xref: /linux/fs/overlayfs/export.c (revision 8c994eff8fcfe8ecb1f1dbebed25b4d7bb75be12)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Overlayfs NFS export support.
4  *
5  * Amir Goldstein <amir73il@gmail.com>
6  *
7  * Copyright (C) 2017-2018 CTERA Networks. All Rights Reserved.
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/cred.h>
12 #include <linux/mount.h>
13 #include <linux/namei.h>
14 #include <linux/xattr.h>
15 #include <linux/exportfs.h>
16 #include <linux/ratelimit.h>
17 #include "overlayfs.h"
18 
19 static int ovl_encode_maybe_copy_up(struct dentry *dentry)
20 {
21 	int err;
22 
23 	if (ovl_dentry_upper(dentry))
24 		return 0;
25 
26 	err = ovl_want_write(dentry);
27 	if (!err) {
28 		err = ovl_copy_up(dentry);
29 		ovl_drop_write(dentry);
30 	}
31 
32 	if (err) {
33 		pr_warn_ratelimited("failed to copy up on encode (%pd2, err=%i)\n",
34 				    dentry, err);
35 	}
36 
37 	return err;
38 }
39 
40 /*
41  * Before encoding a non-upper directory file handle from real layer N, we need
42  * to check if it will be possible to reconnect an overlay dentry from the real
43  * lower decoded dentry. This is done by following the overlay ancestry up to a
44  * "layer N connected" ancestor and verifying that all parents along the way are
45  * "layer N connectable". If an ancestor that is NOT "layer N connectable" is
46  * found, we need to copy up an ancestor, which is "layer N connectable", thus
47  * making that ancestor "layer N connected". For example:
48  *
49  * layer 1: /a
50  * layer 2: /a/b/c
51  *
52  * The overlay dentry /a is NOT "layer 2 connectable", because if dir /a is
53  * copied up and renamed, upper dir /a will be indexed by lower dir /a from
54  * layer 1. The dir /a from layer 2 will never be indexed, so the algorithm (*)
55  * in ovl_lookup_real_ancestor() will not be able to lookup a connected overlay
56  * dentry from the connected lower dentry /a/b/c.
57  *
58  * To avoid this problem on decode time, we need to copy up an ancestor of
59  * /a/b/c, which is "layer 2 connectable", on encode time. That ancestor is
60  * /a/b. After copy up (and index) of /a/b, it will become "layer 2 connected"
61  * and when the time comes to decode the file handle from lower dentry /a/b/c,
62  * ovl_lookup_real_ancestor() will find the indexed ancestor /a/b and decoding
63  * a connected overlay dentry will be accomplished.
64  *
65  * (*) the algorithm in ovl_lookup_real_ancestor() can be improved to lookup an
66  * entry /a in the lower layers above layer N and find the indexed dir /a from
67  * layer 1. If that improvement is made, then the check for "layer N connected"
68  * will need to verify there are no redirects in lower layers above N. In the
69  * example above, /a will be "layer 2 connectable". However, if layer 2 dir /a
70  * is a target of a layer 1 redirect, then /a will NOT be "layer 2 connectable":
71  *
72  * layer 1: /A (redirect = /a)
73  * layer 2: /a/b/c
74  */
75 
76 /* Return the lowest layer for encoding a connectable file handle */
77 static int ovl_connectable_layer(struct dentry *dentry)
78 {
79 	struct ovl_entry *oe = OVL_E(dentry);
80 
81 	/* We can get overlay root from root of any layer */
82 	if (dentry == dentry->d_sb->s_root)
83 		return ovl_numlower(oe);
84 
85 	/*
86 	 * If it's an unindexed merge dir, then it's not connectable with any
87 	 * lower layer
88 	 */
89 	if (ovl_dentry_upper(dentry) &&
90 	    !ovl_test_flag(OVL_INDEX, d_inode(dentry)))
91 		return 0;
92 
93 	/* We can get upper/overlay path from indexed/lower dentry */
94 	return ovl_lowerstack(oe)->layer->idx;
95 }
96 
97 /*
98  * @dentry is "connected" if all ancestors up to root or a "connected" ancestor
99  * have the same uppermost lower layer as the origin's layer. We may need to
100  * copy up a "connectable" ancestor to make it "connected". A "connected" dentry
101  * cannot become non "connected", so cache positive result in dentry flags.
