1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum ovl_opt { 47 Opt_lowerdir, 48 Opt_lowerdir_add, 49 Opt_datadir_add, 50 Opt_upperdir, 51 Opt_workdir, 52 Opt_default_permissions, 53 Opt_redirect_dir, 54 Opt_index, 55 Opt_uuid, 56 Opt_nfs_export, 57 Opt_userxattr, 58 Opt_xino, 59 Opt_metacopy, 60 Opt_verity, 61 Opt_volatile, 62 }; 63 64 static const struct constant_table ovl_parameter_bool[] = { 65 { "on", true }, 66 { "off", false }, 67 {} 68 }; 69 70 static const struct constant_table ovl_parameter_uuid[] = { 71 { "off", OVL_UUID_OFF }, 72 { "null", OVL_UUID_NULL }, 73 { "auto", OVL_UUID_AUTO }, 74 { "on", OVL_UUID_ON }, 75 {} 76 }; 77 78 static const char *ovl_uuid_mode(struct ovl_config *config) 79 { 80 return ovl_parameter_uuid[config->uuid].name; 81 } 82 83 static int ovl_uuid_def(void) 84 { 85 return OVL_UUID_AUTO; 86 } 87 88 static const struct constant_table ovl_parameter_xino[] = { 89 { "off", OVL_XINO_OFF }, 90 { "auto", OVL_XINO_AUTO }, 91 { "on", OVL_XINO_ON }, 92 {} 93 }; 94 95 const char *ovl_xino_mode(struct ovl_config *config) 96 { 97 return ovl_parameter_xino[config->xino].name; 98 } 99 100 static int ovl_xino_def(void) 101 { 102 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 103 } 104 105 const struct constant_table ovl_parameter_redirect_dir[] = { 106 { "off", OVL_REDIRECT_OFF }, 107 { "follow", OVL_REDIRECT_FOLLOW }, 108 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 109 { "on", OVL_REDIRECT_ON }, 110 {} 111 }; 112 113 static const char *ovl_redirect_mode(struct ovl_config *config) 114 { 115 return ovl_parameter_redirect_dir[config->redirect_mode].name; 116 } 117 118 static int ovl_redirect_mode_def(void) 119 { 120 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 121 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 122 OVL_REDIRECT_NOFOLLOW; 123 } 124 125 static const struct constant_table ovl_parameter_verity[] = { 126 { "off", OVL_VERITY_OFF }, 127 { "on", OVL_VERITY_ON }, 128 { "require", OVL_VERITY_REQUIRE }, 129 {} 130 }; 131 132 static const char *ovl_verity_mode(struct ovl_config *config) 133 { 134 return ovl_parameter_verity[config->verity_mode].name; 135 } 136 137 static int ovl_verity_mode_def(void) 138 { 139 return OVL_VERITY_OFF; 140 } 141 142 const struct fs_parameter_spec ovl_parameter_spec[] = { 143 fsparam_string_empty("lowerdir", Opt_lowerdir), 144 fsparam_file_or_string("lowerdir+", Opt_lowerdir_add), 145 fsparam_file_or_string("datadir+", Opt_datadir_add), 146 fsparam_file_or_string("upperdir", Opt_upperdir), 147 fsparam_file_or_string("workdir", Opt_workdir), 148 fsparam_flag("default_permissions", Opt_default_permissions), 149 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 150 fsparam_enum("index", Opt_index, ovl_parameter_bool), 151 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 152 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 153 fsparam_flag("userxattr", Opt_userxattr), 154 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 155 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 156 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 157 fsparam_flag("volatile", Opt_volatile), 158 {} 159 }; 160 161 static char *ovl_next_opt(char **s) 162 { 163 char *sbegin = *s; 164 char *p; 165 166 if (sbegin == NULL) 167 return NULL; 168 169 for (p = sbegin; *p; p++) { 170 if (*p == '\\') { 171 p++; 172 if (!*p) 173 break; 174 } else if (*p == ',') { 175 *p = '\0'; 176 *s = p + 1; 177 return sbegin; 178 } 179 } 180 *s = NULL; 181 return sbegin; 182 } 183 184 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 185 { 186 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 187 } 188 189 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 190 { 191 ssize_t nr_layers = 1, nr_colons = 0; 192 char *s, *d; 193 194 for (s = d = str;; s++, d++) { 195 if (*s == '\\') { 196 /* keep esc chars in split lowerdir */ 197 *d++ = *s++; 198 } else if (*s == ':') { 199 bool next_colon = (*(s + 1) == ':'); 200 201 nr_colons++; 202 if (nr_colons == 2 && next_colon) { 203 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 204 return -EINVAL; 205 } 206 /* count layers, not colons */ 207 if (!next_colon) 208 nr_layers++; 209 210 *d = '\0'; 211 continue; 212 } 213 214 *d = *s; 215 if (!