]>
Commit | Line | Data |
---|---|---|
b36a5780 CB |
1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | #include <linux/fs.h> | |
7fb7998b | 4 | #include <linux/module.h> |
b36a5780 CB |
5 | #include <linux/namei.h> |
6 | #include <linux/fs_context.h> | |
7 | #include <linux/fs_parser.h> | |
8 | #include <linux/posix_acl_xattr.h> | |
7fb7998b | 9 | #include <linux/seq_file.h> |
b36a5780 CB |
10 | #include <linux/xattr.h> |
11 | #include "overlayfs.h" | |
7fb7998b CB |
12 | #include "params.h" |
13 | ||
14 | static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); | |
15 | module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); | |
16 | MODULE_PARM_DESC(redirect_dir, | |
17 | "Default to on or off for the redirect_dir feature"); | |
18 | ||
19 | static bool ovl_redirect_always_follow = | |
20 | IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); | |
21 | module_param_named(redirect_always_follow, ovl_redirect_always_follow, | |
22 | bool, 0644); | |
23 | MODULE_PARM_DESC(redirect_always_follow, | |
24 | "Follow redirects even if redirect_dir feature is turned off"); | |
25 | ||
26 | static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); | |
27 | module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); | |
28 | MODULE_PARM_DESC(xino_auto, | |
29 | "Auto enable xino feature"); | |
30 | ||
31 | static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); | |
32 | module_param_named(index, ovl_index_def, bool, 0644); | |
33 | MODULE_PARM_DESC(index, | |
34 | "Default to on or off for the inodes index feature"); | |
35 | ||
36 | static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); | |
37 | module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); | |
38 | MODULE_PARM_DESC(nfs_export, | |
39 | "Default to on or off for the NFS export feature"); | |
40 | ||
41 | static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); | |
42 | module_param_named(metacopy, ovl_metacopy_def, bool, 0644); | |
43 | MODULE_PARM_DESC(metacopy, | |
44 | "Default to on or off for the metadata only copy up feature"); | |
45 | ||
46 | enum { | |
47 | Opt_lowerdir, | |
48 | Opt_upperdir, | |
49 | Opt_workdir, | |
50 | Opt_default_permissions, | |
51 | Opt_redirect_dir, | |
52 | Opt_index, | |
53 | Opt_uuid, | |
54 | Opt_nfs_export, | |
55 | Opt_userxattr, | |
56 | Opt_xino, | |
57 | Opt_metacopy, | |
ae8cba40 | 58 | Opt_verity, |
7fb7998b CB |
59 | Opt_volatile, |
60 | }; | |
61 | ||
62 | static const struct constant_table ovl_parameter_bool[] = { | |
63 | { "on", true }, | |
64 | { "off", false }, | |
65 | {} | |
66 | }; | |
67 | ||
b0504bfe AG |
68 | static const struct constant_table ovl_parameter_uuid[] = { |
69 | { "off", OVL_UUID_OFF }, | |
70 | { "null", OVL_UUID_NULL }, | |
cbb44f09 | 71 | { "auto", OVL_UUID_AUTO }, |
b0504bfe AG |
72 | { "on", OVL_UUID_ON }, |
73 | {} | |
74 | }; | |
75 | ||
76 | static const char *ovl_uuid_mode(struct ovl_config *config) | |
77 | { | |
78 | return ovl_parameter_uuid[config->uuid].name; | |
79 | } | |
80 | ||
81 | static int ovl_uuid_def(void) | |
82 | { | |
cbb44f09 | 83 | return OVL_UUID_AUTO; |
b0504bfe AG |
84 | } |
85 | ||
7fb7998b CB |
86 | static const struct constant_table ovl_parameter_xino[] = { |
87 | { "off", OVL_XINO_OFF }, | |
88 | { "auto", OVL_XINO_AUTO }, | |
89 | { "on", OVL_XINO_ON }, | |
90 | {} | |
91 | }; | |
92 | ||
93 | const char *ovl_xino_mode(struct ovl_config *config) | |
94 | { | |
95 | return ovl_parameter_xino[config->xino].name; | |
96 | } | |
97 | ||
98 | static int ovl_xino_def(void) | |
99 | { | |
100 | return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; | |
101 | } | |
102 | ||
103 | const struct constant_table ovl_parameter_redirect_dir[] = { | |
104 | { "off", OVL_REDIRECT_OFF }, | |
105 | { "follow", OVL_REDIRECT_FOLLOW }, | |
106 | { "nofollow", OVL_REDIRECT_NOFOLLOW }, | |
107 | { "on", OVL_REDIRECT_ON }, | |
108 | {} | |
109 | }; | |
110 | ||
