1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2011 Novell Inc. 4 * Copyright (C) 2016 Red Hat, Inc. 5 */ 6 7 #include <linux/fs.h> 8 #include <linux/cred.h> 9 #include <linux/ctype.h> 10 #include <linux/namei.h> 11 #include <linux/xattr.h> 12 #include <linux/ratelimit.h> 13 #include <linux/mount.h> 14 #include <linux/exportfs.h> 15 #include "overlayfs.h" 16 17 struct ovl_lookup_data { 18 struct super_block *sb; 19 struct dentry *dentry; 20 const struct ovl_layer *layer; 21 struct qstr name; 22 bool is_dir; 23 bool opaque; 24 bool xwhiteouts; 25 bool stop; 26 bool last; 27 char *redirect; 28 char *upperredirect; 29 int metacopy; 30 /* Referring to last redirect xattr */ 31 bool absolute_redirect; 32 }; 33 34 static int ovl_check_redirect(const struct path *path, struct ovl_lookup_data *d, 35 size_t prelen, const char *post) 36 { 37 int res; 38 char *buf; 39 struct ovl_fs *ofs = OVL_FS(d->sb); 40 41 d->absolute_redirect = false; 42 buf = ovl_get_redirect_xattr(ofs, path, prelen + strlen(post)); 43 if (IS_ERR_OR_NULL(buf)) 44 return PTR_ERR(buf); 45 46 if (buf[0] == '/') { 47 d->absolute_redirect = true; 48 /* 49 * One of the ancestor path elements in an absolute path 50 * lookup in ovl_lookup_layer() could have been opaque and 51 * that will stop further lookup in lower layers (d->stop=true) 52 * But we have found an absolute redirect in descendant path 53 * element and that should force continue lookup in lower 54 * layers (reset d->stop). 55 */ 56 d->stop = false; 57 } else { 58 res = strlen(buf) + 1; 59 memmove(buf + prelen, buf, res); 60 memcpy(buf, d->name.name, prelen); 61 } 62 63 strcat(buf, post); 64 kfree(d->redirect); 65 d->redirect = buf; 66 d->name.name = d->redirect; 67 d->name.len = strlen(d->redirect); 68 69 return 0; 70 } 71 72 static int ovl_acceptable(void *ctx, struct dentry *dentry) 73 { 74 /* 75 * A non-dir origin may be disconnected, which is fine, because 76 * we only need it for its unique inode number. 77 */ 78 if (!d_is_dir(dentry)) 79 return 1; 80 81 /* Don't decode a deleted empty directory */ 82 if (d_unhashed(dentry)) 83 return 0; 84 85 /* Check if directory belongs to the layer we are decoding from */ 86 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root); 87 } 88 89 /* 90 * Check validity of an overlay file handle buffer. 91 * 92 * Return 0 for a valid file handle. 93 * Return -ENODATA for "origin unknown". 94 * Return <0 for an invalid file handle. 95 */ 96 int ovl_check_fb_len(struct ovl_fb *fb, int fb_len) 97 { 98 if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len) 99 return -EINVAL; 100 101 if (fb->magic != OVL_FH_MAGIC) 102 return -EINVAL; 103 104 /* Treat larger version and unknown flags as "origin unknown" */ 105 if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL) 106 return -ENODATA; 107 108 /* Treat endianness mismatch as "origin unknown" */ 109 if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) && 110 (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 111 return -ENODATA; 112 113 return 0; 114 } 115 116 static struct ovl_fh *ovl_get_fh(struct ovl_fs *ofs, struct dentry *upperdentry, 117 enum ovl_xattr ox) 118 { 119 int res, err; 120 struct ovl_fh *fh = NULL; 121 122 res = ovl_getxattr_upper(ofs, upperdentry, ox, NULL, 0); 123 if (res < 0) { 124 if (res == -ENODATA || res == -EOPNOTSUPP) 125 return NULL; 126 goto fail; 127 } 128 /* Zero size value means "copied up but origin unknown" */ 129 if (res == 0) 130 return NULL; 131 132 fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL); 133 if (!fh) 134 return ERR_PTR(-ENOMEM); 135 136 res = ovl_getxattr_upper(ofs, upperdentry, ox, fh->buf, res); 137 if (res < 0) 138 goto fail; 139 140 err = ovl_check_fb_len(&fh->fb, res); 141 if (err < 0) { 142 if (err == -ENODATA) 143 goto out; 144 goto invalid; 145 } 146 147 return fh; 148 149 out: 150 kfree(fh); 151 return NULL; 152 153 fail: 154 pr_warn_ratelimited("failed to get origin (%i)\n", res); 155 goto out; 156 invalid: 157 pr_warn_ratelimited("invalid origin (%*phN)\n", res, fh); 158 goto out; 159 } 160 161 struct dentry *ovl_decode_real_fh(struct ovl_fs *ofs, struct ovl_fh *fh, 162 struct vfsmount *mnt, bool connected) 163 { 164 struct dentry *real; 165 int bytes; 166 167 if (!capable(CAP_DAC_READ_SEARCH)) 168 return NULL; 169 170 /* 171 * Make sure that the stored uuid matches the uuid of the lower 172 * layer where file handle will be decoded. 173 * In case of uuid=off option just make sure that stored uuid is null. 174 */ 175 if (ovl_origin_uuid(ofs) ? 176 !uuid_equal(&fh->fb.uuid, &mnt->mnt_sb->s_uuid) : 177 !uuid_is_null(&fh->fb.uuid)) 178 return NULL; 179 180 bytes = (fh->fb.len - offsetof(struct ovl_fb, fid)); 181 real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid, 182 bytes >> 2, (int)fh->fb.type, 183 connected ? ovl_acceptable : NULL, mnt); 184 if (IS_ERR(real)) { 185 /* 186 * Treat stale file handle to lower file as "origin unknown". 