]> git.ipfire.org Git - thirdparty/kernel/linux.git/blame - fs/overlayfs/super.c
projects / thirdparty / kernel / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovl: lockdep annotate of nested stacked overlayfs inode lock
[thirdparty/kernel/linux.git] / fs / overlayfs / super.c
CommitLineData
e9be9d5e
MS		 1/*
2 *
3 * Copyright (C) 2011 Novell Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
5b825c3a 10#include <uapi/linux/magic.h>
e9be9d5e
MS		 11#include <linux/fs.h>
12#include <linux/namei.h>
13#include <linux/xattr.h>
e9be9d5e 14#include <linux/mount.h>
e9be9d5e
MS		 15#include <linux/parser.h>
16#include <linux/module.h>
cc259639 17#include <linux/statfs.h>
f45827e8 18#include <linux/seq_file.h>
d837a49b 19#include <linux/posix_acl_xattr.h>
e9be9d5e 20#include "overlayfs.h"
bbb1e54d 21#include "ovl_entry.h"
e9be9d5e
MS		 22
23MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
24MODULE_DESCRIPTION("Overlay filesystem");
25MODULE_LICENSE("GPL");
26
e9be9d5e
MS		 27
28struct ovl_dir_cache;
29
a78d9f0d
MS		 30#define OVL_MAX_STACK 500
31
688ea0e5
MS		 32static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
33module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
34MODULE_PARM_DESC(ovl_redirect_dir_def,
35 "Default to on or off for the redirect_dir feature");
e9be9d5e
MS		 36
37static void ovl_dentry_release(struct dentry *dentry)
38{
39 struct ovl_entry *oe = dentry->d_fsdata;
40
41 if (oe) {
dd662667
MS		 42 unsigned int i;
43
e9be9d5e 44 dput(oe->__upperdentry);
02b69b28 45 kfree(oe->redirect);
dd662667
MS		 46 for (i = 0; i < oe->numlower; i++)
47 dput(oe->lowerstack[i].dentry);
e9be9d5e
MS		 48 kfree_rcu(oe, rcu);
49 }
50}
51
2d902671
MS		 52static struct dentry *ovl_d_real(struct dentry *dentry,
53 const struct inode *inode,
54 unsigned int open_flags)
d101a125
MS		 55{
56 struct dentry *real;
57
ca4c8a3a 58 if (!d_is_reg(dentry)) {
d101a125
MS		 59 if (!inode || inode == d_inode(dentry))
60 return dentry;
61 goto bug;
62 }
63
2d902671
MS		 64 if (d_is_negative(dentry))
65 return dentry;
66
67 if (open_flags) {
68 int err = ovl_open_maybe_copy_up(dentry, open_flags);
69
70 if (err)
71 return ERR_PTR(err);
72 }
73
d101a125
MS		 74 real = ovl_dentry_upper(dentry);
75 if (real && (!inode || inode == d_inode(real)))
76 return real;
77
78 real = ovl_dentry_lower(dentry);
79 if (!real)
80 goto bug;
81
c4fcfc16
MS		 82 /* Handle recursion */
83 real = d_real(real, inode, open_flags);
84
d101a125
MS		 85 if (!inode || inode == d_inode(real))
86 return real;
d101a125 87bug:
656189d2 88 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
d101a125
MS		 89 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
90 return dentry;
91}
92
7c03b5d4
MS		 93static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
94{
95 struct ovl_entry *oe = dentry->d_fsdata;
96 unsigned int i;
97 int ret = 1;
98
99 for (i = 0; i < oe->numlower; i++) {
100 struct dentry *d = oe->lowerstack[i].dentry;
101
102 if (d->d_flags & DCACHE_OP_REVALIDATE) {
103 ret = d->d_op->d_revalidate(d, flags);
104 if (ret < 0)
105 return ret;
106 if (!ret) {
107 if (!(flags & LOOKUP_RCU))
108 d_invalidate(d);
109 return -ESTALE;
110 }
111 }
112 }
113 return 1;
114}
115
116static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
117{
118 struct ovl_entry *oe = dentry->d_fsdata;
119 unsigned int i;
120 int ret = 1;
121
122 for (i = 0; i < oe->numlower; i++) {
123 struct dentry *d = oe->lowerstack[i].dentry;
124
125 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) {
126 ret = d->d_op->d_weak_revalidate(d, flags);
127 if (ret <= 0)
128 break;
129 }
130 }
131 return ret;
132}
133
e9be9d5e
MS		 134static const struct dentry_operations ovl_dentry_operations = {
135 .d_release = ovl_dentry_release,
d101a125 136 .d_real = ovl_d_real,
e9be9d5e
MS		 137};
138
