1 /* 2 * 3 * Copyright (C) 2011 Novell Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10 #include <uapi/linux/magic.h> 11 #include <linux/fs.h> 12 #include <linux/namei.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/parser.h> 16 #include <linux/module.h> 17 #include <linux/statfs.h> 18 #include <linux/seq_file.h> 19 #include <linux/posix_acl_xattr.h> 20 #include "overlayfs.h" 21 #include "ovl_entry.h" 22 23 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>"); 24 MODULE_DESCRIPTION("Overlay filesystem"); 25 MODULE_LICENSE("GPL"); 26 27 28 struct ovl_dir_cache; 29 30 #define OVL_MAX_STACK 500 31 32 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 33 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 34 MODULE_PARM_DESC(ovl_redirect_dir_def, 35 "Default to on or off for the redirect_dir feature"); 36 37 static void ovl_dentry_release(struct dentry *dentry) 38 { 39 struct ovl_entry *oe = dentry->d_fsdata; 40 41 if (oe) { 42 unsigned int i; 43 44 dput(oe->__upperdentry); 45 kfree(oe->redirect); 46 for (i = 0; i < oe->numlower; i++) 47 dput(oe->lowerstack[i].dentry); 48 kfree_rcu(oe, rcu); 49 } 50 } 51 52 static int ovl_check_append_only(struct inode *inode, int flag) 53 { 54 /* 55 * This test was moot in vfs may_open() because overlay inode does 56 * not have the S_APPEND flag, so re-check on real upper inode 57 */ 58 if (IS_APPEND(inode)) { 59 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND)) 60 return -EPERM; 61 if (flag & O_TRUNC) 62 return -EPERM; 63 } 64 65 return 0; 66 } 67 68 static struct dentry *ovl_d_real(struct dentry *dentry, 69 const struct inode *inode, 70 unsigned int open_flags) 71 { 72 struct dentry *real; 73 int err; 74 75 if (!d_is_reg(dentry)) { 76 if (!inode || inode == d_inode(dentry)) 77 return dentry; 78 goto bug; 79 } 80 81 if (d_is_negative(dentry)) 82 return dentry; 83 84 if (open_flags) { 85 err = ovl_open_maybe_copy_up(dentry, open_flags); 86 if (err) 87 return ERR_PTR(err); 88 } 89 90 real = ovl_dentry_upper(dentry); 91 if (real && (!inode || inode == d_inode(real))) { 92 if (!inode) { 93 err = ovl_check_append_only(d_inode(real), open_flags); 94 if (err) 95 return ERR_PTR(err); 96 } 97 return real; 98 } 99 100 real = ovl_dentry_lower(dentry); 101 if (!real) 102 goto bug; 103 104 /* Handle recursion */ 105 real = d_real(real, inode, open_flags); 106 107 if (!inode || inode == d_inode(real)) 108 return real; 109 bug: 110 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry, 111 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0); 112 return dentry; 113 } 114 115 static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags) 116 { 117 struct ovl_entry *oe = dentry->d_fsdata; 118 unsigned int i; 119 int ret = 1; 120 121 for (i = 0; i < oe->numlower; i++) { 122 struct dentry *d = oe->lowerstack[i].dentry; 123 124 if (d->d_flags & DCACHE_OP_REVALIDATE) { 125 ret = d->d_op->d_revalidate(d, flags); 126 if (ret < 0) 127 return ret; 128 if (!ret) { 129 if (!