187 * upper file handle could become stale when upper file is 188 * unlinked and this information is needed to handle stale 189 * index entries correctly. 190 */ 191 if (real == ERR_PTR(-ESTALE) && 192 !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER)) 193 real = NULL; 194 return real; 195 } 196 197 if (ovl_dentry_weird(real)) { 198 dput(real); 199 return NULL; 200 } 201 202 return real; 203 } 204 205 static struct dentry *ovl_lookup_positive_unlocked(struct ovl_lookup_data *d, 206 const char *name, 207 struct dentry *base, int len, 208 bool drop_negative) 209 { 210 struct dentry *ret = lookup_one_unlocked(mnt_idmap(d->layer->mnt), 211 &QSTR_LEN(name, len), base); 212 213 if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) { 214 if (drop_negative && ret->d_lockref.count == 1) { 215 spin_lock(&ret->d_lock); 216 /* Recheck condition under lock */ 217 if (d_is_negative(ret) && ret->d_lockref.count == 1) 218 __d_drop(ret); 219 spin_unlock(&ret->d_lock); 220 } 221 dput(ret); 222 ret = ERR_PTR(-ENOENT); 223 } 224 return ret; 225 } 226 227 static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 228 const char *name, unsigned int namelen, 229 size_t prelen, const char *post, 230 struct dentry **ret, bool drop_negative) 231 { 232 struct ovl_fs *ofs = OVL_FS(d->sb); 233 struct dentry *this = NULL; 234 const char *warn; 235 struct path path; 236 int err; 237 bool last_element = !post[0]; 238 bool is_upper = d->layer->idx == 0; 239 char val; 240 241 /* 242 * We allow filesystems that are case-folding capable but deny composing 243 * ovl stack from case-folded directories. If someone has enabled case 244 * folding on a directory on underlying layer, the warranty of the ovl 245 * stack is voided. 246 */ 247 if (ovl_dentry_casefolded(base)) { 248 warn = "case folded parent"; 249 err = -ESTALE; 250 goto out_warn; 251 } 252 253 this = ovl_lookup_positive_unlocked(d, name, base, namelen, drop_negative); 254 if (IS_ERR(this)) { 255 err = PTR_ERR(this); 256 this = NULL; 257 if (err == -ENOENT || err == -ENAMETOOLONG) 258 goto out; 259 goto out_err; 260 } 261 262 if (ovl_dentry_casefolded(this)) { 263 warn = "case folded child"; 264 err = -EREMOTE; 265 goto out_warn; 266 } 267 268 if (ovl_dentry_weird(this)) { 269 /* Don't support traversing automounts and other weirdness */ 270 warn = "unsupported object type"; 271 err = -EREMOTE; 272 goto out_warn; 273 } 274 275 path.dentry = this; 276 path.mnt = d->layer->mnt; 277 if (ovl_path_is_whiteout(ofs, &path)) { 278 d->stop = d->opaque = true; 279 goto put_and_out; 280 } 281 /* 282 * This dentry should be a regular file if previous layer lookup 283 * found a metacopy dentry. 284 */ 285 if (last_element && d->metacopy && !d_is_reg(this)) { 286 d->stop = true; 287 goto put_and_out; 288 } 289 290 if (!d_can_lookup(this)) { 291 if (d->is_dir || !last_element) { 292 d->stop = true; 293 goto put_and_out; 294 } 295 err = ovl_check_metacopy_xattr(ofs, &path, NULL); 296 if (err < 0) 297 goto out_err; 298 299 d->metacopy = err; 300 d->stop = !d->metacopy; 301 if (!d->metacopy || d->last) 302 goto out; 303 } else { 304 if (ovl_lookup_trap_inode(d->sb, this)) { 305 /* Caught in a trap of overlapping layers */ 306 warn = "overlapping layers"; 307 err = -ELOOP; 308 goto out_warn; 309 } 310 311 if (last_element) 312 d->is_dir = true; 313 if (d->last) 314 goto out; 315 316 /* overlay.opaque=x means xwhiteouts directory */ 317 val = ovl_get_opaquedir_val(ofs, &path); 318 if (last_element && !is_upper && val == 'x') { 319 d->xwhiteouts = true; 320 ovl_layer_set_xwhiteouts(ofs, d->layer); 321 } else if (val == 'y') { 322 d->stop = true; 323 if (last_element) 324 d->opaque = true; 325 goto out; 326 } 327 } 328 err = ovl_check_redirect(&path, d, prelen, post); 329 if (err) 330 goto out_err; 331 out: 332 *ret = this; 333 return 0; 334 335 put_and_out: 336 dput(this); 337 this = NULL; 338 goto out; 339 340 out_warn: 341 pr_warn_ratelimited("failed lookup in %s (%pd2, name='%.*s', err=%i): %s\n", 342 is_upper ? "upper" : "lower", base, 343 namelen, name, err, warn); 344 out_err: 345 dput(this); 346 return err; 347 } 348 349 static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 350 struct dentry **ret, bool drop_negative) 351 { 352 /* Counting down from the end, since the prefix can change */ 353 size_t rem = d->name.len - 1; 354 struct dentry *dentry = NULL; 355 int err; 356 357 if (d->name.name[0] != '/') 358 return ovl_lookup_single(base, d, d->name.name, d->name.len, 359 0, "", ret, drop_negative); 360 361 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 362 const char *s = d->name.name + d->name.len - rem; 363 const char *next = strchrnul(s, '/'); 364 size_t thislen = next - s; 365 bool end = !next[0]; 366 367 /* Verify we did not go off the rails */ 368 if (WARN_ON(s[-1] != '/')) 369 return -EIO; 370 371 err = ovl_lookup_single(base, d, s, thislen, 372 d->name.len - rem, next, &base, 373 drop_negative); 374 dput(dentry); 375 if (err) 376 return err; 377 dentry = base; 378 if (end) 379 break; 