7c03b5d4
MS		 139static const struct dentry_operations ovl_reval_dentry_operations = {
140 .d_release = ovl_dentry_release,
d101a125 141 .d_real = ovl_d_real,
7c03b5d4
MS		 142 .d_revalidate = ovl_dentry_revalidate,
143 .d_weak_revalidate = ovl_dentry_weak_revalidate,
144};
145
e9be9d5e
MS		 146static void ovl_put_super(struct super_block *sb)
147{
148 struct ovl_fs *ufs = sb->s_fs_info;
dd662667 149 unsigned i;
e9be9d5e
MS		 150
151 dput(ufs->workdir);
152 mntput(ufs->upper_mnt);
dd662667
MS		 153 for (i = 0; i < ufs->numlower; i++)
154 mntput(ufs->lower_mnt[i]);
5ffdbe8b 155 kfree(ufs->lower_mnt);
e9be9d5e 156
f45827e8
EZ		 157 kfree(ufs->config.lowerdir);
158 kfree(ufs->config.upperdir);
159 kfree(ufs->config.workdir);
3fe6e52f 160 put_cred(ufs->creator_cred);
e9be9d5e
MS		 161 kfree(ufs);
162}
163
e593b2bf
AG		 164static int ovl_sync_fs(struct super_block *sb, int wait)
165{
166 struct ovl_fs *ufs = sb->s_fs_info;
167 struct super_block *upper_sb;
168 int ret;
169
170 if (!ufs->upper_mnt)
171 return 0;
172 upper_sb = ufs->upper_mnt->mnt_sb;
173 if (!upper_sb->s_op->sync_fs)
174 return 0;
175
176 /* real inodes have already been synced by sync_filesystem(ovl_sb) */
177 down_read(&upper_sb->s_umount);
178 ret = upper_sb->s_op->sync_fs(upper_sb, wait);
179 up_read(&upper_sb->s_umount);
180 return ret;
181}
182
cc259639
AW		 183/**
184 * ovl_statfs
185 * @sb: The overlayfs super block
186 * @buf: The struct kstatfs to fill in with stats
187 *
188 * Get the filesystem statistics. As writes always target the upper layer
4ebc5818 189 * filesystem pass the statfs to the upper filesystem (if it exists)
cc259639
AW		 190 */
191static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
192{
193 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
194 struct dentry *root_dentry = dentry->d_sb->s_root;
195 struct path path;
196 int err;
197
4ebc5818 198 ovl_path_real(root_dentry, &path);
cc259639
AW		 199
200 err = vfs_statfs(&path, buf);
201 if (!err) {
6b2d5fe4 202 buf->f_namelen = ofs->namelen;
cc259639
AW		 203 buf->f_type = OVERLAYFS_SUPER_MAGIC;
204 }
205
206 return err;
207}
208
f45827e8
EZ		 209/**
210 * ovl_show_options
211 *
212 * Prints the mount options for a given superblock.
213 * Returns zero; does not fail.
214 */
215static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
216{
217 struct super_block *sb = dentry->d_sb;
218 struct ovl_fs *ufs = sb->s_fs_info;
219
a068acf2 220 seq_show_option(m, "lowerdir", ufs->config.lowerdir);
53a08cb9 221 if (ufs->config.upperdir) {
a068acf2
KC		 222 seq_show_option(m, "upperdir", ufs->config.upperdir);
223 seq_show_option(m, "workdir", ufs->config.workdir);
53a08cb9 224 }
8d3095f4
MS		 225 if (ufs->config.default_permissions)
226 seq_puts(m, ",default_permissions");
c5bef3a7
AG		 227 if (ufs->config.redirect_dir != ovl_redirect_dir_def)
228 seq_printf(m, ",redirect_dir=%s",
229 ufs->config.redirect_dir ? "on" : "off");
f45827e8
EZ		 230 return 0;
231}
232
3cdf6fe9
SL		 233static int ovl_remount(struct super_block *sb, int *flags, char *data)
234{
235 struct ovl_fs *ufs = sb->s_fs_info;
236
cc6f67bc 237 if (!(*flags & MS_RDONLY) && (!ufs->upper_mnt || !ufs->workdir))
3cdf6fe9
SL		 238 return -EROFS;
239
240 return 0;
241}
242
e9be9d5e
MS		 243static const struct super_operations ovl_super_operations = {
244 .put_super = ovl_put_super,
e593b2bf 245 .sync_fs = ovl_sync_fs,
cc259639 246 .statfs = ovl_statfs,
f45827e8 247 .show_options = ovl_show_options,
3cdf6fe9 248 .remount_fs = ovl_remount,
eead4f2d 249 .drop_inode = generic_delete_inode,
e9be9d5e
MS		 250};
251
252enum {
253 OPT_LOWERDIR,
254 OPT_UPPERDIR,
255 OPT_WORKDIR,
8d3095f4 256 OPT_DEFAULT_PERMISSIONS,
a6c60655
MS		 257 OPT_REDIRECT_DIR_ON,
258 OPT_REDIRECT_DIR_OFF,
e9be9d5e
MS		 259 OPT_ERR,
260};
261
262static const match_table_t ovl_tokens = {
