1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum ovl_opt { 47 Opt_lowerdir, 48 Opt_lowerdir_add, 49 Opt_datadir_add, 50 Opt_upperdir, 51 Opt_workdir, 52 Opt_default_permissions, 53 Opt_redirect_dir, 54 Opt_index, 55 Opt_uuid, 56 Opt_nfs_export, 57 Opt_userxattr, 58 Opt_xino, 59 Opt_metacopy, 60 Opt_verity, 61 Opt_fsync, 62 Opt_volatile, 63 Opt_override_creds, 64 }; 65 66 static const struct constant_table ovl_parameter_bool[] = { 67 { "on", true }, 68 { "off", false }, 69 {} 70 }; 71 72 static const struct constant_table ovl_parameter_uuid[] = { 73 { "off", OVL_UUID_OFF }, 74 { "null", OVL_UUID_NULL }, 75 { "auto", OVL_UUID_AUTO }, 76 { "on", OVL_UUID_ON }, 77 {} 78 }; 79 80 static const char *ovl_uuid_mode(struct ovl_config *config) 81 { 82 return ovl_parameter_uuid[config->uuid].name; 83 } 84 85 static int ovl_uuid_def(void) 86 { 87 return OVL_UUID_AUTO; 88 } 89 90 static const struct constant_table ovl_parameter_xino[] = { 91 { "off", OVL_XINO_OFF }, 92 { "auto", OVL_XINO_AUTO }, 93 { "on", OVL_XINO_ON }, 94 {} 95 }; 96 97 const char *ovl_xino_mode(struct ovl_config *config) 98 { 99 return ovl_parameter_xino[config->xino].name; 100 } 101 102 static int ovl_xino_def(void) 103 { 104 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 105 } 106 107 const struct constant_table ovl_parameter_redirect_dir[] = { 108 { "off", OVL_REDIRECT_OFF }, 109 { "follow", OVL_REDIRECT_FOLLOW }, 110 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 111 { "on", OVL_REDIRECT_ON }, 112 {} 113 }; 114 115 static const char *ovl_redirect_mode(struct ovl_config *config) 116 { 117 return ovl_parameter_redirect_dir[config->redirect_mode].name; 118 } 119 120 static int ovl_redirect_mode_def(void) 121 { 122 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 123 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 124 OVL_REDIRECT_NOFOLLOW; 125 } 126 127 static const struct constant_table ovl_parameter_verity[] = { 128 { "off", OVL_VERITY_OFF }, 129 { "on", OVL_VERITY_ON }, 130 { "require", OVL_VERITY_REQUIRE }, 131 {} 132 }; 133 134 static const char *ovl_verity_mode(struct ovl_config *config) 135 { 136 return ovl_parameter_verity[config->verity_mode].name; 137 } 138 139 static int ovl_verity_mode_def(void) 140 { 141 return OVL_VERITY_OFF; 142 } 143 144 static const struct constant_table ovl_parameter_fsync[] = { 145 { "volatile", OVL_FSYNC_VOLATILE }, 146 { "auto", OVL_FSYNC_AUTO }, 147 { "strict", OVL_FSYNC_STRICT }, 148 {} 149 }; 150 151 static const char *ovl_fsync_mode(struct ovl_config *config) 152 { 153 return ovl_parameter_fsync[config->fsync_mode].name; 154 } 155 156 static int ovl_fsync_mode_def(void) 157 { 158 return OVL_FSYNC_AUTO; 159 } 160 161 const struct fs_parameter_spec ovl_parameter_spec[] = { 162 fsparam_string_empty("lowerdir", Opt_lowerdir), 163 fsparam_file_or_string("lowerdir+", Opt_lowerdir_add), 164 fsparam_file_or_string("datadir+", Opt_datadir_add), 165 fsparam_file_or_string("upperdir", Opt_upperdir), 166 fsparam_file_or_string("workdir", Opt_workdir), 167 fsparam_flag("default_permissions", Opt_default_permissions), 168 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 169 fsparam_enum("index", Opt_index, ovl_parameter_bool), 170 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 171 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 172 fsparam_flag("userxattr", Opt_userxattr), 173 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 174 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 175 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 176 fsparam_enum("fsync", Opt_fsync, ovl_parameter_fsync), 177 fsparam_flag("volatile", Opt_volatile), 178 fsparam_flag_no("override_creds", Opt_override_creds), 179 {} 180 }; 181 182 static char *ovl_next_opt(char **s) 183 { 184 char *sbegin = *s; 185 char *p; 186 187 if (sbegin == NULL) 188 return NULL; 189 190 for (p = sbegin; *p; p++) { 191 if (*p == '\\') { 192 p++; 193 if (!