(flags & LOOKUP_RCU)) 130 d_invalidate(d); 131 return -ESTALE; 132 } 133 } 134 } 135 return 1; 136 } 137 138 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags) 139 { 140 struct ovl_entry *oe = dentry->d_fsdata; 141 unsigned int i; 142 int ret = 1; 143 144 for (i = 0; i < oe->numlower; i++) { 145 struct dentry *d = oe->lowerstack[i].dentry; 146 147 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) { 148 ret = d->d_op->d_weak_revalidate(d, flags); 149 if (ret <= 0) 150 break; 151 } 152 } 153 return ret; 154 } 155 156 static const struct dentry_operations ovl_dentry_operations = { 157 .d_release = ovl_dentry_release, 158 .d_real = ovl_d_real, 159 }; 160 161 static const struct dentry_operations ovl_reval_dentry_operations = { 162 .d_release = ovl_dentry_release, 163 .d_real = ovl_d_real, 164 .d_revalidate = ovl_dentry_revalidate, 165 .d_weak_revalidate = ovl_dentry_weak_revalidate, 166 }; 167 168 static void ovl_put_super(struct super_block *sb) 169 { 170 struct ovl_fs *ufs = sb->s_fs_info; 171 unsigned i; 172 173 dput(ufs->workdir); 174 mntput(ufs->upper_mnt); 175 for (i = 0; i < ufs->numlower; i++) 176 mntput(ufs->lower_mnt[i]); 177 kfree(ufs->lower_mnt); 178 179 kfree(ufs->config.lowerdir); 180 kfree(ufs->config.upperdir); 181 kfree(ufs->config.workdir); 182 put_cred(ufs->creator_cred); 183 kfree(ufs); 184 } 185 186 static int ovl_sync_fs(struct super_block *sb, int wait) 187 { 188 struct ovl_fs *ufs = sb->s_fs_info; 189 struct super_block *upper_sb; 190 int ret; 191 192 if (!ufs->upper_mnt) 193 return 0; 194 upper_sb = ufs->upper_mnt->mnt_sb; 195 if (!upper_sb->s_op->sync_fs) 196 return 0; 197 198 /* real inodes have already been synced by sync_filesystem(ovl_sb) */ 199 down_read(&upper_sb->s_umount); 200 ret = upper_sb->s_op->sync_fs(upper_sb, wait); 201 up_read(&upper_sb->s_umount); 202 return ret; 203 } 204 205 /** 206 * ovl_statfs 207 * @sb: The overlayfs super block 208 * @buf: The struct kstatfs to fill in with stats 209 * 210 * Get the filesystem statistics. As writes always target the upper layer 211 * filesystem pass the statfs to the upper filesystem (if it exists) 212 */ 213 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf) 214 { 215 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 216 struct dentry *root_dentry = dentry->d_sb->s_root; 217 struct path path; 218 int err; 219 220 ovl_path_real(root_dentry, &path); 221 222 err = vfs_statfs(&path, buf); 223 if (!err) { 224 buf->f_namelen = ofs->namelen; 225 buf->f_type = OVERLAYFS_SUPER_MAGIC; 226 } 227 228 return err; 229 } 230 231 /** 232 * ovl_show_options 233 * 234 * Prints the mount options for a given superblock. 235 * Returns zero; does not fail. 236 */ 237 static int ovl_show_options(struct seq_file *m, struct dentry *dentry) 238 { 239 struct super_block *sb = dentry->d_sb; 240 struct ovl_fs *ufs = sb->s_fs_info; 241 242 seq_show_option(m, "lowerdir", ufs->config.lowerdir); 243 if (ufs->config.upperdir) { 244 seq_show_option(m, "upperdir", ufs->config.upperdir); 245 seq_show_option(m, "workdir", ufs->config.workdir); 246 } 247 if (ufs->config.default_permissions) 248 seq_puts(m, ",default_permissions"); 249 if (ufs->config.redirect_dir != ovl_redirect_dir_def) 250 seq_printf(m, ",redirect_dir=%s", 251 ufs->config.redirect_dir ? "on" : "off"); 252 return 0; 253 } 254 255 static int ovl_remount(struct super_block *sb, int *flags, char *data) 256 { 257 struct ovl_fs *ufs = sb->s_fs_info; 258 259 if (!