1 // SPDX-License-Identifier: GPL-2.0-only 2 3 #include <linux/fs.h> 4 #include <linux/module.h> 5 #include <linux/namei.h> 6 #include <linux/fs_context.h> 7 #include <linux/fs_parser.h> 8 #include <linux/posix_acl_xattr.h> 9 #include <linux/seq_file.h> 10 #include <linux/xattr.h> 11 #include "overlayfs.h" 12 #include "params.h" 13 14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16 MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19 static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21 module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23 MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28 MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32 module_param_named(index, ovl_index_def, bool, 0644); 33 MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38 MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43 MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46 enum ovl_opt { 47 Opt_lowerdir, 48 Opt_lowerdir_add, 49 Opt_datadir_add, 50 Opt_upperdir, 51 Opt_workdir, 52 Opt_default_permissions, 53 Opt_redirect_dir, 54 Opt_index, 55 Opt_uuid, 56 Opt_nfs_export, 57 Opt_userxattr, 58 Opt_xino, 59 Opt_metacopy, 60 Opt_verity, 61 Opt_volatile, 62 Opt_override_creds, 63 }; 64 65 static const struct constant_table ovl_parameter_bool[] = { 66 { "on", true }, 67 { "off", false }, 68 {} 69 }; 70 71 static const struct constant_table ovl_parameter_uuid[] = { 72 { "off", OVL_UUID_OFF }, 73 { "null", OVL_UUID_NULL }, 74 { "auto", OVL_UUID_AUTO }, 75 { "on", OVL_UUID_ON }, 76 {} 77 }; 78 ovl_uuid_mode(struct ovl_config * config)79 static const char *ovl_uuid_mode(struct ovl_config *config) 80 { 81 return ovl_parameter_uuid[config->uuid].name; 82 } 83 ovl_uuid_def(void)84 static int ovl_uuid_def(void) 85 { 86 return OVL_UUID_AUTO; 87 } 88 89 static const struct constant_table ovl_parameter_xino[] = { 90 { "off", OVL_XINO_OFF }, 91 { "auto", OVL_XINO_AUTO }, 92 { "on", OVL_XINO_ON }, 93 {} 94 }; 95 ovl_xino_mode(struct ovl_config * config)96 const char *ovl_xino_mode(struct ovl_config *config) 97 { 98 return ovl_parameter_xino[config->xino].name; 99 } 100 ovl_xino_def(void)101 static int ovl_xino_def(void) 102 { 103 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 104 } 105 106 const struct constant_table ovl_parameter_redirect_dir[] = { 107 { "off", OVL_REDIRECT_OFF }, 108 { "follow", OVL_REDIRECT_FOLLOW }, 109 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 110 { "on", OVL_REDIRECT_ON }, 111 {} 112 }; 113 ovl_redirect_mode(struct ovl_config * config)114 static const char *ovl_redirect_mode(struct ovl_config *config) 115 { 116 return ovl_parameter_redirect_dir[config->redirect_mode].name; 117 } 118 ovl_redirect_mode_def(void)119 static int ovl_redirect_mode_def(void) 120 { 121 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 122 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 123 OVL_REDIRECT_NOFOLLOW; 124 } 125 126 static const struct constant_table ovl_parameter_verity[] = { 127 { "off", OVL_VERITY_OFF }, 128 { "on", OVL_VERITY_ON }, 129 { "require", OVL_VERITY_REQUIRE }, 130 {} 131 }; 132 ovl_verity_mode(struct ovl_config * config)133 static const char *ovl_verity_mode(struct ovl_config *config) 134 { 135 return ovl_parameter_verity[config->verity_mode].name; 136 } 137 ovl_verity_mode_def(void)138 static int ovl_verity_mode_def(void) 139 { 140 return OVL_VERITY_OFF; 141 } 142 143 const struct fs_parameter_spec ovl_parameter_spec[] = { 144 fsparam_string_empty("lowerdir", Opt_lowerdir), 145 fsparam_file_or_string("lowerdir+", Opt_lowerdir_add), 146 fsparam_file_or_string("datadir+", Opt_datadir_add), 147 fsparam_file_or_string("upperdir", Opt_upperdir), 148 fsparam_file_or_string("workdir", Opt_workdir), 149 