1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum { 47 Opt_lowerdir, 48 Opt_upperdir, 49 Opt_workdir, 50 Opt_default_permissions, 51 Opt_redirect_dir, 52 Opt_index, 53 Opt_uuid, 54 Opt_nfs_export, 55 Opt_userxattr, 56 Opt_xino, 57 Opt_metacopy, 58 Opt_verity, 59 Opt_volatile, 60 }; 61 62 static const struct constant_table ovl_parameter_bool[] = { 63 { "on", true }, 64 { "off", false }, 65 {} 66 }; 67 68 static const struct constant_table ovl_parameter_uuid[] = { 69 { "off", OVL_UUID_OFF }, 70 { "null", OVL_UUID_NULL }, 71 { "auto", OVL_UUID_AUTO }, 72 { "on", OVL_UUID_ON }, 73 {} 74 }; 75 76 static const char *ovl_uuid_mode(struct ovl_config *config) 77 { 78 return ovl_parameter_uuid[config->uuid].name; 79 } 80 81 static int ovl_uuid_def(void) 82 { 83 return OVL_UUID_AUTO; 84 } 85 86 static const struct constant_table ovl_parameter_xino[] = { 87 { "off", OVL_XINO_OFF }, 88 { "auto", OVL_XINO_AUTO }, 89 { "on", OVL_XINO_ON }, 90 {} 91 }; 92 93 const char *ovl_xino_mode(struct ovl_config *config) 94 { 95 return ovl_parameter_xino[config->xino].name; 96 } 97 98 static int ovl_xino_def(void) 99 { 100 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 101 } 102 103 const struct constant_table ovl_parameter_redirect_dir[] = { 104 { "off", OVL_REDIRECT_OFF }, 105 { "follow", OVL_REDIRECT_FOLLOW }, 106 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 107 { "on", OVL_REDIRECT_ON }, 108 {} 109 }; 110 111 static const char *ovl_redirect_mode(struct ovl_config *config) 112 { 113 return ovl_parameter_redirect_dir[config->redirect_mode].name; 114 } 115 116 static int ovl_redirect_mode_def(void) 117 { 118 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 119 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 120 OVL_REDIRECT_NOFOLLOW; 121 } 122 123 static const struct constant_table ovl_parameter_verity[] = { 124 { "off", OVL_VERITY_OFF }, 125 { "on", OVL_VERITY_ON }, 126 { "require", OVL_VERITY_REQUIRE }, 127 {} 128 }; 129 130 static const char *ovl_verity_mode(struct ovl_config *config) 131 { 132 return ovl_parameter_verity[config->verity_mode].name; 133 } 134 135 static int ovl_verity_mode_def(void) 136 { 137 return OVL_VERITY_OFF; 138 } 139 140 #define fsparam_string_empty(NAME, OPT) \ 141 __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) 142 143 const struct fs_parameter_spec ovl_parameter_spec[] = { 144 fsparam_string_empty("lowerdir", Opt_lowerdir), 145 fsparam_string("upperdir", Opt_upperdir), 146 fsparam_string("workdir", Opt_workdir), 147 fsparam_flag("default_permissions", Opt_default_permissions), 148 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 149 fsparam_enum("index", Opt_index, ovl_parameter_bool), 150 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 151 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 152 fsparam_flag("userxattr", Opt_userxattr), 153 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 154 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 155 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 156 fsparam_flag("volatile", Opt_volatile), 157 {} 158 }; 159 160 static char *ovl_next_opt(char **s) 161 { 162 char *sbegin = *s; 163 char *p; 164 165 if (sbegin == NULL) 166 return NULL; 167 168 for (p = sbegin; *p; p++) { 169 if (*p == '\\') { 170 p++; 171 if (!*p) 172 break; 173 } else if (*p == ',') { 174 *p = '\0'; 175 *s = p + 1; 176 return sbegin; 177 } 178 } 179 *s = NULL; 180 return sbegin; 181 } 182 183 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 184 { 185 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 186 } 187 188 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 189 { 190 ssize_t nr_layers = 1, nr_colons = 0; 191 char *s, *d; 192 193 for (s = d = str;; s++, d++) { 194 if (*s == '\\') { 195 s++; 196 } else if (*s == ':') { 197 bool next_colon = (*(s + 1) == ':'); 198 199 nr_colons++; 200 if (nr_colons == 2 && next_colon) { 201 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 202 return -EINVAL; 203 } 204 /* count layers, not colons */ 205 if (!next_colon) 206 nr_layers++; 207 208 *d = '\0'; 209 continue; 210 } 211 212 *d = *s; 213 if (!