1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum { 47 Opt_lowerdir, 48 Opt_upperdir, 49 Opt_workdir, 50 Opt_default_permissions, 51 Opt_redirect_dir, 52 Opt_index, 53 Opt_uuid, 54 Opt_nfs_export, 55 Opt_userxattr, 56 Opt_xino, 57 Opt_metacopy, 58 Opt_verity, 59 Opt_volatile, 60 }; 61 62 static const struct constant_table ovl_parameter_bool[] = { 63 { "on", true }, 64 { "off", false }, 65 {} 66 }; 67 68 static const struct constant_table ovl_parameter_uuid[] = { 69 { "off", OVL_UUID_OFF }, 70 { "null", OVL_UUID_NULL }, 71 { "auto", OVL_UUID_AUTO }, 72 { "on", OVL_UUID_ON }, 73 {} 74 }; 75 76 static const char *ovl_uuid_mode(struct ovl_config *config) 77 { 78 return ovl_parameter_uuid[config->uuid].name; 79 } 80 81 static int ovl_uuid_def(void) 82 { 83 return OVL_UUID_AUTO; 84 } 85 86 static const struct constant_table ovl_parameter_xino[] = { 87 { "off", OVL_XINO_OFF }, 88 { "auto", OVL_XINO_AUTO }, 89 { "on", OVL_XINO_ON }, 90 {} 91 }; 92 93 const char *ovl_xino_mode(struct ovl_config *config) 94 { 95 return ovl_parameter_xino[config->xino].name; 96 } 97 98 static int ovl_xino_def(void) 99 { 100 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 101 } 102 103 const struct constant_table ovl_parameter_redirect_dir[] = { 104 { "off", OVL_REDIRECT_OFF }, 105 { "follow", OVL_REDIRECT_FOLLOW }, 106 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 107 { "on", OVL_REDIRECT_ON }, 108 {} 109 }; 110 111 static const char *ovl_redirect_mode(struct ovl_config *config) 112 { 113 return ovl_parameter_redirect_dir[config->redirect_mode].name; 114 } 115 116 static int ovl_redirect_mode_def(void) 117 { 118 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 119 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 120 OVL_REDIRECT_NOFOLLOW; 121 } 122 123 static const struct constant_table ovl_parameter_verity[] = { 124 { "off", OVL_VERITY_OFF }, 125 { "on", OVL_VERITY_ON }, 126 { "require", OVL_VERITY_REQUIRE }, 127 {} 128 }; 129 130 static const char *ovl_verity_mode(struct ovl_config *config) 131 { 132 return ovl_parameter_verity[config->verity_mode].name; 133 } 134 135 static int ovl_verity_mode_def(void) 136 { 137 return OVL_VERITY_OFF; 138 } 139 140 #define fsparam_string_empty(NAME, OPT) \ 141 __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) 142 143 const struct fs_parameter_spec ovl_parameter_spec[] = { 144 fsparam_string_empty("lowerdir", Opt_lowerdir), 145 fsparam_string("upperdir", Opt_upperdir), 146 fsparam_string("workdir", Opt_workdir), 147 fsparam_flag("default_permissions", Opt_default_permissions), 148 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 149 fsparam_enum("index", Opt_index, ovl_parameter_bool), 150 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 151 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 152 fsparam_flag("userxattr", Opt_userxattr), 153 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 154 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 155 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 156 fsparam_flag("volatile", Opt_volatile), 157 {} 158 }; 159 160 static char *ovl_next_opt(char **s) 161 { 162 char *sbegin = *s; 163 char *p; 164 165 if (sbegin == NULL) 166 return NULL; 167 168 for (p = sbegin; *p; p++) { 169 if (*p == '\\') { 170 p++; 171 if (!