1 /* 2 * 3 * Copyright (C) 2011 Novell Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10 #include <uapi/linux/magic.h> 11 #include <linux/fs.h> 12 #include <linux/namei.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/parser.h> 16 #include <linux/module.h> 17 #include <linux/statfs.h> 18 #include <linux/seq_file.h> 19 #include <linux/posix_acl_xattr.h> 20 #include "overlayfs.h" 21 #include "ovl_entry.h" 22 23 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>"); 24 MODULE_DESCRIPTION("Overlay filesystem"); 25 MODULE_LICENSE("GPL"); 26 27 28 struct ovl_dir_cache; 29 30 #define OVL_MAX_STACK 500 31 32 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 33 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 34 MODULE_PARM_DESC(ovl_redirect_dir_def, 35 "Default to on or off for the redirect_dir feature"); 36 37 static void ovl_dentry_release(struct dentry *dentry) 38 { 39 struct ovl_entry *oe = dentry->d_fsdata; 40 41 if (oe) { 42 unsigned int i; 43 44 dput(oe->__upperdentry); 45 kfree(oe->redirect); 46 for (i = 0; i < oe->numlower; i++) 47 dput(oe->lowerstack[i].dentry); 48 kfree_rcu(oe, rcu); 49 } 50 } 51 52 static struct dentry *ovl_d_real(struct dentry *dentry, 53 const struct inode *inode, 54 unsigned int open_flags) 55 { 56 struct dentry *real; 57 58 if (!d_is_reg(dentry)) { 59 if (!inode || inode == d_inode(dentry)) 60 return dentry; 61 goto bug; 62 } 63 64 if (d_is_negative(dentry)) 65 return dentry; 66 67 if (open_flags) { 68 int err = ovl_open_maybe_copy_up(dentry, open_flags); 69 70 if (err) 71 return ERR_PTR(err); 72 } 73 74 real = ovl_dentry_upper(dentry); 75 if (real && (!inode || inode == d_inode(real))) 76 return real; 77 78 real = ovl_dentry_lower(dentry); 79 if (!real) 80 goto bug; 81 82 /* Handle recursion */ 83 real = d_real(real, inode, open_flags); 84 85 if (!inode || inode == d_inode(real)) 86 return real; 87 bug: 88 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry, 89 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0); 90 return dentry; 91 } 92 93 static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags) 94 { 95 struct ovl_entry *oe = dentry->d_fsdata; 96 unsigned int i; 97 int ret = 1; 98 99 for (i = 0; i < oe->numlower; i++) { 100 struct dentry *d = oe->lowerstack[i].dentry; 101 102 if (d->d_flags & DCACHE_OP_REVALIDATE) { 103 ret = d->d_op->d_revalidate(d, flags); 104 if (ret < 0) 105 return ret; 106 if (!ret) { 107 if (!(flags & LOOKUP_RCU)) 108 d_invalidate(d); 109 return -ESTALE; 110 } 111 } 112 } 113 return 1; 114 } 115 116 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags) 117 { 118 struct ovl_entry *oe = dentry->d_fsdata; 119 unsigned int i; 120 int ret = 1; 121 122 for (i = 0; i < oe->numlower; i++) { 123 struct dentry *d = oe->lowerstack[i].dentry; 124 125 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) { 126 ret = d->d_op->d_weak_revalidate(d, flags); 127 if (ret <= 0) 128 break; 129 } 130 } 131 return ret; 132 } 133 134 static const struct dentry_operations ovl_dentry_operations = { 135 .d_release = ovl_dentry_release, 136 .d_real = ovl_d_real, 137 }; 138 139 static const struct dentry_operations ovl_reval_dentry_operations = { 140 .d_release = ovl_dentry_release, 141 .d_real = ovl_d_real, 142 .d_revalidate = ovl_dentry_revalidate, 143 .d_weak_revalidate = ovl_dentry_weak_revalidate, 144 }; 145 146 static void ovl_put_super(struct super_block *sb) 147 { 148 struct ovl_fs *ufs = sb->s_fs_info; 149 unsigned i; 150 151 dput(ufs->workdir); 152 mntput(ufs->upper_mnt); 153 for (i = 