]> git.ipfire.org Git - thirdparty/kernel/linux.git/blame_incremental - fs/overlayfs/params.c
projects / thirdparty / kernel / linux.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge tag 'riscv-for-linus-6.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel...
[thirdparty/kernel/linux.git] / fs / overlayfs / params.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0-only
2
3#include <linux/fs.h>
4#include <linux/module.h>
5#include <linux/namei.h>
6#include <linux/fs_context.h>
7#include <linux/fs_parser.h>
8#include <linux/posix_acl_xattr.h>
9#include <linux/seq_file.h>
10#include <linux/xattr.h>
11#include "overlayfs.h"
12#include "params.h"
13
14static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
15module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
16MODULE_PARM_DESC(redirect_dir,
17 "Default to on or off for the redirect_dir feature");
18
19static bool ovl_redirect_always_follow =
20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
21module_param_named(redirect_always_follow, ovl_redirect_always_follow,
22 bool, 0644);
23MODULE_PARM_DESC(redirect_always_follow,
24 "Follow redirects even if redirect_dir feature is turned off");
25
26static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
27module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
28MODULE_PARM_DESC(xino_auto,
29 "Auto enable xino feature");
30
31static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
32module_param_named(index, ovl_index_def, bool, 0644);
33MODULE_PARM_DESC(index,
34 "Default to on or off for the inodes index feature");
35
36static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
37module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
38MODULE_PARM_DESC(nfs_export,
39 "Default to on or off for the NFS export feature");
40
41static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
42module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
43MODULE_PARM_DESC(metacopy,
44 "Default to on or off for the metadata only copy up feature");
45
46enum ovl_opt {
47 Opt_lowerdir,
48 Opt_lowerdir_add,
49 Opt_datadir_add,
50 Opt_upperdir,
51 Opt_workdir,
52 Opt_default_permissions,
53 Opt_redirect_dir,
54 Opt_index,
55 Opt_uuid,
56 Opt_nfs_export,
57 Opt_userxattr,
58 Opt_xino,
59 Opt_metacopy,
60 Opt_verity,
61 Opt_volatile,
62 Opt_override_creds,
63};
64
65static const struct constant_table ovl_parameter_bool[] = {
66 { "on", true },
67 { "off", false },
68 {}
69};
70
71static const struct constant_table ovl_parameter_uuid[] = {
72 { "off", OVL_UUID_OFF },
73 { "null", OVL_UUID_NULL },
74 { "auto", OVL_UUID_AUTO },
75 { "on", OVL_UUID_ON },
76 {}
77};
78
79static const char *ovl_uuid_mode(struct ovl_config *config)
80{
81 return ovl_parameter_uuid[config->uuid].name;
82}
83
84static int ovl_uuid_def(void)
85{
86 return OVL_UUID_AUTO;
87}
88
89static const struct constant_table ovl_parameter_xino[] = {
90 { "off", OVL_XINO_OFF },
91 { "auto", OVL_XINO_AUTO },
92 { "on", OVL_XINO_ON },
93 {}
94};
95
96const char *ovl_xino_mode(struct ovl_config *config)
97{
98 return ovl_parameter_xino[config->xino].name;
99}
100
101static int ovl_xino_def(void)
102{
103 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
104}
105
106const struct constant_table ovl_parameter_redirect_dir[] = {
107 { "off", OVL_REDIRECT_OFF },
108 { "follow", OVL_REDIRECT_FOLLOW },
109 { "nofollow", OVL_REDIRECT_NOFOLLOW },
110 { "on", OVL_REDIRECT_ON },
111 {}
112};
113
114static const char *ovl_redirect_mode(struct ovl_config *config)
115{
116 return ovl_parameter_redirect_dir[config->redirect_mode].name;
117}
118
119static int ovl_redirect_mode_def(void)
120{
121 return ovl_redirect_dir_def ? OVL_REDIRECT_ON :
122 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW :
123 OVL_REDIRECT_NOFOLLOW;
124}
125
126static const struct constant_table ovl_parameter_verity[] = {
127 { "off", OVL_VERITY_OFF },
128 { "on", OVL_VERITY_ON },
