1 /* 2 * 3 * Copyright (C) 2011 Novell Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10 #include <uapi/linux/magic.h> 11 #include <linux/fs.h> 12 #include <linux/namei.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/parser.h> 16 #include <linux/module.h> 17 #include <linux/statfs.h> 18 #include <linux/seq_file.h> 19 #include <linux/posix_acl_xattr.h> 20 #include "overlayfs.h" 21 #include "ovl_entry.h" 22 23 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>"); 24 MODULE_DESCRIPTION("Overlay filesystem"); 25 MODULE_LICENSE("GPL"); 26 27 28 struct ovl_dir_cache; 29 30 #define OVL_MAX_STACK 500 31 32 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 33 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 34 MODULE_PARM_DESC(ovl_redirect_dir_def, 35 "Default to on or off for the redirect_dir feature"); 36 37 static void ovl_dentry_release(struct dentry *dentry) 38 { 39 struct ovl_entry *oe = dentry->d_fsdata; 40 41 if (oe) { 42 unsigned int i; 43 44 dput(oe->__upperdentry); 45 kfree(oe->redirect); 46 for (i = 0; i < oe->numlower; i++) 47 dput(oe->lowerstack[i].dentry); 48 kfree_rcu(oe, rcu); 49 } 50 } 51 52 static struct dentry *ovl_d_real(struct dentry *dentry, 53 const struct inode *inode, 54 unsigned int open_flags) 55 { 56 struct dentry *real; 57 58 if (!d_is_reg(dentry)) { 59 if (!inode || inode == d_inode(dentry)) 60 return dentry; 61 goto bug; 62 } 63 64 if (d_is_negative(dentry)) 65 return dentry; 66 67 if (open_flags) { 68 int err = ovl_open_maybe_copy_up(dentry, open_flags); 69 70 if (err) 71 return ERR_PTR(err); 72 } 73 74 real = ovl_dentry_upper(dentry); 75 if (real && (!inode || inode == d_inode(real))) 76 return real; 77 78 real = ovl_dentry_lower(dentry); 79 if (!real) 80 goto bug; 81 82 /* Handle recursion */ 83 real = d_real(real, inode, open_flags); 84 85 if (!inode || inode == d_inode(real)) 86 return real; 87 bug: 88 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry, 89 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0); 90 return dentry; 91 } 92 93 static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags) 94 { 95 struct ovl_entry *oe = dentry->d_fsdata; 96 unsigned int i; 97 int ret = 1; 98 99 for (i = 0; i < oe->numlower; i++) { 100 struct dentry *d = oe->lowerstack[i].dentry; 101 102 if (d->d_flags & DCACHE_OP_REVALIDATE) { 103 ret = d->d_op->d_revalidate(d, flags); 104 if (ret < 0) 105 return ret; 106 if (!ret) { 107 if (!(flags & LOOKUP_RCU)) 108 d_invalidate(d); 109 return -ESTALE; 110 } 111 } 112 } 113 return 1; 114 } 115 116 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags) 117 { 118 struct ovl_entry *oe = dentry->d_fsdata; 119 unsigned int i; 120 int ret = 1; 121 122 for (i = 0; i < oe->numlower; i++) { 123 struct dentry *d = oe->lowerstack[i].dentry; 124 125 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) { 126 ret = d->d_op->d_weak_revalidate(d, flags); 127 if (ret <= 0) 128 break; 129 } 130 } 131 return ret; 132 } 133 134 static const struct dentry_operations ovl_dentry_operations = { 135 .d_release = ovl_dentry_release, 136 .d_real = ovl_d_real, 137 }; 138 139 static const struct dentry_operations ovl_reval_dentry_operations = { 140 .d_release = ovl_dentry_release, 141 .d_real = ovl_d_real, 142 .d_revalidate = ovl_dentry_revalidate, 143 .d_weak_revalidate = ovl_dentry_weak_revalidate, 144 }; 145 146 static void ovl_put_super(struct super_block *sb) 147 { 148 struct ovl_fs *ufs = sb->s_fs_info; 149 unsigned i; 150 151 dput(ufs->workdir); 152 mntput(ufs->upper_mnt); 153 for (i = 0; i < ufs->numlower; i++) 154 mntput(ufs->lower_mnt[i]); 155 kfree(ufs->lower_mnt); 156 157 kfree(ufs->config.lowerdir); 158 kfree(ufs->config.upperdir); 159 kfree(ufs->config.workdir); 160 put_cred(ufs->creator_cred); 161 kfree(ufs); 162 } 163 164 static int ovl_sync_fs(struct super_block *sb, int wait) 165 { 166 struct ovl_fs *ufs = sb->s_fs_info; 167 struct super_block *upper_sb; 168 int ret; 169 170 if (!ufs->upper_mnt) 171 return 0; 172 upper_sb = ufs->upper_mnt->mnt_sb; 173 if (!upper_sb->s_op->sync_fs) 174 return 0; 175 176 /* real inodes have already been synced by sync_filesystem(ovl_sb) */ 177 down_read(&upper_sb->s_umount); 178 ret = upper_sb->s_op->sync_fs(upper_sb, wait); 179 up_read(&upper_sb->s_umount); 180 return ret; 181 } 182 183 /** 184 * ovl_statfs 185 * @sb: The overlayfs super block 186 * @buf: The struct kstatfs to fill in with stats 187 * 188 * Get the filesystem statistics. As writes always target the upper layer 189 * filesystem pass the statfs to the upper filesystem (if it exists) 190 */ 191 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf) 192 { 193 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 194 struct dentry *root_dentry = dentry->d_sb->s_root; 195 struct path path; 196 int err; 197 198 ovl_path_real(root_dentry, &path); 199 200 err = vfs_statfs(&path, buf); 201 if (!err) { 202 buf->f_namelen = ofs->namelen; 203 buf->f_type = OVERLAYFS_SUPER_MAGIC; 204 } 205 206 return err; 207 } 208 209 /** 210 * ovl_show_options 211 * 212 * Prints the mount options for a given superblock. 213 * Returns zero; does not fail. 214 */ 215 static int ovl_show_options(struct seq_file *m, struct dentry *dentry) 216 { 217 struct super_block *sb = dentry->d_sb; 218 struct ovl_fs *ufs = sb->s_fs_info; 219 220 seq_show_option(m, "lowerdir", ufs->config.lowerdir); 221 if (ufs->config.upperdir) { 222 seq_show_option(m, "upperdir", ufs->config.upperdir); 223 seq_show_option(m, "workdir", ufs->config.workdir); 224 } 225 if (ufs->config.default_permissions) 226 seq_puts(m, ",default_permissions"); 227 if (ufs->config.redirect_dir != ovl_redirect_dir_def) 228 seq_printf(m, ",redirect_dir=%s", 229 ufs->config.redirect_dir ? "on" : "off"); 230 return 0; 231 } 232 233 static int ovl_remount(struct super_block *sb, int *flags, char *data) 234 { 235 struct ovl_fs *ufs = sb->s_fs_info; 236 237 if (!(*flags & MS_RDONLY) && (!ufs->upper_mnt || !ufs->workdir)) 238 return -EROFS; 239 240 return 0; 241 } 242 243 static const struct super_operations ovl_super_operations = { 244 .put_super = ovl_put_super, 245 .sync_fs = ovl_sync_fs, 246 .statfs = ovl_statfs, 247 .show_options = ovl_show_options, 248 .remount_fs = ovl_remount, 249 .drop_inode = generic_delete_inode, 250 }; 251 252 enum { 253 OPT_LOWERDIR, 254 OPT_UPPERDIR, 255 OPT_WORKDIR, 256 OPT_DEFAULT_PERMISSIONS, 257 OPT_REDIRECT_DIR_ON, 258 OPT_REDIRECT_DIR_OFF, 259 OPT_ERR, 260 }; 261 262 