Blame - fs/overlayfs/namei.c - SHIFTPHONES/mainline/linux

blob: c5449efd96d5e67e4024b50b569925f7e7acfa49 [file] [log] [blame]

Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1	/*
				2	* Copyright (C) 2011 Novell Inc.
				3	* Copyright (C) 2016 Red Hat, Inc.
				4	*
				5	* This program is free software; you can redistribute it and/or modify it
				6	* under the terms of the GNU General Public License version 2 as published by
				7	* the Free Software Foundation.
				8	*/
				9
				10	#include <linux/fs.h>
Ingo Molnar	5b825c3	2017-02-02 17:54:15 +0100	[diff] [blame]	11	#include <linux/cred.h>
Amir Goldstein	9ee60ce	2017-11-01 10:13:51 +0200	[diff] [blame]	12	#include <linux/ctype.h>
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	13	#include <linux/namei.h>
				14	#include <linux/xattr.h>
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	15	#include <linux/ratelimit.h>
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	16	#include <linux/mount.h>
				17	#include <linux/exportfs.h>
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	18	#include "overlayfs.h"
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	19
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	20	struct ovl_lookup_data {
				21	struct qstr name;
				22	bool is_dir;
				23	bool opaque;
				24	bool stop;
				25	bool last;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	26	char *redirect;
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	27	};
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	28
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	29	static int ovl_check_redirect(struct dentry dentry, struct ovl_lookup_data d,
				30	size_t prelen, const char *post)
				31	{
				32	int res;
				33	char s, next, *buf = NULL;
				34
				35	res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0);
				36	if (res < 0) {
				37	if (res == -ENODATA \|\| res == -EOPNOTSUPP)
				38	return 0;
				39	goto fail;
				40	}
Michal Hocko	0ee931c	2017-09-13 16:28:29 -0700	[diff] [blame]	41	buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL);
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	42	if (!buf)
				43	return -ENOMEM;
				44
				45	if (res == 0)
				46	goto invalid;
				47
				48	res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res);
				49	if (res < 0)
				50	goto fail;
				51	if (res == 0)
				52	goto invalid;
				53	if (buf[0] == '/') {
				54	for (s = buf; *s++ == '/'; s = next) {
				55	next = strchrnul(s, '/');
				56	if (s == next)
				57	goto invalid;
				58	}
				59	} else {
				60	if (strchr(buf, '/') != NULL)
				61	goto invalid;
				62
				63	memmove(buf + prelen, buf, res);
				64	memcpy(buf, d->name.name, prelen);
				65	}
				66
				67	strcat(buf, post);
				68	kfree(d->redirect);
				69	d->redirect = buf;
				70	d->name.name = d->redirect;
				71	d->name.len = strlen(d->redirect);
				72
				73	return 0;
				74
				75	err_free:
				76	kfree(buf);
				77	return 0;
				78	fail:
				79	pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res);
				80	goto err_free;
				81	invalid:
				82	pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
				83	goto err_free;
				84	}
				85
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	86	static int ovl_acceptable(void ctx, struct dentry dentry)
				87	{
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	88	/*
				89	* A non-dir origin may be disconnected, which is fine, because
				90	* we only need it for its unique inode number.
				91	*/
				92	if (!d_is_dir(dentry))
				93	return 1;
				94
				95	/* Don't decode a deleted empty directory */
				96	if (d_unhashed(dentry))
				97	return 0;
				98
				99	/* Check if directory belongs to the layer we are decoding from */
				100	return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	101	}
				102
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	103	/*
				104	* Check validity of an overlay file handle buffer.
				105	*
				106	* Return 0 for a valid file handle.
				107	* Return -ENODATA for "origin unknown".
				108	* Return <0 for an invalid file handle.
				109	*/
Amir Goldstein	8556a42	2018-01-19 01:03:23 +0200	[diff] [blame]	110	int ovl_check_fh_len(struct ovl_fh *fh, int fh_len)
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	111	{
				112	if (fh_len < sizeof(struct ovl_fh) \|\| fh_len < fh->len)
				113	return -EINVAL;
				114
				115	if (fh->magic != OVL_FH_MAGIC)
				116	return -EINVAL;
				117
				118	/* Treat larger version and unknown flags as "origin unknown" */
				119	if (fh->version > OVL_FH_VERSION \|\| fh->flags & ~OVL_FH_FLAG_ALL)
				120	return -ENODATA;
				121
				122	/* Treat endianness mismatch as "origin unknown" */
				123	if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
				124	(fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
				125	return -ENODATA;
				126
				127	return 0;
				128	}
				129
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	130	static struct ovl_fh ovl_get_fh(struct dentry dentry, const char *name)
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	131	{
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	132	int res, err;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	133	struct ovl_fh *fh = NULL;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	134
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	135	res = vfs_getxattr(dentry, name, NULL, 0);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	136	if (res < 0) {
				137	if (res == -ENODATA \|\| res == -EOPNOTSUPP)
				138	return NULL;
				139	goto fail;
				140	}
				141	/* Zero size value means "copied up but origin unknown" */
				142	if (res == 0)
				143	return NULL;
				144
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	145	fh = kzalloc(res, GFP_KERNEL);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	146	if (!fh)
				147	return ERR_PTR(-ENOMEM);
				148
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	149	res = vfs_getxattr(dentry, name, fh, res);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	150	if (res < 0)
				151	goto fail;
				152
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	153	err = ovl_check_fh_len(fh, res);
				154	if (err < 0) {
				155	if (err == -ENODATA)
				156	goto out;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	157	goto invalid;
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	158	}
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	159
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	160	return fh;
				161
				162	out:
				163	kfree(fh);
				164	return NULL;
				165
				166	fail:
				167	pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res);
				168	goto out;
				169	invalid:
				170	pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
				171	goto out;
				172	}
				173
Amir Goldstein	8556a42	2018-01-19 01:03:23 +0200	[diff] [blame]	174	struct dentry ovl_decode_fh(struct ovl_fh fh, struct vfsmount *mnt)
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	175	{
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	176	struct dentry *real;
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	177	int bytes;
				178
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	179	/*
				180	* Make sure that the stored uuid matches the uuid of the lower
				181	* layer where file handle will be decoded.