263 {OPT_LOWERDIR, "lowerdir=%s"},
264 {OPT_UPPERDIR, "upperdir=%s"},
265 {OPT_WORKDIR, "workdir=%s"},
8d3095f4 266 {OPT_DEFAULT_PERMISSIONS, "default_permissions"},
a6c60655
MS		 267 {OPT_REDIRECT_DIR_ON, "redirect_dir=on"},
268 {OPT_REDIRECT_DIR_OFF, "redirect_dir=off"},
e9be9d5e
MS		 269 {OPT_ERR, NULL}
270};
271
91c77947
MS		 272static char *ovl_next_opt(char **s)
273{
274 char *sbegin = *s;
275 char *p;
276
277 if (sbegin == NULL)
278 return NULL;
279
280 for (p = sbegin; *p; p++) {
281 if (*p == '\\') {
282 p++;
283 if (!*p)
284 break;
285 } else if (*p == ',') {
286 *p = '\0';
287 *s = p + 1;
288 return sbegin;
289 }
290 }
291 *s = NULL;
292 return sbegin;
293}
294
e9be9d5e
MS		 295static int ovl_parse_opt(char *opt, struct ovl_config *config)
296{
297 char *p;
298
91c77947 299 while ((p = ovl_next_opt(&opt)) != NULL) {
e9be9d5e
MS		 300 int token;
301 substring_t args[MAX_OPT_ARGS];
302
303 if (!*p)
304 continue;
305
306 token = match_token(p, ovl_tokens, args);
307 switch (token) {
308 case OPT_UPPERDIR:
309 kfree(config->upperdir);
310 config->upperdir = match_strdup(&args[0]);
311 if (!config->upperdir)
312 return -ENOMEM;
313 break;
314
315 case OPT_LOWERDIR:
316 kfree(config->lowerdir);
317 config->lowerdir = match_strdup(&args[0]);
318 if (!config->lowerdir)
319 return -ENOMEM;
320 break;
321
322 case OPT_WORKDIR:
323 kfree(config->workdir);
324 config->workdir = match_strdup(&args[0]);
325 if (!config->workdir)
326 return -ENOMEM;
327 break;
328
8d3095f4
MS		 329 case OPT_DEFAULT_PERMISSIONS:
330 config->default_permissions = true;
331 break;
332
a6c60655
MS		 333 case OPT_REDIRECT_DIR_ON:
334 config->redirect_dir = true;
335 break;
336
337 case OPT_REDIRECT_DIR_OFF:
338 config->redirect_dir = false;
339 break;
340
e9be9d5e 341 default:
bead55ef 342 pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p);
e9be9d5e
MS		 343 return -EINVAL;
344 }
345 }
71cbad7e 346
347 /* Workdir is useless in non-upper mount */
348 if (!config->upperdir && config->workdir) {
349 pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
350 config->workdir);
351 kfree(config->workdir);
352 config->workdir = NULL;
353 }
354
e9be9d5e
MS		 355 return 0;
356}
357
358#define OVL_WORKDIR_NAME "work"
359
360static struct dentry *ovl_workdir_create(struct vfsmount *mnt,
361 struct dentry *dentry)
362{
363 struct inode *dir = dentry->d_inode;
364 struct dentry *work;
365 int err;
366 bool retried = false;
367
368 err = mnt_want_write(mnt);
369 if (err)
370 return ERR_PTR(err);
371
5955102c 372 inode_lock_nested(dir, I_MUTEX_PARENT);
e9be9d5e
MS		 373retry:
374 work = lookup_one_len(OVL_WORKDIR_NAME, dentry,
375 strlen(OVL_WORKDIR_NAME));
376
377 if (!IS_ERR(work)) {
c11b9fdd
MS		 378 struct iattr attr = {
379 .ia_valid = ATTR_MODE,
32a3d848 380 .ia_mode = S_IFDIR | 0,
c11b9fdd 381 };
e9be9d5e
MS		 382
383 if (work->d_inode) {
384 err = -EEXIST;
385 if (retried)
386 goto out_dput;
387
388 retried = true;
eea2fb48 389 ovl_workdir_cleanup(dir, mnt, work, 0);
e9be9d5e
MS		 390 dput(work);
391 goto retry;
392 }
393
32a3d848
AV		 394 err = ovl_create_real(dir, work,
395 &(struct cattr){.mode = S_IFDIR | 0},
396 NULL, true);
e9be9d5e
MS		 397 if (err)
398 goto out_dput;
c11b9fdd 399
cb348edb
MS		 400 /*
401 * Try to remove POSIX ACL xattrs from workdir. We are good if:
402 *
403 * a) success (there was a POSIX ACL xattr and was removed)
404 * b) -ENODATA (there was no POSIX ACL xattr)
405 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
406 *
407 * There are various other error values that could effectively
408 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
409 * if the xattr name is too long), but the set of filesystems
410 * allowed as upper are limited to "normal" ones, where checking
411 * for the above two errors is sufficient.
