1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * Copyright (C) 2011 Novell Inc.
4*4882a593Smuzhiyun * Copyright (C) 2016 Red Hat, Inc.
5*4882a593Smuzhiyun */
6*4882a593Smuzhiyun
7*4882a593Smuzhiyun #include <linux/fs.h>
8*4882a593Smuzhiyun #include <linux/cred.h>
9*4882a593Smuzhiyun #include <linux/ctype.h>
10*4882a593Smuzhiyun #include <linux/namei.h>
11*4882a593Smuzhiyun #include <linux/xattr.h>
12*4882a593Smuzhiyun #include <linux/ratelimit.h>
13*4882a593Smuzhiyun #include <linux/mount.h>
14*4882a593Smuzhiyun #include <linux/exportfs.h>
15*4882a593Smuzhiyun #include "overlayfs.h"
16*4882a593Smuzhiyun
17*4882a593Smuzhiyun struct ovl_lookup_data {
18*4882a593Smuzhiyun struct super_block *sb;
19*4882a593Smuzhiyun struct qstr name;
20*4882a593Smuzhiyun bool is_dir;
21*4882a593Smuzhiyun bool opaque;
22*4882a593Smuzhiyun bool stop;
23*4882a593Smuzhiyun bool last;
24*4882a593Smuzhiyun char *redirect;
25*4882a593Smuzhiyun bool metacopy;
26*4882a593Smuzhiyun };
27*4882a593Smuzhiyun
ovl_check_redirect(struct dentry * dentry,struct ovl_lookup_data * d,size_t prelen,const char * post)28*4882a593Smuzhiyun static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
29*4882a593Smuzhiyun size_t prelen, const char *post)
30*4882a593Smuzhiyun {
31*4882a593Smuzhiyun int res;
32*4882a593Smuzhiyun char *buf;
33*4882a593Smuzhiyun struct ovl_fs *ofs = OVL_FS(d->sb);
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun buf = ovl_get_redirect_xattr(ofs, dentry, prelen + strlen(post));
36*4882a593Smuzhiyun if (IS_ERR_OR_NULL(buf))
37*4882a593Smuzhiyun return PTR_ERR(buf);
38*4882a593Smuzhiyun
39*4882a593Smuzhiyun if (buf[0] == '/') {
40*4882a593Smuzhiyun /*
41*4882a593Smuzhiyun * One of the ancestor path elements in an absolute path
42*4882a593Smuzhiyun * lookup in ovl_lookup_layer() could have been opaque and
43*4882a593Smuzhiyun * that will stop further lookup in lower layers (d->stop=true)
44*4882a593Smuzhiyun * But we have found an absolute redirect in decendant path
45*4882a593Smuzhiyun * element and that should force continue lookup in lower
46*4882a593Smuzhiyun * layers (reset d->stop).
47*4882a593Smuzhiyun */
48*4882a593Smuzhiyun d->stop = false;
49*4882a593Smuzhiyun } else {
50*4882a593Smuzhiyun res = strlen(buf) + 1;
51*4882a593Smuzhiyun memmove(buf + prelen, buf, res);
52*4882a593Smuzhiyun memcpy(buf, d->name.name, prelen);
53*4882a593Smuzhiyun }
54*4882a593Smuzhiyun
55*4882a593Smuzhiyun strcat(buf, post);
56*4882a593Smuzhiyun kfree(d->redirect);
57*4882a593Smuzhiyun d->redirect = buf;
58*4882a593Smuzhiyun d->name.name = d->redirect;
59*4882a593Smuzhiyun d->name.len = strlen(d->redirect);
60*4882a593Smuzhiyun
61*4882a593Smuzhiyun return 0;
62*4882a593Smuzhiyun }
63*4882a593Smuzhiyun
ovl_acceptable(void * ctx,struct dentry * dentry)64*4882a593Smuzhiyun static int ovl_acceptable(void *ctx, struct dentry *dentry)
65*4882a593Smuzhiyun {
66*4882a593Smuzhiyun /*
67*4882a593Smuzhiyun * A non-dir origin may be disconnected, which is fine, because
68*4882a593Smuzhiyun * we only need it for its unique inode number.
69*4882a593Smuzhiyun */
70*4882a593Smuzhiyun if (!d_is_dir(dentry))
71*4882a593Smuzhiyun return 1;
72*4882a593Smuzhiyun
73*4882a593Smuzhiyun /* Don't decode a deleted empty directory */
74*4882a593Smuzhiyun if (d_unhashed(dentry))
75*4882a593Smuzhiyun return 0;
76*4882a593Smuzhiyun
77*4882a593Smuzhiyun /* Check if directory belongs to the layer we are decoding from */
78*4882a593Smuzhiyun return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
79*4882a593Smuzhiyun }
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun /*
82*4882a593Smuzhiyun * Check validity of an overlay file handle buffer.
83*4882a593Smuzhiyun *
84*4882a593Smuzhiyun * Return 0 for a valid file handle.
85*4882a593Smuzhiyun * Return -ENODATA for "origin unknown".
86*4882a593Smuzhiyun * Return <0 for an invalid file handle.
87*4882a593Smuzhiyun */
ovl_check_fb_len(struct ovl_fb * fb,int fb_len)88*4882a593Smuzhiyun int ovl_check_fb_len(struct ovl_fb *fb, int fb_len)
89*4882a593Smuzhiyun {
90*4882a593Smuzhiyun if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len)
91*4882a593Smuzhiyun return -EINVAL;
92*4882a593Smuzhiyun
93*4882a593Smuzhiyun if (fb->magic != OVL_FH_MAGIC)
94*4882a593Smuzhiyun return -EINVAL;
95*4882a593Smuzhiyun
96*4882a593Smuzhiyun /* Treat larger version and unknown flags as "origin unknown" */
97*4882a593Smuzhiyun if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL)
98*4882a593Smuzhiyun return -ENODATA;
99*4882a593Smuzhiyun
100*4882a593Smuzhiyun /* Treat endianness mismatch as "origin unknown" */
101*4882a593Smuzhiyun if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
102*4882a593Smuzhiyun (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
103*4882a593Smuzhiyun return -ENODATA;
104*4882a593Smuzhiyun
105*4882a593Smuzhiyun return 0;
106*4882a593Smuzhiyun }
107*4882a593Smuzhiyun
ovl_get_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox)108*4882a593Smuzhiyun static struct ovl_fh *ovl_get_fh(struct ovl_fs *ofs, struct dentry *dentry,
109*4882a593Smuzhiyun enum ovl_xattr ox)
110*4882a593Smuzhiyun {
111*4882a593Smuzhiyun ssize_t res;
112*4882a593Smuzhiyun int err;
113*4882a593Smuzhiyun struct ovl_fh *fh = NULL;
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun res = ovl_do_getxattr(ofs, dentry, ox, NULL, 0);
116*4882a593Smuzhiyun if (res < 0) {
117*4882a593Smuzhiyun if (res == -ENODATA || res == -EOPNOTSUPP)
118*4882a593Smuzhiyun return NULL;
119*4882a593Smuzhiyun goto fail;
120*4882a593Smuzhiyun }
121*4882a593Smuzhiyun /* Zero size value means "copied up but origin unknown" */
122*4882a593Smuzhiyun if (res == 0)
123*4882a593Smuzhiyun return NULL;
124*4882a593Smuzhiyun
125*4882a593Smuzhiyun fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
126*4882a593Smuzhiyun if (!fh)
127*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
128*4882a593Smuzhiyun
129*4882a593Smuzhiyun res = ovl_do_getxattr(ofs, dentry, ox, fh->buf, res);
130*4882a593Smuzhiyun if (res < 0)
131*4882a593Smuzhiyun goto fail;
132*4882a593Smuzhiyun
133*4882a593Smuzhiyun err = ovl_check_fb_len(&fh->fb, res);
134*4882a593Smuzhiyun if (err < 0) {
135*4882a593Smuzhiyun if (err == -ENODATA)
136*4882a593Smuzhiyun goto out;
137*4882a593Smuzhiyun goto invalid;
138*4882a593Smuzhiyun }
139*4882a593Smuzhiyun
140*4882a593Smuzhiyun return fh;
141*4882a593Smuzhiyun
142*4882a593Smuzhiyun out:
143*4882a593Smuzhiyun kfree(fh);
144*4882a593Smuzhiyun return NULL;
145*4882a593Smuzhiyun
146*4882a593Smuzhiyun fail:
147*4882a593Smuzhiyun pr_warn_ratelimited("failed to get origin (%zi)\n", res);
148*4882a593Smuzhiyun goto out;
149*4882a593Smuzhiyun invalid:
150*4882a593Smuzhiyun pr_warn_ratelimited("invalid origin (%*phN)\n", (int)res, fh);
151*4882a593Smuzhiyun goto out;
152*4882a593Smuzhiyun }
153*4882a593Smuzhiyun
ovl_decode_real_fh(struct ovl_fh * fh,struct vfsmount * mnt,bool connected)154*4882a593Smuzhiyun struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
155*4882a593Smuzhiyun bool connected)
156*4882a593Smuzhiyun {
157*4882a593Smuzhiyun struct dentry *real;
158*4882a593Smuzhiyun int bytes;
159*4882a593Smuzhiyun
160*4882a593Smuzhiyun /*
161*4882a593Smuzhiyun * Make sure that the stored uuid matches the uuid of the lower
162*4882a593Smuzhiyun * layer where file handle will be decoded.