*p) 172 break; 173 } else if (*p == ',') { 174 *p = '\0'; 175 *s = p + 1; 176 return sbegin; 177 } 178 } 179 *s = NULL; 180 return sbegin; 181 } 182 183 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 184 { 185 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 186 } 187 188 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 189 { 190 ssize_t nr_layers = 1, nr_colons = 0; 191 char *s, *d; 192 193 for (s = d = str;; s++, d++) { 194 if (*s == '\\') { 195 /* keep esc chars in split lowerdir */ 196 *d++ = *s++; 197 } else if (*s == ':') { 198 bool next_colon = (*(s + 1) == ':'); 199 200 nr_colons++; 201 if (nr_colons == 2 && next_colon) { 202 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 203 return -EINVAL; 204 } 205 /* count layers, not colons */ 206 if (!next_colon) 207 nr_layers++; 208 209 *d = '\0'; 210 continue; 211 } 212 213 *d = *s; 214 if (!*s) { 215 /* trailing colons */ 216 if (nr_colons) { 217 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 218 return -EINVAL; 219 } 220 break; 221 } 222 nr_colons = 0; 223 } 224 225 return nr_layers; 226 } 227 228 static int ovl_mount_dir_noesc(const char *name, struct path *path) 229 { 230 int err = -EINVAL; 231 232 if (!*name) { 233 pr_err("empty lowerdir\n"); 234 goto out; 235 } 236 err = kern_path(name, LOOKUP_FOLLOW, path); 237 if (err) { 238 pr_err("failed to resolve '%s': %i\n", name, err); 239 goto out; 240 } 241 err = -EINVAL; 242 if (ovl_dentry_weird(path->dentry)) { 243 pr_err("filesystem on '%s' not supported\n", name); 244 goto out_put; 245 } 246 if (!d_is_dir(path->dentry)) { 247 pr_err("'%s' not a directory\n", name); 248 goto out_put; 249 } 250 return 0; 251 252 out_put: 253 path_put_init(path); 254 out: 255 return err; 256 } 257 258 static void ovl_unescape(char *s) 259 { 260 char *d = s; 261 262 for (;; s++, d++) { 263 if (*s == '\\') 264 s++; 265 *d = *s; 266 if (!*s) 267 break; 268 } 269 } 270 271 static int ovl_mount_dir(const char *name, struct path *path, bool upper) 272 { 273 int err = -ENOMEM; 274 char *tmp = kstrdup(name, GFP_KERNEL); 275 276 if (tmp) { 277 ovl_unescape(tmp); 278 err = ovl_mount_dir_noesc(tmp, path); 279 280 if (!err && upper && path->dentry->d_flags & DCACHE_OP_REAL) { 281 pr_err("filesystem on '%s' not supported as upperdir\n", 282 tmp); 283 path_put_init(path); 284 err = -EINVAL; 285 } 286 kfree(tmp); 287 } 288 return err; 289 } 290 291 static int ovl_parse_param_upperdir(const char *name, struct fs_context *fc, 292 bool workdir) 293 { 294 int err; 295 struct ovl_fs *ofs = fc->s_fs_info; 296 struct ovl_config *config = &ofs->config; 297 struct ovl_fs_context *ctx = fc->fs_private; 298 struct path path; 299 char *dup; 300 301 err = ovl_mount_dir(name, &path, true); 302 if (err) 303 return err; 304 305 /* 306 * Check whether upper path is read-only here to report failures 307 * early. Don't forget to recheck when the superblock is created 308 * as the mount attributes could change. 309 */ 310 if (__mnt_is_readonly(path.mnt)) { 311 path_put(&path); 312 return -EINVAL; 313 } 314 315 dup = kstrdup(name, GFP_KERNEL); 316 if (!dup) { 317 path_put(&path); 318 return -ENOMEM; 319 } 320 321 if (workdir) { 322 kfree(config->workdir); 323 config->workdir = dup; 324 path_put(&ctx->work); 325 ctx->work = path; 326 } else { 327 kfree(config->upperdir); 328 config->upperdir = dup; 329 path_put(&ctx->upper); 330 ctx->upper = path; 331 } 332 return 0; 333 } 334 335 static void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx) 336 { 337 for (size_t nr = 0; nr < ctx->nr; nr++) { 338 path_put(&ctx->lower[nr].path); 339 kfree(ctx->lower[nr].name); 340 ctx->lower[nr].name = NULL; 341 } 342 ctx->nr = 0; 343 ctx->nr_data = 0; 344 } 345 346 /* 347 * Parse lowerdir= mount option: 348 * 349 * (1) lowerdir=/lower1:/lower2:/lower3::/data1::/data2 350 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 351 * "/data1" and "/data2" as data lower layers. Any existing lower 352 * layers are replaced. 