*s) { 214 /* trailing colons */ 215 if (nr_colons) { 216 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 217 return -EINVAL; 218 } 219 break; 220 } 221 nr_colons = 0; 222 } 223 224 return nr_layers; 225 } 226 227 static int ovl_mount_dir_noesc(const char *name, struct path *path) 228 { 229 int err = -EINVAL; 230 231 if (!*name) { 232 pr_err("empty lowerdir\n"); 233 goto out; 234 } 235 err = kern_path(name, LOOKUP_FOLLOW, path); 236 if (err) { 237 pr_err("failed to resolve '%s': %i\n", name, err); 238 goto out; 239 } 240 err = -EINVAL; 241 if (ovl_dentry_weird(path->dentry)) { 242 pr_err("filesystem on '%s' not supported\n", name); 243 goto out_put; 244 } 245 if (!d_is_dir(path->dentry)) { 246 pr_err("'%s' not a directory\n", name); 247 goto out_put; 248 } 249 return 0; 250 251 out_put: 252 path_put_init(path); 253 out: 254 return err; 255 } 256 257 static void ovl_unescape(char *s) 258 { 259 char *d = s; 260 261 for (;; s++, d++) { 262 if (*s == '\\') 263 s++; 264 *d = *s; 265 if (!*s) 266 break; 267 } 268 } 269 270 static int ovl_mount_dir(const char *name, struct path *path) 271 { 272 int err = -ENOMEM; 273 char *tmp = kstrdup(name, GFP_KERNEL); 274 275 if (tmp) { 276 ovl_unescape(tmp); 277 err = ovl_mount_dir_noesc(tmp, path); 278 279 if (!err && path->dentry->d_flags & DCACHE_OP_REAL) { 280 pr_err("filesystem on '%s' not supported as upperdir\n", 281 tmp); 282 path_put_init(path); 283 err = -EINVAL; 284 } 285 kfree(tmp); 286 } 287 return err; 288 } 289 290 static int ovl_parse_param_upperdir(const char *name, struct fs_context *fc, 291 bool workdir) 292 { 293 int err; 294 struct ovl_fs *ofs = fc->s_fs_info; 295 struct ovl_config *config = &ofs->config; 296 struct ovl_fs_context *ctx = fc->fs_private; 297 struct path path; 298 char *dup; 299 300 err = ovl_mount_dir(name, &path); 301 if (err) 302 return err; 303 304 /* 305 * Check whether upper path is read-only here to report failures 306 * early. Don't forget to recheck when the superblock is created 307 * as the mount attributes could change. 308 */ 309 if (__mnt_is_readonly(path.mnt)) { 310 path_put(&path); 311 return -EINVAL; 312 } 313 314 dup = kstrdup(name, GFP_KERNEL); 315 if (!dup) { 316 path_put(&path); 317 return -ENOMEM; 318 } 319 320 if (workdir) { 321 kfree(config->workdir); 322 config->workdir = dup; 323 path_put(&ctx->work); 324 ctx->work = path; 325 } else { 326 kfree(config->upperdir); 327 config->upperdir = dup; 328 path_put(&ctx->upper); 329 ctx->upper = path; 330 } 331 return 0; 332 } 333 334 static void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx) 335 { 336 for (size_t nr = 0; nr < ctx->nr; nr++) { 337 path_put(&ctx->lower[nr].path); 338 kfree(ctx->lower[nr].name); 339 ctx->lower[nr].name = NULL; 340 } 341 ctx->nr = 0; 342 ctx->nr_data = 0; 343 } 344 345 /* 346 * Parse lowerdir= mount option: 347 * 348 * (1) lowerdir=/lower1:/lower2:/lower3::/data1::/data2 349 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 350 * "/data1" and "/data2" as data lower layers. Any existing lower 351 * layers are replaced. 352 * (2) lowerdir=:/lower4 353 * Append "/lower4" to current stack of lower layers. This requires 354 * that there already is at least one lower layer configured. 355 * (3) lowerdir=::/lower5 356 * Append data "/lower5" as data lower layer. This requires that 357 * there's at least one regular lower layer present. 