163*4882a593Smuzhiyun */
164*4882a593Smuzhiyun if (!uuid_equal(&fh->fb.uuid, &mnt->mnt_sb->s_uuid))
165*4882a593Smuzhiyun return NULL;
166*4882a593Smuzhiyun
167*4882a593Smuzhiyun bytes = (fh->fb.len - offsetof(struct ovl_fb, fid));
168*4882a593Smuzhiyun real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid,
169*4882a593Smuzhiyun bytes >> 2, (int)fh->fb.type,
170*4882a593Smuzhiyun connected ? ovl_acceptable : NULL, mnt);
171*4882a593Smuzhiyun if (IS_ERR(real)) {
172*4882a593Smuzhiyun /*
173*4882a593Smuzhiyun * Treat stale file handle to lower file as "origin unknown".
174*4882a593Smuzhiyun * upper file handle could become stale when upper file is
175*4882a593Smuzhiyun * unlinked and this information is needed to handle stale
176*4882a593Smuzhiyun * index entries correctly.
177*4882a593Smuzhiyun */
178*4882a593Smuzhiyun if (real == ERR_PTR(-ESTALE) &&
179*4882a593Smuzhiyun !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER))
180*4882a593Smuzhiyun real = NULL;
181*4882a593Smuzhiyun return real;
182*4882a593Smuzhiyun }
183*4882a593Smuzhiyun
184*4882a593Smuzhiyun if (ovl_dentry_weird(real)) {
185*4882a593Smuzhiyun dput(real);
186*4882a593Smuzhiyun return NULL;
187*4882a593Smuzhiyun }
188*4882a593Smuzhiyun
189*4882a593Smuzhiyun return real;
190*4882a593Smuzhiyun }
191*4882a593Smuzhiyun
ovl_is_opaquedir(struct super_block * sb,struct dentry * dentry)192*4882a593Smuzhiyun static bool ovl_is_opaquedir(struct super_block *sb, struct dentry *dentry)
193*4882a593Smuzhiyun {
194*4882a593Smuzhiyun return ovl_check_dir_xattr(sb, dentry, OVL_XATTR_OPAQUE);
195*4882a593Smuzhiyun }
196*4882a593Smuzhiyun
ovl_lookup_positive_unlocked(const char * name,struct dentry * base,int len,bool drop_negative)197*4882a593Smuzhiyun static struct dentry *ovl_lookup_positive_unlocked(const char *name,
198*4882a593Smuzhiyun struct dentry *base, int len,
199*4882a593Smuzhiyun bool drop_negative)
200*4882a593Smuzhiyun {
201*4882a593Smuzhiyun struct dentry *ret = lookup_one_len_unlocked(name, base, len);
202*4882a593Smuzhiyun
203*4882a593Smuzhiyun if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
204*4882a593Smuzhiyun if (drop_negative && ret->d_lockref.count == 1) {
205*4882a593Smuzhiyun spin_lock(&ret->d_lock);
206*4882a593Smuzhiyun /* Recheck condition under lock */
207*4882a593Smuzhiyun if (d_is_negative(ret) && ret->d_lockref.count == 1)
208*4882a593Smuzhiyun __d_drop(ret);
209*4882a593Smuzhiyun spin_unlock(&ret->d_lock);
210*4882a593Smuzhiyun }
211*4882a593Smuzhiyun dput(ret);
212*4882a593Smuzhiyun ret = ERR_PTR(-ENOENT);
213*4882a593Smuzhiyun }
214*4882a593Smuzhiyun return ret;
215*4882a593Smuzhiyun }
216*4882a593Smuzhiyun
ovl_lookup_single(struct dentry * base,struct ovl_lookup_data * d,const char * name,unsigned int namelen,size_t prelen,const char * post,struct dentry ** ret,bool drop_negative)217*4882a593Smuzhiyun static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
218*4882a593Smuzhiyun const char *name, unsigned int namelen,
219*4882a593Smuzhiyun size_t prelen, const char *post,
220*4882a593Smuzhiyun struct dentry **ret, bool drop_negative)
221*4882a593Smuzhiyun {
222*4882a593Smuzhiyun struct dentry *this;
223*4882a593Smuzhiyun int err;
224*4882a593Smuzhiyun bool last_element = !post[0];
225*4882a593Smuzhiyun
226*4882a593Smuzhiyun this = ovl_lookup_positive_unlocked(name, base, namelen, drop_negative);
227*4882a593Smuzhiyun if (IS_ERR(this)) {
228*4882a593Smuzhiyun err = PTR_ERR(this);
229*4882a593Smuzhiyun this = NULL;
230*4882a593Smuzhiyun if (err == -ENOENT || err == -ENAMETOOLONG)
231*4882a593Smuzhiyun goto out;
232*4882a593Smuzhiyun goto out_err;
233*4882a593Smuzhiyun }
234*4882a593Smuzhiyun
235*4882a593Smuzhiyun if (ovl_dentry_weird(this)) {
236*4882a593Smuzhiyun /* Don't support traversing automounts and other weirdness */
237*4882a593Smuzhiyun err = -EREMOTE;
238*4882a593Smuzhiyun goto out_err;
239*4882a593Smuzhiyun }
240*4882a593Smuzhiyun if (ovl_is_whiteout(this)) {
241*4882a593Smuzhiyun d->stop = d->opaque = true;
242*4882a593Smuzhiyun goto put_and_out;
243*4882a593Smuzhiyun }
244*4882a593Smuzhiyun /*
245*4882a593Smuzhiyun * This dentry should be a regular file if previous layer lookup
246*4882a593Smuzhiyun * found a metacopy dentry.
247*4882a593Smuzhiyun */
248*4882a593Smuzhiyun if (last_element && d->metacopy && !d_is_reg(this)) {
249*4882a593Smuzhiyun d->stop = true;
250*4882a593Smuzhiyun goto put_and_out;
251*4882a593Smuzhiyun }
252*4882a593Smuzhiyun if (!d_can_lookup(this)) {
253*4882a593Smuzhiyun if (d->is_dir || !last_element) {
254*4882a593Smuzhiyun d->stop = true;
255*4882a593Smuzhiyun goto put_and_out;
256*4882a593Smuzhiyun }
257*4882a593Smuzhiyun err = ovl_check_metacopy_xattr(OVL_FS(d->sb), this);
258*4882a593Smuzhiyun if (err < 0)
259*4882a593Smuzhiyun goto out_err;
260*4882a593Smuzhiyun
261*4882a593Smuzhiyun d->metacopy = err;
262*4882a593Smuzhiyun d->stop = !d->metacopy;
263*4882a593Smuzhiyun if (!d->metacopy || d->last)
264*4882a593Smuzhiyun goto out;
265*4882a593Smuzhiyun } else {
266*4882a593Smuzhiyun if (ovl_lookup_trap_inode(d->sb, this)) {
267*4882a593Smuzhiyun /* Caught in a trap of overlapping layers */
268*4882a593Smuzhiyun err = -ELOOP;
269*4882a593Smuzhiyun goto out_err;
270*4882a593Smuzhiyun }
271*4882a593Smuzhiyun
272*4882a593Smuzhiyun if (last_element)
273*4882a593Smuzhiyun d->is_dir = true;
274*4882a593Smuzhiyun if (d->last)
275*4882a593Smuzhiyun goto out;
276*4882a593Smuzhiyun
277*4882a593Smuzhiyun if (ovl_is_opaquedir(d->sb, this)) {
278*4882a593Smuzhiyun d->stop = true;
279*4882a593Smuzhiyun if (last_element)
280*4882a593Smuzhiyun d->opaque = true;
281*4882a593Smuzhiyun goto out;
282*4882a593Smuzhiyun }
283*4882a593Smuzhiyun }
284*4882a593Smuzhiyun err = ovl_check_redirect(this, d, prelen, post);
285*4882a593Smuzhiyun if (err)
286*4882a593Smuzhiyun goto out_err;
287*4882a593Smuzhiyun out:
288*4882a593Smuzhiyun *ret = this;
289*4882a593Smuzhiyun return 0;
290*4882a593Smuzhiyun
291*4882a593Smuzhiyun put_and_out:
292*4882a593Smuzhiyun dput(this);
293*4882a593Smuzhiyun this = NULL;
294*4882a593Smuzhiyun goto out;
295*4882a593Smuzhiyun
296*4882a593Smuzhiyun out_err:
297*4882a593Smuzhiyun dput(this);
298*4882a593Smuzhiyun return err;
299*4882a593Smuzhiyun }
300*4882a593Smuzhiyun
ovl_lookup_layer(struct dentry * base,struct ovl_lookup_data * d,struct dentry ** ret,bool drop_negative)301*4882a593Smuzhiyun static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