*p) 194 break; 195 } else if (*p == ',') { 196 *p = '\0'; 197 *s = p + 1; 198 return sbegin; 199 } 200 } 201 *s = NULL; 202 return sbegin; 203 } 204 205 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 206 { 207 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 208 } 209 210 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 211 { 212 ssize_t nr_layers = 1, nr_colons = 0; 213 char *s, *d; 214 215 for (s = d = str;; s++, d++) { 216 if (*s == '\\') { 217 /* keep esc chars in split lowerdir */ 218 *d++ = *s++; 219 } else if (*s == ':') { 220 bool next_colon = (*(s + 1) == ':'); 221 222 nr_colons++; 223 if (nr_colons == 2 && next_colon) { 224 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 225 return -EINVAL; 226 } 227 /* count layers, not colons */ 228 if (!next_colon) 229 nr_layers++; 230 231 *d = '\0'; 232 continue; 233 } 234 235 *d = *s; 236 if (!*s) { 237 /* trailing colons */ 238 if (nr_colons) { 239 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 240 return -EINVAL; 241 } 242 break; 243 } 244 nr_colons = 0; 245 } 246 247 return nr_layers; 248 } 249 250 static int ovl_mount_dir_noesc(const char *name, struct path *path) 251 { 252 int err = -EINVAL; 253 254 if (!*name) { 255 pr_err("empty lowerdir\n"); 256 goto out; 257 } 258 err = kern_path(name, LOOKUP_FOLLOW, path); 259 if (err) { 260 pr_err("failed to resolve '%s': %i\n", name, err); 261 goto out; 262 } 263 return 0; 264 265 out: 266 return err; 267 } 268 269 static void ovl_unescape(char *s) 270 { 271 char *d = s; 272 273 for (;; s++, d++) { 274 if (*s == '\\') 275 s++; 276 *d = *s; 277 if (!*s) 278 break; 279 } 280 } 281 282 static int ovl_mount_dir(const char *name, struct path *path) 283 { 284 int err = -ENOMEM; 285 char *tmp = kstrdup(name, GFP_KERNEL); 286 287 if (tmp) { 288 ovl_unescape(tmp); 289 err = ovl_mount_dir_noesc(tmp, path); 290 kfree(tmp); 291 } 292 return err; 293 } 294 295 static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path, 296 enum ovl_opt layer, const char *name, bool upper) 297 { 298 bool is_casefolded = ovl_dentry_casefolded(path->dentry); 299 struct ovl_fs_context *ctx = fc->fs_private; 300 struct ovl_fs *ofs = fc->s_fs_info; 301 302 if (!d_is_dir(path->dentry)) 303 return invalfc(fc, "%s is not a directory", name); 304 305 /* 306 * Allow filesystems that are case-folding capable but deny composing 307 * ovl stack from inconsistent case-folded directories. 308 */ 309 if (!ctx->casefold_set) { 310 ofs->casefold = is_casefolded; 311 ctx->casefold_set = true; 312 } 313 314 if (ofs->casefold != is_casefolded) { 315 return invalfc(fc, "case-%ssensitive directory on %s is inconsistent", 316 is_casefolded ? "in" : "", name); 317 } 318 319 if (ovl_dentry_weird(path->dentry)) 320 return invalfc(fc, "filesystem on %s not supported", name); 321 322 /* 323 * Check whether upper path is read-only here to report failures 324 * early. Don't forget to recheck when the superblock is created 325 * as the mount attributes could change. 