1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Provide a way to create a superblock configuration context within the kernel 3 * that allows a superblock to be set up prior to mounting. 4 * 5 * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. 6 * Written by David Howells (dhowells@redhat.com) 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 #include <linux/module.h> 11 #include <linux/fs_context.h> 12 #include <linux/fs_parser.h> 13 #include <linux/fs.h> 14 #include <linux/mount.h> 15 #include <linux/nsproxy.h> 16 #include <linux/slab.h> 17 #include <linux/magic.h> 18 #include <linux/security.h> 19 #include <linux/mnt_namespace.h> 20 #include <linux/pid_namespace.h> 21 #include <linux/user_namespace.h> 22 #include <net/net_namespace.h> 23 #include <asm/sections.h> 24 #include "mount.h" 25 #include "internal.h" 26 27 static const struct constant_table common_set_sb_flag[] = { 28 { "dirsync", SB_DIRSYNC }, 29 { "lazytime", SB_LAZYTIME }, 30 { "mand", SB_MANDLOCK }, 31 { "ro", SB_RDONLY }, 32 { "sync", SB_SYNCHRONOUS }, 33 { }, 34 }; 35 36 static const struct constant_table common_clear_sb_flag[] = { 37 { "async", SB_SYNCHRONOUS }, 38 { "nolazytime", SB_LAZYTIME }, 39 { "nomand", SB_MANDLOCK }, 40 { "rw", SB_RDONLY }, 41 { }, 42 }; 43 44 /* 45 * Check for a common mount option that manipulates s_flags. 46 */ 47 static int vfs_parse_sb_flag(struct fs_context *fc, const char *key) 48 { 49 unsigned int token; 50 51 token = lookup_constant(common_set_sb_flag, key, 0); 52 if (token) { 53 fc->sb_flags |= token; 54 fc->sb_flags_mask |= token; 55 return 0; 56 } 57 58 token = lookup_constant(common_clear_sb_flag, key, 0); 59 if (token) { 60 fc->sb_flags &= ~token; 61 fc->sb_flags_mask |= token; 62 return 0; 63 } 64 65 return -ENOPARAM; 66 } 67 68 /** 69 * vfs_parse_fs_param_source - Handle setting "source" via parameter 70 * @fc: The filesystem context to modify 71 * @param: The parameter 72 * 73 * This is a simple helper for filesystems to verify that the "source" they 74 * accept is sane. 75 * 76 * Returns 0 on success, -ENOPARAM if this is not "source" parameter, and 77 * -EINVAL otherwise. In the event of failure, supplementary error information 78 * is logged. 79 */ 80 int vfs_parse_fs_param_source(struct fs_context *fc, struct fs_parameter *param) 81 { 82 if (strcmp(param->key, "source") != 0) 83 return -ENOPARAM; 84 85 if (param->type != fs_value_is_string) 86 return invalf(fc, "Non-string source"); 87 88 if (fc->source) 89 return invalf(fc, "Multiple sources"); 90 91 fc->source = param->string; 92 param->string = NULL; 93 return 0; 94 } 95 EXPORT_SYMBOL(vfs_parse_fs_param_source); 96 97 /** 98 * vfs_parse_fs_param - Add a single parameter to a superblock config 99 * @fc: The filesystem context to modify 100 * @param: The parameter 101 * 102 * A single mount option in string form is applied to the filesystem context 103 * being set up. Certain standard options (for example "ro") are translated 104 * into flag bits without going to the filesystem. The active security module 105 * is allowed to observe and poach options. Any other options are passed over 106 * to the filesystem to parse. 107 * 108 * This may be called multiple times for a context. 