1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum ovl_opt { 47 Opt_lowerdir, 48 Opt_lowerdir_add, 49 Opt_datadir_add, 50 Opt_upperdir, 51 Opt_workdir, 52 Opt_default_permissions, 53 Opt_redirect_dir, 54 Opt_index, 55 Opt_uuid, 56 Opt_nfs_export, 57 Opt_userxattr, 58 Opt_xino, 59 Opt_metacopy, 60 Opt_verity, 61 Opt_volatile, 62 Opt_override_creds, 63 }; 64 65 static const struct constant_table ovl_parameter_bool[] = { 66 { "on", true }, 67 { "off", false }, 68 {} 69 }; 70 71 static const struct constant_table ovl_parameter_uuid[] = { 72 { "off", OVL_UUID_OFF }, 73 { "null", OVL_UUID_NULL }, 74 { "auto", OVL_UUID_AUTO }, 75 { "on", OVL_UUID_ON }, 76 {} 77 }; 78 79 static const char *ovl_uuid_mode(struct ovl_config *config) 80 { 81 return ovl_parameter_uuid[config->uuid].name; 82 } 83 84 static int ovl_uuid_def(void) 85 { 86 return OVL_UUID_AUTO; 87 } 88 89 static const struct constant_table ovl_parameter_xino[] = { 90 { "off", OVL_XINO_OFF }, 91 { "auto", OVL_XINO_AUTO }, 92 { "on", OVL_XINO_ON }, 93 {} 94 }; 95 96 const char *ovl_xino_mode(struct ovl_config *config) 97 { 98 return ovl_parameter_xino[config->xino].name; 99 } 100 101 static int ovl_xino_def(void) 102 { 103 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 104 } 105 106 const struct constant_table ovl_parameter_redirect_dir[] = { 107 { "off", OVL_REDIRECT_OFF }, 108 { "follow", OVL_REDIRECT_FOLLOW }, 109 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 110 { "on", OVL_REDIRECT_ON }, 111 {} 112 }; 113 114 static const char *ovl_redirect_mode(struct ovl_config *config) 115 { 116 return ovl_parameter_redirect_dir[config->redirect_mode].name; 117 } 118 119 static int ovl_redirect_mode_def(void) 120 { 121 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 122 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 123 OVL_REDIRECT_NOFOLLOW; 124 } 125 126 static const struct constant_table ovl_parameter_verity[] = { 127 { "off", OVL_VERITY_OFF }, 128 { "on", OVL_VERITY_ON }, 129 { "require", OVL_VERITY_REQUIRE }, 130 {} 131 }; 132 133 static const char *ovl_verity_mode(struct ovl_config *config) 134 { 135 return ovl_parameter_verity[config->verity_mode].name; 136 } 137 138 static int ovl_verity_mode_def(void) 139 { 140 return OVL_VERITY_OFF; 141 } 142 143 const struct fs_parameter_spec ovl_parameter_spec[] = { 144 fsparam_string_empty("lowerdir", Opt_lowerdir), 145 fsparam_file_or_string("lowerdir+", Opt_lowerdir_add), 146 fsparam_file_or_string("datadir+", Opt_datadir_add), 147 fsparam_file_or_string("upperdir", Opt_upperdir), 148 fsparam_file_or_string("workdir", Opt_workdir), 149 fsparam_flag("default_permissions", Opt_default_permissions), 150 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 151 fsparam_enum("index", Opt_index, ovl_parameter_bool), 152 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 153 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 154 fsparam_flag("userxattr", Opt_userxattr), 155 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 156 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 157 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 158 fsparam_flag("volatile", Opt_volatile), 159 fsparam_flag_no("override_creds", Opt_override_creds), 160 {} 161 }; 162 163 static char *ovl_next_opt(char **s) 164 { 165 char *sbegin = *s; 166 char *p; 167 168 if (sbegin == NULL) 169 return NULL; 170 171 for (p = sbegin; *p; p++) { 172 if (*p == '\\') { 173 p++; 174 if (!