111 | static const char *ovl_redirect_mode(struct ovl_config *config) | |
112 | { | |
113 | return ovl_parameter_redirect_dir[config->redirect_mode].name; | |
114 | } | |
115 | ||
116 | static int ovl_redirect_mode_def(void) | |
117 | { | |
118 | return ovl_redirect_dir_def ? OVL_REDIRECT_ON : | |
119 | ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : | |
120 | OVL_REDIRECT_NOFOLLOW; | |
121 | } | |
122 | ||
ae8cba40 AL |
123 | static const struct constant_table ovl_parameter_verity[] = { |
124 | { "off", OVL_VERITY_OFF }, | |
125 | { "on", OVL_VERITY_ON }, | |
126 | { "require", OVL_VERITY_REQUIRE }, | |
127 | {} | |
128 | }; | |
129 | ||
130 | static const char *ovl_verity_mode(struct ovl_config *config) | |
131 | { | |
132 | return ovl_parameter_verity[config->verity_mode].name; | |
133 | } | |
134 | ||
135 | static int ovl_verity_mode_def(void) | |
136 | { | |
137 | return OVL_VERITY_OFF; | |
138 | } | |
139 | ||
7fb7998b CB |
140 | #define fsparam_string_empty(NAME, OPT) \ |
141 | __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) | |
142 | ||
143 | const struct fs_parameter_spec ovl_parameter_spec[] = { | |
144 | fsparam_string_empty("lowerdir", Opt_lowerdir), | |
145 | fsparam_string("upperdir", Opt_upperdir), | |
146 | fsparam_string("workdir", Opt_workdir), | |
147 | fsparam_flag("default_permissions", Opt_default_permissions), | |
148 | fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), | |
149 | fsparam_enum("index", Opt_index, ovl_parameter_bool), | |
b0504bfe | 150 | fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), |
7fb7998b CB |
151 | fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), |
152 | fsparam_flag("userxattr", Opt_userxattr), | |
153 | fsparam_enum("xino", Opt_xino, ovl_parameter_xino), | |
154 | fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), | |
ae8cba40 | 155 | fsparam_enum("verity", Opt_verity, ovl_parameter_verity), |
7fb7998b CB |
156 | fsparam_flag("volatile", Opt_volatile), |
157 | {} | |
158 | }; | |
b36a5780 | 159 | |
c34706ac AG |
160 | static char *ovl_next_opt(char **s) |
161 | { | |
162 | char *sbegin = *s; | |
163 | char *p; | |
164 | ||
165 | if (sbegin == NULL) | |
166 | return NULL; | |
167 | ||
168 | for (p = sbegin; *p; p++) { | |
169 | if (*p == '\\') { | |
170 | p++; | |
171 | if (!*p) | |
172 | break; | |
173 | } else if (*p == ',') { | |
174 | *p = '\0'; | |
175 | *s = p + 1; | |
176 | return sbegin; | |
177 | } | |
178 | } | |
179 | *s = NULL; | |
180 | return sbegin; | |
181 | } | |
182 | ||
183 | static int ovl_parse_monolithic(struct fs_context *fc, void *data) | |
184 | { | |
185 | return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); | |
186 | } | |
187 | ||
b36a5780 CB |
188 | static ssize_t ovl_parse_param_split_lowerdirs(char *str) |
189 | { | |
190 | ssize_t nr_layers = 1, nr_colons = 0; | |
191 | char *s, *d; | |
192 | ||
193 | for (s = d = str;; s++, d++) { | |
194 | if (*s == '\\') { | |
32db5107 AG |
195 | /* keep esc chars in split lowerdir */ |
196 | *d++ = *s++; | |
b36a5780 CB |
197 | } else if (*s == ':') { |
198 | bool next_colon = (*(s + 1) == ':'); | |
199 | ||
200 | nr_colons++; | |
201 | if (nr_colons == 2 && next_colon) { | |
202 | pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); | |
203 | return -EINVAL; | |
204 | } | |
205 | /* count layers, not colons */ | |
206 | if (!next_colon) | |
207 | nr_layers++; | |
208 | ||
209 | *d = '\0'; | |
210 | continue; | |
211 | } | |
212 | ||
213 | *d = *s; | |
214 | if (!*s) { | |
215 | /* trailing colons */ | |
216 | if (nr_colons) { | |
217 | pr_err("unescaped trailing colons in lowerdir mount option.\n"); | |
218 | return -EINVAL; | |
219 | } | |
220 | break; | |
221 | } | |
222 | nr_colons = 0; | |
223 | } | |
224 | ||
225 | return nr_layers; | |
226 | } | |
227 | ||
228 | static int ovl_mount_dir_noesc(const char *name, struct path *path) | |
229 | { | |
230 | int err = -EINVAL; | |
231 | ||
232 | if (!*name) { | |