129 { "require", OVL_VERITY_REQUIRE },
130 {}
131};
132
133static const char *ovl_verity_mode(struct ovl_config *config)
134{
135 return ovl_parameter_verity[config->verity_mode].name;
136}
137
138static int ovl_verity_mode_def(void)
139{
140 return OVL_VERITY_OFF;
141}
142
143const struct fs_parameter_spec ovl_parameter_spec[] = {
144 fsparam_string_empty("lowerdir", Opt_lowerdir),
145 fsparam_file_or_string("lowerdir+", Opt_lowerdir_add),
146 fsparam_file_or_string("datadir+", Opt_datadir_add),
147 fsparam_file_or_string("upperdir", Opt_upperdir),
148 fsparam_file_or_string("workdir", Opt_workdir),
149 fsparam_flag("default_permissions", Opt_default_permissions),
150 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir),
151 fsparam_enum("index", Opt_index, ovl_parameter_bool),
152 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid),
153 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool),
154 fsparam_flag("userxattr", Opt_userxattr),
155 fsparam_enum("xino", Opt_xino, ovl_parameter_xino),
156 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool),
157 fsparam_enum("verity", Opt_verity, ovl_parameter_verity),
158 fsparam_flag("volatile", Opt_volatile),
159 fsparam_flag_no("override_creds", Opt_override_creds),
160 {}
161};
162
163static char *ovl_next_opt(char **s)
164{
165 char *sbegin = *s;
166 char *p;
167
168 if (sbegin == NULL)
169 return NULL;
170
171 for (p = sbegin; *p; p++) {
172 if (*p == '\\') {
173 p++;
174 if (!*p)
175 break;
176 } else if (*p == ',') {
177 *p = '\0';
178 *s = p + 1;
179 return sbegin;
180 }
181 }
182 *s = NULL;
183 return sbegin;
184}
185
186static int ovl_parse_monolithic(struct fs_context *fc, void *data)
187{
188 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt);
189}
190
191static ssize_t ovl_parse_param_split_lowerdirs(char *str)
192{
193 ssize_t nr_layers = 1, nr_colons = 0;
194 char *s, *d;
195
196 for (s = d = str;; s++, d++) {
197 if (*s == '\\') {
198 /* keep esc chars in split lowerdir */
199 *d++ = *s++;
200 } else if (*s == ':') {
201 bool next_colon = (*(s + 1) == ':');
202
203 nr_colons++;
204 if (nr_colons == 2 && next_colon) {
205 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n");
206 return -EINVAL;
207 }
208 /* count layers, not colons */
209 if (!next_colon)
210 nr_layers++;
211
212 *d = '\0';
213 continue;
214 }
215
216 *d = *s;
217 if (!*s) {
218 /* trailing colons */
219 if (nr_colons) {
220 pr_err("unescaped trailing colons in lowerdir mount option.\n");
221 return -EINVAL;
222 }
223 break;
224 }
225 nr_colons = 0;
226 }
227
228 return nr_layers;
229}
230
231static int ovl_mount_dir_noesc(const char *name, struct path *path)
232{
233 int err = -EINVAL;
234
235 if (!*name) {
236 pr_err("empty lowerdir\n");
237 goto out;
238 }
239 err = kern_path(name, LOOKUP_FOLLOW, path);
240 if (err) {
241 pr_err("failed to resolve '%s': %i\n", name, err);
242 goto out;
243 }
244 return 0;
245
246out:
247 return err;
248}
249
250static void ovl_unescape(char *s)
251{
252 char *d = s;
253
254 for (;; s++, d++) {
255 if (*s == '\\')
256 s++;
257 *d = *s;
258 if (!*s)
259 break;
260 }
261}
262
263static int ovl_mount_dir(const char *name, struct path *path)
264{
265 int err = -ENOMEM;
266 char *tmp = kstrdup(name, GFP_KERNEL);
267
268 if (tmp) {
269 ovl_unescape(tmp);
270 err = ovl_mount_dir_noesc(tmp, path);
271 kfree(tmp);
272 }
273 return err;
274}
275
276static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path,
277 enum ovl_opt layer, const char *name, bool upper)
278{
279 struct ovl_fs_context *ctx = fc->fs_private;
280
281 if (!d_is_dir(path->dentry))
282 return invalfc(fc, "%s is not a directory", name);
283
284 /*
285 * Root dentries of case-insensitive capable filesystems might
286 * not have the dentry operations set, but still be incompatible
287 * with overlayfs. Check explicitly to prevent post-mount
288 * failures.