*s) { 216 /* trailing colons */ 217 if (nr_colons) { 218 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 219 return -EINVAL; 220 } 221 break; 222 } 223 nr_colons = 0; 224 } 225 226 return nr_layers; 227 } 228 229 static int ovl_mount_dir_noesc(const char *name, struct path *path) 230 { 231 int err = -EINVAL; 232 233 if (!*name) { 234 pr_err("empty lowerdir\n"); 235 goto out; 236 } 237 err = kern_path(name, LOOKUP_FOLLOW, path); 238 if (err) { 239 pr_err("failed to resolve '%s': %i\n", name, err); 240 goto out; 241 } 242 return 0; 243 244 out: 245 return err; 246 } 247 248 static void ovl_unescape(char *s) 249 { 250 char *d = s; 251 252 for (;; s++, d++) { 253 if (*s == '\\') 254 s++; 255 *d = *s; 256 if (!*s) 257 break; 258 } 259 } 260 261 static int ovl_mount_dir(const char *name, struct path *path) 262 { 263 int err = -ENOMEM; 264 char *tmp = kstrdup(name, GFP_KERNEL); 265 266 if (tmp) { 267 ovl_unescape(tmp); 268 err = ovl_mount_dir_noesc(tmp, path); 269 kfree(tmp); 270 } 271 return err; 272 } 273 274 static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path, 275 enum ovl_opt layer, const char *name, bool upper) 276 { 277 struct ovl_fs_context *ctx = fc->fs_private; 278 279 if (!d_is_dir(path->dentry)) 280 return invalfc(fc, "%s is not a directory", name); 281 282 /* 283 * Root dentries of case-insensitive capable filesystems might 284 * not have the dentry operations set, but still be incompatible 285 * with overlayfs. Check explicitly to prevent post-mount 286 * failures. 287 */ 288 if (sb_has_encoding(path->mnt->mnt_sb)) 289 return invalfc(fc, "case-insensitive capable filesystem on %s not supported", name); 290 291 if (ovl_dentry_weird(path->dentry)) 292 return invalfc(fc, "filesystem on %s not supported", name); 293 294 /* 295 * Check whether upper path is read-only here to report failures 296 * early. Don't forget to recheck when the superblock is created 297 * as the mount attributes could change. 298 */ 299 if (upper) { 300 if (path->dentry->d_flags & DCACHE_OP_REAL) 301 return invalfc(fc, "filesystem on %s not supported as upperdir", name); 302 if (__mnt_is_readonly(path->mnt)) 303 return invalfc(fc, "filesystem on %s is read-only", name); 304 } else { 305 if (ctx->lowerdir_all && layer != Opt_lowerdir) 306 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir"); 307 if (ctx->nr_data && layer == Opt_lowerdir_add) 308 return invalfc(fc, "regular lower layers cannot follow data layers"); 309 if (ctx->nr == OVL_MAX_STACK) 310 return invalfc(fc, "too many lower directories, limit is %d", 311 OVL_MAX_STACK); 312 } 313 return 0; 314 } 315 316 static int ovl_ctx_realloc_lower(struct fs_context *fc) 317 { 318 struct ovl_fs_context *ctx = fc->fs_private; 319 struct ovl_fs_context_layer *l; 320 size_t nr; 321 322 if (ctx->nr < ctx->capacity) 323 return 0; 324 325 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2), 326 OVL_MAX_STACK); 327 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT); 328 if (!l) 329 return -ENOMEM; 330 331 ctx->lower = l; 332 ctx->capacity = nr; 333 return 0; 334 } 335 336 static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer, 337 struct path *path, char **pname) 338 { 339 struct ovl_fs *ofs = fc->s_fs_info; 340 struct ovl_config *config = &ofs->config; 341 struct ovl_fs_context *ctx = fc->fs_private; 342 struct ovl_fs_context_layer *l; 343 344 switch (layer) { 345 case Opt_workdir: 346 swap(config->workdir, *pname); 347 swap(ctx->work, *path); 348 break; 349 case Opt_upperdir: 350 swap(config->upperdir, *pname); 351 swap(ctx->upper, *path); 352 break; 353 case Opt_datadir_add: 354 ctx->nr_data++; 355 fallthrough; 356 case Opt_lowerdir: 357 fallthrough; 358 case Opt_lowerdir_add: 359 WARN_ON(ctx->nr >= ctx->capacity); 