380 381 rem -= thislen + 1; 382 383 if (WARN_ON(rem >= d->name.len)) 384 return -EIO; 385 } 386 *ret = dentry; 387 return 0; 388 } 389 390 static int ovl_lookup_data_layer(struct dentry *dentry, const char *redirect, 391 const struct ovl_layer *layer, 392 struct path *datapath) 393 { 394 int err; 395 396 err = vfs_path_lookup(layer->mnt->mnt_root, layer->mnt, redirect, 397 LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | LOOKUP_NO_XDEV, 398 datapath); 399 pr_debug("lookup lowerdata (%pd2, redirect=\"%s\", layer=%d, err=%i)\n", 400 dentry, redirect, layer->idx, err); 401 402 if (err) 403 return err; 404 405 err = -EREMOTE; 406 if (ovl_dentry_weird(datapath->dentry)) 407 goto out_path_put; 408 409 err = -ENOENT; 410 /* Only regular file is acceptable as lower data */ 411 if (!d_is_reg(datapath->dentry)) 412 goto out_path_put; 413 414 return 0; 415 416 out_path_put: 417 path_put(datapath); 418 419 return err; 420 } 421 422 /* Lookup in data-only layers by absolute redirect to layer root */ 423 static int ovl_lookup_data_layers(struct dentry *dentry, const char *redirect, 424 struct ovl_path *lowerdata) 425 { 426 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 427 const struct ovl_layer *layer; 428 struct path datapath; 429 int err = -ENOENT; 430 int i; 431 432 layer = &ofs->layers[ofs->numlayer - ofs->numdatalayer]; 433 for (i = 0; i < ofs->numdatalayer; i++, layer++) { 434 err = ovl_lookup_data_layer(dentry, redirect, layer, &datapath); 435 if (!err) { 436 mntput(datapath.mnt); 437 lowerdata->dentry = datapath.dentry; 438 lowerdata->layer = layer; 439 return 0; 440 } 441 } 442 443 return err; 444 } 445 446 int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected, 447 struct dentry *upperdentry, struct ovl_path **stackp) 448 { 449 struct dentry *origin = NULL; 450 int i; 451 452 for (i = 1; i <= ovl_numlowerlayer(ofs); i++) { 453 /* 454 * If lower fs uuid is not unique among lower fs we cannot match 455 * fh->uuid to layer. 456 */ 457 if (ofs->layers[i].fsid && 458 ofs->layers[i].fs->bad_uuid) 459 continue; 460 461 origin = ovl_decode_real_fh(ofs, fh, ofs->layers[i].mnt, 462 connected); 463 if (origin) 464 break; 465 } 466 467 if (!origin) 468 return -ESTALE; 469 else if (IS_ERR(origin)) 470 return PTR_ERR(origin); 471 472 if (upperdentry && !ovl_upper_is_whiteout(ofs, upperdentry) && 473 inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode)) 474 goto invalid; 475 476 if (!*stackp) 477 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL); 478 if (!*stackp) { 479 dput(origin); 480 return -ENOMEM; 481 } 482 **stackp = (struct ovl_path){ 483 .dentry = origin, 484 .layer = &ofs->layers[i] 485 }; 486 487 return 0; 488 489 invalid: 490 pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n", 491 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT, 492 d_inode(origin)->i_mode & S_IFMT); 493 dput(origin); 494 return -ESTALE; 495 } 496 497 static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry, 498 struct ovl_path **stackp) 499 { 500 struct ovl_fh *fh = ovl_get_fh(ofs, upperdentry, OVL_XATTR_ORIGIN); 501 int err; 502 503 if (IS_ERR_OR_NULL(fh)) 504 return PTR_ERR(fh); 505 506 err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp); 507 kfree(fh); 508 509 if (err) { 510 if (err == -ESTALE) 511 return 0; 512 return err; 513 } 514 515 return 0; 516 } 517 518 /* 519 * Verify that @fh matches the file handle stored in xattr @name. 520 * Return 0 on match, -ESTALE on mismatch, < 0 on error. 521 */ 522 static int ovl_verify_fh(struct ovl_fs *ofs, struct dentry *dentry, 523 enum ovl_xattr ox, const struct ovl_fh *fh) 524 { 525 struct ovl_fh *ofh = ovl_get_fh(ofs, dentry, ox); 526 int err = 0; 527 528 if (!ofh) 529 return -ENODATA; 530 531 if (IS_ERR(ofh)) 532 return PTR_ERR(ofh); 533 534 if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len)) 535 err = -ESTALE; 536 537 kfree(ofh); 538 return err; 539 } 540 541 int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry, 542 enum ovl_xattr ox, const struct ovl_fh *fh, 543 bool is_upper, bool set) 544 { 545 int err; 546 547 err = ovl_verify_fh(ofs, dentry, ox, fh); 548 if (set && err == -ENODATA) 549 err = ovl_setxattr(ofs, dentry, ox, fh->buf, fh->fb.len); 550 551 return err; 552 } 553 554 /* 555 * Verify that @real dentry matches the file handle stored in xattr @name. 556 * 557 * If @set is true and there is no stored file handle, encode @real and store 558 * file handle in xattr @name. 559 * 560 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error. 