302*4882a593Smuzhiyun struct dentry **ret, bool drop_negative)
303*4882a593Smuzhiyun {
304*4882a593Smuzhiyun /* Counting down from the end, since the prefix can change */
305*4882a593Smuzhiyun size_t rem = d->name.len - 1;
306*4882a593Smuzhiyun struct dentry *dentry = NULL;
307*4882a593Smuzhiyun int err;
308*4882a593Smuzhiyun
309*4882a593Smuzhiyun if (d->name.name[0] != '/')
310*4882a593Smuzhiyun return ovl_lookup_single(base, d, d->name.name, d->name.len,
311*4882a593Smuzhiyun 0, "", ret, drop_negative);
312*4882a593Smuzhiyun
313*4882a593Smuzhiyun while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
314*4882a593Smuzhiyun const char *s = d->name.name + d->name.len - rem;
315*4882a593Smuzhiyun const char *next = strchrnul(s, '/');
316*4882a593Smuzhiyun size_t thislen = next - s;
317*4882a593Smuzhiyun bool end = !next[0];
318*4882a593Smuzhiyun
319*4882a593Smuzhiyun /* Verify we did not go off the rails */
320*4882a593Smuzhiyun if (WARN_ON(s[-1] != '/'))
321*4882a593Smuzhiyun return -EIO;
322*4882a593Smuzhiyun
323*4882a593Smuzhiyun err = ovl_lookup_single(base, d, s, thislen,
324*4882a593Smuzhiyun d->name.len - rem, next, &base,
325*4882a593Smuzhiyun drop_negative);
326*4882a593Smuzhiyun dput(dentry);
327*4882a593Smuzhiyun if (err)
328*4882a593Smuzhiyun return err;
329*4882a593Smuzhiyun dentry = base;
330*4882a593Smuzhiyun if (end)
331*4882a593Smuzhiyun break;
332*4882a593Smuzhiyun
333*4882a593Smuzhiyun rem -= thislen + 1;
334*4882a593Smuzhiyun
335*4882a593Smuzhiyun if (WARN_ON(rem >= d->name.len))
336*4882a593Smuzhiyun return -EIO;
337*4882a593Smuzhiyun }
338*4882a593Smuzhiyun *ret = dentry;
339*4882a593Smuzhiyun return 0;
340*4882a593Smuzhiyun }
341*4882a593Smuzhiyun
342*4882a593Smuzhiyun
ovl_check_origin_fh(struct ovl_fs * ofs,struct ovl_fh * fh,bool connected,struct dentry * upperdentry,struct ovl_path ** stackp)343*4882a593Smuzhiyun int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
344*4882a593Smuzhiyun struct dentry *upperdentry, struct ovl_path **stackp)
345*4882a593Smuzhiyun {
346*4882a593Smuzhiyun struct dentry *origin = NULL;
347*4882a593Smuzhiyun int i;
348*4882a593Smuzhiyun
349*4882a593Smuzhiyun for (i = 1; i < ofs->numlayer; i++) {
350*4882a593Smuzhiyun /*
351*4882a593Smuzhiyun * If lower fs uuid is not unique among lower fs we cannot match
352*4882a593Smuzhiyun * fh->uuid to layer.
353*4882a593Smuzhiyun */
354*4882a593Smuzhiyun if (ofs->layers[i].fsid &&
355*4882a593Smuzhiyun ofs->layers[i].fs->bad_uuid)
356*4882a593Smuzhiyun continue;
357*4882a593Smuzhiyun
358*4882a593Smuzhiyun origin = ovl_decode_real_fh(fh, ofs->layers[i].mnt,
359*4882a593Smuzhiyun connected);
360*4882a593Smuzhiyun if (origin)
361*4882a593Smuzhiyun break;
362*4882a593Smuzhiyun }
363*4882a593Smuzhiyun
364*4882a593Smuzhiyun if (!origin)
365*4882a593Smuzhiyun return -ESTALE;
366*4882a593Smuzhiyun else if (IS_ERR(origin))
367*4882a593Smuzhiyun return PTR_ERR(origin);
368*4882a593Smuzhiyun
369*4882a593Smuzhiyun if (upperdentry && !ovl_is_whiteout(upperdentry) &&
370*4882a593Smuzhiyun inode_wrong_type(d_inode(upperdentry), d_inode(origin)->i_mode))
371*4882a593Smuzhiyun goto invalid;
372*4882a593Smuzhiyun
373*4882a593Smuzhiyun if (!*stackp)
374*4882a593Smuzhiyun *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
375*4882a593Smuzhiyun if (!*stackp) {
376*4882a593Smuzhiyun dput(origin);
377*4882a593Smuzhiyun return -ENOMEM;
378*4882a593Smuzhiyun }
379*4882a593Smuzhiyun **stackp = (struct ovl_path){
380*4882a593Smuzhiyun .dentry = origin,
381*4882a593Smuzhiyun .layer = &ofs->layers[i]
382*4882a593Smuzhiyun };
383*4882a593Smuzhiyun
384*4882a593Smuzhiyun return 0;
385*4882a593Smuzhiyun
386*4882a593Smuzhiyun invalid:
387*4882a593Smuzhiyun pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
388*4882a593Smuzhiyun upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
389*4882a593Smuzhiyun d_inode(origin)->i_mode & S_IFMT);
390*4882a593Smuzhiyun dput(origin);
391*4882a593Smuzhiyun return -EIO;
392*4882a593Smuzhiyun }
393*4882a593Smuzhiyun
ovl_check_origin(struct ovl_fs * ofs,struct dentry * upperdentry,struct ovl_path ** stackp)394*4882a593Smuzhiyun static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
395*4882a593Smuzhiyun struct ovl_path **stackp)
396*4882a593Smuzhiyun {
397*4882a593Smuzhiyun struct ovl_fh *fh = ovl_get_fh(ofs, upperdentry, OVL_XATTR_ORIGIN);
398*4882a593Smuzhiyun int err;
399*4882a593Smuzhiyun
400*4882a593Smuzhiyun if (IS_ERR_OR_NULL(fh))
401*4882a593Smuzhiyun return PTR_ERR(fh);
402*4882a593Smuzhiyun
403*4882a593Smuzhiyun err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp);
404*4882a593Smuzhiyun kfree(fh);
405*4882a593Smuzhiyun
406*4882a593Smuzhiyun if (err) {
407*4882a593Smuzhiyun if (err == -ESTALE)
408*4882a593Smuzhiyun return 0;
409*4882a593Smuzhiyun return err;
410*4882a593Smuzhiyun }
411*4882a593Smuzhiyun
412*4882a593Smuzhiyun return 0;
413*4882a593Smuzhiyun }
414*4882a593Smuzhiyun
415*4882a593Smuzhiyun /*
416*4882a593Smuzhiyun * Verify that @fh matches the file handle stored in xattr @name.
417*4882a593Smuzhiyun * Return 0 on match, -ESTALE on mismatch, < 0 on error.
418*4882a593Smuzhiyun */
ovl_verify_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,const struct ovl_fh * fh)419*4882a593Smuzhiyun static int ovl_verify_fh(struct ovl_fs *ofs, struct dentry *dentry,
420*4882a593Smuzhiyun enum ovl_xattr ox, const struct ovl_fh *fh)
421*4882a593Smuzhiyun {
422*4882a593Smuzhiyun struct ovl_fh *ofh = ovl_get_fh(ofs, dentry, ox);
423*4882a593Smuzhiyun int err = 0;
424*4882a593Smuzhiyun
425*4882a593Smuzhiyun if (!ofh)
426*4882a593Smuzhiyun return -ENODATA;
427*4882a593Smuzhiyun
428*4882a593Smuzhiyun if (IS_ERR(ofh))
429*4882a593Smuzhiyun return PTR_ERR(ofh);
430*4882a593Smuzhiyun
431*4882a593Smuzhiyun if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len))
432*4882a593Smuzhiyun err = -ESTALE;
433*4882a593Smuzhiyun
434*4882a593Smuzhiyun kfree(ofh);
435*4882a593Smuzhiyun return err;
436*4882a593Smuzhiyun }
437*4882a593Smuzhiyun
438*4882a593Smuzhiyun /*
439*4882a593Smuzhiyun * Verify that @real dentry matches the file handle stored in xattr @name.
440*4882a593Smuzhiyun *
441*4882a593Smuzhiyun * If @set is true and there is no stored file handle, encode @real and store
442*4882a593Smuzhiyun * file handle in xattr @name.
