1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum ovl_opt { 47 Opt_lowerdir, 48 Opt_lowerdir_add, 49 Opt_datadir_add, 50 Opt_upperdir, 51 Opt_workdir, 52 Opt_default_permissions, 53 Opt_redirect_dir, 54 Opt_index, 55 Opt_uuid, 56 Opt_nfs_export, 57 Opt_userxattr, 58 Opt_xino, 59 Opt_metacopy, 60 Opt_verity, 61 Opt_volatile, 62 }; 63 64 static const struct constant_table ovl_parameter_bool[] = { 65 { "on", true }, 66 { "off", false }, 67 {} 68 }; 69 70 static const struct constant_table ovl_parameter_uuid[] = { 71 { "off", OVL_UUID_OFF }, 72 { "null", OVL_UUID_NULL }, 73 { "auto", OVL_UUID_AUTO }, 74 { "on", OVL_UUID_ON }, 75 {} 76 }; 77 78 static const char *ovl_uuid_mode(struct ovl_config *config) 79 { 80 return ovl_parameter_uuid[config->uuid].name; 81 } 82 83 static int ovl_uuid_def(void) 84 { 85 return OVL_UUID_AUTO; 86 } 87 88 static const struct constant_table ovl_parameter_xino[] = { 89 { "off", OVL_XINO_OFF }, 90 { "auto", OVL_XINO_AUTO }, 91 { "on", OVL_XINO_ON }, 92 {} 93 }; 94 95 const char *ovl_xino_mode(struct ovl_config *config) 96 { 97 return ovl_parameter_xino[config->xino].name; 98 } 99 100 static int ovl_xino_def(void) 101 { 102 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 103 } 104 105 const struct constant_table ovl_parameter_redirect_dir[] = { 106 { "off", OVL_REDIRECT_OFF }, 107 { "follow", OVL_REDIRECT_FOLLOW }, 108 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 109 { "on", OVL_REDIRECT_ON }, 110 {} 111 }; 112 113 static const char *ovl_redirect_mode(struct ovl_config *config) 114 { 115 return ovl_parameter_redirect_dir[config->redirect_mode].name; 116 } 117 118 static int ovl_redirect_mode_def(void) 119 { 120 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 121 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 122 OVL_REDIRECT_NOFOLLOW; 123 } 124 125 static const struct constant_table ovl_parameter_verity[] = { 126 { "off", OVL_VERITY_OFF }, 127 { "on", OVL_VERITY_ON }, 128 { "require", OVL_VERITY_REQUIRE }, 129 {} 130 }; 131 132 static const char *ovl_verity_mode(struct ovl_config *config) 133 { 134 return ovl_parameter_verity[config->verity_mode].name; 135 } 136 137 static int ovl_verity_mode_def(void) 138 { 139 return OVL_VERITY_OFF; 140 } 141 142 #define fsparam_string_empty(NAME, OPT) \ 143 __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) 144 145 146 const struct fs_parameter_spec ovl_parameter_spec[] = { 147 fsparam_string_empty("lowerdir", Opt_lowerdir), 148 fsparam_string("lowerdir+", Opt_lowerdir_add), 149 fsparam_string("datadir+", Opt_datadir_add), 150 fsparam_string("upperdir", Opt_upperdir), 151 fsparam_string("workdir", Opt_workdir), 152 fsparam_flag("default_permissions", Opt_default_permissions), 153 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 154 fsparam_enum("index", Opt_index, ovl_parameter_bool), 155 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 156 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 157 fsparam_flag("userxattr", Opt_userxattr), 158 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 159 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 160 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 161 fsparam_flag("volatile", Opt_volatile), 162 {} 163 }; 164 165 static char *ovl_next_opt(char **s) 166 { 167 char *sbegin = *s; 168 char *p; 169 170 if (sbegin == NULL) 171 return NULL; 172 173 for (p = sbegin; *p; p++) { 174 if (*p == '\\') { 175 p++; 176 if (!