326 */ 327 if (upper) { 328 if (path->dentry->d_flags & DCACHE_OP_REAL) 329 return invalfc(fc, "filesystem on %s not supported as upperdir", name); 330 if (__mnt_is_readonly(path->mnt)) 331 return invalfc(fc, "filesystem on %s is read-only", name); 332 } else { 333 if (ctx->lowerdir_all && layer != Opt_lowerdir) 334 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir"); 335 if (ctx->nr_data && layer == Opt_lowerdir_add) 336 return invalfc(fc, "regular lower layers cannot follow data layers"); 337 if (ctx->nr == OVL_MAX_STACK) 338 return invalfc(fc, "too many lower directories, limit is %d", 339 OVL_MAX_STACK); 340 } 341 return 0; 342 } 343 344 static int ovl_ctx_realloc_lower(struct fs_context *fc) 345 { 346 struct ovl_fs_context *ctx = fc->fs_private; 347 struct ovl_fs_context_layer *l; 348 size_t nr; 349 350 if (ctx->nr < ctx->capacity) 351 return 0; 352 353 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2), 354 OVL_MAX_STACK); 355 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT); 356 if (!l) 357 return -ENOMEM; 358 359 ctx->lower = l; 360 ctx->capacity = nr; 361 return 0; 362 } 363 364 static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer, 365 struct path *path, char **pname) 366 { 367 struct ovl_fs *ofs = fc->s_fs_info; 368 struct ovl_config *config = &ofs->config; 369 struct ovl_fs_context *ctx = fc->fs_private; 370 struct ovl_fs_context_layer *l; 371 372 switch (layer) { 373 case Opt_workdir: 374 swap(config->workdir, *pname); 375 swap(ctx->work, *path); 376 break; 377 case Opt_upperdir: 378 swap(config->upperdir, *pname); 379 swap(ctx->upper, *path); 380 break; 381 case Opt_datadir_add: 382 ctx->nr_data++; 383 fallthrough; 384 case Opt_lowerdir: 385 fallthrough; 386 case Opt_lowerdir_add: 387 WARN_ON(ctx->nr >= ctx->capacity); 388 l = &ctx->lower[ctx->nr++]; 389 memset(l, 0, sizeof(*l)); 390 swap(l->name, *pname); 391 swap(l->path, *path); 392 break; 393 default: 394 WARN_ON(1); 395 } 396 } 397 398 static inline bool is_upper_layer(enum ovl_opt layer) 399 { 400 return layer == Opt_upperdir || layer == Opt_workdir; 401 } 402 403 /* Handle non-file descriptor-based layer options that require path lookup. */ 404 static inline int ovl_kern_path(const char *layer_name, struct path *layer_path, 405 enum ovl_opt layer) 406 { 407 int err; 408 409 switch (layer) { 410 case Opt_upperdir: 411 fallthrough; 412 case Opt_workdir: 413 fallthrough; 414 case Opt_lowerdir: 415 err = ovl_mount_dir(layer_name, layer_path); 416 break; 417 case Opt_lowerdir_add: 418 fallthrough; 419 case Opt_datadir_add: 420 err = ovl_mount_dir_noesc(layer_name, layer_path); 421 break; 422 default: 423 WARN_ON_ONCE(true); 424 err = -EINVAL; 425 } 426 427 return err; 428 } 429 430 static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name, 431 struct path *layer_path, enum ovl_opt layer) 432 { 433 char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL); 434 bool upper; 435 int err = 0; 436 437 if (!name) 438 return -ENOMEM; 439 440 upper = is_upper_layer(layer); 441 err = ovl_mount_dir_check(fc, layer_path, layer, name, upper); 442 if (err) 443 return err; 444 445 if (!upper) { 446 err = ovl_ctx_realloc_lower(fc); 447 if (err) 448 return err; 449 } 450 451 /* Store the user provided path string in ctx to show in mountinfo */ 452 ovl_add_layer(fc, layer, layer_path, &name); 453 return err; 454 } 455 456 static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param, 457 enum ovl_opt layer) 458 { 459 struct path layer_path __free(path_put) = {}; 460 int err = 0; 461 462 switch (param->type) { 463 case fs_value_is_string: 464 err = ovl_kern_path(param->string, &layer_path, layer); 465 if (err) 466 return err; 467 err = ovl_do_parse_layer(fc, param->string, &layer_path, layer); 