1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum { 47 Opt_lowerdir, 48 Opt_upperdir, 49 Opt_workdir, 50 Opt_default_permissions, 51 Opt_redirect_dir, 52 Opt_index, 53 Opt_uuid, 54 Opt_nfs_export, 55 Opt_userxattr, 56 Opt_xino, 57 Opt_metacopy, 58 Opt_verity, 59 Opt_volatile, 60 }; 61 62 static const struct constant_table ovl_parameter_bool[] = { 63 { "on", true }, 64 { "off", false }, 65 {} 66 }; 67 68 static const struct constant_table ovl_parameter_uuid[] = { 69 { "off", OVL_UUID_OFF }, 70 { "null", OVL_UUID_NULL }, 71 { "auto", OVL_UUID_AUTO }, 72 { "on", OVL_UUID_ON }, 73 {} 74 }; 75 76 static const char *ovl_uuid_mode(struct ovl_config *config) 77 { 78 return ovl_parameter_uuid[config->uuid].name; 79 } 80 81 static int ovl_uuid_def(void) 82 { 83 return OVL_UUID_AUTO; 84 } 85 86 static const struct constant_table ovl_parameter_xino[] = { 87 { "off", OVL_XINO_OFF }, 88 { "auto", OVL_XINO_AUTO }, 89 { "on", OVL_XINO_ON }, 90 {} 91 }; 92 93 const char *ovl_xino_mode(struct ovl_config *config) 94 { 95 return ovl_parameter_xino[config->xino].name; 96 } 97 98 static int ovl_xino_def(void) 99 { 100 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 101 } 102 103 const struct constant_table ovl_parameter_redirect_dir[] = { 104 { "off", OVL_REDIRECT_OFF }, 105 { "follow", OVL_REDIRECT_FOLLOW }, 106 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 107 { "on", OVL_REDIRECT_ON }, 108 {} 109 }; 110 111 static const char *ovl_redirect_mode(struct ovl_config *config) 112 { 113 return ovl_parameter_redirect_dir[config->redirect_mode].name; 114 } 115 116 static int ovl_redirect_mode_def(void) 117 { 118 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 119 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 120 OVL_REDIRECT_NOFOLLOW; 121 } 122 123 static const struct constant_table ovl_parameter_verity[] = { 124 { "off", OVL_VERITY_OFF }, 125 { "on", OVL_VERITY_ON }, 126 { "require", OVL_VERITY_REQUIRE }, 127 {} 128 }; 129 130 static const char *ovl_verity_mode(struct ovl_config *config) 131 { 132 return ovl_parameter_verity[config->verity_mode].name; 133 } 134 135 static int ovl_verity_mode_def(void) 136 { 137 return OVL_VERITY_OFF; 138 } 139 140 #define fsparam_string_empty(NAME, OPT) \ 141 __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) 142 143 const struct fs_parameter_spec ovl_parameter_spec[] = { 144 fsparam_string_empty("lowerdir", Opt_lowerdir), 145 fsparam_string("upperdir", Opt_upperdir), 146 fsparam_string("workdir", Opt_workdir), 147 fsparam_flag("default_permissions", Opt_default_permissions), 148 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 149 fsparam_enum("index", Opt_index, ovl_parameter_bool), 150 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 151 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 152 fsparam_flag("userxattr", Opt_userxattr), 153 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 154 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 155 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 156 fsparam_flag("volatile", Opt_volatile), 157 {} 158 }; 159 160 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 161 { 162 ssize_t nr_layers = 1, nr_colons = 0; 163 char *s, *d; 164 165 for (s = d = str;; s++, d++) { 166 if (*s == '\\') { 167 s++; 168 } else if (*s == ':') { 169 bool next_colon = (*(s + 1) == ':'); 170 171 nr_colons++; 172 if (nr_colons == 2 && next_colon) { 173 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 174 return -EINVAL; 175 } 176 /* count layers, not colons */ 177 if (!next_colon) 178 nr_layers++; 179 180 *d = '\0'; 181 continue; 182 } 183 184 *d = *s; 185 if (!