233 | pr_err("empty lowerdir\n"); | |
234 | goto out; | |
235 | } | |
236 | err = kern_path(name, LOOKUP_FOLLOW, path); | |
237 | if (err) { | |
238 | pr_err("failed to resolve '%s': %i\n", name, err); | |
239 | goto out; | |
240 | } | |
241 | err = -EINVAL; | |
242 | if (ovl_dentry_weird(path->dentry)) { | |
243 | pr_err("filesystem on '%s' not supported\n", name); | |
244 | goto out_put; | |
245 | } | |
246 | if (!d_is_dir(path->dentry)) { | |
247 | pr_err("'%s' not a directory\n", name); | |
248 | goto out_put; | |
249 | } | |
250 | return 0; | |
251 | ||
252 | out_put: | |
253 | path_put_init(path); | |
254 | out: | |
255 | return err; | |
256 | } | |
257 | ||
258 | static void ovl_unescape(char *s) | |
259 | { | |
260 | char *d = s; | |
261 | ||
262 | for (;; s++, d++) { | |
263 | if (*s == '\\') | |
264 | s++; | |
265 | *d = *s; | |
266 | if (!*s) | |
267 | break; | |
268 | } | |
269 | } | |
270 | ||
32db5107 | 271 | static int ovl_mount_dir(const char *name, struct path *path, bool upper) |
b36a5780 CB |
272 | { |
273 | int err = -ENOMEM; | |
274 | char *tmp = kstrdup(name, GFP_KERNEL); | |
275 | ||
276 | if (tmp) { | |
277 | ovl_unescape(tmp); | |
278 | err = ovl_mount_dir_noesc(tmp, path); | |
279 | ||
32db5107 | 280 | if (!err && upper && path->dentry->d_flags & DCACHE_OP_REAL) { |
b36a5780 CB |
281 | pr_err("filesystem on '%s' not supported as upperdir\n", |
282 | tmp); | |
283 | path_put_init(path); | |
284 | err = -EINVAL; | |
285 | } | |
286 | kfree(tmp); | |
287 | } | |
288 | return err; | |
289 | } | |
290 | ||
7fb7998b CB |
291 | static int ovl_parse_param_upperdir(const char *name, struct fs_context *fc, |
292 | bool workdir) | |
b36a5780 CB |
293 | { |
294 | int err; | |
295 | struct ovl_fs *ofs = fc->s_fs_info; | |
296 | struct ovl_config *config = &ofs->config; | |
297 | struct ovl_fs_context *ctx = fc->fs_private; | |
298 | struct path path; | |
299 | char *dup; | |
300 | ||
32db5107 | 301 | err = ovl_mount_dir(name, &path, true); |
b36a5780 CB |
302 | if (err) |
303 | return err; | |
304 | ||
305 | /* | |
306 | * Check whether upper path is read-only here to report failures | |
307 | * early. Don't forget to recheck when the superblock is created | |
308 | * as the mount attributes could change. | |
309 | */ | |
310 | if (__mnt_is_readonly(path.mnt)) { | |
311 | path_put(&path); | |
312 | return -EINVAL; | |
313 | } | |
314 | ||
315 | dup = kstrdup(name, GFP_KERNEL); | |
316 | if (!dup) { | |
317 | path_put(&path); | |
318 | return -ENOMEM; | |
319 | } | |
320 | ||
321 | if (workdir) { | |
322 | kfree(config->workdir); | |
323 | config->workdir = dup; | |
324 | path_put(&ctx->work); | |
325 | ctx->work = path; | |
326 | } else { | |
327 | kfree(config->upperdir); | |
328 | config->upperdir = dup; | |
329 | path_put(&ctx->upper); | |
330 | ctx->upper = path; | |
331 | } | |
332 | return 0; | |
333 | } | |
334 | ||
7fb7998b | 335 | static void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx) |
b36a5780 CB |
336 | { |
337 | for (size_t nr = 0; nr < ctx->nr; nr++) { | |
338 | path_put(&ctx->lower[nr].path); | |
339 | kfree(ctx->lower[nr].name); | |
340 | ctx->lower[nr].name = NULL; | |
341 | } | |
342 | ctx->nr = 0; | |
343 | ctx->nr_data = 0; | |
344 | } | |
345 | ||
346 | /* | |
347 | * Parse lowerdir= mount option: | |
348 | * | |
c835110b | 349 | * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 |
b36a5780 CB |
350 | * Set "/lower1", "/lower2", and "/lower3" as lower layers and |
351 | * "/data1" and "/data2" as data lower layers. Any existing lower | |
352 | * layers are replaced. | |
b36a5780 | 353 | */ |
7fb7998b | 354 | static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) |
b36a5780 CB |
355 | { |
356 | int err; | |
357 | struct ovl_fs_context *ctx = fc->fs_private; | |
358 | struct ovl_fs_context_layer *l; | |
c835110b | 359 | char *dup = NULL, *iter; |
b36a5780 | 360 | ssize_t nr_lower = 0, nr = 0, nr_data = 0; |