468 break; 469 case fs_value_is_file: { 470 char *buf __free(kfree); 471 char *layer_name; 472 473 buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT); 474 if (!buf) 475 return -ENOMEM; 476 477 layer_path = param->file->f_path; 478 path_get(&layer_path); 479 480 layer_name = d_path(&layer_path, buf, PATH_MAX); 481 if (IS_ERR(layer_name)) 482 return PTR_ERR(layer_name); 483 484 err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer); 485 break; 486 } 487 default: 488 WARN_ON_ONCE(true); 489 err = -EINVAL; 490 } 491 492 return err; 493 } 494 495 static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx) 496 { 497 struct ovl_fs_context_layer *l = ctx->lower; 498 499 // Reset old user provided lowerdir string 500 kfree(ctx->lowerdir_all); 501 ctx->lowerdir_all = NULL; 502 503 for (size_t nr = 0; nr < ctx->nr; nr++, l++) { 504 path_put(&l->path); 505 kfree(l->name); 506 l->name = NULL; 507 } 508 ctx->nr = 0; 509 ctx->nr_data = 0; 510 } 511 512 /* 513 * Parse lowerdir= mount option: 514 * 515 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 516 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 517 * "/data1" and "/data2" as data lower layers. Any existing lower 518 * layers are replaced. 519 */ 520 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 521 { 522 int err; 523 struct ovl_fs_context *ctx = fc->fs_private; 524 char *dup = NULL, *iter; 525 ssize_t nr_lower, nr; 526 bool data_layer = false; 527 528 /* 529 * Ensure we're backwards compatible with mount(2) 530 * by allowing relative paths. 531 */ 532 533 /* drop all existing lower layers */ 534 ovl_reset_lowerdirs(ctx); 535 536 if (!*name) 537 return 0; 538 539 if (*name == ':') { 540 pr_err("cannot append lower layer\n"); 541 return -EINVAL; 542 } 543 544 // Store user provided lowerdir string to show in mount options 545 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL); 546 if (!ctx->lowerdir_all) 547 return -ENOMEM; 548 549 dup = kstrdup(name, GFP_KERNEL); 550 if (!dup) 551 return -ENOMEM; 552 553 err = -EINVAL; 554 nr_lower = ovl_parse_param_split_lowerdirs(dup); 555 if (nr_lower < 0) 556 goto out_err; 557 558 if (nr_lower > OVL_MAX_STACK) { 559 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 560 goto out_err; 561 } 562 563 iter = dup; 564 for (nr = 0; nr < nr_lower; nr++) { 565 struct path path __free(path_put) = {}; 566 567 err = ovl_kern_path(iter, &path, Opt_lowerdir); 568 if (err) 569 goto out_err; 570 571 err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir); 572 if (err) 573 goto out_err; 574 575 if (data_layer) 576 ctx->nr_data++; 577 578 /* Calling strchr() again would overrun. */ 579 if (ctx->nr == nr_lower) 580 break; 581 582 err = -EINVAL; 583 iter = strchr(iter, '\0') + 1; 584 if (*iter) { 585 /* 586 * This is a regular layer so we require that 587 * there are no data layers. 588 */ 589 if (ctx->nr_data > 0) { 590 pr_err("regular lower layers cannot follow data lower layers\n"); 591 goto out_err; 592 } 593 594 data_layer = false; 595 continue; 596 } 597 598 /* This is a data lower layer. */ 599 data_layer = true; 600 iter++; 601 } 602 kfree(dup); 603 return 0; 604 605 out_err: 606 kfree(dup); 607 608 /* Intentionally don't realloc to a smaller size. */ 609 return err; 610 } 611 612 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 613 { 614 int err = 0; 615 struct fs_parse_result result; 616 struct ovl_fs *ofs = fc->s_fs_info; 617 struct ovl_config *config = &ofs->config; 618 struct ovl_fs_context *ctx = fc->fs_private; 619 int opt; 620 621 