*p) 175 break; 176 } else if (*p == ',') { 177 *p = '\0'; 178 *s = p + 1; 179 return sbegin; 180 } 181 } 182 *s = NULL; 183 return sbegin; 184 } 185 186 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 187 { 188 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 189 } 190 191 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 192 { 193 ssize_t nr_layers = 1, nr_colons = 0; 194 char *s, *d; 195 196 for (s = d = str;; s++, d++) { 197 if (*s == '\\') { 198 /* keep esc chars in split lowerdir */ 199 *d++ = *s++; 200 } else if (*s == ':') { 201 bool next_colon = (*(s + 1) == ':'); 202 203 nr_colons++; 204 if (nr_colons == 2 && next_colon) { 205 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 206 return -EINVAL; 207 } 208 /* count layers, not colons */ 209 if (!next_colon) 210 nr_layers++; 211 212 *d = '\0'; 213 continue; 214 } 215 216 *d = *s; 217 if (!*s) { 218 /* trailing colons */ 219 if (nr_colons) { 220 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 221 return -EINVAL; 222 } 223 break; 224 } 225 nr_colons = 0; 226 } 227 228 return nr_layers; 229 } 230 231 static int ovl_mount_dir_noesc(const char *name, struct path *path) 232 { 233 int err = -EINVAL; 234 235 if (!*name) { 236 pr_err("empty lowerdir\n"); 237 goto out; 238 } 239 err = kern_path(name, LOOKUP_FOLLOW, path); 240 if (err) { 241 pr_err("failed to resolve '%s': %i\n", name, err); 242 goto out; 243 } 244 return 0; 245 246 out: 247 return err; 248 } 249 250 static void ovl_unescape(char *s) 251 { 252 char *d = s; 253 254 for (;; s++, d++) { 255 if (*s == '\\') 256 s++; 257 *d = *s; 258 if (!*s) 259 break; 260 } 261 } 262 263 static int ovl_mount_dir(const char *name, struct path *path) 264 { 265 int err = -ENOMEM; 266 char *tmp = kstrdup(name, GFP_KERNEL); 267 268 if (tmp) { 269 ovl_unescape(tmp); 270 err = ovl_mount_dir_noesc(tmp, path); 271 kfree(tmp); 272 } 273 return err; 274 } 275 276 static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path, 277 enum ovl_opt layer, const char *name, bool upper) 278 { 279 bool is_casefolded = ovl_dentry_casefolded(path->dentry); 280 struct ovl_fs_context *ctx = fc->fs_private; 281 struct ovl_fs *ofs = fc->s_fs_info; 282 283 if (!d_is_dir(path->dentry)) 284 return invalfc(fc, "%s is not a directory", name); 285 286 /* 287 * Allow filesystems that are case-folding capable but deny composing 288 * ovl stack from inconsistent case-folded directories. 289 */ 290 if (!ctx->casefold_set) { 291 ofs->casefold = is_casefolded; 292 ctx->casefold_set = true; 293 } 294 295 if (ofs->casefold != is_casefolded) { 296 return invalfc(fc, "case-%ssensitive directory on %s is inconsistent", 297 is_casefolded ? "in" : "", name); 298 } 299 300 if (ovl_dentry_weird(path->dentry)) 301 return invalfc(fc, "filesystem on %s not supported", name); 302 303 /* 304 * Check whether upper path is read-only here to report failures 305 * early. Don't forget to recheck when the superblock is created 306 * as the mount attributes could change. 