static const match_table_t ovl_tokens = { 263 {OPT_LOWERDIR, "lowerdir=%s"}, 264 {OPT_UPPERDIR, "upperdir=%s"}, 265 {OPT_WORKDIR, "workdir=%s"}, 266 {OPT_DEFAULT_PERMISSIONS, "default_permissions"}, 267 {OPT_REDIRECT_DIR_ON, "redirect_dir=on"}, 268 {OPT_REDIRECT_DIR_OFF, "redirect_dir=off"}, 269 {OPT_ERR, NULL} 270 }; 271 272 static char *ovl_next_opt(char **s) 273 { 274 char *sbegin = *s; 275 char *p; 276 277 if (sbegin == NULL) 278 return NULL; 279 280 for (p = sbegin; *p; p++) { 281 if (*p == '\\') { 282 p++; 283 if (!*p) 284 break; 285 } else if (*p == ',') { 286 *p = '\0'; 287 *s = p + 1; 288 return sbegin; 289 } 290 } 291 *s = NULL; 292 return sbegin; 293 } 294 295 static int ovl_parse_opt(char *opt, struct ovl_config *config) 296 { 297 char *p; 298 299 while ((p = ovl_next_opt(&opt)) != NULL) { 300 int token; 301 substring_t args[MAX_OPT_ARGS]; 302 303 if (!*p) 304 continue; 305 306 token = match_token(p, ovl_tokens, args); 307 switch (token) { 308 case OPT_UPPERDIR: 309 kfree(config->upperdir); 310 config->upperdir = match_strdup(&args[0]); 311 if (!config->upperdir) 312 return -ENOMEM; 313 break; 314 315 case OPT_LOWERDIR: 316 kfree(config->lowerdir); 317 config->lowerdir = match_strdup(&args[0]); 318 if (!config->lowerdir) 319 return -ENOMEM; 320 break; 321 322 case OPT_WORKDIR: 323 kfree(config->workdir); 324 config->workdir = match_strdup(&args[0]); 325 if (!config->workdir) 326 return -ENOMEM; 327 break; 328 329 case OPT_DEFAULT_PERMISSIONS: 330 config->default_permissions = true; 331 break; 332 333 case OPT_REDIRECT_DIR_ON: 334 config->redirect_dir = true; 335 break; 336 337 case OPT_REDIRECT_DIR_OFF: 338 config->redirect_dir = false; 339 break; 340 341 default: 342 pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p); 343 return -EINVAL; 344 } 345 } 346 347 /* Workdir is useless in non-upper mount */ 348 if (!config->upperdir && config->workdir) { 349 pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 350 config->workdir); 351 kfree(config->workdir); 352 config->workdir = NULL; 353 } 354 355 return 0; 356 } 357 358 #define OVL_WORKDIR_NAME "work" 359 360 static struct dentry *ovl_workdir_create(struct vfsmount *mnt, 361 struct dentry *dentry) 362 { 363 struct inode *dir = dentry->d_inode; 364 struct dentry *work; 365 int err; 366 bool retried = false; 367 368 err = mnt_want_write(mnt); 369 if (err) 370 return ERR_PTR(err); 371 372 inode_lock_nested(dir, I_MUTEX_PARENT); 373 retry: 374 work = lookup_one_len(OVL_WORKDIR_NAME, dentry, 375 strlen(OVL_WORKDIR_NAME)); 376 377 if (!IS_ERR(work)) { 378 struct iattr attr = { 379 .ia_valid = ATTR_MODE, 380 .ia_mode = S_IFDIR | 0, 381 }; 382 383 if (work->d_inode) { 384 err = -EEXIST; 385 if (retried) 386 goto out_dput; 387 388 retried = true; 389 ovl_workdir_cleanup(dir, mnt, work, 0); 390 dput(work); 391 goto retry; 392 } 393 394 err = ovl_create_real(dir, work, 395 &(struct cattr){.mode = S_IFDIR | 0}, 396 NULL, true); 397 if (err) 398 goto out_dput; 399 400 /* 401 * Try to remove POSIX ACL xattrs from workdir. We are good if: 402 * 403 * a) success (there was a POSIX ACL xattr and was removed) 404 * b) -ENODATA (there was no POSIX ACL xattr) 405 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported) 406 * 407 * There are various other error values that could effectively 408 * mean that the xattr doesn't exist (e.g. -ERANGE is returned 409 * if the xattr name is too long), but the set of filesystems 410 * allowed as upper are limited to "normal" ones, where checking 411 * for the above two errors is sufficient. 