102  *
103  * Return the connected origin layer or < 0 on error.
104  */
105 static int ovl_connect_layer(struct dentry *dentry)
106 {
107 	struct dentry *next, *parent = NULL;
108 	struct ovl_entry *oe = OVL_E(dentry);
109 	int origin_layer;
110 	int err = 0;
111 
112 	if (WARN_ON(dentry == dentry->d_sb->s_root) ||
113 	    WARN_ON(!ovl_dentry_lower(dentry)))
114 		return -EIO;
115 
116 	origin_layer = ovl_lowerstack(oe)->layer->idx;
117 	if (ovl_dentry_test_flag(OVL_E_CONNECTED, dentry))
118 		return origin_layer;
119 
120 	/* Find the topmost origin layer connectable ancestor of @dentry */
121 	next = dget(dentry);
122 	for (;;) {
123 		parent = dget_parent(next);
124 		if (WARN_ON(parent == next)) {
125 			err = -EIO;
126 			break;
127 		}
128 
129 		/*
130 		 * If @parent is not origin layer connectable, then copy up
131 		 * @next which is origin layer connectable and we are done.
132 		 */
133 		if (ovl_connectable_layer(parent) < origin_layer) {
134 			err = ovl_encode_maybe_copy_up(next);
135 			break;
136 		}
137 
138 		/* If @parent is connected or indexed we are done */
139 		if (ovl_dentry_test_flag(OVL_E_CONNECTED, parent) ||
140 		    ovl_test_flag(OVL_INDEX, d_inode(parent)))
141 			break;
142 
143 		dput(next);
144 		next = parent;
145 	}
146 
147 	dput(parent);
148 	dput(next);
149 
150 	if (!err)
151 		ovl_dentry_set_flag(OVL_E_CONNECTED, dentry);
152 
153 	return err ?: origin_layer;
154 }
155 
156 /*
157  * We only need to encode origin if there is a chance that the same object was
158  * encoded pre copy up and then we need to stay consistent with the same
159  * encoding also after copy up. If non-pure upper is not indexed, then it was
160  * copied up before NFS export was enabled. In that case we don't need to worry
161  * about staying consistent with pre copy up encoding and we encode an upper
162  * file handle. Overlay root dentry is a private case of non-indexed upper.
163  *
164  * The following table summarizes the different file handle encodings used for
165  * different overlay object types:
166  *
167  *  Object type		| Encoding
168  * --------------------------------
169  *  Pure upper		| U
170  *  Non-indexed upper	| U
171  *  Indexed upper	| L (*)
172  *  Non-upper		| L (*)
173  *
174  * U = upper file handle
175  * L = lower file handle
176  *
177  * (*) Decoding a connected overlay dir from real lower dentry is not always
178  * possible when there are redirects in lower layers and non-indexed merge dirs.
179  * To mitigate those case, we may copy up the lower dir ancestor before encode
180  * of a decodable file handle for non-upper dir.
181  *
182  * Return 0 for upper file handle, > 0 for lower file handle or < 0 on error.
183  */
184 static int ovl_check_encode_origin(struct dentry *dentry)
185 {
186 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
187 	bool decodable = ofs->config.nfs_export;
188 
189 	/* Lower file handle for non-upper non-decodable */
190 	if (!ovl_dentry_upper(dentry) && !decodable)
191 		return 0;
192 
193 	/* Upper file handle for pure upper */
194 	if (!ovl_dentry_lower(dentry))
195 		return 0;
196 
197 	/*
198 	 * Root is never indexed, so if there's an upper layer, encode upper for
199 	 * root.
200 	 */
201 	if (dentry == dentry->d_sb->s_root)
202 		return 0;
203 
204 	/*
205 	 * Upper decodable file handle for non-indexed upper.
