1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 *
4 * Copyright (C) 2011 Novell Inc.
5 */
6
7 #include <uapi/linux/magic.h>
8 #include <linux/fs.h>
9 #include <linux/namei.h>
10 #include <linux/xattr.h>
11 #include <linux/mount.h>
12 #include <linux/parser.h>
13 #include <linux/module.h>
14 #include <linux/statfs.h>
15 #include <linux/seq_file.h>
16 #include <linux/posix_acl_xattr.h>
17 #include <linux/exportfs.h>
18 #include <linux/file.h>
19 #include <linux/fs_context.h>
20 #include <linux/fs_parser.h>
21 #include "overlayfs.h"
22 #include "params.h"
23
24 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
25 MODULE_DESCRIPTION("Overlay filesystem");
26 MODULE_LICENSE("GPL");
27
28
29 struct ovl_dir_cache;
30
ovl_d_real(struct dentry * dentry,enum d_real_type type)31 static struct dentry *ovl_d_real(struct dentry *dentry, enum d_real_type type)
32 {
33 struct dentry *upper, *lower;
34 int err;
35
36 switch (type) {
37 case D_REAL_DATA:
38 case D_REAL_METADATA:
39 break;
40 default:
41 goto bug;
42 }
43
44 if (!d_is_reg(dentry)) {
45 /* d_real_inode() is only relevant for regular files */
46 return dentry;
47 }
48
49 upper = ovl_dentry_upper(dentry);
50 if (upper && (type == D_REAL_METADATA ||
51 ovl_has_upperdata(d_inode(dentry))))
52 return upper;
53
54 if (type == D_REAL_METADATA) {
55 lower = ovl_dentry_lower(dentry);
56 goto real_lower;
57 }
58
59 /*
60 * Best effort lazy lookup of lowerdata for D_REAL_DATA case to return
61 * the real lowerdata dentry. The only current caller of d_real() with
62 * D_REAL_DATA is d_real_inode() from trace_uprobe and this caller is
63 * likely going to be followed reading from the file, before placing
64 * uprobes on offset within the file, so lowerdata should be available
65 * when setting the uprobe.
66 */
67 err = ovl_verify_lowerdata(dentry);
68 if (err)
69 goto bug;
70 lower = ovl_dentry_lowerdata(dentry);
71 if (!lower)
72 goto bug;
73
74 real_lower:
75 /* Handle recursion into stacked lower fs */
76 return d_real(lower, type);
77
78 bug:
79 WARN(1, "%s(%pd4, %d): real dentry not found\n", __func__, dentry, type);
80 return dentry;
81 }
82
ovl_revalidate_real(struct dentry * d,unsigned int flags,bool weak)83 static int ovl_revalidate_real(struct dentry *d, unsigned int flags, bool weak)
84 {
85 int ret = 1;
86
87 if (!d)
88 return 1;
89
90 if (weak) {
91 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE)
92 ret = d->d_op->d_weak_revalidate(d, flags);
93 } else if (d->d_flags & DCACHE_OP_REVALIDATE) {
94 struct dentry *parent;
95 struct inode *dir;
96 struct name_snapshot n;
97
98 if (flags & LOOKUP_RCU) {
99 parent = READ_ONCE(d->d_parent);
100 dir = d_inode_rcu(parent);
101 if (!dir)
102 return -ECHILD;
103 } else {
104 parent = dget_parent(d);
105 dir = d_inode(parent);
106 }
107 take_dentry_name_snapshot(&n, d);
108 ret = d->d_op->d_revalidate(dir, &n.name, d, flags);
109 release_dentry_name_snapshot(&n);
110 if (!(flags & LOOKUP_RCU))
111 dput(parent);
112 if (!ret) {
113 if (!(flags & LOOKUP_RCU))
114 d_invalidate(d);
115 ret = -ESTALE;
116 }
117 }
118 return ret;
119 }
120
ovl_dentry_revalidate_common(struct dentry * dentry,unsigned int flags,bool weak)121 static int ovl_dentry_revalidate_common(struct dentry *dentry,
122 unsigned int flags, bool weak)
123 {
124 struct ovl_entry *oe;
125 struct ovl_path *lowerstack;
126 struct inode *inode = d_inode_rcu(dentry);
127 struct dentry *upper;
128 unsigned int i;
129 int ret = 1;
130
131 if (!inode) {
132 /*
133 * Lookup of negative dentries will call ovl_dentry_init_flags()
134 * with NULL upperdentry and NULL oe, resulting in the
135 * DCACHE_OP*_REVALIDATE flags being cleared. Hence the only
136 * way to get a negative inode is due to a race with dentry
137 * destruction.
138 */
139 WARN_ON(!(flags & LOOKUP_RCU));
140 return -ECHILD;
141 }
142
143 oe = OVL_I_E(inode);
144 lowerstack = ovl_lowerstack(oe);
145 upper = ovl_i_dentry_upper(inode);
146 if (upper)
147 ret = ovl_revalidate_real(upper, flags, weak);
148
149 for (i = 0; ret > 0 && i < ovl_numlower(oe); i++)
150 ret = ovl_revalidate_real(lowerstack[i].dentry, flags, weak);
151
152 return ret;
153 }
154
ovl_dentry_revalidate(struct inode * dir,const struct qstr * name,struct dentry * dentry,unsigned int flags)155 static int ovl_dentry_revalidate(struct inode *dir, const struct qstr *name,
156 struct dentry *dentry, unsigned int flags)
157 {
158 return ovl_dentry_revalidate_common(dentry, flags, false);
159 }
160
ovl_dentry_weak_revalidate(struct dentry * dentry,unsigned int flags)161 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
162 {
163 return ovl_dentry_revalidate_common(dentry, flags, true);
164 }
165
166 static const struct dentry_operations ovl_dentry_operations = {
167 .d_real = ovl_d_real,
168 .d_revalidate = ovl_dentry_revalidate,
169 .d_weak_revalidate = ovl_dentry_weak_revalidate,
170 };
171
172 #if IS_ENABLED(CONFIG_UNICODE)
173 static const struct dentry_operations ovl_dentry_ci_operations = {
174 .d_real = ovl_d_real,
175 .d_revalidate = ovl_dentry_revalidate,
176 .d_weak_revalidate = ovl_dentry_weak_revalidate,
177 .d_hash = generic_ci_d_hash,
178 .d_compare = generic_ci_d_compare,
179 };
180 #endif
181
182 static struct kmem_cache *ovl_inode_cachep;
183
ovl_alloc_inode(struct super_block * sb)184 static struct inode *ovl_alloc_inode(struct super_block *sb)
185 {
186 struct ovl_inode *oi = alloc_inode_sb(sb, ovl_inode_cachep, GFP_KERNEL);
187
188 if (!oi)
189 return NULL;
190
191 oi->cache = NULL;
192 oi->redirect = NULL;
193 oi->version = 0;
194 oi->flags = 0;
195 oi->__upperdentry = NULL;
196 oi->lowerdata_redirect = NULL;
197 oi->oe = NULL;
198 mutex_init(&oi->lock);
199
200 return &oi->vfs_inode;
201 }
202
ovl_free_inode(struct inode * inode)203 static void ovl_free_inode(struct inode *inode)
204 {
205 struct ovl_inode *oi = OVL_I(inode);
206
207 kfree(oi->redirect);
208 kfree(oi->oe);
209 mutex_destroy(&oi->lock);
210 kmem_cache_free(ovl_inode_cachep, oi);
211 }
212
ovl_destroy_inode(struct inode * inode)213 static void ovl_destroy_inode(struct inode *inode)
214 {
215 struct ovl_inode *oi = OVL_I(inode);
216
217 dput(oi->__upperdentry);
218 ovl_stack_put(ovl_lowerstack(oi->oe), ovl_numlower(oi->oe));
219 if (S_ISDIR(inode->i_mode))
220 ovl_dir_cache_free(inode);
221 else
222 kfree(oi->lowerdata_redirect);
223 }
224
ovl_put_super(struct super_block * sb)225 static void ovl_put_super(struct super_block *sb)
226 {
227 struct ovl_fs *ofs = OVL_FS(sb);
228
229 if (ofs)
230 ovl_free_fs(ofs);
231 }
232
233 /* Sync real dirty inodes in upper filesystem (if it exists) */
ovl_sync_fs(struct super_block * sb,int wait)234 static int ovl_sync_fs(struct super_block *sb, int wait)
235 {
236 struct ovl_fs *ofs = OVL_FS(sb);
237 struct super_block *upper_sb;
238 int ret;
239
240 ret = ovl_sync_status(ofs);
241
242 if (ret < 0)
243 return -EIO;
244
245 if (!ret)
246 return ret;
247
248 /*
249 * Not called for sync(2) call or an emergency sync (SB_I_SKIP_SYNC).