fsparam_flag("default_permissions", Opt_default_permissions), 150 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 151 fsparam_enum("index", Opt_index, ovl_parameter_bool), 152 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 153 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 154 fsparam_flag("userxattr", Opt_userxattr), 155 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 156 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 157 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 158 fsparam_flag("volatile", Opt_volatile), 159 fsparam_flag_no("override_creds", Opt_override_creds), 160 {} 161 }; 162 ovl_next_opt(char ** s)163 static char *ovl_next_opt(char **s) 164 { 165 char *sbegin = *s; 166 char *p; 167 168 if (sbegin == NULL) 169 return NULL; 170 171 for (p = sbegin; *p; p++) { 172 if (*p == '\\') { 173 p++; 174 if (!*p) 175 break; 176 } else if (*p == ',') { 177 *p = '\0'; 178 *s = p + 1; 179 return sbegin; 180 } 181 } 182 *s = NULL; 183 return sbegin; 184 } 185 ovl_parse_monolithic(struct fs_context * fc,void * data)186 static int ovl_parse_monolithic(struct fs_context *fc, void *data) 187 { 188 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 189 } 190 ovl_parse_param_split_lowerdirs(char * str)191 static ssize_t ovl_parse_param_split_lowerdirs(char *str) 192 { 193 ssize_t nr_layers = 1, nr_colons = 0; 194 char *s, *d; 195 196 for (s = d = str;; s++, d++) { 197 if (*s == '\\') { 198 /* keep esc chars in split lowerdir */ 199 *d++ = *s++; 200 } else if (*s == ':') { 201 bool next_colon = (*(s + 1) == ':'); 202 203 nr_colons++; 204 if (nr_colons == 2 && next_colon) { 205 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 206 return -EINVAL; 207 } 208 /* count layers, not colons */ 209 if (!next_colon) 210 nr_layers++; 211 212 *d = '\0'; 213 continue; 214 } 215 216 *d = *s; 217 if (!*s) { 218 /* trailing colons */ 219 if (nr_colons) { 220 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 221 return -EINVAL; 222 } 223 break; 224 } 225 nr_colons = 0; 226 } 227 228 return nr_layers; 229 } 230 ovl_mount_dir_noesc(const char * name,struct path * path)231 static int ovl_mount_dir_noesc(const char *name, struct path *path) 232 { 233 int err = -EINVAL; 234 235 if (!*name) { 236 pr_err("empty lowerdir\n"); 237 goto out; 238 } 239 err = kern_path(name, LOOKUP_FOLLOW, path); 240 if (err) { 241 pr_err("failed to resolve '%s': %i\n", name, err); 242 goto out; 243 } 244 return 0; 245 246 out: 247 return err; 248 } 249 ovl_unescape(char * s)250 static void ovl_unescape(char *s) 251 { 252 char *d = s; 253 254 for (;; s++, d++) { 255 if (*s == '\\') 256 s++; 257 *d = *s; 258 if (!*s) 259 break; 260 } 261 } 262 ovl_mount_dir(const char * name,struct path * path)263 static int ovl_mount_dir(const char *name, struct path *path) 264 { 265 int err = -ENOMEM; 266 char *tmp = kstrdup(name, GFP_KERNEL); 267 268 if (tmp) { 269 ovl_unescape(tmp); 270 err = ovl_mount_dir_noesc(tmp, path); 271 kfree(tmp); 272 } 273 return err; 274 } 275 ovl_mount_dir_check(struct fs_context * fc,const struct path * path,enum ovl_opt layer,const char * name,bool upper)276 static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path, 277 enum ovl_opt layer, const char *name, bool upper) 278 { 279 struct ovl_fs_context *ctx = fc->fs_private; 280 281 if (!d_is_dir(path->dentry)) 282 return invalfc(fc, "%s is not a directory", name); 283 284 /* 285 * Allow filesystems that are case-folding capable but deny composing 286 * ovl stack from case-folded directories. 287 */ 288 if (ovl_dentry_casefolded(path->dentry)) 289 return invalfc(fc, "case-insensitive directory on %s not supported", name); 290 291 if (ovl_dentry_weird(path->dentry)) 292 return invalfc(fc, "filesystem on %s not supported", name); 293 294 /* 295 * Check whether upper path is read-only here to report failures 296 * early. Don't forget to recheck when the superblock is created 297 * as the mount attributes could change. 