c835110b | 361 | bool data_layer = false; |
b36a5780 CB |
362 | |
363 | /* | |
364 | * Ensure we're backwards compatible with mount(2) | |
365 | * by allowing relative paths. | |
366 | */ | |
367 | ||
368 | /* drop all existing lower layers */ | |
c835110b AG |
369 | ovl_parse_param_drop_lowerdir(ctx); |
370 | ||
371 | if (!*name) | |
b36a5780 | 372 | return 0; |
b36a5780 | 373 | |
beae836e AG |
374 | if (*name == ':') { |
375 | pr_err("cannot append lower layer"); | |
376 | return -EINVAL; | |
b36a5780 CB |
377 | } |
378 | ||
379 | dup = kstrdup(name, GFP_KERNEL); | |
380 | if (!dup) | |
381 | return -ENOMEM; | |
382 | ||
383 | err = -EINVAL; | |
384 | nr_lower = ovl_parse_param_split_lowerdirs(dup); | |
385 | if (nr_lower < 0) | |
386 | goto out_err; | |
387 | ||
c835110b | 388 | if (nr_lower > OVL_MAX_STACK) { |
b36a5780 CB |
389 | pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); |
390 | goto out_err; | |
391 | } | |
392 | ||
b36a5780 CB |
393 | if (nr_lower > ctx->capacity) { |
394 | err = -ENOMEM; | |
395 | l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower), | |
396 | GFP_KERNEL_ACCOUNT); | |
397 | if (!l) | |
398 | goto out_err; | |
399 | ||
400 | ctx->lower = l; | |
401 | ctx->capacity = nr_lower; | |
402 | } | |
403 | ||
c835110b AG |
404 | iter = dup; |
405 | l = ctx->lower; | |
406 | for (nr = 0; nr < nr_lower; nr++, l++) { | |
b36a5780 CB |
407 | memset(l, 0, sizeof(*l)); |
408 | ||
c835110b | 409 | err = ovl_mount_dir(iter, &l->path, false); |
b36a5780 CB |
410 | if (err) |
411 | goto out_put; | |
412 | ||
413 | err = -ENOMEM; | |
c835110b | 414 | l->name = kstrdup(iter, GFP_KERNEL_ACCOUNT); |
b36a5780 CB |
415 | if (!l->name) |
416 | goto out_put; | |
417 | ||
418 | if (data_layer) | |
419 | nr_data++; | |
420 | ||
421 | /* Calling strchr() again would overrun. */ | |
422 | if ((nr + 1) == nr_lower) | |
423 | break; | |
424 | ||
425 | err = -EINVAL; | |
c835110b AG |
426 | iter = strchr(iter, '\0') + 1; |
427 | if (*iter) { | |
b36a5780 CB |
428 | /* |
429 | * This is a regular layer so we require that | |
430 | * there are no data layers. | |
431 | */ | |
432 | if ((ctx->nr_data + nr_data) > 0) { | |
433 | pr_err("regular lower layers cannot follow data lower layers"); | |
434 | goto out_put; | |
435 | } | |
436 | ||
437 | data_layer = false; | |
438 | continue; | |
439 | } | |
440 | ||
441 | /* This is a data lower layer. */ | |
442 | data_layer = true; | |
c835110b | 443 | iter++; |
b36a5780 CB |
444 | } |
445 | ctx->nr = nr_lower; | |
446 | ctx->nr_data += nr_data; | |
447 | kfree(dup); | |
448 | return 0; | |
449 | ||
450 | out_put: | |
c835110b | 451 | ovl_parse_param_drop_lowerdir(ctx); |
b36a5780 CB |
452 | |
453 | out_err: | |
454 | kfree(dup); | |
455 | ||
456 | /* Intentionally don't realloc to a smaller size. */ | |
457 | return err; | |
458 | } | |
7fb7998b CB |
459 | |
460 | static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) | |
461 | { | |
462 | int err = 0; | |
463 | struct fs_parse_result result; | |
464 | struct ovl_fs *ofs = fc->s_fs_info; | |
465 | struct ovl_config *config = &ofs->config; | |
466 | struct ovl_fs_context *ctx = fc->fs_private; | |
467 | int opt; | |
468 | ||
469 | if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { | |
470 | /* | |
471 | * On remount overlayfs has always ignored all mount | |
472 | * options no matter if malformed or not so for | |
473 | * backwards compatibility we do the same here. | |
474 | */ | |
475 | if (fc->oldapi) | |
476 | return 0; | |
477 | ||
478 | /* | |
479 | * Give us the freedom to allow changing mount options | |
480 | * with the new mount api in the future. So instead of | |
481 | * silently ignoring everything we report a proper | |
482 | * error. This is only visible for users of the new | |
483 | * mount api. | |
484 | */ | |
485 | return invalfc(fc, "No changes allowed in reconfigure"); | |
486 | } | |
487 | ||
488 | opt = fs_parse(fc, ovl_parameter_spec, param, &result); | |