250 * All the super blocks will be iterated, including upper_sb.
251 *
252 * If this is a syncfs(2) call, then we do need to call
253 * sync_filesystem() on upper_sb, but enough if we do it when being
254 * called with wait == 1.
255 */
256 if (!wait)
257 return 0;
258
259 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
260
261 down_read(&upper_sb->s_umount);
262 ret = sync_filesystem(upper_sb);
263 up_read(&upper_sb->s_umount);
264
265 return ret;
266 }
267
268 /**
269 * ovl_statfs
270 * @dentry: The dentry to query
271 * @buf: The struct kstatfs to fill in with stats
272 *
273 * Get the filesystem statistics. As writes always target the upper layer
274 * filesystem pass the statfs to the upper filesystem (if it exists)
275 */
ovl_statfs(struct dentry * dentry,struct kstatfs * buf)276 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
277 {
278 struct super_block *sb = dentry->d_sb;
279 struct ovl_fs *ofs = OVL_FS(sb);
280 struct dentry *root_dentry = sb->s_root;
281 struct path path;
282 int err;
283
284 ovl_path_real(root_dentry, &path);
285
286 err = vfs_statfs(&path, buf);
287 if (!err) {
288 buf->f_namelen = ofs->namelen;
289 buf->f_type = OVERLAYFS_SUPER_MAGIC;
290 if (ovl_has_fsid(ofs))
291 buf->f_fsid = uuid_to_fsid(sb->s_uuid.b);
292 }
293
294 return err;
295 }
296
297 static const struct super_operations ovl_super_operations = {
298 .alloc_inode = ovl_alloc_inode,
299 .free_inode = ovl_free_inode,
300 .destroy_inode = ovl_destroy_inode,
301 .drop_inode = inode_just_drop,
302 .put_super = ovl_put_super,
303 .sync_fs = ovl_sync_fs,
304 .statfs = ovl_statfs,
305 .show_options = ovl_show_options,
306 };
307
308 #define OVL_WORKDIR_NAME "work"
309 #define OVL_INDEXDIR_NAME "index"
310
ovl_workdir_create(struct ovl_fs * ofs,const char * name,bool persist)311 static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
312 const char *name, bool persist)
313 {
314 struct inode *dir = ofs->workbasedir->d_inode;
315 struct vfsmount *mnt = ovl_upper_mnt(ofs);
316 struct dentry *work;
317 int err;
318 bool retried = false;
319
320 retry:
321 work = ovl_start_creating_upper(ofs, ofs->workbasedir, &QSTR(name));
322
323 if (!IS_ERR(work)) {
324 struct iattr attr = {
325 .ia_valid = ATTR_MODE,
326 .ia_mode = S_IFDIR | 0,
327 };
328
329 if (work->d_inode) {
330 end_creating_keep(work);
331 if (persist)
332 return work;
333 err = -EEXIST;
334 if (retried)
335 goto out_dput;
336 retried = true;
337 err = ovl_workdir_cleanup(ofs, ofs->workbasedir, mnt, work, 0);
338 dput(work);
339 if (err == -EINVAL)
340 return ERR_PTR(err);
341
342 goto retry;
343 }
344
345 work = ovl_do_mkdir(ofs, dir, work, attr.ia_mode);
346 end_creating_keep(work);
347 err = PTR_ERR(work);
348 if (IS_ERR(work))
349 goto out_err;
350
351 /* Weird filesystem returning with hashed negative (kernfs)? */
352 err = -EINVAL;
353 if (d_really_is_negative(work))
354 goto out_dput;
355
356 /*
357 * Try to remove POSIX ACL xattrs from workdir. We are good if:
358 *
359 * a) success (there was a POSIX ACL xattr and was removed)
360 * b) -ENODATA (there was no POSIX ACL xattr)
361 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
362 *
363 * There are various other error values that could effectively
364 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
365 * if the xattr name is too long), but the set of filesystems
366 * allowed as upper are limited to "normal" ones, where checking
367 * for the above two errors is sufficient.
368 */
369 err = ovl_do_remove_acl(ofs, work, XATTR_NAME_POSIX_ACL_DEFAULT);
370 if (err && err != -ENODATA && err != -EOPNOTSUPP)
371 goto out_dput;
372
373 err = ovl_do_remove_acl(ofs, work, XATTR_NAME_POSIX_ACL_ACCESS);
374 if (err && err != -ENODATA && err != -EOPNOTSUPP)
375 goto out_dput;
376
377 /* Clear any inherited mode bits */
378 inode_lock(work->d_inode);
379 err = ovl_do_notify_change(ofs, work, &attr);
380 inode_unlock(work->d_inode);
381 if (err)
382 goto out_dput;
383 } else {
384 err = PTR_ERR(work);
385 goto out_err;
386 }
387 return work;
388
389 out_dput:
390 dput(work);
391 out_err:
392 pr_warn("failed to create directory %s/%s (errno: %i); mounting read-only\n",
393 ofs->config.workdir, name, -err);
394 return NULL;
395 }
396
ovl_check_namelen(const struct path * path,struct ovl_fs * ofs,const char * name)397 static int ovl_check_namelen(const struct path *path, struct ovl_fs *ofs,
398 const char *name)
399 {
400 struct kstatfs statfs;
401 int err = vfs_statfs(path, &statfs);
402
403 if (err)
404 pr_err("statfs failed on '%s'\n", name);
405 else
406 ofs->namelen = max(ofs->namelen, statfs.f_namelen);
407
408 return err;
409 }
410
ovl_lower_dir(const char * name,const struct path * path,struct ovl_fs * ofs,int * stack_depth)411 static int ovl_lower_dir(const char *name, const struct path *path,
412 struct ovl_fs *ofs, int *stack_depth)
413 {
414 int fh_type;
415 int err;
416
417 err = ovl_check_namelen(path, ofs, name);
418 if (err)
419 return err;
420
421 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
422
423 /*
424 * The inodes index feature and NFS export need to encode and decode
425 * file handles, so they require that all layers support them.