0; i < ufs->numlower; i++) 154 mntput(ufs->lower_mnt[i]); 155 kfree(ufs->lower_mnt); 156 157 kfree(ufs->config.lowerdir); 158 kfree(ufs->config.upperdir); 159 kfree(ufs->config.workdir); 160 put_cred(ufs->creator_cred); 161 kfree(ufs); 162 } 163 164 /** 165 * ovl_statfs 166 * @sb: The overlayfs super block 167 * @buf: The struct kstatfs to fill in with stats 168 * 169 * Get the filesystem statistics. As writes always target the upper layer 170 * filesystem pass the statfs to the upper filesystem (if it exists) 171 */ 172 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf) 173 { 174 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 175 struct dentry *root_dentry = dentry->d_sb->s_root; 176 struct path path; 177 int err; 178 179 ovl_path_real(root_dentry, &path); 180 181 err = vfs_statfs(&path, buf); 182 if (!err) { 183 buf->f_namelen = ofs->namelen; 184 buf->f_type = OVERLAYFS_SUPER_MAGIC; 185 } 186 187 return err; 188 } 189 190 /** 191 * ovl_show_options 192 * 193 * Prints the mount options for a given superblock. 194 * Returns zero; does not fail. 195 */ 196 static int ovl_show_options(struct seq_file *m, struct dentry *dentry) 197 { 198 struct super_block *sb = dentry->d_sb; 199 struct ovl_fs *ufs = sb->s_fs_info; 200 201 seq_show_option(m, "lowerdir", ufs->config.lowerdir); 202 if (ufs->config.upperdir) { 203 seq_show_option(m, "upperdir", ufs->config.upperdir); 204 seq_show_option(m, "workdir", ufs->config.workdir); 205 } 206 if (ufs->config.default_permissions) 207 seq_puts(m, ",default_permissions"); 208 if (ufs->config.redirect_dir != ovl_redirect_dir_def) 209 seq_printf(m, ",redirect_dir=%s", 210 ufs->config.redirect_dir ? "on" : "off"); 211 return 0; 212 } 213 214 static int ovl_remount(struct super_block *sb, int *flags, char *data) 215 { 216 struct ovl_fs *ufs = sb->s_fs_info; 217 218 if (!(*flags & MS_RDONLY) && (!ufs->upper_mnt || !ufs->workdir)) 219 return -EROFS; 220 221 return 0; 222 } 223 224 static const struct super_operations ovl_super_operations = { 225 .put_super = ovl_put_super, 226 .statfs = ovl_statfs, 227 .show_options = ovl_show_options, 228 .remount_fs = ovl_remount, 229 .drop_inode = generic_delete_inode, 230 }; 231 232 enum { 233 OPT_LOWERDIR, 234 OPT_UPPERDIR, 235 OPT_WORKDIR, 236 OPT_DEFAULT_PERMISSIONS, 237 OPT_REDIRECT_DIR_ON, 238 OPT_REDIRECT_DIR_OFF, 239 OPT_ERR, 240 }; 241 242 static const match_table_t ovl_tokens = { 243 {OPT_LOWERDIR, "lowerdir=%s"}, 244 {OPT_UPPERDIR, "upperdir=%s"}, 245 {OPT_WORKDIR, "workdir=%s"}, 246 {OPT_DEFAULT_PERMISSIONS, "default_permissions"}, 247 {OPT_REDIRECT_DIR_ON, "redirect_dir=on"}, 248 {OPT_REDIRECT_DIR_OFF, "redirect_dir=off"}, 249 {OPT_ERR, NULL} 250 }; 251 252 static char *ovl_next_opt(char **s) 253 { 254 char *sbegin = *s; 255 char *p; 256 257 if (sbegin == NULL) 258 return NULL; 259 260 for (p = sbegin; *p; p++) { 261 if (*p == '\\') { 262 p++; 263 if (!*p) 264 break; 265 } else if (*p == ',') { 266 *p = '\0'; 267 *s = p + 1; 268 return sbegin; 269 } 270 } 271 *s = NULL; 272 return sbegin; 273 } 274 275 static int ovl_parse_opt(char *opt, struct ovl_config *config) 276 { 277 char *p; 278 279 while ((p = ovl_next_opt(&opt)) != NULL) { 280 int token; 281 substring_t args[MAX_OPT_ARGS]; 282 283 if (!