				182	*/
Christoph Hellwig	8578709	2017-05-10 15:06:33 +0200	[diff] [blame]	183	if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	184	return NULL;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	185
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	186	bytes = (fh->len - offsetof(struct ovl_fh, fid));
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	187	real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
				188	bytes >> 2, (int)fh->type,
				189	ovl_acceptable, mnt);
				190	if (IS_ERR(real)) {
				191	/*
				192	* Treat stale file handle to lower file as "origin unknown".
				193	* upper file handle could become stale when upper file is
				194	* unlinked and this information is needed to handle stale
				195	* index entries correctly.
				196	*/
				197	if (real == ERR_PTR(-ESTALE) &&
				198	!(fh->flags & OVL_FH_FLAG_PATH_UPPER))
				199	real = NULL;
				200	return real;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	201	}
				202
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	203	if (ovl_dentry_weird(real)) {
				204	dput(real);
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	205	return NULL;
				206	}
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	207
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	208	return real;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	209	}
				210
Amir Goldstein	ee1d6d37	2017-05-11 16:42:26 +0300	[diff] [blame]	211	static bool ovl_is_opaquedir(struct dentry *dentry)
				212	{
				213	return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
				214	}
				215
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	216	static int ovl_lookup_single(struct dentry base, struct ovl_lookup_data d,
				217	const char *name, unsigned int namelen,
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	218	size_t prelen, const char *post,
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	219	struct dentry **ret)
				220	{
				221	struct dentry *this;
				222	int err;
				223
				224	this = lookup_one_len_unlocked(name, base, namelen);
				225	if (IS_ERR(this)) {
				226	err = PTR_ERR(this);
				227	this = NULL;
				228	if (err == -ENOENT \|\| err == -ENAMETOOLONG)
				229	goto out;
				230	goto out_err;
				231	}
				232	if (!this->d_inode)
				233	goto put_and_out;
				234
				235	if (ovl_dentry_weird(this)) {
				236	/* Don't support traversing automounts and other weirdness */
				237	err = -EREMOTE;
				238	goto out_err;
				239	}
				240	if (ovl_is_whiteout(this)) {
				241	d->stop = d->opaque = true;
				242	goto put_and_out;
				243	}
				244	if (!d_can_lookup(this)) {
				245	d->stop = true;
				246	if (d->is_dir)
				247	goto put_and_out;
				248	goto out;
				249	}
				250	d->is_dir = true;
				251	if (!d->last && ovl_is_opaquedir(this)) {
				252	d->stop = d->opaque = true;
				253	goto out;
				254	}
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	255	err = ovl_check_redirect(this, d, prelen, post);
				256	if (err)
				257	goto out_err;
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	258	out:
				259	*ret = this;
				260	return 0;
				261
				262	put_and_out:
				263	dput(this);
				264	this = NULL;
				265	goto out;
				266
				267	out_err:
				268	dput(this);
				269	return err;
				270	}
				271
				272	static int ovl_lookup_layer(struct dentry base, struct ovl_lookup_data d,
				273	struct dentry **ret)
				274	{
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	275	/* Counting down from the end, since the prefix can change */
				276	size_t rem = d->name.len - 1;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	277	struct dentry *dentry = NULL;
				278	int err;
				279
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	280	if (d->name.name[0] != '/')
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	281	return ovl_lookup_single(base, d, d->name.name, d->name.len,
				282	0, "", ret);
				283
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	284	while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
				285	const char *s = d->name.name + d->name.len - rem;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	286	const char *next = strchrnul(s, '/');
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	287	size_t thislen = next - s;
				288	bool end = !next[0];
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	289
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	290	/* Verify we did not go off the rails */
				291	if (WARN_ON(s[-1] != '/'))
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	292	return -EIO;
				293
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	294	err = ovl_lookup_single(base, d, s, thislen,
				295	d->name.len - rem, next, &base);
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	296	dput(dentry);
				297	if (err)
				298	return err;
				299	dentry = base;
Amir Goldstein	4c7d0c9	2017-01-18 15:19:54 +0100	[diff] [blame]	300	if (end)
				301	break;
				302
				303	rem -= thislen + 1;
				304
				305	if (WARN_ON(rem >= d->name.len))
				306	return -EIO;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	307	}
				308	*ret = dentry;
				309	return 0;
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	310	}
				311
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	312
Amir Goldstein	f941866	2018-01-19 21:33:44 +0200	[diff] [blame]	313	int ovl_check_origin_fh(struct ovl_fs ofs, struct ovl_fh fh,
				314	struct dentry upperdentry, struct ovl_path *stackp)
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	315	{
Amir Goldstein	f7d3dac	2017-06-21 15:28:34 +0300	[diff] [blame]	316	struct dentry *origin = NULL;
				317	int i;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	318
Amir Goldstein	1eff1a1	2017-12-12 22:40:46 +0200	[diff] [blame]	319	for (i = 0; i < ofs->numlower; i++) {
				320	origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt);
Amir Goldstein	f7d3dac	2017-06-21 15:28:34 +0300	[diff] [blame]	321	if (origin)
				322	break;
				323	}
				324
				325	if (!origin)
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	326	return -ESTALE;
				327	else if (IS_ERR(origin))