426 */
427 fh_type = ovl_can_decode_fh(path->dentry->d_sb);
428 if ((ofs->config.nfs_export ||
429 (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
430 ofs->config.index = false;
431 ofs->config.nfs_export = false;
432 pr_warn("fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
433 name);
434 }
435 ofs->nofh |= !fh_type;
436 /*
437 * Decoding origin file handle is required for persistent st_ino.
438 * Without persistent st_ino, xino=auto falls back to xino=off.
439 */
440 if (ofs->config.xino == OVL_XINO_AUTO &&
441 ofs->config.upperdir && !fh_type) {
442 ofs->config.xino = OVL_XINO_OFF;
443 pr_warn("fs on '%s' does not support file handles, falling back to xino=off.\n",
444 name);
445 }
446
447 /* Check if lower fs has 32bit inode numbers */
448 if (fh_type != FILEID_INO32_GEN)
449 ofs->xino_mode = -1;
450
451 return 0;
452 }
453
454 /*
455 * Workdir should not be subdir of upperdir and vice versa, and
456 * they should not be the same.
457 */
ovl_workdir_ok(struct dentry * workdir,struct dentry * upperdir)458 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
459 {
460 return !is_subdir(workdir, upperdir) && !is_subdir(upperdir, workdir);
461 }
462
ovl_setup_trap(struct super_block * sb,struct dentry * dir,struct inode ** ptrap,const char * name)463 static int ovl_setup_trap(struct super_block *sb, struct dentry *dir,
464 struct inode **ptrap, const char *name)
465 {
466 struct inode *trap;
467 int err;
468
469 trap = ovl_get_trap_inode(sb, dir);
470 err = PTR_ERR_OR_ZERO(trap);
471 if (err) {
472 if (err == -ELOOP)
473 pr_err("conflicting %s path\n", name);
474 return err;
475 }
476
477 *ptrap = trap;
478 return 0;
479 }
480
481 /*
482 * Determine how we treat concurrent use of upperdir/workdir based on the
483 * index feature. This is papering over mount leaks of container runtimes,
484 * for example, an old overlay mount is leaked and now its upperdir is
485 * attempted to be used as a lower layer in a new overlay mount.
486 */
ovl_report_in_use(struct ovl_fs * ofs,const char * name)487 static int ovl_report_in_use(struct ovl_fs *ofs, const char *name)
488 {
489 if (ofs->config.index) {
490 pr_err("%s is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.\n",
491 name);
492 return -EBUSY;
493 } else {
494 pr_warn("%s is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.\n",
495 name);
496 return 0;
497 }
498 }
499
ovl_get_upper(struct super_block * sb,struct ovl_fs * ofs,struct ovl_layer * upper_layer,const struct path * upperpath)500 static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs,
501 struct ovl_layer *upper_layer,
502 const struct path *upperpath)
503 {
504 struct vfsmount *upper_mnt;
505 int err;
506
507 /* Upperdir path should not be r/o */
508 if (__mnt_is_readonly(upperpath->mnt)) {
509 pr_err("upper fs is r/o, try multi-lower layers mount\n");
510 err = -EINVAL;
511 goto out;
512 }
513
514 err = ovl_check_namelen(upperpath, ofs, ofs->config.upperdir);
515 if (err)
516 goto out;
517
518 err = ovl_setup_trap(sb, upperpath->dentry, &upper_layer->trap,
519 "upperdir");
520 if (err)
521 goto out;
522
523 upper_mnt = clone_private_mount(upperpath);
524 err = PTR_ERR(upper_mnt);
525 if (IS_ERR(upper_mnt)) {
526 pr_err("failed to clone upperpath\n");
527 goto out;
528 }
529
530 /* Don't inherit atime flags */
531 upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
532 upper_layer->mnt = upper_mnt;
533 upper_layer->idx = 0;
534 upper_layer->fsid = 0;
535
536 /*
537 * Inherit SB_NOSEC flag from upperdir.
538 *
539 * This optimization changes behavior when a security related attribute
540 * (suid/sgid/security.*) is changed on an underlying layer. This is
541 * okay because we don't yet have guarantees in that case, but it will
542 * need careful treatment once we want to honour changes to underlying
543 * filesystems.
544 */
545 if (upper_mnt->mnt_sb->s_flags & SB_NOSEC)
546 sb->s_flags |= SB_NOSEC;
547
548 if (ovl_inuse_trylock(ovl_upper_mnt(ofs)->mnt_root)) {
549 ofs->upperdir_locked = true;
550 } else {
551 err = ovl_report_in_use(ofs, "upperdir");
552 if (err)
553 goto out;
554 }
555
556 err = 0;
557 out:
558 return err;
559 }
560
561 /*
562 * Returns 1 if RENAME_WHITEOUT is supported, 0 if not supported and
563 * negative values if error is encountered.
564 */
ovl_check_rename_whiteout(struct ovl_fs * ofs)565 static int ovl_check_rename_whiteout(struct ovl_fs *ofs)
566 {
567 struct dentry *workdir = ofs->workdir;
568 struct dentry *temp;
569 struct dentry *whiteout;
570 struct name_snapshot name;
571 struct renamedata rd = {};
572 char name2[OVL_TEMPNAME_SIZE];
573 int err;
574
575 temp = ovl_create_temp(ofs, workdir, OVL_CATTR(S_IFREG | 0));
576 err = PTR_ERR(temp);
577 if (IS_ERR(temp))
578 return err;
579
580 rd.mnt_idmap = ovl_upper_mnt_idmap(ofs);
581 rd.old_parent = workdir;
582 rd.new_parent = workdir;
583 rd.flags = RENAME_WHITEOUT;
584 ovl_tempname(name2);
585 err = start_renaming_dentry(&rd, 0, temp, &QSTR(name2));
586 if (err) {
587 dput(temp);
588 return err;
589 }
590
591 /* Name is inline and stable - using snapshot as a copy helper */
592 take_dentry_name_snapshot(&name, temp);
593 err = ovl_do_rename_rd(&rd);
594 end_renaming(&rd);
595 if (err) {
596 if (err == -EINVAL)
597 err = 0;
598 goto cleanup_temp;
599 }
600
601 whiteout = ovl_lookup_upper_unlocked(ofs, name.name.name,
602 workdir, name.name.len);
603 err = PTR_ERR(whiteout);
604 if (IS_ERR(whiteout))
605 goto cleanup_temp;
606
607 err = ovl_upper_is_whiteout(ofs, whiteout);
608
609 /* Best effort cleanup of whiteout and temp file */
610 if (err)
611 ovl_cleanup(ofs, workdir, whiteout);
612 dput(whiteout);
613
614 cleanup_temp:
615 ovl_cleanup(ofs, workdir, temp);
616 release_dentry_name_snapshot(&name);
617 dput(temp);
618
619 return err;
620 }
621
ovl_lookup_or_create(struct ovl_fs * ofs,struct dentry * parent,const char * name,umode_t mode)622 static struct dentry *ovl_lookup_or_create(struct ovl_fs *ofs,
623 struct dentry *parent,
624 const char *name, umode_t mode)
625 {
626 struct dentry *child;
627
628 child = ovl_start_creating_upper(ofs, parent, &QSTR(name));
629 if (!IS_ERR(child)) {
630 if (!child->d_inode)
631 child = ovl_create_real(ofs, parent, child,
632 &QSTR(name),
633 OVL_CATTR(mode));
634 end_creating_keep(child);
635 }
636 dput(parent);
637
638 return child;
639 }
640
641 /*
642 * Creates $workdir/work/incompat/volatile/dirty file if it is not already
643 * present.