289 */
290 if (sb_has_encoding(path->mnt->mnt_sb))
291 return invalfc(fc, "case-insensitive capable filesystem on %s not supported", name);
292
293 if (ovl_dentry_weird(path->dentry))
294 return invalfc(fc, "filesystem on %s not supported", name);
295
296 /*
297 * Check whether upper path is read-only here to report failures
298 * early. Don't forget to recheck when the superblock is created
299 * as the mount attributes could change.
300 */
301 if (upper) {
302 if (path->dentry->d_flags & DCACHE_OP_REAL)
303 return invalfc(fc, "filesystem on %s not supported as upperdir", name);
304 if (__mnt_is_readonly(path->mnt))
305 return invalfc(fc, "filesystem on %s is read-only", name);
306 } else {
307 if (ctx->lowerdir_all && layer != Opt_lowerdir)
308 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir");
309 if (ctx->nr_data && layer == Opt_lowerdir_add)
310 return invalfc(fc, "regular lower layers cannot follow data layers");
311 if (ctx->nr == OVL_MAX_STACK)
312 return invalfc(fc, "too many lower directories, limit is %d",
313 OVL_MAX_STACK);
314 }
315 return 0;
316}
317
318static int ovl_ctx_realloc_lower(struct fs_context *fc)
319{
320 struct ovl_fs_context *ctx = fc->fs_private;
321 struct ovl_fs_context_layer *l;
322 size_t nr;
323
324 if (ctx->nr < ctx->capacity)
325 return 0;
326
327 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2),
328 OVL_MAX_STACK);
329 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT);
330 if (!l)
331 return -ENOMEM;
332
333 ctx->lower = l;
334 ctx->capacity = nr;
335 return 0;
336}
337
338static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer,
339 struct path *path, char **pname)
340{
341 struct ovl_fs *ofs = fc->s_fs_info;
342 struct ovl_config *config = &ofs->config;
343 struct ovl_fs_context *ctx = fc->fs_private;
344 struct ovl_fs_context_layer *l;
345
346 switch (layer) {
347 case Opt_workdir:
348 swap(config->workdir, *pname);
349 swap(ctx->work, *path);
350 break;
351 case Opt_upperdir:
352 swap(config->upperdir, *pname);
353 swap(ctx->upper, *path);
354 break;
355 case Opt_datadir_add:
356 ctx->nr_data++;
357 fallthrough;
358 case Opt_lowerdir:
359 fallthrough;
360 case Opt_lowerdir_add:
361 WARN_ON(ctx->nr >= ctx->capacity);
362 l = &ctx->lower[ctx->nr++];
363 memset(l, 0, sizeof(*l));
364 swap(l->name, *pname);
365 swap(l->path, *path);
366 break;
367 default:
368 WARN_ON(1);
369 }
370}
371
372static inline bool is_upper_layer(enum ovl_opt layer)
373{
374 return layer == Opt_upperdir || layer == Opt_workdir;
375}
376
377/* Handle non-file descriptor-based layer options that require path lookup. */
378static inline int ovl_kern_path(const char *layer_name, struct path *layer_path,
379 enum ovl_opt layer)
380{
381 int err;
382
383 switch (layer) {
384 case Opt_upperdir:
385 fallthrough;
386 case Opt_workdir:
387 fallthrough;
388 case Opt_lowerdir:
389 err = ovl_mount_dir(layer_name, layer_path);
390 break;
391 case Opt_lowerdir_add:
392 fallthrough;
393 case Opt_datadir_add:
394 err = ovl_mount_dir_noesc(layer_name, layer_path);
395 break;
396 default:
397 WARN_ON_ONCE(true);
398 err = -EINVAL;
399 }
400
401 return err;
402}
403
404static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name,
405 struct path *layer_path, enum ovl_opt layer)
406{
407 char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL);
408 bool upper;
409 int err = 0;
410
411 if (!name)
412 return -ENOMEM;
413
414 upper = is_upper_layer(layer);
415 err = ovl_mount_dir_check(fc, layer_path, layer, name, upper);
