1 // SPDX-License-Identifier: GPL-2.0-only
2
3 #include <linux/fs.h>
4 #include <linux/module.h>
5 #include <linux/namei.h>
6 #include <linux/fs_context.h>
7 #include <linux/fs_parser.h>
8 #include <linux/posix_acl_xattr.h>
9 #include <linux/seq_file.h>
10 #include <linux/xattr.h>
11 #include "overlayfs.h"
12 #include "params.h"
13
14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
16 MODULE_PARM_DESC(redirect_dir,
17 "Default to on or off for the redirect_dir feature");
18
19 static bool ovl_redirect_always_follow =
20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
21 module_param_named(redirect_always_follow, ovl_redirect_always_follow,
22 bool, 0644);
23 MODULE_PARM_DESC(redirect_always_follow,
24 "Follow redirects even if redirect_dir feature is turned off");
25
26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
28 MODULE_PARM_DESC(xino_auto,
29 "Auto enable xino feature");
30
31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
32 module_param_named(index, ovl_index_def, bool, 0644);
33 MODULE_PARM_DESC(index,
34 "Default to on or off for the inodes index feature");
35
36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
38 MODULE_PARM_DESC(nfs_export,
39 "Default to on or off for the NFS export feature");
40
41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
43 MODULE_PARM_DESC(metacopy,
44 "Default to on or off for the metadata only copy up feature");
45
46 enum ovl_opt {
47 Opt_lowerdir,
48 Opt_lowerdir_add,
49 Opt_datadir_add,
50 Opt_upperdir,
51 Opt_workdir,
52 Opt_default_permissions,
53 Opt_redirect_dir,
54 Opt_index,
55 Opt_uuid,
56 Opt_nfs_export,
57 Opt_userxattr,
58 Opt_xino,
59 Opt_metacopy,
60 Opt_verity,
61 Opt_fsync,
62 Opt_volatile,
63 Opt_override_creds,
64 };
65
66 static const struct constant_table ovl_parameter_bool[] = {
67 { "on", true },
68 { "off", false },
69 {}
70 };
71
72 static const struct constant_table ovl_parameter_uuid[] = {
73 { "off", OVL_UUID_OFF },
74 { "null", OVL_UUID_NULL },
75 { "auto", OVL_UUID_AUTO },
76 { "on", OVL_UUID_ON },
77 {}
78 };
79
ovl_uuid_mode(struct ovl_config * config)80 static const char *ovl_uuid_mode(struct ovl_config *config)
81 {
82 return ovl_parameter_uuid[config->uuid].name;
83 }
84
ovl_uuid_def(void)85 static int ovl_uuid_def(void)
86 {
87 return OVL_UUID_AUTO;
88 }
89
90 static const struct constant_table ovl_parameter_xino[] = {
91 { "off", OVL_XINO_OFF },
92 { "auto", OVL_XINO_AUTO },
93 { "on", OVL_XINO_ON },
94 {}
95 };
96
ovl_xino_mode(struct ovl_config * config)97 const char *ovl_xino_mode(struct ovl_config *config)
98 {
99 return ovl_parameter_xino[config->xino].name;
100 }
101
ovl_xino_def(void)102 static int ovl_xino_def(void)
103 {
104 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
105 }
106
107 const struct constant_table ovl_parameter_redirect_dir[] = {
108 { "off", OVL_REDIRECT_OFF },
109 { "follow", OVL_REDIRECT_FOLLOW },
110 { "nofollow", OVL_REDIRECT_NOFOLLOW },
111 { "on", OVL_REDIRECT_ON },
112 {}
113 };
114
ovl_redirect_mode(struct ovl_config * config)115 static const char *ovl_redirect_mode(struct ovl_config *config)
116 {
117 return ovl_parameter_redirect_dir[config->redirect_mode].name;
118 }
119
ovl_redirect_mode_def(void)120 static int ovl_redirect_mode_def(void)
121 {
122 return ovl_redirect_dir_def ? OVL_REDIRECT_ON :
123 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW :
124 OVL_REDIRECT_NOFOLLOW;
125 }
126
127 static const struct constant_table ovl_parameter_verity[] = {
128 { "off", OVL_VERITY_OFF },
129 { "on", OVL_VERITY_ON },
130 { "require", OVL_VERITY_REQUIRE },
131 {}
132 };
133
ovl_verity_mode(struct ovl_config * config)134 static const char *ovl_verity_mode(struct ovl_config *config)
135 {
136 return ovl_parameter_verity[config->verity_mode].name;
137 }
138
ovl_verity_mode_def(void)139 static int ovl_verity_mode_def(void)
140 {
141 return OVL_VERITY_OFF;
142 }
143
144 static const struct constant_table ovl_parameter_fsync[] = {
145 { "volatile", OVL_FSYNC_VOLATILE },
146 { "auto", OVL_FSYNC_AUTO },
147 { "strict", OVL_FSYNC_STRICT },
148 {}
149 };
150
ovl_fsync_mode(struct ovl_config * config)151 static const char *ovl_fsync_mode(struct ovl_config *config)
152 {
153 return ovl_parameter_fsync[config->fsync_mode].name;