(*flags & MS_RDONLY) && (!ufs->upper_mnt || !ufs->workdir)) 260 return -EROFS; 261 262 return 0; 263 } 264 265 static const struct super_operations ovl_super_operations = { 266 .put_super = ovl_put_super, 267 .sync_fs = ovl_sync_fs, 268 .statfs = ovl_statfs, 269 .show_options = ovl_show_options, 270 .remount_fs = ovl_remount, 271 .drop_inode = generic_delete_inode, 272 }; 273 274 enum { 275 OPT_LOWERDIR, 276 OPT_UPPERDIR, 277 OPT_WORKDIR, 278 OPT_DEFAULT_PERMISSIONS, 279 OPT_REDIRECT_DIR_ON, 280 OPT_REDIRECT_DIR_OFF, 281 OPT_ERR, 282 }; 283 284 static const match_table_t ovl_tokens = { 285 {OPT_LOWERDIR, "lowerdir=%s"}, 286 {OPT_UPPERDIR, "upperdir=%s"}, 287 {OPT_WORKDIR, "workdir=%s"}, 288 {OPT_DEFAULT_PERMISSIONS, "default_permissions"}, 289 {OPT_REDIRECT_DIR_ON, "redirect_dir=on"}, 290 {OPT_REDIRECT_DIR_OFF, "redirect_dir=off"}, 291 {OPT_ERR, NULL} 292 }; 293 294 static char *ovl_next_opt(char **s) 295 { 296 char *sbegin = *s; 297 char *p; 298 299 if (sbegin == NULL) 300 return NULL; 301 302 for (p = sbegin; *p; p++) { 303 if (*p == '\\') { 304 p++; 305 if (!*p) 306 break; 307 } else if (*p == ',') { 308 *p = '\0'; 309 *s = p + 1; 310 return sbegin; 311 } 312 } 313 *s = NULL; 314 return sbegin; 315 } 316 317 static int ovl_parse_opt(char *opt, struct ovl_config *config) 318 { 319 char *p; 320 321 while ((p = ovl_next_opt(&opt)) != NULL) { 322 int token; 323 substring_t args[MAX_OPT_ARGS]; 324 325 if (!*p) 326 continue; 327 328 token = match_token(p, ovl_tokens, args); 329 switch (token) { 330 case OPT_UPPERDIR: 331 kfree(config->upperdir); 332 config->upperdir = match_strdup(&args[0]); 333 if (!config->upperdir) 334 return -ENOMEM; 335 break; 336 337 case OPT_LOWERDIR: 338 kfree(config->lowerdir); 339 config->lowerdir = match_strdup(&args[0]); 340 if (!config->lowerdir) 341 return -ENOMEM; 342 break; 343 344 case OPT_WORKDIR: 345 kfree(config->workdir); 346 config->workdir = match_strdup(&args[0]); 347 if (!config->workdir) 348 return -ENOMEM; 349 break; 350 351 case OPT_DEFAULT_PERMISSIONS: 352 config->default_permissions = true; 353 break; 354 355 case OPT_REDIRECT_DIR_ON: 356 config->redirect_dir = true; 357 break; 358 359 case OPT_REDIRECT_DIR_OFF: 360 config->redirect_dir = false; 361 break; 362 363 default: 364 pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p); 365 return -EINVAL; 366 } 367 } 368 369 /* Workdir is useless in non-upper mount */ 370 if (!config->upperdir && config->workdir) { 371 pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 372 config->workdir); 373 kfree(config->workdir); 374 config->workdir = NULL; 375 } 376 377 return 0; 378 } 379 380 #define OVL_WORKDIR_NAME "work" 381 382 static struct dentry *ovl_workdir_create(struct vfsmount *mnt, 383 struct dentry *dentry) 384 { 385 struct inode *dir = dentry->d_inode; 386 struct dentry *work; 387 int err; 388 bool retried = false; 389 390 err = mnt_want_write(mnt); 391 if (err) 392 return ERR_PTR(err); 393 394 inode_lock_nested(dir, I_MUTEX_PARENT); 395 retry: 396 work = lookup_one_len(OVL_WORKDIR_NAME, dentry, 397 strlen(OVL_WORKDIR_NAME)); 398 399 if (!IS_ERR(work)) { 400 struct iattr attr = { 401 .ia_valid = ATTR_MODE, 402 .ia_mode = S_IFDIR | 0, 403 }; 404 405 if (work->d_inode) { 406 err = -EEXIST; 407 if (retried) 408 goto out_dput; 409 410 retried = true; 411 ovl_workdir_cleanup(dir, mnt, work, 0); 412 dput(work); 413 goto retry; 414 } 415 416 err = ovl_create_real(dir, work, 417 &(struct cattr){.mode = S_IFDIR | 0}, 418 NULL, true); 419 if (err) 420 goto out_dput; 