*s) { 186 /* trailing colons */ 187 if (nr_colons) { 188 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 189 return -EINVAL; 190 } 191 break; 192 } 193 nr_colons = 0; 194 } 195 196 return nr_layers; 197 } 198 199 static int ovl_mount_dir_noesc(const char *name, struct path *path) 200 { 201 int err = -EINVAL; 202 203 if (!*name) { 204 pr_err("empty lowerdir\n"); 205 goto out; 206 } 207 err = kern_path(name, LOOKUP_FOLLOW, path); 208 if (err) { 209 pr_err("failed to resolve '%s': %i\n", name, err); 210 goto out; 211 } 212 err = -EINVAL; 213 if (ovl_dentry_weird(path->dentry)) { 214 pr_err("filesystem on '%s' not supported\n", name); 215 goto out_put; 216 } 217 if (!d_is_dir(path->dentry)) { 218 pr_err("'%s' not a directory\n", name); 219 goto out_put; 220 } 221 return 0; 222 223 out_put: 224 path_put_init(path); 225 out: 226 return err; 227 } 228 229 static void ovl_unescape(char *s) 230 { 231 char *d = s; 232 233 for (;; s++, d++) { 234 if (*s == '\\') 235 s++; 236 *d = *s; 237 if (!*s) 238 break; 239 } 240 } 241 242 static int ovl_mount_dir(const char *name, struct path *path) 243 { 244 int err = -ENOMEM; 245 char *tmp = kstrdup(name, GFP_KERNEL); 246 247 if (tmp) { 248 ovl_unescape(tmp); 249 err = ovl_mount_dir_noesc(tmp, path); 250 251 if (!err && path->dentry->d_flags & DCACHE_OP_REAL) { 252 pr_err("filesystem on '%s' not supported as upperdir\n", 253 tmp); 254 path_put_init(path); 255 err = -EINVAL; 256 } 257 kfree(tmp); 258 } 259 return err; 260 } 261 262 static int ovl_parse_param_upperdir(const char *name, struct fs_context *fc, 263 bool workdir) 264 { 265 int err; 266 struct ovl_fs *ofs = fc->s_fs_info; 267 struct ovl_config *config = &ofs->config; 268 struct ovl_fs_context *ctx = fc->fs_private; 269 struct path path; 270 char *dup; 271 272 err = ovl_mount_dir(name, &path); 273 if (err) 274 return err; 275 276 /* 277 * Check whether upper path is read-only here to report failures 278 * early. Don't forget to recheck when the superblock is created 279 * as the mount attributes could change. 280 */ 281 if (__mnt_is_readonly(path.mnt)) { 282 path_put(&path); 283 return -EINVAL; 284 } 285 286 dup = kstrdup(name, GFP_KERNEL); 287 if (!dup) { 288 path_put(&path); 289 return -ENOMEM; 290 } 291 292 if (workdir) { 293 kfree(config->workdir); 294 config->workdir = dup; 295 path_put(&ctx->work); 296 ctx->work = path; 297 } else { 298 kfree(config->upperdir); 299 config->upperdir = dup; 300 path_put(&ctx->upper); 301 ctx->upper = path; 302 } 303 return 0; 304 } 305 306 static void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx) 307 { 308 for (size_t nr = 0; nr < ctx->nr; nr++) { 309 path_put(&ctx->lower[nr].path); 310 kfree(ctx->lower[nr].name); 311 ctx->lower[nr].name = NULL; 312 } 313 ctx->nr = 0; 314 ctx->nr_data = 0; 315 } 316 317 /* 318 * Parse lowerdir= mount option: 319 * 320 * (1) lowerdir=/lower1:/lower2:/lower3::/data1::/data2 321 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 322 * "/data1" and "/data2" as data lower layers. Any existing lower 323 * layers are replaced. 324 * (2) lowerdir=:/lower4 325 * Append "/lower4" to current stack of lower layers. This requires 326 * that there already is at least one lower layer configured. 327 * (3) lowerdir=::/lower5 328 * Append data "/lower5" as data lower layer. This requires that 329 * there's at least one regular lower layer present. 330 */ 331 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 332 { 333 int err; 334 struct ovl_fs_context *ctx = fc->fs_private; 335 struct ovl_fs_context_layer *l; 336 char *dup = NULL, *dup_iter; 337 ssize_t nr_lower = 0, nr = 0, nr_data = 0; 338 bool append = false, data_layer = false; 339 340 /* 341 * Ensure we're backwards compatible with mount(2) 342 * by allowing relative paths. 343 */ 344 345 /* drop all existing lower layers */ 346 if (!