561 */ 562 int ovl_verify_origin_xattr(struct ovl_fs *ofs, struct dentry *dentry, 563 enum ovl_xattr ox, struct dentry *real, 564 bool is_upper, bool set) 565 { 566 struct inode *inode; 567 struct ovl_fh *fh; 568 int err; 569 570 fh = ovl_encode_real_fh(ofs, d_inode(real), is_upper); 571 err = PTR_ERR(fh); 572 if (IS_ERR(fh)) { 573 fh = NULL; 574 goto fail; 575 } 576 577 err = ovl_verify_set_fh(ofs, dentry, ox, fh, is_upper, set); 578 if (err) 579 goto fail; 580 581 out: 582 kfree(fh); 583 return err; 584 585 fail: 586 inode = d_inode(real); 587 pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n", 588 is_upper ? "upper" : "origin", real, 589 inode ? inode->i_ino : 0, err); 590 goto out; 591 } 592 593 594 /* Get upper dentry from index */ 595 struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index, 596 bool connected) 597 { 598 struct ovl_fh *fh; 599 struct dentry *upper; 600 601 if (!d_is_dir(index)) 602 return dget(index); 603 604 fh = ovl_get_fh(ofs, index, OVL_XATTR_UPPER); 605 if (IS_ERR_OR_NULL(fh)) 606 return ERR_CAST(fh); 607 608 upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), connected); 609 kfree(fh); 610 611 if (IS_ERR_OR_NULL(upper)) 612 return upper ?: ERR_PTR(-ESTALE); 613 614 if (!d_is_dir(upper)) { 615 pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n", 616 index, upper); 617 dput(upper); 618 return ERR_PTR(-EIO); 619 } 620 621 return upper; 622 } 623 624 /* 625 * Verify that an index entry name matches the origin file handle stored in 626 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path. 627 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error. 628 */ 629 int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index) 630 { 631 struct ovl_fh *fh = NULL; 632 size_t len; 633 struct ovl_path origin = { }; 634 struct ovl_path *stack = &origin; 635 struct dentry *upper = NULL; 636 int err; 637 638 if (!d_inode(index)) 639 return 0; 640 641 err = -EINVAL; 642 if (index->d_name.len < sizeof(struct ovl_fb)*2) 643 goto fail; 644 645 err = -ENOMEM; 646 len = index->d_name.len / 2; 647 fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL); 648 if (!fh) 649 goto fail; 650 651 err = -EINVAL; 652 if (hex2bin(fh->buf, index->d_name.name, len)) 653 goto fail; 654 655 err = ovl_check_fb_len(&fh->fb, len); 656 if (err) 657 goto fail; 658 659 /* 660 * Whiteout index entries are used as an indication that an exported 661 * overlay file handle should be treated as stale (i.e. after unlink 662 * of the overlay inode). These entries contain no origin xattr. 663 */ 664 if (ovl_is_whiteout(index)) 665 goto out; 666 667 /* 668 * Verifying directory index entries are not stale is expensive, so 669 * only verify stale dir index if NFS export is enabled. 670 */ 671 if (d_is_dir(index) && !ofs->config.nfs_export) 672 goto out; 673 674 /* 675 * Directory index entries should have 'upper' xattr pointing to the 676 * real upper dir. Non-dir index entries are hardlinks to the upper 677 * real inode. For non-dir index, we can read the copy up origin xattr 678 * directly from the index dentry, but for dir index we first need to 679 * decode the upper directory. 680 */ 681 upper = ovl_index_upper(ofs, index, false); 682 if (IS_ERR_OR_NULL(upper)) { 683 err = PTR_ERR(upper); 684 /* 685 * Directory index entries with no 'upper' xattr need to be 686 * removed. When dir index entry has a stale 'upper' xattr, 687 * we assume that upper dir was removed and we treat the dir 688 * index as orphan entry that needs to be whited out. 689 */ 690 if (err == -ESTALE) 691 goto orphan; 692 else if (!err) 693 err = -ESTALE; 694 goto fail; 695 } 696 697 err = ovl_verify_fh(ofs, upper, OVL_XATTR_ORIGIN, fh); 698 dput(upper); 699 if (err) 700 goto fail; 701 702 /* Check if non-dir index is orphan and don't warn before cleaning it */ 703 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) { 704 err = ovl_check_origin_fh(ofs, fh, false, index, &stack); 705 if (err) 706 goto fail; 707 708 if (ovl_get_nlink(ofs, origin.dentry, index, 0) == 0) 709 goto orphan; 710 } 711 712 out: 713 dput(origin.dentry); 714 kfree(fh); 715 return err; 716 717 fail: 718 pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n", 719 index, d_inode(index)->i_mode & S_IFMT, err); 720 goto out; 721 722 orphan: 723 pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n", 724 index, d_inode(index)->i_mode & S_IFMT, 725 d_inode(index)->i_nlink); 726 err = -ENOENT; 727 goto out; 728 } 729 730 int ovl_get_index_name_fh(const struct ovl_fh *fh, struct qstr *name) 731 { 732 char *n, *s; 733 734 n = kcalloc(fh->fb.len, 2, GFP_KERNEL); 735 if (!n) 736 return -ENOMEM; 737 738 s = bin2hex(n, fh->buf, fh->fb.len); 739 *name = (struct qstr) QSTR_INIT(n, s - n); 740 741 return 0; 742 743 } 744 745 /* 746 * Lookup in indexdir for the index entry of a lower real inode or a copy up 747 * origin inode. The index entry name is the hex representation of the lower 748 * inode file handle. 749 * 750 * If the index dentry in negative, then either no lower aliases have been 751 * copied up yet, or aliases have been copied up in older kernels and are 752 * not indexed. 753 * 754 * If the index dentry for a copy up origin inode is positive, but points 755 * to an inode different than the upper inode, then either the upper inode 756 * has been copied up and not indexed or it was indexed, but since then 757 * index dir was cleared. Either way, that index cannot be used to identify 758 * the overlay inode. 