*p) 284 continue; 285 286 token = match_token(p, ovl_tokens, args); 287 switch (token) { 288 case OPT_UPPERDIR: 289 kfree(config->upperdir); 290 config->upperdir = match_strdup(&args[0]); 291 if (!config->upperdir) 292 return -ENOMEM; 293 break; 294 295 case OPT_LOWERDIR: 296 kfree(config->lowerdir); 297 config->lowerdir = match_strdup(&args[0]); 298 if (!config->lowerdir) 299 return -ENOMEM; 300 break; 301 302 case OPT_WORKDIR: 303 kfree(config->workdir); 304 config->workdir = match_strdup(&args[0]); 305 if (!config->workdir) 306 return -ENOMEM; 307 break; 308 309 case OPT_DEFAULT_PERMISSIONS: 310 config->default_permissions = true; 311 break; 312 313 case OPT_REDIRECT_DIR_ON: 314 config->redirect_dir = true; 315 break; 316 317 case OPT_REDIRECT_DIR_OFF: 318 config->redirect_dir = false; 319 break; 320 321 default: 322 pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p); 323 return -EINVAL; 324 } 325 } 326 327 /* Workdir is useless in non-upper mount */ 328 if (!config->upperdir && config->workdir) { 329 pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 330 config->workdir); 331 kfree(config->workdir); 332 config->workdir = NULL; 333 } 334 335 return 0; 336 } 337 338 #define OVL_WORKDIR_NAME "work" 339 340 static struct dentry *ovl_workdir_create(struct vfsmount *mnt, 341 struct dentry *dentry) 342 { 343 struct inode *dir = dentry->d_inode; 344 struct dentry *work; 345 int err; 346 bool retried = false; 347 348 err = mnt_want_write(mnt); 349 if (err) 350 return ERR_PTR(err); 351 352 inode_lock_nested(dir, I_MUTEX_PARENT); 353 retry: 354 work = lookup_one_len(OVL_WORKDIR_NAME, dentry, 355 strlen(OVL_WORKDIR_NAME)); 356 357 if (!IS_ERR(work)) { 358 struct iattr attr = { 359 .ia_valid = ATTR_MODE, 360 .ia_mode = S_IFDIR | 0, 361 }; 362 363 if (work->d_inode) { 364 err = -EEXIST; 365 if (retried) 366 goto out_dput; 367 368 retried = true; 369 ovl_workdir_cleanup(dir, mnt, work, 0); 370 dput(work); 371 goto retry; 372 } 373 374 err = ovl_create_real(dir, work, 375 &(struct cattr){.mode = S_IFDIR | 0}, 376 NULL, true); 377 if (err) 378 goto out_dput; 379 380 /* 381 * Try to remove POSIX ACL xattrs from workdir. We are good if: 382 * 383 * a) success (there was a POSIX ACL xattr and was removed) 384 * b) -ENODATA (there was no POSIX ACL xattr) 385 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported) 386 * 387 * There are various other error values that could effectively 388 * mean that the xattr doesn't exist (e.g. -ERANGE is returned 389 * if the xattr name is too long), but the set of filesystems 390 * allowed as upper are limited to "normal" ones, where checking 391 * for the above two errors is sufficient. 392 */ 393 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT); 394 if (err && err != -ENODATA && err != -EOPNOTSUPP) 395 goto out_dput; 396 397 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS); 398 if (err && err != -ENODATA && err != -EOPNOTSUPP) 399 goto out_dput; 400 401 /* Clear any inherited mode bits */ 402 inode_lock(work->d_inode); 403 err = notify_change(work, &attr, NULL); 404 inode_unlock(work->d_inode); 405 if (err) 406 goto out_dput; 407 } 408 out_unlock: 409 inode_unlock(dir); 410 mnt_drop_write(mnt); 411 412 return work; 413 414 out_dput: 415 dput(work); 416 work = ERR_PTR(err); 417 goto out_unlock; 418 } 419 420 static void ovl_unescape(char *s) 421 { 422 char *d = s; 423 424 for (;; s++, d++) { 425 if (*s == '\\') 426 s++; 427 *d = *s; 428 if (!*s) 429 break; 430 } 431 } 432 433 static int ovl_mount_dir_noesc(const char *name, struct path *path) 434 { 435 int err = -EINVAL; 436 437 if (!