154 }
155
ovl_fsync_mode_def(void)156 static int ovl_fsync_mode_def(void)
157 {
158 return OVL_FSYNC_AUTO;
159 }
160
161 const struct fs_parameter_spec ovl_parameter_spec[] = {
162 fsparam_string_empty("lowerdir", Opt_lowerdir),
163 fsparam_file_or_string("lowerdir+", Opt_lowerdir_add),
164 fsparam_file_or_string("datadir+", Opt_datadir_add),
165 fsparam_file_or_string("upperdir", Opt_upperdir),
166 fsparam_file_or_string("workdir", Opt_workdir),
167 fsparam_flag("default_permissions", Opt_default_permissions),
168 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir),
169 fsparam_enum("index", Opt_index, ovl_parameter_bool),
170 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid),
171 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool),
172 fsparam_flag("userxattr", Opt_userxattr),
173 fsparam_enum("xino", Opt_xino, ovl_parameter_xino),
174 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool),
175 fsparam_enum("verity", Opt_verity, ovl_parameter_verity),
176 fsparam_enum("fsync", Opt_fsync, ovl_parameter_fsync),
177 fsparam_flag("volatile", Opt_volatile),
178 fsparam_flag_no("override_creds", Opt_override_creds),
179 {}
180 };
181
ovl_next_opt(char ** s)182 static char *ovl_next_opt(char **s)
183 {
184 char *sbegin = *s;
185 char *p;
186
187 if (sbegin == NULL)
188 return NULL;
189
190 for (p = sbegin; *p; p++) {
191 if (*p == '\\') {
192 p++;
193 if (!*p)
194 break;
195 } else if (*p == ',') {
196 *p = '\0';
197 *s = p + 1;
198 return sbegin;
199 }
200 }
201 *s = NULL;
202 return sbegin;
203 }
204
ovl_parse_monolithic(struct fs_context * fc,void * data)205 static int ovl_parse_monolithic(struct fs_context *fc, void *data)
206 {
207 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt);
208 }
209
ovl_parse_param_split_lowerdirs(char * str)210 static ssize_t ovl_parse_param_split_lowerdirs(char *str)
211 {
212 ssize_t nr_layers = 1, nr_colons = 0;
213 char *s, *d;
214
215 for (s = d = str;; s++, d++) {
216 if (*s == '\\') {
217 /* keep esc chars in split lowerdir */
218 *d++ = *s++;
219 } else if (*s == ':') {
220 bool next_colon = (*(s + 1) == ':');
221
222 nr_colons++;
223 if (nr_colons == 2 && next_colon) {
224 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n");
225 return -EINVAL;
226 }
227 /* count layers, not colons */
228 if (!next_colon)
229 nr_layers++;
230
231 *d = '\0';
232 continue;
233 }
234
235 *d = *s;
236 if (!*s) {
237 /* trailing colons */
238 if (nr_colons) {
239 pr_err("unescaped trailing colons in lowerdir mount option.\n");
240 return -EINVAL;
241 }
242 break;
243 }
244 nr_colons = 0;
245 }
246
247 return nr_layers;
248 }
249
ovl_mount_dir_noesc(const char * name,struct path * path)250 static int ovl_mount_dir_noesc(const char *name, struct path *path)
251 {
252 int err = -EINVAL;
253
254 if (!*name) {
255 pr_err("empty lowerdir\n");
256 goto out;
257 }
258 err = kern_path(name, LOOKUP_FOLLOW, path);
259 if (err) {
260 pr_err("failed to resolve '%s': %i\n", name, err);
261 goto out;
262 }
263 return 0;
264
265 out:
266 return err;
267 }
268
ovl_unescape(char * s)269 static void ovl_unescape(char *s)
270 {
271 char *d = s;
272
273 for (;; s++, d++) {
274 if (*s == '\\')
275 s++;
276 *d = *s;
277 if (!*s)
278 break;
279 }
280 }
281
ovl_mount_dir(const char * name,struct path * path)282 static int ovl_mount_dir(const char *name, struct path *path)
283 {
284 int err = -ENOMEM;
285 char *tmp = kstrdup(name, GFP_KERNEL);
286
287 if (tmp) {
288 ovl_unescape(tmp);
289 err = ovl_mount_dir_noesc(tmp, path);
290 kfree(tmp);
291 }
292 return err;
293 }
294
ovl_mount_dir_check(struct fs_context * fc,const struct path * path,enum ovl_opt layer,const char * name,bool upper)295 static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path,
296 enum ovl_opt layer, const char *name, bool upper)
297 {
298 bool is_casefolded = ovl_dentry_casefolded(path->dentry);
299 struct ovl_fs_context *ctx = fc->fs_private;
300 struct ovl_fs *ofs = fc->s_fs_info;
301
302 if (!d_is_dir(path->dentry))
303 return invalfc(fc, "%s is not a directory", name);
304
305 /*
306 * Allow filesystems that are case-folding capable but deny composing
307 * ovl stack from inconsistent case-folded directories.