412 */ 413 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT); 414 if (err && err != -ENODATA && err != -EOPNOTSUPP) 415 goto out_dput; 416 417 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS); 418 if (err && err != -ENODATA && err != -EOPNOTSUPP) 419 goto out_dput; 420 421 /* Clear any inherited mode bits */ 422 inode_lock(work->d_inode); 423 err = notify_change(work, &attr, NULL); 424 inode_unlock(work->d_inode); 425 if (err) 426 goto out_dput; 427 } 428 out_unlock: 429 inode_unlock(dir); 430 mnt_drop_write(mnt); 431 432 return work; 433 434 out_dput: 435 dput(work); 436 work = ERR_PTR(err); 437 goto out_unlock; 438 } 439 440 static void ovl_unescape(char *s) 441 { 442 char *d = s; 443 444 for (;; s++, d++) { 445 if (*s == '\\') 446 s++; 447 *d = *s; 448 if (!*s) 449 break; 450 } 451 } 452 453 static int ovl_mount_dir_noesc(const char *name, struct path *path) 454 { 455 int err = -EINVAL; 456 457 if (!*name) { 458 pr_err("overlayfs: empty lowerdir\n"); 459 goto out; 460 } 461 err = kern_path(name, LOOKUP_FOLLOW, path); 462 if (err) { 463 pr_err("overlayfs: failed to resolve '%s': %i\n", name, err); 464 goto out; 465 } 466 err = -EINVAL; 467 if (ovl_dentry_weird(path->dentry)) { 468 pr_err("overlayfs: filesystem on '%s' not supported\n", name); 469 goto out_put; 470 } 471 if (!d_is_dir(path->dentry)) { 472 pr_err("overlayfs: '%s' not a directory\n", name); 473 goto out_put; 474 } 475 return 0; 476 477 out_put: 478 path_put(path); 479 out: 480 return err; 481 } 482 483 static int ovl_mount_dir(const char *name, struct path *path) 484 { 485 int err = -ENOMEM; 486 char *tmp = kstrdup(name, GFP_KERNEL); 487 488 if (tmp) { 489 ovl_unescape(tmp); 490 err = ovl_mount_dir_noesc(tmp, path); 491 492 if (!err) 493 if (ovl_dentry_remote(path->dentry)) { 494 pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n", 495 tmp); 496 path_put(path); 497 err = -EINVAL; 498 } 499 kfree(tmp); 500 } 501 return err; 502 } 503 504 static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs, 505 const char *name) 506 { 507 struct kstatfs statfs; 508 int err = vfs_statfs(path, &statfs); 509 510 if (err) 511 pr_err("overlayfs: statfs failed on '%s'\n", name); 512 else 513 ofs->namelen = max(ofs->namelen, statfs.f_namelen); 514 515 return err; 516 } 517 518 static int ovl_lower_dir(const char *name, struct path *path, 519 struct ovl_fs *ofs, int *stack_depth, bool *remote) 520 { 521 int err; 522 523 err = ovl_mount_dir_noesc(name, path); 524 if (err) 525 goto out; 526 527 err = ovl_check_namelen(path, ofs, name); 528 if (err) 529 goto out_put; 530 531 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth); 532 533 if (ovl_dentry_remote(path->dentry)) 534 *remote = true; 535 536 return 0; 537 538 out_put: 539 path_put(path); 540 out: 541 return err; 542 } 543 544 /* Workdir should not be subdir of upperdir and vice versa */ 545 