644 */
ovl_create_volatile_dirty(struct ovl_fs * ofs)645 static int ovl_create_volatile_dirty(struct ovl_fs *ofs)
646 {
647 unsigned int ctr;
648 struct dentry *d = dget(ofs->workbasedir);
649 static const char *const volatile_path[] = {
650 OVL_WORKDIR_NAME, "incompat", "volatile", "dirty"
651 };
652 const char *const *name = volatile_path;
653
654 for (ctr = ARRAY_SIZE(volatile_path); ctr; ctr--, name++) {
655 d = ovl_lookup_or_create(ofs, d, *name, ctr > 1 ? S_IFDIR : S_IFREG);
656 if (IS_ERR(d))
657 return PTR_ERR(d);
658 }
659 dput(d);
660 return 0;
661 }
662
ovl_make_workdir(struct super_block * sb,struct ovl_fs * ofs,const struct path * workpath)663 static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
664 const struct path *workpath)
665 {
666 struct vfsmount *mnt = ovl_upper_mnt(ofs);
667 struct dentry *workdir;
668 struct file *tmpfile;
669 bool rename_whiteout;
670 bool d_type;
671 int fh_type;
672 int err;
673
674 err = mnt_want_write(mnt);
675 if (err)
676 return err;
677
678 workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, false);
679 err = PTR_ERR(workdir);
680 if (IS_ERR_OR_NULL(workdir))
681 goto out;
682
683 ofs->workdir = workdir;
684
685 err = ovl_setup_trap(sb, ofs->workdir, &ofs->workdir_trap, "workdir");
686 if (err)
687 goto out;
688
689 /*
690 * Upper should support d_type, else whiteouts are visible. Given
691 * workdir and upper are on same fs, we can do iterate_dir() on
692 * workdir. This check requires successful creation of workdir in
693 * previous step.
694 */
695 err = ovl_check_d_type_supported(workpath);
696 if (err < 0)
697 goto out;
698
699 d_type = err;
700 if (!d_type)
701 pr_warn("upper fs needs to support d_type.\n");
702
703 /* Check if upper/work fs supports O_TMPFILE */
704 tmpfile = ovl_do_tmpfile(ofs, ofs->workdir, S_IFREG | 0);
705 ofs->tmpfile = !IS_ERR(tmpfile);
706 if (ofs->tmpfile)
707 fput(tmpfile);
708 else
709 pr_warn("upper fs does not support tmpfile.\n");
710
711
712 /* Check if upper/work fs supports RENAME_WHITEOUT */
713 err = ovl_check_rename_whiteout(ofs);
714 if (err < 0)
715 goto out;
716
717 rename_whiteout = err;
718 if (!rename_whiteout)
719 pr_warn("upper fs does not support RENAME_WHITEOUT.\n");
720
721 /*
722 * Check if upper/work fs supports (trusted|user).overlay.* xattr
723 */
724 err = ovl_setxattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE, "0", 1);
725 if (err) {
726 pr_warn("failed to set xattr on upper\n");
727 ofs->noxattr = true;
728 if (ovl_redirect_follow(ofs)) {
729 ofs->config.redirect_mode = OVL_REDIRECT_NOFOLLOW;
730 pr_warn("...falling back to redirect_dir=nofollow.\n");
731 }
732 if (ofs->config.metacopy) {
733 ofs->config.metacopy = false;
734 pr_warn("...falling back to metacopy=off.\n");
735 }
736 if (ofs->config.index) {
737 ofs->config.index = false;
738 pr_warn("...falling back to index=off.\n");
739 }
740 if (ovl_has_fsid(ofs)) {
741 ofs->config.uuid = OVL_UUID_NULL;
742 pr_warn("...falling back to uuid=null.\n");
743 }
744 /*
745 * xattr support is required for persistent st_ino.
746 * Without persistent st_ino, xino=auto falls back to xino=off.
747 */
748 if (ofs->config.xino == OVL_XINO_AUTO) {
749 ofs->config.xino = OVL_XINO_OFF;
750 pr_warn("...falling back to xino=off.\n");
751 }
752 if (err == -EPERM && !ofs->config.userxattr)
753 pr_info("try mounting with 'userxattr' option\n");
754 err = 0;
755 } else {
756 ovl_removexattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE);
757 }
758
759 /*
760 * We allowed sub-optimal upper fs configuration and don't want to break
761 * users over kernel upgrade, but we never allowed remote upper fs, so
762 * we can enforce strict requirements for remote upper fs.
763 */
764 if (ovl_dentry_remote(ofs->workdir) &&
765 (!d_type || !rename_whiteout || ofs->noxattr)) {
766 pr_err("upper fs missing required features.\n");
767 err = -EINVAL;
768 goto out;
769 }
770
771 /*
772 * For volatile mount, create a incompat/volatile/dirty file to keep
773 * track of it.
774 */
775 if (ovl_is_volatile(&ofs->config)) {
776 err = ovl_create_volatile_dirty(ofs);
777 if (err < 0) {
778 pr_err("Failed to create volatile/dirty file.\n");
779 goto out;
780 }
781 }
782
783 /* Check if upper/work fs supports file handles */
784 fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
785 if (ofs->config.index && !fh_type) {
786 ofs->config.index = false;
787 pr_warn("upper fs does not support file handles, falling back to index=off.\n");
788 }
789 ofs->nofh |= !fh_type;
790
791 /* Check if upper fs has 32bit inode numbers */
792 if (fh_type != FILEID_INO32_GEN)
793 ofs->xino_mode = -1;
794
795 /* NFS export of r/w mount depends on index */
796 if (ofs->config.nfs_export && !ofs->config.index) {
797 pr_warn("NFS export requires \"index=on\", falling back to nfs_export=off.\n");
798 ofs->config.nfs_export = false;
799 }
800 out:
801 mnt_drop_write(mnt);
802 return err;
803 }
804
ovl_get_workdir(struct super_block * sb,struct ovl_fs * ofs,const struct path * upperpath,const struct path * workpath)805 static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs,
806 const struct path *upperpath,
807 const struct path *workpath)
808 {
809 int err;
810
811 err = -EINVAL;
812 if (upperpath->mnt != workpath->mnt) {
813 pr_err("workdir and upperdir must reside under the same mount\n");
814 return err;
815 }
816 if (!ovl_workdir_ok(workpath->dentry, upperpath->dentry)) {
817 pr_err("workdir and upperdir must be separate subtrees\n");
818 return err;
819 }
820
821 ofs->workbasedir = dget(workpath->dentry);
822
823 if (ovl_inuse_trylock(ofs->workbasedir)) {
824 ofs->workdir_locked = true;
825 } else {
826 err = ovl_report_in_use(ofs, "workdir");
827 if (err)
828 return err;
829 }
830
831 err = ovl_setup_trap(sb, ofs->workbasedir, &ofs->workbasedir_trap,
832 "workdir");
833 if (err)
834 return err;
835
836 return ovl_make_workdir(sb, ofs, workpath);
837 }
838
ovl_get_indexdir(struct super_block * sb,struct ovl_fs * ofs,struct ovl_entry * oe,const struct path * upperpath)839 static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs,
840 struct ovl_entry *oe, const struct path *upperpath)
841 {
842 struct vfsmount *mnt = ovl_upper_mnt(ofs);
843 struct dentry *indexdir;
844 struct dentry *origin = ovl_lowerstack(oe)->dentry;
845 const struct ovl_fh *fh;
846 int err;
847
848 fh = ovl_get_origin_fh(ofs, origin);
849 if (IS_ERR(fh))
850 return PTR_ERR(fh);
851
852 err = mnt_want_write(mnt);
853 if (err)
854 goto out_free_fh;
855
856 /* Verify lower root is upper root origin */
857 err = ovl_verify_origin_fh(ofs, upperpath->dentry, fh, true);
858 if (err) {
859 pr_err("failed to verify upper root origin\n");
860 goto out;
861 }
862
863 /* index dir will act also as workdir */
864 iput(ofs->workdir_trap);
865 ofs->workdir_trap = NULL;
866 dput(ofs->workdir);
867 ofs->workdir = NULL;
868 indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
869 if (IS_ERR(indexdir)) {
870 err = PTR_ERR(indexdir);
871 } else if (indexdir) {
872 ofs->workdir = indexdir;
873 err = ovl_setup_trap(sb, indexdir, &ofs->workdir_trap,
874 "indexdir");
875 if (err)
876 goto out;
877
878 /*
879 * Verify upper root is exclusively associated with index dir.