412 */
c11b9fdd 413 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
e1ff3dd1 414 if (err && err != -ENODATA && err != -EOPNOTSUPP)
c11b9fdd
MS		 415 goto out_dput;
416
417 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
e1ff3dd1 418 if (err && err != -ENODATA && err != -EOPNOTSUPP)
c11b9fdd
MS		 419 goto out_dput;
420
421 /* Clear any inherited mode bits */
422 inode_lock(work->d_inode);
423 err = notify_change(work, &attr, NULL);
424 inode_unlock(work->d_inode);
425 if (err)
426 goto out_dput;
e9be9d5e
MS		 427 }
428out_unlock:
5955102c 429 inode_unlock(dir);
e9be9d5e
MS		 430 mnt_drop_write(mnt);
431
432 return work;
433
434out_dput:
435 dput(work);
436 work = ERR_PTR(err);
437 goto out_unlock;
438}
439
91c77947
MS		 440static void ovl_unescape(char *s)
441{
442 char *d = s;
443
444 for (;; s++, d++) {
445 if (*s == '\\')
446 s++;
447 *d = *s;
448 if (!*s)
449 break;
450 }
451}
452
ab508822
MS		 453static int ovl_mount_dir_noesc(const char *name, struct path *path)
454{
a78d9f0d 455 int err = -EINVAL;
ab508822 456
a78d9f0d
MS		 457 if (!*name) {
458 pr_err("overlayfs: empty lowerdir\n");
459 goto out;
460 }
ab508822
MS		 461 err = kern_path(name, LOOKUP_FOLLOW, path);
462 if (err) {
463 pr_err("overlayfs: failed to resolve '%s': %i\n", name, err);
464 goto out;
465 }
466 err = -EINVAL;
7c03b5d4 467 if (ovl_dentry_weird(path->dentry)) {
ab508822
MS		 468 pr_err("overlayfs: filesystem on '%s' not supported\n", name);
469 goto out_put;
470 }
2b8c30e9 471 if (!d_is_dir(path->dentry)) {
ab508822
MS		 472 pr_err("overlayfs: '%s' not a directory\n", name);
473 goto out_put;
474 }
475 return 0;
476
477out_put:
478 path_put(path);
479out:
480 return err;
481}
482
483static int ovl_mount_dir(const char *name, struct path *path)
484{
485 int err = -ENOMEM;
486 char *tmp = kstrdup(name, GFP_KERNEL);
487
488 if (tmp) {
489 ovl_unescape(tmp);
490 err = ovl_mount_dir_noesc(tmp, path);
7c03b5d4
MS		 491
492 if (!err)
493 if (ovl_dentry_remote(path->dentry)) {
494 pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n",
495 tmp);
496 path_put(path);
497 err = -EINVAL;
498 }
ab508822
MS		 499 kfree(tmp);
500 }
501 return err;
502}
503
6b2d5fe4
MS		 504static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
505 const char *name)
ab508822 506{
ab508822 507 struct kstatfs statfs;
6b2d5fe4
MS		 508 int err = vfs_statfs(path, &statfs);
509
510 if (err)
511 pr_err("overlayfs: statfs failed on '%s'\n", name);
512 else
513 ofs->namelen = max(ofs->namelen, statfs.f_namelen);
514
515 return err;
516}
517
518static int ovl_lower_dir(const char *name, struct path *path,
519 struct ovl_fs *ofs, int *stack_depth, bool *remote)
520{
521 int err;
ab508822 522
a78d9f0d 523 err = ovl_mount_dir_noesc(name, path);
ab508822
MS		 524 if (err)
525 goto out;
526
6b2d5fe4
MS		 527 err = ovl_check_namelen(path, ofs, name);
528 if (err)
ab508822 529 goto out_put;
6b2d5fe4 530
ab508822
MS		 531 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
532
7c03b5d4
MS		 533 if (ovl_dentry_remote(path->dentry))
534 *remote = true;
535
ab508822
MS		 536 return 0;
537
538out_put:
539 path_put(path);
540out:
541 return err;
542}
543
e9be9d5e
MS		 544/* Workdir should not be subdir of upperdir and vice versa */
545static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
546{
547 bool ok = false;
548
549 if (workdir != upperdir) {
550 ok = (lock_rename(workdir, upperdir) == NULL);
551 unlock_rename(workdir, upperdir);
552 }
553 return ok;
554}
555
a78d9f0d
MS		 556static unsigned int ovl_split_lowerdirs(char *str)
557{
558 unsigned int ctr = 1;
559 char *s, *d;