298 */ 299 if (upper) { 300 if (path->dentry->d_flags & DCACHE_OP_REAL) 301 return invalfc(fc, "filesystem on %s not supported as upperdir", name); 302 if (__mnt_is_readonly(path->mnt)) 303 return invalfc(fc, "filesystem on %s is read-only", name); 304 } else { 305 if (ctx->lowerdir_all && layer != Opt_lowerdir) 306 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir"); 307 if (ctx->nr_data && layer == Opt_lowerdir_add) 308 return invalfc(fc, "regular lower layers cannot follow data layers"); 309 if (ctx->nr == OVL_MAX_STACK) 310 return invalfc(fc, "too many lower directories, limit is %d", 311 OVL_MAX_STACK); 312 } 313 return 0; 314 } 315 ovl_ctx_realloc_lower(struct fs_context * fc)316 static int ovl_ctx_realloc_lower(struct fs_context *fc) 317 { 318 struct ovl_fs_context *ctx = fc->fs_private; 319 struct ovl_fs_context_layer *l; 320 size_t nr; 321 322 if (ctx->nr < ctx->capacity) 323 return 0; 324 325 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2), 326 OVL_MAX_STACK); 327 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT); 328 if (!l) 329 return -ENOMEM; 330 331 ctx->lower = l; 332 ctx->capacity = nr; 333 return 0; 334 } 335 ovl_add_layer(struct fs_context * fc,enum ovl_opt layer,struct path * path,char ** pname)336 static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer, 337 struct path *path, char **pname) 338 { 339 struct ovl_fs *ofs = fc->s_fs_info; 340 struct ovl_config *config = &ofs->config; 341 struct ovl_fs_context *ctx = fc->fs_private; 342 struct ovl_fs_context_layer *l; 343 344 switch (layer) { 345 case Opt_workdir: 346 swap(config->workdir, *pname); 347 swap(ctx->work, *path); 348 break; 349 case Opt_upperdir: 350 swap(config->upperdir, *pname); 351 swap(ctx->upper, *path); 352 break; 353 case Opt_datadir_add: 354 ctx->nr_data++; 355 fallthrough; 356 case Opt_lowerdir: 357 fallthrough; 358 case Opt_lowerdir_add: 359 WARN_ON(ctx->nr >= ctx->capacity); 360 l = &ctx->lower[ctx->nr++]; 361 memset(l, 0, sizeof(*l)); 362 swap(l->name, *pname); 363 swap(l->path, *path); 364 break; 365 default: 366 WARN_ON(1); 367 } 368 } 369 is_upper_layer(enum ovl_opt layer)370 static inline bool is_upper_layer(enum ovl_opt layer) 371 { 372 return layer == Opt_upperdir || layer == Opt_workdir; 373 } 374 375 /* Handle non-file descriptor-based layer options that require path lookup. */ ovl_kern_path(const char * layer_name,struct path * layer_path,enum ovl_opt layer)376 static inline int ovl_kern_path(const char *layer_name, struct path *layer_path, 377 enum ovl_opt layer) 378 { 379 int err; 380 381 switch (layer) { 382 case Opt_upperdir: 383 fallthrough; 384 case Opt_workdir: 385 fallthrough; 386 case Opt_lowerdir: 387 err = ovl_mount_dir(layer_name, layer_path); 388 break; 389 case Opt_lowerdir_add: 390 fallthrough; 391 case Opt_datadir_add: 392 err = ovl_mount_dir_noesc(layer_name, layer_path); 393 break; 394 default: 395 WARN_ON_ONCE(true); 396 err = -EINVAL; 397 } 398 399 return err; 400 } 401 ovl_do_parse_layer(struct fs_context * fc,const char * layer_name,struct path * layer_path,enum ovl_opt layer)402 static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name, 403 struct path *layer_path, enum ovl_opt layer) 404 { 405 char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL); 406 bool upper; 407 int err = 0; 408 409 if (!name) 410 return -ENOMEM; 411 412 upper = is_upper_layer(layer); 413 err = ovl_mount_dir_check(fc, layer_path, layer, name, upper); 414 if (err) 415 return err; 416 417 if (!upper) { 418 err = ovl_ctx_realloc_lower(fc); 419 if (err) 420 return