360 l = &ctx->lower[ctx->nr++]; 361 memset(l, 0, sizeof(*l)); 362 swap(l->name, *pname); 363 swap(l->path, *path); 364 break; 365 default: 366 WARN_ON(1); 367 } 368 } 369 370 static inline bool is_upper_layer(enum ovl_opt layer) 371 { 372 return layer == Opt_upperdir || layer == Opt_workdir; 373 } 374 375 /* Handle non-file descriptor-based layer options that require path lookup. */ 376 static inline int ovl_kern_path(const char *layer_name, struct path *layer_path, 377 enum ovl_opt layer) 378 { 379 int err; 380 381 switch (layer) { 382 case Opt_upperdir: 383 fallthrough; 384 case Opt_workdir: 385 fallthrough; 386 case Opt_lowerdir: 387 err = ovl_mount_dir(layer_name, layer_path); 388 break; 389 case Opt_lowerdir_add: 390 fallthrough; 391 case Opt_datadir_add: 392 err = ovl_mount_dir_noesc(layer_name, layer_path); 393 break; 394 default: 395 WARN_ON_ONCE(true); 396 err = -EINVAL; 397 } 398 399 return err; 400 } 401 402 static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name, 403 struct path *layer_path, enum ovl_opt layer) 404 { 405 char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL); 406 bool upper; 407 int err = 0; 408 409 if (!name) 410 return -ENOMEM; 411 412 upper = is_upper_layer(layer); 413 err = ovl_mount_dir_check(fc, layer_path, layer, name, upper); 414 if (err) 415 return err; 416 417 if (!upper) { 418 err = ovl_ctx_realloc_lower(fc); 419 if (err) 420 return err; 421 } 422 423 /* Store the user provided path string in ctx to show in mountinfo */ 424 ovl_add_layer(fc, layer, layer_path, &name); 425 return err; 426 } 427 428 static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param, 429 enum ovl_opt layer) 430 { 431 struct path layer_path __free(path_put) = {}; 432 int err = 0; 433 434 switch (param->type) { 435 case fs_value_is_string: 436 err = ovl_kern_path(param->string, &layer_path, layer); 437 if (err) 438 return err; 439 err = ovl_do_parse_layer(fc, param->string, &layer_path, layer); 440 break; 441 case fs_value_is_file: { 442 char *buf __free(kfree); 443 char *layer_name; 444 445 buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT); 446 if (!buf) 447 return -ENOMEM; 448 449 layer_path = param->file->f_path; 450 path_get(&layer_path); 451 452 layer_name = d_path(&layer_path, buf, PATH_MAX); 453 if (IS_ERR(layer_name)) 454 return PTR_ERR(layer_name); 455 456 err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer); 457 break; 458 } 459 default: 460 WARN_ON_ONCE(true); 461 err = -EINVAL; 462 } 463 464 return err; 465 } 466 467 static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx) 468 { 469 struct ovl_fs_context_layer *l = ctx->lower; 470 471 // Reset old user provided lowerdir string 472 kfree(ctx->lowerdir_all); 473 ctx->lowerdir_all = NULL; 474 475 for (size_t nr = 0; nr < ctx->nr; nr++, l++) { 476 path_put(&l->path); 477 kfree(l->name); 478 l->name = NULL; 479 } 480 ctx->nr = 0; 481 ctx->nr_data = 0; 482 } 483 484 /* 485 * Parse lowerdir= mount option: 486 * 487 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 488 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 489 * "/data1" and "/data2" as data lower layers. Any existing lower 490 * layers are replaced. 491 */ 492 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 493 { 494 int err; 495 struct ovl_fs_context *ctx = fc->fs_private; 496 char *dup = NULL, *iter; 497 ssize_t nr_lower, nr; 498 bool data_layer = false; 499 500 /* 501 * Ensure we're backwards compatible with mount(2) 502 * by allowing relative paths. 503 */ 504 505 /* drop all existing lower layers */ 506 ovl_reset_lowerdirs(ctx); 507 508 if (!