307 */ 308 if (upper) { 309 if (path->dentry->d_flags & DCACHE_OP_REAL) 310 return invalfc(fc, "filesystem on %s not supported as upperdir", name); 311 if (__mnt_is_readonly(path->mnt)) 312 return invalfc(fc, "filesystem on %s is read-only", name); 313 } else { 314 if (ctx->lowerdir_all && layer != Opt_lowerdir) 315 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir"); 316 if (ctx->nr_data && layer == Opt_lowerdir_add) 317 return invalfc(fc, "regular lower layers cannot follow data layers"); 318 if (ctx->nr == OVL_MAX_STACK) 319 return invalfc(fc, "too many lower directories, limit is %d", 320 OVL_MAX_STACK); 321 } 322 return 0; 323 } 324 325 static int ovl_ctx_realloc_lower(struct fs_context *fc) 326 { 327 struct ovl_fs_context *ctx = fc->fs_private; 328 struct ovl_fs_context_layer *l; 329 size_t nr; 330 331 if (ctx->nr < ctx->capacity) 332 return 0; 333 334 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2), 335 OVL_MAX_STACK); 336 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT); 337 if (!l) 338 return -ENOMEM; 339 340 ctx->lower = l; 341 ctx->capacity = nr; 342 return 0; 343 } 344 345 static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer, 346 struct path *path, char **pname) 347 { 348 struct ovl_fs *ofs = fc->s_fs_info; 349 struct ovl_config *config = &ofs->config; 350 struct ovl_fs_context *ctx = fc->fs_private; 351 struct ovl_fs_context_layer *l; 352 353 switch (layer) { 354 case Opt_workdir: 355 swap(config->workdir, *pname); 356 swap(ctx->work, *path); 357 break; 358 case Opt_upperdir: 359 swap(config->upperdir, *pname); 360 swap(ctx->upper, *path); 361 break; 362 case Opt_datadir_add: 363 ctx->nr_data++; 364 fallthrough; 365 case Opt_lowerdir: 366 fallthrough; 367 case Opt_lowerdir_add: 368 WARN_ON(ctx->nr >= ctx->capacity); 369 l = &ctx->lower[ctx->nr++]; 370 memset(l, 0, sizeof(*l)); 371 swap(l->name, *pname); 372 swap(l->path, *path); 373 break; 374 default: 375 WARN_ON(1); 376 } 377 } 378 379 static inline bool is_upper_layer(enum ovl_opt layer) 380 { 381 return layer == Opt_upperdir || layer == Opt_workdir; 382 } 383 384 /* Handle non-file descriptor-based layer options that require path lookup. */ 385 static inline int ovl_kern_path(const char *layer_name, struct path *layer_path, 386 enum ovl_opt layer) 387 { 388 int err; 389 390 switch (layer) { 391 case Opt_upperdir: 392 fallthrough; 393 case Opt_workdir: 394 fallthrough; 395 case Opt_lowerdir: 396 err = ovl_mount_dir(layer_name, layer_path); 397 break; 398 case Opt_lowerdir_add: 399 fallthrough; 400 case Opt_datadir_add: 401 err = ovl_mount_dir_noesc(layer_name, layer_path); 402 break; 403 default: 404 WARN_ON_ONCE(true); 405 err = -EINVAL; 406 } 407 408 return err; 409 } 410 411 static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name, 412 struct path *layer_path, enum ovl_opt layer) 413 { 414 char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL); 415 bool upper; 416 int err = 0; 417 418 if (!name) 419 return -ENOMEM; 420 421 upper = is_upper_layer(layer); 422 err = ovl_mount_dir_check(fc, layer_path, layer, name, upper); 423 if (err) 424 return err; 425 426 if (!upper) { 427 err = ovl_ctx_realloc_lower(fc); 428 if (err) 429 return err; 430 } 431 432 /* Store the user provided path string in ctx to show in mountinfo */ 433 ovl_add_layer(fc, layer, layer_path, &name); 434 return err; 435 } 436 437 static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param, 438 enum ovl_opt layer) 439 { 440 struct path layer_path __free(path_put) = {}; 441 int err = 0; 442 443 switch (param->type) { 444 case fs_value_is_string: 445 err = ovl_kern_path(param->string, &layer_path, layer); 446 if (err) 447 return err; 448 err = ovl_do_parse_layer(fc, param->string, &layer_path, layer); 449 break; 450 case fs_value_is_file: { 451 char *buf __free(kfree); 452 char *layer_name; 453 454 buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT); 455 if (!buf) 456 return -ENOMEM; 457 458 layer_path = param->file->f_path; 459 path_get(&layer_path); 460 461 layer_name = d_path(&layer_path, buf, PATH_MAX); 462 if (IS_ERR(layer_name)) 463 return PTR_ERR(layer_name); 464 465 err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer); 466 break; 467 } 468 default: 469 WARN_ON_ONCE(true); 470 err = -EINVAL; 471 } 472 473 return err; 474 } 475 476 static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx) 477 { 478 struct ovl_fs_context_layer *l = ctx->lower; 479 480 // Reset old user provided lowerdir string 481 kfree(ctx->lowerdir_all); 482 ctx->lowerdir_all = NULL; 483 484 for (size_t nr = 0; nr < ctx->nr; nr++, l++) { 485 path_put(&l->path); 486 kfree(l->name); 487 l->name = NULL; 488 } 489 ctx->nr = 0; 490 ctx->nr_data = 0; 491 } 492 493 /* 494 * Parse lowerdir= mount option: 495 * 496 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 497 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 498 * "/data1" and "/data2" as data lower layers. Any existing lower 499 * layers are replaced. 500 */ 501 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 502 { 503 int err; 504 struct ovl_fs_context *ctx = fc->fs_private; 505 char *dup = NULL, *iter; 506 ssize_t nr_lower, nr; 507 bool data_layer = false; 508 509 /* 510 * Ensure we're backwards compatible with mount(2) 511 * by allowing relative paths. 512 */ 513 514 /* drop all existing lower layers */ 515 ovl_reset_lowerdirs(ctx); 516 517 if (!*name) 518 return 0; 519 520 if (*name == ':') { 521 pr_err("cannot append lower layer\n"); 522 return -EINVAL; 523 } 524 525 // Store user provided lowerdir string to show in mount options 526 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL); 527 if (!ctx->lowerdir_all) 528 return -ENOMEM; 529 530 dup = kstrdup(name, GFP_KERNEL); 531 if (!dup) 532 return -ENOMEM; 533 534 err = -EINVAL; 535 nr_lower = ovl_parse_param_split_lowerdirs(dup); 536 if (nr_lower < 0) 537 goto out_err; 538 539 if (nr_lower > OVL_MAX_STACK) { 540 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 541 goto out_err; 542 } 543 544 iter = dup; 545 for (nr = 0; nr < nr_lower; nr++) { 546 struct path path __free(path_put) = {}; 547 548 err = ovl_kern_path(iter, &path, Opt_lowerdir); 549 if (err) 550 goto out_err; 551 552 err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir); 553 if (err) 554 goto out_err; 555 556 if (data_layer) 557 ctx->nr_data++; 558 559 /* Calling strchr() again would overrun. */ 560 if (ctx->nr == nr_lower) 561 break; 562 563 err = -EINVAL; 564 iter = strchr(iter, '\0') + 1; 565 if (*iter) { 566 /* 567 * This is a regular layer so we require that 568 * there are no data layers. 569 */ 570 if (ctx->nr_data > 0) { 571 pr_err("regular lower layers cannot follow data lower layers\n"); 572 goto out_err; 573 } 574 575 data_layer = false; 576 continue; 577 } 578 579 /* This is a data lower layer. */ 580 data_layer = true; 581 iter++; 582 } 583 kfree(dup); 584 return 0; 585 586 out_err: 587 kfree(dup); 588 589 /* Intentionally don't realloc to a smaller size. */ 590 return err; 591 } 592 593 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 594 { 595 int err = 0; 596 struct fs_parse_result result; 597 struct ovl_fs *ofs = fc->s_fs_info; 598 struct ovl_config *config = &ofs->config; 599 struct ovl_fs_context *ctx = fc->fs_private; 600 int opt; 601 602 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 603 /* 604 * On remount overlayfs has always ignored all mount 605 * options no matter if malformed or not