759 */ 760 int ovl_get_index_name(struct ovl_fs *ofs, struct dentry *origin, 761 struct qstr *name) 762 { 763 struct ovl_fh *fh; 764 int err; 765 766 fh = ovl_encode_real_fh(ofs, d_inode(origin), false); 767 if (IS_ERR(fh)) 768 return PTR_ERR(fh); 769 770 err = ovl_get_index_name_fh(fh, name); 771 772 kfree(fh); 773 return err; 774 } 775 776 /* Lookup index by file handle for NFS export */ 777 struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh) 778 { 779 struct dentry *index; 780 struct qstr name; 781 int err; 782 783 err = ovl_get_index_name_fh(fh, &name); 784 if (err) 785 return ERR_PTR(err); 786 787 index = lookup_noperm_positive_unlocked(&name, ofs->workdir); 788 kfree(name.name); 789 if (IS_ERR(index)) { 790 if (PTR_ERR(index) == -ENOENT) 791 index = NULL; 792 return index; 793 } 794 795 if (ovl_is_whiteout(index)) 796 err = -ESTALE; 797 else if (ovl_dentry_weird(index)) 798 err = -EIO; 799 else 800 return index; 801 802 dput(index); 803 return ERR_PTR(err); 804 } 805 806 struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper, 807 struct dentry *origin, bool verify) 808 { 809 struct dentry *index; 810 struct inode *inode; 811 struct qstr name; 812 bool is_dir = d_is_dir(origin); 813 int err; 814 815 err = ovl_get_index_name(ofs, origin, &name); 816 if (err) 817 return ERR_PTR(err); 818 819 index = lookup_one_positive_unlocked(ovl_upper_mnt_idmap(ofs), &name, 820 ofs->workdir); 821 if (IS_ERR(index)) { 822 err = PTR_ERR(index); 823 if (err == -ENOENT) { 824 index = NULL; 825 goto out; 826 } 827 pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n" 828 "overlayfs: mount with '-o index=off' to disable inodes index.\n", 829 d_inode(origin)->i_ino, name.len, name.name, 830 err); 831 goto out; 832 } 833 834 inode = d_inode(index); 835 if (ovl_is_whiteout(index) && !verify) { 836 /* 837 * When index lookup is called with !verify for decoding an 838 * overlay file handle, a whiteout index implies that decode 839 * should treat file handle as stale and no need to print a 840 * warning about it. 841 */ 842 dput(index); 843 index = ERR_PTR(-ESTALE); 844 goto out; 845 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || 846 inode_wrong_type(inode, d_inode(origin)->i_mode)) { 847 /* 848 * Index should always be of the same file type as origin 849 * except for the case of a whiteout index. A whiteout 850 * index should only exist if all lower aliases have been 851 * unlinked, which means that finding a lower origin on lookup 852 * whose index is a whiteout should be treated as an error. 853 */ 854 pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n", 855 index, d_inode(index)->i_mode & S_IFMT, 856 d_inode(origin)->i_mode & S_IFMT); 857 goto fail; 858 } else if (is_dir && verify) { 859 if (!upper) { 860 pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n", 861 origin, index); 862 goto fail; 863 } 864 865 /* Verify that dir index 'upper' xattr points to upper dir */ 866 err = ovl_verify_upper(ofs, index, upper, false); 867 if (err) { 868 if (err == -ESTALE) { 869 pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n", 870 upper, origin, index); 871 } 872 goto fail; 873 } 874 } else if (upper && d_inode(upper) != inode) { 875 goto out_dput; 876 } 877 out: 878 kfree(name.name); 879 return index; 880 881 out_dput: 882 dput(index); 883 index = NULL; 884 goto out; 885 886 fail: 887 dput(index); 888 index = ERR_PTR(-EIO); 889 goto out; 890 } 891 892 /* 893 * Returns next layer in stack starting from top. 894 * Returns -1 if this is the last layer. 895 */ 896 int ovl_path_next(int idx, struct dentry *dentry, struct path *path, 897 const struct ovl_layer **layer) 898 { 899 struct ovl_entry *oe = OVL_E(dentry); 900 struct ovl_path *lowerstack = ovl_lowerstack(oe); 901 902 BUG_ON(idx < 0); 903 if (idx == 0) { 904 ovl_path_upper(dentry, path); 905 if (path->dentry) { 906 *layer = &OVL_FS(dentry->d_sb)->layers[0]; 907 return ovl_numlower(oe) ? 1 : -1; 908 } 909 idx++; 910 } 911 BUG_ON(idx > ovl_numlower(oe)); 912 path->dentry = lowerstack[idx - 1].dentry; 913 *layer = lowerstack[idx - 1].layer; 914 path->mnt = (*layer)->mnt; 915 916 return (idx < ovl_numlower(oe)) ? idx + 1 : -1; 917 } 918 919 /* Fix missing 'origin' xattr */ 920 static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry, 921 struct dentry *lower, struct dentry *upper) 922 { 923 const struct ovl_fh *fh; 924 int err; 925 926 if (ovl_check_origin_xattr(ofs, upper)) 927 return 0; 928 929 fh = ovl_get_origin_fh(ofs, lower); 930 if (IS_ERR(fh)) 931 return PTR_ERR(fh); 932 933 err = ovl_want_write(dentry); 934 if (err) 935 goto out; 936 937 err = ovl_set_origin_fh(ofs, fh, upper); 938 if (!err) 939 err = ovl_set_impure(dentry->d_parent, upper->d_parent); 940 941 ovl_drop_write(dentry); 942 out: 943 kfree(fh); 944 return err; 945 } 946 947 static int ovl_maybe_validate_verity(struct dentry *dentry) 948 { 949 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 