #include <linux/xattr.h>
15 #include <linux/exportfs.h>
16 #include <linux/ratelimit.h>
17 #include "overlayfs.h"
18 
19 static int ovl_encode_maybe_copy_up(struct dentry *dentry)
20 {
21 	int err;
22 
23 	if (ovl_dentry_upper(dentry))
24 		return 0;
25 
26 	err = ovl_copy_up(dentry);
27 	if (err) {
28 		pr_warn_ratelimited("failed to copy up on encode (%pd2, err=%i)\n",
29 				    dentry, err);
30 	}
31 
32 	return err;
33 }
34 
35 /*
36  * Before encoding a non-upper directory file handle from real layer N, we need
37  * to check if it will be possible to reconnect an overlay dentry from the real
38  * lower decoded dentry. This is done by following the overlay ancestry up to a
39  * "layer N connected" ancestor and verifying that all parents along the way are
40  * "layer N connectable". If an ancestor that is NOT "layer N connectable" is
41  * found, we need to copy up an ancestor, which is "layer N connectable", thus
42  * making that ancestor "layer N connected". For example:
43  *
44  * layer 1: /a
45  * layer 2: /a/b/c
46  *
47  * The overlay dentry /a is NOT "layer 2 connectable", because if dir /a is
48  * copied up and renamed, upper dir /a will be indexed by lower dir /a from
49  * layer 1. The dir /a from layer 2 will never be indexed, so the algorithm (*)
50  * in ovl_lookup_real_ancestor() will not be able to lookup a connected overlay
51  * dentry from the connected lower dentry /a/b/c.
52  *
53  * To avoid this problem on decode time, we need to copy up an ancestor of
54  * /a/b/c, which is "layer 2 connectable", on encode time. That ancestor is
55  * /a/b. After copy up (and index) of /a/b, it will become "layer 2 connected"
56  * and when the time comes to decode the file handle from lower dentry /a/b/c,
57  * ovl_lookup_real_ancestor() will find the indexed ancestor /a/b and decoding
58  * a connected overlay dentry will be accomplished.
59  *
60  * (*) the algorithm in ovl_lookup_real_ancestor() can be improved to lookup an
61  * entry /a in the lower layers above layer N and find the indexed dir /a from
62  * layer 1. If that improvement is made, then the check for "layer N connected"
63  * will need to verify there are no redirects in lower layers above N. In the
64  * example above, /a will be "layer 2 connectable". However, if layer 2 dir /a
65  * is a target of a layer 1 redirect, then /a will NOT be "layer 2 connectable":
66  *
67  * layer 1: /A (redirect = /a)
68  * layer 2: /a/b/c
69  */
70 
71 /* Return the lowest layer for encoding a connectable file handle */
72 static int ovl_connectable_layer(struct dentry *dentry)
73 {
74 	struct ovl_entry *oe = OVL_E(dentry);
75 
76 	/* We can get overlay root from root of any layer */
77 	if (dentry == dentry->d_sb->s_root)
78 		return ovl_numlower(oe);
79 
80 	/*
81 	 * If it's an unindexed merge dir, then it's not connectable with any
82 	 * lower layer
83 	 */
84 	if (ovl_dentry_upper(dentry) &&
85 	    !ovl_test_flag(OVL_INDEX, d_inode(dentry)))
86 		return 0;
87 
88 	/* We can get upper/overlay path from indexed/lower dentry */
89 	return ovl_lowerstack(oe)->layer->idx;
90 }
91 
92 /*
93  * @dentry is "connected" if all ancestors up to root or a "connected" ancestor
94  * have the same uppermost lower layer as the origin's layer. We may need to
95  * copy up a "connectable" ancestor to make it "connected". A "connected" dentry
96  * cannot become non "connected", so cache positive result in dentry flags.
97  *
98  * Return the connected origin layer or < 0 on error.