*name) { 347 ovl_parse_param_drop_lowerdir(ctx); 348 return 0; 349 } 350 351 if (strncmp(name, "::", 2) == 0) { 352 /* 353 * This is a data layer. 354 * There must be at least one regular lower layer 355 * specified. 356 */ 357 if (ctx->nr == 0) { 358 pr_err("data lower layers without regular lower layers not allowed"); 359 return -EINVAL; 360 } 361 362 /* Skip the leading "::". */ 363 name += 2; 364 data_layer = true; 365 /* 366 * A data layer is automatically an append as there 367 * must've been at least one regular lower layer. 368 */ 369 append = true; 370 } else if (*name == ':') { 371 /* 372 * This is a regular lower layer. 373 * If users want to append a layer enforce that they 374 * have already specified a first layer before. It's 375 * better to be strict. 376 */ 377 if (ctx->nr == 0) { 378 pr_err("cannot append layer if no previous layer has been specified"); 379 return -EINVAL; 380 } 381 382 /* 383 * Once a sequence of data layers has started regular 384 * lower layers are forbidden. 385 */ 386 if (ctx->nr_data > 0) { 387 pr_err("regular lower layers cannot follow data lower layers"); 388 return -EINVAL; 389 } 390 391 /* Skip the leading ":". */ 392 name++; 393 append = true; 394 } 395 396 dup = kstrdup(name, GFP_KERNEL); 397 if (!dup) 398 return -ENOMEM; 399 400 err = -EINVAL; 401 nr_lower = ovl_parse_param_split_lowerdirs(dup); 402 if (nr_lower < 0) 403 goto out_err; 404 405 if ((nr_lower > OVL_MAX_STACK) || 406 (append && (size_add(ctx->nr, nr_lower) > OVL_MAX_STACK))) { 407 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 408 goto out_err; 409 } 410 411 if (!append) 412 ovl_parse_param_drop_lowerdir(ctx); 413 414 /* 415 * (1) append 416 * 417 * We want nr <= nr_lower <= capacity We know nr > 0 and nr <= 418 * capacity. If nr == 0 this wouldn't be append. If nr + 419 * nr_lower is <= capacity then nr <= nr_lower <= capacity 420 * already holds. If nr + nr_lower exceeds capacity, we realloc. 421 * 422 * (2) replace 423 * 424 * Ensure we're backwards compatible with mount(2) which allows 425 * "lowerdir=/a:/b:/c,lowerdir=/d:/e:/f" causing the last 426 * specified lowerdir mount option to win. 427 * 428 * We want nr <= nr_lower <= capacity We know either (i) nr == 0 429 * or (ii) nr > 0. We also know nr_lower > 0. The capacity 430 * could've been changed multiple times already so we only know 431 * nr <= capacity. If nr + nr_lower > capacity we realloc, 432 * otherwise nr <= nr_lower <= capacity holds already. 433 */ 434 nr_lower += ctx->nr; 435 if (nr_lower > ctx->capacity) { 436 err = -ENOMEM; 437 l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower), 438 GFP_KERNEL_ACCOUNT); 439 if (!l) 440 goto out_err; 441 442 ctx->lower = l; 443 ctx->capacity = nr_lower; 444 } 445 446 /* 447 * (3) By (1) and (2) we know nr <= nr_lower <= capacity. 448 * (4) If ctx->nr == 0 => replace 449 * We have verified above that the lowerdir mount option 450 * isn't an append, i.e., the lowerdir mount option 451 * doesn't start with ":" or "::". 452 * (4.1) The lowerdir mount options only contains regular lower 453 * layers ":". 454 * => Nothing to verify. 455 * (4.2) The lowerdir mount options contains regular ":" and 456 * data "::" layers. 457 * => We need to verify that data lower layers "::" aren't 458 * followed by regular ":" lower layers 459 * (5) If ctx->nr > 0 => append 460 * We know that there's at least one regular layer 461 * otherwise we would've failed when parsing the previous 462 * lowerdir mount option. 463 * (5.1) The lowerdir mount option is a regular layer ":" append 464 * => We need to verify that no data layers have been 465 * specified before. 466 * (5.2) The lowerdir mount option is a data layer "::" append 467 * We know that there's at least one regular layer or 468 * other data layers. => There's nothing to verify. 