109 * 110 * Returns 0 on success and a negative error code on failure. In the event of 111 * failure, supplementary error information may have been set. 112 */ 113 int vfs_parse_fs_param(struct fs_context *fc, struct fs_parameter *param) 114 { 115 int ret; 116 117 if (!param->key) 118 return invalf(fc, "Unnamed parameter\n"); 119 120 ret = vfs_parse_sb_flag(fc, param->key); 121 if (ret != -ENOPARAM) 122 return ret; 123 124 ret = security_fs_context_parse_param(fc, param); 125 if (ret != -ENOPARAM) 126 /* Param belongs to the LSM or is disallowed by the LSM; so 127 * don't pass to the FS. 128 */ 129 return ret; 130 131 if (fc->ops->parse_param) { 132 ret = fc->ops->parse_param(fc, param); 133 if (ret != -ENOPARAM) 134 return ret; 135 } 136 137 /* If the filesystem doesn't take any arguments, give it the 138 * default handling of source. 139 */ 140 ret = vfs_parse_fs_param_source(fc, param); 141 if (ret != -ENOPARAM) 142 return ret; 143 144 return invalf(fc, "%s: Unknown parameter '%s'", 145 fc->fs_type->name, param->key); 146 } 147 EXPORT_SYMBOL(vfs_parse_fs_param); 148 149 /** 150 * vfs_parse_fs_qstr - Convenience function to just parse a string. 151 * @fc: Filesystem context. 152 * @key: Parameter name. 153 * @value: Default value. 154 */ 155 int vfs_parse_fs_qstr(struct fs_context *fc, const char *key, 156 const struct qstr *value) 157 { 158 int ret; 159 160 struct fs_parameter param = { 161 .key = key, 162 .type = fs_value_is_flag, 163 .size = value ? value->len : 0, 164 }; 165 166 if (value) { 167 param.string = kmemdup_nul(value->name, value->len, GFP_KERNEL); 168 if (!param.string) 169 return -ENOMEM; 170 param.type = fs_value_is_string; 171 } 172 173 ret = vfs_parse_fs_param(fc, ¶m); 174 kfree(param.string); 175 return ret; 176 } 177 EXPORT_SYMBOL(vfs_parse_fs_qstr); 178 179 /** 180 * vfs_parse_monolithic_sep - Parse key[=val][,key[=val]]* mount data 181 * @fc: The superblock configuration to fill in. 182 * @data: The data to parse 183 * @sep: callback for separating next option 184 * 185 * Parse a blob of data that's in key[=val][,key[=val]]* form with a custom 186 * option separator callback. 187 * 188 * Returns 0 on success or the error returned by the ->parse_option() fs_context 189 * operation on failure. 190 */ 191 int vfs_parse_monolithic_sep(struct fs_context *fc, void *data, 192 char *(*sep)(char **)) 193 { 194 char *options = data, *key; 195 int ret = 0; 196 197 if (!options) 198 return 0; 199 200 ret = security_sb_eat_lsm_opts(options, &fc->security); 201 if (ret) 202 return ret; 203 204 while ((key = sep(&options)) != NULL) { 205 if (*key) { 206 char *value = strchr(key, '='); 207 208 if (value) { 209 if (unlikely(value == key)) 210 continue; 211 *value++ = 0; 212 } 213 ret = vfs_parse_fs_string(fc, key, value); 214 if (ret < 0) 215 break; 216 } 217 } 218 219 return ret; 220 } 221 EXPORT_SYMBOL(vfs_parse_monolithic_sep); 222 223 static char *vfs_parse_comma_sep(char **s) 224 { 225 return strsep(s, ","); 226 } 227 228 /** 229 * generic_parse_monolithic - Parse key[=val][,key[=val]]* mount data 230 * @fc: The superblock configuration to fill in. 231 * @data: The data to parse 232 * 233 * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be 234 * called from the ->monolithic_mount_data() fs_context operation. 