err; 421 } 422 423 /* Store the user provided path string in ctx to show in mountinfo */ 424 ovl_add_layer(fc, layer, layer_path, &name); 425 return err; 426 } 427 ovl_parse_layer(struct fs_context * fc,struct fs_parameter * param,enum ovl_opt layer)428 static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param, 429 enum ovl_opt layer) 430 { 431 struct path layer_path __free(path_put) = {}; 432 int err = 0; 433 434 switch (param->type) { 435 case fs_value_is_string: 436 err = ovl_kern_path(param->string, &layer_path, layer); 437 if (err) 438 return err; 439 err = ovl_do_parse_layer(fc, param->string, &layer_path, layer); 440 break; 441 case fs_value_is_file: { 442 char *buf __free(kfree); 443 char *layer_name; 444 445 buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT); 446 if (!buf) 447 return -ENOMEM; 448 449 layer_path = param->file->f_path; 450 path_get(&layer_path); 451 452 layer_name = d_path(&layer_path, buf, PATH_MAX); 453 if (IS_ERR(layer_name)) 454 return PTR_ERR(layer_name); 455 456 err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer); 457 break; 458 } 459 default: 460 WARN_ON_ONCE(true); 461 err = -EINVAL; 462 } 463 464 return err; 465 } 466 ovl_reset_lowerdirs(struct ovl_fs_context * ctx)467 static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx) 468 { 469 struct ovl_fs_context_layer *l = ctx->lower; 470 471 // Reset old user provided lowerdir string 472 kfree(ctx->lowerdir_all); 473 ctx->lowerdir_all = NULL; 474 475 for (size_t nr = 0; nr < ctx->nr; nr++, l++) { 476 path_put(&l->path); 477 kfree(l->name); 478 l->name = NULL; 479 } 480 ctx->nr = 0; 481 ctx->nr_data = 0; 482 } 483 484 /* 485 * Parse lowerdir= mount option: 486 * 487 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 488 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 489 * "/data1" and "/data2" as data lower layers. Any existing lower 490 * layers are replaced. 491 */ ovl_parse_param_lowerdir(const char * name,struct fs_context * fc)492 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 493 { 494 int err; 495 struct ovl_fs_context *ctx = fc->fs_private; 496 char *dup = NULL, *iter; 497 ssize_t nr_lower, nr; 498 bool data_layer = false; 499 500 /* 501 * Ensure we're backwards compatible with mount(2) 502 * by allowing relative paths. 503 */ 504 505 /* drop all existing lower layers */ 506 ovl_reset_lowerdirs(ctx); 507 508 if (!*name) 509 return 0; 510 511 if (*name == ':') { 512 pr_err("cannot append lower layer\n"); 513 return -EINVAL; 514 } 515 516 // Store user provided lowerdir string to show in mount options 517 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL); 518 if (!ctx->lowerdir_all) 519 return -ENOMEM; 520 521 dup = kstrdup(name, GFP_KERNEL); 522 if (!dup) 523 return -ENOMEM; 524 525 err = -EINVAL; 526 nr_lower = ovl_parse_param_split_lowerdirs(dup); 527 if (nr_lower < 0) 528 goto out_err; 529 530 if (nr_lower > OVL_MAX_STACK) { 531 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 532 goto out_err; 533 } 534 535 iter = dup; 536 for (nr = 0; nr < nr_lower; nr++) { 537 struct path path __free(path_put) = {}; 538 539 err = ovl_kern_path(iter, &path, Opt_lowerdir); 540 if (err) 541 goto out_err; 542 543 err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir); 544 if (err) 545 goto out_err; 546 547 if (data_layer) 548 ctx->nr_data++; 549 550 /* Calling strchr() again would overrun. */ 551 if (ctx->nr == nr_lower) 552 break; 553 554 err = -EINVAL; 555 iter = strchr(iter, '\0') + 1; 556 if (*iter) { 557 /* 558 * This is a regular layer so we require that 559 * there are no data layers. 