Commit | Line | Data |
---|---|---|
8ed5eec9 AG |
1 | /* |
2 | * Overlayfs NFS export support. | |
3 | * | |
4 | * Amir Goldstein <amir73il@gmail.com> | |
5 | * | |
6 | * Copyright (C) 2017-2018 CTERA Networks. All Rights Reserved. | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License version 2 as published by | |
10 | * the Free Software Foundation. | |
11 | */ | |
12 | ||
13 | #include <linux/fs.h> | |
14 | #include <linux/cred.h> | |
15 | #include <linux/mount.h> | |
16 | #include <linux/namei.h> | |
17 | #include <linux/xattr.h> | |
18 | #include <linux/exportfs.h> | |
19 | #include <linux/ratelimit.h> | |
20 | #include "overlayfs.h" | |
21 | ||
b305e844 AG |
22 | /* |
23 | * We only need to encode origin if there is a chance that the same object was | |
24 | * encoded pre copy up and then we need to stay consistent with the same | |
25 | * encoding also after copy up. If non-pure upper is not indexed, then it was | |
26 | * copied up before NFS export was enabled. In that case we don't need to worry | |
27 | * about staying consistent with pre copy up encoding and we encode an upper | |
28 | * file handle. Overlay root dentry is a private case of non-indexed upper. | |
29 | * | |
30 | * The following table summarizes the different file handle encodings used for | |
31 | * different overlay object types: | |
32 | * | |
33 | * Object type | Encoding | |
34 | * -------------------------------- | |
35 | * Pure upper | U | |
36 | * Non-indexed upper | U | |
37 | * Indexed upper | L | |
38 | * Non-upper | L | |
39 | * | |
40 | * U = upper file handle | |
41 | * L = lower file handle | |
42 | */ | |
43 | static bool ovl_should_encode_origin(struct dentry *dentry) | |
44 | { | |
45 | if (!ovl_dentry_lower(dentry)) | |
46 | return false; | |
47 | ||
48 | /* Decoding a non-indexed upper from origin is not implemented */ | |
49 | if (ovl_dentry_upper(dentry) && | |
50 | !ovl_test_flag(OVL_INDEX, d_inode(dentry))) | |
51 | return false; | |
52 | ||
53 | return true; | |
54 | } | |
55 | ||
8ed5eec9 AG |
56 | static int ovl_d_to_fh(struct dentry *dentry, char *buf, int buflen) |
57 | { | |
58 | struct dentry *upper = ovl_dentry_upper(dentry); | |
59 | struct dentry *origin = ovl_dentry_lower(dentry); | |
60 | struct ovl_fh *fh = NULL; | |
61 | int err; | |
62 | ||
b305e844 | 63 | if (!ovl_should_encode_origin(dentry)) |
8ed5eec9 AG |
64 | origin = NULL; |
65 | ||
66 | err = -EACCES; | |
67 | if (!upper || origin) | |
68 | goto fail; | |
69 | ||
70 | /* TODO: encode non pure-upper by origin */ | |
71 | fh = ovl_encode_fh(upper, true); | |
72 | ||
73 | err = -EOVERFLOW; | |
74 | if (fh->len > buflen) | |
75 | goto fail; | |
76 | ||
77 | memcpy(buf, (char *)fh, fh->len); | |
78 | err = fh->len; | |
79 | ||
80 | out: | |
81 | kfree(fh); | |
82 | return err; | |
83 | ||
84 | fail: | |
85 | pr_warn_ratelimited("overlayfs: failed to encode file handle (%pd2, err=%i, buflen=%d, len=%d, type=%d)\n", | |
86 | dentry, err, buflen, fh ? (int)fh->len : 0, | |
87 | fh ? fh->type : 0); | |
88 | goto out; | |
89 | } | |
90 | ||
91 | static int ovl_dentry_to_fh(struct dentry *dentry, u32 *fid, int *max_len) | |
92 | { | |
93 | int res, len = *max_len << 2; | |
94 | ||
95 | res = ovl_d_to_fh(dentry, (char *)fid, len); | |
96 | if (res <= 0) | |
97 | return FILEID_INVALID; | |
98 | ||
99 | len = res; | |
100 | ||
101 | /* Round up to dwords */ | |
102 | *max_len = (len + 3) >> 2; | |
103 | return OVL_FILEID; | |
104 | } | |
105 | ||
106 | static int ovl_encode_inode_fh(struct inode *inode, u32 *fid, int *max_len, | |
107 | struct inode *parent) | |
108 | { | |
109 | struct dentry *dentry; | |
110 | int type; | |
111 | ||
112 | /* TODO: encode connectable file handles */ | |
113 | if (parent) | |