443*4882a593Smuzhiyun *
444*4882a593Smuzhiyun * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
445*4882a593Smuzhiyun */
ovl_verify_set_fh(struct ovl_fs * ofs,struct dentry * dentry,enum ovl_xattr ox,struct dentry * real,bool is_upper,bool set)446*4882a593Smuzhiyun int ovl_verify_set_fh(struct ovl_fs *ofs, struct dentry *dentry,
447*4882a593Smuzhiyun enum ovl_xattr ox, struct dentry *real, bool is_upper,
448*4882a593Smuzhiyun bool set)
449*4882a593Smuzhiyun {
450*4882a593Smuzhiyun struct inode *inode;
451*4882a593Smuzhiyun struct ovl_fh *fh;
452*4882a593Smuzhiyun int err;
453*4882a593Smuzhiyun
454*4882a593Smuzhiyun fh = ovl_encode_real_fh(real, is_upper);
455*4882a593Smuzhiyun err = PTR_ERR(fh);
456*4882a593Smuzhiyun if (IS_ERR(fh)) {
457*4882a593Smuzhiyun fh = NULL;
458*4882a593Smuzhiyun goto fail;
459*4882a593Smuzhiyun }
460*4882a593Smuzhiyun
461*4882a593Smuzhiyun err = ovl_verify_fh(ofs, dentry, ox, fh);
462*4882a593Smuzhiyun if (set && err == -ENODATA)
463*4882a593Smuzhiyun err = ovl_do_setxattr(ofs, dentry, ox, fh->buf, fh->fb.len);
464*4882a593Smuzhiyun if (err)
465*4882a593Smuzhiyun goto fail;
466*4882a593Smuzhiyun
467*4882a593Smuzhiyun out:
468*4882a593Smuzhiyun kfree(fh);
469*4882a593Smuzhiyun return err;
470*4882a593Smuzhiyun
471*4882a593Smuzhiyun fail:
472*4882a593Smuzhiyun inode = d_inode(real);
473*4882a593Smuzhiyun pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n",
474*4882a593Smuzhiyun is_upper ? "upper" : "origin", real,
475*4882a593Smuzhiyun inode ? inode->i_ino : 0, err);
476*4882a593Smuzhiyun goto out;
477*4882a593Smuzhiyun }
478*4882a593Smuzhiyun
479*4882a593Smuzhiyun /* Get upper dentry from index */
ovl_index_upper(struct ovl_fs * ofs,struct dentry * index)480*4882a593Smuzhiyun struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
481*4882a593Smuzhiyun {
482*4882a593Smuzhiyun struct ovl_fh *fh;
483*4882a593Smuzhiyun struct dentry *upper;
484*4882a593Smuzhiyun
485*4882a593Smuzhiyun if (!d_is_dir(index))
486*4882a593Smuzhiyun return dget(index);
487*4882a593Smuzhiyun
488*4882a593Smuzhiyun fh = ovl_get_fh(ofs, index, OVL_XATTR_UPPER);
489*4882a593Smuzhiyun if (IS_ERR_OR_NULL(fh))
490*4882a593Smuzhiyun return ERR_CAST(fh);
491*4882a593Smuzhiyun
492*4882a593Smuzhiyun upper = ovl_decode_real_fh(fh, ovl_upper_mnt(ofs), true);
493*4882a593Smuzhiyun kfree(fh);
494*4882a593Smuzhiyun
495*4882a593Smuzhiyun if (IS_ERR_OR_NULL(upper))
496*4882a593Smuzhiyun return upper ?: ERR_PTR(-ESTALE);
497*4882a593Smuzhiyun
498*4882a593Smuzhiyun if (!d_is_dir(upper)) {
499*4882a593Smuzhiyun pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n",
500*4882a593Smuzhiyun index, upper);
501*4882a593Smuzhiyun dput(upper);
502*4882a593Smuzhiyun return ERR_PTR(-EIO);
503*4882a593Smuzhiyun }
504*4882a593Smuzhiyun
505*4882a593Smuzhiyun return upper;
506*4882a593Smuzhiyun }
507*4882a593Smuzhiyun
508*4882a593Smuzhiyun /*
509*4882a593Smuzhiyun * Verify that an index entry name matches the origin file handle stored in
510*4882a593Smuzhiyun * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
511*4882a593Smuzhiyun * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
512*4882a593Smuzhiyun */
ovl_verify_index(struct ovl_fs * ofs,struct dentry * index)513*4882a593Smuzhiyun int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
514*4882a593Smuzhiyun {
515*4882a593Smuzhiyun struct ovl_fh *fh = NULL;
516*4882a593Smuzhiyun size_t len;
517*4882a593Smuzhiyun struct ovl_path origin = { };
518*4882a593Smuzhiyun struct ovl_path *stack = &origin;
519*4882a593Smuzhiyun struct dentry *upper = NULL;
520*4882a593Smuzhiyun int err;
521*4882a593Smuzhiyun
522*4882a593Smuzhiyun if (!d_inode(index))
523*4882a593Smuzhiyun return 0;
524*4882a593Smuzhiyun
525*4882a593Smuzhiyun err = -EINVAL;
526*4882a593Smuzhiyun if (index->d_name.len < sizeof(struct ovl_fb)*2)
527*4882a593Smuzhiyun goto fail;
528*4882a593Smuzhiyun
529*4882a593Smuzhiyun err = -ENOMEM;
530*4882a593Smuzhiyun len = index->d_name.len / 2;
531*4882a593Smuzhiyun fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
532*4882a593Smuzhiyun if (!fh)
533*4882a593Smuzhiyun goto fail;
534*4882a593Smuzhiyun
535*4882a593Smuzhiyun err = -EINVAL;
536*4882a593Smuzhiyun if (hex2bin(fh->buf, index->d_name.name, len))
537*4882a593Smuzhiyun goto fail;
538*4882a593Smuzhiyun
539*4882a593Smuzhiyun err = ovl_check_fb_len(&fh->fb, len);
540*4882a593Smuzhiyun if (err)
541*4882a593Smuzhiyun goto fail;
542*4882a593Smuzhiyun
543*4882a593Smuzhiyun /*
544*4882a593Smuzhiyun * Whiteout index entries are used as an indication that an exported
545*4882a593Smuzhiyun * overlay file handle should be treated as stale (i.e. after unlink
546*4882a593Smuzhiyun * of the overlay inode). These entries contain no origin xattr.
547*4882a593Smuzhiyun */
548*4882a593Smuzhiyun if (ovl_is_whiteout(index))
549*4882a593Smuzhiyun goto out;
550*4882a593Smuzhiyun
551*4882a593Smuzhiyun /*
552*4882a593Smuzhiyun * Verifying directory index entries are not stale is expensive, so
553*4882a593Smuzhiyun * only verify stale dir index if NFS export is enabled.
554*4882a593Smuzhiyun */
555*4882a593Smuzhiyun if (d_is_dir(index) && !ofs->config.nfs_export)
556*4882a593Smuzhiyun goto out;
557*4882a593Smuzhiyun
558*4882a593Smuzhiyun /*
559*4882a593Smuzhiyun * Directory index entries should have 'upper' xattr pointing to the
560*4882a593Smuzhiyun * real upper dir. Non-dir index entries are hardlinks to the upper
561*4882a593Smuzhiyun * real inode. For non-dir index, we can read the copy up origin xattr
562*4882a593Smuzhiyun * directly from the index dentry, but for dir index we first need to
563*4882a593Smuzhiyun * decode the upper directory.
564*4882a593Smuzhiyun */
565*4882a593Smuzhiyun upper = ovl_index_upper(ofs, index);
566*4882a593Smuzhiyun if (IS_ERR_OR_NULL(upper)) {
567*4882a593Smuzhiyun err = PTR_ERR(upper);
568*4882a593Smuzhiyun /*
569*4882a593Smuzhiyun * Directory index entries with no 'upper' xattr need to be
570*4882a593Smuzhiyun * removed. When dir index entry has a stale 'upper' xattr,
571*4882a593Smuzhiyun * we assume that upper dir was removed and we treat the dir
572*4882a593Smuzhiyun * index as orphan entry that needs to be whited out.