353 */ 354 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 355 { 356 int err; 357 struct ovl_fs_context *ctx = fc->fs_private; 358 struct ovl_fs_context_layer *l; 359 char *dup = NULL, *dup_iter; 360 ssize_t nr_lower = 0, nr = 0, nr_data = 0; 361 bool append = false, data_layer = false; 362 363 /* 364 * Ensure we're backwards compatible with mount(2) 365 * by allowing relative paths. 366 */ 367 368 /* drop all existing lower layers */ 369 if (!*name) { 370 ovl_parse_param_drop_lowerdir(ctx); 371 return 0; 372 } 373 374 if (*name == ':') { 375 pr_err("cannot append lower layer"); 376 return -EINVAL; 377 } 378 379 dup = kstrdup(name, GFP_KERNEL); 380 if (!dup) 381 return -ENOMEM; 382 383 err = -EINVAL; 384 nr_lower = ovl_parse_param_split_lowerdirs(dup); 385 if (nr_lower < 0) 386 goto out_err; 387 388 if ((nr_lower > OVL_MAX_STACK) || 389 (append && (size_add(ctx->nr, nr_lower) > OVL_MAX_STACK))) { 390 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 391 goto out_err; 392 } 393 394 if (!append) 395 ovl_parse_param_drop_lowerdir(ctx); 396 397 /* 398 * (1) append 399 * 400 * We want nr <= nr_lower <= capacity We know nr > 0 and nr <= 401 * capacity. If nr == 0 this wouldn't be append. If nr + 402 * nr_lower is <= capacity then nr <= nr_lower <= capacity 403 * already holds. If nr + nr_lower exceeds capacity, we realloc. 404 * 405 * (2) replace 406 * 407 * Ensure we're backwards compatible with mount(2) which allows 408 * "lowerdir=/a:/b:/c,lowerdir=/d:/e:/f" causing the last 409 * specified lowerdir mount option to win. 410 * 411 * We want nr <= nr_lower <= capacity We know either (i) nr == 0 412 * or (ii) nr > 0. We also know nr_lower > 0. The capacity 413 * could've been changed multiple times already so we only know 414 * nr <= capacity. If nr + nr_lower > capacity we realloc, 415 * otherwise nr <= nr_lower <= capacity holds already. 416 */ 417 nr_lower += ctx->nr; 418 if (nr_lower > ctx->capacity) { 419 err = -ENOMEM; 420 l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower), 421 GFP_KERNEL_ACCOUNT); 422 if (!l) 423 goto out_err; 424 425 ctx->lower = l; 426 ctx->capacity = nr_lower; 427 } 428 429 /* 430 * (3) By (1) and (2) we know nr <= nr_lower <= capacity. 431 * (4) If ctx->nr == 0 => replace 432 * We have verified above that the lowerdir mount option 433 * isn't an append, i.e., the lowerdir mount option 434 * doesn't start with ":" or "::". 435 * (4.1) The lowerdir mount options only contains regular lower 436 * layers ":". 437 * => Nothing to verify. 438 * (4.2) The lowerdir mount options contains regular ":" and 439 * data "::" layers. 440 * => We need to verify that data lower layers "::" aren't 441 * followed by regular ":" lower layers 442 * (5) If ctx->nr > 0 => append 443 * We know that there's at least one regular layer 444 * otherwise we would've failed when parsing the previous 445 * lowerdir mount option. 446 * (5.1) The lowerdir mount option is a regular layer ":" append 447 * => We need to verify that no data layers have been 448 * specified before. 449 * (5.2) The lowerdir mount option is a data layer "::" append 450 * We know that there's at least one regular layer or 451 * other data layers. => There's nothing to verify. 452 */ 453 dup_iter = dup; 454 for (nr = ctx->nr; nr < nr_lower; nr++) { 455 l = &ctx->lower[nr]; 456 memset(l, 0, sizeof(*l)); 457 458 err = ovl_mount_dir(dup_iter, &l->path, false); 459 if (err) 460 goto out_put; 461 462 err = -ENOMEM; 463 l->name = kstrdup(dup_iter, GFP_KERNEL_ACCOUNT); 464 if (!l->name) 465 goto out_put; 466 467 if (data_layer) 468 nr_data++; 469 470 /* Calling strchr() again would overrun. */ 471 if ((nr + 1) == nr_lower) 472 break; 473 474 err = -EINVAL; 475 dup_iter = strchr(dup_iter, '\0') + 1; 476 if (*dup_iter) { 477 /* 478 * This is a regular layer so we require that 479 * there are no data layers. 