416 if (err)
417 return err;
418
419 if (!upper) {
420 err = ovl_ctx_realloc_lower(fc);
421 if (err)
422 return err;
423 }
424
425 /* Store the user provided path string in ctx to show in mountinfo */
426 ovl_add_layer(fc, layer, layer_path, &name);
427 return err;
428}
429
430static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param,
431 enum ovl_opt layer)
432{
433 struct path layer_path __free(path_put) = {};
434 int err = 0;
435
436 switch (param->type) {
437 case fs_value_is_string:
438 err = ovl_kern_path(param->string, &layer_path, layer);
439 if (err)
440 return err;
441 err = ovl_do_parse_layer(fc, param->string, &layer_path, layer);
442 break;
443 case fs_value_is_file: {
444 char *buf __free(kfree);
445 char *layer_name;
446
447 buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT);
448 if (!buf)
449 return -ENOMEM;
450
451 layer_path = param->file->f_path;
452 path_get(&layer_path);
453
454 layer_name = d_path(&layer_path, buf, PATH_MAX);
455 if (IS_ERR(layer_name))
456 return PTR_ERR(layer_name);
457
458 err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer);
459 break;
460 }
461 default:
462 WARN_ON_ONCE(true);
463 err = -EINVAL;
464 }
465
466 return err;
467}
468
469static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx)
470{
471 struct ovl_fs_context_layer *l = ctx->lower;
472
473 // Reset old user provided lowerdir string
474 kfree(ctx->lowerdir_all);
475 ctx->lowerdir_all = NULL;
476
477 for (size_t nr = 0; nr < ctx->nr; nr++, l++) {
478 path_put(&l->path);
479 kfree(l->name);
480 l->name = NULL;
481 }
482 ctx->nr = 0;
483 ctx->nr_data = 0;
484}
485
486/*
487 * Parse lowerdir= mount option:
488 *
489 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2
490 * Set "/lower1", "/lower2", and "/lower3" as lower layers and
491 * "/data1" and "/data2" as data lower layers. Any existing lower
492 * layers are replaced.
493 */
494static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc)
495{
496 int err;
497 struct ovl_fs_context *ctx = fc->fs_private;
498 char *dup = NULL, *iter;
499 ssize_t nr_lower, nr;
500 bool data_layer = false;
501
502 /*
503 * Ensure we're backwards compatible with mount(2)
504 * by allowing relative paths.
505 */
506
507 /* drop all existing lower layers */
508 ovl_reset_lowerdirs(ctx);
509
510 if (!*name)
511 return 0;
512
513 if (*name == ':') {
514 pr_err("cannot append lower layer\n");
515 return -EINVAL;
516 }
517
518 // Store user provided lowerdir string to show in mount options
519 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL);
520 if (!ctx->lowerdir_all)
521 return -ENOMEM;
522
523 dup = kstrdup(name, GFP_KERNEL);
524 if (!dup)
525 return -ENOMEM;
526
527 err = -EINVAL;
528 nr_lower = ovl_parse_param_split_lowerdirs(dup);
529 if (nr_lower < 0)
530 goto out_err;
531
532 if (nr_lower > OVL_MAX_STACK) {
533 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK);
534 goto out_err;
535 }
536
537 iter = dup;
538 for (nr = 0; nr < nr_lower; nr++) {
539 struct path path __free(path_put) = {};
540
541 err = ovl_kern_path(iter, &path, Opt_lowerdir);
542 if (err)
543 goto out_err;
544
545 err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir);
546 if (err)
547 goto out_err;
548
549 if (data_layer)
550 ctx->nr_data++;
551
552 /* Calling strchr() again would overrun. */
553 if (ctx->nr == nr_lower)
554 break;
555
556 err = -EINVAL;
557 iter = strchr(iter, '\0') + 1;
558 if (*iter) {
559 /*
560 * This is a regular layer so we require that
561 * there are no data layers.