*name) { 438 pr_err("overlayfs: empty lowerdir\n"); 439 goto out; 440 } 441 err = kern_path(name, LOOKUP_FOLLOW, path); 442 if (err) { 443 pr_err("overlayfs: failed to resolve '%s': %i\n", name, err); 444 goto out; 445 } 446 err = -EINVAL; 447 if (ovl_dentry_weird(path->dentry)) { 448 pr_err("overlayfs: filesystem on '%s' not supported\n", name); 449 goto out_put; 450 } 451 if (!d_is_dir(path->dentry)) { 452 pr_err("overlayfs: '%s' not a directory\n", name); 453 goto out_put; 454 } 455 return 0; 456 457 out_put: 458 path_put(path); 459 out: 460 return err; 461 } 462 463 static int ovl_mount_dir(const char *name, struct path *path) 464 { 465 int err = -ENOMEM; 466 char *tmp = kstrdup(name, GFP_KERNEL); 467 468 if (tmp) { 469 ovl_unescape(tmp); 470 err = ovl_mount_dir_noesc(tmp, path); 471 472 if (!err) 473 if (ovl_dentry_remote(path->dentry)) { 474 pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n", 475 tmp); 476 path_put(path); 477 err = -EINVAL; 478 } 479 kfree(tmp); 480 } 481 return err; 482 } 483 484 static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs, 485 const char *name) 486 { 487 struct kstatfs statfs; 488 int err = vfs_statfs(path, &statfs); 489 490 if (err) 491 pr_err("overlayfs: statfs failed on '%s'\n", name); 492 else 493 ofs->namelen = max(ofs->namelen, statfs.f_namelen); 494 495 return err; 496 } 497 498 static int ovl_lower_dir(const char *name, struct path *path, 499 struct ovl_fs *ofs, int *stack_depth, bool *remote) 500 { 501 int err; 502 503 err = ovl_mount_dir_noesc(name, path); 504 if (err) 505 goto out; 506 507 err = ovl_check_namelen(path, ofs, name); 508 if (err) 509 goto out_put; 510 511 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth); 512 513 if (ovl_dentry_remote(path->dentry)) 514 *remote = true; 515 516 return 0; 517 518 out_put: 519 path_put(path); 520 out: 521 return err; 522 } 523 524 /* Workdir should not be subdir of upperdir and vice versa */ 525 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir) 526 { 527 bool ok = false; 528 529 if (workdir != upperdir) { 530 ok = (lock_rename(workdir, upperdir) == NULL); 531 unlock_rename(workdir, upperdir); 532 } 533 return ok; 534 } 535 536 static unsigned int ovl_split_lowerdirs(char *str) 537 { 538 unsigned int ctr = 1; 539 char *s, *d; 540 541 for (s = d = str;; s++, d++) { 542 if (*s == '\\') { 543 s++; 544 } else if (*s == ':') { 545 *d = '\0'; 546 ctr++; 547 continue; 548 } 549 *d = *s; 550 if (!*s) 551 break; 552 } 553 return ctr; 554 } 555 556 static int __maybe_unused 557 ovl_posix_acl_xattr_get(const struct xattr_handler *handler, 558 struct dentry *dentry, struct inode *inode, 559 const char *name, void *buffer, size_t size) 560 { 561 return ovl_xattr_get(dentry, handler->name, buffer, size); 562 } 563 564 static int __maybe_unused 565 ovl_posix_acl_xattr_set(const struct xattr_handler *handler, 566 struct dentry *dentry, struct inode *inode, 567 const char *name, const void *value, 568 size_t size, int flags) 569 { 570 struct dentry *workdir = ovl_workdir(dentry); 571 struct inode *realinode = ovl_inode_real(inode, NULL); 572 struct posix_acl *acl = NULL; 573 int err; 574 575 /* Check that everything is OK before copy-up */ 576 if (value) { 577 acl = posix_acl_from_xattr(&init_user_ns, value, size); 578 if (IS_ERR(acl)) 579 return PTR_ERR(acl); 580 } 581 err = -EOPNOTSUPP; 582 if (!IS_POSIXACL(d_inode(workdir))) 583 goto out_acl_release; 584 if (!realinode->i_op->set_acl) 585 goto out_acl_release; 586 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) { 587 err = acl ? -EACCES : 0; 588 goto out_acl_release; 589 } 590 err = -EPERM; 591 if (!inode_owner_or_capable(inode)) 592 goto out_acl_release; 593 594 posix_acl_release(acl); 595 596 /* 597 * Check if sgid bit needs to be cleared (actual setacl operation will 598 * be done with mounter's capabilities and so that won't do it for us). 