489 | if (opt < 0) | |
490 | return opt; | |
491 | ||
492 | switch (opt) { | |
493 | case Opt_lowerdir: | |
494 | err = ovl_parse_param_lowerdir(param->string, fc); | |
495 | break; | |
496 | case Opt_upperdir: | |
497 | fallthrough; | |
498 | case Opt_workdir: | |
499 | err = ovl_parse_param_upperdir(param->string, fc, | |
500 | (Opt_workdir == opt)); | |
501 | break; | |
502 | case Opt_default_permissions: | |
503 | config->default_permissions = true; | |
504 | break; | |
505 | case Opt_redirect_dir: | |
506 | config->redirect_mode = result.uint_32; | |
507 | if (config->redirect_mode == OVL_REDIRECT_OFF) { | |
508 | config->redirect_mode = ovl_redirect_always_follow ? | |
509 | OVL_REDIRECT_FOLLOW : | |
510 | OVL_REDIRECT_NOFOLLOW; | |
511 | } | |
512 | ctx->set.redirect = true; | |
513 | break; | |
514 | case Opt_index: | |
515 | config->index = result.uint_32; | |
516 | ctx->set.index = true; | |
517 | break; | |
518 | case Opt_uuid: | |
519 | config->uuid = result.uint_32; | |
520 | break; | |
521 | case Opt_nfs_export: | |
522 | config->nfs_export = result.uint_32; | |
523 | ctx->set.nfs_export = true; | |
524 | break; | |
525 | case Opt_xino: | |
526 | config->xino = result.uint_32; | |
527 | break; | |
528 | case Opt_metacopy: | |
529 | config->metacopy = result.uint_32; | |
530 | ctx->set.metacopy = true; | |
531 | break; | |
ae8cba40 AL |
532 | case Opt_verity: |
533 | config->verity_mode = result.uint_32; | |
534 | break; | |
7fb7998b CB |
535 | case Opt_volatile: |
536 | config->ovl_volatile = true; | |
537 | break; | |
538 | case Opt_userxattr: | |
539 | config->userxattr = true; | |
540 | break; | |
541 | default: | |
542 | pr_err("unrecognized mount option \"%s\" or missing value\n", | |
543 | param->key); | |
544 | return -EINVAL; | |
545 | } | |
546 | ||
547 | return err; | |
548 | } | |
549 | ||
550 | static int ovl_get_tree(struct fs_context *fc) | |
551 | { | |
552 | return get_tree_nodev(fc, ovl_fill_super); | |
553 | } | |
554 | ||
555 | static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) | |
556 | { | |
557 | ovl_parse_param_drop_lowerdir(ctx); | |
558 | path_put(&ctx->upper); | |
559 | path_put(&ctx->work); | |
560 | kfree(ctx->lower); | |
561 | kfree(ctx); | |
562 | } | |
563 | ||
564 | static void ovl_free(struct fs_context *fc) | |
565 | { | |
566 | struct ovl_fs *ofs = fc->s_fs_info; | |
567 | struct ovl_fs_context *ctx = fc->fs_private; | |
568 | ||
569 | /* | |
570 | * ofs is stored in the fs_context when it is initialized. | |
571 | * ofs is transferred to the superblock on a successful mount, | |
572 | * but if an error occurs before the transfer we have to free | |
573 | * it here. | |
574 | */ | |
575 | if (ofs) | |
576 | ovl_free_fs(ofs); | |
577 | ||
578 | if (ctx) | |
579 | ovl_fs_context_free(ctx); | |
580 | } | |
581 | ||
582 | static int ovl_reconfigure(struct fs_context *fc) | |
583 | { | |
584 | struct super_block *sb = fc->root->d_sb; | |
f01d0889 | 585 | struct ovl_fs *ofs = OVL_FS(sb); |
7fb7998b CB |
586 | struct super_block *upper_sb; |
587 | int ret = 0; | |
588 | ||
589 | if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) | |
590 | return -EROFS; | |
591 | ||
592 | if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { | |
593 | upper_sb = ovl_upper_mnt(ofs)->mnt_sb; | |
594 | if (ovl_should_sync(ofs)) { | |
595 | down_read(&upper_sb->s_umount); | |
596 | ret = sync_filesystem(upper_sb); | |
597 | up_read(&upper_sb->s_umount); | |
598 | } | |
599 | } | |
600 | ||
601 | return ret; | |
602 | } | |
603 | ||
604 | static const struct fs_context_operations ovl_context_ops = { | |
c34706ac | 605 | .parse_monolithic = ovl_parse_monolithic, |
7fb7998b CB |
606 | .parse_param = ovl_parse_param, |
607 | .get_tree = ovl_get_tree, | |
608 | .reconfigure = ovl_reconfigure, | |
609 | .free = ovl_free, | |
610 | }; | |
611 | ||
612 | /* | |
613 | * This is called during fsopen() and will record the user namespace of | |