308 */
309 if (!ctx->casefold_set) {
310 ofs->casefold = is_casefolded;
311 ctx->casefold_set = true;
312 }
313
314 if (ofs->casefold != is_casefolded) {
315 return invalfc(fc, "case-%ssensitive directory on %s is inconsistent",
316 is_casefolded ? "in" : "", name);
317 }
318
319 if (ovl_dentry_weird(path->dentry))
320 return invalfc(fc, "filesystem on %s not supported", name);
321
322 /*
323 * Check whether upper path is read-only here to report failures
324 * early. Don't forget to recheck when the superblock is created
325 * as the mount attributes could change.
326 */
327 if (upper) {
328 if (path->dentry->d_flags & DCACHE_OP_REAL)
329 return invalfc(fc, "filesystem on %s not supported as upperdir", name);
330 if (__mnt_is_readonly(path->mnt))
331 return invalfc(fc, "filesystem on %s is read-only", name);
332 } else {
333 if (ctx->lowerdir_all && layer != Opt_lowerdir)
334 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir");
335 if (ctx->nr_data && layer == Opt_lowerdir_add)
336 return invalfc(fc, "regular lower layers cannot follow data layers");
337 if (ctx->nr == OVL_MAX_STACK)
338 return invalfc(fc, "too many lower directories, limit is %d",
339 OVL_MAX_STACK);
340 }
341 return 0;
342 }
343
ovl_ctx_realloc_lower(struct fs_context * fc)344 static int ovl_ctx_realloc_lower(struct fs_context *fc)
345 {
346 struct ovl_fs_context *ctx = fc->fs_private;
347 struct ovl_fs_context_layer *l;
348 size_t nr;
349
350 if (ctx->nr < ctx->capacity)
351 return 0;
352
353 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2),
354 OVL_MAX_STACK);
355 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT);
356 if (!l)
357 return -ENOMEM;
358
359 ctx->lower = l;
360 ctx->capacity = nr;
361 return 0;
362 }
363
ovl_add_layer(struct fs_context * fc,enum ovl_opt layer,struct path * path,char ** pname)364 static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer,
365 struct path *path, char **pname)
366 {
367 struct ovl_fs *ofs = fc->s_fs_info;
368 struct ovl_config *config = &ofs->config;
369 struct ovl_fs_context *ctx = fc->fs_private;
370 struct ovl_fs_context_layer *l;
371
372 switch (layer) {
373 case Opt_workdir:
374 swap(config->workdir, *pname);
375 swap(ctx->work, *path);
376 break;
377 case Opt_upperdir:
378 swap(config->upperdir, *pname);
379 swap(ctx->upper, *path);
380 break;
381 case Opt_datadir_add:
382 ctx->nr_data++;
383 fallthrough;
384 case Opt_lowerdir:
385 fallthrough;
386 case Opt_lowerdir_add:
387 WARN_ON(ctx->nr >= ctx->capacity);
388 l = &ctx->lower[ctx->nr++];
389 memset(l, 0, sizeof(*l));
390 swap(l->name, *pname);
391 swap(l->path, *path);
392 break;
393 default:
394 WARN_ON(1);
395 }
396 }
397
is_upper_layer(enum ovl_opt layer)398 static inline bool is_upper_layer(enum ovl_opt layer)
399 {
400 return layer == Opt_upperdir || layer == Opt_workdir;
401 }
402
403 /* Handle non-file descriptor-based layer options that require path lookup. */
ovl_kern_path(const char * layer_name,struct path * layer_path,enum ovl_opt layer)404 static inline int ovl_kern_path(const char *layer_name, struct path *layer_path,
405 enum ovl_opt layer)
406 {
407 int err;
408
409 switch (layer) {
410 case Opt_upperdir:
411 fallthrough;
412 case Opt_workdir:
413 fallthrough;
414 case Opt_lowerdir:
415 err = ovl_mount_dir(layer_name, layer_path);
416 break;
417 case Opt_lowerdir_add:
418 fallthrough;
419 case Opt_datadir_add:
420 err = ovl_mount_dir_noesc(layer_name, layer_path);
421 break;
422 default:
423 WARN_ON_ONCE(true);
424 err = -EINVAL;
425 }
426
427 return err;
428 }
429
ovl_do_parse_layer(struct fs_context * fc,const char * layer_name,struct path * layer_path,enum ovl_opt layer)430 static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name,
431 struct path *layer_path, enum ovl_opt layer)
432 {
433 char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL);
434 bool upper;
435 int err = 0;