880 * Older kernels stored upper fh in ".overlay.origin"
881 * xattr. If that xattr exists, verify that it is a match to
882 * upper dir file handle. In any case, verify or set xattr
883 * ".overlay.upper" to indicate that index may have
884 * directory entries.
885 */
886 if (ovl_check_origin_xattr(ofs, indexdir)) {
887 err = ovl_verify_origin_xattr(ofs, indexdir,
888 OVL_XATTR_ORIGIN,
889 upperpath->dentry, true,
890 false);
891 if (err)
892 pr_err("failed to verify index dir 'origin' xattr\n");
893 }
894 err = ovl_verify_upper(ofs, indexdir, upperpath->dentry, true);
895 if (err)
896 pr_err("failed to verify index dir 'upper' xattr\n");
897
898 /* Cleanup bad/stale/orphan index entries */
899 if (!err)
900 err = ovl_indexdir_cleanup(ofs);
901 }
902 if (err || !indexdir)
903 pr_warn("try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");
904
905 out:
906 mnt_drop_write(mnt);
907 out_free_fh:
908 kfree(fh);
909 return err;
910 }
911
ovl_lower_uuid_ok(struct ovl_fs * ofs,const uuid_t * uuid)912 static bool ovl_lower_uuid_ok(struct ovl_fs *ofs, const uuid_t *uuid)
913 {
914 unsigned int i;
915
916 if (!ofs->config.nfs_export && !ovl_upper_mnt(ofs))
917 return true;
918
919 /*
920 * We allow using single lower with null uuid for index and nfs_export
921 * for example to support those features with single lower squashfs.
922 * To avoid regressions in setups of overlay with re-formatted lower
923 * squashfs, do not allow decoding origin with lower null uuid unless
924 * user opted-in to one of the new features that require following the
925 * lower inode of non-dir upper.
926 */
927 if (ovl_allow_offline_changes(ofs) && uuid_is_null(uuid))
928 return false;
929
930 for (i = 0; i < ofs->numfs; i++) {
931 /*
932 * We use uuid to associate an overlay lower file handle with a
933 * lower layer, so we can accept lower fs with null uuid as long
934 * as all lower layers with null uuid are on the same fs.
935 * if we detect multiple lower fs with the same uuid, we
936 * disable lower file handle decoding on all of them.
937 */
938 if (ofs->fs[i].is_lower &&
939 ovl_uuid_match(ofs, ofs->fs[i].sb, uuid)) {
940 ofs->fs[i].bad_uuid = true;
941 return false;
942 }
943 }
944 return true;
945 }
946
947 /* Get a unique fsid for the layer */
ovl_get_fsid(struct ovl_fs * ofs,const struct path * path)948 static int ovl_get_fsid(struct ovl_fs *ofs, const struct path *path)
949 {
950 struct super_block *sb = path->mnt->mnt_sb;
951 const uuid_t *uuid = ovl_origin_uuid(ofs) ? &sb->s_uuid : &uuid_null;
952 unsigned int i;
953 dev_t dev;
954 int err;
955 bool bad_uuid = false;
956 bool warn = false;
957
958 for (i = 0; i < ofs->numfs; i++) {
959 if (ofs->fs[i].sb == sb)
960 return i;
961 }
962
963 if (!ovl_lower_uuid_ok(ofs, uuid)) {
964 bad_uuid = true;
965 if (ofs->config.xino == OVL_XINO_AUTO) {
966 ofs->config.xino = OVL_XINO_OFF;
967 warn = true;
968 }
969 if (ofs->config.index || ofs->config.nfs_export) {
970 ofs->config.index = false;
971 ofs->config.nfs_export = false;
972 warn = true;
973 }
974 if (warn) {
975 pr_warn("%s uuid in non-single lower fs '%pd2', falling back to xino=%s,index=off,nfs_export=off.\n",
976 uuid_is_null(uuid) ? "null" : "conflicting",
977 path->dentry, ovl_xino_mode(&ofs->config));
978 }
979 }
980
981 err = get_anon_bdev(&dev);
982 if (err) {
983 pr_err("failed to get anonymous bdev for lowerpath\n");
984 return err;
985 }
986
987 ofs->fs[ofs->numfs].sb = sb;
988 ofs->fs[ofs->numfs].pseudo_dev = dev;
989 ofs->fs[ofs->numfs].bad_uuid = bad_uuid;
990
991 return ofs->numfs++;
992 }
993
994 /*
995 * The fsid after the last lower fsid is used for the data layers.
996 * It is a "null fs" with a null sb, null uuid, and no pseudo dev.
997 */
ovl_get_data_fsid(struct ovl_fs * ofs)998 static int ovl_get_data_fsid(struct ovl_fs *ofs)
999 {
1000 return ofs->numfs;
1001 }
1002
1003 /*
1004 * Set the ovl sb encoding as the same one used by the first layer
1005 */
ovl_set_encoding(struct super_block * sb,struct super_block * fs_sb)1006 static int ovl_set_encoding(struct super_block *sb, struct super_block *fs_sb)
1007 {
1008 if (!sb_has_encoding(fs_sb))
1009 return 0;
1010
1011 #if IS_ENABLED(CONFIG_UNICODE)
1012 if (sb_has_strict_encoding(fs_sb)) {
1013 pr_err("strict encoding not supported\n");
1014 return -EINVAL;
1015 }
1016
1017 sb->s_encoding = fs_sb->s_encoding;
1018 sb->s_encoding_flags = fs_sb->s_encoding_flags;
1019 #endif
1020 return 0;
1021 }
1022
ovl_get_layers(struct super_block * sb,struct ovl_fs * ofs,struct ovl_fs_context * ctx,struct ovl_layer * layers)1023 static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs,
1024 struct ovl_fs_context *ctx, struct ovl_layer *layers)
1025 {
1026 int err;
1027 unsigned int i;
1028 size_t nr_merged_lower;
1029
1030 ofs->fs = kzalloc_objs(struct ovl_sb, ctx->nr + 2);
1031 if (ofs->fs == NULL)
1032 return -ENOMEM;
1033
1034 /*
1035 * idx/fsid 0 are reserved for upper fs even with lower only overlay
1036 * and the last fsid is reserved for "null fs" of the data layers.
1037 */
1038 ofs->numfs++;
1039
1040 /*
1041 * All lower layers that share the same fs as upper layer, use the same
1042 * pseudo_dev as upper layer. Allocate fs[0].pseudo_dev even for lower
1043 * only overlay to simplify ovl_fs_free().
1044 * is_lower will be set if upper fs is shared with a lower layer.