358 */ 359 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 360 { 361 int err; 362 struct ovl_fs_context *ctx = fc->fs_private; 363 struct ovl_fs_context_layer *l; 364 char *dup = NULL, *dup_iter; 365 ssize_t nr_lower = 0, nr = 0, nr_data = 0; 366 bool append = false, data_layer = false; 367 368 /* 369 * Ensure we're backwards compatible with mount(2) 370 * by allowing relative paths. 371 */ 372 373 /* drop all existing lower layers */ 374 if (!*name) { 375 ovl_parse_param_drop_lowerdir(ctx); 376 return 0; 377 } 378 379 if (strncmp(name, "::", 2) == 0) { 380 /* 381 * This is a data layer. 382 * There must be at least one regular lower layer 383 * specified. 384 */ 385 if (ctx->nr == 0) { 386 pr_err("data lower layers without regular lower layers not allowed"); 387 return -EINVAL; 388 } 389 390 /* Skip the leading "::". */ 391 name += 2; 392 data_layer = true; 393 /* 394 * A data layer is automatically an append as there 395 * must've been at least one regular lower layer. 396 */ 397 append = true; 398 } else if (*name == ':') { 399 /* 400 * This is a regular lower layer. 401 * If users want to append a layer enforce that they 402 * have already specified a first layer before. It's 403 * better to be strict. 404 */ 405 if (ctx->nr == 0) { 406 pr_err("cannot append layer if no previous layer has been specified"); 407 return -EINVAL; 408 } 409 410 /* 411 * Once a sequence of data layers has started regular 412 * lower layers are forbidden. 413 */ 414 if (ctx->nr_data > 0) { 415 pr_err("regular lower layers cannot follow data lower layers"); 416 return -EINVAL; 417 } 418 419 /* Skip the leading ":". */ 420 name++; 421 append = true; 422 } 423 424 dup = kstrdup(name, GFP_KERNEL); 425 if (!dup) 426 return -ENOMEM; 427 428 err = -EINVAL; 429 nr_lower = ovl_parse_param_split_lowerdirs(dup); 430 if (nr_lower < 0) 431 goto out_err; 432 433 if ((nr_lower > OVL_MAX_STACK) || 434 (append && (size_add(ctx->nr, nr_lower) > OVL_MAX_STACK))) { 435 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 436 goto out_err; 437 } 438 439 if (!append) 440 ovl_parse_param_drop_lowerdir(ctx); 441 442 /* 443 * (1) append 444 * 445 * We want nr <= nr_lower <= capacity We know nr > 0 and nr <= 446 * capacity. If nr == 0 this wouldn't be append. If nr + 447 * nr_lower is <= capacity then nr <= nr_lower <= capacity 448 * already holds. If nr + nr_lower exceeds capacity, we realloc. 449 * 450 * (2) replace 451 * 452 * Ensure we're backwards compatible with mount(2) which allows 453 * "lowerdir=/a:/b:/c,lowerdir=/d:/e:/f" causing the last 454 * specified lowerdir mount option to win. 455 * 456 * We want nr <= nr_lower <= capacity We know either (i) nr == 0 457 * or (ii) nr > 0. We also know nr_lower > 0. The capacity 458 * could've been changed multiple times already so we only know 459 * nr <= capacity. If nr + nr_lower > capacity we realloc, 460 * otherwise nr <= nr_lower <= capacity holds already. 461 */ 462 nr_lower += ctx->nr; 463 if (nr_lower > ctx->capacity) { 464 err = -ENOMEM; 465 l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower), 466 GFP_KERNEL_ACCOUNT); 467 if (!l) 468 goto out_err; 469 470 ctx->lower = l; 471 ctx->capacity = nr_lower; 472 } 473 474 /* 475 * (3) By (1) and (2) we know nr <= nr_lower <= capacity. 476 * (4) If ctx->nr == 0 => replace 477 * We have verified above that the lowerdir mount option 478 * isn't an append, i.e., the lowerdir mount option 479 * doesn't start with ":" or "::". 480 * (4.1) The lowerdir mount options only contains regular lower 481 * layers ":". 482 * => Nothing to verify. 483 * (4.2) The lowerdir mount options contains regular ":" and 484 * data "::" layers. 485 * => We need to verify that data lower layers "::" aren't 486 * followed by regular ":" lower layers 487 * (5) If ctx->nr > 0 => append 488 * We know that there's at least one regular layer 489 * otherwise we would've failed when parsing the previous 490 * lowerdir mount option. 