573*4882a593Smuzhiyun */
574*4882a593Smuzhiyun if (err == -ESTALE)
575*4882a593Smuzhiyun goto orphan;
576*4882a593Smuzhiyun else if (!err)
577*4882a593Smuzhiyun err = -ESTALE;
578*4882a593Smuzhiyun goto fail;
579*4882a593Smuzhiyun }
580*4882a593Smuzhiyun
581*4882a593Smuzhiyun err = ovl_verify_fh(ofs, upper, OVL_XATTR_ORIGIN, fh);
582*4882a593Smuzhiyun dput(upper);
583*4882a593Smuzhiyun if (err)
584*4882a593Smuzhiyun goto fail;
585*4882a593Smuzhiyun
586*4882a593Smuzhiyun /* Check if non-dir index is orphan and don't warn before cleaning it */
587*4882a593Smuzhiyun if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
588*4882a593Smuzhiyun err = ovl_check_origin_fh(ofs, fh, false, index, &stack);
589*4882a593Smuzhiyun if (err)
590*4882a593Smuzhiyun goto fail;
591*4882a593Smuzhiyun
592*4882a593Smuzhiyun if (ovl_get_nlink(ofs, origin.dentry, index, 0) == 0)
593*4882a593Smuzhiyun goto orphan;
594*4882a593Smuzhiyun }
595*4882a593Smuzhiyun
596*4882a593Smuzhiyun out:
597*4882a593Smuzhiyun dput(origin.dentry);
598*4882a593Smuzhiyun kfree(fh);
599*4882a593Smuzhiyun return err;
600*4882a593Smuzhiyun
601*4882a593Smuzhiyun fail:
602*4882a593Smuzhiyun pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n",
603*4882a593Smuzhiyun index, d_inode(index)->i_mode & S_IFMT, err);
604*4882a593Smuzhiyun goto out;
605*4882a593Smuzhiyun
606*4882a593Smuzhiyun orphan:
607*4882a593Smuzhiyun pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
608*4882a593Smuzhiyun index, d_inode(index)->i_mode & S_IFMT,
609*4882a593Smuzhiyun d_inode(index)->i_nlink);
610*4882a593Smuzhiyun err = -ENOENT;
611*4882a593Smuzhiyun goto out;
612*4882a593Smuzhiyun }
613*4882a593Smuzhiyun
ovl_get_index_name_fh(struct ovl_fh * fh,struct qstr * name)614*4882a593Smuzhiyun static int ovl_get_index_name_fh(struct ovl_fh *fh, struct qstr *name)
615*4882a593Smuzhiyun {
616*4882a593Smuzhiyun char *n, *s;
617*4882a593Smuzhiyun
618*4882a593Smuzhiyun n = kcalloc(fh->fb.len, 2, GFP_KERNEL);
619*4882a593Smuzhiyun if (!n)
620*4882a593Smuzhiyun return -ENOMEM;
621*4882a593Smuzhiyun
622*4882a593Smuzhiyun s = bin2hex(n, fh->buf, fh->fb.len);
623*4882a593Smuzhiyun *name = (struct qstr) QSTR_INIT(n, s - n);
624*4882a593Smuzhiyun
625*4882a593Smuzhiyun return 0;
626*4882a593Smuzhiyun
627*4882a593Smuzhiyun }
628*4882a593Smuzhiyun
629*4882a593Smuzhiyun /*
630*4882a593Smuzhiyun * Lookup in indexdir for the index entry of a lower real inode or a copy up
631*4882a593Smuzhiyun * origin inode. The index entry name is the hex representation of the lower
632*4882a593Smuzhiyun * inode file handle.
633*4882a593Smuzhiyun *
634*4882a593Smuzhiyun * If the index dentry in negative, then either no lower aliases have been
635*4882a593Smuzhiyun * copied up yet, or aliases have been copied up in older kernels and are
636*4882a593Smuzhiyun * not indexed.
637*4882a593Smuzhiyun *
638*4882a593Smuzhiyun * If the index dentry for a copy up origin inode is positive, but points
639*4882a593Smuzhiyun * to an inode different than the upper inode, then either the upper inode
640*4882a593Smuzhiyun * has been copied up and not indexed or it was indexed, but since then
641*4882a593Smuzhiyun * index dir was cleared. Either way, that index cannot be used to indentify
642*4882a593Smuzhiyun * the overlay inode.
643*4882a593Smuzhiyun */
ovl_get_index_name(struct dentry * origin,struct qstr * name)644*4882a593Smuzhiyun int ovl_get_index_name(struct dentry *origin, struct qstr *name)
645*4882a593Smuzhiyun {
646*4882a593Smuzhiyun struct ovl_fh *fh;
647*4882a593Smuzhiyun int err;
648*4882a593Smuzhiyun
649*4882a593Smuzhiyun fh = ovl_encode_real_fh(origin, false);
650*4882a593Smuzhiyun if (IS_ERR(fh))
651*4882a593Smuzhiyun return PTR_ERR(fh);
652*4882a593Smuzhiyun
653*4882a593Smuzhiyun err = ovl_get_index_name_fh(fh, name);
654*4882a593Smuzhiyun
655*4882a593Smuzhiyun kfree(fh);
656*4882a593Smuzhiyun return err;
657*4882a593Smuzhiyun }
658*4882a593Smuzhiyun
659*4882a593Smuzhiyun /* Lookup index by file handle for NFS export */
ovl_get_index_fh(struct ovl_fs * ofs,struct ovl_fh * fh)660*4882a593Smuzhiyun struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
661*4882a593Smuzhiyun {
662*4882a593Smuzhiyun struct dentry *index;
663*4882a593Smuzhiyun struct qstr name;
664*4882a593Smuzhiyun int err;
665*4882a593Smuzhiyun
666*4882a593Smuzhiyun err = ovl_get_index_name_fh(fh, &name);
667*4882a593Smuzhiyun if (err)
668*4882a593Smuzhiyun return ERR_PTR(err);
669*4882a593Smuzhiyun
670*4882a593Smuzhiyun index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
671*4882a593Smuzhiyun kfree(name.name);
672*4882a593Smuzhiyun if (IS_ERR(index)) {
673*4882a593Smuzhiyun if (PTR_ERR(index) == -ENOENT)
674*4882a593Smuzhiyun index = NULL;
675*4882a593Smuzhiyun return index;
676*4882a593Smuzhiyun }
677*4882a593Smuzhiyun
678*4882a593Smuzhiyun if (ovl_is_whiteout(index))
679*4882a593Smuzhiyun err = -ESTALE;
680*4882a593Smuzhiyun else if (ovl_dentry_weird(index))
681*4882a593Smuzhiyun err = -EIO;
682*4882a593Smuzhiyun else
683*4882a593Smuzhiyun return index;
684*4882a593Smuzhiyun
685*4882a593Smuzhiyun dput(index);
686*4882a593Smuzhiyun return ERR_PTR(err);
687*4882a593Smuzhiyun }
688*4882a593Smuzhiyun
ovl_lookup_index(struct ovl_fs * ofs,struct dentry * upper,struct dentry * origin,bool verify)689*4882a593Smuzhiyun struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
690*4882a593Smuzhiyun struct dentry *origin, bool verify)
691*4882a593Smuzhiyun {
692*4882a593Smuzhiyun struct dentry *index;
693*4882a593Smuzhiyun struct inode *inode;
694*4882a593Smuzhiyun struct qstr name;
695*4882a593Smuzhiyun bool is_dir = d_is_dir(origin);
696*4882a593Smuzhiyun int err;
697*4882a593Smuzhiyun
698*4882a593Smuzhiyun err = ovl_get_index_name(origin, &name);
699*4882a593Smuzhiyun if (err)
700*4882a593Smuzhiyun return ERR_PTR(err);
701*4882a593Smuzhiyun
702*4882a593Smuzhiyun index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
703*4882a593Smuzhiyun if (IS_ERR(index)) {
704*4882a593Smuzhiyun err = PTR_ERR(index);
705*4882a593Smuzhiyun if (err == -ENOENT) {
706*4882a593Smuzhiyun index = NULL;
707*4882a593Smuzhiyun goto out;
708*4882a593Smuzhiyun }
709*4882a593Smuzhiyun pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n"
710*4882a593Smuzhiyun "overlayfs: mount with '-o index=off' to disable inodes index.\n",
711*4882a593Smuzhiyun d_inode(origin)->i_ino, name.len, name.name,
712*4882a593Smuzhiyun err);
713*4882a593Smuzhiyun goto out;
714*4882a593Smuzhiyun }
715*4882a593Smuzhiyun
716*4882a593Smuzhiyun inode = d_inode(index);
717*4882a593Smuzhiyun if (ovl_is_whiteout(index) && !verify) {
718*4882a593Smuzhiyun /*
719*4882a593Smuzhiyun * When index lookup is called with !verify for decoding an
720*4882a593Smuzhiyun * overlay file handle, a whiteout index implies that decode
721*4882a593Smuzhiyun * should treat file handle as stale and no need to print a
722*4882a593Smuzhiyun * warning about it.
723*4882a593Smuzhiyun */
724*4882a593Smuzhiyun dput(index);
725*4882a593Smuzhiyun index = ERR_PTR(-ESTALE);
726*4882a593Smuzhiyun goto out;
727*4882a593Smuzhiyun } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
728*4882a593Smuzhiyun inode_wrong_type(inode, d_inode(origin)->i_mode)) {
729*4882a593Smuzhiyun /*
730*4882a593Smuzhiyun * Index should always be of the same file type as origin
731*4882a593Smuzhiyun * except for the case of a whiteout index. A whiteout
732*4882a593Smuzhiyun * index should only exist if all lower aliases have been
733*4882a593Smuzhiyun * unlinked, which means that finding a lower origin on lookup
734*4882a593Smuzhiyun * whose index is a whiteout should be treated as an error.