*p) 177 break; 178 } else if (*p == ',') { 179 *p = '\0'; 180 *s = p + 1; 181 return sbegin; 182 } 183 } 184 *s = NULL; 185 return sbegin; 186 } 187 188 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 189 { 190 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 191 } 192 193 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 194 { 195 ssize_t nr_layers = 1, nr_colons = 0; 196 char *s, *d; 197 198 for (s = d = str;; s++, d++) { 199 if (*s == '\\') { 200 /* keep esc chars in split lowerdir */ 201 *d++ = *s++; 202 } else if (*s == ':') { 203 bool next_colon = (*(s + 1) == ':'); 204 205 nr_colons++; 206 if (nr_colons == 2 && next_colon) { 207 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 208 return -EINVAL; 209 } 210 /* count layers, not colons */ 211 if (!next_colon) 212 nr_layers++; 213 214 *d = '\0'; 215 continue; 216 } 217 218 *d = *s; 219 if (!*s) { 220 /* trailing colons */ 221 if (nr_colons) { 222 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 223 return -EINVAL; 224 } 225 break; 226 } 227 nr_colons = 0; 228 } 229 230 return nr_layers; 231 } 232 233 static int ovl_mount_dir_noesc(const char *name, struct path *path) 234 { 235 int err = -EINVAL; 236 237 if (!*name) { 238 pr_err("empty lowerdir\n"); 239 goto out; 240 } 241 err = kern_path(name, LOOKUP_FOLLOW, path); 242 if (err) { 243 pr_err("failed to resolve '%s': %i\n", name, err); 244 goto out; 245 } 246 return 0; 247 248 out: 249 return err; 250 } 251 252 static void ovl_unescape(char *s) 253 { 254 char *d = s; 255 256 for (;; s++, d++) { 257 if (*s == '\\') 258 s++; 259 *d = *s; 260 if (!*s) 261 break; 262 } 263 } 264 265 static int ovl_mount_dir(const char *name, struct path *path) 266 { 267 int err = -ENOMEM; 268 char *tmp = kstrdup(name, GFP_KERNEL); 269 270 if (tmp) { 271 ovl_unescape(tmp); 272 err = ovl_mount_dir_noesc(tmp, path); 273 kfree(tmp); 274 } 275 return err; 276 } 277 278 static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path, 279 enum ovl_opt layer, const char *name, bool upper) 280 { 281 struct ovl_fs_context *ctx = fc->fs_private; 282 283 if (!d_is_dir(path->dentry)) 284 return invalfc(fc, "%s is not a directory", name); 285 286 /* 287 * Root dentries of case-insensitive capable filesystems might 288 * not have the dentry operations set, but still be incompatible 289 * with overlayfs. Check explicitly to prevent post-mount 290 * failures. 291 */ 292 if (sb_has_encoding(path->mnt->mnt_sb)) 293 return invalfc(fc, "case-insensitive capable filesystem on %s not supported", name); 294 295 if (ovl_dentry_weird(path->dentry)) 296 return invalfc(fc, "filesystem on %s not supported", name); 297 298 /* 299 * Check whether upper path is read-only here to report failures 300 * early. Don't forget to recheck when the superblock is created 301 * as the mount attributes could change. 302 */ 303 if (upper) { 304 if (path->dentry->d_flags & DCACHE_OP_REAL) 305 return invalfc(fc, "filesystem on %s not supported as upperdir", name); 306 if (__mnt_is_readonly(path->mnt)) 307 return invalfc(fc, "filesystem on %s is read-only", name); 308 } else { 309 if (ctx->lowerdir_all && layer != Opt_lowerdir) 310 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir"); 311 if (ctx->nr_data && layer == Opt_lowerdir_add) 312 return invalfc(fc, "regular lower layers cannot follow data layers"); 313 if (ctx->nr == OVL_MAX_STACK) 314 return invalfc(fc, "too many lower directories, limit is %d", 315 OVL_MAX_STACK); 316 } 317 return 0; 318 } 319 320 static int ovl_ctx_realloc_lower(struct fs_context *fc) 321 { 322 struct ovl_fs_context *ctx = fc->fs_private; 323 struct ovl_fs_context_layer *l; 324 size_t nr; 325 326 if (ctx->nr < ctx->capacity) 327 return 0; 328 329 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2), 330 OVL_MAX_STACK); 331 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT); 332 if (!l) 333 return -ENOMEM; 334 335 ctx->lower = l; 336 ctx->capacity = nr; 337 return 0; 338 } 339 340 static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer, 341 struct path *path, char **pname) 342 { 343 struct ovl_fs *ofs = fc->s_fs_info; 