599 */ 600 if (unlikely(inode->i_mode & S_ISGID) && 601 handler->flags == ACL_TYPE_ACCESS && 602 !in_group_p(inode->i_gid) && 603 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) { 604 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID }; 605 606 err = ovl_setattr(dentry, &iattr); 607 if (err) 608 return err; 609 } 610 611 err = ovl_xattr_set(dentry, handler->name, value, size, flags); 612 if (!err) 613 ovl_copyattr(ovl_inode_real(inode, NULL), inode); 614 615 return err; 616 617 out_acl_release: 618 posix_acl_release(acl); 619 return err; 620 } 621 622 static int ovl_own_xattr_get(const struct xattr_handler *handler, 623 struct dentry *dentry, struct inode *inode, 624 const char *name, void *buffer, size_t size) 625 { 626 return -EOPNOTSUPP; 627 } 628 629 static int ovl_own_xattr_set(const struct xattr_handler *handler, 630 struct dentry *dentry, struct inode *inode, 631 const char *name, const void *value, 632 size_t size, int flags) 633 { 634 return -EOPNOTSUPP; 635 } 636 637 static int ovl_other_xattr_get(const struct xattr_handler *handler, 638 struct dentry *dentry, struct inode *inode, 639 const char *name, void *buffer, size_t size) 640 { 641 return ovl_xattr_get(dentry, name, buffer, size); 642 } 643 644 static int ovl_other_xattr_set(const struct xattr_handler *handler, 645 struct dentry *dentry, struct inode *inode, 646 const char *name, const void *value, 647 size_t size, int flags) 648 { 649 return ovl_xattr_set(dentry, name, value, size, flags); 650 } 651 652 static const struct xattr_handler __maybe_unused 653 ovl_posix_acl_access_xattr_handler = { 654 .name = XATTR_NAME_POSIX_ACL_ACCESS, 655 .flags = ACL_TYPE_ACCESS, 656 .get = ovl_posix_acl_xattr_get, 657 .set = ovl_posix_acl_xattr_set, 658 }; 659 660 static const struct xattr_handler __maybe_unused 661 ovl_posix_acl_default_xattr_handler = { 662 .name = XATTR_NAME_POSIX_ACL_DEFAULT, 663 .flags = ACL_TYPE_DEFAULT, 664 .get = ovl_posix_acl_xattr_get, 665 .set = ovl_posix_acl_xattr_set, 666 }; 667 668 static const struct xattr_handler ovl_own_xattr_handler = { 669 .prefix = OVL_XATTR_PREFIX, 670 .get = ovl_own_xattr_get, 671 .set = ovl_own_xattr_set, 672 }; 673 674 static const struct xattr_handler ovl_other_xattr_handler = { 675 .prefix = "", /* catch all */ 676 .get = ovl_other_xattr_get, 677 .set = ovl_other_xattr_set, 678 }; 679 680 static const struct xattr_handler *ovl_xattr_handlers[] = { 681 #ifdef CONFIG_FS_POSIX_ACL 682 &ovl_posix_acl_access_xattr_handler, 683 &ovl_posix_acl_default_xattr_handler, 684 #endif 685 &ovl_own_xattr_handler, 686 &ovl_other_xattr_handler, 687 NULL 688 }; 689 690 static int ovl_fill_super(struct super_block *sb, void *data, int silent) 691 { 692 struct path upperpath = { NULL, NULL }; 693 struct path workpath = { NULL, NULL }; 694 struct dentry *root_dentry; 695 struct inode *realinode; 696 struct ovl_entry *oe; 697 struct ovl_fs *ufs; 698 struct path *stack = NULL; 699 char *lowertmp; 700 char *lower; 701 unsigned int numlower; 702 unsigned int stacklen = 0; 703 unsigned int i; 704 bool remote = false; 705 int err; 706 707 err = -ENOMEM; 708 ufs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 709 if (!ufs) 710 goto out; 711 712 ufs->config.redirect_dir = ovl_redirect_dir_def; 713 err = ovl_parse_opt((char *) data, &ufs->config); 714 if (err) 715 goto out_free_config; 716 717 err = -EINVAL; 718 if (!ufs->config.lowerdir) { 719 if (!silent) 720 pr_err("overlayfs: missing 'lowerdir'\n"); 721 goto out_free_config; 722 } 723 724 sb->s_stack_depth = 0; 725 sb->s_maxbytes = MAX_LFS_FILESIZE; 726 if (ufs->config.upperdir) { 727 if (!ufs->config.workdir) { 728 pr_err("overlayfs: missing 'workdir'\n"); 729 goto out_free_config; 730 } 731 732 err = ovl_mount_dir(ufs->config.upperdir, &upperpath); 733 if (err) 734 goto out_free_config; 735 736 /* Upper fs should not be r/o */ 737 if (upperpath.mnt->mnt_sb->s_flags & MS_RDONLY) { 738 pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n"); 739 err = -EINVAL; 740 goto out_put_upperpath; 741 } 742 743 err = ovl_check_namelen(&upperpath, ufs, ufs->config.upperdir); 744 if (err) 745 goto out_put_upperpath; 746 747 err = ovl_mount_dir(ufs->config.workdir, &workpath); 748 if (err) 749 goto out_put_upperpath; 750 751 err = -EINVAL; 752 if (upperpath.mnt != workpath.mnt) { 753 pr_err("overlayfs: workdir and upperdir must reside under the same mount\n"); 754 goto out_put_workpath; 755 } 756 if (!ovl_workdir_ok(workpath.dentry, upperpath.dentry)) { 757 pr_err("overlayfs: workdir and upperdir must be separate subtrees\n"); 758 goto out_put_workpath; 759 } 760 sb->s_stack_depth = upperpath.mnt->mnt_sb->s_stack_depth; 761 } 762 err = -ENOMEM; 763 lowertmp = kstrdup(ufs->config.lowerdir, GFP_KERNEL); 764 if (!lowertmp) 765 goto out_put_workpath; 766 767 err = -EINVAL; 768 stacklen = ovl_split_lowerdirs(lowertmp); 769 if (stacklen > OVL_MAX_STACK) { 770 pr_err("overlayfs: too many lower directories, limit is %d\n", 771 OVL_MAX_STACK); 772 goto out_free_lowertmp; 773 } else if (!ufs->config.upperdir && stacklen == 1) { 774 pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n"); 775 goto out_free_lowertmp; 776 } 777 778 err = -ENOMEM; 779 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL); 780 if (!stack) 781 goto out_free_lowertmp; 782 783 err = -EINVAL; 784 lower = lowertmp; 785 for (numlower = 0; numlower < stacklen; numlower++) { 786 err = ovl_lower_dir(lower, &stack[numlower], ufs, 787 &sb->s_stack_depth, &remote); 788 if (err) 789 goto out_put_lowerpath; 790 791 lower = strchr(lower, '\0') + 1; 792 } 793 794 err = -EINVAL; 795 sb->s_stack_depth++; 796 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { 797 pr_err("overlayfs: maximum fs stacking depth exceeded\n"); 798 goto out_put_lowerpath; 799 } 800 801 if (ufs->config.upperdir) { 802 ufs->upper_mnt = clone_private_mount(&upperpath); 803 err = PTR_ERR(ufs->upper_mnt); 804 if (IS_ERR(ufs->upper_mnt)) { 805 pr_err("overlayfs: failed to clone upperpath\n"); 806 goto out_put_lowerpath; 807 } 808 /* Don't inherit atime flags */ 809 ufs->upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); 810 811 sb->s_time_gran = ufs->upper_mnt->mnt_sb->s_time_gran; 812 813 ufs->workdir = ovl_workdir_create(ufs->upper_mnt, workpath.dentry); 814 err = PTR_ERR(ufs->workdir); 815 if (IS_ERR(ufs->workdir)) { 816 pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n", 817 ufs->config.workdir, OVL_WORKDIR_NAME, -err); 818 sb->s_flags |= MS_RDONLY; 819 ufs->workdir = NULL; 820 } 821 822 /* 823 * Upper should support d_type, else whiteouts are visible. 824 * Given workdir and upper are on same fs, we can do 825 * iterate_dir() on workdir. This check requires successful 826 * creation of workdir in previous step. 827 */ 828 if (ufs->workdir) { 829 err = ovl_check_d_type_supported(&workpath); 830 if (err < 0) 831 goto out_put_workdir; 832 833 /* 834 * We allowed this configuration and don't want to 835 * break users over kernel upgrade. So warn instead 836 * of erroring out. 837 */ 838 if (!err) 839 pr_warn("overlayfs: upper fs needs to support d_type.