99  */
100 static int ovl_connect_layer(struct dentry *dentry)
101 {
102 	struct dentry *next, *parent = NULL;
103 	struct ovl_entry *oe = OVL_E(dentry);
104 	int origin_layer;
105 	int err = 0;
106 
107 	if (WARN_ON(dentry == dentry->d_sb->s_root) ||
108 	    WARN_ON(!ovl_dentry_lower(dentry)))
109 		return -EIO;
110 
111 	origin_layer = ovl_lowerstack(oe)->layer->idx;
112 	if (ovl_dentry_test_flag(OVL_E_CONNECTED, dentry))
113 		return origin_layer;
114 
115 	/* Find the topmost origin layer connectable ancestor of @dentry */
116 	next = dget(dentry);
117 	for (;;) {
118 		parent = dget_parent(next);
119 		if (WARN_ON(parent == next)) {
120 			err = -EIO;
121 			break;
122 		}
123 
124 		/*
125 		 * If @parent is not origin layer connectable, then copy up
126 		 * @next which is origin layer connectable and we are done.
127 		 */
128 		if (ovl_connectable_layer(parent) < origin_layer) {
129 			err = ovl_encode_maybe_copy_up(next);
130 			break;
131 		}
132 
133 		/* If @parent is connected or indexed we are done */
134 		if (ovl_dentry_test_flag(OVL_E_CONNECTED, parent) ||
135 		    ovl_test_flag(OVL_INDEX, d_inode(parent)))
136 			break;
137 
138 		dput(next);
139 		next = parent;
140 	}
141 
142 	dput(parent);
143 	dput(next);
144 
145 	if (!err)
146 		ovl_dentry_set_flag(OVL_E_CONNECTED, dentry);
147 
148 	return err ?: origin_layer;
149 }
150 
151 /*
152  * We only need to encode origin if there is a chance that the same object was
153  * encoded pre copy up and then we need to stay consistent with the same
154  * encoding also after copy up. If non-pure upper is not indexed, then it was
155  * copied up before NFS export was enabled. In that case we don't need to worry
156  * about staying consistent with pre copy up encoding and we encode an upper
157  * file handle. Overlay root dentry is a private case of non-indexed upper.
158  *
159  * The following table summarizes the different file handle encodings used for
160  * different overlay object types:
161  *
162  *  Object type		| Encoding
163  * --------------------------------
164  *  Pure upper		| U
165  *  Non-indexed upper	| U
166  *  Indexed upper	| L (*)
167  *  Non-upper		| L (*)
168  *
169  * U = upper file handle
170  * L = lower file handle
171  *
172  * (*) Decoding a connected overlay dir from real lower dentry is not always
173  * possible when there are redirects in lower layers and non-indexed merge dirs.
174  * To mitigate those case, we may copy up the lower dir ancestor before encode
175  * of a decodable file handle for non-upper dir.
176  *
177  * Return 0 for upper file handle, > 0 for lower file handle or < 0 on error.
178  */
179 static int ovl_check_encode_origin(struct dentry *dentry)
180 {
181 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
182 	bool decodable = ofs->config.nfs_export;
183 
184 	/* Lower file handle for non-upper non-decodable */
185 	if (!ovl_dentry_upper(dentry) && !decodable)
186 		return 1;
187 
188 	/* Upper file handle for pure upper */
189 	if (!ovl_dentry_lower(dentry))
190 		return 0;
191 
192 	/*
193 	 * Root is never indexed, so if there's an upper layer, encode upper for
194 	 * root.
195 	 */
196 	if (dentry == dentry->d_sb->s_root)
197 		return 0;
198 
199 	/*
200 	 * Upper decodable file handle for non-indexed upper.
201 	 */
202 	if (ovl_dentry_upper(dentry) && decodable &&
203 	    !ovl_test_flag(OVL_INDEX, d_inode(dentry)))
204 		return 0;
205 
206 	/*
207 	 * Decoding a merge dir, whose origin's ancestor is under a redirected
208 	 * lower dir or under a non-indexed upper is not always possible.
209 	 * ovl_connect_layer() will try to make origin's layer "connected" by
210 	 * copying up a "connectable" ancestor.