614 | * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll | |
615 | * need it when we actually create the superblock to verify that the | |
616 | * process creating the superblock is in the same user namespace as | |
617 | * process that called fsopen(). | |
618 | */ | |
619 | int ovl_init_fs_context(struct fs_context *fc) | |
620 | { | |
621 | struct ovl_fs_context *ctx; | |
622 | struct ovl_fs *ofs; | |
623 | ||
624 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); | |
625 | if (!ctx) | |
626 | return -ENOMEM; | |
627 | ||
628 | /* | |
629 | * By default we allocate for three lower layers. It's likely | |
630 | * that it'll cover most users. | |
631 | */ | |
632 | ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); | |
633 | if (!ctx->lower) | |
634 | goto out_err; | |
635 | ctx->capacity = 3; | |
636 | ||
637 | ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); | |
638 | if (!ofs) | |
639 | goto out_err; | |
640 | ||
641 | ofs->config.redirect_mode = ovl_redirect_mode_def(); | |
642 | ofs->config.index = ovl_index_def; | |
b0504bfe | 643 | ofs->config.uuid = ovl_uuid_def(); |
7fb7998b CB |
644 | ofs->config.nfs_export = ovl_nfs_export_def; |
645 | ofs->config.xino = ovl_xino_def(); | |
646 | ofs->config.metacopy = ovl_metacopy_def; | |
647 | ||
648 | fc->s_fs_info = ofs; | |
649 | fc->fs_private = ctx; | |
650 | fc->ops = &ovl_context_ops; | |
651 | return 0; | |
652 | ||
653 | out_err: | |
654 | ovl_fs_context_free(ctx); | |
655 | return -ENOMEM; | |
656 | ||
657 | } | |
658 | ||
659 | void ovl_free_fs(struct ovl_fs *ofs) | |
660 | { | |
661 | struct vfsmount **mounts; | |
662 | unsigned i; | |
663 | ||
664 | iput(ofs->workbasedir_trap); | |
665 | iput(ofs->indexdir_trap); | |
666 | iput(ofs->workdir_trap); | |
667 | dput(ofs->whiteout); | |
668 | dput(ofs->indexdir); | |
669 | dput(ofs->workdir); | |
670 | if (ofs->workdir_locked) | |
671 | ovl_inuse_unlock(ofs->workbasedir); | |
672 | dput(ofs->workbasedir); | |
673 | if (ofs->upperdir_locked) | |
674 | ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); | |
675 | ||
a535116d AG |
676 | /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ |
677 | mounts = (struct vfsmount **) ofs->config.lowerdirs; | |
7fb7998b CB |
678 | for (i = 0; i < ofs->numlayer; i++) { |
679 | iput(ofs->layers[i].trap); | |
a535116d | 680 | kfree(ofs->config.lowerdirs[i]); |
7fb7998b | 681 | mounts[i] = ofs->layers[i].mnt; |
7fb7998b CB |
682 | } |
683 | kern_unmount_array(mounts, ofs->numlayer); | |
684 | kfree(ofs->layers); | |
685 | for (i = 0; i < ofs->numfs; i++) | |
686 | free_anon_bdev(ofs->fs[i].pseudo_dev); | |
687 | kfree(ofs->fs); | |
688 | ||
a535116d | 689 | kfree(ofs->config.lowerdirs); |
7fb7998b CB |
690 | kfree(ofs->config.upperdir); |
691 | kfree(ofs->config.workdir); | |
692 | if (ofs->creator_cred) | |
693 | put_cred(ofs->creator_cred); | |
694 | kfree(ofs); | |
695 | } | |
696 | ||
697 | int ovl_fs_params_verify(const struct ovl_fs_context *ctx, | |
698 | struct ovl_config *config) | |
699 | { | |
700 | struct ovl_opt_set set = ctx->set; | |
701 | ||
702 | if (ctx->nr_data > 0 && !config->metacopy) { | |
703 | pr_err("lower data-only dirs require metacopy support.\n"); | |
704 | return -EINVAL; | |
705 | } | |
706 | ||
707 | /* Workdir/index are useless in non-upper mount */ | |
708 | if (!config->upperdir) { | |
709 | if (config->workdir) { | |
710 | pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", | |
711 | config->workdir); | |
712 | kfree(config->workdir); | |
713 | config->workdir = NULL; | |
714 | } | |
715 | if (config->index && set.index) { | |
716 | pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); | |
717 | set.index = false; | |
718 | } | |
719 | config->index = false; | |
720 | } | |
721 | ||
722 | if (!config->upperdir && config->ovl_volatile) { | |
723 | pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); | |