206 	 */
207 	if (ovl_dentry_upper(dentry) && decodable &&
208 	    !ovl_test_flag(OVL_INDEX, d_inode(dentry)))
209 		return 0;
210 
211 	/*
212 	 * Decoding a merge dir, whose origin's ancestor is under a redirected
213 	 * lower dir or under a non-indexed upper is not always possible.
214 	 * ovl_connect_layer() will try to make origin's layer "connected" by
215 	 * copying up a "connectable" ancestor.
216 	 */
217 	if (d_is_dir(dentry) && ovl_upper_mnt(ofs) && decodable)
218 		return ovl_connect_layer(dentry);
219 
220 	/* Lower file handle for indexed and non-upper dir/non-dir */
221 	return 1;
222 }
223 
224 static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry,
225 			     u32 *fid, int buflen)
226 {
227 	struct ovl_fh *fh = NULL;
228 	int err, enc_lower;
229 	int len;
230 
231 	/*
232 	 * Check if we should encode a lower or upper file handle and maybe
233 	 * copy up an ancestor to make lower file handle connectable.
234 	 */
235 	err = enc_lower = ovl_check_encode_origin(dentry);
236 	if (enc_lower < 0)
237 		goto fail;
238 
239 	/* Encode an upper or lower file handle */
240 	fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_dentry_lower(dentry) :
241 				ovl_dentry_upper(dentry), !enc_lower);
242 	if (IS_ERR(fh))
243 		return PTR_ERR(fh);
244 
245 	len = OVL_FH_LEN(fh);
246 	if (len <= buflen)
247 		memcpy(fid, fh, len);
248 	err = len;
249 
250 out:
251 	kfree(fh);
252 	return err;
253 
254 fail:
255 	pr_warn_ratelimited("failed to encode file handle (%pd2, err=%i)\n",
256 			    dentry, err);
257 	goto out;
258 }
259 
260 static int ovl_encode_fh(struct inode *inode, u32 *fid, int *max_len,
261 			 struct inode *parent)
262 {
263 	struct ovl_fs *ofs = OVL_FS(inode->i_sb);
264 	struct dentry *dentry;
265 	int bytes, buflen = *max_len << 2;
266 
267 	/* TODO: encode connectable file handles */
268 	if (parent)
269 		return FILEID_INVALID;
270 
271 	dentry = d_find_any_alias(inode);
272 	if (!dentry)
273 		return FILEID_INVALID;
274 
275 	bytes = ovl_dentry_to_fid(ofs, dentry, fid, buflen);
276 	dput(dentry);
277 	if (bytes <= 0)
278 		return FILEID_INVALID;
279 
280 	*max_len = bytes >> 2;
281 	if (bytes > buflen)
282 		return FILEID_INVALID;
283 
284 	return OVL_FILEID_V1;
285 }
286 
287 /*
288  * Find or instantiate an overlay dentry from real dentries and index.
289  */
290 static struct dentry *ovl_obtain_alias(struct super_block *sb,
291 				       struct dentry *upper_alias,
292 				       struct ovl_path *lowerpath,
293 				       struct dentry *index)
294 {
295 	struct dentry *lower = lowerpath ? lowerpath->dentry : NULL;
296 	struct dentry *upper = upper_alias ?: index;
297 	struct dentry *dentry;
298 	struct inode *inode = NULL;
299 	struct ovl_entry *oe;
300 	struct ovl_inode_params oip = {
301 		.index = index,
302 	};
303 
304 	/* We get overlay directory dentries with ovl_lookup_real() */
305 	if (d_is_dir(upper ?: lower))
306 		return ERR_PTR(-EIO);
307 
308 	oe = ovl_alloc_entry(!!lower);
309 	if (!oe)
310 		return ERR_PTR(-ENOMEM);
311 
312 	oip.upperdentry = dget(upper);
313 	if (lower) {
314 		ovl_lowerstack(oe)->dentry = dget(lower);
315 		ovl_lowerstack(oe)->layer = lowerpath->layer;
316 	}
317 	oip.oe = oe;
318 	inode = ovl_get_inode(sb, &oip);
319 	if (IS_ERR(inode)) {
320 		ovl_free_entry(oe);
321 		dput(upper);
322 		return ERR_CAST(inode);
323 	}
324 
325 	if (upper)
326 		ovl_set_flag(OVL_UPPERDATA, inode);
327 
328 	dentry = d_find_any_alias(inode);
329 	if (dentry)