1045 */
1046 err = get_anon_bdev(&ofs->fs[0].pseudo_dev);
1047 if (err) {
1048 pr_err("failed to get anonymous bdev for upper fs\n");
1049 return err;
1050 }
1051
1052 if (ovl_upper_mnt(ofs)) {
1053 ofs->fs[0].sb = ovl_upper_mnt(ofs)->mnt_sb;
1054 ofs->fs[0].is_lower = false;
1055
1056 if (ofs->casefold) {
1057 err = ovl_set_encoding(sb, ofs->fs[0].sb);
1058 if (err)
1059 return err;
1060 }
1061 }
1062
1063 nr_merged_lower = ctx->nr - ctx->nr_data;
1064 for (i = 0; i < ctx->nr; i++) {
1065 struct ovl_fs_context_layer *l = &ctx->lower[i];
1066 struct vfsmount *mnt;
1067 struct inode *trap;
1068 int fsid;
1069
1070 if (i < nr_merged_lower)
1071 fsid = ovl_get_fsid(ofs, &l->path);
1072 else
1073 fsid = ovl_get_data_fsid(ofs);
1074 if (fsid < 0)
1075 return fsid;
1076
1077 /*
1078 * Check if lower root conflicts with this overlay layers before
1079 * checking if it is in-use as upperdir/workdir of "another"
1080 * mount, because we do not bother to check in ovl_is_inuse() if
1081 * the upperdir/workdir is in fact in-use by our
1082 * upperdir/workdir.
1083 */
1084 err = ovl_setup_trap(sb, l->path.dentry, &trap, "lowerdir");
1085 if (err)
1086 return err;
1087
1088 if (ovl_is_inuse(l->path.dentry)) {
1089 err = ovl_report_in_use(ofs, "lowerdir");
1090 if (err) {
1091 iput(trap);
1092 return err;
1093 }
1094 }
1095
1096 mnt = clone_private_mount(&l->path);
1097 err = PTR_ERR(mnt);
1098 if (IS_ERR(mnt)) {
1099 pr_err("failed to clone lowerpath\n");
1100 iput(trap);
1101 return err;
1102 }
1103
1104 /*
1105 * Make lower layers R/O. That way fchmod/fchown on lower file
1106 * will fail instead of modifying lower fs.
1107 */
1108 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
1109
1110 layers[ofs->numlayer].trap = trap;
1111 layers[ofs->numlayer].mnt = mnt;
1112 layers[ofs->numlayer].idx = ofs->numlayer;
1113 layers[ofs->numlayer].fsid = fsid;
1114 layers[ofs->numlayer].fs = &ofs->fs[fsid];
1115 /* Store for printing lowerdir=... in ovl_show_options() */
1116 ofs->config.lowerdirs[ofs->numlayer] = l->name;
1117 l->name = NULL;
1118 ofs->numlayer++;
1119 ofs->fs[fsid].is_lower = true;
1120
1121 if (ofs->casefold) {
1122 if (!ovl_upper_mnt(ofs) && !sb_has_encoding(sb)) {
1123 err = ovl_set_encoding(sb, ofs->fs[fsid].sb);
1124 if (err)
1125 return err;
1126 }
1127
1128 if (!sb_same_encoding(sb, mnt->mnt_sb)) {
1129 pr_err("all layers must have the same encoding\n");
1130 return -EINVAL;
1131 }
1132 }
1133 }
1134
1135 /*
1136 * When all layers on same fs, overlay can use real inode numbers.
1137 * With mount option "xino=<on|auto>", mounter declares that there are
1138 * enough free high bits in underlying fs to hold the unique fsid.
1139 * If overlayfs does encounter underlying inodes using the high xino
1140 * bits reserved for fsid, it emits a warning and uses the original
1141 * inode number or a non persistent inode number allocated from a
1142 * dedicated range.
1143 */
1144 if (ofs->numfs - !ovl_upper_mnt(ofs) == 1) {
1145 if (ofs->config.xino == OVL_XINO_ON)
1146 pr_info("\"xino=on\" is useless with all layers on same fs, ignore.\n");
1147 ofs->xino_mode = 0;
1148 } else if (ofs->config.xino == OVL_XINO_OFF) {
1149 ofs->xino_mode = -1;
1150 } else if (ofs->xino_mode < 0) {
1151 /*
1152 * This is a roundup of number of bits needed for encoding
1153 * fsid, where fsid 0 is reserved for upper fs (even with
1154 * lower only overlay) +1 extra bit is reserved for the non
1155 * persistent inode number range that is used for resolving
1156 * xino lower bits overflow.
1157 */
1158 BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 30);
1159 ofs->xino_mode = ilog2(ofs->numfs - 1) + 2;
1160 }
1161
1162 if (ofs->xino_mode > 0) {
1163 pr_info("\"xino\" feature enabled using %d upper inode bits.\n",
1164 ofs->xino_mode);
1165 }
1166
1167 return 0;
1168 }
1169
ovl_get_lowerstack(struct super_block * sb,struct ovl_fs_context * ctx,struct ovl_fs * ofs,struct ovl_layer * layers)1170 static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
1171 struct ovl_fs_context *ctx,
1172 struct ovl_fs *ofs,
1173 struct ovl_layer *layers)
1174 {
1175 int err;
1176 unsigned int i;
1177 size_t nr_merged_lower;
1178 struct ovl_entry *oe;
1179 struct ovl_path *lowerstack;
1180
1181 struct ovl_fs_context_layer *l;
1182
1183 if (!ofs->config.upperdir && ctx->nr == 1) {
1184 pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n");
1185 return ERR_PTR(-EINVAL);
1186 }
1187
1188 if (ctx->nr == ctx->nr_data) {
1189 pr_err("at least one non-data lowerdir is required\n");
1190 return ERR_PTR(-EINVAL);
1191 }
1192
1193 err = -EINVAL;
1194 for (i = 0; i < ctx->nr; i++) {
1195 l = &ctx->lower[i];
1196
1197 err = ovl_lower_dir(l->name, &l->path, ofs, &sb->s_stack_depth);
1198 if (err)
1199 return ERR_PTR(err);
1200 }
1201
1202 err = -EINVAL;
1203 sb->s_stack_depth++;
1204 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1205 pr_err("maximum fs stacking depth exceeded\n");
1206 return ERR_PTR(err);
1207 }
1208
1209 err = ovl_get_layers(sb, ofs, ctx, layers);
1210 if (err)
1211 return ERR_PTR(err);
1212
1213 err = -ENOMEM;
1214 /* Data-only layers are not merged in root directory */
1215 nr_merged_lower = ctx->nr - ctx->nr_data;
1216 oe = ovl_alloc_entry(nr_merged_lower);
1217 if (!oe)
1218 return ERR_PTR(err);
1219
1220 lowerstack = ovl_lowerstack(oe);
1221 for (i = 0; i < nr_merged_lower; i++) {
1222 l = &ctx->lower[i];
1223 lowerstack[i].dentry = dget(l->path.dentry);
1224 lowerstack[i].layer = &ofs->layers[i + 1];
1225 }
1226 ofs->numdatalayer = ctx->nr_data;
1227
1228 return oe;
1229 }
1230
1231 /*
1232 * Check if this layer root is a descendant of:
1233 * - another layer of this overlayfs instance
1234 * - upper/work dir of any overlayfs instance
1235 */
ovl_check_layer(struct super_block * sb,struct ovl_fs * ofs,struct dentry * dentry,const char * name,bool is_lower)1236 static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs,
1237 struct dentry *dentry, const char *name,
1238 bool is_lower)
1239 {
1240 struct dentry *next = dentry, *parent;
1241 int err = 0;
1242
1243 if (!dentry)
1244 return 0;
1245
1246 parent = dget_parent(next);
1247
1248 /* Walk back ancestors to root (inclusive) looking for traps */
1249 while (!err && parent != next) {
1250 if (is_lower && ovl_lookup_trap_inode(sb, parent)) {
1251 err = -ELOOP;
1252 pr_err("overlapping %s path\n", name);
1253 } else if (ovl_is_inuse(parent)) {
1254 err = ovl_report_in_use(ofs, name);
1255 }
1256 next = parent;
1257 parent = dget_parent(next);
1258 dput(next);
1259 }
1260
1261 dput(parent);
1262
1263 return err;
1264 }
1265
1266 /*
1267 * Check if any of the layers or work dirs overlap.