560
561 for (s = d = str;; s++, d++) {
562 if (*s == '\\') {
563 s++;
564 } else if (*s == ':') {
565 *d = '\0';
566 ctr++;
567 continue;
568 }
569 *d = *s;
570 if (!*s)
571 break;
572 }
573 return ctr;
574}
575
0eb45fc3
AG		 576static int __maybe_unused
577ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
578 struct dentry *dentry, struct inode *inode,
579 const char *name, void *buffer, size_t size)
580{
581 return ovl_xattr_get(dentry, handler->name, buffer, size);
582}
583
0c97be22
AG		 584static int __maybe_unused
585ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
586 struct dentry *dentry, struct inode *inode,
587 const char *name, const void *value,
588 size_t size, int flags)
d837a49b
MS		 589{
590 struct dentry *workdir = ovl_workdir(dentry);
591 struct inode *realinode = ovl_inode_real(inode, NULL);
592 struct posix_acl *acl = NULL;
593 int err;
594
595 /* Check that everything is OK before copy-up */
596 if (value) {
597 acl = posix_acl_from_xattr(&init_user_ns, value, size);
598 if (IS_ERR(acl))
599 return PTR_ERR(acl);
600 }
601 err = -EOPNOTSUPP;
602 if (!IS_POSIXACL(d_inode(workdir)))
603 goto out_acl_release;
604 if (!realinode->i_op->set_acl)
605 goto out_acl_release;
606 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
607 err = acl ? -EACCES : 0;
608 goto out_acl_release;
609 }
610 err = -EPERM;
611 if (!inode_owner_or_capable(inode))
612 goto out_acl_release;
613
614 posix_acl_release(acl);
615
fd3220d3
MS		 616 /*
617 * Check if sgid bit needs to be cleared (actual setacl operation will
618 * be done with mounter's capabilities and so that won't do it for us).
619 */
620 if (unlikely(inode->i_mode & S_ISGID) &&
621 handler->flags == ACL_TYPE_ACCESS &&
622 !in_group_p(inode->i_gid) &&
623 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
624 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
625
626 err = ovl_setattr(dentry, &iattr);
627 if (err)
628 return err;
629 }
630
ce31513a
MS		 631 err = ovl_xattr_set(dentry, handler->name, value, size, flags);
632 if (!err)
633 ovl_copyattr(ovl_inode_real(inode, NULL), inode);
634
635 return err;
d837a49b
MS		 636
637out_acl_release:
638 posix_acl_release(acl);
639 return err;
640}
641
0eb45fc3
AG		 642static int ovl_own_xattr_get(const struct xattr_handler *handler,
643 struct dentry *dentry, struct inode *inode,
644 const char *name, void *buffer, size_t size)
645{
48fab5d7 646 return -EOPNOTSUPP;
0eb45fc3
AG		 647}
648
d837a49b
MS		 649static int ovl_own_xattr_set(const struct xattr_handler *handler,
650 struct dentry *dentry, struct inode *inode,
651 const char *name, const void *value,
652 size_t size, int flags)
653{
48fab5d7 654 return -EOPNOTSUPP;
d837a49b
MS		 655}
656
0eb45fc3
AG		 657static int ovl_other_xattr_get(const struct xattr_handler *handler,
658 struct dentry *dentry, struct inode *inode,
659 const char *name, void *buffer, size_t size)
660{
661 return ovl_xattr_get(dentry, name, buffer, size);
662}
663
0e585ccc
AG		 664static int ovl_other_xattr_set(const struct xattr_handler *handler,
665 struct dentry *dentry, struct inode *inode,
666 const char *name, const void *value,
667 size_t size, int flags)
668{
669 return ovl_xattr_set(dentry, name, value, size, flags);
670}
671
0c97be22
AG		 672static const struct xattr_handler __maybe_unused
673ovl_posix_acl_access_xattr_handler = {
d837a49b
MS		 674 .name = XATTR_NAME_POSIX_ACL_ACCESS,
675 .flags = ACL_TYPE_ACCESS,
0eb45fc3 676 .get = ovl_posix_acl_xattr_get,
d837a49b
MS		 677 .set = ovl_posix_acl_xattr_set,
678};
679
0c97be22
AG		 680static const struct xattr_handler __maybe_unused