436
437 if (!name)
438 return -ENOMEM;
439
440 upper = is_upper_layer(layer);
441 err = ovl_mount_dir_check(fc, layer_path, layer, name, upper);
442 if (err)
443 return err;
444
445 if (!upper) {
446 err = ovl_ctx_realloc_lower(fc);
447 if (err)
448 return err;
449 }
450
451 /* Store the user provided path string in ctx to show in mountinfo */
452 ovl_add_layer(fc, layer, layer_path, &name);
453 return err;
454 }
455
ovl_parse_layer(struct fs_context * fc,struct fs_parameter * param,enum ovl_opt layer)456 static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param,
457 enum ovl_opt layer)
458 {
459 struct path layer_path __free(path_put) = {};
460 int err = 0;
461
462 switch (param->type) {
463 case fs_value_is_string:
464 err = ovl_kern_path(param->string, &layer_path, layer);
465 if (err)
466 return err;
467 err = ovl_do_parse_layer(fc, param->string, &layer_path, layer);
468 break;
469 case fs_value_is_file: {
470 char *buf __free(kfree);
471 char *layer_name;
472
473 buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT);
474 if (!buf)
475 return -ENOMEM;
476
477 layer_path = param->file->f_path;
478 path_get(&layer_path);
479
480 layer_name = d_path(&layer_path, buf, PATH_MAX);
481 if (IS_ERR(layer_name))
482 return PTR_ERR(layer_name);
483
484 err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer);
485 break;
486 }
487 default:
488 WARN_ON_ONCE(true);
489 err = -EINVAL;
490 }
491
492 return err;
493 }
494
ovl_reset_lowerdirs(struct ovl_fs_context * ctx)495 static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx)
496 {
497 struct ovl_fs_context_layer *l = ctx->lower;
498
499 // Reset old user provided lowerdir string
500 kfree(ctx->lowerdir_all);
501 ctx->lowerdir_all = NULL;
502
503 for (size_t nr = 0; nr < ctx->nr; nr++, l++) {
504 path_put(&l->path);
505 kfree(l->name);
506 l->name = NULL;
507 }
508 ctx->nr = 0;
509 ctx->nr_data = 0;
510 }
511
512 /*
513 * Parse lowerdir= mount option:
514 *
515 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2
516 * Set "/lower1", "/lower2", and "/lower3" as lower layers and
517 * "/data1" and "/data2" as data lower layers. Any existing lower
518 * layers are replaced.
519 */
ovl_parse_param_lowerdir(const char * name,struct fs_context * fc)520 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc)
521 {
522 int err;
523 struct ovl_fs_context *ctx = fc->fs_private;
524 char *dup = NULL, *iter;
525 ssize_t nr_lower, nr;
526 bool data_layer = false;
527
528 /*
529 * Ensure we're backwards compatible with mount(2)
530 * by allowing relative paths.
531 */
532
533 /* drop all existing lower layers */
534 ovl_reset_lowerdirs(ctx);
535
536 if (!*name)
537 return 0;
538
539 if (*name == ':') {
540 pr_err("cannot append lower layer\n");
541 return -EINVAL;
542 }
543
544 // Store user provided lowerdir string to show in mount options
545 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL);
546 if (!ctx->lowerdir_all)
547 return -ENOMEM;
548
549 dup = kstrdup(name, GFP_KERNEL);
550 if (!dup)
551 return -ENOMEM;
552
553 err = -EINVAL;
554 nr_lower = ovl_parse_param_split_lowerdirs(dup);
555 if (nr_lower < 0)
556 goto out_err;
557
558 if (nr_lower > OVL_MAX_STACK) {
559 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK);
560 goto out_err;
561 }
562
563 iter = dup;
564 for (nr = 0; nr < nr_lower; nr++) {
565 struct path path __free(path_put) = {};
566
567 err = ovl_kern_path(iter, &path, Opt_lowerdir);
568 if (err)
569 goto out_err;
570
571 err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir);
572 if (err)
573 goto out_err;
574
575 if (data_layer)
576 ctx->nr_data++;
577
578 /* Calling strchr() again would overrun. */
579 if (ctx->nr == nr_lower)
580 break;
581
582 err = -EINVAL;
583 iter = strchr(iter, '\0') + 1;
584 if (*iter) {
585 /*
586 * This is a regular layer so we require that
587 * there are no data layers.