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir) 546 { 547 bool ok = false; 548 549 if (workdir != upperdir) { 550 ok = (lock_rename(workdir, upperdir) == NULL); 551 unlock_rename(workdir, upperdir); 552 } 553 return ok; 554 } 555 556 static unsigned int ovl_split_lowerdirs(char *str) 557 { 558 unsigned int ctr = 1; 559 char *s, *d; 560 561 for (s = d = str;; s++, d++) { 562 if (*s == '\\') { 563 s++; 564 } else if (*s == ':') { 565 *d = '\0'; 566 ctr++; 567 continue; 568 } 569 *d = *s; 570 if (!*s) 571 break; 572 } 573 return ctr; 574 } 575 576 static int __maybe_unused 577 ovl_posix_acl_xattr_get(const struct xattr_handler *handler, 578 struct dentry *dentry, struct inode *inode, 579 const char *name, void *buffer, size_t size) 580 { 581 return ovl_xattr_get(dentry, handler->name, buffer, size); 582 } 583 584 static int __maybe_unused 585 ovl_posix_acl_xattr_set(const struct xattr_handler *handler, 586 struct dentry *dentry, struct inode *inode, 587 const char *name, const void *value, 588 size_t size, int flags) 589 { 590 struct dentry *workdir = ovl_workdir(dentry); 591 struct inode *realinode = ovl_inode_real(inode, NULL); 592 struct posix_acl *acl = NULL; 593 int err; 594 595 /* Check that everything is OK before copy-up */ 596 if (value) { 597 acl = posix_acl_from_xattr(&init_user_ns, value, size); 598 if (IS_ERR(acl)) 599 return PTR_ERR(acl); 600 } 601 err = -EOPNOTSUPP; 602 if (!IS_POSIXACL(d_inode(workdir))) 603 goto out_acl_release; 604 if (!realinode->i_op->set_acl) 605 goto out_acl_release; 606 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) { 607 err = acl ? -EACCES : 0; 608 goto out_acl_release; 609 } 610 err = -EPERM; 611 if (!inode_owner_or_capable(inode)) 612 goto out_acl_release; 613 614 posix_acl_release(acl); 615 616 /* 617 * Check if sgid bit needs to be cleared (actual setacl operation will 618 * be done with mounter's capabilities and so that won't do it for us). 619 */ 620 if (unlikely(inode->i_mode & S_ISGID) && 621 handler->flags == ACL_TYPE_ACCESS && 622 !in_group_p(inode->i_gid) && 623 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) { 624 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID }; 625 626 err = ovl_setattr(dentry, &iattr); 627 if (err) 628 return err; 629 } 630 631 err = ovl_xattr_set(dentry, handler->name, value, size, flags); 632 if (!err) 633 ovl_copyattr(ovl_inode_real(inode, NULL), inode); 634 635 return err; 636 637 out_acl_release: 638 posix_acl_release(acl); 639 return err; 640 } 641 642 static int ovl_own_xattr_get(const struct xattr_handler *handler, 643 struct dentry *dentry, struct inode *inode, 644 const char *name, void *buffer, size_t size) 645 { 646 return -EOPNOTSUPP; 647 } 648 649 static int ovl_own_xattr_set(const struct xattr_handler *handler, 650 struct dentry *dentry, struct inode *inode, 651 const char *name, const void *value, 652 size_t size, int flags) 653 { 654 return -EOPNOTSUPP; 655 } 656 657 static int ovl_other_xattr_get(const struct xattr_handler *handler, 658 struct dentry *dentry, struct inode *inode, 659 const char *name, void *buffer, size_t size) 660 { 661 return ovl_xattr_get(dentry, name, buffer, size); 662 } 663 664 static int ovl_other_xattr_set(const