				328	return PTR_ERR(origin);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	329
Amir Goldstein	f941866	2018-01-19 21:33:44 +0200	[diff] [blame]	330	if (upperdentry && !ovl_is_whiteout(upperdentry) &&
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	331	((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT))
				332	goto invalid;
				333
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	334	if (!*stackp)
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	335	*stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	336	if (!*stackp) {
				337	dput(origin);
				338	return -ENOMEM;
				339	}
Amir Goldstein	1eff1a1	2017-12-12 22:40:46 +0200	[diff] [blame]	340	**stackp = (struct ovl_path){
				341	.dentry = origin,
				342	.layer = &ofs->lower_layers[i]
				343	};
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	344
				345	return 0;
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	346
				347	invalid:
				348	pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
				349	upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
				350	d_inode(origin)->i_mode & S_IFMT);
				351	dput(origin);
				352	return -EIO;
				353	}
				354
Amir Goldstein	1eff1a1	2017-12-12 22:40:46 +0200	[diff] [blame]	355	static int ovl_check_origin(struct ovl_fs ofs, struct dentry upperdentry,
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	356	struct ovl_path *stackp, unsigned int ctrp)
				357	{
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	358	struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN);
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	359	int err;
				360
				361	if (IS_ERR_OR_NULL(fh))
				362	return PTR_ERR(fh);
				363
Amir Goldstein	1eff1a1	2017-12-12 22:40:46 +0200	[diff] [blame]	364	err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp);
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	365	kfree(fh);
				366
				367	if (err) {
				368	if (err == -ESTALE)
				369	return 0;
				370	return err;
				371	}
				372
				373	if (WARN_ON(*ctrp))
				374	return -EIO;
				375
				376	*ctrp = 1;
				377	return 0;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	378	}
				379
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	380	/*
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	381	* Verify that @fh matches the file handle stored in xattr @name.
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	382	* Return 0 on match, -ESTALE on mismatch, < 0 on error.
				383	*/
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	384	static int ovl_verify_fh(struct dentry dentry, const char name,
				385	const struct ovl_fh *fh)
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	386	{
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	387	struct ovl_fh *ofh = ovl_get_fh(dentry, name);
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	388	int err = 0;
				389
				390	if (!ofh)
				391	return -ENODATA;
				392
				393	if (IS_ERR(ofh))
				394	return PTR_ERR(ofh);
				395
				396	if (fh->len != ofh->len \|\| memcmp(fh, ofh, fh->len))
				397	err = -ESTALE;
				398
				399	kfree(ofh);
				400	return err;
				401	}
				402
				403	/*
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	404	* Verify that @real dentry matches the file handle stored in xattr @name.
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	405	*
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	406	* If @set is true and there is no stored file handle, encode @real and store
				407	* file handle in xattr @name.
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	408	*
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	409	* Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	410	*/
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	411	int ovl_verify_set_fh(struct dentry dentry, const char name,
				412	struct dentry *real, bool is_upper, bool set)
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	413	{
				414	struct inode *inode;
				415	struct ovl_fh *fh;
				416	int err;
				417
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	418	fh = ovl_encode_fh(real, is_upper);
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	419	err = PTR_ERR(fh);
				420	if (IS_ERR(fh))
				421	goto fail;
				422
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	423	err = ovl_verify_fh(dentry, name, fh);
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	424	if (set && err == -ENODATA)
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	425	err = ovl_do_setxattr(dentry, name, fh, fh->len, 0);
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	426	if (err)
				427	goto fail;
				428
				429	out:
				430	kfree(fh);
				431	return err;
				432
				433	fail:
Amir Goldstein	0512244	2018-01-11 08:25:32 +0200	[diff] [blame]	434	inode = d_inode(real);
				435	pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n",
				436	is_upper ? "upper" : "origin", real,
				437	inode ? inode->i_ino : 0, err);
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	438	goto out;
				439	}
				440
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	441	/* Get upper dentry from index */
Amir Goldstein	3b0bfc6	2017-12-24 18:42:16 +0200	[diff] [blame]	442	struct dentry ovl_index_upper(struct ovl_fs ofs, struct dentry *index)
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	443	{
				444	struct ovl_fh *fh;
				445	struct dentry *upper;
				446
				447	if (!d_is_dir(index))
				448	return dget(index);
				449
				450	fh = ovl_get_fh(index, OVL_XATTR_UPPER);
				451	if (IS_ERR_OR_NULL(fh))
				452	return ERR_CAST(fh);
				453
				454	upper = ovl_decode_fh(fh, ofs->upper_mnt);
				455	kfree(fh);
				456
				457	if (IS_ERR_OR_NULL(upper))
				458	return upper ?: ERR_PTR(-ESTALE);
				459
				460	if (!d_is_dir(upper)) {
				461	pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n",
				462	index, upper);
				463	dput(upper);
				464	return ERR_PTR(-EIO);
				465	}
				466
				467	return upper;
				468	}
				469
Amir Goldstein	9ee60ce	2017-11-01 10:13:51 +0200	[diff] [blame]	470	/* Is this a leftover from create/whiteout of directory index entry? */
				471	static bool ovl_is_temp_index(struct dentry *index)