*name) 509 return 0; 510 511 if (*name == ':') { 512 pr_err("cannot append lower layer\n"); 513 return -EINVAL; 514 } 515 516 // Store user provided lowerdir string to show in mount options 517 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL); 518 if (!ctx->lowerdir_all) 519 return -ENOMEM; 520 521 dup = kstrdup(name, GFP_KERNEL); 522 if (!dup) 523 return -ENOMEM; 524 525 err = -EINVAL; 526 nr_lower = ovl_parse_param_split_lowerdirs(dup); 527 if (nr_lower < 0) 528 goto out_err; 529 530 if (nr_lower > OVL_MAX_STACK) { 531 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 532 goto out_err; 533 } 534 535 iter = dup; 536 for (nr = 0; nr < nr_lower; nr++) { 537 struct path path __free(path_put) = {}; 538 539 err = ovl_kern_path(iter, &path, Opt_lowerdir); 540 if (err) 541 goto out_err; 542 543 err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir); 544 if (err) 545 goto out_err; 546 547 if (data_layer) 548 ctx->nr_data++; 549 550 /* Calling strchr() again would overrun. */ 551 if (ctx->nr == nr_lower) 552 break; 553 554 err = -EINVAL; 555 iter = strchr(iter, '\0') + 1; 556 if (*iter) { 557 /* 558 * This is a regular layer so we require that 559 * there are no data layers. 560 */ 561 if (ctx->nr_data > 0) { 562 pr_err("regular lower layers cannot follow data lower layers\n"); 563 goto out_err; 564 } 565 566 data_layer = false; 567 continue; 568 } 569 570 /* This is a data lower layer. */ 571 data_layer = true; 572 iter++; 573 } 574 kfree(dup); 575 return 0; 576 577 out_err: 578 kfree(dup); 579 580 /* Intentionally don't realloc to a smaller size. */ 581 return err; 582 } 583 584 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 585 { 586 int err = 0; 587 struct fs_parse_result result; 588 struct ovl_fs *ofs = fc->s_fs_info; 589 struct ovl_config *config = &ofs->config; 590 struct ovl_fs_context *ctx = fc->fs_private; 591 int opt; 592 593 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 594 /* 595 * On remount overlayfs has always ignored all mount 596 * options no matter if malformed or not so for 597 * backwards compatibility we do the same here. 598 */ 599 if (fc->oldapi) 600 return 0; 601 602 /* 603 * Give us the freedom to allow changing mount options 604 * with the new mount api in the future. So instead of 605 * silently ignoring everything we report a proper 606 * error. This is only visible for users of the new 607 * mount api. 608 */ 609 return invalfc(fc, "No changes allowed in reconfigure"); 610 } 611 612 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 613 if (opt < 0) 614 return opt; 615 616 switch (opt) { 617 case Opt_lowerdir: 618 err = ovl_parse_param_lowerdir(param->string, fc); 619 break; 620 case Opt_lowerdir_add: 621 case Opt_datadir_add: 622 case Opt_upperdir: 623 case Opt_workdir: 624 err = ovl_parse_layer(fc, param, opt); 625 break; 626 case Opt_default_permissions: 627 config->default_permissions = true; 628 break; 629 case Opt_redirect_dir: 630 config->redirect_mode = result.uint_32; 631 if (config->redirect_mode == OVL_REDIRECT_OFF) { 632 config->redirect_mode = ovl_redirect_always_follow ? 633 OVL_REDIRECT_FOLLOW : 634 OVL_REDIRECT_NOFOLLOW; 635 } 636 ctx->set.redirect = true; 637 break; 638 case Opt_index: 639 config->index = result.uint_32; 640 ctx->set.index = true; 641 break; 642 case Opt_uuid: 643 config->uuid = result.uint_32; 644 break; 645 case Opt_nfs_export: 646 config->nfs_export = result.uint_32; 647 ctx->set.nfs_export = true; 648 break; 649 case Opt_xino: 650 config->xino = result.uint_32; 651 break; 652 case Opt_metacopy: 653 config->metacopy = result.uint_32; 654 ctx->set.metacopy = true; 655 break; 656 case Opt_verity: 657 config->verity_mode = result.uint_32; 658 break; 659 case Opt_volatile: 660 config->ovl_volatile = true; 661 break; 662 case Opt_userxattr: 663 config->userxattr = true; 664 break; 665 default: 666 pr_err("unrecognized mount option \"%s\" or missing value\n", 667 param->key); 668 return -EINVAL; 669 } 670 671 return err; 672 } 673 674 static int ovl_get_tree(struct fs_context *fc) 675 { 676 return get_tree_nodev(fc, ovl_fill_super); 677 } 678 679 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 680 { 681 ovl_reset_lowerdirs(ctx); 682 path_put(&ctx->upper); 683 path_put(&ctx->work); 684 kfree(ctx->lower); 685 kfree(ctx); 686 } 687 688 static void ovl_free(struct fs_context *fc) 689 { 690 struct ovl_fs *ofs = fc->s_fs_info; 691 struct ovl_fs_context *ctx = fc->fs_private; 692 693 /* 694 * ofs is stored in the fs_context when it is initialized. 