724 | config->ovl_volatile = false; | |
725 | } | |
726 | ||
d9544c1b AG |
727 | if (!config->upperdir && config->uuid == OVL_UUID_ON) { |
728 | pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); | |
729 | config->uuid = OVL_UUID_NULL; | |
730 | } | |
731 | ||
ae8cba40 AL |
732 | /* Resolve verity -> metacopy dependency */ |
733 | if (config->verity_mode && !config->metacopy) { | |
734 | /* Don't allow explicit specified conflicting combinations */ | |
735 | if (set.metacopy) { | |
736 | pr_err("conflicting options: metacopy=off,verity=%s\n", | |
737 | ovl_verity_mode(config)); | |
738 | return -EINVAL; | |
739 | } | |
740 | /* Otherwise automatically enable metacopy. */ | |
741 | config->metacopy = true; | |
742 | } | |
743 | ||
7fb7998b CB |
744 | /* |
745 | * This is to make the logic below simpler. It doesn't make any other | |
746 | * difference, since redirect_dir=on is only used for upper. | |
747 | */ | |
748 | if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) | |
749 | config->redirect_mode = OVL_REDIRECT_ON; | |
750 | ||
ae8cba40 | 751 | /* Resolve verity -> metacopy -> redirect_dir dependency */ |
7fb7998b CB |
752 | if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { |
753 | if (set.metacopy && set.redirect) { | |
754 | pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", | |
755 | ovl_redirect_mode(config)); | |
756 | return -EINVAL; | |
757 | } | |
ae8cba40 AL |
758 | if (config->verity_mode && set.redirect) { |
759 | pr_err("conflicting options: verity=%s,redirect_dir=%s\n", | |
760 | ovl_verity_mode(config), ovl_redirect_mode(config)); | |
761 | return -EINVAL; | |
762 | } | |
7fb7998b CB |
763 | if (set.redirect) { |
764 | /* | |
765 | * There was an explicit redirect_dir=... that resulted | |
766 | * in this conflict. | |
767 | */ | |
768 | pr_info("disabling metacopy due to redirect_dir=%s\n", | |
769 | ovl_redirect_mode(config)); | |
770 | config->metacopy = false; | |
771 | } else { | |
772 | /* Automatically enable redirect otherwise. */ | |
773 | config->redirect_mode = OVL_REDIRECT_ON; | |
774 | } | |
775 | } | |
776 | ||
777 | /* Resolve nfs_export -> index dependency */ | |
778 | if (config->nfs_export && !config->index) { | |
779 | if (!config->upperdir && | |
780 | config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { | |
781 | pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); | |
782 | config->nfs_export = false; | |
783 | } else if (set.nfs_export && set.index) { | |
784 | pr_err("conflicting options: nfs_export=on,index=off\n"); | |
785 | return -EINVAL; | |
786 | } else if (set.index) { | |
787 | /* | |
788 | * There was an explicit index=off that resulted | |
789 | * in this conflict. | |
790 | */ | |
791 | pr_info("disabling nfs_export due to index=off\n"); | |
792 | config->nfs_export = false; | |
793 | } else { | |
794 | /* Automatically enable index otherwise. */ | |
795 | config->index = true; | |
796 | } | |
797 | } | |
798 | ||
ae8cba40 | 799 | /* Resolve nfs_export -> !metacopy && !verity dependency */ |
7fb7998b CB |
800 | if (config->nfs_export && config->metacopy) { |
801 | if (set.nfs_export && set.metacopy) { | |
802 | pr_err("conflicting options: nfs_export=on,metacopy=on\n"); | |
803 | return -EINVAL; | |
804 | } | |
805 | if (set.metacopy) { | |
806 | /* | |
807 | * There was an explicit metacopy=on that resulted | |
808 | * in this conflict. | |
809 | */ | |
810 | pr_info("disabling nfs_export due to metacopy=on\n"); | |
811 | config->nfs_export = false; | |
ae8cba40 AL |
812 | } else if (config->verity_mode) { |
813 | /* | |
814 | * There was an explicit verity=.. that resulted | |
815 | * in this conflict. | |
816 | */ | |
817 | pr_info("disabling nfs_export due to verity=%s\n", | |
818 | ovl_verity_mode(config)); | |
819 | config->nfs_export = false; | |
7fb7998b CB |
820 | } else { |
821 | /* | |
822 | * There was an explicit nfs_export=on that resulted | |
823 | * in this conflict. | |