235 * 236 * Returns 0 on success or the error returned by the ->parse_option() fs_context 237 * operation on failure. 238 */ 239 int generic_parse_monolithic(struct fs_context *fc, void *data) 240 { 241 return vfs_parse_monolithic_sep(fc, data, vfs_parse_comma_sep); 242 } 243 EXPORT_SYMBOL(generic_parse_monolithic); 244 245 /** 246 * alloc_fs_context - Create a filesystem context. 247 * @fs_type: The filesystem type. 248 * @reference: The dentry from which this one derives (or NULL) 249 * @sb_flags: Filesystem/superblock flags (SB_*) 250 * @sb_flags_mask: Applicable members of @sb_flags 251 * @purpose: The purpose that this configuration shall be used for. 252 * 253 * Open a filesystem and create a mount context. The mount context is 254 * initialised with the supplied flags and, if a submount/automount from 255 * another superblock (referred to by @reference) is supplied, may have 256 * parameters such as namespaces copied across from that superblock. 257 */ 258 static struct fs_context *alloc_fs_context(struct file_system_type *fs_type, 259 struct dentry *reference, 260 unsigned int sb_flags, 261 unsigned int sb_flags_mask, 262 enum fs_context_purpose purpose) 263 { 264 struct fs_context *fc; 265 int ret = -ENOMEM; 266 267 fc = kzalloc_obj(struct fs_context, GFP_KERNEL_ACCOUNT); 268 if (!fc) 269 return ERR_PTR(-ENOMEM); 270 271 fc->purpose = purpose; 272 fc->sb_flags = sb_flags; 273 fc->sb_flags_mask = sb_flags_mask; 274 fc->fs_type = get_filesystem(fs_type); 275 fc->cred = get_current_cred(); 276 fc->net_ns = get_net(current->nsproxy->net_ns); 277 fc->log.prefix = fs_type->name; 278 279 mutex_init(&fc->uapi_mutex); 280 281 switch (purpose) { 282 case FS_CONTEXT_FOR_MOUNT: 283 fc->user_ns = get_user_ns(fc->cred->user_ns); 284 break; 285 case FS_CONTEXT_FOR_SUBMOUNT: 286 fc->user_ns = get_user_ns(reference->d_sb->s_user_ns); 287 break; 288 case FS_CONTEXT_FOR_RECONFIGURE: 289 atomic_inc(&reference->d_sb->s_active); 290 fc->user_ns = get_user_ns(reference->d_sb->s_user_ns); 291 fc->root = dget(reference); 292 break; 293 } 294 295 ret = fc->fs_type->init_fs_context(fc); 296 if (ret < 0) 297 goto err_fc; 298 fc->need_free = true; 299 return fc; 300 301 err_fc: 302 put_fs_context(fc); 303 return ERR_PTR(ret); 304 } 305 306 struct fs_context *fs_context_for_mount(struct file_system_type *fs_type, 307 unsigned int sb_flags) 308 { 309 return alloc_fs_context(fs_type, NULL, sb_flags, 0, 310 FS_CONTEXT_FOR_MOUNT); 311 } 312 EXPORT_SYMBOL(fs_context_for_mount); 313 314 struct fs_context *fs_context_for_reconfigure(struct dentry *dentry, 315 unsigned int sb_flags, 316 unsigned int sb_flags_mask) 317 { 318 return alloc_fs_context(dentry->d_sb->s_type, dentry, sb_flags, 319 sb_flags_mask, FS_CONTEXT_FOR_RECONFIGURE); 320 } 321 322 /** 323 * fs_context_for_submount: allocate a new fs_context for a submount 324 * @type: file_system_type of the new context 325 * @reference: reference dentry from which to copy relevant info 326 * 327 * Allocate a new fs_context suitable for a submount. This also ensures that 328 * the fc->security object is inherited from @reference (if needed). 