562 */
563 if (ctx->nr_data > 0) {
564 pr_err("regular lower layers cannot follow data lower layers\n");
565 goto out_err;
566 }
567
568 data_layer = false;
569 continue;
570 }
571
572 /* This is a data lower layer. */
573 data_layer = true;
574 iter++;
575 }
576 kfree(dup);
577 return 0;
578
579out_err:
580 kfree(dup);
581
582 /* Intentionally don't realloc to a smaller size. */
583 return err;
584}
585
586static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param)
587{
588 int err = 0;
589 struct fs_parse_result result;
590 struct ovl_fs *ofs = fc->s_fs_info;
591 struct ovl_config *config = &ofs->config;
592 struct ovl_fs_context *ctx = fc->fs_private;
593 int opt;
594
595 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) {
596 /*
597 * On remount overlayfs has always ignored all mount
598 * options no matter if malformed or not so for
599 * backwards compatibility we do the same here.
600 */
601 if (fc->oldapi)
602 return 0;
603
604 /*
605 * Give us the freedom to allow changing mount options
606 * with the new mount api in the future. So instead of
607 * silently ignoring everything we report a proper
608 * error. This is only visible for users of the new
609 * mount api.
610 */
611 return invalfc(fc, "No changes allowed in reconfigure");
612 }
613
614 opt = fs_parse(fc, ovl_parameter_spec, param, &result);
615 if (opt < 0)
616 return opt;
617
618 switch (opt) {
619 case Opt_lowerdir:
620 err = ovl_parse_param_lowerdir(param->string, fc);
621 break;
622 case Opt_lowerdir_add:
623 case Opt_datadir_add:
624 case Opt_upperdir:
625 case Opt_workdir:
626 err = ovl_parse_layer(fc, param, opt);
627 break;
628 case Opt_default_permissions:
629 config->default_permissions = true;
630 break;
631 case Opt_redirect_dir:
632 config->redirect_mode = result.uint_32;
633 if (config->redirect_mode == OVL_REDIRECT_OFF) {
634 config->redirect_mode = ovl_redirect_always_follow ?
635 OVL_REDIRECT_FOLLOW :
636 OVL_REDIRECT_NOFOLLOW;
637 }
638 ctx->set.redirect = true;
639 break;
640 case Opt_index:
641 config->index = result.uint_32;
642 ctx->set.index = true;
643 break;
644 case Opt_uuid:
645 config->uuid = result.uint_32;
646 break;
647 case Opt_nfs_export:
648 config->nfs_export = result.uint_32;
649 ctx->set.nfs_export = true;
650 break;
651 case Opt_xino:
652 config->xino = result.uint_32;
653 break;
654 case Opt_metacopy:
655 config->metacopy = result.uint_32;
656 ctx->set.metacopy = true;
657 break;
658 case Opt_verity:
659 config->verity_mode = result.uint_32;
660 break;
661 case Opt_volatile:
662 config->ovl_volatile = true;
663 break;
664 case Opt_userxattr:
665 config->userxattr = true;
666 break;
667 case Opt_override_creds: {
668 const struct cred *cred = NULL;
669
670 if (result.negated) {
671 swap(cred, ofs->creator_cred);
672 put_cred(cred);
673 break;
674 }
675
676 if (!current_in_userns(fc->user_ns)) {
677 err = -EINVAL;
678 break;
679 }
680
681 cred = prepare_creds();
682 if (cred)
683 swap(cred, ofs->creator_cred);
684 else
685 err = -ENOMEM;
686
687 put_cred(cred);
688 break;
689 }
690 default:
691 pr_err("unrecognized mount option \"%s\" or missing value\n",
692 param->key);
693 return -EINVAL;
694 }
695
696 return err;
697}
698
699static int ovl_get_tree(struct fs_context *fc)
700{
701 return get_tree_nodev(fc, ovl_fill_super);
702}
703
704static inline void ovl_fs_context_free(struct ovl_fs_context *ctx)
705{
706 ovl_reset_lowerdirs(ctx);
707 path_put(&ctx->upper);
708 path_put(&ctx->work);
709 kfree(ctx->lower);
710 kfree(ctx);
711}
712
713static void ovl_free(struct fs_context *fc)
714{
715 struct ovl_fs *ofs = fc->s_fs_info;
716 struct ovl_fs_context *ctx = fc->fs_private;
717
718 /*
719 * ofs is stored in the fs_context when it is initialized.