695 * ofs is transferred to the superblock on a successful mount, 696 * but if an error occurs before the transfer we have to free 697 * it here. 698 */ 699 if (ofs) 700 ovl_free_fs(ofs); 701 702 if (ctx) 703 ovl_fs_context_free(ctx); 704 } 705 706 static int ovl_reconfigure(struct fs_context *fc) 707 { 708 struct super_block *sb = fc->root->d_sb; 709 struct ovl_fs *ofs = OVL_FS(sb); 710 struct super_block *upper_sb; 711 int ret = 0; 712 713 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 714 return -EROFS; 715 716 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 717 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 718 if (ovl_should_sync(ofs)) { 719 down_read(&upper_sb->s_umount); 720 ret = sync_filesystem(upper_sb); 721 up_read(&upper_sb->s_umount); 722 } 723 } 724 725 return ret; 726 } 727 728 static const struct fs_context_operations ovl_context_ops = { 729 .parse_monolithic = ovl_parse_monolithic, 730 .parse_param = ovl_parse_param, 731 .get_tree = ovl_get_tree, 732 .reconfigure = ovl_reconfigure, 733 .free = ovl_free, 734 }; 735 736 /* 737 * This is called during fsopen() and will record the user namespace of 738 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 739 * need it when we actually create the superblock to verify that the 740 * process creating the superblock is in the same user namespace as 741 * process that called fsopen(). 742 */ 743 int ovl_init_fs_context(struct fs_context *fc) 744 { 745 struct ovl_fs_context *ctx; 746 struct ovl_fs *ofs; 747 748 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 749 if (!ctx) 750 return -ENOMEM; 751 752 /* 753 * By default we allocate for three lower layers. It's likely 754 * that it'll cover most users. 755 */ 756 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 757 if (!ctx->lower) 758 goto out_err; 759 ctx->capacity = 3; 760 761 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 762 if (!ofs) 763 goto out_err; 764 765 ofs->config.redirect_mode = ovl_redirect_mode_def(); 766 ofs->config.index = ovl_index_def; 767 ofs->config.uuid = ovl_uuid_def(); 768 ofs->config.nfs_export = ovl_nfs_export_def; 769 ofs->config.xino = ovl_xino_def(); 770 ofs->config.metacopy = ovl_metacopy_def; 771 772 fc->s_fs_info = ofs; 773 fc->fs_private = ctx; 774 fc->ops = &ovl_context_ops; 775 return 0; 776 777 out_err: 778 ovl_fs_context_free(ctx); 779 return -ENOMEM; 780 781 } 782 783 void ovl_free_fs(struct ovl_fs *ofs) 784 { 785 struct vfsmount **mounts; 786 unsigned i; 787 788 iput(ofs->workbasedir_trap); 789 iput(ofs->workdir_trap); 790 dput(ofs->whiteout); 791 dput(ofs->workdir); 792 if (ofs->workdir_locked) 793 ovl_inuse_unlock(ofs->workbasedir); 794 dput(ofs->workbasedir); 795 if (ofs->upperdir_locked) 796 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 797 798 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 799 mounts = (struct vfsmount **) ofs->config.lowerdirs; 800 for (i = 0; i < ofs->numlayer; i++) { 801 iput(ofs->layers[i].trap); 802 kfree(ofs->config.lowerdirs[i]); 803 mounts[i] = ofs->layers[i].mnt; 804 } 805 kern_unmount_array(mounts, ofs->numlayer); 806 kfree(ofs->layers); 807 for (i = 0; i < ofs->numfs; i++) 808 free_anon_bdev(ofs->fs[i].pseudo_dev); 809 kfree(ofs->fs); 810 811 kfree(ofs->config.lowerdirs); 812 kfree(ofs->config.upperdir); 813 kfree(ofs->config.workdir); 814 if (ofs->creator_cred) 815 put_cred(ofs->creator_cred); 816 kfree(ofs); 817 } 818 819 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 820 struct ovl_config *config) 821 { 822 struct ovl_opt_set set = ctx->set; 823 824 /* Workdir/index are useless in non-upper mount */ 825 if (!config->upperdir) { 826 if (config->workdir) { 827 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 828 config->workdir); 829 kfree(config->workdir); 830 config->workdir = NULL; 831 } 832 if (config->index && set.index) { 833 