950 struct inode *inode = d_inode(dentry); 951 struct path datapath, metapath; 952 int err; 953 954 if (!ofs->config.verity_mode || 955 !ovl_is_metacopy_dentry(dentry) || 956 ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) 957 return 0; 958 959 if (!ovl_test_flag(OVL_HAS_DIGEST, inode)) { 960 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) { 961 pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n", 962 dentry); 963 return -EIO; 964 } 965 return 0; 966 } 967 968 ovl_path_lowerdata(dentry, &datapath); 969 if (!datapath.dentry) 970 return -EIO; 971 972 ovl_path_real(dentry, &metapath); 973 if (!metapath.dentry) 974 return -EIO; 975 976 err = ovl_inode_lock_interruptible(inode); 977 if (err) 978 return err; 979 980 if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) { 981 const struct cred *old_cred; 982 983 old_cred = ovl_override_creds(dentry->d_sb); 984 985 err = ovl_validate_verity(ofs, &metapath, &datapath); 986 if (err == 0) 987 ovl_set_flag(OVL_VERIFIED_DIGEST, inode); 988 989 ovl_revert_creds(old_cred); 990 } 991 992 ovl_inode_unlock(inode); 993 994 return err; 995 } 996 997 /* Lazy lookup of lowerdata */ 998 static int ovl_maybe_lookup_lowerdata(struct dentry *dentry) 999 { 1000 struct inode *inode = d_inode(dentry); 1001 const char *redirect = ovl_lowerdata_redirect(inode); 1002 struct ovl_path datapath = {}; 1003 const struct cred *old_cred; 1004 int err; 1005 1006 if (!redirect || ovl_dentry_lowerdata(dentry)) 1007 return 0; 1008 1009 if (redirect[0] != '/') 1010 return -EIO; 1011 1012 err = ovl_inode_lock_interruptible(inode); 1013 if (err) 1014 return err; 1015 1016 err = 0; 1017 /* Someone got here before us? */ 1018 if (ovl_dentry_lowerdata(dentry)) 1019 goto out; 1020 1021 old_cred = ovl_override_creds(dentry->d_sb); 1022 err = ovl_lookup_data_layers(dentry, redirect, &datapath); 1023 ovl_revert_creds(old_cred); 1024 if (err) 1025 goto out_err; 1026 1027 err = ovl_dentry_set_lowerdata(dentry, &datapath); 1028 if (err) 1029 goto out_err; 1030 1031 out: 1032 ovl_inode_unlock(inode); 1033 dput(datapath.dentry); 1034 1035 return err; 1036 1037 out_err: 1038 pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n", 1039 dentry, err); 1040 goto out; 1041 } 1042 1043 int ovl_verify_lowerdata(struct dentry *dentry) 1044 { 1045 int err; 1046 1047 err = ovl_maybe_lookup_lowerdata(dentry); 1048 if (err) 1049 return err; 1050 1051 return ovl_maybe_validate_verity(dentry); 1052 } 1053 1054 /* 1055 * Following redirects/metacopy can have security consequences: it's like a 1056 * symlink into the lower layer without the permission checks. 1057 * 1058 * This is only a problem if the upper layer is untrusted (e.g comes from an USB 1059 * drive). This can allow a non-readable file or directory to become readable. 1060 * 1061 * Only following redirects when redirects are enabled disables this attack 1062 * vector when not necessary. 1063 */ 1064 static bool ovl_check_follow_redirect(struct ovl_lookup_data *d) 1065 { 1066 struct ovl_fs *ofs = OVL_FS(d->sb); 1067 1068 if (d->metacopy && !ofs->config.metacopy) { 1069 pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", d->dentry); 1070 return false; 1071 } 1072 if ((d->redirect || d->upperredirect) && !ovl_redirect_follow(ofs)) { 1073 pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", d->dentry); 1074 return false; 1075 } 1076 return true; 1077 } 1078 1079 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 1080 unsigned int flags) 1081 { 1082 struct ovl_entry *oe = NULL; 1083 const struct cred *old_cred; 1084 struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 1085 struct ovl_entry *poe = OVL_E(dentry->d_parent); 1086 struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root); 1087 struct ovl_path *stack = NULL, *origin_path = NULL; 1088 struct dentry *upperdir, *upperdentry = NULL; 1089 struct dentry *origin = NULL; 1090 struct dentry *index = NULL; 1091 unsigned int ctr = 0; 1092 struct inode *inode = NULL; 1093 bool upperopaque = false; 1094 bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer); 1095 struct dentry *this; 1096 unsigned int i; 1097 int err; 1098 bool uppermetacopy = false; 1099 int metacopy_size = 0; 1100 struct ovl_lookup_data d = { 1101 .sb = dentry->d_sb, 1102 .dentry = dentry, 1103 .name = dentry->d_name, 1104 .is_dir = false, 1105 .opaque = false, 1106 .stop = false, 1107 .last = check_redirect ? false : !ovl_numlower(poe), 1108 .redirect = NULL, 1109 .upperredirect = NULL, 1110 .metacopy = 0, 1111 }; 1112 1113 if (dentry->d_name.len > ofs->namelen) 1114 return ERR_PTR(-ENAMETOOLONG); 1115 1116 old_cred = ovl_override_creds(dentry->d_sb); 1117 upperdir = ovl_dentry_upper(dentry->d_parent); 1118 if (upperdir) { 1119 d.layer = &ofs->layers[0]; 1120 err = ovl_lookup_layer(upperdir, &d, &upperdentry, true); 1121 if (err) 1122 goto out; 1123 1124 if (upperdentry && upperdentry->d_flags & DCACHE_OP_REAL) { 1125 dput(upperdentry); 1126 err = -EREMOTE; 1127 goto out; 1128 } 1129 if (upperdentry && !d.is_dir) { 1130 /* 1131 * Lookup copy up origin by decoding origin file handle. 