so for 606 * backwards compatibility we do the same here. 607 */ 608 if (fc->oldapi) 609 return 0; 610 611 /* 612 * Give us the freedom to allow changing mount options 613 * with the new mount api in the future. So instead of 614 * silently ignoring everything we report a proper 615 * error. This is only visible for users of the new 616 * mount api. 617 */ 618 return invalfc(fc, "No changes allowed in reconfigure"); 619 } 620 621 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 622 if (opt < 0) 623 return opt; 624 625 switch (opt) { 626 case Opt_lowerdir: 627 err = ovl_parse_param_lowerdir(param->string, fc); 628 break; 629 case Opt_lowerdir_add: 630 case Opt_datadir_add: 631 case Opt_upperdir: 632 case Opt_workdir: 633 err = ovl_parse_layer(fc, param, opt); 634 break; 635 case Opt_default_permissions: 636 config->default_permissions = true; 637 break; 638 case Opt_redirect_dir: 639 config->redirect_mode = result.uint_32; 640 if (config->redirect_mode == OVL_REDIRECT_OFF) { 641 config->redirect_mode = ovl_redirect_always_follow ? 642 OVL_REDIRECT_FOLLOW : 643 OVL_REDIRECT_NOFOLLOW; 644 } 645 ctx->set.redirect = true; 646 break; 647 case Opt_index: 648 config->index = result.uint_32; 649 ctx->set.index = true; 650 break; 651 case Opt_uuid: 652 config->uuid = result.uint_32; 653 break; 654 case Opt_nfs_export: 655 config->nfs_export = result.uint_32; 656 ctx->set.nfs_export = true; 657 break; 658 case Opt_xino: 659 config->xino = result.uint_32; 660 break; 661 case Opt_metacopy: 662 config->metacopy = result.uint_32; 663 ctx->set.metacopy = true; 664 break; 665 case Opt_verity: 666 config->verity_mode = result.uint_32; 667 break; 668 case Opt_volatile: 669 config->ovl_volatile = true; 670 break; 671 case Opt_userxattr: 672 config->userxattr = true; 673 break; 674 case Opt_override_creds: { 675 const struct cred *cred = NULL; 676 677 if (result.negated) { 678 swap(cred, ofs->creator_cred); 679 put_cred(cred); 680 break; 681 } 682 683 if (!current_in_userns(fc->user_ns)) { 684 err = -EINVAL; 685 break; 686 } 687 688 cred = prepare_creds(); 689 if (cred) 690 swap(cred, ofs->creator_cred); 691 else 692 err = -ENOMEM; 693 694 put_cred(cred); 695 break; 696 } 697 default: 698 pr_err("unrecognized mount option \"%s\" or missing value\n", 699 param->key); 700 return -EINVAL; 701 } 702 703 return err; 704 } 705 706 static int ovl_get_tree(struct fs_context *fc) 707 { 708 return get_tree_nodev(fc, ovl_fill_super); 709 } 710 711 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 712 { 713 ovl_reset_lowerdirs(ctx); 714 path_put(&ctx->upper); 715 path_put(&ctx->work); 716 kfree(ctx->lower); 717 kfree(ctx); 718 } 719 720 static void ovl_free(struct fs_context *fc) 721 { 722 struct ovl_fs *ofs = fc->s_fs_info; 723 struct ovl_fs_context *ctx = fc->fs_private; 724 725 /* 726 * ofs is stored in the fs_context when it is initialized. 727 * ofs is transferred to the superblock on a successful mount, 728 * but if an error occurs before the transfer we have to free 729 * it here. 730 */ 731 if (ofs) 732 ovl_free_fs(ofs); 733 734 if (ctx) 735 ovl_fs_context_free(ctx); 736 } 737 738 static int ovl_reconfigure(struct fs_context *fc) 739 { 740 struct super_block *sb = fc->root->d_sb; 741 struct ovl_fs *ofs = OVL_FS(sb); 742 struct super_block *upper_sb; 743 int ret = 0; 744 745 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 746 return -EROFS; 747 748 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 749 