491 * (5.1) The lowerdir mount option is a regular layer ":" append 492 * => We need to verify that no data layers have been 493 * specified before. 494 * (5.2) The lowerdir mount option is a data layer "::" append 495 * We know that there's at least one regular layer or 496 * other data layers. => There's nothing to verify. 497 */ 498 dup_iter = dup; 499 for (nr = ctx->nr; nr < nr_lower; nr++) { 500 l = &ctx->lower[nr]; 501 memset(l, 0, sizeof(*l)); 502 503 err = ovl_mount_dir_noesc(dup_iter, &l->path); 504 if (err) 505 goto out_put; 506 507 err = -ENOMEM; 508 l->name = kstrdup(dup_iter, GFP_KERNEL_ACCOUNT); 509 if (!l->name) 510 goto out_put; 511 512 if (data_layer) 513 nr_data++; 514 515 /* Calling strchr() again would overrun. */ 516 if ((nr + 1) == nr_lower) 517 break; 518 519 err = -EINVAL; 520 dup_iter = strchr(dup_iter, '\0') + 1; 521 if (*dup_iter) { 522 /* 523 * This is a regular layer so we require that 524 * there are no data layers. 525 */ 526 if ((ctx->nr_data + nr_data) > 0) { 527 pr_err("regular lower layers cannot follow data lower layers"); 528 goto out_put; 529 } 530 531 data_layer = false; 532 continue; 533 } 534 535 /* This is a data lower layer. */ 536 data_layer = true; 537 dup_iter++; 538 } 539 ctx->nr = nr_lower; 540 ctx->nr_data += nr_data; 541 kfree(dup); 542 return 0; 543 544 out_put: 545 /* 546 * We know nr >= ctx->nr < nr_lower. If we failed somewhere 547 * we want to undo until nr == ctx->nr. This is correct for 548 * both ctx->nr == 0 and ctx->nr > 0. 549 */ 550 for (; nr >= ctx->nr; nr--) { 551 l = &ctx->lower[nr]; 552 kfree(l->name); 553 l->name = NULL; 554 path_put(&l->path); 555 556 /* don't overflow */ 557 if (nr == 0) 558 break; 559 } 560 561 out_err: 562 kfree(dup); 563 564 /* Intentionally don't realloc to a smaller size. */ 565 return err; 566 } 567 568 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 569 { 570 int err = 0; 571 struct fs_parse_result result; 572 struct ovl_fs *ofs = fc->s_fs_info; 573 struct ovl_config *config = &ofs->config; 574 struct ovl_fs_context *ctx = fc->fs_private; 575 int opt; 576 577 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 578 /* 579 * On remount overlayfs has always ignored all mount 580 * options no matter if malformed or not so for 581 * backwards compatibility we do the same here. 582 */ 583 if (fc->oldapi) 584 return 0; 585 586 /* 587 * Give us the freedom to allow changing mount options 588 * with the new mount api in the future. So instead of 589 * silently ignoring everything we report a proper 590 * error. This is only visible for users of the new 591 * mount api. 592 */ 593 return invalfc(fc, "No changes allowed in reconfigure"); 594 } 595 596 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 597 if (opt < 0) 598 return opt; 599 600 switch (opt) { 601 case Opt_lowerdir: 602 err = ovl_parse_param_lowerdir(param->string, fc); 603 break; 604 case Opt_upperdir: 605 fallthrough; 606 case Opt_workdir: 607 err = ovl_parse_param_upperdir(param->string, fc, 608 (Opt_workdir == opt)); 609 break; 610 case Opt_default_permissions: 611 config->default_permissions = true; 612 break; 613 case Opt_redirect_dir: 614 config->redirect_mode = result.uint_32; 615 if (config->redirect_mode == OVL_REDIRECT_OFF) { 616 config->redirect_mode = ovl_redirect_always_follow ? 