824 | */ | |
825 | pr_info("disabling metacopy due to nfs_export=on\n"); | |
826 | config->metacopy = false; | |
827 | } | |
828 | } | |
829 | ||
830 | ||
ae8cba40 | 831 | /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ |
7fb7998b CB |
832 | if (config->userxattr) { |
833 | if (set.redirect && | |
834 | config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { | |
835 | pr_err("conflicting options: userxattr,redirect_dir=%s\n", | |
836 | ovl_redirect_mode(config)); | |
837 | return -EINVAL; | |
838 | } | |
839 | if (config->metacopy && set.metacopy) { | |
840 | pr_err("conflicting options: userxattr,metacopy=on\n"); | |
841 | return -EINVAL; | |
842 | } | |
ae8cba40 AL |
843 | if (config->verity_mode) { |
844 | pr_err("conflicting options: userxattr,verity=%s\n", | |
845 | ovl_verity_mode(config)); | |
846 | return -EINVAL; | |
847 | } | |
7fb7998b CB |
848 | /* |
849 | * Silently disable default setting of redirect and metacopy. | |
850 | * This shall be the default in the future as well: these | |
851 | * options must be explicitly enabled if used together with | |
852 | * userxattr. | |
853 | */ | |
854 | config->redirect_mode = OVL_REDIRECT_NOFOLLOW; | |
855 | config->metacopy = false; | |
856 | } | |
857 | ||
858 | return 0; | |
859 | } | |
860 | ||
861 | /** | |
862 | * ovl_show_options | |
863 | * @m: the seq_file handle | |
864 | * @dentry: The dentry to query | |
865 | * | |
866 | * Prints the mount options for a given superblock. | |
867 | * Returns zero; does not fail. | |
868 | */ | |
869 | int ovl_show_options(struct seq_file *m, struct dentry *dentry) | |
870 | { | |
871 | struct super_block *sb = dentry->d_sb; | |
f01d0889 | 872 | struct ovl_fs *ofs = OVL_FS(sb); |
7fb7998b | 873 | size_t nr, nr_merged_lower = ofs->numlayer - ofs->numdatalayer; |
32db5107 AG |
874 | |
875 | /* | |
876 | * lowerdirs[] starts from offset 1, then | |
877 | * >= 0 regular lower layers prefixed with : and | |
878 | * >= 0 data-only lower layers prefixed with :: | |
879 | * | |
880 | * we need to escase comma and space like seq_show_option() does and | |
881 | * we also need to escape the colon separator from lowerdir paths. | |
882 | */ | |
883 | seq_puts(m, ",lowerdir="); | |
884 | for (nr = 1; nr < ofs->numlayer; nr++) { | |
885 | if (nr > 1) | |
886 | seq_putc(m, ':'); | |
887 | if (nr >= nr_merged_lower) | |
888 | seq_putc(m, ':'); | |
889 | seq_escape(m, ofs->config.lowerdirs[nr], ":, \t\n\\"); | |
890 | } | |
7fb7998b CB |
891 | if (ofs->config.upperdir) { |
892 | seq_show_option(m, "upperdir", ofs->config.upperdir); | |
893 | seq_show_option(m, "workdir", ofs->config.workdir); | |
894 | } | |
895 | if (ofs->config.default_permissions) | |
896 | seq_puts(m, ",default_permissions"); | |
897 | if (ofs->config.redirect_mode != ovl_redirect_mode_def()) | |
898 | seq_printf(m, ",redirect_dir=%s", | |
899 | ovl_redirect_mode(&ofs->config)); | |
900 | if (ofs->config.index != ovl_index_def) | |
901 | seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); | |
b0504bfe AG |
902 | if (ofs->config.uuid != ovl_uuid_def()) |
903 | seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); | |
7fb7998b CB |
904 | if (ofs->config.nfs_export != ovl_nfs_export_def) |
905 | seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? | |
906 | "on" : "off"); | |
907 | if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) | |
908 | seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); | |
909 | if (ofs->config.metacopy != ovl_metacopy_def) | |
910 | seq_printf(m, ",metacopy=%s", | |
911 | ofs->config.metacopy ? "on" : "off"); | |
912 | if (ofs->config.ovl_volatile) | |
913 | seq_puts(m, ",volatile"); | |
914 | if (ofs->config.userxattr) | |
915 | seq_puts(m, ",userxattr"); | |
ae8cba40 AL |
916 | if (ofs->config.verity_mode != ovl_verity_mode_def()) |
917 | seq_printf(m, ",verity=%s", | |
918 | ovl_verity_mode(&ofs->config)); | |
7fb7998b CB |
919 | return 0; |
920 | } |