735*4882a593Smuzhiyun */
736*4882a593Smuzhiyun pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
737*4882a593Smuzhiyun index, d_inode(index)->i_mode & S_IFMT,
738*4882a593Smuzhiyun d_inode(origin)->i_mode & S_IFMT);
739*4882a593Smuzhiyun goto fail;
740*4882a593Smuzhiyun } else if (is_dir && verify) {
741*4882a593Smuzhiyun if (!upper) {
742*4882a593Smuzhiyun pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
743*4882a593Smuzhiyun origin, index);
744*4882a593Smuzhiyun goto fail;
745*4882a593Smuzhiyun }
746*4882a593Smuzhiyun
747*4882a593Smuzhiyun /* Verify that dir index 'upper' xattr points to upper dir */
748*4882a593Smuzhiyun err = ovl_verify_upper(ofs, index, upper, false);
749*4882a593Smuzhiyun if (err) {
750*4882a593Smuzhiyun if (err == -ESTALE) {
751*4882a593Smuzhiyun pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
752*4882a593Smuzhiyun upper, origin, index);
753*4882a593Smuzhiyun }
754*4882a593Smuzhiyun goto fail;
755*4882a593Smuzhiyun }
756*4882a593Smuzhiyun } else if (upper && d_inode(upper) != inode) {
757*4882a593Smuzhiyun goto out_dput;
758*4882a593Smuzhiyun }
759*4882a593Smuzhiyun out:
760*4882a593Smuzhiyun kfree(name.name);
761*4882a593Smuzhiyun return index;
762*4882a593Smuzhiyun
763*4882a593Smuzhiyun out_dput:
764*4882a593Smuzhiyun dput(index);
765*4882a593Smuzhiyun index = NULL;
766*4882a593Smuzhiyun goto out;
767*4882a593Smuzhiyun
768*4882a593Smuzhiyun fail:
769*4882a593Smuzhiyun dput(index);
770*4882a593Smuzhiyun index = ERR_PTR(-EIO);
771*4882a593Smuzhiyun goto out;
772*4882a593Smuzhiyun }
773*4882a593Smuzhiyun
774*4882a593Smuzhiyun /*
775*4882a593Smuzhiyun * Returns next layer in stack starting from top.
776*4882a593Smuzhiyun * Returns -1 if this is the last layer.
777*4882a593Smuzhiyun */
ovl_path_next(int idx,struct dentry * dentry,struct path * path)778*4882a593Smuzhiyun int ovl_path_next(int idx, struct dentry *dentry, struct path *path)
779*4882a593Smuzhiyun {
780*4882a593Smuzhiyun struct ovl_entry *oe = dentry->d_fsdata;
781*4882a593Smuzhiyun
782*4882a593Smuzhiyun BUG_ON(idx < 0);
783*4882a593Smuzhiyun if (idx == 0) {
784*4882a593Smuzhiyun ovl_path_upper(dentry, path);
785*4882a593Smuzhiyun if (path->dentry)
786*4882a593Smuzhiyun return oe->numlower ? 1 : -1;
787*4882a593Smuzhiyun idx++;
788*4882a593Smuzhiyun }
789*4882a593Smuzhiyun BUG_ON(idx > oe->numlower);
790*4882a593Smuzhiyun path->dentry = oe->lowerstack[idx - 1].dentry;
791*4882a593Smuzhiyun path->mnt = oe->lowerstack[idx - 1].layer->mnt;
792*4882a593Smuzhiyun
793*4882a593Smuzhiyun return (idx < oe->numlower) ? idx + 1 : -1;
794*4882a593Smuzhiyun }
795*4882a593Smuzhiyun
796*4882a593Smuzhiyun /* Fix missing 'origin' xattr */
ovl_fix_origin(struct ovl_fs * ofs,struct dentry * dentry,struct dentry * lower,struct dentry * upper)797*4882a593Smuzhiyun static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry,
798*4882a593Smuzhiyun struct dentry *lower, struct dentry *upper)
799*4882a593Smuzhiyun {
800*4882a593Smuzhiyun int err;
801*4882a593Smuzhiyun
802*4882a593Smuzhiyun if (ovl_check_origin_xattr(ofs, upper))
803*4882a593Smuzhiyun return 0;
804*4882a593Smuzhiyun
805*4882a593Smuzhiyun err = ovl_want_write(dentry);
806*4882a593Smuzhiyun if (err)
807*4882a593Smuzhiyun return err;
808*4882a593Smuzhiyun
809*4882a593Smuzhiyun err = ovl_set_origin(dentry, lower, upper);
810*4882a593Smuzhiyun if (!err)
811*4882a593Smuzhiyun err = ovl_set_impure(dentry->d_parent, upper->d_parent);
812*4882a593Smuzhiyun
813*4882a593Smuzhiyun ovl_drop_write(dentry);
814*4882a593Smuzhiyun return err;
815*4882a593Smuzhiyun }
816*4882a593Smuzhiyun
ovl_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)817*4882a593Smuzhiyun struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
818*4882a593Smuzhiyun unsigned int flags)
819*4882a593Smuzhiyun {
820*4882a593Smuzhiyun struct ovl_entry *oe;
821*4882a593Smuzhiyun const struct cred *old_cred;
822*4882a593Smuzhiyun struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
823*4882a593Smuzhiyun struct ovl_entry *poe = dentry->d_parent->d_fsdata;
824*4882a593Smuzhiyun struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata;
825*4882a593Smuzhiyun struct ovl_path *stack = NULL, *origin_path = NULL;
826*4882a593Smuzhiyun struct dentry *upperdir, *upperdentry = NULL;
827*4882a593Smuzhiyun struct dentry *origin = NULL;
828*4882a593Smuzhiyun struct dentry *index = NULL;
829*4882a593Smuzhiyun unsigned int ctr = 0;
830*4882a593Smuzhiyun struct inode *inode = NULL;
831*4882a593Smuzhiyun bool upperopaque = false;
832*4882a593Smuzhiyun char *upperredirect = NULL;
833*4882a593Smuzhiyun struct dentry *this;
834*4882a593Smuzhiyun unsigned int i;
835*4882a593Smuzhiyun int err;
836*4882a593Smuzhiyun bool uppermetacopy = false;
837*4882a593Smuzhiyun struct ovl_lookup_data d = {
838*4882a593Smuzhiyun .sb = dentry->d_sb,
839*4882a593Smuzhiyun .name = dentry->d_name,
840*4882a593Smuzhiyun .is_dir = false,
841*4882a593Smuzhiyun .opaque = false,
842*4882a593Smuzhiyun .stop = false,
843*4882a593Smuzhiyun .last = ofs->config.redirect_follow ? false : !poe->numlower,
844*4882a593Smuzhiyun .redirect = NULL,
845*4882a593Smuzhiyun .metacopy = false,
846*4882a593Smuzhiyun };
847*4882a593Smuzhiyun
848*4882a593Smuzhiyun if (dentry->d_name.len > ofs->namelen)
849*4882a593Smuzhiyun return ERR_PTR(-ENAMETOOLONG);
850*4882a593Smuzhiyun
851*4882a593Smuzhiyun old_cred = ovl_override_creds(dentry->d_sb);
852*4882a593Smuzhiyun upperdir = ovl_dentry_upper(dentry->d_parent);
853*4882a593Smuzhiyun if (upperdir) {
854*4882a593Smuzhiyun err = ovl_lookup_layer(upperdir, &d, &upperdentry, true);
855*4882a593Smuzhiyun if (err)
856*4882a593Smuzhiyun goto out;
857*4882a593Smuzhiyun
858*4882a593Smuzhiyun if (upperdentry && upperdentry->d_flags & DCACHE_OP_REAL) {
859*4882a593Smuzhiyun dput(upperdentry);
860*4882a593Smuzhiyun err = -EREMOTE;
861*4882a593Smuzhiyun goto out;
862*4882a593Smuzhiyun }
863*4882a593Smuzhiyun if (upperdentry && !d.is_dir) {
864*4882a593Smuzhiyun /*
865*4882a593Smuzhiyun * Lookup copy up origin by decoding origin file handle.
866*4882a593Smuzhiyun * We may get a disconnected dentry, which is fine,
867*4882a593Smuzhiyun * because we only need to hold the origin inode in
868*4882a593Smuzhiyun * cache and use its inode number. We may even get a
869*4882a593Smuzhiyun * connected dentry, that is not under any of the lower
870*4882a593Smuzhiyun * layers root. That is also fine for using it's inode
871*4882a593Smuzhiyun * number - it's the same as if we held a reference
872*4882a593Smuzhiyun * to a dentry in lower layer that was moved under us.