1132 * We may get a disconnected dentry, which is fine, 1133 * because we only need to hold the origin inode in 1134 * cache and use its inode number. We may even get a 1135 * connected dentry, that is not under any of the lower 1136 * layers root. That is also fine for using it's inode 1137 * number - it's the same as if we held a reference 1138 * to a dentry in lower layer that was moved under us. 1139 */ 1140 err = ovl_check_origin(ofs, upperdentry, &origin_path); 1141 if (err) 1142 goto out_put_upper; 1143 1144 if (d.metacopy) 1145 uppermetacopy = true; 1146 metacopy_size = d.metacopy; 1147 } 1148 1149 if (d.redirect) { 1150 err = -ENOMEM; 1151 d.upperredirect = kstrdup(d.redirect, GFP_KERNEL); 1152 if (!d.upperredirect) 1153 goto out_put_upper; 1154 if (d.redirect[0] == '/') 1155 poe = roe; 1156 } 1157 upperopaque = d.opaque; 1158 } 1159 1160 if (!d.stop && ovl_numlower(poe)) { 1161 err = -ENOMEM; 1162 stack = ovl_stack_alloc(ofs->numlayer - 1); 1163 if (!stack) 1164 goto out_put_upper; 1165 } 1166 1167 for (i = 0; !d.stop && i < ovl_numlower(poe); i++) { 1168 struct ovl_path lower = ovl_lowerstack(poe)[i]; 1169 1170 if (!ovl_check_follow_redirect(&d)) { 1171 err = -EPERM; 1172 goto out_put; 1173 } 1174 1175 if (!check_redirect) 1176 d.last = i == ovl_numlower(poe) - 1; 1177 else if (d.is_dir || !ofs->numdatalayer) 1178 d.last = lower.layer->idx == ovl_numlower(roe); 1179 1180 d.layer = lower.layer; 1181 err = ovl_lookup_layer(lower.dentry, &d, &this, false); 1182 if (err) 1183 goto out_put; 1184 1185 if (!this) 1186 continue; 1187 1188 /* 1189 * If no origin fh is stored in upper of a merge dir, store fh 1190 * of lower dir and set upper parent "impure". 1191 */ 1192 if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) { 1193 err = ovl_fix_origin(ofs, dentry, this, upperdentry); 1194 if (err) { 1195 dput(this); 1196 goto out_put; 1197 } 1198 } 1199 1200 /* 1201 * When "verify_lower" feature is enabled, do not merge with a 1202 * lower dir that does not match a stored origin xattr. In any 1203 * case, only verified origin is used for index lookup. 1204 * 1205 * For non-dir dentry, if index=on, then ensure origin 1206 * matches the dentry found using path based lookup, 1207 * otherwise error out. 1208 */ 1209 if (upperdentry && !ctr && 1210 ((d.is_dir && ovl_verify_lower(dentry->d_sb)) || 1211 (!d.is_dir && ofs->config.index && origin_path))) { 1212 err = ovl_verify_origin(ofs, upperdentry, this, false); 1213 if (err) { 1214 dput(this); 1215 if (d.is_dir) 1216 break; 1217 goto out_put; 1218 } 1219 origin = this; 1220 } 1221 1222 if (!upperdentry && !d.is_dir && !ctr && d.metacopy) 1223 metacopy_size = d.metacopy; 1224 1225 if (d.metacopy && ctr) { 1226 /* 1227 * Do not store intermediate metacopy dentries in 1228 * lower chain, except top most lower metacopy dentry. 1229 * Continue the loop so that if there is an absolute 1230 * redirect on this dentry, poe can be reset to roe. 1231 */ 1232 dput(this); 1233 this = NULL; 1234 } else { 1235 stack[ctr].dentry = this; 1236 stack[ctr].layer = lower.layer; 1237 ctr++; 1238 } 1239 1240 if (d.stop) 1241 break; 1242 1243 if (d.redirect && d.redirect[0] == '/' && poe != roe) { 1244 poe = roe; 1245 /* Find the current layer on the root dentry */ 1246 i = lower.layer->idx - 1; 1247 } 1248 } 1249 1250 /* 1251 * Defer lookup of lowerdata in data-only layers to first access. 1252 * Don't require redirect=follow and metacopy=on in this case. 1253 */ 1254 if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) { 1255 d.metacopy = 0; 1256 ctr++; 1257 } else if (!ovl_check_follow_redirect(&d)) { 1258 err = -EPERM; 1259 goto out_put; 1260 } 1261 1262 /* 1263 * For regular non-metacopy upper dentries, there is no lower 1264 * path based lookup, hence ctr will be zero. If a dentry is found 1265 * using ORIGIN xattr on upper, install it in stack. 1266 * 1267 * For metacopy dentry, path based lookup will find lower dentries. 1268 * Just make sure a corresponding data dentry has been found. 1269 */ 1270 if (d.metacopy || (uppermetacopy && !ctr)) { 1271 pr_warn_ratelimited("metacopy with no lower data found - abort lookup (%pd2)\n", 1272 dentry); 1273 err = -EIO; 1274 goto out_put; 1275 } else if (!d.is_dir && upperdentry && !ctr && origin_path) { 1276 if (WARN_ON(stack != NULL)) { 1277 err = -EIO; 1278 goto out_put; 1279 } 1280 stack = origin_path; 1281 ctr = 1; 1282 origin = origin_path->dentry; 1283 origin_path = NULL; 1284 } 1285 1286 /* 1287 * Always lookup index if there is no-upperdentry. 1288 * 1289 * For the case of upperdentry, we have set origin by now if it 1290 * needed to be set. There are basically three cases. 