329 */ 330 struct fs_context *fs_context_for_submount(struct file_system_type *type, 331 struct dentry *reference) 332 { 333 struct fs_context *fc; 334 int ret; 335 336 fc = alloc_fs_context(type, reference, 0, 0, FS_CONTEXT_FOR_SUBMOUNT); 337 if (IS_ERR(fc)) 338 return fc; 339 340 ret = security_fs_context_submount(fc, reference->d_sb); 341 if (ret) { 342 put_fs_context(fc); 343 return ERR_PTR(ret); 344 } 345 346 return fc; 347 } 348 EXPORT_SYMBOL(fs_context_for_submount); 349 350 void fc_drop_locked(struct fs_context *fc) 351 { 352 struct super_block *sb = fc->root->d_sb; 353 dput(fc->root); 354 fc->root = NULL; 355 deactivate_locked_super(sb); 356 } 357 358 /** 359 * vfs_dup_fs_context - Duplicate a filesystem context. 360 * @src_fc: The context to copy. 361 */ 362 struct fs_context *vfs_dup_fs_context(struct fs_context *src_fc) 363 { 364 struct fs_context *fc; 365 int ret; 366 367 if (!src_fc->ops->dup) 368 return ERR_PTR(-EOPNOTSUPP); 369 370 fc = kmemdup(src_fc, sizeof(struct fs_context), GFP_KERNEL); 371 if (!fc) 372 return ERR_PTR(-ENOMEM); 373 374 mutex_init(&fc->uapi_mutex); 375 376 fc->fs_private = NULL; 377 fc->s_fs_info = NULL; 378 fc->source = NULL; 379 fc->security = NULL; 380 get_filesystem(fc->fs_type); 381 get_net(fc->net_ns); 382 get_user_ns(fc->user_ns); 383 get_cred(fc->cred); 384 if (fc->log.log) 385 refcount_inc(&fc->log.log->usage); 386 387 /* Can't call put until we've called ->dup */ 388 ret = fc->ops->dup(fc, src_fc); 389 if (ret < 0) 390 goto err_fc; 391 392 ret = security_fs_context_dup(fc, src_fc); 393 if (ret < 0) 394 goto err_fc; 395 return fc; 396 397 err_fc: 398 put_fs_context(fc); 399 return ERR_PTR(ret); 400 } 401 EXPORT_SYMBOL(vfs_dup_fs_context); 402 403 /** 404 * logfc - Log a message to a filesystem context 405 * @log: The filesystem context to log to, or NULL to use printk. 406 * @prefix: A string to prefix the output with, or NULL. 407 * @level: 'w' for a warning, 'e' for an error. Anything else is a notice. 408 * @fmt: The format of the buffer. 409 */ 410 void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, ...) 411 { 412 va_list va; 413 struct va_format vaf = {.fmt = fmt, .va = &va}; 414 415 va_start(va, fmt); 416 if (!log) { 417 switch (level) { 418 case 'w': 419 printk(KERN_WARNING "%s%s%pV\n", prefix ? prefix : "", 420 prefix ? ": " : "", &vaf); 421 break; 422 case 'e': 423 printk(KERN_ERR "%s%s%pV\n", prefix ? prefix : "", 424 prefix ? ": " : "", &vaf); 425 break; 426 case 'i': 427 printk(KERN_INFO "%s%s%pV\n", prefix ? prefix : "", 428 prefix ? ": " : "", &vaf); 429 break; 430 default: 431 printk(KERN_NOTICE "%s%s%pV\n", prefix ? prefix : "", 432 prefix ? ": " : "", &vaf); 433 break; 434 } 435 } else { 436 unsigned int logsize = ARRAY_SIZE(log->buffer); 437 u8 index; 438 char *q = kasprintf(GFP_KERNEL, "%c %s%s%pV\n", level, 439 prefix ? prefix : "", 440 prefix ? ": " : "", &vaf); 441 442 index = log->head & (logsize - 1); 443 BUILD_BUG_ON(sizeof(log->head) != sizeof(u8) || 444 sizeof(log->tail) != sizeof(u8)); 445 if ((u8)(log->head - log->tail) == logsize) { 446 /* The buffer is full, discard the oldest message */ 447 if (log->need_free & (1 << index)) 448 kfree(log->buffer[index]); 449 log->tail++; 450 } 451 452 log->buffer[index] = q ? q : "OOM: Can't store error string"; 453 if (q) 454 log->need_free |= 1 << index; 455 else 456 log->need_free &= ~(1 << index); 457 log->head++; 458 } 459 va_end(va); 460 } 461 EXPORT_SYMBOL(logfc); 462 463 /* 464 * Free a logging structure. 