588 */
589 if (ctx->nr_data > 0) {
590 pr_err("regular lower layers cannot follow data lower layers\n");
591 goto out_err;
592 }
593
594 data_layer = false;
595 continue;
596 }
597
598 /* This is a data lower layer. */
599 data_layer = true;
600 iter++;
601 }
602 kfree(dup);
603 return 0;
604
605 out_err:
606 kfree(dup);
607
608 /* Intentionally don't realloc to a smaller size. */
609 return err;
610 }
611
ovl_parse_param(struct fs_context * fc,struct fs_parameter * param)612 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param)
613 {
614 int err = 0;
615 struct fs_parse_result result;
616 struct ovl_fs *ofs = fc->s_fs_info;
617 struct ovl_config *config = &ofs->config;
618 struct ovl_fs_context *ctx = fc->fs_private;
619 int opt;
620
621 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) {
622 /*
623 * On remount overlayfs has always ignored all mount
624 * options no matter if malformed or not so for
625 * backwards compatibility we do the same here.
626 */
627 if (fc->oldapi)
628 return 0;
629
630 /*
631 * Give us the freedom to allow changing mount options
632 * with the new mount api in the future. So instead of
633 * silently ignoring everything we report a proper
634 * error. This is only visible for users of the new
635 * mount api.
636 */
637 return invalfc(fc, "No changes allowed in reconfigure");
638 }
639
640 opt = fs_parse(fc, ovl_parameter_spec, param, &result);
641 if (opt < 0)
642 return opt;
643
644 switch (opt) {
645 case Opt_lowerdir:
646 err = ovl_parse_param_lowerdir(param->string, fc);
647 break;
648 case Opt_lowerdir_add:
649 case Opt_datadir_add:
650 case Opt_upperdir:
651 case Opt_workdir:
652 err = ovl_parse_layer(fc, param, opt);
653 break;
654 case Opt_default_permissions:
655 config->default_permissions = true;
656 break;
657 case Opt_redirect_dir:
658 config->redirect_mode = result.uint_32;
659 if (config->redirect_mode == OVL_REDIRECT_OFF) {
660 config->redirect_mode = ovl_redirect_always_follow ?
661 OVL_REDIRECT_FOLLOW :
662 OVL_REDIRECT_NOFOLLOW;
663 }
664 ctx->set.redirect = true;
665 break;
666 case Opt_index:
667 config->index = result.uint_32;
668 ctx->set.index = true;
669 break;
670 case Opt_uuid:
671 config->uuid = result.uint_32;
672 break;
673 case Opt_nfs_export:
674 config->nfs_export = result.uint_32;
675 ctx->set.nfs_export = true;
676 break;
677 case Opt_xino:
678 config->xino = result.uint_32;
679 break;
680 case Opt_metacopy:
681 config->metacopy = result.uint_32;
682 ctx->set.metacopy = true;
683 break;
684 case Opt_verity:
685 config->verity_mode = result.uint_32;
686 break;
687 case Opt_fsync:
688 config->fsync_mode = result.uint_32;
689 break;
690 case Opt_volatile:
691 config->fsync_mode = OVL_FSYNC_VOLATILE;
692 break;
693 case Opt_userxattr:
694 config->userxattr = true;
695 break;
696 case Opt_override_creds: {
697 const struct cred *cred = NULL;
698
699 if (result.negated) {
700 swap(cred, ofs->creator_cred);
701 put_cred(cred);
702 break;
703 }
704
705 if (!current_in_userns(fc->user_ns)) {
706 err = -EINVAL;
707 break;
708 }
709
710 cred = prepare_creds();
711 if (cred)
712 swap(cred, ofs->creator_cred);
713 else
714 err = -ENOMEM;
715
716 put_cred(cred);
717 break;
718 }
719 default:
720 pr_err("unrecognized mount option \"%s\" or missing value\n",
721 param->key);
722 return -EINVAL;
723 }
724
725 return err;
726 }
727
ovl_get_tree(struct fs_context * fc)728 static int ovl_get_tree(struct fs_context *fc)
729 {
730 return get_tree_nodev(fc, ovl_fill_super);
731 }
732
ovl_fs_context_free(struct ovl_fs_context * ctx)733 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx)
734 {
735 ovl_reset_lowerdirs(ctx);
736 path_put(&ctx->upper);
737 path_put(&ctx->work);
738 kfree(ctx->lower);
739 kfree(ctx);
740 }
741
ovl_free(struct fs_context * fc)742 static void ovl_free(struct fs_context *fc)
743 {
744 struct ovl_fs *ofs = fc->s_fs_info;
745 struct ovl_fs_context *ctx = fc->fs_private;
746
747 /*
748 * ofs is stored in the fs_context when it is initialized.