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 622 /* 623 * On remount overlayfs has always ignored all mount 624 * options no matter if malformed or not so for 625 * backwards compatibility we do the same here. 626 */ 627 if (fc->oldapi) 628 return 0; 629 630 /* 631 * Give us the freedom to allow changing mount options 632 * with the new mount api in the future. So instead of 633 * silently ignoring everything we report a proper 634 * error. This is only visible for users of the new 635 * mount api. 636 */ 637 return invalfc(fc, "No changes allowed in reconfigure"); 638 } 639 640 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 641 if (opt < 0) 642 return opt; 643 644 switch (opt) { 645 case Opt_lowerdir: 646 err = ovl_parse_param_lowerdir(param->string, fc); 647 break; 648 case Opt_lowerdir_add: 649 case Opt_datadir_add: 650 case Opt_upperdir: 651 case Opt_workdir: 652 err = ovl_parse_layer(fc, param, opt); 653 break; 654 case Opt_default_permissions: 655 config->default_permissions = true; 656 break; 657 case Opt_redirect_dir: 658 config->redirect_mode = result.uint_32; 659 if (config->redirect_mode == OVL_REDIRECT_OFF) { 660 config->redirect_mode = ovl_redirect_always_follow ? 661 OVL_REDIRECT_FOLLOW : 662 OVL_REDIRECT_NOFOLLOW; 663 } 664 ctx->set.redirect = true; 665 break; 666 case Opt_index: 667 config->index = result.uint_32; 668 ctx->set.index = true; 669 break; 670 case Opt_uuid: 671 config->uuid = result.uint_32; 672 break; 673 case Opt_nfs_export: 674 config->nfs_export = result.uint_32; 675 ctx->set.nfs_export = true; 676 break; 677 case Opt_xino: 678 config->xino = result.uint_32; 679 break; 680 case Opt_metacopy: 681 config->metacopy = result.uint_32; 682 ctx->set.metacopy = true; 683 break; 684 case Opt_verity: 685 config->verity_mode = result.uint_32; 686 break; 687 case Opt_fsync: 688 config->fsync_mode = result.uint_32; 689 break; 690 case Opt_volatile: 691 config->fsync_mode = OVL_FSYNC_VOLATILE; 692 break; 693 case Opt_userxattr: 694 config->userxattr = true; 695 break; 696 case Opt_override_creds: { 697 const struct cred *cred = NULL; 698 699 if (result.negated) { 700 swap(cred, ofs->creator_cred); 701 put_cred(cred); 702 break; 703 } 704 705 if (!current_in_userns(fc->user_ns)) { 706 err = -EINVAL; 707 break; 708 } 709 710 cred = prepare_creds(); 711 if (cred) 712 swap(cred, ofs->creator_cred); 713 else 714 err = -ENOMEM; 715 716 put_cred(cred); 717 break; 718 } 719 default: 720 pr_err("unrecognized mount option \"%s\" or missing value\n", 721 param->key); 722 return -EINVAL; 723 } 724 725 return err; 726 } 727 728 static int ovl_get_tree(struct fs_context *fc) 729 { 730 return get_tree_nodev(fc, ovl_fill_super); 731 } 732 733 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 734 { 735 ovl_reset_lowerdirs(ctx); 736 path_put(&ctx->upper); 737 path_put(&ctx->work); 738 kfree(ctx->lower); 739 kfree(ctx); 740 } 741 742 static void ovl_free(struct fs_context *fc) 743 { 744 struct ovl_fs *ofs = fc->s_fs_info; 745 struct ovl_fs_context *ctx = fc->fs_private; 746 747 /* 748 * ofs is stored in the fs_context when it is initialized. 