480 */ 481 if ((ctx->nr_data + nr_data) > 0) { 482 pr_err("regular lower layers cannot follow data lower layers"); 483 goto out_put; 484 } 485 486 data_layer = false; 487 continue; 488 } 489 490 /* This is a data lower layer. */ 491 data_layer = true; 492 dup_iter++; 493 } 494 ctx->nr = nr_lower; 495 ctx->nr_data += nr_data; 496 kfree(dup); 497 return 0; 498 499 out_put: 500 /* 501 * We know nr >= ctx->nr < nr_lower. If we failed somewhere 502 * we want to undo until nr == ctx->nr. This is correct for 503 * both ctx->nr == 0 and ctx->nr > 0. 504 */ 505 for (; nr >= ctx->nr; nr--) { 506 l = &ctx->lower[nr]; 507 kfree(l->name); 508 l->name = NULL; 509 path_put(&l->path); 510 511 /* don't overflow */ 512 if (nr == 0) 513 break; 514 } 515 516 out_err: 517 kfree(dup); 518 519 /* Intentionally don't realloc to a smaller size. */ 520 return err; 521 } 522 523 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 524 { 525 int err = 0; 526 struct fs_parse_result result; 527 struct ovl_fs *ofs = fc->s_fs_info; 528 struct ovl_config *config = &ofs->config; 529 struct ovl_fs_context *ctx = fc->fs_private; 530 int opt; 531 532 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 533 /* 534 * On remount overlayfs has always ignored all mount 535 * options no matter if malformed or not so for 536 * backwards compatibility we do the same here. 537 */ 538 if (fc->oldapi) 539 return 0; 540 541 /* 542 * Give us the freedom to allow changing mount options 543 * with the new mount api in the future. So instead of 544 * silently ignoring everything we report a proper 545 * error. This is only visible for users of the new 546 * mount api. 547 */ 548 return invalfc(fc, "No changes allowed in reconfigure"); 549 } 550 551 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 552 if (opt < 0) 553 return opt; 554 555 switch (opt) { 556 case Opt_lowerdir: 557 err = ovl_parse_param_lowerdir(param->string, fc); 558 break; 559 case Opt_upperdir: 560 fallthrough; 561 case Opt_workdir: 562 err = ovl_parse_param_upperdir(param->string, fc, 563 (Opt_workdir == opt)); 564 break; 565 case Opt_default_permissions: 566 config->default_permissions = true; 567 break; 568 case Opt_redirect_dir: 569 config->redirect_mode = result.uint_32; 570 if (config->redirect_mode == OVL_REDIRECT_OFF) { 571 config->redirect_mode = ovl_redirect_always_follow ? 572 OVL_REDIRECT_FOLLOW : 573 OVL_REDIRECT_NOFOLLOW; 574 } 575 ctx->set.redirect = true; 576 break; 577 case Opt_index: 578 config->index = result.uint_32; 579 ctx->set.index = true; 580 break; 581 case Opt_uuid: 582 config->uuid = result.uint_32; 583 break; 584 case Opt_nfs_export: 585 config->nfs_export = result.uint_32; 586 ctx->set.nfs_export = true; 587 break; 588 case Opt_xino: 589 config->xino = result.uint_32; 590 break; 591 case Opt_metacopy: 592 config->metacopy = result.uint_32; 593 ctx->set.metacopy = true; 594 break; 595 case Opt_verity: 596 config->verity_mode = result.uint_32; 597 break; 598 case Opt_volatile: 599 config->ovl_volatile = true; 600 break; 601 case Opt_userxattr: 602 config->userxattr = true; 603 break; 604 default: 605 pr_err("unrecognized mount option \"%s\" or missing value\n", 606 param->key); 607 return -EINVAL; 608 } 609 610 return err; 611 } 612 613 static int ovl_get_tree(struct fs_context *fc) 614 { 615 return get_tree_nodev(fc, ovl_fill_super); 616 } 617 618 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 619 { 620 ovl_parse_param_drop_lowerdir(ctx); 621 path_put(&ctx->upper); 622 path_put(&ctx->work); 623 kfree(ctx->lower); 624 kfree(ctx); 625 } 626 627 static void ovl_free(struct fs_context *fc) 628 { 629 struct ovl_fs *ofs = fc->s_fs_info; 630 struct ovl_fs_context *ctx = fc->fs_private; 631 632 /* 633 * ofs is stored in the fs_context when it is initialized. 