1268 */
ovl_check_overlapping_layers(struct super_block * sb,struct ovl_fs * ofs)1269 static int ovl_check_overlapping_layers(struct super_block *sb,
1270 struct ovl_fs *ofs)
1271 {
1272 int i, err;
1273
1274 if (ovl_upper_mnt(ofs)) {
1275 err = ovl_check_layer(sb, ofs, ovl_upper_mnt(ofs)->mnt_root,
1276 "upperdir", false);
1277 if (err)
1278 return err;
1279
1280 /*
1281 * Checking workbasedir avoids hitting ovl_is_inuse(parent) of
1282 * this instance and covers overlapping work and index dirs,
1283 * unless work or index dir have been moved since created inside
1284 * workbasedir. In that case, we already have their traps in
1285 * inode cache and we will catch that case on lookup.
1286 */
1287 err = ovl_check_layer(sb, ofs, ofs->workbasedir, "workdir",
1288 false);
1289 if (err)
1290 return err;
1291 }
1292
1293 for (i = 1; i < ofs->numlayer; i++) {
1294 err = ovl_check_layer(sb, ofs,
1295 ofs->layers[i].mnt->mnt_root,
1296 "lowerdir", true);
1297 if (err)
1298 return err;
1299 }
1300
1301 return 0;
1302 }
1303
ovl_get_root(struct super_block * sb,struct dentry * upperdentry,struct ovl_entry * oe)1304 static struct dentry *ovl_get_root(struct super_block *sb,
1305 struct dentry *upperdentry,
1306 struct ovl_entry *oe)
1307 {
1308 struct dentry *root;
1309 struct ovl_fs *ofs = OVL_FS(sb);
1310 struct ovl_path *lowerpath = ovl_lowerstack(oe);
1311 unsigned long ino = d_inode(lowerpath->dentry)->i_ino;
1312 int fsid = lowerpath->layer->fsid;
1313 struct ovl_inode_params oip = {
1314 .upperdentry = upperdentry,
1315 .oe = oe,
1316 };
1317
1318 root = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
1319 if (!root)
1320 return NULL;
1321
1322 if (upperdentry) {
1323 /* Root inode uses upper st_ino/i_ino */
1324 ino = d_inode(upperdentry)->i_ino;
1325 fsid = 0;
1326 ovl_dentry_set_upper_alias(root);
1327 if (ovl_is_impuredir(sb, upperdentry))
1328 ovl_set_flag(OVL_IMPURE, d_inode(root));
1329 }
1330
1331 /* Look for xwhiteouts marker except in the lowermost layer */
1332 for (int i = 0; i < ovl_numlower(oe) - 1; i++, lowerpath++) {
1333 struct path path = {
1334 .mnt = lowerpath->layer->mnt,
1335 .dentry = lowerpath->dentry,
1336 };
1337
1338 /* overlay.opaque=x means xwhiteouts directory */
1339 if (ovl_get_opaquedir_val(ofs, &path) == 'x') {
1340 ovl_layer_set_xwhiteouts(ofs, lowerpath->layer);
1341 ovl_dentry_set_xwhiteouts(root);
1342 }
1343 }
1344
1345 /* Root is always merge -> can have whiteouts */
1346 ovl_set_flag(OVL_WHITEOUTS, d_inode(root));
1347 ovl_dentry_set_flag(OVL_E_CONNECTED, root);
1348 ovl_set_upperdata(d_inode(root));
1349 ovl_inode_init(d_inode(root), &oip, ino, fsid);
1350 WARN_ON(!!IS_CASEFOLDED(d_inode(root)) != ofs->casefold);
1351 ovl_dentry_init_flags(root, upperdentry, oe, DCACHE_OP_WEAK_REVALIDATE);
1352 /* root keeps a reference of upperdentry */
1353 dget(upperdentry);
1354
1355 return root;
1356 }
1357
ovl_set_d_op(struct super_block * sb)1358 static void ovl_set_d_op(struct super_block *sb)
1359 {
1360 #if IS_ENABLED(CONFIG_UNICODE)
1361 struct ovl_fs *ofs = sb->s_fs_info;
1362
1363 if (ofs->casefold) {
1364 set_default_d_op(sb, &ovl_dentry_ci_operations);
1365 return;
1366 }
1367 #endif
1368 set_default_d_op(sb, &ovl_dentry_operations);
1369 }
1370
ovl_fill_super_creds(struct fs_context * fc,struct super_block * sb)1371 static int ovl_fill_super_creds(struct fs_context *fc, struct super_block *sb)
1372 {
1373 struct ovl_fs *ofs = sb->s_fs_info;
1374 struct cred *creator_cred = (struct cred *)ofs->creator_cred;
1375 struct ovl_fs_context *ctx = fc->fs_private;
1376 struct ovl_layer *layers;
1377 struct ovl_entry *oe = NULL;
1378 int err;
1379
1380 err = ovl_fs_params_verify(ctx, &ofs->config);
1381 if (err)
1382 return err;
1383
1384 err = -EINVAL;
1385 if (ctx->nr == 0) {
1386 if (!(fc->sb_flags & SB_SILENT))
1387 pr_err("missing 'lowerdir'\n");
1388 return err;
1389 }
1390
1391 err = -ENOMEM;
1392 layers = kzalloc_objs(struct ovl_layer, ctx->nr + 1);
1393 if (!layers)
1394 return err;
1395
1396 ofs->config.lowerdirs = kcalloc(ctx->nr + 1, sizeof(char *), GFP_KERNEL);
1397 if (!ofs->config.lowerdirs) {
1398 kfree(layers);
1399 return err;
1400 }
1401 ofs->layers = layers;
1402 /*
1403 * Layer 0 is reserved for upper even if there's no upper.
1404 * config.lowerdirs[0] is used for storing the user provided colon
1405 * separated lowerdir string.