				472	{
				473	return index->d_name.name[0] == '#';
				474	}
				475
Amir Goldstein	8b88a2e	2017-06-21 15:28:37 +0300	[diff] [blame]	476	/*
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	477	* Verify that an index entry name matches the origin file handle stored in
				478	* OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
				479	* Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
				480	*/
Amir Goldstein	1eff1a1	2017-12-12 22:40:46 +0200	[diff] [blame]	481	int ovl_verify_index(struct ovl_fs ofs, struct dentry index)
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	482	{
				483	struct ovl_fh *fh = NULL;
				484	size_t len;
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	485	struct ovl_path origin = { };
				486	struct ovl_path *stack = &origin;
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	487	struct dentry *upper = NULL;
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	488	int err;
				489
				490	if (!d_inode(index))
				491	return 0;
				492
Amir Goldstein	9ee60ce	2017-11-01 10:13:51 +0200	[diff] [blame]	493	/* Cleanup leftover from index create/cleanup attempt */
				494	err = -ESTALE;
				495	if (ovl_is_temp_index(index))
				496	goto fail;
				497
Amir Goldstein	fa0096e	2017-10-24 12:24:11 +0300	[diff] [blame]	498	err = -EINVAL;
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	499	if (index->d_name.len < sizeof(struct ovl_fh)*2)
				500	goto fail;
				501
				502	err = -ENOMEM;
				503	len = index->d_name.len / 2;
Michal Hocko	0ee931c	2017-09-13 16:28:29 -0700	[diff] [blame]	504	fh = kzalloc(len, GFP_KERNEL);
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	505	if (!fh)
				506	goto fail;
				507
				508	err = -EINVAL;
Amir Goldstein	2e1a5328	2017-10-24 15:12:15 +0300	[diff] [blame]	509	if (hex2bin((u8 *)fh, index->d_name.name, len))
				510	goto fail;
				511
				512	err = ovl_check_fh_len(fh, len);
				513	if (err)
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	514	goto fail;
				515
Amir Goldstein	7db25d3	2018-01-11 11:03:13 +0200	[diff] [blame]	516	/*
				517	* Whiteout index entries are used as an indication that an exported
				518	* overlay file handle should be treated as stale (i.e. after unlink
				519	* of the overlay inode). These entries contain no origin xattr.
				520	*/
				521	if (ovl_is_whiteout(index))
				522	goto out;
				523
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	524	/*
				525	* Verifying directory index entries are not stale is expensive, so
				526	* only verify stale dir index if NFS export is enabled.
				527	*/
				528	if (d_is_dir(index) && !ofs->config.nfs_export)
				529	goto out;
				530
				531	/*
				532	* Directory index entries should have 'upper' xattr pointing to the
				533	* real upper dir. Non-dir index entries are hardlinks to the upper
				534	* real inode. For non-dir index, we can read the copy up origin xattr
				535	* directly from the index dentry, but for dir index we first need to
				536	* decode the upper directory.
				537	*/
				538	upper = ovl_index_upper(ofs, index);
				539	if (IS_ERR_OR_NULL(upper)) {
				540	err = PTR_ERR(upper);
Amir Goldstein	24f0b17	2018-01-11 15:33:51 +0200	[diff] [blame]	541	/*
				542	* Directory index entries with no 'upper' xattr need to be
				543	* removed. When dir index entry has a stale 'upper' xattr,
				544	* we assume that upper dir was removed and we treat the dir
				545	* index as orphan entry that needs to be whited out.
				546	*/
				547	if (err == -ESTALE)
				548	goto orphan;
				549	else if (!err)
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	550	err = -ESTALE;
				551	goto fail;
				552	}
				553
				554	err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh);
				555	dput(upper);
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	556	if (err)
				557	goto fail;
				558
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	559	/* Check if non-dir index is orphan and don't warn before cleaning it */
				560	if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
				561	err = ovl_check_origin_fh(ofs, fh, index, &stack);
				562	if (err)
				563	goto fail;
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	564
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	565	if (ovl_get_nlink(origin.dentry, index, 0) == 0)
Amir Goldstein	24f0b17	2018-01-11 15:33:51 +0200	[diff] [blame]	566	goto orphan;
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	567	}
Amir Goldstein	caf70cb	2017-06-21 13:46:12 +0300	[diff] [blame]	568
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	569	out:
Amir Goldstein	e8f9e5b	2018-01-11 11:33:24 +0200	[diff] [blame]	570	dput(origin.dentry);
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	571	kfree(fh);
				572	return err;
				573
				574	fail:
Amir Goldstein	61b6747	2017-07-18 21:07:42 +0300	[diff] [blame]	575	pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n",
				576	index, d_inode(index)->i_mode & S_IFMT, err);
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	577	goto out;
Amir Goldstein	24f0b17	2018-01-11 15:33:51 +0200	[diff] [blame]	578
				579	orphan:
				580	pr_warn_ratelimited("overlayfs: orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
				581	index, d_inode(index)->i_mode & S_IFMT,
				582	d_inode(index)->i_nlink);
				583	err = -ENOENT;
				584	goto out;
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	585	}
				586
Amir Goldstein	91ffe7b	2017-12-28 20:23:05 +0200	[diff] [blame]	587	static int ovl_get_index_name_fh(struct ovl_fh fh, struct qstr name)
				588	{
				589	char n, s;
				590
				591	n = kzalloc(fh->len * 2, GFP_KERNEL);
				592	if (!n)
				593	return -ENOMEM;
				594
				595	s = bin2hex(n, fh, fh->len);
				596	*name = (struct qstr) QSTR_INIT(n, s - n);
				597
				598	return 0;
				599
				600	}
				601
Amir Goldstein	415543d	2017-06-21 15:28:42 +0300	[diff] [blame]	602	/*
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	603	* Lookup in indexdir for the index entry of a lower real inode or a copy up
				604	* origin inode. The index entry name is the hex representation of the lower
				605	* inode file handle.