634 * ofs is transferred to the superblock on a successful mount, 635 * but if an error occurs before the transfer we have to free 636 * it here. 637 */ 638 if (ofs) 639 ovl_free_fs(ofs); 640 641 if (ctx) 642 ovl_fs_context_free(ctx); 643 } 644 645 static int ovl_reconfigure(struct fs_context *fc) 646 { 647 struct super_block *sb = fc->root->d_sb; 648 struct ovl_fs *ofs = OVL_FS(sb); 649 struct super_block *upper_sb; 650 int ret = 0; 651 652 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 653 return -EROFS; 654 655 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 656 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 657 if (ovl_should_sync(ofs)) { 658 down_read(&upper_sb->s_umount); 659 ret = sync_filesystem(upper_sb); 660 up_read(&upper_sb->s_umount); 661 } 662 } 663 664 return ret; 665 } 666 667 static const struct fs_context_operations ovl_context_ops = { 668 .parse_monolithic = ovl_parse_monolithic, 669 .parse_param = ovl_parse_param, 670 .get_tree = ovl_get_tree, 671 .reconfigure = ovl_reconfigure, 672 .free = ovl_free, 673 }; 674 675 /* 676 * This is called during fsopen() and will record the user namespace of 677 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 678 * need it when we actually create the superblock to verify that the 679 * process creating the superblock is in the same user namespace as 680 * process that called fsopen(). 681 */ 682 int ovl_init_fs_context(struct fs_context *fc) 683 { 684 struct ovl_fs_context *ctx; 685 struct ovl_fs *ofs; 686 687 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 688 if (!ctx) 689 return -ENOMEM; 690 691 /* 692 * By default we allocate for three lower layers. It's likely 693 * that it'll cover most users. 694 */ 695 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 696 if (!ctx->lower) 697 goto out_err; 698 ctx->capacity = 3; 699 700 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 701 if (!ofs) 702 goto out_err; 703 704 ofs->config.redirect_mode = ovl_redirect_mode_def(); 705 ofs->config.index = ovl_index_def; 706 ofs->config.uuid = ovl_uuid_def(); 707 ofs->config.nfs_export = ovl_nfs_export_def; 708 ofs->config.xino = ovl_xino_def(); 709 ofs->config.metacopy = ovl_metacopy_def; 710 711 fc->s_fs_info = ofs; 712 fc->fs_private = ctx; 713 fc->ops = &ovl_context_ops; 714 return 0; 715 716 out_err: 717 ovl_fs_context_free(ctx); 718 return -ENOMEM; 719 720 } 721 722 void ovl_free_fs(struct ovl_fs *ofs) 723 { 724 struct vfsmount **mounts; 725 unsigned i; 726 727 iput(ofs->workbasedir_trap); 728 iput(ofs->indexdir_trap); 729 iput(ofs->workdir_trap); 730 dput(ofs->whiteout); 731 dput(ofs->indexdir); 732 dput(ofs->workdir); 733 if (ofs->workdir_locked) 734 ovl_inuse_unlock(ofs->workbasedir); 735 dput(ofs->workbasedir); 736 if (ofs->upperdir_locked) 737 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 738 739 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 740 mounts = (struct vfsmount **) ofs->config.lowerdirs; 741 for (i = 0; i < ofs->numlayer; i++) { 742 iput(ofs->layers[i].trap); 743 kfree(ofs->config.lowerdirs[i]); 744 mounts[i] = ofs->layers[i].mnt; 745 } 746 kern_unmount_array(mounts, ofs->numlayer); 747 kfree(ofs->layers); 748 for (i = 0; i < ofs->numfs; i++) 749 free_anon_bdev(ofs->fs[i].pseudo_dev); 750 kfree(ofs->fs); 751 752 kfree(ofs->config.lowerdirs); 753 kfree(ofs->config.upperdir); 754 kfree(ofs->config.workdir); 755 if (ofs->creator_cred) 756 put_cred(ofs->creator_cred); 757 kfree(ofs); 758 } 759 760 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 761 struct ovl_config *config) 762 { 763 struct ovl_opt_set set = ctx->set; 764 765 if (ctx->nr_data > 0 && !config->metacopy) { 766 pr_err("lower data-only dirs require metacopy support.