749 * ofs is transferred to the superblock on a successful mount, 750 * but if an error occurs before the transfer we have to free 751 * it here. 752 */ 753 if (ofs) 754 ovl_free_fs(ofs); 755 756 if (ctx) 757 ovl_fs_context_free(ctx); 758 } 759 760 static int ovl_reconfigure(struct fs_context *fc) 761 { 762 struct super_block *sb = fc->root->d_sb; 763 struct ovl_fs *ofs = OVL_FS(sb); 764 struct super_block *upper_sb; 765 int ret = 0; 766 767 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 768 return -EROFS; 769 770 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 771 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 772 if (ovl_should_sync(ofs)) { 773 down_read(&upper_sb->s_umount); 774 ret = sync_filesystem(upper_sb); 775 up_read(&upper_sb->s_umount); 776 } 777 } 778 779 return ret; 780 } 781 782 static const struct fs_context_operations ovl_context_ops = { 783 .parse_monolithic = ovl_parse_monolithic, 784 .parse_param = ovl_parse_param, 785 .get_tree = ovl_get_tree, 786 .reconfigure = ovl_reconfigure, 787 .free = ovl_free, 788 }; 789 790 /* 791 * This is called during fsopen() and will record the user namespace of 792 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 793 * need it when we actually create the superblock to verify that the 794 * process creating the superblock is in the same user namespace as 795 * process that called fsopen(). 796 */ 797 int ovl_init_fs_context(struct fs_context *fc) 798 { 799 struct ovl_fs_context *ctx; 800 struct ovl_fs *ofs; 801 802 ctx = kzalloc_obj(*ctx, GFP_KERNEL_ACCOUNT); 803 if (!ctx) 804 return -ENOMEM; 805 806 /* 807 * By default we allocate for three lower layers. It's likely 808 * that it'll cover most users. 809 */ 810 ctx->lower = kmalloc_objs(*ctx->lower, 3, GFP_KERNEL_ACCOUNT); 811 if (!ctx->lower) 812 goto out_err; 813 ctx->capacity = 3; 814 815 ofs = kzalloc_obj(struct ovl_fs); 816 if (!ofs) 817 goto out_err; 818 819 ofs->config.redirect_mode = ovl_redirect_mode_def(); 820 ofs->config.index = ovl_index_def; 821 ofs->config.uuid = ovl_uuid_def(); 822 ofs->config.nfs_export = ovl_nfs_export_def; 823 ofs->config.xino = ovl_xino_def(); 824 ofs->config.metacopy = ovl_metacopy_def; 825 ofs->config.fsync_mode = ovl_fsync_mode_def(); 826 827 fc->s_fs_info = ofs; 828 fc->fs_private = ctx; 829 fc->ops = &ovl_context_ops; 830 831 mutex_init(&ofs->whiteout_lock); 832 return 0; 833 834 out_err: 835 ovl_fs_context_free(ctx); 836 return -ENOMEM; 837 838 } 839 840 void ovl_free_fs(struct ovl_fs *ofs) 841 { 842 struct vfsmount **mounts; 843 unsigned i; 844 845 iput(ofs->workbasedir_trap); 846 iput(ofs->workdir_trap); 847 dput(ofs->whiteout); 848 dput(ofs->workdir); 849 if (ofs->workdir_locked) 850 ovl_inuse_unlock(ofs->workbasedir); 851 dput(ofs->workbasedir); 852 if (ofs->upperdir_locked) 853 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 854 855 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 856 mounts = (struct vfsmount **) ofs->config.lowerdirs; 857 for (i = 0; i < ofs->numlayer; i++) { 858 iput(ofs->layers[i].trap); 859 kfree(ofs->config.lowerdirs[i]); 860 mounts[i] = ofs->layers[i].mnt; 861 } 862 kern_unmount_array(mounts, ofs->numlayer); 863 kfree(ofs->layers); 864 for (i = 0; i < ofs->numfs; i++) 865 free_anon_bdev(ofs->fs[i].pseudo_dev); 866 kfree(ofs->fs); 867 868 kfree(ofs->config.lowerdirs); 869 kfree(ofs->config.upperdir); 870 kfree(ofs->config.workdir); 871 if (ofs->creator_cred) 872 put_cred(ofs->creator_cred); 873 kfree(ofs); 874 } 875 876 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 877 struct ovl_config *config) 878 { 879 struct ovl_opt_set set = ctx->set; 880 881 /* Workdir/index are useless in non-upper mount */ 882 if (!config->upperdir) { 883 if (config->workdir) { 884 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 885 config->workdir); 886 kfree(config->workdir); 887 config->workdir = NULL; 888 } 889 if (config->index && set.index) { 890 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 891 set.index = false; 892 } 893 config->index = false; 894 } 895 896 if (!config->upperdir && ovl_is_volatile(config)) { 897 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 898 config->fsync_mode = ovl_fsync_mode_def(); 899 } 900 901 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 902 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 903 config->uuid = OVL_UUID_NULL; 904 } 905 906 /* 907 * This is to make the logic below simpler. It doesn't make any other 908 * difference, since redirect_dir=on is only used for upper. 