720 * ofs is transferred to the superblock on a successful mount,
721 * but if an error occurs before the transfer we have to free
722 * it here.
723 */
724 if (ofs)
725 ovl_free_fs(ofs);
726
727 if (ctx)
728 ovl_fs_context_free(ctx);
729}
730
731static int ovl_reconfigure(struct fs_context *fc)
732{
733 struct super_block *sb = fc->root->d_sb;
734 struct ovl_fs *ofs = OVL_FS(sb);
735 struct super_block *upper_sb;
736 int ret = 0;
737
738 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs))
739 return -EROFS;
740
741 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) {
742 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
743 if (ovl_should_sync(ofs)) {
744 down_read(&upper_sb->s_umount);
745 ret = sync_filesystem(upper_sb);
746 up_read(&upper_sb->s_umount);
747 }
748 }
749
750 return ret;
751}
752
753static const struct fs_context_operations ovl_context_ops = {
754 .parse_monolithic = ovl_parse_monolithic,
755 .parse_param = ovl_parse_param,
756 .get_tree = ovl_get_tree,
757 .reconfigure = ovl_reconfigure,
758 .free = ovl_free,
759};
760
761/*
762 * This is called during fsopen() and will record the user namespace of
763 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll
764 * need it when we actually create the superblock to verify that the
765 * process creating the superblock is in the same user namespace as
766 * process that called fsopen().
767 */
768int ovl_init_fs_context(struct fs_context *fc)
769{
770 struct ovl_fs_context *ctx;
771 struct ovl_fs *ofs;
772
773 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT);
774 if (!ctx)
775 return -ENOMEM;
776
777 /*
778 * By default we allocate for three lower layers. It's likely
779 * that it'll cover most users.
780 */
781 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT);
782 if (!ctx->lower)
783 goto out_err;
784 ctx->capacity = 3;
785
786 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
787 if (!ofs)
788 goto out_err;
789
790 ofs->config.redirect_mode = ovl_redirect_mode_def();
791 ofs->config.index = ovl_index_def;
792 ofs->config.uuid = ovl_uuid_def();
793 ofs->config.nfs_export = ovl_nfs_export_def;
794 ofs->config.xino = ovl_xino_def();
795 ofs->config.metacopy = ovl_metacopy_def;
796
797 fc->s_fs_info = ofs;
798 fc->fs_private = ctx;
799 fc->ops = &ovl_context_ops;
800 return 0;
801
802out_err:
803 ovl_fs_context_free(ctx);
804 return -ENOMEM;
805
806}
807
808void ovl_free_fs(struct ovl_fs *ofs)
809{
810 struct vfsmount **mounts;
811 unsigned i;
812
813 iput(ofs->workbasedir_trap);
814 iput(ofs->workdir_trap);
815 dput(ofs->whiteout);
816 dput(ofs->workdir);
817 if (ofs->workdir_locked)
818 ovl_inuse_unlock(ofs->workbasedir);
819 dput(ofs->workbasedir);
820 if (ofs->upperdir_locked)
821 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
822
823 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */
824 mounts = (struct vfsmount **) ofs->config.lowerdirs;
825 for (i = 0; i < ofs->numlayer; i++) {
826 iput(ofs->layers[i].trap);
827 kfree(ofs->config.lowerdirs[i]);
828 mounts[i] = ofs->layers[i].mnt;
829 }
830 kern_unmount_array(mounts, ofs->numlayer);
831 kfree(ofs->layers);
832 for (i = 0; i < ofs->numfs; i++)
833 free_anon_bdev(ofs->fs[i].pseudo_dev);
834 kfree(ofs->fs);
835
836 kfree(ofs->config.lowerdirs);
837 kfree(ofs->config.upperdir);
838 kfree(ofs->config.workdir);
839 if (ofs->creator_cred)
840 put_cred(ofs->creator_cred);
841 kfree(ofs);
842}
843
844int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
845 struct ovl_config *config)
846{
847 struct ovl_opt_set set = ctx->set;
848
849 /* Workdir/index are useless in non-upper mount */
850 if (!config->upperdir) {
851 if (config->workdir) {
852 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
853 config->workdir);
854 kfree(config->workdir);
855 config->workdir = NULL;
856 }
857 if (config->index && set.index) {
858 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n");
859 set.index = false;
860 }
861 config->index = false;
862 }
863
864 if (!config->upperdir && config->ovl_volatile) {
865 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n");
866 config->ovl_volatile = false;
867 }
868
869 if (!config->upperdir && config->uuid == OVL_UUID_ON) {
870 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n");
871 config->uuid = OVL_UUID_NULL;
872 }
873
874 /*
875 * This is to make the logic below simpler. It doesn't make any other
876 * difference, since redirect_dir=on is only used for upper.