114 | return FILEID_INVALID; | |
115 | ||
116 | dentry = d_find_any_alias(inode); | |
117 | if (WARN_ON(!dentry)) | |
118 | return FILEID_INVALID; | |
119 | ||
120 | type = ovl_dentry_to_fh(dentry, fid, max_len); | |
121 | ||
122 | dput(dentry); | |
123 | return type; | |
124 | } | |
125 | ||
8556a420 AG |
126 | /* |
127 | * Find or instantiate an overlay dentry from real dentries. | |
128 | */ | |
129 | static struct dentry *ovl_obtain_alias(struct super_block *sb, | |
130 | struct dentry *upper, | |
131 | struct ovl_path *lowerpath) | |
132 | { | |
133 | struct inode *inode; | |
134 | struct dentry *dentry; | |
135 | struct ovl_entry *oe; | |
136 | void *fsdata = &oe; | |
137 | ||
138 | /* TODO: obtain non pure-upper */ | |
139 | if (lowerpath) | |
140 | return ERR_PTR(-EIO); | |
141 | ||
142 | inode = ovl_get_inode(sb, dget(upper), NULL, NULL, 0); | |
143 | if (IS_ERR(inode)) { | |
144 | dput(upper); | |
145 | return ERR_CAST(inode); | |
146 | } | |
147 | ||
148 | dentry = d_find_any_alias(inode); | |
149 | if (!dentry) { | |
150 | dentry = d_alloc_anon(inode->i_sb); | |
151 | if (!dentry) | |
152 | goto nomem; | |
153 | oe = ovl_alloc_entry(0); | |
154 | if (!oe) | |
155 | goto nomem; | |
156 | ||
157 | dentry->d_fsdata = oe; | |
158 | ovl_dentry_set_upper_alias(dentry); | |
159 | } | |
160 | ||
161 | return d_instantiate_anon(dentry, inode); | |
162 | ||
163 | nomem: | |
164 | iput(inode); | |
165 | dput(dentry); | |
166 | return ERR_PTR(-ENOMEM); | |
167 | } | |
168 | ||
3985b70a AG |
169 | /* |
170 | * Lookup a child overlay dentry to get a connected overlay dentry whose real | |
171 | * dentry is @real. If @real is on upper layer, we lookup a child overlay | |
172 | * dentry with the same name as the real dentry. Otherwise, we need to consult | |
173 | * index for lookup. | |
174 | */ | |
175 | static struct dentry *ovl_lookup_real_one(struct dentry *connected, | |
176 | struct dentry *real, | |
177 | struct ovl_layer *layer) | |
178 | { | |
179 | struct inode *dir = d_inode(connected); | |
180 | struct dentry *this, *parent = NULL; | |
181 | struct name_snapshot name; | |
182 | int err; | |
183 | ||
184 | /* TODO: lookup by lower real dentry */ | |
185 | if (layer->idx) | |
186 | return ERR_PTR(-EACCES); | |
187 | ||
188 | /* | |
189 | * Lookup child overlay dentry by real name. The dir mutex protects us | |
190 | * from racing with overlay rename. If the overlay dentry that is above | |
191 | * real has already been moved to a parent that is not under the | |
192 | * connected overlay dir, we return -ECHILD and restart the lookup of | |
193 | * connected real path from the top. | |
194 | */ | |
195 | inode_lock_nested(dir, I_MUTEX_PARENT); | |
196 | err = -ECHILD; | |
197 | parent = dget_parent(real); | |
198 | if (ovl_dentry_upper(connected) != parent) | |
199 | goto fail; | |
200 | ||
201 | /* | |
202 | * We also need to take a snapshot of real dentry name to protect us | |
203 | * from racing with underlying layer rename. In this case, we don't | |
204 | * care about returning ESTALE, only from dereferencing a free name | |
205 | * pointer because we hold no lock on the real dentry. | |
206 | */ | |
207 | take_dentry_name_snapshot(&name, real); | |
208 | this = lookup_one_len(name.name, connected, strlen(name.name)); | |
209 | err = PTR_ERR(this); | |
210 | if (IS_ERR(this)) { | |
211 | goto fail; | |
212 | } else if (!this || !this->d_inode) { | |
213 | dput(this); | |
214 | err = -ENOENT; | |
215 | goto fail; | |
216 | } else if (ovl_dentry_upper(this) != real) { | |
217 | dput(this); | |
218 | err = -ESTALE; | |
219 | goto fail; | |
220 | } | |
221 | ||
222 | out: | |
223 | release_dentry_name_snapshot(&name); | |
224 | dput(parent); | |
225 | inode_unlock(dir); | |