211 	 */
212 	if (d_is_dir(dentry) && ovl_upper_mnt(ofs) && decodable)
213 		return ovl_connect_layer(dentry);
214 
215 	/* Lower file handle for indexed and non-upper dir/non-dir */
216 	return 1;
217 }
218 
219 static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry,
220 			     u32 *fid, int buflen)
221 {
222 	struct ovl_fh *fh = NULL;
223 	int err, enc_lower;
224 	int len;
225 
226 	/*
227 	 * Check if we should encode a lower or upper file handle and maybe
228 	 * copy up an ancestor to make lower file handle connectable.
229 	 */
230 	err = enc_lower = ovl_check_encode_origin(dentry);
231 	if (enc_lower < 0)
232 		goto fail;
233 
234 	/* Encode an upper or lower file handle */
235 	fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_dentry_lower(dentry) :
236 				ovl_dentry_upper(dentry), !enc_lower);
237 	if (IS_ERR(fh))
238 		return PTR_ERR(fh);
239 
240 	len = OVL_FH_LEN(fh);
241 	if (len <= buflen)
242 		memcpy(fid, fh, len);
243 	err = len;
244 
245 out:
246 	kfree(fh);
247 	return err;
248 
249 fail:
250 	pr_warn_ratelimited("failed to encode file handle (%pd2, err=%i)\n",
251 			    dentry, err);
252 	goto out;
253 }
254 
255 static int ovl_encode_fh(struct inode *inode, u32 *fid, int *max_len,
256 			 struct inode *parent)
257 {
258 	struct ovl_fs *ofs = OVL_FS(inode->i_sb);
259 	struct dentry *dentry;
260 	int bytes, buflen = *max_len << 2;
261 
262 	/* TODO: encode connectable file handles */
263 	if (parent)
264 		return FILEID_INVALID;
265 
266 	dentry = d_find_any_alias(inode);
267 	if (!dentry)
268 		return FILEID_INVALID;
269 
270 	bytes = ovl_dentry_to_fid(ofs, dentry, fid, buflen);
271 	dput(dentry);
272 	if (bytes <= 0)
273 		return FILEID_INVALID;
274 
275 	*max_len = bytes >> 2;
276 	if (bytes > buflen)
277 		return FILEID_INVALID;
278 
279 	return OVL_FILEID_V1;
280 }
281 
282 /*
283  * Find or instantiate an overlay dentry from real dentries and index.
284  */
285 static struct dentry *ovl_obtain_alias(struct super_block *sb,
286 				       struct dentry *upper_alias,
287 				       struct ovl_path *lowerpath,
288 				       struct dentry *index)
289 {
290 	struct dentry *lower = lowerpath ? lowerpath->dentry : NULL;
291 	struct dentry *upper = upper_alias ?: index;
292 	struct dentry *dentry;
293 	struct inode *inode = NULL;
294 	struct ovl_entry *oe;
295 	struct ovl_inode_params oip = {
296 		.index = index,
297 	};
298 
299 	/* We get overlay directory dentries with ovl_lookup_real() */
300 	if (d_is_dir(upper ?: lower))
301 		return ERR_PTR(-EIO);
302 
303 	oe = ovl_alloc_entry(!!lower);
304 	if (!oe)
305 		return ERR_PTR(-ENOMEM);
306 
307 	oip.upperdentry = dget(upper);
308 	if (lower) {
309 		ovl_lowerstack(oe)->dentry = dget(lower);
310 		ovl_lowerstack(oe)->layer = lowerpath->layer;
311 	}
312 	oip.oe = oe;
313 	inode = ovl_get_inode(sb, &oip);
314 	if (IS_ERR(inode)) {
315 		ovl_free_entry(oe);
316 		dput(upper);
317 		return ERR_CAST(inode);
318 	}
319 
320 	if (upper)
321 		ovl_set_flag(OVL_UPPERDATA, inode);
322 
323 	dentry = d_find_any_alias(inode);
324 	if (dentry)
325 		goto out_iput;
326 
327 	dentry = d_alloc_anon(inode->i_sb);
328 	if (unlikely(!dentry))
329 		goto nomem;
330 
331 	if (upper_alias)
332 		ovl_dentry_set_upper_alias(dentry);
333 