681ovl_posix_acl_default_xattr_handler = {
d837a49b
MS		 682 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
683 .flags = ACL_TYPE_DEFAULT,
0eb45fc3 684 .get = ovl_posix_acl_xattr_get,
d837a49b
MS		 685 .set = ovl_posix_acl_xattr_set,
686};
687
688static const struct xattr_handler ovl_own_xattr_handler = {
689 .prefix = OVL_XATTR_PREFIX,
0eb45fc3 690 .get = ovl_own_xattr_get,
d837a49b
MS		 691 .set = ovl_own_xattr_set,
692};
693
694static const struct xattr_handler ovl_other_xattr_handler = {
695 .prefix = "", /* catch all */
0eb45fc3 696 .get = ovl_other_xattr_get,
d837a49b
MS		 697 .set = ovl_other_xattr_set,
698};
699
700static const struct xattr_handler *ovl_xattr_handlers[] = {
0c97be22 701#ifdef CONFIG_FS_POSIX_ACL
d837a49b
MS		 702 &ovl_posix_acl_access_xattr_handler,
703 &ovl_posix_acl_default_xattr_handler,
0c97be22 704#endif
d837a49b
MS		 705 &ovl_own_xattr_handler,
706 &ovl_other_xattr_handler,
707 NULL
708};
709
e9be9d5e
MS		 710static int ovl_fill_super(struct super_block *sb, void *data, int silent)
711{
53a08cb9
MS		 712 struct path upperpath = { NULL, NULL };
713 struct path workpath = { NULL, NULL };
e9be9d5e 714 struct dentry *root_dentry;
39b681f8 715 struct inode *realinode;
e9be9d5e
MS		 716 struct ovl_entry *oe;
717 struct ovl_fs *ufs;
a78d9f0d
MS		 718 struct path *stack = NULL;
719 char *lowertmp;
720 char *lower;
721 unsigned int numlower;
722 unsigned int stacklen = 0;
dd662667 723 unsigned int i;
7c03b5d4 724 bool remote = false;
51f8f3c4 725 struct cred *cred;
e9be9d5e
MS		 726 int err;
727
f45827e8
EZ		 728 err = -ENOMEM;
729 ufs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
730 if (!ufs)
e9be9d5e
MS		 731 goto out;
732
39d3d60a 733 init_waitqueue_head(&ufs->copyup_wq);
688ea0e5 734 ufs->config.redirect_dir = ovl_redirect_dir_def;
f45827e8
EZ		 735 err = ovl_parse_opt((char *) data, &ufs->config);
736 if (err)
737 goto out_free_config;
738
e9be9d5e 739 err = -EINVAL;
53a08cb9 740 if (!ufs->config.lowerdir) {
07f2af7b
KK		 741 if (!silent)
742 pr_err("overlayfs: missing 'lowerdir'\n");
e9be9d5e
MS		 743 goto out_free_config;
744 }
745
53a08cb9 746 sb->s_stack_depth = 0;
cf9a6784 747 sb->s_maxbytes = MAX_LFS_FILESIZE;
53a08cb9 748 if (ufs->config.upperdir) {
53a08cb9
MS		 749 if (!ufs->config.workdir) {
750 pr_err("overlayfs: missing 'workdir'\n");
751 goto out_free_config;
752 }
e9be9d5e 753
53a08cb9
MS		 754 err = ovl_mount_dir(ufs->config.upperdir, &upperpath);
755 if (err)
756 goto out_free_config;
e9be9d5e 757
71cbad7e 758 /* Upper fs should not be r/o */
759 if (upperpath.mnt->mnt_sb->s_flags & MS_RDONLY) {
760 pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n");
761 err = -EINVAL;
762 goto out_put_upperpath;
763 }
764
6b2d5fe4
MS		 765 err = ovl_check_namelen(&upperpath, ufs, ufs->config.upperdir);
766 if (err)
767 goto out_put_upperpath;
768
53a08cb9
MS		 769 err = ovl_mount_dir(ufs->config.workdir, &workpath);
770 if (err)
771 goto out_put_upperpath;
772
2f83fd8c 773 err = -EINVAL;
53a08cb9
MS		 774 if (upperpath.mnt != workpath.mnt) {
775 pr_err("overlayfs: workdir and upperdir must reside under the same mount\n");
776 goto out_put_workpath;
777 }
778 if (!ovl_workdir_ok(workpath.dentry, upperpath.dentry)) {
779 pr_err("overlayfs: workdir and upperdir must be separate subtrees\n");
780 goto out_put_workpath;
781 }
782 sb->s_stack_depth = upperpath.mnt->mnt_sb->s_stack_depth;
cc259639 783 }
a78d9f0d
MS		 784 err = -ENOMEM;
785 lowertmp = kstrdup(ufs->config.lowerdir, GFP_KERNEL);
786 if (!lowertmp)
ab508822 787 goto out_put_workpath;
69c433ed 788