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 750 if (ovl_should_sync(ofs)) { 751 down_read(&upper_sb->s_umount); 752 ret = sync_filesystem(upper_sb); 753 up_read(&upper_sb->s_umount); 754 } 755 } 756 757 return ret; 758 } 759 760 static const struct fs_context_operations ovl_context_ops = { 761 .parse_monolithic = ovl_parse_monolithic, 762 .parse_param = ovl_parse_param, 763 .get_tree = ovl_get_tree, 764 .reconfigure = ovl_reconfigure, 765 .free = ovl_free, 766 }; 767 768 /* 769 * This is called during fsopen() and will record the user namespace of 770 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 771 * need it when we actually create the superblock to verify that the 772 * process creating the superblock is in the same user namespace as 773 * process that called fsopen(). 774 */ 775 int ovl_init_fs_context(struct fs_context *fc) 776 { 777 struct ovl_fs_context *ctx; 778 struct ovl_fs *ofs; 779 780 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 781 if (!ctx) 782 return -ENOMEM; 783 784 /* 785 * By default we allocate for three lower layers. It's likely 786 * that it'll cover most users. 787 */ 788 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 789 if (!ctx->lower) 790 goto out_err; 791 ctx->capacity = 3; 792 793 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 794 if (!ofs) 795 goto out_err; 796 797 ofs->config.redirect_mode = ovl_redirect_mode_def(); 798 ofs->config.index = ovl_index_def; 799 ofs->config.uuid = ovl_uuid_def(); 800 ofs->config.nfs_export = ovl_nfs_export_def; 801 ofs->config.xino = ovl_xino_def(); 802 ofs->config.metacopy = ovl_metacopy_def; 803 804 fc->s_fs_info = ofs; 805 fc->fs_private = ctx; 806 fc->ops = &ovl_context_ops; 807 808 mutex_init(&ofs->whiteout_lock); 809 return 0; 810 811 out_err: 812 ovl_fs_context_free(ctx); 813 return -ENOMEM; 814 815 } 816 817 void ovl_free_fs(struct ovl_fs *ofs) 818 { 819 struct vfsmount **mounts; 820 unsigned i; 821 822 iput(ofs->workbasedir_trap); 823 iput(ofs->workdir_trap); 824 dput(ofs->whiteout); 825 dput(ofs->workdir); 826 if (ofs->workdir_locked) 827 ovl_inuse_unlock(ofs->workbasedir); 828 dput(ofs->workbasedir); 829 if (ofs->upperdir_locked) 830 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 831 832 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 833 mounts = (struct vfsmount **) ofs->config.lowerdirs; 834 for (i = 0; i < ofs->numlayer; i++) { 835 iput(ofs->layers[i].trap); 836 kfree(ofs->config.lowerdirs[i]); 837 mounts[i] = ofs->layers[i].mnt; 838 } 839 kern_unmount_array(mounts, ofs->numlayer); 840 kfree(ofs->layers); 841 for (i = 0; i < ofs->numfs; i++) 842 free_anon_bdev(ofs->fs[i].pseudo_dev); 843 kfree(ofs->fs); 844 845 kfree(ofs->config.lowerdirs); 846 kfree(ofs->config.upperdir); 847 kfree(ofs->config.workdir); 848 if (ofs->creator_cred) 849 put_cred(ofs->creator_cred); 850 kfree(ofs); 851 } 852 853 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 854 struct ovl_config *config) 855 { 856 struct ovl_opt_set set = ctx->set; 857 858 /* Workdir/index are useless in non-upper mount */ 859 if (!config->upperdir) { 860 if (config->workdir) { 861 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 862 config->workdir); 863 kfree(config->workdir); 864 config->workdir = NULL; 865 } 866 if (config->index && set.index) { 867 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 868 set.index = false; 869 } 870 config->index = false; 871 } 872 873 if (!config->upperdir && config->ovl_volatile) { 874 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 875 config->ovl_volatile = false; 876 } 877 878 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 879 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 880 config->uuid = OVL_UUID_NULL; 881 } 882 883 /* 884 * This is to make the logic below simpler. It doesn't make any other 885 * difference, since redirect_dir=on is only used for upper. 