334 	ovl_dentry_init_reval(dentry, upper, OVL_I_E(inode));
335 
336 	return d_instantiate_anon(dentry, inode);
337 
338 nomem:
339 	dput(dentry);
340 	dentry = ERR_PTR(-ENOMEM);
341 out_iput:
342 	iput(inode);
343 	return dentry;
344 }
345 
346 /* Get the upper or lower dentry in stack whose on layer @idx */
347 static struct dentry *ovl_dentry_real_at(struct dentry *dentry, int idx)
348 {
349 	struct ovl_entry *oe = OVL_E(dentry);
350 	struct ovl_path *lowerstack = ovl_lowerstack(oe);
351 	int i;
352 
353 	if (!idx)
354 		return ovl_dentry_upper(dentry);
355 
356 	for (i = 0; i < ovl_numlower(oe); i++) {
357 		if (lowerstack[i].layer->idx == idx)
358 			return lowerstack[i].dentry;
359 	}
360 
361 	return NULL;
362 }
363 
364 /*
365  * Lookup a child overlay dentry to get a connected overlay dentry whose real
366  * dentry is @real. If @real is on upper layer, we lookup a child overlay
367  * dentry with the same name as the real dentry. Otherwise, we need to consult
368  * index for lookup.
369  */
370 static struct dentry *ovl_lookup_real_one(struct dentry *connected,
371 					  struct dentry *real,
372 					  const struct ovl_layer *layer)
373 {
374 	struct inode *dir = d_inode(connected);
375 	struct dentry *this, *parent = NULL;
376 	struct name_snapshot name;
377 	int err;
378 
379 	/*
380 	 * Lookup child overlay dentry by real name. The dir mutex protects us
381 	 * from racing with overlay rename. If the overlay dentry that is above
382 	 * real has already been moved to a parent that is not under the
383 	 * connected overlay dir, we return -ECHILD and restart the lookup of
384 	 * connected real path from the top.
385 	 */
386 	inode_lock_nested(dir, I_MUTEX_PARENT);
387 	err = -ECHILD;
388 	parent = dget_parent(real);
389 	if (ovl_dentry_real_at(connected, layer->idx) != parent)
390 		goto fail;
391 
392 	/*
393 	 * We also need to take a snapshot of real dentry name to protect us
394 	 * from racing with underlying layer rename. In this case, we don't
395 	 * care about returning ESTALE, only from dereferencing a free name
396 	 * pointer because we hold no lock on the real dentry.
397 	 */
398 	take_dentry_name_snapshot(&name, real);
399 	/*
400 	 * No idmap handling here: it's an internal lookup.  Could skip
401 	 * permission checking altogether, but for now just use non-idmap
402 	 * transformed ids.
403 	 */
404 	this = lookup_one_len(name.name.name, connected, name.name.len);
405 	release_dentry_name_snapshot(&name);
406 	err = PTR_ERR(this);
407 	if (IS_ERR(this)) {
408 		goto fail;
409 	} else if (!this || !this->d_inode) {
410 		dput(this);
411 		err = -ENOENT;
412 		goto fail;
413 	} else if (ovl_dentry_real_at(this, layer->idx) != real) {
414 		dput(this);
415 		err = -ESTALE;
416 		goto fail;
417 	}
418 
419 out:
420 	dput(parent);
421 	inode_unlock(dir);
422 	return this;
423 
424 fail:
425 	pr_warn_ratelimited("failed to lookup one by real (%pd2, layer=%d, connected=%pd2, err=%i)\n",
426 			    real, layer->idx, connected, err);
427 	this = ERR_PTR(err);
428 	goto out;
429 }
430 
431 static struct dentry *ovl_lookup_real(struct super_block *sb,
432 				      struct dentry *real,
433 				      const struct ovl_layer *layer);
434 
435 /*
436  * Lookup an indexed or hashed overlay dentry by real inode.