560 */ 561 if (ctx->nr_data > 0) { 562 pr_err("regular lower layers cannot follow data lower layers\n"); 563 goto out_err; 564 } 565 566 data_layer = false; 567 continue; 568 } 569 570 /* This is a data lower layer. */ 571 data_layer = true; 572 iter++; 573 } 574 kfree(dup); 575 return 0; 576 577 out_err: 578 kfree(dup); 579 580 /* Intentionally don't realloc to a smaller size. */ 581 return err; 582 } 583 ovl_parse_param(struct fs_context * fc,struct fs_parameter * param)584 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 585 { 586 int err = 0; 587 struct fs_parse_result result; 588 struct ovl_fs *ofs = fc->s_fs_info; 589 struct ovl_config *config = &ofs->config; 590 struct ovl_fs_context *ctx = fc->fs_private; 591 int opt; 592 593 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 594 /* 595 * On remount overlayfs has always ignored all mount 596 * options no matter if malformed or not so for 597 * backwards compatibility we do the same here. 598 */ 599 if (fc->oldapi) 600 return 0; 601 602 /* 603 * Give us the freedom to allow changing mount options 604 * with the new mount api in the future. So instead of 605 * silently ignoring everything we report a proper 606 * error. This is only visible for users of the new 607 * mount api. 608 */ 609 return invalfc(fc, "No changes allowed in reconfigure"); 610 } 611 612 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 613 if (opt < 0) 614 return opt; 615 616 switch (opt) { 617 case Opt_lowerdir: 618 err = ovl_parse_param_lowerdir(param->string, fc); 619 break; 620 case Opt_lowerdir_add: 621 case Opt_datadir_add: 622 case Opt_upperdir: 623 case Opt_workdir: 624 err = ovl_parse_layer(fc, param, opt); 625 break; 626 case Opt_default_permissions: 627 config->default_permissions = true; 628 break; 629 case Opt_redirect_dir: 630 config->redirect_mode = result.uint_32; 631 if (config->redirect_mode == OVL_REDIRECT_OFF) { 632 config->redirect_mode = ovl_redirect_always_follow ? 633 OVL_REDIRECT_FOLLOW : 634 OVL_REDIRECT_NOFOLLOW; 635 } 636 ctx->set.redirect = true; 637 break; 638 case Opt_index: 639 config->index = result.uint_32; 640 ctx->set.index = true; 641 break; 642 case Opt_uuid: 643 config->uuid = result.uint_32; 644 break; 645 case Opt_nfs_export: 646 config->nfs_export = result.uint_32; 647 ctx->set.nfs_export = true; 648 break; 649 case Opt_xino: 650 config->xino = result.uint_32; 651 break; 652 case Opt_metacopy: 653 config->metacopy = result.uint_32; 654 ctx->set.metacopy = true; 655 break; 656 case Opt_verity: 657 config->verity_mode = result.uint_32; 658 break; 659 case Opt_volatile: 660 config->ovl_volatile = true; 661 break; 662 case Opt_userxattr: 663 config->userxattr = true; 664 break; 665 case Opt_override_creds: { 666 const struct cred *cred = NULL; 667 668 if (result.negated) { 669 swap(cred, ofs->creator_cred); 670 put_cred(cred); 671 break; 672 } 673 674 if (!current_in_userns(fc->user_ns)) { 675 err = -EINVAL; 676 break; 677 } 678 679 cred = prepare_creds(); 680 if (cred) 681 swap(cred, ofs->creator_cred); 682 else 683 err = -ENOMEM; 684 685 put_cred(cred); 686 break; 687 } 688 default: 689 pr_err("unrecognized mount option \"%s\" or missing value\n", 690 param->key); 691 return -EINVAL; 692 } 693 694 return err; 695 } 696 ovl_get_tree(struct fs_context * fc)697 static int ovl_get_tree(struct fs_context *fc) 698 { 699 return get_tree_nodev(fc, ovl_fill_super); 700 } 701 ovl_fs_context_free(struct ovl_fs_context * ctx)702 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 703 { 704 ovl_reset_lowerdirs(ctx); 705 path_put(&ctx->upper); 706 path_put(&ctx->work); 707 kfree(ctx->lower); 708 kfree(ctx); 709 } 710 ovl_free(struct fs_context * fc)711 static void ovl_free(struct fs_context *fc) 712 { 713 struct ovl_fs *ofs = fc->s_fs_info; 714 struct ovl_fs_context *ctx = fc->fs_private; 715 716 /* 717 * ofs is stored in the fs_context when it is initialized. 