749 * ofs is transferred to the superblock on a successful mount,
750 * but if an error occurs before the transfer we have to free
751 * it here.
752 */
753 if (ofs)
754 ovl_free_fs(ofs);
755
756 if (ctx)
757 ovl_fs_context_free(ctx);
758 }
759
ovl_reconfigure(struct fs_context * fc)760 static int ovl_reconfigure(struct fs_context *fc)
761 {
762 struct super_block *sb = fc->root->d_sb;
763 struct ovl_fs *ofs = OVL_FS(sb);
764 struct super_block *upper_sb;
765 int ret = 0;
766
767 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs))
768 return -EROFS;
769
770 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) {
771 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
772 if (ovl_should_sync(ofs)) {
773 down_read(&upper_sb->s_umount);
774 ret = sync_filesystem(upper_sb);
775 up_read(&upper_sb->s_umount);
776 }
777 }
778
779 return ret;
780 }
781
782 static const struct fs_context_operations ovl_context_ops = {
783 .parse_monolithic = ovl_parse_monolithic,
784 .parse_param = ovl_parse_param,
785 .get_tree = ovl_get_tree,
786 .reconfigure = ovl_reconfigure,
787 .free = ovl_free,
788 };
789
790 /*
791 * This is called during fsopen() and will record the user namespace of
792 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll
793 * need it when we actually create the superblock to verify that the
794 * process creating the superblock is in the same user namespace as
795 * process that called fsopen().
796 */
ovl_init_fs_context(struct fs_context * fc)797 int ovl_init_fs_context(struct fs_context *fc)
798 {
799 struct ovl_fs_context *ctx;
800 struct ovl_fs *ofs;
801
802 ctx = kzalloc_obj(*ctx, GFP_KERNEL_ACCOUNT);
803 if (!ctx)
804 return -ENOMEM;
805
806 /*
807 * By default we allocate for three lower layers. It's likely
808 * that it'll cover most users.
809 */
810 ctx->lower = kmalloc_objs(*ctx->lower, 3, GFP_KERNEL_ACCOUNT);
811 if (!ctx->lower)
812 goto out_err;
813 ctx->capacity = 3;
814
815 ofs = kzalloc_obj(struct ovl_fs);
816 if (!ofs)
817 goto out_err;
818
819 ofs->config.redirect_mode = ovl_redirect_mode_def();
820 ofs->config.index = ovl_index_def;
821 ofs->config.uuid = ovl_uuid_def();
822 ofs->config.nfs_export = ovl_nfs_export_def;
823 ofs->config.xino = ovl_xino_def();
824 ofs->config.metacopy = ovl_metacopy_def;
825 ofs->config.fsync_mode = ovl_fsync_mode_def();
826
827 fc->s_fs_info = ofs;
828 fc->fs_private = ctx;
829 fc->ops = &ovl_context_ops;
830
831 mutex_init(&ofs->whiteout_lock);
832 return 0;
833
834 out_err:
835 ovl_fs_context_free(ctx);
836 return -ENOMEM;
837
838 }
839
ovl_free_fs(struct ovl_fs * ofs)840 void ovl_free_fs(struct ovl_fs *ofs)
841 {
842 struct vfsmount **mounts;
843 unsigned i;
844
845 iput(ofs->workbasedir_trap);
846 iput(ofs->workdir_trap);
847 dput(ofs->whiteout);
848 dput(ofs->workdir);
849 if (ofs->workdir_locked)
850 ovl_inuse_unlock(ofs->workbasedir);
851 dput(ofs->workbasedir);
852 if (ofs->upperdir_locked)
853 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
854
855 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */
856 mounts = (struct vfsmount **) ofs->config.lowerdirs;
857 for (i = 0; i < ofs->numlayer; i++) {
858 iput(ofs->layers[i].trap);
859 kfree(ofs->config.lowerdirs[i]);
860 mounts[i] = ofs->layers[i].mnt;
861 }
862 kern_unmount_array(mounts, ofs->numlayer);
863 kfree(ofs->layers);
864 for (i = 0; i < ofs->numfs; i++)
865 free_anon_bdev(ofs->fs[i].pseudo_dev);
866 kfree(ofs->fs);
867
868 kfree(ofs->config.lowerdirs);
869 kfree(ofs->config.upperdir);
870 kfree(ofs->config.workdir);
871 if (ofs->creator_cred)
872 put_cred(ofs->creator_cred);
873 kfree(ofs);
874 }
875
ovl_fs_params_verify(const struct ovl_fs_context * ctx,struct ovl_config * config)876 int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
877 struct ovl_config *config)
878 {