886 */ 887 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 888 config->redirect_mode = OVL_REDIRECT_ON; 889 890 /* metacopy -> redirect_dir dependency */ 891 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 892 if (set.metacopy && set.redirect) { 893 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 894 ovl_redirect_mode(config)); 895 return -EINVAL; 896 } 897 if (set.redirect) { 898 /* 899 * There was an explicit redirect_dir=... that resulted 900 * in this conflict. 901 */ 902 pr_info("disabling metacopy due to redirect_dir=%s\n", 903 ovl_redirect_mode(config)); 904 config->metacopy = false; 905 } else { 906 /* Automatically enable redirect otherwise. */ 907 config->redirect_mode = OVL_REDIRECT_ON; 908 } 909 } 910 911 /* Resolve nfs_export -> index dependency */ 912 if (config->nfs_export && !config->index) { 913 if (!config->upperdir && 914 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 915 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 916 config->nfs_export = false; 917 } else if (set.nfs_export && set.index) { 918 pr_err("conflicting options: nfs_export=on,index=off\n"); 919 return -EINVAL; 920 } else if (set.index) { 921 /* 922 * There was an explicit index=off that resulted 923 * in this conflict. 924 */ 925 pr_info("disabling nfs_export due to index=off\n"); 926 config->nfs_export = false; 927 } else { 928 /* Automatically enable index otherwise. */ 929 config->index = true; 930 } 931 } 932 933 /* Resolve nfs_export -> !metacopy && !verity dependency */ 934 if (config->nfs_export && config->metacopy) { 935 if (set.nfs_export && set.metacopy) { 936 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 937 return -EINVAL; 938 } 939 if (set.metacopy) { 940 /* 941 * There was an explicit metacopy=on that resulted 942 * in this conflict. 943 */ 944 pr_info("disabling nfs_export due to metacopy=on\n"); 945 config->nfs_export = false; 946 } else if (config->verity_mode) { 947 /* 948 * There was an explicit verity=.. that resulted 949 * in this conflict. 950 */ 951 pr_info("disabling nfs_export due to verity=%s\n", 952 ovl_verity_mode(config)); 953 config->nfs_export = false; 954 } else { 955 /* 956 * There was an explicit nfs_export=on that resulted 957 * in this conflict. 958 */ 959 pr_info("disabling metacopy due to nfs_export=on\n"); 960 config->metacopy = false; 961 } 962 } 963 964 965 /* Resolve userxattr -> !redirect && !metacopy dependency */ 966 if (config->userxattr) { 967 if (set.redirect && 968 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 969 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 970 ovl_redirect_mode(config)); 971 return -EINVAL; 972 } 973 if (config->metacopy && set.metacopy) { 974 pr_err("conflicting options: userxattr,metacopy=on\n"); 975 return -EINVAL; 976 } 977 /* 978 * Silently disable default setting of redirect and metacopy. 979 * This shall be the default in the future as well: these 980 * options must be explicitly enabled if used together with 981 * userxattr. 