421 422 /* 423 * Try to remove POSIX ACL xattrs from workdir. We are good if: 424 * 425 * a) success (there was a POSIX ACL xattr and was removed) 426 * b) -ENODATA (there was no POSIX ACL xattr) 427 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported) 428 * 429 * There are various other error values that could effectively 430 * mean that the xattr doesn't exist (e.g. -ERANGE is returned 431 * if the xattr name is too long), but the set of filesystems 432 * allowed as upper are limited to "normal" ones, where checking 433 * for the above two errors is sufficient. 434 */ 435 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT); 436 if (err && err != -ENODATA && err != -EOPNOTSUPP) 437 goto out_dput; 438 439 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS); 440 if (err && err != -ENODATA && err != -EOPNOTSUPP) 441 goto out_dput; 442 443 /* Clear any inherited mode bits */ 444 inode_lock(work->d_inode); 445 err = notify_change(work, &attr, NULL); 446 inode_unlock(work->d_inode); 447 if (err) 448 goto out_dput; 449 } 450 out_unlock: 451 inode_unlock(dir); 452 mnt_drop_write(mnt); 453 454 return work; 455 456 out_dput: 457 dput(work); 458 work = ERR_PTR(err); 459 goto out_unlock; 460 } 461 462 static void ovl_unescape(char *s) 463 { 464 char *d = s; 465 466 for (;; s++, d++) { 467 if (*s == '\\') 468 s++; 469 *d = *s; 470 if (!*s) 471 break; 472 } 473 } 474 475 static int ovl_mount_dir_noesc(const char *name, struct path *path) 476 { 477 int err = -EINVAL; 478 479 if (!*name) { 480 pr_err("overlayfs: empty lowerdir\n"); 481 goto out; 482 } 483 err = kern_path(name, LOOKUP_FOLLOW, path); 484 if (err) { 485 pr_err("overlayfs: failed to resolve '%s': %i\n", name, err); 486 goto out; 487 } 488 err = -EINVAL; 489 if (ovl_dentry_weird(path->dentry)) { 490 pr_err("overlayfs: filesystem on '%s' not supported\n", name); 491 goto out_put; 492 } 493 if (!d_is_dir(path->dentry)) { 494 pr_err("overlayfs: '%s' not a directory\n", name); 495 goto out_put; 496 } 497 return 0; 498 499 out_put: 500 path_put(path); 501 out: 502 return err; 503 } 504 505 static int ovl_mount_dir(const char *name, struct path *path) 506 { 507 int err = -ENOMEM; 508 char *tmp = kstrdup(name, GFP_KERNEL); 509 510 if (tmp) { 511 ovl_unescape(tmp); 512 err = ovl_mount_dir_noesc(tmp, path); 513 514 if (!err) 515 if (ovl_dentry_remote(path->dentry)) { 516 pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n", 517 tmp); 518 path_put(path); 519 err = -EINVAL; 520 } 521 kfree(tmp); 522 } 523 return err; 524 } 525 526 static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs, 527 const char *name) 528 { 529 struct kstatfs statfs; 530 int err = vfs_statfs(path, &statfs); 531 532 if (err) 533 pr_err("overlayfs: statfs failed on '%s'\n", name); 534 else 535 ofs->namelen = max(ofs->namelen, statfs.f_namelen); 536 537 return err; 538 } 539 540 static int ovl_lower_dir(const char *name, struct path *path, 541 struct ovl_fs *ofs, int *stack_depth, bool *remote) 542 { 543 int err; 544 545 err = ovl_mount_dir_noesc(name, path); 546 if (err) 547 goto out; 548 549 err = ovl_check_namelen(path, ofs, name); 550 if (err) 551 goto out_put; 552 553 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth); 554 555 if (ovl_dentry_remote(path->dentry)) 556 *remote = true; 557 558 return 0; 559 