1406 */
1407 ofs->config.lowerdirs[0] = ctx->lowerdir_all;
1408 ctx->lowerdir_all = NULL;
1409 ofs->numlayer = 1;
1410
1411 sb->s_stack_depth = 0;
1412 sb->s_maxbytes = MAX_LFS_FILESIZE;
1413 atomic_long_set(&ofs->last_ino, 1);
1414 /* Assume underlying fs uses 32bit inodes unless proven otherwise */
1415 if (ofs->config.xino != OVL_XINO_OFF) {
1416 ofs->xino_mode = BITS_PER_LONG - 32;
1417 if (!ofs->xino_mode) {
1418 pr_warn("xino not supported on 32bit kernel, falling back to xino=off.\n");
1419 ofs->config.xino = OVL_XINO_OFF;
1420 }
1421 }
1422
1423 /* alloc/destroy_inode needed for setting up traps in inode cache */
1424 sb->s_op = &ovl_super_operations;
1425
1426 if (ofs->config.upperdir) {
1427 struct super_block *upper_sb;
1428
1429 err = -EINVAL;
1430 if (!ofs->config.workdir) {
1431 pr_err("missing 'workdir'\n");
1432 return err;
1433 }
1434
1435 err = ovl_get_upper(sb, ofs, &layers[0], &ctx->upper);
1436 if (err)
1437 return err;
1438
1439 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
1440 if (!ovl_should_sync(ofs)) {
1441 ofs->errseq = errseq_sample(&upper_sb->s_wb_err);
1442 if (errseq_check(&upper_sb->s_wb_err, ofs->errseq)) {
1443 err = -EIO;
1444 pr_err("Cannot mount volatile when upperdir has an unseen error. Sync upperdir fs to clear state.\n");
1445 return err;
1446 }
1447 }
1448
1449 err = ovl_get_workdir(sb, ofs, &ctx->upper, &ctx->work);
1450 if (err)
1451 return err;
1452
1453 if (!ofs->workdir)
1454 sb->s_flags |= SB_RDONLY;
1455
1456 sb->s_stack_depth = upper_sb->s_stack_depth;
1457 sb->s_time_gran = upper_sb->s_time_gran;
1458 }
1459 oe = ovl_get_lowerstack(sb, ctx, ofs, layers);
1460 err = PTR_ERR(oe);
1461 if (IS_ERR(oe))
1462 return err;
1463
1464 /* If the upper fs is nonexistent, we mark overlayfs r/o too */
1465 if (!ovl_upper_mnt(ofs))
1466 sb->s_flags |= SB_RDONLY;
1467
1468 if (ovl_has_fsid(ofs) && ovl_upper_mnt(ofs)) {
1469 /* Use per instance persistent uuid/fsid */
1470 ovl_init_uuid_xattr(sb, ofs, &ctx->upper);
1471 }
1472
1473 if (!ovl_force_readonly(ofs) && ofs->config.index) {
1474 err = ovl_get_indexdir(sb, ofs, oe, &ctx->upper);
1475 if (err)
1476 goto out_free_oe;
1477
1478 /* Force r/o mount with no index dir */
1479 if (!ofs->workdir)
1480 sb->s_flags |= SB_RDONLY;
1481 }
1482
1483 err = ovl_check_overlapping_layers(sb, ofs);
1484 if (err)
1485 goto out_free_oe;
1486
1487 /* Show index=off in /proc/mounts for forced r/o mount */
1488 if (!ofs->workdir) {
1489 ofs->config.index = false;
1490 if (ovl_upper_mnt(ofs) && ofs->config.nfs_export) {
1491 pr_warn("NFS export requires an index dir, falling back to nfs_export=off.\n");
1492 ofs->config.nfs_export = false;
1493 }
1494 }
1495
1496 if (ofs->config.metacopy && ofs->config.nfs_export) {
1497 pr_warn("NFS export is not supported with metadata only copy up, falling back to nfs_export=off.\n");
1498 ofs->config.nfs_export = false;
1499 }
1500
1501 /*
1502 * Support encoding decodable file handles with nfs_export=on
1503 * and encoding non-decodable file handles with nfs_export=off
1504 * if all layers support file handles.
1505 */
1506 if (ofs->config.nfs_export)
1507 sb->s_export_op = &ovl_export_operations;
1508 else if (!ofs->nofh)
1509 sb->s_export_op = &ovl_export_fid_operations;
1510
1511 /* Never override disk quota limits or use reserved space */
1512 cap_lower(creator_cred->cap_effective, CAP_SYS_RESOURCE);
1513
1514 sb->s_magic = OVERLAYFS_SUPER_MAGIC;
1515 sb->s_xattr = ovl_xattr_handlers(ofs);
1516 sb->s_fs_info = ofs;
1517 #ifdef CONFIG_FS_POSIX_ACL
1518 sb->s_flags |= SB_POSIXACL;
1519 #endif
1520 sb->s_iflags |= SB_I_SKIP_SYNC;
1521 /*
1522 * Ensure that umask handling is done by the filesystems used
1523 * for the the upper layer instead of overlayfs as that would
1524 * lead to unexpected results.
1525 */
1526 sb->s_iflags |= SB_I_NOUMASK;
1527 sb->s_iflags |= SB_I_EVM_HMAC_UNSUPPORTED;
1528
1529 err = -ENOMEM;
1530 sb->s_root = ovl_get_root(sb, ctx->upper.dentry, oe);
1531 if (!sb->s_root)
1532 goto out_free_oe;
1533
1534 return 0;
1535
1536 out_free_oe:
1537 ovl_free_entry(oe);
1538 return err;
1539 }
1540
ovl_fill_super(struct super_block * sb,struct fs_context * fc)1541 int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
1542 {
1543 struct ovl_fs *ofs = sb->s_fs_info;
1544 int err;
1545
1546 err = -EIO;
1547 if (WARN_ON(fc->user_ns != current_user_ns()))
1548 goto out_err;
1549
1550 ovl_set_d_op(sb);
1551
1552 if (!ofs->creator_cred) {
1553 err = -ENOMEM;
1554 ofs->creator_cred = prepare_creds();
1555 if (!ofs->creator_cred)
1556 goto out_err;
1557 }
1558
1559 with_ovl_creds(sb)
1560 err = ovl_fill_super_creds(fc, sb);
1561
1562 out_err:
1563 if (err) {
1564 ovl_free_fs(ofs);
1565 sb->s_fs_info = NULL;
1566 }
1567
1568 return err;
1569 }
1570
1571 struct file_system_type ovl_fs_type = {
1572 .owner = THIS_MODULE,
1573 .name = "overlay",
1574 .init_fs_context = ovl_init_fs_context,
1575 .parameters = ovl_parameter_spec,
1576 .fs_flags = FS_USERNS_MOUNT,
1577 .kill_sb = kill_anon_super,
1578 };
1579 MODULE_ALIAS_FS("overlay");
1580
ovl_inode_init_once(void * foo)1581 static void ovl_inode_init_once(void *foo)
1582 {
1583 struct ovl_inode *oi = foo;
1584
1585 inode_init_once(&oi->vfs_inode);
1586 }
1587
ovl_init(void)1588 static int __init ovl_init(void)
1589 {
1590 int err;
1591
1592 ovl_inode_cachep = kmem_cache_create("ovl_inode",
1593 sizeof(struct ovl_inode), 0,
1594 (SLAB_RECLAIM_ACCOUNT|
1595 SLAB_ACCOUNT),
1596 ovl_inode_init_once);
1597 if (ovl_inode_cachep == NULL)
1598 return -ENOMEM;
1599
1600 err = register_filesystem(&ovl_fs_type);
1601 if (!err)
1602 return 0;
1603
1604 kmem_cache_destroy(ovl_inode_cachep);
1605
1606 return err;
1607 }
1608
ovl_exit(void)1609 static void __exit ovl_exit(void)
1610 {
1611 unregister_filesystem(&ovl_fs_type);
1612
1613 /*
1614 * Make sure all delayed rcu free inodes are flushed before we
1615 * destroy cache.
1616 */
1617 rcu_barrier();
1618 kmem_cache_destroy(ovl_inode_cachep);
1619 }
1620
1621 module_init(ovl_init);
1622 module_exit(ovl_exit);
1623