469 */ 470 dup_iter = dup; 471 for (nr = ctx->nr; nr < nr_lower; nr++) { 472 l = &ctx->lower[nr]; 473 memset(l, 0, sizeof(*l)); 474 475 err = ovl_mount_dir_noesc(dup_iter, &l->path); 476 if (err) 477 goto out_put; 478 479 err = -ENOMEM; 480 l->name = kstrdup(dup_iter, GFP_KERNEL_ACCOUNT); 481 if (!l->name) 482 goto out_put; 483 484 if (data_layer) 485 nr_data++; 486 487 /* Calling strchr() again would overrun. */ 488 if ((nr + 1) == nr_lower) 489 break; 490 491 err = -EINVAL; 492 dup_iter = strchr(dup_iter, '\0') + 1; 493 if (*dup_iter) { 494 /* 495 * This is a regular layer so we require that 496 * there are no data layers. 497 */ 498 if ((ctx->nr_data + nr_data) > 0) { 499 pr_err("regular lower layers cannot follow data lower layers"); 500 goto out_put; 501 } 502 503 data_layer = false; 504 continue; 505 } 506 507 /* This is a data lower layer. */ 508 data_layer = true; 509 dup_iter++; 510 } 511 ctx->nr = nr_lower; 512 ctx->nr_data += nr_data; 513 kfree(dup); 514 return 0; 515 516 out_put: 517 /* 518 * We know nr >= ctx->nr < nr_lower. If we failed somewhere 519 * we want to undo until nr == ctx->nr. This is correct for 520 * both ctx->nr == 0 and ctx->nr > 0. 521 */ 522 for (; nr >= ctx->nr; nr--) { 523 l = &ctx->lower[nr]; 524 kfree(l->name); 525 l->name = NULL; 526 path_put(&l->path); 527 528 /* don't overflow */ 529 if (nr == 0) 530 break; 531 } 532 533 out_err: 534 kfree(dup); 535 536 /* Intentionally don't realloc to a smaller size. */ 537 return err; 538 } 539 540 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 541 { 542 int err = 0; 543 struct fs_parse_result result; 544 struct ovl_fs *ofs = fc->s_fs_info; 545 struct ovl_config *config = &ofs->config; 546 struct ovl_fs_context *ctx = fc->fs_private; 547 int opt; 548 549 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 550 /* 551 * On remount overlayfs has always ignored all mount 552 * options no matter if malformed or not so for 553 * backwards compatibility we do the same here. 554 */ 555 if (fc->oldapi) 556 return 0; 557 558 /* 559 * Give us the freedom to allow changing mount options 560 * with the new mount api in the future. So instead of 561 * silently ignoring everything we report a proper 562 * error. This is only visible for users of the new 563 * mount api. 564 */ 565 return invalfc(fc, "No changes allowed in reconfigure"); 566 } 567 568 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 569 if (opt < 0) 570 return opt; 571 572 switch (opt) { 573 case Opt_lowerdir: 574 err = ovl_parse_param_lowerdir(param->string, fc); 575 break; 576 case Opt_upperdir: 577 fallthrough; 578 case Opt_workdir: 579 err = ovl_parse_param_upperdir(param->string, fc, 580 (Opt_workdir == opt)); 581 break; 582 case Opt_default_permissions: 583 config->default_permissions = true; 584 break; 585 case Opt_redirect_dir: 586 config->redirect_mode = result.uint_32; 587 if (config->redirect_mode == OVL_REDIRECT_OFF) { 588 config->redirect_mode = ovl_redirect_always_follow ? 589 OVL_REDIRECT_FOLLOW : 590 OVL_REDIRECT_NOFOLLOW; 591 } 592 ctx->set.redirect = true; 593 break; 594 case Opt_index: 595 config->index = result.uint_32; 596 ctx->set.index = true; 597 break; 598 case Opt_uuid: 599 config->uuid = result.uint_32; 600 break; 601 case Opt_nfs_export: 602 config->nfs_export = result.uint_32; 603 ctx->set.nfs_export = true; 604 break; 605 case Opt_xino: 606 config->xino = result.uint_32; 607 break; 608 case Opt_metacopy: 609 config->metacopy = result.uint_32; 610 ctx->set.metacopy = true; 611 break; 612 case Opt_verity: 613 config->verity_mode = result.uint_32; 614 break; 615 case Opt_volatile: 616 config->ovl_volatile = true; 617 break; 618 case Opt_userxattr: 619 config->userxattr = true; 620 break; 621 default: 622 pr_err("unrecognized mount option \"%s\" or missing value\n", 623 param->key); 624 return -EINVAL; 625 } 626 627 return err; 628 } 629 630 static int ovl_get_tree(struct fs_context *fc) 631 { 632 return get_tree_nodev(fc, ovl_fill_super); 633 } 634 635 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 636 { 637 ovl_parse_param_drop_lowerdir(ctx); 638 path_put(&ctx->upper); 639 path_put(&ctx->work); 640 kfree(ctx->lower); 641 kfree(ctx); 642 } 643 644 static void ovl_free(struct fs_context *fc) 645 { 646 struct ovl_fs *ofs = fc->s_fs_info; 647 struct ovl_fs_context *ctx = fc->fs_private; 648 649 /* 650 * ofs is stored in the fs_context when it is initialized. 651 * ofs is transferred to the superblock on a successful mount, 652 * but if an error occurs before the transfer we have to free 653 * it here. 654 */ 655 if (ofs) 656 ovl_free_fs(ofs); 657 658 if (ctx) 659 ovl_fs_context_free(ctx); 660 } 661 662 static int ovl_reconfigure(struct fs_context *fc) 663 { 664 struct super_block *sb = fc->root->d_sb; 665 struct ovl_fs *ofs = OVL_FS(sb); 666 struct super_block *upper_sb; 667 int ret = 0; 668 669 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 670 return -EROFS; 671 672 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 673 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 674 if (ovl_should_sync(ofs)) { 675 down_read(&upper_sb->s_umount); 676 ret = sync_filesystem(upper_sb); 677 up_read(&upper_sb->s_umount); 678 } 679 } 680 681 return ret; 682 } 683 684 static const struct fs_context_operations ovl_context_ops = { 685 .parse_param = ovl_parse_param, 686 .get_tree = ovl_get_tree, 687 .reconfigure = ovl_reconfigure, 688 .free = ovl_free, 689 }; 690 691 /* 692 * This is called during fsopen() and will record the user namespace of 693 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 694 * need it when we actually create the superblock to verify that the 695 * process creating the superblock is in the same user namespace as 696 * process that called fsopen(). 697 */ 698 int ovl_init_fs_context(struct fs_context *fc) 699 { 700 struct ovl_fs_context *ctx; 701 struct ovl_fs *ofs; 702 703 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 704 if (!ctx) 705 return -ENOMEM; 706 707 /* 708 * By default we allocate for three lower layers. It's likely 709 * that it'll cover most users. 710 */ 711 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 712 if (!ctx->lower) 713 goto out_err; 714 ctx->capacity = 3; 715 716 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 717 if (!ofs) 718 goto out_err; 719 720 ofs->config.redirect_mode = ovl_redirect_mode_def(); 721 ofs->config.index = ovl_index_def; 722 ofs->config.uuid = ovl_uuid_def(); 723 ofs->config.nfs_export = ovl_nfs_export_def; 724 ofs->config.xino = ovl_xino_def(); 725 ofs->config.metacopy = ovl_metacopy_def; 726 727 fc->s_fs_info = ofs; 728 fc->fs_private = ctx; 729 fc->ops = &ovl_context_ops; 730 return 0; 731 732 out_err: 733 ovl_fs_context_free(ctx); 734 return -ENOMEM; 735 736 } 737 738 void ovl_free_fs(struct ovl_fs *ofs) 739 { 740 struct vfsmount **mounts; 741 unsigned i; 742 743 iput(ofs->workbasedir_trap); 744 iput(ofs->indexdir_trap); 745 iput(ofs->workdir_trap); 746 dput(ofs->whiteout); 747 dput(ofs->indexdir); 748 dput(ofs->workdir); 749 if (ofs->workdir_locked) 750 ovl_inuse_unlock(ofs->workbasedir); 751 dput(ofs->workbasedir); 752 if (ofs->upperdir_locked) 753 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 754 755 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 756 mounts = (struct vfsmount **) ofs->config.lowerdirs; 757 for (i = 0; i < ofs->numlayer; i++) { 758 iput(ofs->layers[i].trap); 759 kfree(ofs->config.lowerdirs[i]); 760 