560 out_put: 561 path_put(path); 562 out: 563 return err; 564 } 565 566 /* Workdir should not be subdir of upperdir and vice versa */ 567 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir) 568 { 569 bool ok = false; 570 571 if (workdir != upperdir) { 572 ok = (lock_rename(workdir, upperdir) == NULL); 573 unlock_rename(workdir, upperdir); 574 } 575 return ok; 576 } 577 578 static unsigned int ovl_split_lowerdirs(char *str) 579 { 580 unsigned int ctr = 1; 581 char *s, *d; 582 583 for (s = d = str;; s++, d++) { 584 if (*s == '\\') { 585 s++; 586 } else if (*s == ':') { 587 *d = '\0'; 588 ctr++; 589 continue; 590 } 591 *d = *s; 592 if (!*s) 593 break; 594 } 595 return ctr; 596 } 597 598 static int __maybe_unused 599 ovl_posix_acl_xattr_get(const struct xattr_handler *handler, 600 struct dentry *dentry, struct inode *inode, 601 const char *name, void *buffer, size_t size) 602 { 603 return ovl_xattr_get(dentry, handler->name, buffer, size); 604 } 605 606 static int __maybe_unused 607 ovl_posix_acl_xattr_set(const struct xattr_handler *handler, 608 struct dentry *dentry, struct inode *inode, 609 const char *name, const void *value, 610 size_t size, int flags) 611 { 612 struct dentry *workdir = ovl_workdir(dentry); 613 struct inode *realinode = ovl_inode_real(inode, NULL); 614 struct posix_acl *acl = NULL; 615 int err; 616 617 /* Check that everything is OK before copy-up */ 618 if (value) { 619 acl = posix_acl_from_xattr(&init_user_ns, value, size); 620 if (IS_ERR(acl)) 621 return PTR_ERR(acl); 622 } 623 err = -EOPNOTSUPP; 624 if (!IS_POSIXACL(d_inode(workdir))) 625 goto out_acl_release; 626 if (!realinode->i_op->set_acl) 627 goto out_acl_release; 628 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) { 629 err = acl ? -EACCES : 0; 630 goto out_acl_release; 631 } 632 err = -EPERM; 633 if (!inode_owner_or_capable(inode)) 634 goto out_acl_release; 635 636 posix_acl_release(acl); 637 638 /* 639 * Check if sgid bit needs to be cleared (actual setacl operation will 640 * be done with mounter's capabilities and so that won't do it for us). 641 */ 642 if (unlikely(inode->i_mode & S_ISGID) && 643 handler->flags == ACL_TYPE_ACCESS && 644 !in_group_p(inode->i_gid) && 645 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) { 646 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID }; 647 648 err = ovl_setattr(dentry, &iattr); 649 if (err) 650 return err; 651 } 652 653 err = ovl_xattr_set(dentry, handler->name, value, size, flags); 654 if (!err) 655 ovl_copyattr(ovl_inode_real(inode, NULL), inode); 656 657 return err; 658 659 out_acl_release: 660 posix_acl_release(acl); 661 return err; 662 } 663 664 static int ovl_own_xattr_get(const struct xattr_handler *handler, 665 struct dentry *dentry, struct inode *inode, 666 const char *name, void *buffer, size_t size) 667 { 668 return -EOPNOTSUPP; 669 } 670 671 static int ovl_own_xattr_set(const struct xattr_handler *handler, 672 struct dentry *dentry, struct inode *inode, 673 const char *name, const void *value, 674 size_t size, int flags) 675 { 676 return -EOPNOTSUPP; 677 } 678 679 static int ovl_other_xattr_get(const struct xattr_handler *handler, 680 struct dentry *dentry, struct inode *inode, 681 const char *name, void *buffer, size_t size) 682 { 683 return ovl_xattr_get(dentry, name, buffer, size); 684 } 685 