617 OVL_REDIRECT_FOLLOW : 618 OVL_REDIRECT_NOFOLLOW; 619 } 620 ctx->set.redirect = true; 621 break; 622 case Opt_index: 623 config->index = result.uint_32; 624 ctx->set.index = true; 625 break; 626 case Opt_uuid: 627 config->uuid = result.uint_32; 628 break; 629 case Opt_nfs_export: 630 config->nfs_export = result.uint_32; 631 ctx->set.nfs_export = true; 632 break; 633 case Opt_xino: 634 config->xino = result.uint_32; 635 break; 636 case Opt_metacopy: 637 config->metacopy = result.uint_32; 638 ctx->set.metacopy = true; 639 break; 640 case Opt_verity: 641 config->verity_mode = result.uint_32; 642 break; 643 case Opt_volatile: 644 config->ovl_volatile = true; 645 break; 646 case Opt_userxattr: 647 config->userxattr = true; 648 break; 649 default: 650 pr_err("unrecognized mount option \"%s\" or missing value\n", 651 param->key); 652 return -EINVAL; 653 } 654 655 return err; 656 } 657 658 static int ovl_get_tree(struct fs_context *fc) 659 { 660 return get_tree_nodev(fc, ovl_fill_super); 661 } 662 663 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 664 { 665 ovl_parse_param_drop_lowerdir(ctx); 666 path_put(&ctx->upper); 667 path_put(&ctx->work); 668 kfree(ctx->lower); 669 kfree(ctx); 670 } 671 672 static void ovl_free(struct fs_context *fc) 673 { 674 struct ovl_fs *ofs = fc->s_fs_info; 675 struct ovl_fs_context *ctx = fc->fs_private; 676 677 /* 678 * ofs is stored in the fs_context when it is initialized. 679 * ofs is transferred to the superblock on a successful mount, 680 * but if an error occurs before the transfer we have to free 681 * it here. 682 */ 683 if (ofs) 684 ovl_free_fs(ofs); 685 686 if (ctx) 687 ovl_fs_context_free(ctx); 688 } 689 690 static int ovl_reconfigure(struct fs_context *fc) 691 { 692 struct super_block *sb = fc->root->d_sb; 693 struct ovl_fs *ofs = OVL_FS(sb); 694 struct super_block *upper_sb; 695 int ret = 0; 696 697 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 698 return -EROFS; 699 700 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 701 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 702 if (ovl_should_sync(ofs)) { 703 down_read(&upper_sb->s_umount); 704 ret = sync_filesystem(upper_sb); 705 up_read(&upper_sb->s_umount); 706 } 707 } 708 709 return ret; 710 } 711 712 static const struct fs_context_operations ovl_context_ops = { 713 .parse_monolithic = ovl_parse_monolithic, 714 .parse_param = ovl_parse_param, 715 .get_tree = ovl_get_tree, 716 .reconfigure = ovl_reconfigure, 717 .free = ovl_free, 718 }; 719 720 /* 721 * This is called during fsopen() and will record the user namespace of 722 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 723 * need it when we actually create the superblock to verify that the 724 * process creating the superblock is in the same user namespace as 725 * process that called fsopen(). 726 */ 727 int ovl_init_fs_context(struct fs_context *fc) 728 { 729 struct ovl_fs_context *ctx; 730 struct ovl_fs *ofs; 731 732 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 733 if (!ctx) 734 return -ENOMEM; 735 736 /* 737 * By default we allocate for three lower layers. It's likely 738 * that it'll cover most users. 739 */ 740 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 741 if (!ctx->lower) 742 goto out_err; 743 ctx->capacity = 3; 744 745 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 746 if (!ofs) 747 goto out_err; 748 749 ofs->config.redirect_mode = ovl_redirect_mode_def(); 750 ofs->config.index = ovl_index_def; 751 ofs->config.uuid = ovl_uuid_def(); 752 ofs->config.nfs_export = ovl_nfs_export_def; 753 ofs->config.xino = ovl_xino_def(); 754 ofs->config.metacopy = ovl_metacopy_def; 755 756 fc->s_fs_info = ofs; 757 fc->fs_private = ctx; 758 fc->ops = &ovl_context_ops; 759 return 0; 760 761 out_err: 762 ovl_fs_context_free(ctx); 763 return -ENOMEM; 764 765 } 766 767 void ovl_free_fs(struct ovl_fs *ofs) 768 { 769 struct vfsmount **mounts; 770 unsigned i; 771 772 iput(ofs->workbasedir_trap); 773 iput(ofs->indexdir_trap); 774 iput(ofs->workdir_trap); 775 dput(ofs->whiteout); 776 dput(ofs->indexdir); 777 dput(ofs->workdir); 778 if (ofs->workdir_locked) 779 ovl_inuse_unlock(ofs->workbasedir); 780 dput(ofs->workbasedir); 781 if (ofs->upperdir_locked) 782 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 783 784 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 785 mounts = (struct vfsmount **) ofs->config.lowerdirs; 786 for (i = 0; i < ofs->numlayer; i++) { 787 iput(ofs->layers[i].trap); 788 kfree(ofs->config.lowerdirs[i]); 789 mounts[i] = ofs->layers[i].mnt; 790 } 791 kern_unmount_array(mounts, ofs->numlayer); 792 kfree(ofs->layers); 793 for (i = 0; i < ofs->numfs; i++) 794 free_anon_bdev(ofs->fs[i].pseudo_dev); 795 kfree(ofs->fs); 796 797 kfree(ofs->config.lowerdirs); 798 kfree(ofs->config.upperdir); 799 kfree(ofs->config.workdir); 800 if (ofs->creator_cred) 801 put_cred(ofs->creator_cred); 802 kfree(ofs); 803 } 804 805 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 806 struct ovl_config *config) 807 { 808 struct ovl_opt_set set = ctx->set; 809 810 if (ctx->nr_data > 0 && !config->metacopy) { 811 pr_err("lower data-only dirs require metacopy support.\n"); 812 return -EINVAL; 813 } 814 815 /* Workdir/index are useless in non-upper mount */ 816 if (!config->upperdir) { 817 if (config->workdir) { 818 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 819 config->workdir); 820 kfree(config->workdir); 821 config->workdir = NULL; 822 } 823 if (config->index && set.index) { 824 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 825 set.index = false; 826 } 827 config->index = false; 828 } 829 830 if (!config->upperdir && config->ovl_volatile) { 831 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 832 config->ovl_volatile = false; 833 } 834 835 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 836 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 837 config->uuid = OVL_UUID_NULL; 838 } 839 840 /* Resolve verity -> metacopy dependency */ 841 if (config->verity_mode && !config->metacopy) { 842 /* Don't allow explicit specified conflicting combinations */ 843 if (set.metacopy) { 844 pr_err("conflicting options: metacopy=off,verity=%s\n", 845 ovl_verity_mode(config)); 846 return -EINVAL; 847 } 848 /* Otherwise automatically enable metacopy. */ 849 config->metacopy = true; 850 } 851 852 /* 853 * This is to make the logic below simpler. It doesn't make any other 854 * difference, since redirect_dir=on is only used for upper. 855 */ 856 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 857 config->redirect_mode = OVL_REDIRECT_ON; 858 859 /* Resolve verity -> metacopy -> redirect_dir dependency */ 860 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 861 if (set.metacopy && set.redirect) { 862 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 863 ovl_redirect_mode(config)); 864 return -EINVAL; 865 } 866 if (config->verity_mode && set.redirect) { 867 pr_err("conflicting options: verity=%s,redirect_dir=%s\n", 868 ovl_verity_mode(config), ovl_redirect_mode(config)); 869 return -EINVAL; 870 } 871 if (set.redirect) { 872 /* 873 * There was an explicit redirect_dir=... that resulted 874 * in this conflict. 875 */ 876 pr_info("disabling metacopy due to redirect_dir=%s\n", 877 ovl_redirect_mode(config)); 878 config->metacopy = false; 879 } else { 880 /* Automatically enable redirect otherwise. */ 881 config->redirect_mode = OVL_REDIRECT_ON; 882 } 883 } 884 885 /* Resolve nfs_export -> index dependency */ 886 if (config->nfs_export && !config->index) { 887 if (!config->upperdir && 888 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 889 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 890 config->nfs_export = false; 891 } else if (set.nfs_export && set.index) { 892 pr_err("conflicting options: nfs_export=on,index=off\n"); 893 return -EINVAL; 894 } else if (set.index) { 895 /* 896 * There was an explicit index=off that resulted 897 * in this conflict. 