873*4882a593Smuzhiyun */
874*4882a593Smuzhiyun err = ovl_check_origin(ofs, upperdentry, &origin_path);
875*4882a593Smuzhiyun if (err)
876*4882a593Smuzhiyun goto out_put_upper;
877*4882a593Smuzhiyun
878*4882a593Smuzhiyun if (d.metacopy)
879*4882a593Smuzhiyun uppermetacopy = true;
880*4882a593Smuzhiyun }
881*4882a593Smuzhiyun
882*4882a593Smuzhiyun if (d.redirect) {
883*4882a593Smuzhiyun err = -ENOMEM;
884*4882a593Smuzhiyun upperredirect = kstrdup(d.redirect, GFP_KERNEL);
885*4882a593Smuzhiyun if (!upperredirect)
886*4882a593Smuzhiyun goto out_put_upper;
887*4882a593Smuzhiyun if (d.redirect[0] == '/')
888*4882a593Smuzhiyun poe = roe;
889*4882a593Smuzhiyun }
890*4882a593Smuzhiyun upperopaque = d.opaque;
891*4882a593Smuzhiyun }
892*4882a593Smuzhiyun
893*4882a593Smuzhiyun if (!d.stop && poe->numlower) {
894*4882a593Smuzhiyun err = -ENOMEM;
895*4882a593Smuzhiyun stack = kcalloc(ofs->numlayer - 1, sizeof(struct ovl_path),
896*4882a593Smuzhiyun GFP_KERNEL);
897*4882a593Smuzhiyun if (!stack)
898*4882a593Smuzhiyun goto out_put_upper;
899*4882a593Smuzhiyun }
900*4882a593Smuzhiyun
901*4882a593Smuzhiyun for (i = 0; !d.stop && i < poe->numlower; i++) {
902*4882a593Smuzhiyun struct ovl_path lower = poe->lowerstack[i];
903*4882a593Smuzhiyun
904*4882a593Smuzhiyun if (!ofs->config.redirect_follow)
905*4882a593Smuzhiyun d.last = i == poe->numlower - 1;
906*4882a593Smuzhiyun else
907*4882a593Smuzhiyun d.last = lower.layer->idx == roe->numlower;
908*4882a593Smuzhiyun
909*4882a593Smuzhiyun err = ovl_lookup_layer(lower.dentry, &d, &this, false);
910*4882a593Smuzhiyun if (err)
911*4882a593Smuzhiyun goto out_put;
912*4882a593Smuzhiyun
913*4882a593Smuzhiyun if (!this)
914*4882a593Smuzhiyun continue;
915*4882a593Smuzhiyun
916*4882a593Smuzhiyun if ((uppermetacopy || d.metacopy) && !ofs->config.metacopy) {
917*4882a593Smuzhiyun dput(this);
918*4882a593Smuzhiyun err = -EPERM;
919*4882a593Smuzhiyun pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry);
920*4882a593Smuzhiyun goto out_put;
921*4882a593Smuzhiyun }
922*4882a593Smuzhiyun
923*4882a593Smuzhiyun /*
924*4882a593Smuzhiyun * If no origin fh is stored in upper of a merge dir, store fh
925*4882a593Smuzhiyun * of lower dir and set upper parent "impure".
926*4882a593Smuzhiyun */
927*4882a593Smuzhiyun if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) {
928*4882a593Smuzhiyun err = ovl_fix_origin(ofs, dentry, this, upperdentry);
929*4882a593Smuzhiyun if (err) {
930*4882a593Smuzhiyun dput(this);
931*4882a593Smuzhiyun goto out_put;
932*4882a593Smuzhiyun }
933*4882a593Smuzhiyun }
934*4882a593Smuzhiyun
935*4882a593Smuzhiyun /*
936*4882a593Smuzhiyun * When "verify_lower" feature is enabled, do not merge with a
937*4882a593Smuzhiyun * lower dir that does not match a stored origin xattr. In any
938*4882a593Smuzhiyun * case, only verified origin is used for index lookup.
939*4882a593Smuzhiyun *
940*4882a593Smuzhiyun * For non-dir dentry, if index=on, then ensure origin
941*4882a593Smuzhiyun * matches the dentry found using path based lookup,
942*4882a593Smuzhiyun * otherwise error out.
943*4882a593Smuzhiyun */
944*4882a593Smuzhiyun if (upperdentry && !ctr &&
945*4882a593Smuzhiyun ((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
946*4882a593Smuzhiyun (!d.is_dir && ofs->config.index && origin_path))) {
947*4882a593Smuzhiyun err = ovl_verify_origin(ofs, upperdentry, this, false);
948*4882a593Smuzhiyun if (err) {
949*4882a593Smuzhiyun dput(this);
950*4882a593Smuzhiyun if (d.is_dir)
951*4882a593Smuzhiyun break;
952*4882a593Smuzhiyun goto out_put;
953*4882a593Smuzhiyun }
954*4882a593Smuzhiyun origin = this;
955*4882a593Smuzhiyun }
956*4882a593Smuzhiyun
957*4882a593Smuzhiyun if (d.metacopy && ctr) {
958*4882a593Smuzhiyun /*
959*4882a593Smuzhiyun * Do not store intermediate metacopy dentries in
960*4882a593Smuzhiyun * lower chain, except top most lower metacopy dentry.
961*4882a593Smuzhiyun * Continue the loop so that if there is an absolute
962*4882a593Smuzhiyun * redirect on this dentry, poe can be reset to roe.
963*4882a593Smuzhiyun */
964*4882a593Smuzhiyun dput(this);
965*4882a593Smuzhiyun this = NULL;
966*4882a593Smuzhiyun } else {
967*4882a593Smuzhiyun stack[ctr].dentry = this;
968*4882a593Smuzhiyun stack[ctr].layer = lower.layer;
969*4882a593Smuzhiyun ctr++;
970*4882a593Smuzhiyun }
971*4882a593Smuzhiyun
972*4882a593Smuzhiyun /*
973*4882a593Smuzhiyun * Following redirects can have security consequences: it's like
974*4882a593Smuzhiyun * a symlink into the lower layer without the permission checks.
975*4882a593Smuzhiyun * This is only a problem if the upper layer is untrusted (e.g
976*4882a593Smuzhiyun * comes from an USB drive). This can allow a non-readable file
977*4882a593Smuzhiyun * or directory to become readable.
978*4882a593Smuzhiyun *
979*4882a593Smuzhiyun * Only following redirects when redirects are enabled disables
980*4882a593Smuzhiyun * this attack vector when not necessary.
981*4882a593Smuzhiyun */
982*4882a593Smuzhiyun err = -EPERM;
983*4882a593Smuzhiyun if (d.redirect && !ofs->config.redirect_follow) {
984*4882a593Smuzhiyun pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n",
985*4882a593Smuzhiyun dentry);
986*4882a593Smuzhiyun goto out_put;
987*4882a593Smuzhiyun }
988*4882a593Smuzhiyun
989*4882a593Smuzhiyun if (d.stop)
990*4882a593Smuzhiyun break;
991*4882a593Smuzhiyun
992*4882a593Smuzhiyun if (d.redirect && d.redirect[0] == '/' && poe != roe) {
993*4882a593Smuzhiyun poe = roe;
994*4882a593Smuzhiyun /* Find the current layer on the root dentry */
995*4882a593Smuzhiyun i = lower.layer->idx - 1;
996*4882a593Smuzhiyun }
997*4882a593Smuzhiyun }
998*4882a593Smuzhiyun
999*4882a593Smuzhiyun /*
1000*4882a593Smuzhiyun * For regular non-metacopy upper dentries, there is no lower
1001*4882a593Smuzhiyun * path based lookup, hence ctr will be zero. If a dentry is found
1002*4882a593Smuzhiyun * using ORIGIN xattr on upper, install it in stack.
1003*4882a593Smuzhiyun *
1004*4882a593Smuzhiyun * For metacopy dentry, path based lookup will find lower dentries.
1005*4882a593Smuzhiyun * Just make sure a corresponding data dentry has been found.
1006*4882a593Smuzhiyun */
1007*4882a593Smuzhiyun if (d.metacopy || (uppermetacopy && !ctr)) {
1008*4882a593Smuzhiyun err = -EIO;
1009*4882a593Smuzhiyun goto out_put;
1010*4882a593Smuzhiyun } else if (!d.is_dir && upperdentry && !ctr && origin_path) {
1011*4882a593Smuzhiyun if (WARN_ON(stack != NULL)) {
1012*4882a593Smuzhiyun err = -EIO;
1013*4882a593Smuzhiyun goto out_put;
1014*4882a593Smuzhiyun }
1015*4882a593Smuzhiyun stack = origin_path;
1016*4882a593Smuzhiyun ctr = 1;
1017*4882a593Smuzhiyun origin = origin_path->dentry;
1018*4882a593Smuzhiyun origin_path = NULL;
1019*4882a593Smuzhiyun }
1020*4882a593Smuzhiyun
1021*4882a593Smuzhiyun /*
1022*4882a593Smuzhiyun * Always lookup index if there is no-upperdentry.
1023*4882a593Smuzhiyun *
1024*4882a593Smuzhiyun * For the case of upperdentry, we have set origin by now if it
1025*4882a593Smuzhiyun * needed to be set. There are basically three cases.
1026*4882a593Smuzhiyun *
1027*4882a593Smuzhiyun * For directories, lookup index by lower inode and verify it matches
1028*4882a593Smuzhiyun * upper inode. We only trust dir index if we verified that lower dir
1029*4882a593Smuzhiyun * matches origin, otherwise dir index entries may be inconsistent
1030*4882a593Smuzhiyun * and we ignore them.
1031*4882a593Smuzhiyun *
1032*4882a593Smuzhiyun * For regular upper, we already set origin if upper had ORIGIN
1033*4882a593Smuzhiyun * xattr. There is no verification though as there is no path
1034*4882a593Smuzhiyun * based dentry lookup in lower in this case.
1035*4882a593Smuzhiyun *
1036*4882a593Smuzhiyun * For metacopy upper, we set a verified origin already if index
1037*4882a593Smuzhiyun * is enabled and if upper had an ORIGIN xattr.