718 * ofs is transferred to the superblock on a successful mount, 719 * but if an error occurs before the transfer we have to free 720 * it here. 721 */ 722 if (ofs) 723 ovl_free_fs(ofs); 724 725 if (ctx) 726 ovl_fs_context_free(ctx); 727 } 728 ovl_reconfigure(struct fs_context * fc)729 static int ovl_reconfigure(struct fs_context *fc) 730 { 731 struct super_block *sb = fc->root->d_sb; 732 struct ovl_fs *ofs = OVL_FS(sb); 733 struct super_block *upper_sb; 734 int ret = 0; 735 736 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 737 return -EROFS; 738 739 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 740 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 741 if (ovl_should_sync(ofs)) { 742 down_read(&upper_sb->s_umount); 743 ret = sync_filesystem(upper_sb); 744 up_read(&upper_sb->s_umount); 745 } 746 } 747 748 return ret; 749 } 750 751 static const struct fs_context_operations ovl_context_ops = { 752 .parse_monolithic = ovl_parse_monolithic, 753 .parse_param = ovl_parse_param, 754 .get_tree = ovl_get_tree, 755 .reconfigure = ovl_reconfigure, 756 .free = ovl_free, 757 }; 758 759 /* 760 * This is called during fsopen() and will record the user namespace of 761 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 762 * need it when we actually create the superblock to verify that the 763 * process creating the superblock is in the same user namespace as 764 * process that called fsopen(). 765 */ ovl_init_fs_context(struct fs_context * fc)766 int ovl_init_fs_context(struct fs_context *fc) 767 { 768 struct ovl_fs_context *ctx; 769 struct ovl_fs *ofs; 770 771 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 772 if (!ctx) 773 return -ENOMEM; 774 775 /* 776 * By default we allocate for three lower layers. It's likely 777 * that it'll cover most users. 778 */ 779 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 780 if (!ctx->lower) 781 goto out_err; 782 ctx->capacity = 3; 783 784 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 785 if (!ofs) 786 goto out_err; 787 788 ofs->config.redirect_mode = ovl_redirect_mode_def(); 789 ofs->config.index = ovl_index_def; 790 ofs->config.uuid = ovl_uuid_def(); 791 ofs->config.nfs_export = ovl_nfs_export_def; 792 ofs->config.xino = ovl_xino_def(); 793 ofs->config.metacopy = ovl_metacopy_def; 794 795 fc->s_fs_info = ofs; 796 fc->fs_private = ctx; 797 fc->ops = &ovl_context_ops; 798 799 mutex_init(&ofs->whiteout_lock); 800 return 0; 801 802 out_err: 803 ovl_fs_context_free(ctx); 804 return -ENOMEM; 805 806 } 807 ovl_free_fs(struct ovl_fs * ofs)808 void ovl_free_fs(struct ovl_fs *ofs) 809 { 810 struct vfsmount **mounts; 811 unsigned i; 812 813 iput(ofs->workbasedir_trap); 814 iput(ofs->workdir_trap); 815 dput(ofs->whiteout); 816 dput(ofs->workdir); 817 if (ofs->workdir_locked) 818 ovl_inuse_unlock(ofs->workbasedir); 819 dput(ofs->workbasedir); 820 if (ofs->upperdir_locked) 821 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 822 823 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 824 mounts = (struct vfsmount **) ofs->config.lowerdirs; 825 for (i = 0; i < ofs->numlayer; i++) { 826 iput(ofs->layers[i].trap); 827 kfree(ofs->config.lowerdirs[i]); 828 mounts[i] = ofs->layers[i].mnt; 829 } 830 kern_unmount_array(mounts, ofs->numlayer); 831 kfree(ofs->layers); 832 for (i = 0; i < ofs->numfs; i++) 833 free_anon_bdev(ofs->fs[i].pseudo_dev); 834 kfree(ofs->fs); 835 836 kfree(ofs->config.lowerdirs); 837 kfree(ofs->config.upperdir); 838 kfree(ofs->config.workdir); 839 if (ofs->creator_cred) 840 put_cred(ofs->creator_cred); 841 kfree(ofs); 842 } 843 ovl_fs_params_verify(const struct ovl_fs_context * ctx,struct ovl_config * config)844 int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 845 struct ovl_config *config) 846 { 847 struct ovl_opt_set set = ctx->set; 848 849 /* Workdir/index are useless in non-upper mount */ 850 if (!config->upperdir) { 851 if (config->workdir) { 852 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 853 config->workdir); 854 kfree(config->workdir); 855 config->workdir = NULL; 856 } 857 if (config->index && set.index) { 858 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 859 set.index = false; 860 } 861 config->index = false; 862 } 863 864 if (!config->upperdir && config->ovl_volatile) { 865 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 866 config->ovl_volatile = false; 867 } 868 869 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 870 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 871 config->uuid = OVL_UUID_NULL; 872 } 873 874 /* 875 * This is to make the logic below simpler. It doesn't make any other 876 * difference, since redirect_dir=on is only used for upper. 877 */ 878 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 879 config->redirect_mode = OVL_REDIRECT_ON; 880 881 /* metacopy -> redirect_dir dependency */ 882 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 883 if (set.metacopy && set.redirect) { 884 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 885 ovl_redirect_mode(config)); 886 return -EINVAL; 887 } 888 if (set.redirect) { 889 /* 890 * There was an explicit redirect_dir=... that resulted 891 * in this conflict. 892 */ 893 pr_info("disabling metacopy due to redirect_dir=%s\n", 894 ovl_redirect_mode(config)); 895 config->metacopy = false; 896 } else { 897 /* Automatically enable redirect otherwise. */ 898 config->redirect_mode = OVL_REDIRECT_ON; 899 } 900 } 901 902 /* Resolve nfs_export -> index dependency */ 903 if (config->nfs_export && !config->index) { 904 if (!config->upperdir && 905 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 906 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 907 config->nfs_export = false; 908 } else if (set.nfs_export && set.index) { 909 pr_err("conflicting options: nfs_export=on,index=off\n"); 910 return -EINVAL; 911 } else if (set.index) { 912 /* 913 * There was an explicit index=off that resulted 914 * in this conflict. 915 */ 916 pr_info("disabling nfs_export due to index=off\n"); 917 config->nfs_export = false; 918 } else { 919 /* Automatically enable index otherwise. */ 920 config->index = true; 921 } 922 } 923 924 /* Resolve nfs_export -> !metacopy && !verity dependency */ 925 if (config->nfs_export && config->metacopy) { 926 if (set.nfs_export && set.metacopy) { 927 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 928 return -EINVAL; 929 } 930 if (set.metacopy) { 931 /* 932 * There was an explicit metacopy=on that resulted 933 * in this conflict. 934 */ 935 pr_info("disabling nfs_export due to metacopy=on\n"); 936 config->nfs_export = false; 937 } else if (config->verity_mode) { 938 /* 939 * There was an explicit verity=.. that resulted 940 * in this conflict. 941 */ 942 pr_info("disabling nfs_export due to verity=%s\n", 943 ovl_verity_mode(config)); 944 config->nfs_export = false; 945 } else { 946 /* 947 * There was an explicit nfs_export=on that resulted 948 * in this conflict. 949 */ 950 pr_info("disabling metacopy due to nfs_export=on\n"); 951 config->metacopy = false; 952 } 953 } 954 955 956 /* Resolve userxattr -> !redirect && !metacopy dependency */ 957 if (config->userxattr) { 958 if (set.redirect && 959 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 960 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 961 ovl_redirect_mode(config)); 962 return -EINVAL; 963 } 964 if (config->metacopy && set.metacopy) { 965 pr_err("conflicting options: userxattr,metacopy=on\n"); 966 return -EINVAL; 967 } 968 /* 969 * Silently disable default setting of redirect and metacopy. 