226 | return this; | |
227 | ||
228 | fail: | |
229 | pr_warn_ratelimited("overlayfs: failed to lookup one by real (%pd2, layer=%d, connected=%pd2, err=%i)\n", | |
230 | real, layer->idx, connected, err); | |
231 | this = ERR_PTR(err); | |
232 | goto out; | |
233 | } | |
234 | ||
235 | /* | |
236 | * Lookup a connected overlay dentry whose real dentry is @real. | |
237 | * If @real is on upper layer, we lookup a child overlay dentry with the same | |
238 | * path the real dentry. Otherwise, we need to consult index for lookup. | |
239 | */ | |
240 | static struct dentry *ovl_lookup_real(struct super_block *sb, | |
241 | struct dentry *real, | |
242 | struct ovl_layer *layer) | |
243 | { | |
244 | struct dentry *connected; | |
245 | int err = 0; | |
246 | ||
247 | /* TODO: use index when looking up by lower real dentry */ | |
248 | if (layer->idx) | |
249 | return ERR_PTR(-EACCES); | |
250 | ||
251 | connected = dget(sb->s_root); | |
252 | while (!err) { | |
253 | struct dentry *next, *this; | |
254 | struct dentry *parent = NULL; | |
255 | struct dentry *real_connected = ovl_dentry_upper(connected); | |
256 | ||
257 | if (real_connected == real) | |
258 | break; | |
259 | ||
260 | /* Find the topmost dentry not yet connected */ | |
261 | next = dget(real); | |
262 | for (;;) { | |
263 | parent = dget_parent(next); | |
264 | ||
265 | if (parent == real_connected) | |
266 | break; | |
267 | ||
268 | /* | |
269 | * If real has been moved out of 'real_connected', | |
270 | * we will not find 'real_connected' and hit the layer | |
271 | * root. In that case, we need to restart connecting. | |
272 | * This game can go on forever in the worst case. We | |
273 | * may want to consider taking s_vfs_rename_mutex if | |
274 | * this happens more than once. | |
275 | */ | |
276 | if (parent == layer->mnt->mnt_root) { | |
277 | dput(connected); | |
278 | connected = dget(sb->s_root); | |
279 | break; | |
280 | } | |
281 | ||
282 | /* | |
283 | * If real file has been moved out of the layer root | |
284 | * directory, we will eventully hit the real fs root. | |
285 | * This cannot happen by legit overlay rename, so we | |
286 | * return error in that case. | |
287 | */ | |
288 | if (parent == next) { | |
289 | err = -EXDEV; | |
290 | break; | |
291 | } | |
292 | ||
293 | dput(next); | |
294 | next = parent; | |
295 | } | |
296 | ||
297 | if (!err) { | |
298 | this = ovl_lookup_real_one(connected, next, layer); | |
299 | if (IS_ERR(this)) | |
300 | err = PTR_ERR(this); | |
301 | ||
302 | /* | |
303 | * Lookup of child in overlay can fail when racing with | |
304 | * overlay rename of child away from 'connected' parent. | |
305 | * In this case, we need to restart the lookup from the | |
306 | * top, because we cannot trust that 'real_connected' is | |
307 | * still an ancestor of 'real'. | |
308 | */ | |
309 | if (err == -ECHILD) { | |
310 | this = dget(sb->s_root); | |
311 | err = 0; | |
312 | } | |
313 | if (!err) { | |
314 | dput(connected); | |
315 | connected = this; | |
316 | } | |
317 | } | |
318 | ||
319 | dput(parent); | |
320 | dput(next); | |
321 | } | |
322 | ||
323 | if (err) | |
324 | goto fail; | |
325 | ||
326 | return connected; | |
327 | ||
328 | fail: | |
329 | pr_warn_ratelimited("overlayfs: failed to lookup by real (%pd2, layer=%d, connected=%pd2, err=%i)\n", | |
330 | real, layer->idx, connected, err); | |
331 | dput(connected); | |
332 | return ERR_PTR(err); | |
333 | } | |
334 | ||
335 | /* | |
336 | * Get an overlay dentry from upper/lower real dentries. | |
337 | */ | |
338 | static struct dentry *ovl_get_dentry(struct super_block *sb, | |
339 | struct dentry *upper, | |
340 | struct ovl_path *lowerpath) | |
341 | { | |
342 | struct ovl_fs *ofs = sb->s_fs_info; | |