1038*4882a593Smuzhiyun *
1039*4882a593Smuzhiyun */
1040*4882a593Smuzhiyun if (!upperdentry && ctr)
1041*4882a593Smuzhiyun origin = stack[0].dentry;
1042*4882a593Smuzhiyun
1043*4882a593Smuzhiyun if (origin && ovl_indexdir(dentry->d_sb) &&
1044*4882a593Smuzhiyun (!d.is_dir || ovl_index_all(dentry->d_sb))) {
1045*4882a593Smuzhiyun index = ovl_lookup_index(ofs, upperdentry, origin, true);
1046*4882a593Smuzhiyun if (IS_ERR(index)) {
1047*4882a593Smuzhiyun err = PTR_ERR(index);
1048*4882a593Smuzhiyun index = NULL;
1049*4882a593Smuzhiyun goto out_put;
1050*4882a593Smuzhiyun }
1051*4882a593Smuzhiyun }
1052*4882a593Smuzhiyun
1053*4882a593Smuzhiyun oe = ovl_alloc_entry(ctr);
1054*4882a593Smuzhiyun err = -ENOMEM;
1055*4882a593Smuzhiyun if (!oe)
1056*4882a593Smuzhiyun goto out_put;
1057*4882a593Smuzhiyun
1058*4882a593Smuzhiyun memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
1059*4882a593Smuzhiyun dentry->d_fsdata = oe;
1060*4882a593Smuzhiyun
1061*4882a593Smuzhiyun if (upperopaque)
1062*4882a593Smuzhiyun ovl_dentry_set_opaque(dentry);
1063*4882a593Smuzhiyun
1064*4882a593Smuzhiyun if (upperdentry)
1065*4882a593Smuzhiyun ovl_dentry_set_upper_alias(dentry);
1066*4882a593Smuzhiyun else if (index) {
1067*4882a593Smuzhiyun upperdentry = dget(index);
1068*4882a593Smuzhiyun upperredirect = ovl_get_redirect_xattr(ofs, upperdentry, 0);
1069*4882a593Smuzhiyun if (IS_ERR(upperredirect)) {
1070*4882a593Smuzhiyun err = PTR_ERR(upperredirect);
1071*4882a593Smuzhiyun upperredirect = NULL;
1072*4882a593Smuzhiyun goto out_free_oe;
1073*4882a593Smuzhiyun }
1074*4882a593Smuzhiyun err = ovl_check_metacopy_xattr(ofs, upperdentry);
1075*4882a593Smuzhiyun if (err < 0)
1076*4882a593Smuzhiyun goto out_free_oe;
1077*4882a593Smuzhiyun uppermetacopy = err;
1078*4882a593Smuzhiyun }
1079*4882a593Smuzhiyun
1080*4882a593Smuzhiyun if (upperdentry || ctr) {
1081*4882a593Smuzhiyun struct ovl_inode_params oip = {
1082*4882a593Smuzhiyun .upperdentry = upperdentry,
1083*4882a593Smuzhiyun .lowerpath = stack,
1084*4882a593Smuzhiyun .index = index,
1085*4882a593Smuzhiyun .numlower = ctr,
1086*4882a593Smuzhiyun .redirect = upperredirect,
1087*4882a593Smuzhiyun .lowerdata = (ctr > 1 && !d.is_dir) ?
1088*4882a593Smuzhiyun stack[ctr - 1].dentry : NULL,
1089*4882a593Smuzhiyun };
1090*4882a593Smuzhiyun
1091*4882a593Smuzhiyun inode = ovl_get_inode(dentry->d_sb, &oip);
1092*4882a593Smuzhiyun err = PTR_ERR(inode);
1093*4882a593Smuzhiyun if (IS_ERR(inode))
1094*4882a593Smuzhiyun goto out_free_oe;
1095*4882a593Smuzhiyun if (upperdentry && !uppermetacopy)
1096*4882a593Smuzhiyun ovl_set_flag(OVL_UPPERDATA, inode);
1097*4882a593Smuzhiyun }
1098*4882a593Smuzhiyun
1099*4882a593Smuzhiyun ovl_dentry_update_reval(dentry, upperdentry,
1100*4882a593Smuzhiyun DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE);
1101*4882a593Smuzhiyun
1102*4882a593Smuzhiyun ovl_revert_creds(dentry->d_sb, old_cred);
1103*4882a593Smuzhiyun if (origin_path) {
1104*4882a593Smuzhiyun dput(origin_path->dentry);
1105*4882a593Smuzhiyun kfree(origin_path);
1106*4882a593Smuzhiyun }
1107*4882a593Smuzhiyun dput(index);
1108*4882a593Smuzhiyun kfree(stack);
1109*4882a593Smuzhiyun kfree(d.redirect);
1110*4882a593Smuzhiyun return d_splice_alias(inode, dentry);
1111*4882a593Smuzhiyun
1112*4882a593Smuzhiyun out_free_oe:
1113*4882a593Smuzhiyun dentry->d_fsdata = NULL;
1114*4882a593Smuzhiyun kfree(oe);
1115*4882a593Smuzhiyun out_put:
1116*4882a593Smuzhiyun dput(index);
1117*4882a593Smuzhiyun for (i = 0; i < ctr; i++)
1118*4882a593Smuzhiyun dput(stack[i].dentry);
1119*4882a593Smuzhiyun kfree(stack);
1120*4882a593Smuzhiyun out_put_upper:
1121*4882a593Smuzhiyun if (origin_path) {
1122*4882a593Smuzhiyun dput(origin_path->dentry);
1123*4882a593Smuzhiyun kfree(origin_path);
1124*4882a593Smuzhiyun }
1125*4882a593Smuzhiyun dput(upperdentry);
1126*4882a593Smuzhiyun kfree(upperredirect);
1127*4882a593Smuzhiyun out:
1128*4882a593Smuzhiyun kfree(d.redirect);
1129*4882a593Smuzhiyun ovl_revert_creds(dentry->d_sb, old_cred);
1130*4882a593Smuzhiyun return ERR_PTR(err);
1131*4882a593Smuzhiyun }
1132*4882a593Smuzhiyun
ovl_lower_positive(struct dentry * dentry)1133*4882a593Smuzhiyun bool ovl_lower_positive(struct dentry *dentry)
1134*4882a593Smuzhiyun {
1135*4882a593Smuzhiyun struct ovl_entry *poe = dentry->d_parent->d_fsdata;
1136*4882a593Smuzhiyun const struct qstr *name = &dentry->d_name;
1137*4882a593Smuzhiyun const struct cred *old_cred;
1138*4882a593Smuzhiyun unsigned int i;
1139*4882a593Smuzhiyun bool positive = false;
1140*4882a593Smuzhiyun bool done = false;
1141*4882a593Smuzhiyun
1142*4882a593Smuzhiyun /*
1143*4882a593Smuzhiyun * If dentry is negative, then lower is positive iff this is a
1144*4882a593Smuzhiyun * whiteout.
1145*4882a593Smuzhiyun */
1146*4882a593Smuzhiyun if (!dentry->d_inode)
1147*4882a593Smuzhiyun return ovl_dentry_is_opaque(dentry);
1148*4882a593Smuzhiyun
1149*4882a593Smuzhiyun /* Negative upper -> positive lower */
1150*4882a593Smuzhiyun if (!ovl_dentry_upper(dentry))
1151*4882a593Smuzhiyun return true;
1152*4882a593Smuzhiyun
1153*4882a593Smuzhiyun old_cred = ovl_override_creds(dentry->d_sb);
1154*4882a593Smuzhiyun /* Positive upper -> have to look up lower to see whether it exists */
1155*4882a593Smuzhiyun for (i = 0; !done && !positive && i < poe->numlower; i++) {
1156*4882a593Smuzhiyun struct dentry *this;
1157*4882a593Smuzhiyun struct dentry *lowerdir = poe->lowerstack[i].dentry;
1158*4882a593Smuzhiyun
1159*4882a593Smuzhiyun this = lookup_positive_unlocked(name->name, lowerdir,
1160*4882a593Smuzhiyun name->len);
1161*4882a593Smuzhiyun if (IS_ERR(this)) {
1162*4882a593Smuzhiyun switch (PTR_ERR(this)) {
1163*4882a593Smuzhiyun case -ENOENT:
1164*4882a593Smuzhiyun case -ENAMETOOLONG:
1165*4882a593Smuzhiyun break;
1166*4882a593Smuzhiyun
1167*4882a593Smuzhiyun default:
1168*4882a593Smuzhiyun /*
1169*4882a593Smuzhiyun * Assume something is there, we just couldn't
1170*4882a593Smuzhiyun * access it.
1171*4882a593Smuzhiyun */
1172*4882a593Smuzhiyun positive = true;
1173*4882a593Smuzhiyun break;
1174*4882a593Smuzhiyun }
1175*4882a593Smuzhiyun } else {
1176*4882a593Smuzhiyun positive = !ovl_is_whiteout(this);
1177*4882a593Smuzhiyun done = true;
1178*4882a593Smuzhiyun dput(this);
1179*4882a593Smuzhiyun }
1180*4882a593Smuzhiyun }
1181*4882a593Smuzhiyun ovl_revert_creds(dentry->d_sb, old_cred);
1182*4882a593Smuzhiyun
1183*4882a593Smuzhiyun return positive;
1184*4882a593Smuzhiyun }
1185