330 		goto out_iput;
331 
332 	dentry = d_alloc_anon(inode->i_sb);
333 	if (unlikely(!dentry))
334 		goto nomem;
335 
336 	if (upper_alias)
337 		ovl_dentry_set_upper_alias(dentry);
338 
339 	ovl_dentry_init_reval(dentry, upper, OVL_I_E(inode));
340 
341 	return d_instantiate_anon(dentry, inode);
342 
343 nomem:
344 	dput(dentry);
345 	dentry = ERR_PTR(-ENOMEM);
346 out_iput:
347 	iput(inode);
348 	return dentry;
349 }
350 
351 /* Get the upper or lower dentry in stack whose on layer @idx */
352 static struct dentry *ovl_dentry_real_at(struct dentry *dentry, int idx)
353 {
354 	struct ovl_entry *oe = OVL_E(dentry);
355 	struct ovl_path *lowerstack = ovl_lowerstack(oe);
356 	int i;
357 
358 	if (!idx)
359 		return ovl_dentry_upper(dentry);
360 
361 	for (i = 0; i < ovl_numlower(oe); i++) {
362 		if (lowerstack[i].layer->idx == idx)
363 			return lowerstack[i].dentry;
364 	}
365 
366 	return NULL;
367 }
368 
369 /*
370  * Lookup a child overlay dentry to get a connected overlay dentry whose real
371  * dentry is @real. If @real is on upper layer, we lookup a child overlay
372  * dentry with the same name as the real dentry. Otherwise, we need to consult
373  * index for lookup.
374  */
375 static struct dentry *ovl_lookup_real_one(struct dentry *connected,
376 					  struct dentry *real,
377 					  const struct ovl_layer *layer)
378 {
379 	struct inode *dir = d_inode(connected);
380 	struct dentry *this, *parent = NULL;
381 	struct name_snapshot name;
382 	int err;
383 
384 	/*
385 	 * Lookup child overlay dentry by real name. The dir mutex protects us
386 	 * from racing with overlay rename. If the overlay dentry that is above
387 	 * real has already been moved to a parent that is not under the
388 	 * connected overlay dir, we return -ECHILD and restart the lookup of
389 	 * connected real path from the top.
390 	 */
391 	inode_lock_nested(dir, I_MUTEX_PARENT);
392 	err = -ECHILD;
393 	parent = dget_parent(real);
394 	if (ovl_dentry_real_at(connected, layer->idx) != parent)
395 		goto fail;
396 
397 	/*
398 	 * We also need to take a snapshot of real dentry name to protect us
399 	 * from racing with underlying layer rename. In this case, we don't
400 	 * care about returning ESTALE, only from dereferencing a free name
401 	 * pointer because we hold no lock on the real dentry.
402 	 */
403 	take_dentry_name_snapshot(&name, real);
404 	/*
405 	 * No idmap handling here: it's an internal lookup.  Could skip
406 	 * permission checking altogether, but for now just use non-idmap
407 	 * transformed ids.
408 	 */
409 	this = lookup_one_len(name.name.name, connected, name.name.len);
410 	release_dentry_name_snapshot(&name);
411 	err = PTR_ERR(this);
412 	if (IS_ERR(this)) {
413 		goto fail;
414 	} else if (!this || !this->d_inode) {
415 		dput(this);
416 		err = -ENOENT;
417 		goto fail;
418 	} else if (ovl_dentry_real_at(this, layer->idx) != real) {
419 		dput(this);
420 		err = -ESTALE;
421 		goto fail;
422 	}
423 
424 out:
425 	dput(parent);
426 	inode_unlock(dir);
427 	return this;
428 
429 fail:
430 	pr_warn_ratelimited("failed to lookup one by real (%pd2, layer=%d, connected=%pd2, err=%i)\n",
431 			    real, layer->idx, connected, err);
432 	this = ERR_PTR(err);
433 	goto out;
434 }
435 
436 static struct dentry *ovl_lookup_real(struct super_block *sb,
437 				      struct dentry *real,
438 				      const struct ovl_layer *layer);
439 
440 /*
441  * Lookup an indexed or hashed overlay dentry by real inode.