344 struct ovl_config *config = &ofs->config; 345 struct ovl_fs_context *ctx = fc->fs_private; 346 struct ovl_fs_context_layer *l; 347 348 switch (layer) { 349 case Opt_workdir: 350 swap(config->workdir, *pname); 351 swap(ctx->work, *path); 352 break; 353 case Opt_upperdir: 354 swap(config->upperdir, *pname); 355 swap(ctx->upper, *path); 356 break; 357 case Opt_datadir_add: 358 ctx->nr_data++; 359 fallthrough; 360 case Opt_lowerdir: 361 fallthrough; 362 case Opt_lowerdir_add: 363 WARN_ON(ctx->nr >= ctx->capacity); 364 l = &ctx->lower[ctx->nr++]; 365 memset(l, 0, sizeof(*l)); 366 swap(l->name, *pname); 367 swap(l->path, *path); 368 break; 369 default: 370 WARN_ON(1); 371 } 372 } 373 374 static int ovl_parse_layer(struct fs_context *fc, const char *layer_name, enum ovl_opt layer) 375 { 376 char *name = kstrdup(layer_name, GFP_KERNEL); 377 bool upper = (layer == Opt_upperdir || layer == Opt_workdir); 378 struct path path; 379 int err; 380 381 if (!name) 382 return -ENOMEM; 383 384 if (upper || layer == Opt_lowerdir) 385 err = ovl_mount_dir(name, &path); 386 else 387 err = ovl_mount_dir_noesc(name, &path); 388 if (err) 389 goto out_free; 390 391 err = ovl_mount_dir_check(fc, &path, layer, name, upper); 392 if (err) 393 goto out_put; 394 395 if (!upper) { 396 err = ovl_ctx_realloc_lower(fc); 397 if (err) 398 goto out_put; 399 } 400 401 /* Store the user provided path string in ctx to show in mountinfo */ 402 ovl_add_layer(fc, layer, &path, &name); 403 404 out_put: 405 path_put(&path); 406 out_free: 407 kfree(name); 408 return err; 409 } 410 411 static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx) 412 { 413 struct ovl_fs_context_layer *l = ctx->lower; 414 415 // Reset old user provided lowerdir string 416 kfree(ctx->lowerdir_all); 417 ctx->lowerdir_all = NULL; 418 419 for (size_t nr = 0; nr < ctx->nr; nr++, l++) { 420 path_put(&l->path); 421 kfree(l->name); 422 l->name = NULL; 423 } 424 ctx->nr = 0; 425 ctx->nr_data = 0; 426 } 427 428 /* 429 * Parse lowerdir= mount option: 430 * 431 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 432 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 433 * "/data1" and "/data2" as data lower layers. Any existing lower 434 * layers are replaced. 435 */ 436 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 437 { 438 int err; 439 struct ovl_fs_context *ctx = fc->fs_private; 440 char *dup = NULL, *iter; 441 ssize_t nr_lower, nr; 442 bool data_layer = false; 443 444 /* 445 * Ensure we're backwards compatible with mount(2) 446 * by allowing relative paths. 447 */ 448 449 /* drop all existing lower layers */ 450 ovl_reset_lowerdirs(ctx); 451 452 if (!*name) 453 return 0; 454 455 if (*name == ':') { 456 pr_err("cannot append lower layer\n"); 457 return -EINVAL; 458 } 459 460 // Store user provided lowerdir string to show in mount options 461 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL); 462 if (!ctx->lowerdir_all) 463 return -ENOMEM; 464 465 dup = kstrdup(name, GFP_KERNEL); 466 if (!dup) 467 return -ENOMEM; 468 469 err = -EINVAL; 470 nr_lower = ovl_parse_param_split_lowerdirs(dup); 471 if (nr_lower < 0) 472 goto out_err; 473 474 if (nr_lower > OVL_MAX_STACK) { 475 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 476 goto out_err; 477 } 478 479 iter = dup; 480 for (nr = 0; nr < nr_lower; nr++) { 481 err = ovl_parse_layer(fc, iter, Opt_lowerdir); 482 if (err) 483 goto out_err; 484 485 if (data_layer) 486 ctx->nr_data++; 487 488 /* Calling strchr() again would overrun. */ 489 if (ctx->nr == nr_lower) 490 break; 491 492 err = -EINVAL; 493 iter = strchr(iter, '\0') + 1; 494 if (*iter) { 495 /* 496 * This is a regular layer so we require that 497 * there are no data layers. 