970 * This shall be the default in the future as well: these 971 * options must be explicitly enabled if used together with 972 * userxattr. 973 */ 974 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 975 config->metacopy = false; 976 } 977 978 /* 979 * Fail if we don't have trusted xattr capability and a feature was 980 * explicitly requested that requires them. 981 */ 982 if (!config->userxattr && !capable(CAP_SYS_ADMIN)) { 983 if (set.redirect && 984 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 985 pr_err("redirect_dir requires permission to access trusted xattrs\n"); 986 return -EPERM; 987 } 988 if (config->metacopy && set.metacopy) { 989 pr_err("metacopy requires permission to access trusted xattrs\n"); 990 return -EPERM; 991 } 992 if (config->verity_mode) { 993 pr_err("verity requires permission to access trusted xattrs\n"); 994 return -EPERM; 995 } 996 if (ctx->nr_data > 0) { 997 pr_err("lower data-only dirs require permission to access trusted xattrs\n"); 998 return -EPERM; 999 } 1000 /* 1001 * Other xattr-dependent features should be disabled without 1002 * great disturbance to the user in ovl_make_workdir(). 1003 */ 1004 } 1005 1006 return 0; 1007 } 1008 1009 /** 1010 * ovl_show_options 1011 * @m: the seq_file handle 1012 * @dentry: The dentry to query 1013 * 1014 * Prints the mount options for a given superblock. 1015 * Returns zero; does not fail. 1016 */ ovl_show_options(struct seq_file * m,struct dentry * dentry)1017 int ovl_show_options(struct seq_file *m, struct dentry *dentry) 1018 { 1019 struct super_block *sb = dentry->d_sb; 1020 struct ovl_fs *ofs = OVL_FS(sb); 1021 size_t nr, nr_merged_lower, nr_lower = 0; 1022 char **lowerdirs = ofs->config.lowerdirs; 1023 1024 /* 1025 * lowerdirs[0] holds the colon separated list that user provided 1026 * with lowerdir mount option. 1027 * lowerdirs[1..numlayer] hold the lowerdir paths that were added 1028 * using the lowerdir+ and datadir+ mount options. 1029 * For now, we do not allow mixing the legacy lowerdir mount option 1030 * with the new lowerdir+ and datadir+ mount options. 1031 */ 1032 if (lowerdirs[0]) { 1033 seq_show_option(m, "lowerdir", lowerdirs[0]); 1034 } else { 1035 nr_lower = ofs->numlayer; 1036 nr_merged_lower = nr_lower - ofs->numdatalayer; 1037 } 1038 for (nr = 1; nr < nr_lower; nr++) { 1039 if (nr < nr_merged_lower) 1040 seq_show_option(m, "lowerdir+", lowerdirs[nr]); 1041 else 1042 seq_show_option(m, "datadir+", lowerdirs[nr]); 1043 } 1044 if (ofs->config.upperdir) { 1045 seq_show_option(m, "upperdir", ofs->config.upperdir); 1046 seq_show_option(m, "workdir", ofs->config.workdir); 1047 } 1048 if (ofs->config.default_permissions) 1049 seq_puts(m, ",default_permissions"); 1050 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 1051 seq_printf(m, ",redirect_dir=%s", 1052 ovl_redirect_mode(&ofs->config)); 1053 if (ofs->config.index != ovl_index_def) 1054 seq_printf(m, ",index=%s", str_on_off(ofs->config.index)); 1055 if (ofs->config.uuid != ovl_uuid_def()) 1056 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 1057 if (ofs->config.nfs_export != ovl_nfs_export_def) 1058 seq_printf(m, ",nfs_export=%s", 1059 str_on_off(ofs->config.nfs_export)); 1060 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1061 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1062 if (ofs->config.metacopy != ovl_metacopy_def) 1063 seq_printf(m, ",metacopy=%s", str_on_off(ofs->config.metacopy)); 1064 if (ofs->config.ovl_volatile) 1065 seq_puts(m, ",volatile"); 1066 if (ofs->config.userxattr) 1067 seq_puts(m, ",userxattr"); 1068 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1069 seq_printf(m, ",verity=%s", 1070 ovl_verity_mode(&ofs->config)); 1071 return 0; 1072 } 1073