442  */
443 static struct dentry *ovl_lookup_real_inode(struct super_block *sb,
444 					    struct dentry *real,
445 					    const struct ovl_layer *layer)
446 {
447 	struct ovl_fs *ofs = OVL_FS(sb);
448 	struct dentry *index = NULL;
449 	struct dentry *this = NULL;
450 	struct inode *inode;
451 
452 	/*
453 	 * Decoding upper dir from index is expensive, so first try to lookup
454 	 * overlay dentry in inode/dcache.
455 	 */
456 	inode = ovl_lookup_inode(sb, real, !layer->idx);
457 	if (IS_ERR(inode))
458 		return ERR_CAST(inode);
459 	if (inode) {
460 		this = d_find_any_alias(inode);
461 		iput(inode);
462 	}
463 
464 	/*
465 	 * For decoded lower dir file handle, lookup index by origin to check
466 	 * if lower dir was copied up and and/or removed.
467 	 */
468 	if (!this && layer->idx && ofs->indexdir && !WARN_ON(!d_is_dir(real))) {
469 		index = ovl_lookup_index(ofs, NULL, real, false);
470 		if (IS_ERR(index))
471 			return index;
472 	}
473 
474 	/* Get connected upper overlay dir from index */
475 	if (index) {
476 		struct dentry *upper = ovl_index_upper(ofs, index, true);
477 
478 		dput(index);
479 		if (IS_ERR_OR_NULL(upper))
480 			return upper;
481 
482 		/*
483 		 * ovl_lookup_real() in lower layer may call recursively once to
484 		 * ovl_lookup_real() in upper layer. The first level call walks
485 		 * back lower parents to the topmost indexed parent. The second
486 		 * recursive call walks back from indexed upper to the topmost
487 		 * connected/hashed upper parent (or up to root).
488 		 */
489 		this = ovl_lookup_real(sb, upper, &ofs->layers[0]);
490 		dput(upper);
491 	}
492 
493 	if (IS_ERR_OR_NULL(this))
494 		return this;
495 
496 	if (ovl_dentry_real_at(this, layer->idx) != real) {
497 		dput(this);
498 		this = ERR_PTR(-EIO);
499 	}
500 
501 	return this;
502 }
503 
504 /*
505  * Lookup an indexed or hashed overlay dentry, whose real dentry is an
506  * ancestor of @real.
507  */
508 static struct dentry *ovl_lookup_real_ancestor(struct super_block *sb,
509 					       struct dentry *real,
510 					       const struct ovl_layer *layer)
511 {
512 	struct dentry *next, *parent = NULL;
513 	struct dentry *ancestor = ERR_PTR(-EIO);
514 
515 	if (real == layer->mnt->mnt_root)
516 		return dget(sb->s_root);
517 
518 	/* Find the topmost indexed or hashed ancestor */
519 	next = dget(real);
520 	for (;;) {
521 		parent = dget_parent(next);
522 
523 		/*
524 		 * Lookup a matching overlay dentry in inode/dentry
525 		 * cache or in index by real inode.
526 		 */
527 		ancestor = ovl_lookup_real_inode(sb, next, layer);
528 		if (ancestor)
529 			break;
530 
531 		if (parent == layer->mnt->mnt_root) {
532 			ancestor = dget(sb->s_root);
533 			break;
534 		}
535 
536 		/*
537 		 * If @real has been moved out of the layer root directory,
538 		 * we will eventully hit the real fs root. This cannot happen
539 		 * by legit overlay rename, so we return error in that case.
540 		 */
541 		if (parent == next) {
542 			ancestor = ERR_PTR(-EXDEV);
543 			break;
544 		}
545 
546 		dput(next);
547 		next = parent;
548 	}
549 
550 	dput(parent);
551 	dput(next);
552 
553 	return ancestor;
554 }
555 
556 /*
557  * Lookup a connected overlay dentry whose real dentry is @real.