437  */
438 static struct dentry *ovl_lookup_real_inode(struct super_block *sb,
439 					    struct dentry *real,
440 					    const struct ovl_layer *layer)
441 {
442 	struct ovl_fs *ofs = OVL_FS(sb);
443 	struct dentry *index = NULL;
444 	struct dentry *this = NULL;
445 	struct inode *inode;
446 
447 	/*
448 	 * Decoding upper dir from index is expensive, so first try to lookup
449 	 * overlay dentry in inode/dcache.
450 	 */
451 	inode = ovl_lookup_inode(sb, real, !layer->idx);
452 	if (IS_ERR(inode))
453 		return ERR_CAST(inode);
454 	if (inode) {
455 		this = d_find_any_alias(inode);
456 		iput(inode);
457 	}
458 
459 	/*
460 	 * For decoded lower dir file handle, lookup index by origin to check
461 	 * if lower dir was copied up and and/or removed.
462 	 */
463 	if (!this && layer->idx && ofs->indexdir && !WARN_ON(!d_is_dir(real))) {
464 		index = ovl_lookup_index(ofs, NULL, real, false);
465 		if (IS_ERR(index))
466 			return index;
467 	}
468 
469 	/* Get connected upper overlay dir from index */
470 	if (index) {
471 		struct dentry *upper = ovl_index_upper(ofs, index, true);
472 
473 		dput(index);
474 		if (IS_ERR_OR_NULL(upper))
475 			return upper;
476 
477 		/*
478 		 * ovl_lookup_real() in lower layer may call recursively once to
479 		 * ovl_lookup_real() in upper layer. The first level call walks
480 		 * back lower parents to the topmost indexed parent. The second
481 		 * recursive call walks back from indexed upper to the topmost
482 		 * connected/hashed upper parent (or up to root).
483 		 */
484 		this = ovl_lookup_real(sb, upper, &ofs->layers[0]);
485 		dput(upper);
486 	}
487 
488 	if (IS_ERR_OR_NULL(this))
489 		return this;
490 
491 	if (ovl_dentry_real_at(this, layer->idx) != real) {
492 		dput(this);
493 		this = ERR_PTR(-EIO);
494 	}
495 
496 	return this;
497 }
498 
499 /*
500  * Lookup an indexed or hashed overlay dentry, whose real dentry is an
501  * ancestor of @real.
502  */
503 static struct dentry *ovl_lookup_real_ancestor(struct super_block *sb,
504 					       struct dentry *real,
505 					       const struct ovl_layer *layer)
506 {
507 	struct dentry *next, *parent = NULL;
508 	struct dentry *ancestor = ERR_PTR(-EIO);
509 
510 	if (real == layer->mnt->mnt_root)
511 		return dget(sb->s_root);
512 
513 	/* Find the topmost indexed or hashed ancestor */
514 	next = dget(real);
515 	for (;;) {
516 		parent = dget_parent(next);
517 
518 		/*
519 		 * Lookup a matching overlay dentry in inode/dentry
520 		 * cache or in index by real inode.
521 		 */
522 		ancestor = ovl_lookup_real_inode(sb, next, layer);
523 		if (ancestor)
524 			break;
525 
526 		if (parent == layer->mnt->mnt_root) {
527 			ancestor = dget(sb->s_root);
528 			break;
529 		}
530 
531 		/*
532 		 * If @real has been moved out of the layer root directory,
533 		 * we will eventully hit the real fs root. This cannot happen
534 		 * by legit overlay rename, so we return error in that case.
535 		 */
536 		if (parent == next) {
537 			ancestor = ERR_PTR(-EXDEV);
538 			break;
539 		}
540 
541 		dput(next);
542 		next = parent;
543 	}
544 
545 	dput(parent);
546 	dput(next);
547 
548 	return ancestor;
549 }
550 
551 /*
552  * Lookup a connected overlay dentry whose real dentry is @real.