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 834 set.index = false; 835 } 836 config->index = false; 837 } 838 839 if (!config->upperdir && config->ovl_volatile) { 840 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 841 config->ovl_volatile = false; 842 } 843 844 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 845 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 846 config->uuid = OVL_UUID_NULL; 847 } 848 849 /* Resolve verity -> metacopy dependency */ 850 if (config->verity_mode && !config->metacopy) { 851 /* Don't allow explicit specified conflicting combinations */ 852 if (set.metacopy) { 853 pr_err("conflicting options: metacopy=off,verity=%s\n", 854 ovl_verity_mode(config)); 855 return -EINVAL; 856 } 857 /* Otherwise automatically enable metacopy. */ 858 config->metacopy = true; 859 } 860 861 /* 862 * This is to make the logic below simpler. It doesn't make any other 863 * difference, since redirect_dir=on is only used for upper. 864 */ 865 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 866 config->redirect_mode = OVL_REDIRECT_ON; 867 868 /* Resolve verity -> metacopy -> redirect_dir dependency */ 869 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 870 if (set.metacopy && set.redirect) { 871 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 872 ovl_redirect_mode(config)); 873 return -EINVAL; 874 } 875 if (config->verity_mode && set.redirect) { 876 pr_err("conflicting options: verity=%s,redirect_dir=%s\n", 877 ovl_verity_mode(config), ovl_redirect_mode(config)); 878 return -EINVAL; 879 } 880 if (set.redirect) { 881 /* 882 * There was an explicit redirect_dir=... that resulted 883 * in this conflict. 884 */ 885 pr_info("disabling metacopy due to redirect_dir=%s\n", 886 ovl_redirect_mode(config)); 887 config->metacopy = false; 888 } else { 889 /* Automatically enable redirect otherwise. */ 890 config->redirect_mode = OVL_REDIRECT_ON; 891 } 892 } 893 894 /* Resolve nfs_export -> index dependency */ 895 if (config->nfs_export && !config->index) { 896 if (!config->upperdir && 897 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 898 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 899 config->nfs_export = false; 900 } else if (set.nfs_export && set.index) { 901 pr_err("conflicting options: nfs_export=on,index=off\n"); 902 return -EINVAL; 903 } else if (set.index) { 904 /* 905 * There was an explicit index=off that resulted 906 * in this conflict. 907 */ 908 pr_info("disabling nfs_export due to index=off\n"); 909 config->nfs_export = false; 910 } else { 911 /* Automatically enable index otherwise. */ 912 config->index = true; 913 } 914 } 915 916 /* Resolve nfs_export -> !metacopy && !verity dependency */ 917 if (config->nfs_export && config->metacopy) { 918 if (set.nfs_export && set.metacopy) { 919 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 920 return -EINVAL; 921 } 922 if (set.metacopy) { 923 /* 924 * There was an explicit metacopy=on that resulted 925 * in this conflict. 926 */ 927 pr_info("disabling nfs_export due to metacopy=on\n"); 928 config->nfs_export = false; 929 } else if (config->verity_mode) { 930 /* 931 * There was an explicit verity=.. that resulted 932 * in this conflict. 933 */ 934 pr_info("disabling nfs_export due to verity=%s\n", 935 ovl_verity_mode(config)); 936 config->nfs_export = false; 937 } else { 938 /* 939 * There was an explicit nfs_export=on that resulted 940 * in this conflict. 941 */ 942 pr_info("disabling metacopy due to nfs_export=on\n"); 943 config->metacopy = false; 944 } 945 } 946 947 948 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ 949 if (config->userxattr) { 950 if (set.redirect && 951 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 952 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 953 ovl_redirect_mode(config)); 954 return -EINVAL; 955 } 956 if (config->metacopy && set.metacopy) { 957 pr_err("conflicting options: userxattr,metacopy=on\n"); 958 return -EINVAL; 959 } 960 if (config->verity_mode) { 961 pr_err("conflicting options: userxattr,verity=%s\n", 962 ovl_verity_mode(config)); 963 return -EINVAL; 964 } 965 /* 966 * Silently disable default setting of redirect and metacopy. 