898 */ 899 pr_info("disabling nfs_export due to index=off\n"); 900 config->nfs_export = false; 901 } else { 902 /* Automatically enable index otherwise. */ 903 config->index = true; 904 } 905 } 906 907 /* Resolve nfs_export -> !metacopy && !verity dependency */ 908 if (config->nfs_export && config->metacopy) { 909 if (set.nfs_export && set.metacopy) { 910 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 911 return -EINVAL; 912 } 913 if (set.metacopy) { 914 /* 915 * There was an explicit metacopy=on that resulted 916 * in this conflict. 917 */ 918 pr_info("disabling nfs_export due to metacopy=on\n"); 919 config->nfs_export = false; 920 } else if (config->verity_mode) { 921 /* 922 * There was an explicit verity=.. that resulted 923 * in this conflict. 924 */ 925 pr_info("disabling nfs_export due to verity=%s\n", 926 ovl_verity_mode(config)); 927 config->nfs_export = false; 928 } else { 929 /* 930 * There was an explicit nfs_export=on that resulted 931 * in this conflict. 932 */ 933 pr_info("disabling metacopy due to nfs_export=on\n"); 934 config->metacopy = false; 935 } 936 } 937 938 939 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ 940 if (config->userxattr) { 941 if (set.redirect && 942 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 943 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 944 ovl_redirect_mode(config)); 945 return -EINVAL; 946 } 947 if (config->metacopy && set.metacopy) { 948 pr_err("conflicting options: userxattr,metacopy=on\n"); 949 return -EINVAL; 950 } 951 if (config->verity_mode) { 952 pr_err("conflicting options: userxattr,verity=%s\n", 953 ovl_verity_mode(config)); 954 return -EINVAL; 955 } 956 /* 957 * Silently disable default setting of redirect and metacopy. 958 * This shall be the default in the future as well: these 959 * options must be explicitly enabled if used together with 960 * userxattr. 961 */ 962 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 963 config->metacopy = false; 964 } 965 966 return 0; 967 } 968 969 /** 970 * ovl_show_options 971 * @m: the seq_file handle 972 * @dentry: The dentry to query 973 * 974 * Prints the mount options for a given superblock. 975 * Returns zero; does not fail. 976 */ 977 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 978 { 979 struct super_block *sb = dentry->d_sb; 980 struct ovl_fs *ofs = OVL_FS(sb); 981 size_t nr, nr_merged_lower = ofs->numlayer - ofs->numdatalayer; 982 char **lowerdatadirs = &ofs->config.lowerdirs[nr_merged_lower]; 983 984 /* lowerdirs[] starts from offset 1 */ 985 seq_printf(m, ",lowerdir=%s", ofs->config.lowerdirs[1]); 986 /* dump regular lower layers */ 987 for (nr = 2; nr < nr_merged_lower; nr++) 988 seq_printf(m, ":%s", ofs->config.lowerdirs[nr]); 989 /* dump data lower layers */ 990 for (nr = 0; nr < ofs->numdatalayer; nr++) 991 seq_printf(m, "::%s", lowerdatadirs[nr]); 992 if (ofs->config.upperdir) { 993 seq_show_option(m, "upperdir", ofs->config.upperdir); 994 seq_show_option(m, "workdir", ofs->config.workdir); 995 } 996 if (ofs->config.default_permissions) 997 seq_puts(m, ",default_permissions"); 998 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 999 seq_printf(m, ",redirect_dir=%s", 1000 ovl_redirect_mode(&ofs->config)); 1001 if (ofs->config.index != ovl_index_def) 1002 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 1003 if (ofs->config.uuid != ovl_uuid_def()) 1004 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 1005 if (ofs->config.nfs_export != ovl_nfs_export_def) 1006 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 1007 "on" : "off"); 1008 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1009 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1010 if (ofs->config.metacopy != ovl_metacopy_def) 1011 seq_printf(m, ",metacopy=%s", 1012 ofs->config.metacopy ? "on" : "off"); 1013 if (ofs->config.ovl_volatile) 1014 seq_puts(m, ",volatile"); 1015 if (ofs->config.userxattr) 1016 seq_puts(m, ",userxattr"); 1017 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1018 seq_printf(m, ",verity=%s", 1019 ovl_verity_mode(&ofs->config)); 1020 return 0; 1021 } 1022