498 */ 499 if (ctx->nr_data > 0) { 500 pr_err("regular lower layers cannot follow data lower layers\n"); 501 goto out_err; 502 } 503 504 data_layer = false; 505 continue; 506 } 507 508 /* This is a data lower layer. */ 509 data_layer = true; 510 iter++; 511 } 512 kfree(dup); 513 return 0; 514 515 out_err: 516 kfree(dup); 517 518 /* Intentionally don't realloc to a smaller size. */ 519 return err; 520 } 521 522 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 523 { 524 int err = 0; 525 struct fs_parse_result result; 526 struct ovl_fs *ofs = fc->s_fs_info; 527 struct ovl_config *config = &ofs->config; 528 struct ovl_fs_context *ctx = fc->fs_private; 529 int opt; 530 531 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 532 /* 533 * On remount overlayfs has always ignored all mount 534 * options no matter if malformed or not so for 535 * backwards compatibility we do the same here. 536 */ 537 if (fc->oldapi) 538 return 0; 539 540 /* 541 * Give us the freedom to allow changing mount options 542 * with the new mount api in the future. So instead of 543 * silently ignoring everything we report a proper 544 * error. This is only visible for users of the new 545 * mount api. 546 */ 547 return invalfc(fc, "No changes allowed in reconfigure"); 548 } 549 550 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 551 if (opt < 0) 552 return opt; 553 554 switch (opt) { 555 case Opt_lowerdir: 556 err = ovl_parse_param_lowerdir(param->string, fc); 557 break; 558 case Opt_lowerdir_add: 559 case Opt_datadir_add: 560 case Opt_upperdir: 561 case Opt_workdir: 562 err = ovl_parse_layer(fc, param->string, opt); 563 break; 564 case Opt_default_permissions: 565 config->default_permissions = true; 566 break; 567 case Opt_redirect_dir: 568 config->redirect_mode = result.uint_32; 569 if (config->redirect_mode == OVL_REDIRECT_OFF) { 570 config->redirect_mode = ovl_redirect_always_follow ? 571 OVL_REDIRECT_FOLLOW : 572 OVL_REDIRECT_NOFOLLOW; 573 } 574 ctx->set.redirect = true; 575 break; 576 case Opt_index: 577 config->index = result.uint_32; 578 ctx->set.index = true; 579 break; 580 case Opt_uuid: 581 config->uuid = result.uint_32; 582 break; 583 case Opt_nfs_export: 584 config->nfs_export = result.uint_32; 585 ctx->set.nfs_export = true; 586 break; 587 case Opt_xino: 588 config->xino = result.uint_32; 589 break; 590 case Opt_metacopy: 591 config->metacopy = result.uint_32; 592 ctx->set.metacopy = true; 593 break; 594 case Opt_verity: 595 config->verity_mode = result.uint_32; 596 break; 597 case Opt_volatile: 598 config->ovl_volatile = true; 599 break; 600 case Opt_userxattr: 601 config->userxattr = true; 602 break; 603 default: 604 pr_err("unrecognized mount option \"%s\" or missing value\n", 605 param->key); 606 return -EINVAL; 607 } 608 609 return err; 610 } 611 612 static int ovl_get_tree(struct fs_context *fc) 613 { 614 return get_tree_nodev(fc, ovl_fill_super); 615 } 616 617 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 618 { 619 ovl_reset_lowerdirs(ctx); 620 path_put(&ctx->upper); 621 path_put(&ctx->work); 622 kfree(ctx->lower); 623 kfree(ctx); 624 } 625 626 static void ovl_free(struct fs_context *fc) 627 { 628 struct ovl_fs *ofs = fc->s_fs_info; 629 struct ovl_fs_context *ctx = fc->fs_private; 630 631 /* 632 * ofs is stored in the fs_context when it is initialized. 