982 */ 983 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 984 config->metacopy = false; 985 } 986 987 /* 988 * Fail if we don't have trusted xattr capability and a feature was 989 * explicitly requested that requires them. 990 */ 991 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) { 992 if (set.redirect && 993 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 994 pr_err("redirect_dir requires permission to access trusted xattrs\n"); 995 return -EPERM; 996 } 997 if (config->metacopy && set.metacopy) { 998 pr_err("metacopy requires permission to access trusted xattrs\n"); 999 return -EPERM; 1000 } 1001 if (config->verity_mode) { 1002 pr_err("verity requires permission to access trusted xattrs\n"); 1003 return -EPERM; 1004 } 1005 if (ctx->nr_data > 0) { 1006 pr_err("lower data-only dirs require permission to access trusted xattrs\n"); 1007 return -EPERM; 1008 } 1009 /* 1010 * Other xattr-dependent features should be disabled without 1011 * great disturbance to the user in ovl_make_workdir(). 1012 */ 1013 } 1014 1015 return 0; 1016 } 1017 1018 /** 1019 * ovl_show_options 1020 * @m: the seq_file handle 1021 * @dentry: The dentry to query 1022 * 1023 * Prints the mount options for a given superblock. 1024 * Returns zero; does not fail. 1025 */ 1026 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 1027 { 1028 struct super_block *sb = dentry->d_sb; 1029 struct ovl_fs *ofs = OVL_FS(sb); 1030 size_t nr, nr_merged_lower, nr_lower = 0; 1031 char **lowerdirs = ofs->config.lowerdirs; 1032 1033 /* 1034 * lowerdirs[0] holds the colon separated list that user provided 1035 * with lowerdir mount option. 1036 * lowerdirs[1..numlayer] hold the lowerdir paths that were added 1037 * using the lowerdir+ and datadir+ mount options. 1038 * For now, we do not allow mixing the legacy lowerdir mount option 1039 * with the new lowerdir+ and datadir+ mount options. 1040 */ 1041 if (lowerdirs[0]) { 1042 seq_show_option(m, "lowerdir", lowerdirs[0]); 1043 } else { 1044 nr_lower = ofs->numlayer; 1045 nr_merged_lower = nr_lower - ofs->numdatalayer; 1046 } 1047 for (nr = 1; nr < nr_lower; nr++) { 1048 if (nr < nr_merged_lower) 1049 seq_show_option(m, "lowerdir+", lowerdirs[nr]); 1050 else 1051 seq_show_option(m, "datadir+", lowerdirs[nr]); 1052 } 1053 if (ofs->config.upperdir) { 1054 seq_show_option(m, "upperdir", ofs->config.upperdir); 1055 seq_show_option(m, "workdir", ofs->config.workdir); 1056 } 1057 if (ofs->config.default_permissions) 1058 seq_puts(m, ",default_permissions"); 1059 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 1060 seq_printf(m, ",redirect_dir=%s", 1061 ovl_redirect_mode(&ofs->config)); 1062 if (ofs->config.index != ovl_index_def) 1063 seq_printf(m, ",index=%s", str_on_off(ofs->config.index)); 1064 if (ofs->config.uuid != ovl_uuid_def()) 1065 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 1066 if (ofs->config.nfs_export != ovl_nfs_export_def) 1067 seq_printf(m, ",nfs_export=%s", 1068 str_on_off(ofs->config.nfs_export)); 1069 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1070 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1071 if (ofs->config.metacopy != ovl_metacopy_def) 1072 seq_printf(m, ",metacopy=%s", str_on_off(ofs->config.metacopy)); 1073 if (ofs->config.ovl_volatile) 1074 seq_puts(m, ",volatile"); 1075 if (ofs->config.userxattr) 1076 seq_puts(m, ",userxattr"); 1077 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1078 seq_printf(m, ",verity=%s", 1079 ovl_verity_mode(&ofs->config)); 1080 return 0; 1081 } 1082