mounts[i] = ofs->layers[i].mnt; 761 } 762 kern_unmount_array(mounts, ofs->numlayer); 763 kfree(ofs->layers); 764 for (i = 0; i < ofs->numfs; i++) 765 free_anon_bdev(ofs->fs[i].pseudo_dev); 766 kfree(ofs->fs); 767 768 kfree(ofs->config.lowerdirs); 769 kfree(ofs->config.upperdir); 770 kfree(ofs->config.workdir); 771 if (ofs->creator_cred) 772 put_cred(ofs->creator_cred); 773 kfree(ofs); 774 } 775 776 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 777 struct ovl_config *config) 778 { 779 struct ovl_opt_set set = ctx->set; 780 781 if (ctx->nr_data > 0 && !config->metacopy) { 782 pr_err("lower data-only dirs require metacopy support.\n"); 783 return -EINVAL; 784 } 785 786 /* Workdir/index are useless in non-upper mount */ 787 if (!config->upperdir) { 788 if (config->workdir) { 789 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 790 config->workdir); 791 kfree(config->workdir); 792 config->workdir = NULL; 793 } 794 if (config->index && set.index) { 795 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 796 set.index = false; 797 } 798 config->index = false; 799 } 800 801 if (!config->upperdir && config->ovl_volatile) { 802 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 803 config->ovl_volatile = false; 804 } 805 806 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 807 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 808 config->uuid = OVL_UUID_NULL; 809 } 810 811 /* Resolve verity -> metacopy dependency */ 812 if (config->verity_mode && !config->metacopy) { 813 /* Don't allow explicit specified conflicting combinations */ 814 if (set.metacopy) { 815 pr_err("conflicting options: metacopy=off,verity=%s\n", 816 ovl_verity_mode(config)); 817 return -EINVAL; 818 } 819 /* Otherwise automatically enable metacopy. */ 820 config->metacopy = true; 821 } 822 823 /* 824 * This is to make the logic below simpler. It doesn't make any other 825 * difference, since redirect_dir=on is only used for upper. 826 */ 827 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 828 config->redirect_mode = OVL_REDIRECT_ON; 829 830 /* Resolve verity -> metacopy -> redirect_dir dependency */ 831 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 832 if (set.metacopy && set.redirect) { 833 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 834 ovl_redirect_mode(config)); 835 return -EINVAL; 836 } 837 if (config->verity_mode && set.redirect) { 838 pr_err("conflicting options: verity=%s,redirect_dir=%s\n", 839 ovl_verity_mode(config), ovl_redirect_mode(config)); 840 return -EINVAL; 841 } 842 if (set.redirect) { 843 /* 844 * There was an explicit redirect_dir=... that resulted 845 * in this conflict. 846 */ 847 pr_info("disabling metacopy due to redirect_dir=%s\n", 848 ovl_redirect_mode(config)); 849 config->metacopy = false; 850 } else { 851 /* Automatically enable redirect otherwise. */ 852 config->redirect_mode = OVL_REDIRECT_ON; 853 } 854 } 855 856 /* Resolve nfs_export -> index dependency */ 857 if (config->nfs_export && !config->index) { 858 if (!config->upperdir && 859 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 860 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 861 config->nfs_export = false; 862 } else if (set.nfs_export && set.index) { 863 pr_err("conflicting options: nfs_export=on,index=off\n"); 864 return -EINVAL; 865 } else if (set.index) { 866 /* 867 * There was an explicit index=off that resulted 868 * in this conflict. 869 */ 870 pr_info("disabling nfs_export due to index=off\n"); 871 config->nfs_export = false; 872 } else { 873 /* Automatically enable index otherwise. */ 874 config->index = true; 875 } 876 } 877 878 /* Resolve nfs_export -> !metacopy && !verity dependency */ 879 if (config->nfs_export && config->metacopy) { 880 if (set.nfs_export && set.metacopy) { 881 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 882 return -EINVAL; 883 } 884 if (set.metacopy) { 885 /* 886 * There was an explicit metacopy=on that resulted 887 * in this conflict. 