633 * ofs is transferred to the superblock on a successful mount, 634 * but if an error occurs before the transfer we have to free 635 * it here. 636 */ 637 if (ofs) 638 ovl_free_fs(ofs); 639 640 if (ctx) 641 ovl_fs_context_free(ctx); 642 } 643 644 static int ovl_reconfigure(struct fs_context *fc) 645 { 646 struct super_block *sb = fc->root->d_sb; 647 struct ovl_fs *ofs = OVL_FS(sb); 648 struct super_block *upper_sb; 649 int ret = 0; 650 651 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 652 return -EROFS; 653 654 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 655 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 656 if (ovl_should_sync(ofs)) { 657 down_read(&upper_sb->s_umount); 658 ret = sync_filesystem(upper_sb); 659 up_read(&upper_sb->s_umount); 660 } 661 } 662 663 return ret; 664 } 665 666 static const struct fs_context_operations ovl_context_ops = { 667 .parse_monolithic = ovl_parse_monolithic, 668 .parse_param = ovl_parse_param, 669 .get_tree = ovl_get_tree, 670 .reconfigure = ovl_reconfigure, 671 .free = ovl_free, 672 }; 673 674 /* 675 * This is called during fsopen() and will record the user namespace of 676 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 677 * need it when we actually create the superblock to verify that the 678 * process creating the superblock is in the same user namespace as 679 * process that called fsopen(). 680 */ 681 int ovl_init_fs_context(struct fs_context *fc) 682 { 683 struct ovl_fs_context *ctx; 684 struct ovl_fs *ofs; 685 686 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 687 if (!ctx) 688 return -ENOMEM; 689 690 /* 691 * By default we allocate for three lower layers. It's likely 692 * that it'll cover most users. 693 */ 694 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 695 if (!ctx->lower) 696 goto out_err; 697 ctx->capacity = 3; 698 699 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 700 if (!ofs) 701 goto out_err; 702 703 ofs->config.redirect_mode = ovl_redirect_mode_def(); 704 ofs->config.index = ovl_index_def; 705 ofs->config.uuid = ovl_uuid_def(); 706 ofs->config.nfs_export = ovl_nfs_export_def; 707 ofs->config.xino = ovl_xino_def(); 708 ofs->config.metacopy = ovl_metacopy_def; 709 710 fc->s_fs_info = ofs; 711 fc->fs_private = ctx; 712 fc->ops = &ovl_context_ops; 713 return 0; 714 715 out_err: 716 ovl_fs_context_free(ctx); 717 return -ENOMEM; 718 719 } 720 721 void ovl_free_fs(struct ovl_fs *ofs) 722 { 723 struct vfsmount **mounts; 724 unsigned i; 725 726 iput(ofs->workbasedir_trap); 727 iput(ofs->indexdir_trap); 728 iput(ofs->workdir_trap); 729 dput(ofs->whiteout); 730 dput(ofs->indexdir); 731 dput(ofs->workdir); 732 if (ofs->workdir_locked) 733 ovl_inuse_unlock(ofs->workbasedir); 734 dput(ofs->workbasedir); 735 if (ofs->upperdir_locked) 736 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 737 738 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 739 mounts = (struct vfsmount **) ofs->config.lowerdirs; 740 for (i = 0; i < ofs->numlayer; i++) { 741 iput(ofs->layers[i].trap); 742 kfree(ofs->config.lowerdirs[i]); 743 mounts[i] = ofs->layers[i].mnt; 744 } 745 kern_unmount_array(mounts, ofs->numlayer); 746 kfree(ofs->layers); 747 for (i = 0; i < ofs->numfs; i++) 748 free_anon_bdev(ofs->fs[i].pseudo_dev); 749 kfree(ofs->fs); 750 751 kfree(ofs->config.lowerdirs); 752 kfree(ofs->config.upperdir); 753 kfree(ofs->config.workdir); 754 if (ofs->creator_cred) 755 put_cred(ofs->creator_cred); 756 kfree(ofs); 757 } 758 759 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 760 struct ovl_config *config) 761 { 762 struct ovl_opt_set set = ctx->set; 763 764 /* Workdir/index are useless in non-upper mount */ 765 if (!config->upperdir) { 766 if (config->workdir) { 767 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 768 config->workdir); 769 kfree(config->workdir); 770 config->workdir = NULL; 771 } 772 if (config->index && set.index) { 773 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 774 set.index = false; 775 } 776 config->index = false; 777 } 778 779 if (!config->upperdir && config->ovl_volatile) { 780 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 781 config->ovl_volatile = false; 782 } 783 784 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 785 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 