909 */ 910 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 911 config->redirect_mode = OVL_REDIRECT_ON; 912 913 /* metacopy -> redirect_dir dependency */ 914 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 915 if (set.metacopy && set.redirect) { 916 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 917 ovl_redirect_mode(config)); 918 return -EINVAL; 919 } 920 if (set.redirect) { 921 /* 922 * There was an explicit redirect_dir=... that resulted 923 * in this conflict. 924 */ 925 pr_info("disabling metacopy due to redirect_dir=%s\n", 926 ovl_redirect_mode(config)); 927 config->metacopy = false; 928 } else { 929 /* Automatically enable redirect otherwise. */ 930 config->redirect_mode = OVL_REDIRECT_ON; 931 } 932 } 933 934 /* Resolve nfs_export -> index dependency */ 935 if (config->nfs_export && !config->index) { 936 if (!config->upperdir && 937 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 938 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 939 config->nfs_export = false; 940 } else if (set.nfs_export && set.index) { 941 pr_err("conflicting options: nfs_export=on,index=off\n"); 942 return -EINVAL; 943 } else if (set.index) { 944 /* 945 * There was an explicit index=off that resulted 946 * in this conflict. 947 */ 948 pr_info("disabling nfs_export due to index=off\n"); 949 config->nfs_export = false; 950 } else { 951 /* Automatically enable index otherwise. */ 952 config->index = true; 953 } 954 } 955 956 /* Resolve nfs_export -> !metacopy && !verity dependency */ 957 if (config->nfs_export && config->metacopy) { 958 if (set.nfs_export && set.metacopy) { 959 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 960 return -EINVAL; 961 } 962 if (set.metacopy) { 963 /* 964 * There was an explicit metacopy=on that resulted 965 * in this conflict. 966 */ 967 pr_info("disabling nfs_export due to metacopy=on\n"); 968 config->nfs_export = false; 969 } else if (config->verity_mode) { 970 /* 971 * There was an explicit verity=.. that resulted 972 * in this conflict. 973 */ 974 pr_info("disabling nfs_export due to verity=%s\n", 975 ovl_verity_mode(config)); 976 config->nfs_export = false; 977 } else { 978 /* 979 * There was an explicit nfs_export=on that resulted 980 * in this conflict. 981 */ 982 pr_info("disabling metacopy due to nfs_export=on\n"); 983 config->metacopy = false; 984 } 985 } 986 987 988 /* Resolve userxattr -> !redirect && !metacopy dependency */ 989 if (config->userxattr) { 990 if (set.redirect && 991 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 992 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 993 ovl_redirect_mode(config)); 994 return -EINVAL; 995 } 996 if (config->metacopy && set.metacopy) { 997 pr_err("conflicting options: userxattr,metacopy=on\n"); 998 return -EINVAL; 999 } 1000 /* 1001 * Silently disable default setting of redirect and metacopy. 1002 * This shall be the default in the future as well: these 1003 * options must be explicitly enabled if used together with 1004 * userxattr. 