\n"); 840 } 841 } 842 843 err = -ENOMEM; 844 ufs->lower_mnt = kcalloc(numlower, sizeof(struct vfsmount *), GFP_KERNEL); 845 if (ufs->lower_mnt == NULL) 846 goto out_put_workdir; 847 for (i = 0; i < numlower; i++) { 848 struct vfsmount *mnt = clone_private_mount(&stack[i]); 849 850 err = PTR_ERR(mnt); 851 if (IS_ERR(mnt)) { 852 pr_err("overlayfs: failed to clone lowerpath\n"); 853 goto out_put_lower_mnt; 854 } 855 /* 856 * Make lower_mnt R/O. That way fchmod/fchown on lower file 857 * will fail instead of modifying lower fs. 858 */ 859 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME; 860 861 ufs->lower_mnt[ufs->numlower] = mnt; 862 ufs->numlower++; 863 } 864 865 /* If the upper fs is nonexistent, we mark overlayfs r/o too */ 866 if (!ufs->upper_mnt) 867 sb->s_flags |= MS_RDONLY; 868 869 if (remote) 870 sb->s_d_op = &ovl_reval_dentry_operations; 871 else 872 sb->s_d_op = &ovl_dentry_operations; 873 874 ufs->creator_cred = prepare_creds(); 875 if (!ufs->creator_cred) 876 goto out_put_lower_mnt; 877 878 err = -ENOMEM; 879 oe = ovl_alloc_entry(numlower); 880 if (!oe) 881 goto out_put_cred; 882 883 sb->s_magic = OVERLAYFS_SUPER_MAGIC; 884 sb->s_op = &ovl_super_operations; 885 sb->s_xattr = ovl_xattr_handlers; 886 sb->s_fs_info = ufs; 887 sb->s_flags |= MS_POSIXACL | MS_NOREMOTELOCK; 888 889 root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0)); 890 if (!root_dentry) 891 goto out_free_oe; 892 893 mntput(upperpath.mnt); 894 for (i = 0; i < numlower; i++) 895 mntput(stack[i].mnt); 896 path_put(&workpath); 897 kfree(lowertmp); 898 899 oe->__upperdentry = upperpath.dentry; 900 for (i = 0; i < numlower; i++) { 901 oe->lowerstack[i].dentry = stack[i].dentry; 902 oe->lowerstack[i].mnt = ufs->lower_mnt[i]; 903 } 904 kfree(stack); 905 906 root_dentry->d_fsdata = oe; 907 908 realinode = d_inode(ovl_dentry_real(root_dentry)); 909 ovl_inode_init(d_inode(root_dentry), realinode, !!upperpath.dentry); 910 ovl_copyattr(realinode, d_inode(root_dentry)); 911 912 sb->s_root = root_dentry; 913 914 return 0; 915 916 out_free_oe: 917 kfree(oe); 918 out_put_cred: 919 put_cred(ufs->creator_cred); 920 out_put_lower_mnt: 921 for (i = 0; i < ufs->numlower; i++) 922 mntput(ufs->lower_mnt[i]); 923 kfree(ufs->lower_mnt); 924 out_put_workdir: 925 dput(ufs->workdir); 926 mntput(ufs->upper_mnt); 927 out_put_lowerpath: 928 for (i = 0; i < numlower; i++) 929 path_put(&stack[i]); 930 kfree(stack); 931 out_free_lowertmp: 932 kfree(lowertmp); 933 out_put_workpath: 934 path_put(&workpath); 935 out_put_upperpath: 936 path_put(&upperpath); 937 out_free_config: 938 kfree(ufs->config.lowerdir); 939 kfree(ufs->config.upperdir); 940 kfree(ufs->config.workdir); 941 kfree(ufs); 942 out: 943 return err; 944 } 945 946 static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags, 947 const char *dev_name, void *raw_data) 948 { 949 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super); 950 } 951 952 static struct file_system_type ovl_fs_type = { 953 .owner = THIS_MODULE, 954 .name = "overlay", 955 .mount = ovl_mount, 956 .kill_sb = kill_anon_super, 957 }; 958 MODULE_ALIAS_FS("overlay"); 959 960 static int __init ovl_init(void) 961 { 962 return register_filesystem(&ovl_fs_type); 963 } 964 965 static void __exit ovl_exit(void) 966 { 967 unregister_filesystem(&ovl_fs_type); 968 } 969 970 module_init(ovl_init); 971 module_exit(ovl_exit); 972