\n"); 767 return -EINVAL; 768 } 769 770 /* Workdir/index are useless in non-upper mount */ 771 if (!config->upperdir) { 772 if (config->workdir) { 773 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 774 config->workdir); 775 kfree(config->workdir); 776 config->workdir = NULL; 777 } 778 if (config->index && set.index) { 779 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 780 set.index = false; 781 } 782 config->index = false; 783 } 784 785 if (!config->upperdir && config->ovl_volatile) { 786 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 787 config->ovl_volatile = false; 788 } 789 790 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 791 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 792 config->uuid = OVL_UUID_NULL; 793 } 794 795 /* Resolve verity -> metacopy dependency */ 796 if (config->verity_mode && !config->metacopy) { 797 /* Don't allow explicit specified conflicting combinations */ 798 if (set.metacopy) { 799 pr_err("conflicting options: metacopy=off,verity=%s\n", 800 ovl_verity_mode(config)); 801 return -EINVAL; 802 } 803 /* Otherwise automatically enable metacopy. */ 804 config->metacopy = true; 805 } 806 807 /* 808 * This is to make the logic below simpler. It doesn't make any other 809 * difference, since redirect_dir=on is only used for upper. 810 */ 811 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 812 config->redirect_mode = OVL_REDIRECT_ON; 813 814 /* Resolve verity -> metacopy -> redirect_dir dependency */ 815 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 816 if (set.metacopy && set.redirect) { 817 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 818 ovl_redirect_mode(config)); 819 return -EINVAL; 820 } 821 if (config->verity_mode && set.redirect) { 822 pr_err("conflicting options: verity=%s,redirect_dir=%s\n", 823 ovl_verity_mode(config), ovl_redirect_mode(config)); 824 return -EINVAL; 825 } 826 if (set.redirect) { 827 /* 828 * There was an explicit redirect_dir=... that resulted 829 * in this conflict. 830 */ 831 pr_info("disabling metacopy due to redirect_dir=%s\n", 832 ovl_redirect_mode(config)); 833 config->metacopy = false; 834 } else { 835 /* Automatically enable redirect otherwise. */ 836 config->redirect_mode = OVL_REDIRECT_ON; 837 } 838 } 839 840 /* Resolve nfs_export -> index dependency */ 841 if (config->nfs_export && !config->index) { 842 if (!config->upperdir && 843 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 844 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 845 config->nfs_export = false; 846 } else if (set.nfs_export && set.index) { 847 pr_err("conflicting options: nfs_export=on,index=off\n"); 848 return -EINVAL; 849 } else if (set.index) { 850 /* 851 * There was an explicit index=off that resulted 852 * in this conflict. 853 */ 854 pr_info("disabling nfs_export due to index=off\n"); 855 config->nfs_export = false; 856 } else { 857 /* Automatically enable index otherwise. */ 858 config->index = true; 859 } 860 } 861 862 /* Resolve nfs_export -> !metacopy && !verity dependency */ 863 if (config->nfs_export && config->metacopy) { 864 if (set.nfs_export && set.metacopy) { 865 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 866 return -EINVAL; 867 } 868 if (set.metacopy) { 869 /* 870 * There was an explicit metacopy=on that resulted 871 * in this conflict. 