877 */
878 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW)
879 config->redirect_mode = OVL_REDIRECT_ON;
880
881 /* metacopy -> redirect_dir dependency */
882 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) {
883 if (set.metacopy && set.redirect) {
884 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
885 ovl_redirect_mode(config));
886 return -EINVAL;
887 }
888 if (set.redirect) {
889 /*
890 * There was an explicit redirect_dir=... that resulted
891 * in this conflict.
892 */
893 pr_info("disabling metacopy due to redirect_dir=%s\n",
894 ovl_redirect_mode(config));
895 config->metacopy = false;
896 } else {
897 /* Automatically enable redirect otherwise. */
898 config->redirect_mode = OVL_REDIRECT_ON;
899 }
900 }
901
902 /* Resolve nfs_export -> index dependency */
903 if (config->nfs_export && !config->index) {
904 if (!config->upperdir &&
905 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
906 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
907 config->nfs_export = false;
908 } else if (set.nfs_export && set.index) {
909 pr_err("conflicting options: nfs_export=on,index=off\n");
910 return -EINVAL;
911 } else if (set.index) {
912 /*
913 * There was an explicit index=off that resulted
914 * in this conflict.
915 */
916 pr_info("disabling nfs_export due to index=off\n");
917 config->nfs_export = false;
918 } else {
919 /* Automatically enable index otherwise. */
920 config->index = true;
921 }
922 }
923
924 /* Resolve nfs_export -> !metacopy && !verity dependency */
925 if (config->nfs_export && config->metacopy) {
926 if (set.nfs_export && set.metacopy) {
927 pr_err("conflicting options: nfs_export=on,metacopy=on\n");
928 return -EINVAL;
929 }
930 if (set.metacopy) {
931 /*
932 * There was an explicit metacopy=on that resulted
933 * in this conflict.
934 */
935 pr_info("disabling nfs_export due to metacopy=on\n");
936 config->nfs_export = false;
937 } else if (config->verity_mode) {
938 /*
939 * There was an explicit verity=.. that resulted
940 * in this conflict.
941 */
942 pr_info("disabling nfs_export due to verity=%s\n",
943 ovl_verity_mode(config));
944 config->nfs_export = false;
945 } else {
946 /*
947 * There was an explicit nfs_export=on that resulted
948 * in this conflict.
949 */
950 pr_info("disabling metacopy due to nfs_export=on\n");
951 config->metacopy = false;
952 }
953 }
954
955
956 /* Resolve userxattr -> !redirect && !metacopy dependency */
957 if (config->userxattr) {
958 if (set.redirect &&
959 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
960 pr_err("conflicting options: userxattr,redirect_dir=%s\n",
961 ovl_redirect_mode(config));
962 return -EINVAL;
963 }
964 if (config->metacopy && set.metacopy) {
965 pr_err("conflicting options: userxattr,metacopy=on\n");
966 return -EINVAL;
967 }
968 /*
969 * Silently disable default setting of redirect and metacopy.
970 * This shall be the default in the future as well: these
971 * options must be explicitly enabled if used together with
972 * userxattr.