967 * This shall be the default in the future as well: these 968 * options must be explicitly enabled if used together with 969 * userxattr. 970 */ 971 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 972 config->metacopy = false; 973 } 974 975 /* 976 * Fail if we don't have trusted xattr capability and a feature was 977 * explicitly requested that requires them. 978 */ 979 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) { 980 if (set.redirect && 981 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 982 pr_err("redirect_dir requires permission to access trusted xattrs\n"); 983 return -EPERM; 984 } 985 if (config->metacopy && set.metacopy) { 986 pr_err("metacopy requires permission to access trusted xattrs\n"); 987 return -EPERM; 988 } 989 if (config->verity_mode) { 990 pr_err("verity requires permission to access trusted xattrs\n"); 991 return -EPERM; 992 } 993 if (ctx->nr_data > 0) { 994 pr_err("lower data-only dirs require permission to access trusted xattrs\n"); 995 return -EPERM; 996 } 997 /* 998 * Other xattr-dependent features should be disabled without 999 * great disturbance to the user in ovl_make_workdir(). 1000 */ 1001 } 1002 1003 if (ctx->nr_data > 0 && !config->metacopy) { 1004 pr_err("lower data-only dirs require metacopy support.\n"); 1005 return -EINVAL; 1006 } 1007 1008 return 0; 1009 } 1010 1011 /** 1012 * ovl_show_options 1013 * @m: the seq_file handle 1014 * @dentry: The dentry to query 1015 * 1016 * Prints the mount options for a given superblock. 1017 * Returns zero; does not fail. 1018 */ 1019 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 1020 { 1021 struct super_block *sb = dentry->d_sb; 1022 struct ovl_fs *ofs = OVL_FS(sb); 1023 size_t nr, nr_merged_lower, nr_lower = 0; 1024 char **lowerdirs = ofs->config.lowerdirs; 1025 1026 /* 1027 * lowerdirs[0] holds the colon separated list that user provided 1028 * with lowerdir mount option. 1029 * lowerdirs[1..numlayer] hold the lowerdir paths that were added 1030 * using the lowerdir+ and datadir+ mount options. 1031 * For now, we do not allow mixing the legacy lowerdir mount option 1032 * with the new lowerdir+ and datadir+ mount options. 1033 */ 1034 if (lowerdirs[0]) { 1035 seq_show_option(m, "lowerdir", lowerdirs[0]); 1036 } else { 1037 nr_lower = ofs->numlayer; 1038 nr_merged_lower = nr_lower - ofs->numdatalayer; 1039 } 1040 for (nr = 1; nr < nr_lower; nr++) { 1041 if (nr < nr_merged_lower) 1042 seq_show_option(m, "lowerdir+", lowerdirs[nr]); 1043 else 1044 seq_show_option(m, "datadir+", lowerdirs[nr]); 1045 } 1046 if (ofs->config.upperdir) { 1047 seq_show_option(m, "upperdir", ofs->config.upperdir); 1048 seq_show_option(m, "workdir", ofs->config.workdir); 1049 } 1050 if (ofs->config.default_permissions) 1051 seq_puts(m, ",default_permissions"); 1052 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 1053 seq_printf(m, ",redirect_dir=%s", 1054 ovl_redirect_mode(&ofs->config)); 1055 if (ofs->config.index != ovl_index_def) 1056 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 1057 if (ofs->config.uuid != ovl_uuid_def()) 1058 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 1059 if (ofs->config.nfs_export != ovl_nfs_export_def) 1060 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 1061 "on" : "off"); 1062 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1063 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1064 if (ofs->config.metacopy != ovl_metacopy_def) 1065 seq_printf(m, ",metacopy=%s", 1066 ofs->config.metacopy ? "on" : "off"); 1067 if (ofs->config.ovl_volatile) 1068 seq_puts(m, ",volatile"); 1069 if (ofs->config.userxattr) 1070 seq_puts(m, ",userxattr"); 1071 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1072 seq_printf(m, ",verity=%s", 1073 ovl_verity_mode(&ofs->config)); 1074 return 0; 1075 } 1076