879 struct ovl_opt_set set = ctx->set;
880
881 /* Workdir/index are useless in non-upper mount */
882 if (!config->upperdir) {
883 if (config->workdir) {
884 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
885 config->workdir);
886 kfree(config->workdir);
887 config->workdir = NULL;
888 }
889 if (config->index && set.index) {
890 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n");
891 set.index = false;
892 }
893 config->index = false;
894 }
895
896 if (!config->upperdir && ovl_is_volatile(config)) {
897 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n");
898 config->fsync_mode = ovl_fsync_mode_def();
899 }
900
901 if (!config->upperdir && config->uuid == OVL_UUID_ON) {
902 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n");
903 config->uuid = OVL_UUID_NULL;
904 }
905
906 /*
907 * This is to make the logic below simpler. It doesn't make any other
908 * difference, since redirect_dir=on is only used for upper.
909 */
910 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW)
911 config->redirect_mode = OVL_REDIRECT_ON;
912
913 /* metacopy -> redirect_dir dependency */
914 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) {
915 if (set.metacopy && set.redirect) {
916 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
917 ovl_redirect_mode(config));
918 return -EINVAL;
919 }
920 if (set.redirect) {
921 /*
922 * There was an explicit redirect_dir=... that resulted
923 * in this conflict.
924 */
925 pr_info("disabling metacopy due to redirect_dir=%s\n",
926 ovl_redirect_mode(config));
927 config->metacopy = false;
928 } else {
929 /* Automatically enable redirect otherwise. */
930 config->redirect_mode = OVL_REDIRECT_ON;
931 }
932 }
933
934 /* Resolve nfs_export -> index dependency */
935 if (config->nfs_export && !config->index) {
936 if (!config->upperdir &&
937 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
938 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
939 config->nfs_export = false;
940 } else if (set.nfs_export && set.index) {
941 pr_err("conflicting options: nfs_export=on,index=off\n");
942 return -EINVAL;
943 } else if (set.index) {
944 /*
945 * There was an explicit index=off that resulted
946 * in this conflict.
947 */
948 pr_info("disabling nfs_export due to index=off\n");
949 config->nfs_export = false;
950 } else {
951 /* Automatically enable index otherwise. */
952 config->index = true;
953 }
954 }
955
956 /* Resolve nfs_export -> !metacopy && !verity dependency */
957 if (config->nfs_export && config->metacopy) {
958 if (set.nfs_export && set.metacopy) {
959 pr_err("conflicting options: nfs_export=on,metacopy=on\n");
960 return -EINVAL;
961 }
962 if (set.metacopy) {
963 /*
964 * There was an explicit metacopy=on that resulted
965 * in this conflict.
966 */
967 pr_info("disabling nfs_export due to metacopy=on\n");
968 config->nfs_export = false;
969 } else if (config->verity_mode) {
970 /*
971 * There was an explicit verity=.. that resulted
972 * in this conflict.
973 */
974 pr_info("disabling nfs_export due to verity=%s\n",
975 ovl_verity_mode(config));
976 config->nfs_export = false;
977 } else {
978 /*
979 * There was an explicit nfs_export=on that resulted
980 * in this conflict.
981 */
982 pr_info("disabling metacopy due to nfs_export=on\n");
983 config->metacopy = false;
984 }
985 }
986
987
988 /* Resolve userxattr -> !redirect && !metacopy dependency */
989 if (config->userxattr) {
990 if (set.redirect &&
991 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
992 pr_err("conflicting options: userxattr,redirect_dir=%s\n",
993 ovl_redirect_mode(config));
994 return -EINVAL;
995 }
996 if (config->metacopy && set.metacopy) {
997 pr_err("conflicting options: userxattr,metacopy=on\n");
998 return -EINVAL;
999 }
1000 /*
1001 * Silently disable default setting of redirect and metacopy.