686 static int ovl_other_xattr_set(const struct xattr_handler *handler, 687 struct dentry *dentry, struct inode *inode, 688 const char *name, const void *value, 689 size_t size, int flags) 690 { 691 return ovl_xattr_set(dentry, name, value, size, flags); 692 } 693 694 static const struct xattr_handler __maybe_unused 695 ovl_posix_acl_access_xattr_handler = { 696 .name = XATTR_NAME_POSIX_ACL_ACCESS, 697 .flags = ACL_TYPE_ACCESS, 698 .get = ovl_posix_acl_xattr_get, 699 .set = ovl_posix_acl_xattr_set, 700 }; 701 702 static const struct xattr_handler __maybe_unused 703 ovl_posix_acl_default_xattr_handler = { 704 .name = XATTR_NAME_POSIX_ACL_DEFAULT, 705 .flags = ACL_TYPE_DEFAULT, 706 .get = ovl_posix_acl_xattr_get, 707 .set = ovl_posix_acl_xattr_set, 708 }; 709 710 static const struct xattr_handler ovl_own_xattr_handler = { 711 .prefix = OVL_XATTR_PREFIX, 712 .get = ovl_own_xattr_get, 713 .set = ovl_own_xattr_set, 714 }; 715 716 static const struct xattr_handler ovl_other_xattr_handler = { 717 .prefix = "", /* catch all */ 718 .get = ovl_other_xattr_get, 719 .set = ovl_other_xattr_set, 720 }; 721 722 static const struct xattr_handler *ovl_xattr_handlers[] = { 723 #ifdef CONFIG_FS_POSIX_ACL 724 &ovl_posix_acl_access_xattr_handler, 725 &ovl_posix_acl_default_xattr_handler, 726 #endif 727 &ovl_own_xattr_handler, 728 &ovl_other_xattr_handler, 729 NULL 730 }; 731 732 static int ovl_fill_super(struct super_block *sb, void *data, int silent) 733 { 734 struct path upperpath = { }; 735 struct path workpath = { }; 736 struct dentry *root_dentry; 737 struct inode *realinode; 738 struct ovl_entry *oe; 739 struct ovl_fs *ufs; 740 struct path *stack = NULL; 741 char *lowertmp; 742 char *lower; 743 unsigned int numlower; 744 unsigned int stacklen = 0; 745 unsigned int i; 746 bool remote = false; 747 struct cred *cred; 748 int err; 749 750 err = -ENOMEM; 751 ufs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 752 if (!ufs) 753 goto out; 754 755 init_waitqueue_head(&ufs->copyup_wq); 756 ufs->config.redirect_dir = ovl_redirect_dir_def; 757 err = ovl_parse_opt((char *) data, &ufs->config); 758 if (err) 759 goto out_free_config; 760 761 err = -EINVAL; 762 if (!ufs->config.lowerdir) { 763 if (!silent) 764 pr_err("overlayfs: missing 'lowerdir'\n"); 765 goto out_free_config; 766 } 767 768 sb->s_stack_depth = 0; 769 sb->s_maxbytes = MAX_LFS_FILESIZE; 770 if (ufs->config.upperdir) { 771 if (!ufs->config.workdir) { 772 pr_err("overlayfs: missing 'workdir'\n"); 773 goto out_free_config; 774 } 775 776 err = ovl_mount_dir(ufs->config.upperdir, &upperpath); 777 if (err) 778 goto out_free_config; 779 780 /* Upper fs should not be r/o */ 781 if (upperpath.mnt->mnt_sb->s_flags & MS_RDONLY) { 782 pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n"); 783 err = -EINVAL; 784 goto out_put_upperpath; 785 } 786 787 err = ovl_check_namelen(&upperpath, ufs, ufs->config.upperdir); 788 if (err) 789 goto out_put_upperpath; 790 791 err = ovl_mount_dir(ufs->config.workdir, &workpath); 792 if (err) 793 goto out_put_upperpath; 794 795 err = -EINVAL; 796 if (upperpath.mnt != workpath.mnt) { 797 pr_err("overlayfs: workdir and upperdir must reside under the same mount\n"); 798 goto out_put_workpath; 799 } 800 if (!ovl_workdir_ok(workpath.dentry, upperpath.dentry)) { 801 pr_err("overlayfs: workdir