553  * If @real is on upper layer, we lookup a child overlay dentry with the same
554  * path the real dentry. Otherwise, we need to consult index for lookup.
555  */
556 static struct dentry *ovl_lookup_real(struct super_block *sb,
557 				      struct dentry *real,
558 				      const struct ovl_layer *layer)
559 {
560 	struct dentry *connected;
561 	int err = 0;
562 
563 	connected = ovl_lookup_real_ancestor(sb, real, layer);
564 	if (IS_ERR(connected))
565 		return connected;
566 
567 	while (!err) {
568 		struct dentry *next, *this;
569 		struct dentry *parent = NULL;
570 		struct dentry *real_connected = ovl_dentry_real_at(connected,
571 								   layer->idx);
572 
573 		if (real_connected == real)
574 			break;
575 
576 		/* Find the topmost dentry not yet connected */
577 		next = dget(real);
578 		for (;;) {
579 			parent = dget_parent(next);
580 
581 			if (parent == real_connected)
582 				break;
583 
584 			/*
585 			 * If real has been moved out of 'real_connected',
586 			 * we will not find 'real_connected' and hit the layer
587 			 * root. In that case, we need to restart connecting.
588 			 * This game can go on forever in the worst case. We
589 			 * may want to consider taking s_vfs_rename_mutex if
590 			 * this happens more than once.
591 			 */
592 			if (parent == layer->mnt->mnt_root) {
593 				dput(connected);
594 				connected = dget(sb->s_root);
595 				break;
596 			}
597 
598 			/*
599 			 * If real file has been moved out of the layer root
600 			 * directory, we will eventully hit the real fs root.
601 			 * This cannot happen by legit overlay rename, so we
602 			 * return error in that case.
603 			 */
604 			if (parent == next) {
605 				err = -EXDEV;
606 				break;
607 			}
608 
609 			dput(next);
610 			next = parent;
611 		}
612 
613 		if (!err) {
614 			this = ovl_lookup_real_one(connected, next, layer);
615 			if (IS_ERR(this))
616 				err = PTR_ERR(this);
617 
618 			/*
619 			 * Lookup of child in overlay can fail when racing with
620 			 * overlay rename of child away from 'connected' parent.
621 			 * In this case, we need to restart the lookup from the
622 			 * top, because we cannot trust that 'real_connected' is
623 			 * still an ancestor of 'real'. There is a good chance
624 			 * that the renamed overlay ancestor is now in cache, so
625 			 * ovl_lookup_real_ancestor() will find it and we can
626 			 * continue to connect exactly from where lookup failed.
627 			 */
628 			if (err == -ECHILD) {
629 				this = ovl_lookup_real_ancestor(sb, real,
630 								layer);
631 				err = PTR_ERR_OR_ZERO(this);
632 			}
633 			if (!err) {
634 				dput(connected);
635 				connected = this;
636 			}
637 		}
638 
639 		dput(parent);
640 		dput(next);
641 	}
642 
643 	if (err)
644 		goto fail;
645 
646 	return connected;
647 
648 fail:
649 	pr_warn_ratelimited("failed to lookup by real (%pd2, layer=%d, connected=%pd2, err=%i)\n",
650 			    real, layer->idx, connected, err);
651 	dput(connected);
652 	return ERR_PTR(err);
653 }
654 
655 /*
656  * Get an overlay dentry from upper/lower real dentries and index.
657  */
658 static struct dentry *ovl_get_dentry(struct super_block *sb,
659 				     struct dentry *upper,
660 				     struct ovl_path *lowerpath,
661 				     struct dentry *index)
662 {
663 	struct ovl_fs *ofs = OVL_FS(sb);
664 	const struct ovl_layer *layer = upper ? &ofs->layers[0] : lowerpath->layer;
665 	struct dentry *real = upper ?: (index ?: lowerpath->dentry);
666 
667 	/*
668 	 * Obtain a disconnected overlay dentry from a non-dir real dentry
669 	 * and index.