				606	*
				607	* If the index dentry in negative, then either no lower aliases have been
				608	* copied up yet, or aliases have been copied up in older kernels and are
				609	* not indexed.
				610	*
				611	* If the index dentry for a copy up origin inode is positive, but points
				612	* to an inode different than the upper inode, then either the upper inode
				613	* has been copied up and not indexed or it was indexed, but since then
				614	* index dir was cleared. Either way, that index cannot be used to indentify
				615	* the overlay inode.
				616	*/
				617	int ovl_get_index_name(struct dentry origin, struct qstr name)
				618	{
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	619	struct ovl_fh *fh;
Amir Goldstein	91ffe7b	2017-12-28 20:23:05 +0200	[diff] [blame]	620	int err;
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	621
				622	fh = ovl_encode_fh(origin, false);
				623	if (IS_ERR(fh))
				624	return PTR_ERR(fh);
				625
Amir Goldstein	91ffe7b	2017-12-28 20:23:05 +0200	[diff] [blame]	626	err = ovl_get_index_name_fh(fh, name);
				627
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	628	kfree(fh);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	629	return err;
Amir Goldstein	91ffe7b	2017-12-28 20:23:05 +0200	[diff] [blame]	630	}
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	631
Amir Goldstein	91ffe7b	2017-12-28 20:23:05 +0200	[diff] [blame]	632	/* Lookup index by file handle for NFS export */
				633	struct dentry ovl_get_index_fh(struct ovl_fs ofs, struct ovl_fh *fh)
				634	{
				635	struct dentry *index;
				636	struct qstr name;
				637	int err;
				638
				639	err = ovl_get_index_name_fh(fh, &name);
				640	if (err)
				641	return ERR_PTR(err);
				642
				643	index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
				644	kfree(name.name);
				645	if (IS_ERR(index)) {
				646	if (PTR_ERR(index) == -ENOENT)
				647	index = NULL;
				648	return index;
				649	}
				650
				651	if (d_is_negative(index))
				652	err = 0;
				653	else if (ovl_is_whiteout(index))
				654	err = -ESTALE;
				655	else if (ovl_dentry_weird(index))
				656	err = -EIO;
				657	else
				658	return index;
				659
				660	dput(index);
				661	return ERR_PTR(err);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	662	}
				663
Amir Goldstein	0617015	2018-01-17 14:40:27 +0200	[diff] [blame^]	664	struct dentry ovl_lookup_index(struct ovl_fs ofs, struct dentry *upper,
				665	struct dentry *origin, bool verify)
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	666	{
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	667	struct dentry *index;
				668	struct inode *inode;
				669	struct qstr name;
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	670	bool is_dir = d_is_dir(origin);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	671	int err;
				672
				673	err = ovl_get_index_name(origin, &name);
				674	if (err)
				675	return ERR_PTR(err);
				676
				677	index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
				678	if (IS_ERR(index)) {
Amir Goldstein	e0082a0	2017-09-24 13:01:35 +0300	[diff] [blame]	679	err = PTR_ERR(index);
Amir Goldstein	7937a56	2017-10-20 17:19:06 +0300	[diff] [blame]	680	if (err == -ENOENT) {
				681	index = NULL;
				682	goto out;
				683	}
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	684	pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n"
				685	"overlayfs: mount with '-o index=off' to disable inodes index.\n",
				686	d_inode(origin)->i_ino, name.len, name.name,
				687	err);
				688	goto out;
				689	}
				690
Amir Goldstein	0e08255	2017-07-18 21:07:43 +0300	[diff] [blame]	691	inode = d_inode(index);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	692	if (d_is_negative(index)) {
Amir Goldstein	6eaf011	2017-10-12 19:03:04 +0300	[diff] [blame]	693	goto out_dput;
Amir Goldstein	0617015	2018-01-17 14:40:27 +0200	[diff] [blame^]	694	} else if (ovl_is_whiteout(index) && !verify) {
				695	/*
				696	* When index lookup is called with !verify for decoding an
				697	* overlay file handle, a whiteout index implies that decode
				698	* should treat file handle as stale and no need to print a
				699	* warning about it.
				700	*/
				701	dput(index);
				702	index = ERR_PTR(-ESTALE);
				703	goto out;
Amir Goldstein	0e08255	2017-07-18 21:07:43 +0300	[diff] [blame]	704	} else if (ovl_dentry_weird(index) \|\| ovl_is_whiteout(index) \|\|
				705	((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) {
				706	/*
				707	* Index should always be of the same file type as origin
				708	* except for the case of a whiteout index. A whiteout
				709	* index should only exist if all lower aliases have been
				710	* unlinked, which means that finding a lower origin on lookup
				711	* whose index is a whiteout should be treated as an error.