558  * If @real is on upper layer, we lookup a child overlay dentry with the same
559  * path the real dentry. Otherwise, we need to consult index for lookup.
560  */
561 static struct dentry *ovl_lookup_real(struct super_block *sb,
562 				      struct dentry *real,
563 				      const struct ovl_layer *layer)
564 {
565 	struct dentry *connected;
566 	int err = 0;
567 
568 	connected = ovl_lookup_real_ancestor(sb, real, layer);
569 	if (IS_ERR(connected))
570 		return connected;
571 
572 	while (!err) {
573 		struct dentry *next, *this;
574 		struct dentry *parent = NULL;
575 		struct dentry *real_connected = ovl_dentry_real_at(connected,
576 								   layer->idx);
577 
578 		if (real_connected == real)
579 			break;
580 
581 		/* Find the topmost dentry not yet connected */
582 		next = dget(real);
583 		for (;;) {
584 			parent = dget_parent(next);
585 
586 			if (parent == real_connected)
587 				break;
588 
589 			/*
590 			 * If real has been moved out of 'real_connected',
591 			 * we will not find 'real_connected' and hit the layer
592 			 * root. In that case, we need to restart connecting.
593 			 * This game can go on forever in the worst case. We
594 			 * may want to consider taking s_vfs_rename_mutex if
595 			 * this happens more than once.
596 			 */
597 			if (parent == layer->mnt->mnt_root) {
598 				dput(connected);
599 				connected = dget(sb->s_root);
600 				break;
601 			}
602 
603 			/*
604 			 * If real file has been moved out of the layer root
605 			 * directory, we will eventully hit the real fs root.
606 			 * This cannot happen by legit overlay rename, so we
607 			 * return error in that case.
608 			 */
609 			if (parent == next) {
610 				err = -EXDEV;
611 				break;
612 			}
613 
614 			dput(next);
615 			next = parent;
616 		}
617 
618 		if (!err) {
619 			this = ovl_lookup_real_one(connected, next, layer);
620 			if (IS_ERR(this))
621 				err = PTR_ERR(this);
622 
623 			/*
624 			 * Lookup of child in overlay can fail when racing with
625 			 * overlay rename of child away from 'connected' parent.
626 			 * In this case, we need to restart the lookup from the
627 			 * top, because we cannot trust that 'real_connected' is
628 			 * still an ancestor of 'real'. There is a good chance
629 			 * that the renamed overlay ancestor is now in cache, so
630 			 * ovl_lookup_real_ancestor() will find it and we can
631 			 * continue to connect exactly from where lookup failed.
632 			 */
633 			if (err == -ECHILD) {
634 				this = ovl_lookup_real_ancestor(sb, real,
635 								layer);
636 				err = PTR_ERR_OR_ZERO(this);
637 			}
638 			if (!err) {
639 				dput(connected);
640 				connected = this;
641 			}
642 		}
643 
644 		dput(parent);
645 		dput(next);
646 	}
647 
648 	if (err)
649 		goto fail;
650 
651 	return connected;
652 
653 fail:
654 	pr_warn_ratelimited("failed to lookup by real (%pd2, layer=%d, connected=%pd2, err=%i)\n",
655 			    real, layer->idx, connected, err);
656 	dput(connected);
657 	return ERR_PTR(err);
658 }
659 
660 /*
661  * Get an overlay dentry from upper/lower real dentries and index.
662  */
663 static struct dentry *ovl_get_dentry(struct super_block *sb,
664 				     struct dentry *upper,
665 				     struct ovl_path *lowerpath,
666 				     struct dentry *index)
667 {
668 	struct ovl_fs *ofs = OVL_FS(sb);
669 	const struct ovl_layer *layer = upper ? &ofs->layers[0] : lowerpath->layer;
670 	struct dentry *real = upper ?: (index ?: lowerpath->dentry);
671 
672 	/*
673 	 * Obtain a disconnected overlay dentry from a non-dir real dentry
674 	 * and index.