1005 */ 1006 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 1007 config->metacopy = false; 1008 } 1009 1010 /* 1011 * Fail if we don't have trusted xattr capability and a feature was 1012 * explicitly requested that requires them. 1013 */ 1014 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) { 1015 if (set.redirect && 1016 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 1017 pr_err("redirect_dir requires permission to access trusted xattrs\n"); 1018 return -EPERM; 1019 } 1020 if (config->metacopy && set.metacopy) { 1021 pr_err("metacopy requires permission to access trusted xattrs\n"); 1022 return -EPERM; 1023 } 1024 if (config->verity_mode) { 1025 pr_err("verity requires permission to access trusted xattrs\n"); 1026 return -EPERM; 1027 } 1028 if (ctx->nr_data > 0) { 1029 pr_err("lower data-only dirs require permission to access trusted xattrs\n"); 1030 return -EPERM; 1031 } 1032 /* 1033 * Other xattr-dependent features should be disabled without 1034 * great disturbance to the user in ovl_make_workdir(). 1035 */ 1036 } 1037 1038 return 0; 1039 } 1040 1041 /** 1042 * ovl_show_options 1043 * @m: the seq_file handle 1044 * @dentry: The dentry to query 1045 * 1046 * Prints the mount options for a given superblock. 1047 * Returns zero; does not fail. 1048 */ 1049 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 1050 { 1051 struct super_block *sb = dentry->d_sb; 1052 struct ovl_fs *ofs = OVL_FS(sb); 1053 size_t nr, nr_merged_lower, nr_lower = 0; 1054 char **lowerdirs = ofs->config.lowerdirs; 1055 1056 /* 1057 * lowerdirs[0] holds the colon separated list that user provided 1058 * with lowerdir mount option. 1059 * lowerdirs[1..numlayer] hold the lowerdir paths that were added 1060 * using the lowerdir+ and datadir+ mount options. 1061 * For now, we do not allow mixing the legacy lowerdir mount option 1062 * with the new lowerdir+ and datadir+ mount options. 1063 */ 1064 if (lowerdirs[0]) { 1065 seq_show_option(m, "lowerdir", lowerdirs[0]); 1066 } else { 1067 nr_lower = ofs->numlayer; 1068 nr_merged_lower = nr_lower - ofs->numdatalayer; 1069 } 1070 for (nr = 1; nr < nr_lower; nr++) { 1071 if (nr < nr_merged_lower) 1072 seq_show_option(m, "lowerdir+", lowerdirs[nr]); 1073 else 1074 seq_show_option(m, "datadir+", lowerdirs[nr]); 1075 } 1076 if (ofs->config.upperdir) { 1077 seq_show_option(m, "upperdir", ofs->config.upperdir); 1078 seq_show_option(m, "workdir", ofs->config.workdir); 1079 } 1080 if (ofs->config.default_permissions) 1081 seq_puts(m, ",default_permissions"); 1082 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 1083 seq_printf(m, ",redirect_dir=%s", 1084 ovl_redirect_mode(&ofs->config)); 1085 if (ofs->config.index != ovl_index_def) 1086 seq_printf(m, ",index=%s", str_on_off(ofs->config.index)); 1087 if (ofs->config.uuid != ovl_uuid_def()) 1088 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 1089 if (ofs->config.nfs_export != ovl_nfs_export_def) 1090 seq_printf(m, ",nfs_export=%s", 1091 str_on_off(ofs->config.nfs_export)); 1092 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1093 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1094 if (ofs->config.metacopy != ovl_metacopy_def) 1095 seq_printf(m, ",metacopy=%s", str_on_off(ofs->config.metacopy)); 1096 if (ofs->config.fsync_mode != ovl_fsync_mode_def()) 1097 seq_printf(m, ",fsync=%s", ovl_fsync_mode(&ofs->config)); 1098 if (ofs->config.userxattr) 1099 seq_puts(m, ",userxattr"); 1100 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1101 seq_printf(m, ",verity=%s", 1102 ovl_verity_mode(&ofs->config)); 1103 return 0; 1104 } 1105