670 	 */
671 	if (!d_is_dir(real))
672 		return ovl_obtain_alias(sb, upper, lowerpath, index);
673 
674 	/* Removed empty directory? */
675 	if ((real->d_flags & DCACHE_DISCONNECTED) || d_unhashed(real))
676 		return ERR_PTR(-ENOENT);
677 
678 	/*
679 	 * If real dentry is connected and hashed, get a connected overlay
680 	 * dentry whose real dentry is @real.
681 	 */
682 	return ovl_lookup_real(sb, real, layer);
683 }
684 
685 static struct dentry *ovl_upper_fh_to_d(struct super_block *sb,
686 					struct ovl_fh *fh)
687 {
688 	struct ovl_fs *ofs = OVL_FS(sb);
689 	struct dentry *dentry;
690 	struct dentry *upper;
691 
692 	if (!ovl_upper_mnt(ofs))
693 		return ERR_PTR(-EACCES);
694 
695 	upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), true);
696 	if (IS_ERR_OR_NULL(upper))
697 		return upper;
698 
699 	dentry = ovl_get_dentry(sb, upper, NULL, NULL);
700 	dput(upper);
701 
702 	return dentry;
703 }
704 
705 static struct dentry *ovl_lower_fh_to_d(struct super_block *sb,
706 					struct ovl_fh *fh)
707 {
708 	struct ovl_fs *ofs = OVL_FS(sb);
709 	struct ovl_path origin = { };
710 	struct ovl_path *stack = &origin;
711 	struct dentry *dentry = NULL;
712 	struct dentry *index = NULL;
713 	struct inode *inode;
714 	int err;
715 
716 	/* First lookup overlay inode in inode cache by origin fh */
717 	err = ovl_check_origin_fh(ofs, fh, false, NULL, &stack);
718 	if (err)
719 		return ERR_PTR(err);
720 
721 	if (!d_is_dir(origin.dentry) ||
722 	    !(origin.dentry->d_flags & DCACHE_DISCONNECTED)) {
723 		inode = ovl_lookup_inode(sb, origin.dentry, false);
724 		err = PTR_ERR(inode);
725 		if (IS_ERR(inode))
726 			goto out_err;
727 		if (inode) {
728 			dentry = d_find_any_alias(inode);
729 			iput(inode);
730 			if (dentry)
731 				goto out;
732 		}
733 	}
734 
735 	/* Then lookup indexed upper/whiteout by origin fh */
736 	if (ofs->indexdir) {
737 		index = ovl_get_index_fh(ofs, fh);
738 		err = PTR_ERR(index);
739 		if (IS_ERR(index)) {
740 			index = NULL;
741 			goto out_err;
742 		}
743 	}
744 
745 	/* Then try to get a connected upper dir by index */
746 	if (index && d_is_dir(index)) {
747 		struct dentry *upper = ovl_index_upper(ofs, index, true);
748 
749 		err = PTR_ERR(upper);
750 		if (IS_ERR_OR_NULL(upper))
751 			goto out_err;
752 
753 		dentry = ovl_get_dentry(sb, upper, NULL, NULL);
754 		dput(upper);
755 		goto out;
756 	}
757 
758 	/* Find origin.dentry again with ovl_acceptable() layer check */
759 	if (d_is_dir(origin.dentry)) {
760 		dput(origin.dentry);
761 		origin.dentry = NULL;
762 		err = ovl_check_origin_fh(ofs, fh, true, NULL, &stack);
763 		if (err)
764 			goto out_err;
765 	}
766 	if (index) {
767 		err = ovl_verify_origin(ofs, index, origin.dentry, false);
768 		if (err)
769 			goto out_err;
770 	}
771 
772 	/* Get a connected non-upper dir or disconnected non-dir */
773 	dentry = ovl_get_dentry(sb, NULL, &origin, index);
774 
775 out:
776 	dput(origin.dentry);
777 	dput(index);
778 	return dentry;
779 
780 out_err:
781 	dentry = ERR_PTR(err);
782 	goto out;
783 }
784 
785 static struct ovl_fh *ovl_fid_to_fh(struct fid *fid, int buflen, int fh_type)
786 {
787 	struct ovl_fh *fh;
788 
789 	/* If on-wire inner fid is aligned - nothing to do */
790 	if (fh_type == OVL_FILEID_V1)
791 		return (struct ovl_fh *)fid;
792 
793 	if (fh_type != OVL_FILEID_V0)
794 		return ERR_PTR(-EINVAL);
795 
796 	if (buflen <= OVL_FH_WIRE_OFFSET)
797 		return ERR_PTR(-EINVAL);
798 
799 	fh = kzalloc(buflen, GFP_KERNEL);
800 	if (!fh)
801 		return ERR_PTR(-ENOMEM);
802 
803 	/* Copy unaligned inner fh into aligned buffer */
804 	memcpy(fh->buf, fid, buflen - OVL_FH_WIRE_OFFSET);
805 	return fh;
806 }
807 
808 static struct dentry *ovl_fh_to_dentry(struct super_block *sb, struct fid *fid,
809 				       int fh_len, int fh_type)
810 {
811 	struct dentry *dentry = NULL;
812 	struct ovl_fh *fh = NULL;
813 	int len = fh_len << 2;
814 	unsigned int flags = 0;
815 	int err;
816 
817 	fh = ovl_fid_to_fh(fid, len, fh_type);
818 	err = PTR_ERR(fh);
819 	if (IS_ERR(fh))
820 		goto out_err;
821 
822 	err = ovl_check_fh_len(fh, len);
823 	if (err)
824 		goto out_err;
825 
826 	flags = fh->fb.flags;
827 	dentry = (flags & OVL_FH_FLAG_PATH_UPPER) ?
828 		 ovl_upper_fh_to_d(sb, fh) :
829 		 ovl_lower_fh_to_d(sb, fh);
830 	err = PTR_ERR(dentry);
831 	if (IS_ERR(dentry) && err != -ESTALE)
832 		goto out_err;
833 
834 out:
835 	/* We may have needed to re-align OVL_FILEID_V0 */
836 	if (!IS_ERR_OR_NULL(fh) && fh != (void *)fid)
837 		kfree(fh);
838 
839 	return dentry;
840 
841 out_err:
842 	pr_warn_ratelimited("failed to decode file handle (len=%d, type=%d, flags=%x, err=%i)\n",
843 			    fh_len, fh_type, flags, err);
844 	dentry = ERR_PTR(err);
845 	goto out;
846 }
847 
848 static struct dentry *ovl_fh_to_parent(struct super_block *sb, struct fid *fid,
849 				       int fh_len, int fh_type)
850 {
851 	pr_warn_ratelimited("connectable file handles not supported; use 'no_subtree_check' exportfs option.\n");
852 	return ERR_PTR(-EACCES);
853 }
854 
855 static int ovl_get_name(struct dentry *parent, char *name,
856 			struct dentry *child)
857 {
858 	/*
859 	 * ovl_fh_to_dentry() returns connected dir overlay dentries and
860 	 * ovl_fh_to_parent() is not implemented, so we should not get here.
861 	 */
862 	WARN_ON_ONCE(1);
863 	return -EIO;
864 }
865 
866 static struct dentry *ovl_get_parent(struct dentry *dentry)
867 {
868 	/*
869 	 * ovl_fh_to_dentry() returns connected dir overlay dentries, so we
870 	 * should not get here.
871 	 */
872 	WARN_ON_ONCE(1);
873 	return ERR_PTR(-EIO);
874 }
875 
876 const struct export_operations ovl_export_operations = {
877 	.encode_fh	= ovl_encode_fh,
878 	.fh_to_dentry	= ovl_fh_to_dentry,
879 	.fh_to_parent	= ovl_fh_to_parent,
880 	.get_name	= ovl_get_name,
881 	.get_parent	= ovl_get_parent,
882 };
883 
884 /* encode_fh() encodes non-decodable file handles with nfs_export=off */
885 const struct export_operations ovl_export_fid_operations = {
886 	.encode_fh	= ovl_encode_fh,
887 };
888