786 config->uuid = OVL_UUID_NULL; 787 } 788 789 /* Resolve verity -> metacopy dependency */ 790 if (config->verity_mode && !config->metacopy) { 791 /* Don't allow explicit specified conflicting combinations */ 792 if (set.metacopy) { 793 pr_err("conflicting options: metacopy=off,verity=%s\n", 794 ovl_verity_mode(config)); 795 return -EINVAL; 796 } 797 /* Otherwise automatically enable metacopy. */ 798 config->metacopy = true; 799 } 800 801 /* 802 * This is to make the logic below simpler. It doesn't make any other 803 * difference, since redirect_dir=on is only used for upper. 804 */ 805 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 806 config->redirect_mode = OVL_REDIRECT_ON; 807 808 /* Resolve verity -> metacopy -> redirect_dir dependency */ 809 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 810 if (set.metacopy && set.redirect) { 811 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 812 ovl_redirect_mode(config)); 813 return -EINVAL; 814 } 815 if (config->verity_mode && set.redirect) { 816 pr_err("conflicting options: verity=%s,redirect_dir=%s\n", 817 ovl_verity_mode(config), ovl_redirect_mode(config)); 818 return -EINVAL; 819 } 820 if (set.redirect) { 821 /* 822 * There was an explicit redirect_dir=... that resulted 823 * in this conflict. 824 */ 825 pr_info("disabling metacopy due to redirect_dir=%s\n", 826 ovl_redirect_mode(config)); 827 config->metacopy = false; 828 } else { 829 /* Automatically enable redirect otherwise. */ 830 config->redirect_mode = OVL_REDIRECT_ON; 831 } 832 } 833 834 /* Resolve nfs_export -> index dependency */ 835 if (config->nfs_export && !config->index) { 836 if (!config->upperdir && 837 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 838 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 839 config->nfs_export = false; 840 } else if (set.nfs_export && set.index) { 841 pr_err("conflicting options: nfs_export=on,index=off\n"); 842 return -EINVAL; 843 } else if (set.index) { 844 /* 845 * There was an explicit index=off that resulted 846 * in this conflict. 847 */ 848 pr_info("disabling nfs_export due to index=off\n"); 849 config->nfs_export = false; 850 } else { 851 /* Automatically enable index otherwise. */ 852 config->index = true; 853 } 854 } 855 856 /* Resolve nfs_export -> !metacopy && !verity dependency */ 857 if (config->nfs_export && config->metacopy) { 858 if (set.nfs_export && set.metacopy) { 859 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 860 return -EINVAL; 861 } 862 if (set.metacopy) { 863 /* 864 * There was an explicit metacopy=on that resulted 865 * in this conflict. 866 */ 867 pr_info("disabling nfs_export due to metacopy=on\n"); 868 config->nfs_export = false; 869 } else if (config->verity_mode) { 870 /* 871 * There was an explicit verity=.. that resulted 872 * in this conflict. 873 */ 874 pr_info("disabling nfs_export due to verity=%s\n", 875 ovl_verity_mode(config)); 876 config->nfs_export = false; 877 } else { 878 /* 879 * There was an explicit nfs_export=on that resulted 880 * in this conflict. 881 */ 882 pr_info("disabling metacopy due to nfs_export=on\n"); 883 config->metacopy = false; 884 } 885 } 886 887 888 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ 889 if (config->userxattr) { 890 if (set.redirect && 891 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 892 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 893 ovl_redirect_mode(config)); 894 return -EINVAL; 895 } 896 if (config->metacopy && set.metacopy) { 897 pr_err("conflicting options: userxattr,metacopy=on\n"); 898 return -EINVAL; 899 } 900 if (config->verity_mode) { 901 pr_err("conflicting options: userxattr,verity=%s\n", 902 ovl_verity_mode(config)); 903 return -EINVAL; 904 } 905 /* 906 * Silently disable default setting of redirect and metacopy. 