a78d9f0d
MS		 789 err = -EINVAL;
790 stacklen = ovl_split_lowerdirs(lowertmp);
6be4506e 791 if (stacklen > OVL_MAX_STACK) {
fd36570a 792 pr_err("overlayfs: too many lower directories, limit is %d\n",
6be4506e 793 OVL_MAX_STACK);
a78d9f0d 794 goto out_free_lowertmp;
6be4506e 795 } else if (!ufs->config.upperdir && stacklen == 1) {
796 pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n");
797 goto out_free_lowertmp;
798 }
a78d9f0d 799
313684c4 800 err = -ENOMEM;
a78d9f0d
MS		 801 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL);
802 if (!stack)
803 goto out_free_lowertmp;
804
313684c4 805 err = -EINVAL;
a78d9f0d
MS		 806 lower = lowertmp;
807 for (numlower = 0; numlower < stacklen; numlower++) {
6b2d5fe4
MS		 808 err = ovl_lower_dir(lower, &stack[numlower], ufs,
809 &sb->s_stack_depth, &remote);
a78d9f0d
MS		 810 if (err)
811 goto out_put_lowerpath;
812
813 lower = strchr(lower, '\0') + 1;
814 }
815
69c433ed 816 err = -EINVAL;
ab508822 817 sb->s_stack_depth++;
69c433ed
MS		 818 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
819 pr_err("overlayfs: maximum fs stacking depth exceeded\n");
3b7a9a24 820 goto out_put_lowerpath;
69c433ed
MS		 821 }
822
53a08cb9
MS		 823 if (ufs->config.upperdir) {
824 ufs->upper_mnt = clone_private_mount(&upperpath);
825 err = PTR_ERR(ufs->upper_mnt);
826 if (IS_ERR(ufs->upper_mnt)) {
827 pr_err("overlayfs: failed to clone upperpath\n");
828 goto out_put_lowerpath;
829 }
d719e8f2
MS		 830 /* Don't inherit atime flags */
831 ufs->upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
832
833 sb->s_time_gran = ufs->upper_mnt->mnt_sb->s_time_gran;
3b7a9a24 834
53a08cb9
MS		 835 ufs->workdir = ovl_workdir_create(ufs->upper_mnt, workpath.dentry);
836 err = PTR_ERR(ufs->workdir);
837 if (IS_ERR(ufs->workdir)) {
cc6f67bc
MS		 838 pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n",
839 ufs->config.workdir, OVL_WORKDIR_NAME, -err);
840 sb->s_flags |= MS_RDONLY;
841 ufs->workdir = NULL;
53a08cb9 842 }
45aebeaf
VG		 843
844 /*
845 * Upper should support d_type, else whiteouts are visible.
846 * Given workdir and upper are on same fs, we can do
21765194
VG		 847 * iterate_dir() on workdir. This check requires successful
848 * creation of workdir in previous step.
45aebeaf 849 */
21765194 850 if (ufs->workdir) {
e7f52429
AG		 851 struct dentry *temp;
852
21765194
VG		 853 err = ovl_check_d_type_supported(&workpath);
854 if (err < 0)
855 goto out_put_workdir;
45aebeaf 856
e7c0b599
VG		 857 /*
858 * We allowed this configuration and don't want to
859 * break users over kernel upgrade. So warn instead
860 * of erroring out.
861 */
862 if (!err)
863 pr_warn("overlayfs: upper fs needs to support d_type.\n");
e7f52429
AG		 864
865 /* Check if upper/work fs supports O_TMPFILE */
866 temp = ovl_do_tmpfile(ufs->workdir, S_IFREG | 0);
867 ufs->tmpfile = !IS_ERR(temp);
868 if (ufs->tmpfile)
869 dput(temp);
870 else
871 pr_warn("overlayfs: upper fs does not support tmpfile.\n");
45aebeaf 872 }
e9be9d5e
MS		 873 }
874
2f83fd8c 875 err = -ENOMEM;
a78d9f0d 876 ufs->lower_mnt = kcalloc(numlower, sizeof(struct vfsmount *), GFP_KERNEL);
dd662667 877 if (ufs->lower_mnt == NULL)
3b7a9a24 878 goto out_put_workdir;
a78d9f0d
MS		 879 for (i = 0; i < numlower; i++) {
880 struct vfsmount *mnt = clone_private_mount(&stack[i]);
dd662667 881
2f83fd8c 882 err = PTR_ERR(mnt);
a78d9f0d
MS		 883 if (IS_ERR(mnt)) {
884 pr_err("overlayfs: failed to clone lowerpath\n");
885 goto out_put_lower_mnt;
886 }
887 /*
888 * Make lower_mnt R/O. That way fchmod/fchown on lower file
889 * will fail instead of modifying lower fs.