343 | struct ovl_layer upper_layer = { .mnt = ofs->upper_mnt }; | |
344 | ||
345 | /* TODO: get non-upper dentry */ | |
346 | if (!upper) | |
347 | return ERR_PTR(-EACCES); | |
348 | ||
349 | /* | |
350 | * Obtain a disconnected overlay dentry from a non-dir real upper | |
351 | * dentry. | |
352 | */ | |
353 | if (!d_is_dir(upper)) | |
354 | return ovl_obtain_alias(sb, upper, NULL); | |
355 | ||
356 | /* Removed empty directory? */ | |
357 | if ((upper->d_flags & DCACHE_DISCONNECTED) || d_unhashed(upper)) | |
358 | return ERR_PTR(-ENOENT); | |
359 | ||
360 | /* | |
361 | * If real upper dentry is connected and hashed, get a connected | |
362 | * overlay dentry with the same path as the real upper dentry. | |
363 | */ | |
364 | return ovl_lookup_real(sb, upper, &upper_layer); | |
365 | } | |
366 | ||
8556a420 AG |
367 | static struct dentry *ovl_upper_fh_to_d(struct super_block *sb, |
368 | struct ovl_fh *fh) | |
369 | { | |
370 | struct ovl_fs *ofs = sb->s_fs_info; | |
371 | struct dentry *dentry; | |
372 | struct dentry *upper; | |
373 | ||
374 | if (!ofs->upper_mnt) | |
375 | return ERR_PTR(-EACCES); | |
376 | ||
377 | upper = ovl_decode_fh(fh, ofs->upper_mnt); | |
378 | if (IS_ERR_OR_NULL(upper)) | |
379 | return upper; | |
380 | ||
3985b70a | 381 | dentry = ovl_get_dentry(sb, upper, NULL); |
8556a420 AG |
382 | dput(upper); |
383 | ||
384 | return dentry; | |
385 | } | |
386 | ||
387 | static struct dentry *ovl_fh_to_dentry(struct super_block *sb, struct fid *fid, | |
388 | int fh_len, int fh_type) | |
389 | { | |
390 | struct dentry *dentry = NULL; | |
391 | struct ovl_fh *fh = (struct ovl_fh *) fid; | |
392 | int len = fh_len << 2; | |
393 | unsigned int flags = 0; | |
394 | int err; | |
395 | ||
396 | err = -EINVAL; | |
397 | if (fh_type != OVL_FILEID) | |
398 | goto out_err; | |
399 | ||
400 | err = ovl_check_fh_len(fh, len); | |
401 | if (err) | |
402 | goto out_err; | |
403 | ||
404 | /* TODO: decode non-upper */ | |
405 | flags = fh->flags; | |
406 | if (flags & OVL_FH_FLAG_PATH_UPPER) | |
407 | dentry = ovl_upper_fh_to_d(sb, fh); | |
408 | err = PTR_ERR(dentry); | |
409 | if (IS_ERR(dentry) && err != -ESTALE) | |
410 | goto out_err; | |
411 | ||
412 | return dentry; | |
413 | ||
414 | out_err: | |
415 | pr_warn_ratelimited("overlayfs: failed to decode file handle (len=%d, type=%d, flags=%x, err=%i)\n", | |
416 | len, fh_type, flags, err); | |
417 | return ERR_PTR(err); | |
418 | } | |
419 | ||
3985b70a AG |
420 | static struct dentry *ovl_fh_to_parent(struct super_block *sb, struct fid *fid, |
421 | int fh_len, int fh_type) | |
422 | { | |
423 | pr_warn_ratelimited("overlayfs: connectable file handles not supported; use 'no_subtree_check' exportfs option.\n"); | |
424 | return ERR_PTR(-EACCES); | |
425 | } | |
426 | ||
427 | static int ovl_get_name(struct dentry *parent, char *name, | |
428 | struct dentry *child) | |
429 | { | |
430 | /* | |
431 | * ovl_fh_to_dentry() returns connected dir overlay dentries and | |
432 | * ovl_fh_to_parent() is not implemented, so we should not get here. | |
433 | */ | |
434 | WARN_ON_ONCE(1); | |
435 | return -EIO; | |
436 | } | |
437 | ||
438 | static struct dentry *ovl_get_parent(struct dentry *dentry) | |
439 | { | |
440 | /* | |
441 | * ovl_fh_to_dentry() returns connected dir overlay dentries, so we | |
442 | * should not get here. | |
443 | */ | |
444 | WARN_ON_ONCE(1); | |
445 | return ERR_PTR(-EIO); | |
446 | } | |
447 | ||
8ed5eec9 AG |
448 | const struct export_operations ovl_export_operations = { |
449 | .encode_fh = ovl_encode_inode_fh, | |
8556a420 | 450 | .fh_to_dentry = ovl_fh_to_dentry, |
3985b70a AG |
451 | .fh_to_parent = ovl_fh_to_parent, |
452 | .get_name = ovl_get_name, | |
453 | .get_parent = ovl_get_parent, | |
8ed5eec9 | 454 | }; |