888 */ 889 pr_info("disabling nfs_export due to metacopy=on\n"); 890 config->nfs_export = false; 891 } else if (config->verity_mode) { 892 /* 893 * There was an explicit verity=.. that resulted 894 * in this conflict. 895 */ 896 pr_info("disabling nfs_export due to verity=%s\n", 897 ovl_verity_mode(config)); 898 config->nfs_export = false; 899 } else { 900 /* 901 * There was an explicit nfs_export=on that resulted 902 * in this conflict. 903 */ 904 pr_info("disabling metacopy due to nfs_export=on\n"); 905 config->metacopy = false; 906 } 907 } 908 909 910 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ 911 if (config->userxattr) { 912 if (set.redirect && 913 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 914 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 915 ovl_redirect_mode(config)); 916 return -EINVAL; 917 } 918 if (config->metacopy && set.metacopy) { 919 pr_err("conflicting options: userxattr,metacopy=on\n"); 920 return -EINVAL; 921 } 922 if (config->verity_mode) { 923 pr_err("conflicting options: userxattr,verity=%s\n", 924 ovl_verity_mode(config)); 925 return -EINVAL; 926 } 927 /* 928 * Silently disable default setting of redirect and metacopy. 929 * This shall be the default in the future as well: these 930 * options must be explicitly enabled if used together with 931 * userxattr. 932 */ 933 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 934 config->metacopy = false; 935 } 936 937 return 0; 938 } 939 940 /** 941 * ovl_show_options 942 * @m: the seq_file handle 943 * @dentry: The dentry to query 944 * 945 * Prints the mount options for a given superblock. 946 * Returns zero; does not fail. 947 */ 948 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 949 { 950 struct super_block *sb = dentry->d_sb; 951 struct ovl_fs *ofs = OVL_FS(sb); 952 size_t nr, nr_merged_lower = ofs->numlayer - ofs->numdatalayer; 953 char **lowerdatadirs = &ofs->config.lowerdirs[nr_merged_lower]; 954 955 /* lowerdirs[] starts from offset 1 */ 956 seq_printf(m, ",lowerdir=%s", ofs->config.lowerdirs[1]); 957 /* dump regular lower layers */ 958 for (nr = 2; nr < nr_merged_lower; nr++) 959 seq_printf(m, ":%s", ofs->config.lowerdirs[nr]); 960 /* dump data lower layers */ 961 for (nr = 0; nr < ofs->numdatalayer; nr++) 962 seq_printf(m, "::%s", lowerdatadirs[nr]); 963 if (ofs->config.upperdir) { 964 seq_show_option(m, "upperdir", ofs->config.upperdir); 965 seq_show_option(m, "workdir", ofs->config.workdir); 966 } 967 if (ofs->config.default_permissions) 968 seq_puts(m, ",default_permissions"); 969 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 970 seq_printf(m, ",redirect_dir=%s", 971 ovl_redirect_mode(&ofs->config)); 972 if (ofs->config.index != ovl_index_def) 973 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 974 if (ofs->config.uuid != ovl_uuid_def()) 975 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 976 if (ofs->config.nfs_export != ovl_nfs_export_def) 977 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 978 "on" : "off"); 979 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 980 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 981 if (ofs->config.metacopy != ovl_metacopy_def) 982 seq_printf(m, ",metacopy=%s", 983 ofs->config.metacopy ? "on" : "off"); 984 if (ofs->config.ovl_volatile) 985 seq_puts(m, ",volatile"); 986 if (ofs->config.userxattr) 987 seq_puts(m, ",userxattr"); 988 if (ofs->config.verity_mode != ovl_verity_mode_def()) 989 seq_printf(m, ",verity=%s", 990 ovl_verity_mode(&ofs->config)); 991 return 0; 992 } 993