890 */
d719e8f2 891 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
dd662667 892
a78d9f0d
MS		 893 ufs->lower_mnt[ufs->numlower] = mnt;
894 ufs->numlower++;
895 }
e9be9d5e 896
71cbad7e 897 /* If the upper fs is nonexistent, we mark overlayfs r/o too */
898 if (!ufs->upper_mnt)
e9be9d5e
MS		 899 sb->s_flags |= MS_RDONLY;
900
7c03b5d4
MS		 901 if (remote)
902 sb->s_d_op = &ovl_reval_dentry_operations;
903 else
904 sb->s_d_op = &ovl_dentry_operations;
e9be9d5e 905
51f8f3c4
KK		 906 ufs->creator_cred = cred = prepare_creds();
907 if (!cred)
3fe6e52f
AM		 908 goto out_put_lower_mnt;
909
51f8f3c4
KK		 910 /* Never override disk quota limits or use reserved space */
911 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
912
e9be9d5e 913 err = -ENOMEM;
a78d9f0d 914 oe = ovl_alloc_entry(numlower);
3b7a9a24 915 if (!oe)
3fe6e52f 916 goto out_put_cred;
e9be9d5e 917
655042cc
VG		 918 sb->s_magic = OVERLAYFS_SUPER_MAGIC;
919 sb->s_op = &ovl_super_operations;
920 sb->s_xattr = ovl_xattr_handlers;
921 sb->s_fs_info = ufs;
922 sb->s_flags |= MS_POSIXACL | MS_NOREMOTELOCK;
923
ca4c8a3a 924 root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
e9be9d5e 925 if (!root_dentry)
3b7a9a24 926 goto out_free_oe;
e9be9d5e
MS		 927
928 mntput(upperpath.mnt);
a78d9f0d
MS		 929 for (i = 0; i < numlower; i++)
930 mntput(stack[i].mnt);
e9be9d5e 931 path_put(&workpath);
a78d9f0d 932 kfree(lowertmp);
e9be9d5e
MS		 933
934 oe->__upperdentry = upperpath.dentry;
a78d9f0d
MS		 935 for (i = 0; i < numlower; i++) {
936 oe->lowerstack[i].dentry = stack[i].dentry;
937 oe->lowerstack[i].mnt = ufs->lower_mnt[i];
938 }
0f95502a 939 kfree(stack);
e9be9d5e
MS		 940
941 root_dentry->d_fsdata = oe;
942
39b681f8
MS		 943 realinode = d_inode(ovl_dentry_real(root_dentry));
944 ovl_inode_init(d_inode(root_dentry), realinode, !!upperpath.dentry);
945 ovl_copyattr(realinode, d_inode(root_dentry));
ed06e069 946
e9be9d5e 947 sb->s_root = root_dentry;
e9be9d5e
MS		 948
949 return 0;
950
3b7a9a24
MS		 951out_free_oe:
952 kfree(oe);
3fe6e52f
AM		 953out_put_cred:
954 put_cred(ufs->creator_cred);
e9be9d5e 955out_put_lower_mnt:
dd662667
MS		 956 for (i = 0; i < ufs->numlower; i++)
957 mntput(ufs->lower_mnt[i]);
958 kfree(ufs->lower_mnt);
3b7a9a24
MS		 959out_put_workdir:
960 dput(ufs->workdir);
e9be9d5e 961 mntput(ufs->upper_mnt);
e9be9d5e 962out_put_lowerpath:
a78d9f0d
MS		 963 for (i = 0; i < numlower; i++)
964 path_put(&stack[i]);
965 kfree(stack);
966out_free_lowertmp:
967 kfree(lowertmp);
3b7a9a24
MS		 968out_put_workpath:
969 path_put(&workpath);
e9be9d5e
MS		 970out_put_upperpath:
971 path_put(&upperpath);
e9be9d5e 972out_free_config:
f45827e8
EZ		 973 kfree(ufs->config.lowerdir);
974 kfree(ufs->config.upperdir);
975 kfree(ufs->config.workdir);
976 kfree(ufs);
e9be9d5e
MS		 977out:
978 return err;
979}
980
981static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
982 const char *dev_name, void *raw_data)
983{
984 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
985}
986
987static struct file_system_type ovl_fs_type = {
988 .owner = THIS_MODULE,
ef94b186 989 .name = "overlay",
e9be9d5e
MS		 990 .mount = ovl_mount,
991 .kill_sb = kill_anon_super,
992};
ef94b186 993MODULE_ALIAS_FS("overlay");
e9be9d5e
MS		 994
995static int __init ovl_init(void)
996{
997 return register_filesystem(&ovl_fs_type);
998}
999
1000static void __exit ovl_exit(void)
1001{
1002 unregister_filesystem(&ovl_fs_type);
1003}
1004
1005module_init(ovl_init);
1006module_exit(ovl_exit);
A mirror of Linus' kernel repository