907 * This shall be the default in the future as well: these 908 * options must be explicitly enabled if used together with 909 * userxattr. 910 */ 911 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 912 config->metacopy = false; 913 } 914 915 /* 916 * Fail if we don't have trusted xattr capability and a feature was 917 * explicitly requested that requires them. 918 */ 919 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) { 920 if (set.redirect && 921 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 922 pr_err("redirect_dir requires permission to access trusted xattrs\n"); 923 return -EPERM; 924 } 925 if (config->metacopy && set.metacopy) { 926 pr_err("metacopy requires permission to access trusted xattrs\n"); 927 return -EPERM; 928 } 929 if (config->verity_mode) { 930 pr_err("verity requires permission to access trusted xattrs\n"); 931 return -EPERM; 932 } 933 if (ctx->nr_data > 0) { 934 pr_err("lower data-only dirs require permission to access trusted xattrs\n"); 935 return -EPERM; 936 } 937 /* 938 * Other xattr-dependent features should be disabled without 939 * great disturbance to the user in ovl_make_workdir(). 940 */ 941 } 942 943 if (ctx->nr_data > 0 && !config->metacopy) { 944 pr_err("lower data-only dirs require metacopy support.\n"); 945 return -EINVAL; 946 } 947 948 return 0; 949 } 950 951 /** 952 * ovl_show_options 953 * @m: the seq_file handle 954 * @dentry: The dentry to query 955 * 956 * Prints the mount options for a given superblock. 957 * Returns zero; does not fail. 958 */ 959 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 960 { 961 struct super_block *sb = dentry->d_sb; 962 struct ovl_fs *ofs = OVL_FS(sb); 963 size_t nr, nr_merged_lower, nr_lower = 0; 964 char **lowerdirs = ofs->config.lowerdirs; 965 966 /* 967 * lowerdirs[0] holds the colon separated list that user provided 968 * with lowerdir mount option. 969 * lowerdirs[1..numlayer] hold the lowerdir paths that were added 970 * using the lowerdir+ and datadir+ mount options. 971 * For now, we do not allow mixing the legacy lowerdir mount option 972 * with the new lowerdir+ and datadir+ mount options. 973 */ 974 if (lowerdirs[0]) { 975 seq_show_option(m, "lowerdir", lowerdirs[0]); 976 } else { 977 nr_lower = ofs->numlayer; 978 nr_merged_lower = nr_lower - ofs->numdatalayer; 979 } 980 for (nr = 1; nr < nr_lower; nr++) { 981 if (nr < nr_merged_lower) 982 seq_show_option(m, "lowerdir+", lowerdirs[nr]); 983 else 984 seq_show_option(m, "datadir+", lowerdirs[nr]); 985 } 986 if (ofs->config.upperdir) { 987 seq_show_option(m, "upperdir", ofs->config.upperdir); 988 seq_show_option(m, "workdir", ofs->config.workdir); 989 } 990 if (ofs->config.default_permissions) 991 seq_puts(m, ",default_permissions"); 992 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 993 seq_printf(m, ",redirect_dir=%s", 994 ovl_redirect_mode(&ofs->config)); 995 if (ofs->config.index != ovl_index_def) 996 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 997 if (ofs->config.uuid != ovl_uuid_def()) 998 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 999 if (ofs->config.nfs_export != ovl_nfs_export_def) 1000 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 1001 "on" : "off"); 1002 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1003 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1004 if (ofs->config.metacopy != ovl_metacopy_def) 1005 seq_printf(m, ",metacopy=%s", 1006 ofs->config.metacopy ? "on" : "off"); 1007 if (ofs->config.ovl_volatile) 1008 seq_puts(m, ",volatile"); 1009 if (ofs->config.userxattr) 1010 seq_puts(m, ",userxattr"); 1011 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1012 seq_printf(m, ",verity=%s", 1013 ovl_verity_mode(&ofs->config)); 1014 return 0; 1015 } 1016