struct xattr_handler *handler, 665 struct dentry *dentry, struct inode *inode, 666 const char *name, const void *value, 667 size_t size, int flags) 668 { 669 return ovl_xattr_set(dentry, name, value, size, flags); 670 } 671 672 static const struct xattr_handler __maybe_unused 673 ovl_posix_acl_access_xattr_handler = { 674 .name = XATTR_NAME_POSIX_ACL_ACCESS, 675 .flags = ACL_TYPE_ACCESS, 676 .get = ovl_posix_acl_xattr_get, 677 .set = ovl_posix_acl_xattr_set, 678 }; 679 680 static const struct xattr_handler __maybe_unused 681 ovl_posix_acl_default_xattr_handler = { 682 .name = XATTR_NAME_POSIX_ACL_DEFAULT, 683 .flags = ACL_TYPE_DEFAULT, 684 .get = ovl_posix_acl_xattr_get, 685 .set = ovl_posix_acl_xattr_set, 686 }; 687 688 static const struct xattr_handler ovl_own_xattr_handler = { 689 .prefix = OVL_XATTR_PREFIX, 690 .get = ovl_own_xattr_get, 691 .set = ovl_own_xattr_set, 692 }; 693 694 static const struct xattr_handler ovl_other_xattr_handler = { 695 .prefix = "", /* catch all */ 696 .get = ovl_other_xattr_get, 697 .set = ovl_other_xattr_set, 698 }; 699 700 static const struct xattr_handler *ovl_xattr_handlers[] = { 701 #ifdef CONFIG_FS_POSIX_ACL 702 &ovl_posix_acl_access_xattr_handler, 703 &ovl_posix_acl_default_xattr_handler, 704 #endif 705 &ovl_own_xattr_handler, 706 &ovl_other_xattr_handler, 707 NULL 708 }; 709 710 static int ovl_fill_super(struct super_block *sb, void *data, int silent) 711 { 712 struct path upperpath = { NULL, NULL }; 713 struct path workpath = { NULL, NULL }; 714 struct dentry *root_dentry; 715 struct inode *realinode; 716 struct ovl_entry *oe; 717 struct ovl_fs *ufs; 718 struct path *stack = NULL; 719 char *lowertmp; 720 char *lower; 721 unsigned int numlower; 722 unsigned int stacklen = 0; 723 unsigned int i; 724 bool remote = false; 725 struct cred *cred; 726 int err; 727 728 err = -ENOMEM; 729 ufs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 730 if (!ufs) 731 goto out; 732 733 init_waitqueue_head(&ufs->copyup_wq); 734 ufs->config.redirect_dir = ovl_redirect_dir_def; 735 err = ovl_parse_opt((char *) data, &ufs->config); 736 if (err) 737 goto out_free_config; 738 739 err = -EINVAL; 740 if (!ufs->config.lowerdir) { 741 if (!silent) 742 pr_err("overlayfs: missing 'lowerdir'\n"); 743 goto out_free_config; 744 } 745 746 sb->s_stack_depth = 0; 747 sb->s_maxbytes = MAX_LFS_FILESIZE; 748 if (ufs->config.upperdir) { 749 if (!ufs->config.workdir) { 750 pr_err("overlayfs: missing 'workdir'\n"); 751 goto out_free_config; 752 } 753 754 err = ovl_mount_dir(ufs->config.upperdir, &upperpath); 755 if (err) 756 goto out_free_config; 757 758 /* Upper fs should not be r/o */ 759 if (upperpath.mnt->mnt_sb->s_flags & MS_RDONLY) { 760 pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n"); 761 err = -EINVAL; 762 goto out_put_upperpath; 763 } 764 765 err = ovl_check_namelen(&upperpath, ufs, ufs->config.upperdir); 766 if (err) 767 goto out_put_upperpath; 768 769 err = ovl_mount_dir(ufs->config.workdir, &workpath); 770 if (err) 771 goto out_put_upperpath; 772 773 err = -EINVAL; 774 if (upperpath.mnt != workpath.mnt) { 775 pr_err("overlayfs: workdir and upperdir must reside under the same mount\n"); 776 goto out_put_workpath; 777 } 778 if (!ovl_workdir_ok(workpath.dentry, upperpath.dentry)) { 779 pr_err("overlayfs: workdir and upperdir must be separate subtrees\n"); 780 goto out_put_workpath; 781 } 782 sb->s_stack_depth = upperpath.mnt->mnt_sb->s_stack_depth; 783 } 784 err = -ENOMEM; 785 lowertmp = kstrdup(ufs->config.lowerdir, GFP_KERNEL); 786 if (!lowertmp) 787 goto out_put_workpath; 788 789 err = -EINVAL; 790 stacklen = ovl_split_lowerdirs(lowertmp); 791 if (stacklen > OVL_MAX_STACK) { 792 pr_err("overlayfs: too many lower directories, limit is %d\n", 793 OVL_MAX_STACK); 794 goto out_free_lowertmp; 795 } else if (!ufs->config.upperdir && stacklen == 1) { 796 pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n"); 797 goto out_free_lowertmp; 798 } 799 800 err = -ENOMEM; 801 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL); 802 if (!stack) 803 goto out_free_lowertmp; 804 805 err = -EINVAL; 806 lower = lowertmp; 807 for (numlower = 0; numlower < stacklen; numlower++) { 808 err = ovl_lower_dir(lower, &stack[numlower], ufs, 809 &sb->s_stack_depth, &remote); 810 if (err) 811 goto out_put_lowerpath; 812 813 lower = strchr(lower, '\0') + 1; 814 } 815 816 err = -EINVAL; 817 sb->s_stack_depth++; 818 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { 819 pr_err("overlayfs: maximum fs stacking depth exceeded\n"); 820 goto out_put_lowerpath; 821 } 822 823 if (ufs->config.upperdir) { 824 ufs->upper_mnt = clone_private_mount(&upperpath); 825 err = PTR_ERR(ufs->upper_mnt); 826 if (IS_ERR(ufs->upper_mnt)) { 827 pr_err("overlayfs: failed to clone upperpath\n"); 828 goto out_put_lowerpath; 829 } 830 /* Don't inherit atime flags */ 831 ufs->upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); 832 833 sb->s_time_gran = ufs->upper_mnt->mnt_sb->s_time_gran; 834 835 ufs->workdir = ovl_workdir_create(ufs->upper_mnt, workpath.dentry); 836 err = PTR_ERR(ufs->workdir); 837 if (IS_ERR(ufs->workdir)) { 838 pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n", 839 ufs->config.workdir, OVL_WORKDIR_NAME, -err); 840 sb->s_flags |= MS_RDONLY; 841 ufs->workdir = NULL; 842 } 843 844 /* 845 * Upper should support d_type, else whiteouts are visible. 846 * Given workdir and upper are on same fs, we can do 847 * iterate_dir() on workdir. This check requires successful 848 * creation of workdir in previous step. 849 */ 850 if (ufs->workdir) { 851 struct dentry *temp; 852 853 err = ovl_check_d_type_supported(&workpath); 854 if (err < 0) 855 goto out_put_workdir; 856 857 /* 858 * We allowed this configuration and don't want to 859 * break users over kernel upgrade. So warn instead 860 * of erroring out. 861 */ 862 if (!err) 863 pr_warn("overlayfs: upper fs needs to support d_type.\n"); 864 865 /* Check if upper/work fs supports O_TMPFILE */ 866 temp = ovl_do_tmpfile(ufs->workdir, S_IFREG | 0); 867 ufs->tmpfile = !IS_ERR(temp); 868 if (ufs->tmpfile) 869 dput(temp); 870 else 871 pr_warn("overlayfs: upper fs does not support tmpfile.