1002 * This shall be the default in the future as well: these
1003 * options must be explicitly enabled if used together with
1004 * userxattr.
1005 */
1006 config->redirect_mode = OVL_REDIRECT_NOFOLLOW;
1007 config->metacopy = false;
1008 }
1009
1010 /*
1011 * Fail if we don't have trusted xattr capability and a feature was
1012 * explicitly requested that requires them.
1013 */
1014 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) {
1015 if (set.redirect &&
1016 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
1017 pr_err("redirect_dir requires permission to access trusted xattrs\n");
1018 return -EPERM;
1019 }
1020 if (config->metacopy && set.metacopy) {
1021 pr_err("metacopy requires permission to access trusted xattrs\n");
1022 return -EPERM;
1023 }
1024 if (config->verity_mode) {
1025 pr_err("verity requires permission to access trusted xattrs\n");
1026 return -EPERM;
1027 }
1028 if (ctx->nr_data > 0) {
1029 pr_err("lower data-only dirs require permission to access trusted xattrs\n");
1030 return -EPERM;
1031 }
1032 /*
1033 * Other xattr-dependent features should be disabled without
1034 * great disturbance to the user in ovl_make_workdir().
1035 */
1036 }
1037
1038 return 0;
1039 }
1040
1041 /**
1042 * ovl_show_options
1043 * @m: the seq_file handle
1044 * @dentry: The dentry to query
1045 *
1046 * Prints the mount options for a given superblock.
1047 * Returns zero; does not fail.
1048 */
ovl_show_options(struct seq_file * m,struct dentry * dentry)1049 int ovl_show_options(struct seq_file *m, struct dentry *dentry)
1050 {
1051 struct super_block *sb = dentry->d_sb;
1052 struct ovl_fs *ofs = OVL_FS(sb);
1053 size_t nr, nr_merged_lower, nr_lower = 0;
1054 char **lowerdirs = ofs->config.lowerdirs;
1055
1056 /*
1057 * lowerdirs[0] holds the colon separated list that user provided
1058 * with lowerdir mount option.
1059 * lowerdirs[1..numlayer] hold the lowerdir paths that were added
1060 * using the lowerdir+ and datadir+ mount options.
1061 * For now, we do not allow mixing the legacy lowerdir mount option
1062 * with the new lowerdir+ and datadir+ mount options.
1063 */
1064 if (lowerdirs[0]) {
1065 seq_show_option(m, "lowerdir", lowerdirs[0]);
1066 } else {
1067 nr_lower = ofs->numlayer;
1068 nr_merged_lower = nr_lower - ofs->numdatalayer;
1069 }
1070 for (nr = 1; nr < nr_lower; nr++) {
1071 if (nr < nr_merged_lower)
1072 seq_show_option(m, "lowerdir+", lowerdirs[nr]);
1073 else
1074 seq_show_option(m, "datadir+", lowerdirs[nr]);
1075 }
1076 if (ofs->config.upperdir) {
1077 seq_show_option(m, "upperdir", ofs->config.upperdir);
1078 seq_show_option(m, "workdir", ofs->config.workdir);
1079 }
1080 if (ofs->config.default_permissions)
1081 seq_puts(m, ",default_permissions");
1082 if (ofs->config.redirect_mode != ovl_redirect_mode_def())
1083 seq_printf(m, ",redirect_dir=%s",
1084 ovl_redirect_mode(&ofs->config));
1085 if (ofs->config.index != ovl_index_def)
1086 seq_printf(m, ",index=%s", str_on_off(ofs->config.index));
1087 if (ofs->config.uuid != ovl_uuid_def())
1088 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config));
1089 if (ofs->config.nfs_export != ovl_nfs_export_def)
1090 seq_printf(m, ",nfs_export=%s",
1091 str_on_off(ofs->config.nfs_export));
1092 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs))
1093 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config));
1094 if (ofs->config.metacopy != ovl_metacopy_def)
1095 seq_printf(m, ",metacopy=%s", str_on_off(ofs->config.metacopy));
1096 if (ofs->config.fsync_mode != ovl_fsync_mode_def())
1097 seq_printf(m, ",fsync=%s", ovl_fsync_mode(&ofs->config));
1098 if (ofs->config.userxattr)
1099 seq_puts(m, ",userxattr");
1100 if (ofs->config.verity_mode != ovl_verity_mode_def())
1101 seq_printf(m, ",verity=%s",
1102 ovl_verity_mode(&ofs->config));
1103 return 0;
1104 }
1105