				712	*/
				713	pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
				714	index, d_inode(index)->i_mode & S_IFMT,
				715	d_inode(origin)->i_mode & S_IFMT);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	716	goto fail;
Amir Goldstein	0617015	2018-01-17 14:40:27 +0200	[diff] [blame^]	717	} else if (is_dir && verify) {
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	718	if (!upper) {
				719	pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
				720	origin, index);
				721	goto fail;
				722	}
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	723
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	724	/* Verify that dir index 'upper' xattr points to upper dir */
				725	err = ovl_verify_upper(index, upper, false);
				726	if (err) {
				727	if (err == -ESTALE) {
				728	pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
				729	upper, origin, index);
				730	}
				731	goto fail;
				732	}
				733	} else if (upper && d_inode(upper) != inode) {
				734	goto out_dput;
				735	}
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	736	out:
				737	kfree(name.name);
				738	return index;
				739
Amir Goldstein	6eaf011	2017-10-12 19:03:04 +0300	[diff] [blame]	740	out_dput:
				741	dput(index);
				742	index = NULL;
				743	goto out;
				744
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	745	fail:
				746	dput(index);
				747	index = ERR_PTR(-EIO);
				748	goto out;
				749	}
				750
				751	/*
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	752	* Returns next layer in stack starting from top.
				753	* Returns -1 if this is the last layer.
				754	*/
				755	int ovl_path_next(int idx, struct dentry dentry, struct path path)
				756	{
				757	struct ovl_entry *oe = dentry->d_fsdata;
				758
				759	BUG_ON(idx < 0);
				760	if (idx == 0) {
				761	ovl_path_upper(dentry, path);
				762	if (path->dentry)
				763	return oe->numlower ? 1 : -1;
				764	idx++;
				765	}
				766	BUG_ON(idx > oe->numlower);
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	767	path->dentry = oe->lowerstack[idx - 1].dentry;
				768	path->mnt = oe->lowerstack[idx - 1].layer->mnt;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	769
				770	return (idx < oe->numlower) ? idx + 1 : -1;
				771	}
				772
Amir Goldstein	9678e63	2018-01-03 19:34:45 +0200	[diff] [blame]	773	/* Fix missing 'origin' xattr */
				774	static int ovl_fix_origin(struct dentry dentry, struct dentry lower,
				775	struct dentry *upper)
				776	{
				777	int err;
				778
				779	if (ovl_check_origin_xattr(upper))
				780	return 0;
				781
				782	err = ovl_want_write(dentry);
				783	if (err)
				784	return err;
				785
				786	err = ovl_set_origin(dentry, lower, upper);
				787	if (!err)
				788	err = ovl_set_impure(dentry->d_parent, upper->d_parent);
				789
				790	ovl_drop_write(dentry);
				791	return err;
				792	}
				793
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	794	struct dentry ovl_lookup(struct inode dir, struct dentry *dentry,
				795	unsigned int flags)
				796	{
				797	struct ovl_entry *oe;
				798	const struct cred *old_cred;
Miklos Szeredi	6b2d5fe	2016-12-16 11:02:56 +0100	[diff] [blame]	799	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	800	struct ovl_entry *poe = dentry->d_parent->d_fsdata;
Amir Goldstein	c22205d	2017-04-26 23:40:52 +0300	[diff] [blame]	801	struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata;
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	802	struct ovl_path *stack = NULL;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	803	struct dentry upperdir, upperdentry = NULL;
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	804	struct dentry *origin = NULL;
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	805	struct dentry *index = NULL;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	806	unsigned int ctr = 0;
				807	struct inode *inode = NULL;
				808	bool upperopaque = false;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	809	char *upperredirect = NULL;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	810	struct dentry *this;
				811	unsigned int i;
				812	int err;
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	813	struct ovl_lookup_data d = {
				814	.name = dentry->d_name,
				815	.is_dir = false,
				816	.opaque = false,
				817	.stop = false,
				818	.last = !poe->numlower,
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	819	.redirect = NULL,
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	820	};
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	821
Miklos Szeredi	6b2d5fe	2016-12-16 11:02:56 +0100	[diff] [blame]	822	if (dentry->d_name.len > ofs->namelen)
				823	return ERR_PTR(-ENAMETOOLONG);
				824
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	825	old_cred = ovl_override_creds(dentry->d_sb);
Miklos Szeredi	09d8b58	2017-07-04 22:03:16 +0200	[diff] [blame]	826	upperdir = ovl_dentry_upper(dentry->d_parent);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	827	if (upperdir) {
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	828	err = ovl_lookup_layer(upperdir, &d, &upperdentry);
				829	if (err)
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	830	goto out;
				831
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	832	if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) {
				833	dput(upperdentry);
				834	err = -EREMOTE;
				835	goto out;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	836	}
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	837	if (upperdentry && !d.is_dir) {
				838	BUG_ON(!d.stop \|\| d.redirect);
Amir Goldstein	f7d3dac	2017-06-21 15:28:34 +0300	[diff] [blame]	839	/*
				840	* Lookup copy up origin by decoding origin file handle.
				841	* We may get a disconnected dentry, which is fine,
				842	* because we only need to hold the origin inode in
				843	* cache and use its inode number. We may even get a
				844	* connected dentry, that is not under any of the lower
				845	* layers root. That is also fine for using it's inode
				846	* number - it's the same as if we held a reference
				847	* to a dentry in lower layer that was moved under us.