\n"); 872 } 873 } 874 875 err = -ENOMEM; 876 ufs->lower_mnt = kcalloc(numlower, sizeof(struct vfsmount *), GFP_KERNEL); 877 if (ufs->lower_mnt == NULL) 878 goto out_put_workdir; 879 for (i = 0; i < numlower; i++) { 880 struct vfsmount *mnt = clone_private_mount(&stack[i]); 881 882 err = PTR_ERR(mnt); 883 if (IS_ERR(mnt)) { 884 pr_err("overlayfs: failed to clone lowerpath\n"); 885 goto out_put_lower_mnt; 886 } 887 /* 888 * Make lower_mnt R/O. That way fchmod/fchown on lower file 889 * will fail instead of modifying lower fs. 890 */ 891 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME; 892 893 ufs->lower_mnt[ufs->numlower] = mnt; 894 ufs->numlower++; 895 } 896 897 /* If the upper fs is nonexistent, we mark overlayfs r/o too */ 898 if (!ufs->upper_mnt) 899 sb->s_flags |= MS_RDONLY; 900 901 if (remote) 902 sb->s_d_op = &ovl_reval_dentry_operations; 903 else 904 sb->s_d_op = &ovl_dentry_operations; 905 906 ufs->creator_cred = cred = prepare_creds(); 907 if (!cred) 908 goto out_put_lower_mnt; 909 910 /* Never override disk quota limits or use reserved space */ 911 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE); 912 913 err = -ENOMEM; 914 oe = ovl_alloc_entry(numlower); 915 if (!oe) 916 goto out_put_cred; 917 918 sb->s_magic = OVERLAYFS_SUPER_MAGIC; 919 sb->s_op = &ovl_super_operations; 920 sb->s_xattr = ovl_xattr_handlers; 921 sb->s_fs_info = ufs; 922 sb->s_flags |= MS_POSIXACL | MS_NOREMOTELOCK; 923 924 root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0)); 925 if (!root_dentry) 926 goto out_free_oe; 927 928 mntput(upperpath.mnt); 929 for (i = 0; i < numlower; i++) 930 mntput(stack[i].mnt); 931 path_put(&workpath); 932 kfree(lowertmp); 933 934 oe->__upperdentry = upperpath.dentry; 935 for (i = 0; i < numlower; i++) { 936 oe->lowerstack[i].dentry = stack[i].dentry; 937 oe->lowerstack[i].mnt = ufs->lower_mnt[i]; 938 } 939 kfree(stack); 940 941 root_dentry->d_fsdata = oe; 942 943 realinode = d_inode(ovl_dentry_real(root_dentry)); 944 ovl_inode_init(d_inode(root_dentry), realinode, !!upperpath.dentry); 945 ovl_copyattr(realinode, d_inode(root_dentry)); 946 947 sb->s_root = root_dentry; 948 949 return 0; 950 951 out_free_oe: 952 kfree(oe); 953 out_put_cred: 954 put_cred(ufs->creator_cred); 955 out_put_lower_mnt: 956 for (i = 0; i < ufs->numlower; i++) 957 mntput(ufs->lower_mnt[i]); 958 kfree(ufs->lower_mnt); 959 out_put_workdir: 960 dput(ufs->workdir); 961 mntput(ufs->upper_mnt); 962 out_put_lowerpath: 963 for (i = 0; i < numlower; i++) 964 path_put(&stack[i]); 965 kfree(stack); 966 out_free_lowertmp: 967 kfree(lowertmp); 968 out_put_workpath: 969 path_put(&workpath); 970 out_put_upperpath: 971 path_put(&upperpath); 972 out_free_config: 973 kfree(ufs->config.lowerdir); 974 kfree(ufs->config.upperdir); 975 kfree(ufs->config.workdir); 976 kfree(ufs); 977 out: 978 return err; 979 } 980 981 static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags, 982 const char *dev_name, void *raw_data) 983 { 984 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super); 985 } 986 987 static struct file_system_type ovl_fs_type = { 988 .owner = THIS_MODULE, 989 .name = "overlay", 990 .mount = ovl_mount, 991 .kill_sb = kill_anon_super, 992 }; 993 MODULE_ALIAS_FS("overlay"); 994 995 static int __init ovl_init(void) 996 { 997 return register_filesystem(&ovl_fs_type); 998 } 999 1000 static void __exit ovl_exit(void) 1001 { 1002 unregister_filesystem(&ovl_fs_type); 1003 } 1004 1005 module_init(ovl_init); 1006 module_exit(ovl_exit); 1007