465 */ 466 static void put_fc_log(struct fs_context *fc) 467 { 468 struct fc_log *log = fc->log.log; 469 int i; 470 471 if (log) { 472 if (refcount_dec_and_test(&log->usage)) { 473 fc->log.log = NULL; 474 for (i = 0; i < ARRAY_SIZE(log->buffer) ; i++) 475 if (log->need_free & (1 << i)) 476 kfree(log->buffer[i]); 477 kfree(log); 478 } 479 } 480 } 481 482 /** 483 * put_fs_context - Dispose of a superblock configuration context. 484 * @fc: The context to dispose of. 485 */ 486 void put_fs_context(struct fs_context *fc) 487 { 488 struct super_block *sb; 489 490 if (fc->root) { 491 sb = fc->root->d_sb; 492 dput(fc->root); 493 fc->root = NULL; 494 deactivate_super(sb); 495 } 496 497 if (fc->need_free && fc->ops && fc->ops->free) 498 fc->ops->free(fc); 499 500 security_free_mnt_opts(&fc->security); 501 put_net(fc->net_ns); 502 put_user_ns(fc->user_ns); 503 put_cred(fc->cred); 504 put_fc_log(fc); 505 put_filesystem(fc->fs_type); 506 kfree(fc->source); 507 kfree(fc); 508 } 509 EXPORT_SYMBOL(put_fs_context); 510 511 int parse_monolithic_mount_data(struct fs_context *fc, void *data) 512 { 513 int (*monolithic_mount_data)(struct fs_context *, void *); 514 515 monolithic_mount_data = fc->ops->parse_monolithic; 516 if (!monolithic_mount_data) 517 monolithic_mount_data = generic_parse_monolithic; 518 519 return monolithic_mount_data(fc, data); 520 } 521 522 /* 523 * Clean up a context after performing an action on it and put it into a state 524 * from where it can be used to reconfigure a superblock. 525 * 526 * Note that here we do only the parts that can't fail; the rest is in 527 * finish_clean_context() below and in between those fs_context is marked 528 * FS_CONTEXT_AWAITING_RECONF. The reason for splitup is that after 529 * successful mount or remount we need to report success to userland. 530 * Trying to do full reinit (for the sake of possible subsequent remount) 531 * and failing to allocate memory would've put us into a nasty situation. 532 * So here we only discard the old state and reinitialization is left 533 * until we actually try to reconfigure. 534 */ 535 void vfs_clean_context(struct fs_context *fc) 536 { 537 if (fc->need_free && fc->ops && fc->ops->free) 538 fc->ops->free(fc); 539 fc->need_free = false; 540 fc->fs_private = NULL; 541 fc->s_fs_info = NULL; 542 fc->sb_flags = 0; 543 security_free_mnt_opts(&fc->security); 544 kfree(fc->source); 545 fc->source = NULL; 546 fc->exclusive = false; 547 548 fc->purpose = FS_CONTEXT_FOR_RECONFIGURE; 549 fc->phase = FS_CONTEXT_AWAITING_RECONF; 550 } 551 552 int finish_clean_context(struct fs_context *fc) 553 { 554 int error; 555 556 if (fc->phase != FS_CONTEXT_AWAITING_RECONF) 557 return 0; 558 559 error = fc->fs_type->init_fs_context(fc); 560 561 if (unlikely(error)) { 562 fc->phase = FS_CONTEXT_FAILED; 563 return error; 564 } 565 fc->need_free = true; 566 fc->phase = FS_CONTEXT_RECONF_PARAMS; 567 return 0; 568 } 569