				848	*/
Amir Goldstein	1eff1a1	2017-12-12 22:40:46 +0200	[diff] [blame]	849	err = ovl_check_origin(ofs, upperdentry, &stack, &ctr);
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	850	if (err)
Vivek Goyal	5455f92	2017-11-01 15:37:22 -0400	[diff] [blame]	851	goto out_put_upper;
Amir Goldstein	a9d0195	2017-04-30 14:46:31 +0300	[diff] [blame]	852	}
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	853
				854	if (d.redirect) {
Dan Carpenter	0ce5cdc	2017-09-22 23:45:18 +0300	[diff] [blame]	855	err = -ENOMEM;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	856	upperredirect = kstrdup(d.redirect, GFP_KERNEL);
				857	if (!upperredirect)
				858	goto out_put_upper;
				859	if (d.redirect[0] == '/')
Amir Goldstein	c22205d	2017-04-26 23:40:52 +0300	[diff] [blame]	860	poe = roe;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	861	}
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	862	upperopaque = d.opaque;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	863	}
				864
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	865	if (!d.stop && poe->numlower) {
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	866	err = -ENOMEM;
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	867	stack = kcalloc(ofs->numlower, sizeof(struct ovl_path),
Michal Hocko	0ee931c	2017-09-13 16:28:29 -0700	[diff] [blame]	868	GFP_KERNEL);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	869	if (!stack)
				870	goto out_put_upper;
				871	}
				872
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	873	for (i = 0; !d.stop && i < poe->numlower; i++) {
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	874	struct ovl_path lower = poe->lowerstack[i];
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	875
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	876	d.last = i == poe->numlower - 1;
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	877	err = ovl_lookup_layer(lower.dentry, &d, &this);
Miklos Szeredi	e28edc4	2016-12-16 11:02:56 +0100	[diff] [blame]	878	if (err)
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	879	goto out_put;
Miklos Szeredi	6b2d5fe	2016-12-16 11:02:56 +0100	[diff] [blame]	880
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	881	if (!this)
				882	continue;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	883
Amir Goldstein	9678e63	2018-01-03 19:34:45 +0200	[diff] [blame]	884	/*
				885	* If no origin fh is stored in upper of a merge dir, store fh
				886	* of lower dir and set upper parent "impure".
				887	*/
				888	if (upperdentry && !ctr && !ofs->noxattr) {
				889	err = ovl_fix_origin(dentry, this, upperdentry);
				890	if (err) {
				891	dput(this);
				892	goto out_put;
				893	}
				894	}
				895
Amir Goldstein	37b12916	2018-01-10 22:29:38 +0200	[diff] [blame]	896	/*
				897	* When "verify_lower" feature is enabled, do not merge with a
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	898	* lower dir that does not match a stored origin xattr. In any
				899	* case, only verified origin is used for index lookup.
Amir Goldstein	37b12916	2018-01-10 22:29:38 +0200	[diff] [blame]	900	*/
				901	if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) {
				902	err = ovl_verify_origin(upperdentry, this, false);
				903	if (err) {
				904	dput(this);
				905	break;
				906	}
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	907
				908	/* Bless lower dir as verified origin */
				909	origin = this;
Amir Goldstein	37b12916	2018-01-10 22:29:38 +0200	[diff] [blame]	910	}
				911
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	912	stack[ctr].dentry = this;
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	913	stack[ctr].layer = lower.layer;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	914	ctr++;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	915
				916	if (d.stop)
				917	break;
				918
Miklos Szeredi	438c84c	2017-12-11 11:28:10 +0100	[diff] [blame]	919	/*
				920	* Following redirects can have security consequences: it's like
				921	* a symlink into the lower layer without the permission checks.
				922	* This is only a problem if the upper layer is untrusted (e.g
				923	* comes from an USB drive). This can allow a non-readable file
				924	* or directory to become readable.
				925	*
				926	* Only following redirects when redirects are enabled disables
				927	* this attack vector when not necessary.
				928	*/
				929	err = -EPERM;
				930	if (d.redirect && !ofs->config.redirect_follow) {
Amir Goldstein	f816781	2017-12-18 14:25:56 +0200	[diff] [blame]	931	pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n",
				932	dentry);
Miklos Szeredi	438c84c	2017-12-11 11:28:10 +0100	[diff] [blame]	933	goto out_put;
				934	}
				935
Amir Goldstein	c22205d	2017-04-26 23:40:52 +0300	[diff] [blame]	936	if (d.redirect && d.redirect[0] == '/' && poe != roe) {
				937	poe = roe;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	938	/* Find the current layer on the root dentry */
Amir Goldstein	d583ed7	2017-11-08 19:23:36 +0200	[diff] [blame]	939	i = lower.layer->idx - 1;
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	940	}
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	941	}
				942
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	943	/*
				944	* Lookup index by lower inode and verify it matches upper inode.
				945	* We only trust dir index if we verified that lower dir matches
				946	* origin, otherwise dir index entries may be inconsistent and we
				947	* ignore them. Always lookup index of non-dir and non-upper.