and upperdir must be separate subtrees\n"); 802 goto out_put_workpath; 803 } 804 sb->s_stack_depth = upperpath.mnt->mnt_sb->s_stack_depth; 805 } 806 err = -ENOMEM; 807 lowertmp = kstrdup(ufs->config.lowerdir, GFP_KERNEL); 808 if (!lowertmp) 809 goto out_put_workpath; 810 811 err = -EINVAL; 812 stacklen = ovl_split_lowerdirs(lowertmp); 813 if (stacklen > OVL_MAX_STACK) { 814 pr_err("overlayfs: too many lower directories, limit is %d\n", 815 OVL_MAX_STACK); 816 goto out_free_lowertmp; 817 } else if (!ufs->config.upperdir && stacklen == 1) { 818 pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n"); 819 goto out_free_lowertmp; 820 } 821 822 err = -ENOMEM; 823 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL); 824 if (!stack) 825 goto out_free_lowertmp; 826 827 err = -EINVAL; 828 lower = lowertmp; 829 for (numlower = 0; numlower < stacklen; numlower++) { 830 err = ovl_lower_dir(lower, &stack[numlower], ufs, 831 &sb->s_stack_depth, &remote); 832 if (err) 833 goto out_put_lowerpath; 834 835 lower = strchr(lower, '\0') + 1; 836 } 837 838 err = -EINVAL; 839 sb->s_stack_depth++; 840 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { 841 pr_err("overlayfs: maximum fs stacking depth exceeded\n"); 842 goto out_put_lowerpath; 843 } 844 845 if (ufs->config.upperdir) { 846 ufs->upper_mnt = clone_private_mount(&upperpath); 847 err = PTR_ERR(ufs->upper_mnt); 848 if (IS_ERR(ufs->upper_mnt)) { 849 pr_err("overlayfs: failed to clone upperpath\n"); 850 goto out_put_lowerpath; 851 } 852 /* Don't inherit atime flags */ 853 ufs->upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); 854 855 sb->s_time_gran = ufs->upper_mnt->mnt_sb->s_time_gran; 856 857 ufs->workdir = ovl_workdir_create(ufs->upper_mnt, workpath.dentry); 858 err = PTR_ERR(ufs->workdir); 859 if (IS_ERR(ufs->workdir)) { 860 pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n", 861 ufs->config.workdir, OVL_WORKDIR_NAME, -err); 862 sb->s_flags |= MS_RDONLY; 863 ufs->workdir = NULL; 864 } 865 866 /* 867 * Upper should support d_type, else whiteouts are visible. 868 * Given workdir and upper are on same fs, we can do 869 * iterate_dir() on workdir. This check requires successful 870 * creation of workdir in previous step. 871 */ 872 if (ufs->workdir) { 873 struct dentry *temp; 874 875 err = ovl_check_d_type_supported(&workpath); 876 if (err < 0) 877 goto out_put_workdir; 878 879 /* 880 * We allowed this configuration and don't want to 881 * break users over kernel upgrade. So warn instead 882 * of erroring out. 883 */ 884 if (!err) 885 pr_warn("overlayfs: upper fs needs to support d_type.\n"); 886 887 /* Check if upper/work fs supports O_TMPFILE */ 888 temp = ovl_do_tmpfile(ufs->workdir, S_IFREG | 0); 889 ufs->tmpfile = !IS_ERR(temp); 890 if (ufs->tmpfile) 891 dput(temp); 892 else 893 pr_warn("overlayfs: upper fs does not support tmpfile.