872 */ 873 pr_info("disabling nfs_export due to metacopy=on\n"); 874 config->nfs_export = false; 875 } else if (config->verity_mode) { 876 /* 877 * There was an explicit verity=.. that resulted 878 * in this conflict. 879 */ 880 pr_info("disabling nfs_export due to verity=%s\n", 881 ovl_verity_mode(config)); 882 config->nfs_export = false; 883 } else { 884 /* 885 * There was an explicit nfs_export=on that resulted 886 * in this conflict. 887 */ 888 pr_info("disabling metacopy due to nfs_export=on\n"); 889 config->metacopy = false; 890 } 891 } 892 893 894 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ 895 if (config->userxattr) { 896 if (set.redirect && 897 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 898 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 899 ovl_redirect_mode(config)); 900 return -EINVAL; 901 } 902 if (config->metacopy && set.metacopy) { 903 pr_err("conflicting options: userxattr,metacopy=on\n"); 904 return -EINVAL; 905 } 906 if (config->verity_mode) { 907 pr_err("conflicting options: userxattr,verity=%s\n", 908 ovl_verity_mode(config)); 909 return -EINVAL; 910 } 911 /* 912 * Silently disable default setting of redirect and metacopy. 913 * This shall be the default in the future as well: these 914 * options must be explicitly enabled if used together with 915 * userxattr. 916 */ 917 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 918 config->metacopy = false; 919 } 920 921 return 0; 922 } 923 924 /** 925 * ovl_show_options 926 * @m: the seq_file handle 927 * @dentry: The dentry to query 928 * 929 * Prints the mount options for a given superblock. 930 * Returns zero; does not fail. 931 */ 932 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 933 { 934 struct super_block *sb = dentry->d_sb; 935 struct ovl_fs *ofs = OVL_FS(sb); 936 size_t nr, nr_merged_lower = ofs->numlayer - ofs->numdatalayer; 937 938 /* 939 * lowerdirs[] starts from offset 1, then 940 * >= 0 regular lower layers prefixed with : and 941 * >= 0 data-only lower layers prefixed with :: 942 * 943 * we need to escase comma and space like seq_show_option() does and 944 * we also need to escape the colon separator from lowerdir paths. 945 */ 946 seq_puts(m, ",lowerdir="); 947 for (nr = 1; nr < ofs->numlayer; nr++) { 948 if (nr > 1) 949 seq_putc(m, ':'); 950 if (nr >= nr_merged_lower) 951 seq_putc(m, ':'); 952 seq_escape(m, ofs->config.lowerdirs[nr], ":, \t\n\\"); 953 } 954 if (ofs->config.upperdir) { 955 seq_show_option(m, "upperdir", ofs->config.upperdir); 956 seq_show_option(m, "workdir", ofs->config.workdir); 957 } 958 if (ofs->config.default_permissions) 959 seq_puts(m, ",default_permissions"); 960 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 961 seq_printf(m, ",redirect_dir=%s", 962 ovl_redirect_mode(&ofs->config)); 963 if (ofs->config.index != ovl_index_def) 964 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 965 if (ofs->config.uuid != ovl_uuid_def()) 966 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 967 if (ofs->config.nfs_export != ovl_nfs_export_def) 968 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 969 "on" : "off"); 970 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 971 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 972 if (ofs->config.metacopy != ovl_metacopy_def) 973 seq_printf(m, ",metacopy=%s", 974 ofs->config.metacopy ? "on" : "off"); 975 if (ofs->config.ovl_volatile) 976 seq_puts(m, ",volatile"); 977 if (ofs->config.userxattr) 978 seq_puts(m, ",userxattr"); 979 if (ofs->config.verity_mode != ovl_verity_mode_def()) 980 seq_printf(m, ",verity=%s", 981 ovl_verity_mode(&ofs->config)); 982 return 0; 983 } 984