1291 * 1292 * For directories, lookup index by lower inode and verify it matches 1293 * upper inode. We only trust dir index if we verified that lower dir 1294 * matches origin, otherwise dir index entries may be inconsistent 1295 * and we ignore them. 1296 * 1297 * For regular upper, we already set origin if upper had ORIGIN 1298 * xattr. There is no verification though as there is no path 1299 * based dentry lookup in lower in this case. 1300 * 1301 * For metacopy upper, we set a verified origin already if index 1302 * is enabled and if upper had an ORIGIN xattr. 1303 * 1304 */ 1305 if (!upperdentry && ctr) 1306 origin = stack[0].dentry; 1307 1308 if (origin && ovl_indexdir(dentry->d_sb) && 1309 (!d.is_dir || ovl_index_all(dentry->d_sb))) { 1310 index = ovl_lookup_index(ofs, upperdentry, origin, true); 1311 if (IS_ERR(index)) { 1312 err = PTR_ERR(index); 1313 index = NULL; 1314 goto out_put; 1315 } 1316 } 1317 1318 if (ctr) { 1319 oe = ovl_alloc_entry(ctr); 1320 err = -ENOMEM; 1321 if (!oe) 1322 goto out_put; 1323 1324 ovl_stack_cpy(ovl_lowerstack(oe), stack, ctr); 1325 } 1326 1327 if (upperopaque) 1328 ovl_dentry_set_opaque(dentry); 1329 if (d.xwhiteouts) 1330 ovl_dentry_set_xwhiteouts(dentry); 1331 1332 if (upperdentry) 1333 ovl_dentry_set_upper_alias(dentry); 1334 else if (index) { 1335 struct path upperpath = { 1336 .dentry = upperdentry = dget(index), 1337 .mnt = ovl_upper_mnt(ofs), 1338 }; 1339 1340 /* 1341 * It's safe to assign upperredirect here: the previous 1342 * assignment happens only if upperdentry is non-NULL, and 1343 * this one only if upperdentry is NULL. 1344 */ 1345 d.upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0); 1346 if (IS_ERR(d.upperredirect)) { 1347 err = PTR_ERR(d.upperredirect); 1348 d.upperredirect = NULL; 1349 goto out_free_oe; 1350 } 1351 1352 err = ovl_check_metacopy_xattr(ofs, &upperpath, NULL); 1353 if (err < 0) 1354 goto out_free_oe; 1355 d.metacopy = uppermetacopy = err; 1356 metacopy_size = err; 1357 1358 if (!ovl_check_follow_redirect(&d)) { 1359 err = -EPERM; 1360 goto out_free_oe; 1361 } 1362 } 1363 1364 if (upperdentry || ctr) { 1365 struct ovl_inode_params oip = { 1366 .upperdentry = upperdentry, 1367 .oe = oe, 1368 .index = index, 1369 .redirect = d.upperredirect, 1370 }; 1371 1372 /* Store lowerdata redirect for lazy lookup */ 1373 if (ctr > 1 && !d.is_dir && !stack[ctr - 1].dentry) { 1374 oip.lowerdata_redirect = d.redirect; 1375 d.redirect = NULL; 1376 } 1377 inode = ovl_get_inode(dentry->d_sb, &oip); 1378 err = PTR_ERR(inode); 1379 if (IS_ERR(inode)) 1380 goto out_free_oe; 1381 if (upperdentry && !uppermetacopy) 1382 ovl_set_flag(OVL_UPPERDATA, inode); 1383 1384 if (metacopy_size > OVL_METACOPY_MIN_SIZE) 1385 ovl_set_flag(OVL_HAS_DIGEST, inode); 1386 } 1387 1388 ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode)); 1389 1390 ovl_revert_creds(old_cred); 1391 if (origin_path) { 1392 dput(origin_path->dentry); 1393 kfree(origin_path); 1394 } 1395 dput(index); 1396 ovl_stack_free(stack, ctr); 1397 kfree(d.redirect); 1398 return d_splice_alias(inode, dentry); 1399 1400 out_free_oe: 1401 ovl_free_entry(oe); 1402 out_put: 1403 dput(index); 1404 ovl_stack_free(stack, ctr); 1405 out_put_upper: 1406 if (origin_path) { 1407 dput(origin_path->dentry); 1408 kfree(origin_path); 1409 } 1410 dput(upperdentry); 1411 kfree(d.upperredirect); 1412 out: 1413 kfree(d.redirect); 1414 ovl_revert_creds(old_cred); 1415 return ERR_PTR(err); 1416 } 1417 1418 bool ovl_lower_positive(struct dentry *dentry) 1419 { 1420 struct ovl_entry *poe = OVL_E(dentry->d_parent); 1421 const struct qstr *name = &dentry->d_name; 1422 const struct cred *old_cred; 1423 unsigned int i; 1424 bool positive = false; 1425 bool done = false; 1426 1427 /* 1428 * If dentry is negative, then lower is positive iff this is a 1429 * whiteout. 1430 */ 1431 if (!dentry->d_inode) 1432 return ovl_dentry_is_opaque(dentry); 1433 1434 /* Negative upper -> positive lower */ 1435 if (!ovl_dentry_upper(dentry)) 1436 return true; 1437 1438 old_cred = ovl_override_creds(dentry->d_sb); 1439 /* Positive upper -> have to look up lower to see whether it exists */ 1440 for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) { 1441 struct dentry *this; 1442 struct ovl_path *parentpath = &ovl_lowerstack(poe)[i]; 1443 1444 /* 1445 * We need to make a non-const copy of dentry->d_name, 1446 * because lookup_one_positive_unlocked() will hash name 1447 * with parentpath base, which is on another (lower fs). 1448 */ 1449 this = lookup_one_positive_unlocked( 1450 mnt_idmap(parentpath->layer->mnt), 1451 &QSTR_LEN(name->name, name->len), 1452 parentpath->dentry); 1453 if (IS_ERR(this)) { 1454 switch (PTR_ERR(this)) { 1455 case -ENOENT: 1456 case -ENAMETOOLONG: 1457 break; 1458 1459 default: 1460 /* 1461 * Assume something is there, we just couldn't 1462 * access it. 1463 */ 1464 positive = true; 1465 break; 1466 } 1467 } else { 1468 struct path path = { 1469 .dentry = this, 1470 .mnt = parentpath->layer->mnt, 1471 }; 1472 positive = !ovl_path_is_whiteout(OVL_FS(dentry->d_sb), &path); 1473 done = true; 1474 dput(this); 1475 } 1476 } 1477 ovl_revert_creds(old_cred); 1478 1479 return positive; 1480 } 1481