				948	*/
				949	if (ctr && (!upperdentry \|\| !d.is_dir))
				950	origin = stack[0].dentry;
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	951
Amir Goldstein	ad1d615	2018-01-11 10:47:03 +0200	[diff] [blame]	952	if (origin && ovl_indexdir(dentry->d_sb) &&
				953	(!d.is_dir \|\| ovl_index_all(dentry->d_sb))) {
Amir Goldstein	0617015	2018-01-17 14:40:27 +0200	[diff] [blame^]	954	index = ovl_lookup_index(ofs, upperdentry, origin, true);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	955	if (IS_ERR(index)) {
				956	err = PTR_ERR(index);
				957	index = NULL;
				958	goto out_put;
				959	}
				960	}
				961
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	962	oe = ovl_alloc_entry(ctr);
				963	err = -ENOMEM;
				964	if (!oe)
				965	goto out_put;
				966
Chandan Rajendra	b934363	2017-07-24 01:57:54 -0500	[diff] [blame]	967	memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
Miklos Szeredi	e6d2ebd	2017-07-04 22:03:16 +0200	[diff] [blame]	968	dentry->d_fsdata = oe;
				969
Amir Goldstein	c62520a	2018-01-14 19:25:31 +0200	[diff] [blame]	970	if (upperopaque)
				971	ovl_dentry_set_opaque(dentry);
				972
Miklos Szeredi	55acc66	2017-07-04 22:03:18 +0200	[diff] [blame]	973	if (upperdentry)
				974	ovl_dentry_set_upper_alias(dentry);
				975	else if (index)
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	976	upperdentry = dget(index);
				977
Miklos Szeredi	e6d2ebd	2017-07-04 22:03:16 +0200	[diff] [blame]	978	if (upperdentry \|\| ctr) {
Amir Goldstein	0aceb53	2017-12-12 23:43:16 +0200	[diff] [blame]	979	inode = ovl_get_inode(dentry->d_sb, upperdentry, origin, index,
				980	ctr);
Miklos Szeredi	b9ac5c27	2017-07-04 22:03:17 +0200	[diff] [blame]	981	err = PTR_ERR(inode);
				982	if (IS_ERR(inode))
Miklos Szeredi	e6d2ebd	2017-07-04 22:03:16 +0200	[diff] [blame]	983	goto out_free_oe;
Miklos Szeredi	cf31c46	2017-07-04 22:03:16 +0200	[diff] [blame]	984
				985	OVL_I(inode)->redirect = upperredirect;
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	986	if (index)
				987	ovl_set_flag(OVL_INDEX, inode);
Miklos Szeredi	e6d2ebd	2017-07-04 22:03:16 +0200	[diff] [blame]	988	}
				989
				990	revert_creds(old_cred);
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	991	dput(index);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	992	kfree(stack);
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	993	kfree(d.redirect);
Amir Goldstein	829c28b	2017-09-29 21:43:07 +0300	[diff] [blame]	994	return d_splice_alias(inode, dentry);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	995
				996	out_free_oe:
Miklos Szeredi	e6d2ebd	2017-07-04 22:03:16 +0200	[diff] [blame]	997	dentry->d_fsdata = NULL;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	998	kfree(oe);
				999	out_put:
Amir Goldstein	359f392	2017-06-21 15:28:41 +0300	[diff] [blame]	1000	dput(index);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1001	for (i = 0; i < ctr; i++)
				1002	dput(stack[i].dentry);
				1003	kfree(stack);
				1004	out_put_upper:
				1005	dput(upperdentry);
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	1006	kfree(upperredirect);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1007	out:
Miklos Szeredi	02b69b2	2016-12-16 11:02:56 +0100	[diff] [blame]	1008	kfree(d.redirect);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1009	revert_creds(old_cred);
				1010	return ERR_PTR(err);
				1011	}
				1012
				1013	bool ovl_lower_positive(struct dentry *dentry)
				1014	{
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1015	struct ovl_entry *poe = dentry->d_parent->d_fsdata;
				1016	const struct qstr *name = &dentry->d_name;
Amir Goldstein	6d0a8a9	2017-11-10 13:18:07 +0200	[diff] [blame]	1017	const struct cred *old_cred;
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1018	unsigned int i;
				1019	bool positive = false;
				1020	bool done = false;
				1021
				1022	/*
				1023	* If dentry is negative, then lower is positive iff this is a
				1024	* whiteout.
				1025	*/
				1026	if (!dentry->d_inode)
Amir Goldstein	c62520a	2018-01-14 19:25:31 +0200	[diff] [blame]	1027	return ovl_dentry_is_opaque(dentry);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1028
				1029	/* Negative upper -> positive lower */
Miklos Szeredi	09d8b58	2017-07-04 22:03:16 +0200	[diff] [blame]	1030	if (!ovl_dentry_upper(dentry))
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1031	return true;
				1032
Amir Goldstein	6d0a8a9	2017-11-10 13:18:07 +0200	[diff] [blame]	1033	old_cred = ovl_override_creds(dentry->d_sb);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1034	/* Positive upper -> have to look up lower to see whether it exists */
				1035	for (i = 0; !done && !positive && i < poe->numlower; i++) {
				1036	struct dentry *this;
				1037	struct dentry *lowerdir = poe->lowerstack[i].dentry;
				1038
				1039	this = lookup_one_len_unlocked(name->name, lowerdir,
				1040	name->len);
				1041	if (IS_ERR(this)) {
				1042	switch (PTR_ERR(this)) {
				1043	case -ENOENT:
				1044	case -ENAMETOOLONG:
				1045	break;
				1046
				1047	default:
				1048	/*
				1049	* Assume something is there, we just couldn't
				1050	* access it.
				1051	*/
				1052	positive = true;
				1053	break;
				1054	}
				1055	} else {
				1056	if (this->d_inode) {
				1057	positive = !ovl_is_whiteout(this);
				1058	done = true;
				1059	}
				1060	dput(this);
				1061	}
				1062	}
Amir Goldstein	6d0a8a9	2017-11-10 13:18:07 +0200	[diff] [blame]	1063	revert_creds(old_cred);
Miklos Szeredi	bbb1e54	2016-12-16 11:02:56 +0100	[diff] [blame]	1064
				1065	return positive;
				1066	}