\n"); 894 } 895 } 896 897 err = -ENOMEM; 898 ufs->lower_mnt = kcalloc(numlower, sizeof(struct vfsmount *), GFP_KERNEL); 899 if (ufs->lower_mnt == NULL) 900 goto out_put_workdir; 901 for (i = 0; i < numlower; i++) { 902 struct vfsmount *mnt = clone_private_mount(&stack[i]); 903 904 err = PTR_ERR(mnt); 905 if (IS_ERR(mnt)) { 906 pr_err("overlayfs: failed to clone lowerpath\n"); 907 goto out_put_lower_mnt; 908 } 909 /* 910 * Make lower_mnt R/O. That way fchmod/fchown on lower file 911 * will fail instead of modifying lower fs. 912 */ 913 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME; 914 915 ufs->lower_mnt[ufs->numlower] = mnt; 916 ufs->numlower++; 917 918 /* Check if all lower layers are on same sb */ 919 if (i == 0) 920 ufs->same_sb = mnt->mnt_sb; 921 else if (ufs->same_sb != mnt->mnt_sb) 922 ufs->same_sb = NULL; 923 } 924 925 /* If the upper fs is nonexistent, we mark overlayfs r/o too */ 926 if (!ufs->upper_mnt) 927 sb->s_flags |= MS_RDONLY; 928 else if (ufs->upper_mnt->mnt_sb != ufs->same_sb) 929 ufs->same_sb = NULL; 930 931 if (remote) 932 sb->s_d_op = &ovl_reval_dentry_operations; 933 else 934 sb->s_d_op = &ovl_dentry_operations; 935 936 ufs->creator_cred = cred = prepare_creds(); 937 if (!cred) 938 goto out_put_lower_mnt; 939 940 /* Never override disk quota limits or use reserved space */ 941 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE); 942 943 err = -ENOMEM; 944 oe = ovl_alloc_entry(numlower); 945 if (!oe) 946 goto out_put_cred; 947 948 sb->s_magic = OVERLAYFS_SUPER_MAGIC; 949 sb->s_op = &ovl_super_operations; 950 sb->s_xattr = ovl_xattr_handlers; 951 sb->s_fs_info = ufs; 952 sb->s_flags |= MS_POSIXACL | MS_NOREMOTELOCK; 953 954 root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0)); 955 if (!root_dentry) 956 goto out_free_oe; 957 958 mntput(upperpath.mnt); 959 for (i = 0; i < numlower; i++) 960 mntput(stack[i].mnt); 961 path_put(&workpath); 962 kfree(lowertmp); 963 964 oe->__upperdentry = upperpath.dentry; 965 for (i = 0; i < numlower; i++) { 966 oe->lowerstack[i].dentry = stack[i].dentry; 967 oe->lowerstack[i].mnt = ufs->lower_mnt[i]; 968 } 969 kfree(stack); 970 971 root_dentry->d_fsdata = oe; 972 973 realinode = d_inode(ovl_dentry_real(root_dentry)); 974 ovl_inode_init(d_inode(root_dentry), realinode, !!upperpath.dentry); 975 ovl_copyattr(realinode, d_inode(root_dentry)); 976 977 sb->s_root = root_dentry; 978 979 return 0; 980 981 out_free_oe: 982 kfree(oe); 983 out_put_cred: 984 put_cred(ufs->creator_cred); 985 out_put_lower_mnt: 986 for (i = 0; i < ufs->numlower; i++) 987 mntput(ufs->lower_mnt[i]); 988 kfree(ufs->lower_mnt); 989 out_put_workdir: 990 dput(ufs->workdir); 991 mntput(ufs->upper_mnt); 992 out_put_lowerpath: 993 for (i = 0; i < numlower; i++) 994 path_put(&stack[i]); 995 kfree(stack); 996 out_free_lowertmp: 997 kfree(lowertmp); 998 out_put_workpath: 999 path_put(&workpath); 1000 out_put_upperpath: 1001 path_put(&upperpath); 1002 out_free_config: 1003 kfree(ufs->config.lowerdir); 1004 kfree(ufs->config.upperdir); 1005 kfree(ufs->config.workdir); 1006 kfree(ufs); 1007 out: 1008 return err; 1009 } 1010 1011 static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags, 1012 const char *dev_name, void *raw_data) 1013 { 1014 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super); 1015 } 1016 1017 static struct file_system_type ovl_fs_type = { 1018 .owner = THIS_MODULE, 1019 .name = "overlay", 1020 .mount = ovl_mount, 1021 .kill_sb = kill_anon_super, 1022 }; 1023 MODULE_ALIAS_FS("overlay"); 1024 1025 static int __init ovl_init(void) 1026 { 1027 return register_filesystem(&ovl_fs_type); 1028 } 1029 1030 static void __exit ovl_exit(void) 1031 { 1032 unregister_filesystem(&ovl_fs_type); 1033 } 1034 1035 module_init(ovl_init); 1036 module_exit(ovl_exit); 1037