675 	 */
676 	if (!d_is_dir(real))
677 		return ovl_obtain_alias(sb, upper, lowerpath, index);
678 
679 	/* Removed empty directory? */
680 	if ((real->d_flags & DCACHE_DISCONNECTED) || d_unhashed(real))
681 		return ERR_PTR(-ENOENT);
682 
683 	/*
684 	 * If real dentry is connected and hashed, get a connected overlay
685 	 * dentry whose real dentry is @real.
686 	 */
687 	return ovl_lookup_real(sb, real, layer);
688 }
689 
690 static struct dentry *ovl_upper_fh_to_d(struct super_block *sb,
691 					struct ovl_fh *fh)
692 {
693 	struct ovl_fs *ofs = OVL_FS(sb);
694 	struct dentry *dentry;
695 	struct dentry *upper;
696 
697 	if (!ovl_upper_mnt(ofs))
698 		return ERR_PTR(-EACCES);
699 
700 	upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), true);
701 	if (IS_ERR_OR_NULL(upper))
702 		return upper;
703 
704 	dentry = ovl_get_dentry(sb, upper, NULL, NULL);
705 	dput(upper);
706 
707 	return dentry;
708 }
709 
710 static struct dentry *ovl_lower_fh_to_d(struct super_block *sb,
711 					struct ovl_fh *fh)
712 {
713 	struct ovl_fs *ofs = OVL_FS(sb);
714 	struct ovl_path origin = { };
715 	struct ovl_path *stack = &origin;
716 	struct dentry *dentry = NULL;
717 	struct dentry *index = NULL;
718 	struct inode *inode;
719 	int err;
720 
721 	/* First lookup overlay inode in inode cache by origin fh */
722 	err = ovl_check_origin_fh(ofs, fh, false, NULL, &stack);
723 	if (err)
724 		return ERR_PTR(err);
725 
726 	if (!d_is_dir(origin.dentry) ||
727 	    !(origin.dentry->d_flags & DCACHE_DISCONNECTED)) {
728 		inode = ovl_lookup_inode(sb, origin.dentry, false);
729 		err = PTR_ERR(inode);
730 		if (IS_ERR(inode))
731 			goto out_err;
732 		if (inode) {
733 			dentry = d_find_any_alias(inode);
734 			iput(inode);
735 			if (dentry)
736 				goto out;
737 		}
738 	}
739 
740 	/* Then lookup indexed upper/whiteout by origin fh */
741 	if (ofs->indexdir) {
742 		index = ovl_get_index_fh(ofs, fh);
743 		err = PTR_ERR(index);
744 		if (IS_ERR(index)) {
745 			index = NULL;
746 			goto out_err;
747 		}
748 	}
749 
750 	/* Then try to get a connected upper dir by index */
751 	if (index && d_is_dir(index)) {
752 		struct dentry *upper = ovl_index_upper(ofs, index, true);
753 
754 		err = PTR_ERR(upper);
755 		if (IS_ERR_OR_NULL(upper))
756 			goto out_err;
757 
758 		dentry = ovl_get_dentry(sb, upper, NULL, NULL);
759 		dput(upper);
760 		goto out;
761 	}
762 
763 	/* Find origin.dentry again with ovl_acceptable() layer check */
764 	if (d_is_dir(origin.dentry)) {
765 		dput(origin.dentry);
766 		origin.dentry = NULL;
767 		err = ovl_check_origin_fh(ofs, fh, true, NULL, &stack);
768 		if (err)
769 			goto out_err;
770 	}
771 	if (index) {
772 		err = ovl_verify_origin(ofs, index, origin.dentry, false);
773 		if (err)
774 			goto out_err;
775 	}
776 
777 	/* Get a connected non-upper dir or disconnected non-dir */
778 	dentry = ovl_get_dentry(sb, NULL, &origin, index);
779 
780 out:
781 	dput(origin.dentry);
782 	dput(index);
783 	return dentry;
784 
785 out_err:
786 	dentry = ERR_PTR(err);
787 	goto out;
788 }
789 
790 static struct ovl_fh *ovl_fid_to_fh(struct fid *fid, int buflen, int fh_type)
791 {
792 	struct ovl_fh *fh;
793 
794 	/* If on-wire inner fid is aligned - nothing to do */
795 	if (fh_type == OVL_FILEID_V1)
796 		return (struct ovl_fh *)fid;
797 
798 	if (fh_type != OVL_FILEID_V0)
799 		return ERR_PTR(-EINVAL);
800 
801 	if (buflen <= OVL_FH_WIRE_OFFSET)
802 		return ERR_PTR(-EINVAL);
803 
804 	fh = kzalloc(buflen, GFP_KERNEL);
805 	if (!fh)
806 		return ERR_PTR(-ENOMEM);
807 
808 	/* Copy unaligned inner fh into aligned buffer */
809 	memcpy(fh->buf, fid, buflen - OVL_FH_WIRE_OFFSET);
810 	return fh;
811 }
812 
813 static struct dentry *ovl_fh_to_dentry(struct super_block *sb, struct fid *fid,
814 				       int fh_len, int fh_type)
815 {
816 	struct dentry *dentry = NULL;
817 	struct ovl_fh *fh = NULL;
818 	int len = fh_len << 2;
819 	unsigned int flags = 0;
820 	int err;
821 
822 	fh = ovl_fid_to_fh(fid, len, fh_type);
823 	err = PTR_ERR(fh);
824 	if (IS_ERR(fh))
825 		goto out_err;
826 
827 	err = ovl_check_fh_len(fh, len);
828 	if (err)
829 		goto out_err;
830 
831 	flags = fh->fb.flags;
832 	dentry = (flags & OVL_FH_FLAG_PATH_UPPER) ?
833 		 ovl_upper_fh_to_d(sb, fh) :
834 		 ovl_lower_fh_to_d(sb, fh);
835 	err = PTR_ERR(dentry);
836 	if (IS_ERR(dentry) && err != -ESTALE)
837 		goto out_err;
838 
839 out:
840 	/* We may have needed to re-align OVL_FILEID_V0 */
841 	if (!IS_ERR_OR_NULL(fh) && fh != (void *)fid)
842 		kfree(fh);
843 
844 	return dentry;
845 
846 out_err:
847 	pr_warn_ratelimited("failed to decode file handle (len=%d, type=%d, flags=%x, err=%i)\n",
848 			    fh_len, fh_type, flags, err);
849 	dentry = ERR_PTR(err);
850 	goto out;
851 }
852 
853 static struct dentry *ovl_fh_to_parent(struct super_block *sb, struct fid *fid,
854 				       int fh_len, int fh_type)
855 {
856 	pr_warn_ratelimited("connectable file handles not supported; use 'no_subtree_check' exportfs option.\n");
857 	return ERR_PTR(-EACCES);
858 }
859 
860 static int ovl_get_name(struct dentry *parent, char *name,
861 			struct dentry *child)
862 {
863 	/*
864 	 * ovl_fh_to_dentry() returns connected dir overlay dentries and
865 	 * ovl_fh_to_parent() is not implemented, so we should not get here.
866 	 */
867 	WARN_ON_ONCE(1);
868 	return -EIO;
869 }
870 
871 static struct dentry *ovl_get_parent(struct dentry *dentry)
872 {
873 	/*
874 	 * ovl_fh_to_dentry() returns connected dir overlay dentries, so we
875 	 * should not get here.
876 	 */
877 	WARN_ON_ONCE(1);
878 	return ERR_PTR(-EIO);
879 }
880 
881 const struct export_operations ovl_export_operations = {
882 	.encode_fh	= ovl_encode_fh,
883 	.fh_to_dentry	= ovl_fh_to_dentry,
884 	.fh_to_parent	= ovl_fh_to_parent,
885 	.get_name	= ovl_get_name,
886 	.get_parent	= ovl_get_parent,
887 };
888 
889 /* encode_fh() encodes non-decodable file handles with nfs_export=off */
890 const struct export_operations ovl_export_fid_operations = {
891 	.encode_fh	= ovl_encode_fh,
892 };
893