973 */
974 config->redirect_mode = OVL_REDIRECT_NOFOLLOW;
975 config->metacopy = false;
976 }
977
978 /*
979 * Fail if we don't have trusted xattr capability and a feature was
980 * explicitly requested that requires them.
981 */
982 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) {
983 if (set.redirect &&
984 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
985 pr_err("redirect_dir requires permission to access trusted xattrs\n");
986 return -EPERM;
987 }
988 if (config->metacopy && set.metacopy) {
989 pr_err("metacopy requires permission to access trusted xattrs\n");
990 return -EPERM;
991 }
992 if (config->verity_mode) {
993 pr_err("verity requires permission to access trusted xattrs\n");
994 return -EPERM;
995 }
996 if (ctx->nr_data > 0) {
997 pr_err("lower data-only dirs require permission to access trusted xattrs\n");
998 return -EPERM;
999 }
1000 /*
1001 * Other xattr-dependent features should be disabled without
1002 * great disturbance to the user in ovl_make_workdir().
1003 */
1004 }
1005
1006 return 0;
1007}
1008
1009/**
1010 * ovl_show_options
1011 * @m: the seq_file handle
1012 * @dentry: The dentry to query
1013 *
1014 * Prints the mount options for a given superblock.
1015 * Returns zero; does not fail.
1016 */
1017int ovl_show_options(struct seq_file *m, struct dentry *dentry)
1018{
1019 struct super_block *sb = dentry->d_sb;
1020 struct ovl_fs *ofs = OVL_FS(sb);
1021 size_t nr, nr_merged_lower, nr_lower = 0;
1022 char **lowerdirs = ofs->config.lowerdirs;
1023
1024 /*
1025 * lowerdirs[0] holds the colon separated list that user provided
1026 * with lowerdir mount option.
1027 * lowerdirs[1..numlayer] hold the lowerdir paths that were added
1028 * using the lowerdir+ and datadir+ mount options.
1029 * For now, we do not allow mixing the legacy lowerdir mount option
1030 * with the new lowerdir+ and datadir+ mount options.
1031 */
1032 if (lowerdirs[0]) {
1033 seq_show_option(m, "lowerdir", lowerdirs[0]);
1034 } else {
1035 nr_lower = ofs->numlayer;
1036 nr_merged_lower = nr_lower - ofs->numdatalayer;
1037 }
1038 for (nr = 1; nr < nr_lower; nr++) {
1039 if (nr < nr_merged_lower)
1040 seq_show_option(m, "lowerdir+", lowerdirs[nr]);
1041 else
1042 seq_show_option(m, "datadir+", lowerdirs[nr]);
1043 }
1044 if (ofs->config.upperdir) {
1045 seq_show_option(m, "upperdir", ofs->config.upperdir);
1046 seq_show_option(m, "workdir", ofs->config.workdir);
1047 }
1048 if (ofs->config.default_permissions)
1049 seq_puts(m, ",default_permissions");
1050 if (ofs->config.redirect_mode != ovl_redirect_mode_def())
1051 seq_printf(m, ",redirect_dir=%s",
1052 ovl_redirect_mode(&ofs->config));
1053 if (ofs->config.index != ovl_index_def)
1054 seq_printf(m, ",index=%s", str_on_off(ofs->config.index));
1055 if (ofs->config.uuid != ovl_uuid_def())
1056 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config));
1057 if (ofs->config.nfs_export != ovl_nfs_export_def)
1058 seq_printf(m, ",nfs_export=%s",
1059 str_on_off(ofs->config.nfs_export));
1060 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs))
1061 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config));
1062 if (ofs->config.metacopy != ovl_metacopy_def)
1063 seq_printf(m, ",metacopy=%s", str_on_off(ofs->config.metacopy));
1064 if (ofs->config.ovl_volatile)
1065 seq_puts(m, ",volatile");
1066 if (ofs->config.userxattr)
1067 seq_puts(m, ",userxattr");
1068 if (ofs->config.verity_mode != ovl_verity_mode_def())
1069 seq_printf(m, ",verity=%s",
1070 ovl_verity_mode(&ofs->config));
1071 return 0;
1072}
A mirror of Linus' kernel repository