fs_context.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* Provide a way to create a superblock configuration context within the kernel
  3. * that allows a superblock to be set up prior to mounting.
  4. *
  5. * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
  6. * Written by David Howells (dhowells@redhat.com)
  7. */
  8. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  9. #include <linux/module.h>
  10. #include <linux/fs_context.h>
  11. #include <linux/fs_parser.h>
  12. #include <linux/fs.h>
  13. #include <linux/mount.h>
  14. #include <linux/nsproxy.h>
  15. #include <linux/slab.h>
  16. #include <linux/magic.h>
  17. #include <linux/security.h>
  18. #include <linux/mnt_namespace.h>
  19. #include <linux/pid_namespace.h>
  20. #include <linux/user_namespace.h>
  21. #include <net/net_namespace.h>
  22. #include <asm/sections.h>
  23. #include "mount.h"
  24. #include "internal.h"
  25. static const struct constant_table common_set_sb_flag[] = {
  26. { "dirsync", SB_DIRSYNC },
  27. { "lazytime", SB_LAZYTIME },
  28. { "mand", SB_MANDLOCK },
  29. { "ro", SB_RDONLY },
  30. { "sync", SB_SYNCHRONOUS },
  31. { },
  32. };
  33. static const struct constant_table common_clear_sb_flag[] = {
  34. { "async", SB_SYNCHRONOUS },
  35. { "nolazytime", SB_LAZYTIME },
  36. { "nomand", SB_MANDLOCK },
  37. { "rw", SB_RDONLY },
  38. { },
  39. };
  40. /*
  41. * Check for a common mount option that manipulates s_flags.
  42. */
  43. static int vfs_parse_sb_flag(struct fs_context *fc, const char *key)
  44. {
  45. unsigned int token;
  46. token = lookup_constant(common_set_sb_flag, key, 0);
  47. if (token) {
  48. fc->sb_flags |= token;
  49. fc->sb_flags_mask |= token;
  50. return 0;
  51. }
  52. token = lookup_constant(common_clear_sb_flag, key, 0);
  53. if (token) {
  54. fc->sb_flags &= ~token;
  55. fc->sb_flags_mask |= token;
  56. return 0;
  57. }
  58. return -ENOPARAM;
  59. }
  60. /**
  61. * vfs_parse_fs_param_source - Handle setting "source" via parameter
  62. * @fc: The filesystem context to modify
  63. * @param: The parameter
  64. *
  65. * This is a simple helper for filesystems to verify that the "source" they
  66. * accept is sane.
  67. *
  68. * Returns 0 on success, -ENOPARAM if this is not "source" parameter, and
  69. * -EINVAL otherwise. In the event of failure, supplementary error information
  70. * is logged.
  71. */
  72. int vfs_parse_fs_param_source(struct fs_context *fc, struct fs_parameter *param)
  73. {
  74. if (strcmp(param->key, "source") != 0)
  75. return -ENOPARAM;
  76. if (param->type != fs_value_is_string)
  77. return invalf(fc, "Non-string source");
  78. if (fc->source)
  79. return invalf(fc, "Multiple sources");
  80. fc->source = param->string;
  81. param->string = NULL;
  82. return 0;
  83. }
  84. EXPORT_SYMBOL(vfs_parse_fs_param_source);
  85. /**
  86. * vfs_parse_fs_param - Add a single parameter to a superblock config
  87. * @fc: The filesystem context to modify
  88. * @param: The parameter
  89. *
  90. * A single mount option in string form is applied to the filesystem context
  91. * being set up. Certain standard options (for example "ro") are translated
  92. * into flag bits without going to the filesystem. The active security module
  93. * is allowed to observe and poach options. Any other options are passed over
  94. * to the filesystem to parse.
  95. *
  96. * This may be called multiple times for a context.
  97. *
  98. * Returns 0 on success and a negative error code on failure. In the event of
  99. * failure, supplementary error information may have been set.
  100. */
  101. int vfs_parse_fs_param(struct fs_context *fc, struct fs_parameter *param)
  102. {
  103. int ret;
  104. if (!param->key)
  105. return invalf(fc, "Unnamed parameter\n");
  106. ret = vfs_parse_sb_flag(fc, param->key);
  107. if (ret != -ENOPARAM)
  108. return ret;
  109. ret = security_fs_context_parse_param(fc, param);
  110. if (ret != -ENOPARAM)
  111. /* Param belongs to the LSM or is disallowed by the LSM; so
  112. * don't pass to the FS.
  113. */
  114. return ret;
  115. if (fc->ops->parse_param) {
  116. ret = fc->ops->parse_param(fc, param);
  117. if (ret != -ENOPARAM)
  118. return ret;
  119. }
  120. /* If the filesystem doesn't take any arguments, give it the
  121. * default handling of source.
  122. */
  123. ret = vfs_parse_fs_param_source(fc, param);
  124. if (ret != -ENOPARAM)
  125. return ret;
  126. return invalf(fc, "%s: Unknown parameter '%s'",
  127. fc->fs_type->name, param->key);
  128. }
  129. EXPORT_SYMBOL(vfs_parse_fs_param);
  130. /**
  131. * vfs_parse_fs_qstr - Convenience function to just parse a string.
  132. * @fc: Filesystem context.
  133. * @key: Parameter name.
  134. * @value: Default value.
  135. */
  136. int vfs_parse_fs_qstr(struct fs_context *fc, const char *key,
  137. const struct qstr *value)
  138. {
  139. int ret;
  140. struct fs_parameter param = {
  141. .key = key,
  142. .type = fs_value_is_flag,
  143. .size = value ? value->len : 0,
  144. };
  145. if (value) {
  146. param.string = kmemdup_nul(value->name, value->len, GFP_KERNEL);
  147. if (!param.string)
  148. return -ENOMEM;
  149. param.type = fs_value_is_string;
  150. }
  151. ret = vfs_parse_fs_param(fc, &param);
  152. kfree(param.string);
  153. return ret;
  154. }
  155. EXPORT_SYMBOL(vfs_parse_fs_qstr);
  156. /**
  157. * vfs_parse_monolithic_sep - Parse key[=val][,key[=val]]* mount data
  158. * @fc: The superblock configuration to fill in.
  159. * @data: The data to parse
  160. * @sep: callback for separating next option
  161. *
  162. * Parse a blob of data that's in key[=val][,key[=val]]* form with a custom
  163. * option separator callback.
  164. *
  165. * Returns 0 on success or the error returned by the ->parse_option() fs_context
  166. * operation on failure.
  167. */
  168. int vfs_parse_monolithic_sep(struct fs_context *fc, void *data,
  169. char *(*sep)(char **))
  170. {
  171. char *options = data, *key;
  172. int ret = 0;
  173. if (!options)
  174. return 0;
  175. ret = security_sb_eat_lsm_opts(options, &fc->security);
  176. if (ret)
  177. return ret;
  178. while ((key = sep(&options)) != NULL) {
  179. if (*key) {
  180. char *value = strchr(key, '=');
  181. if (value) {
  182. if (unlikely(value == key))
  183. continue;
  184. *value++ = 0;
  185. }
  186. ret = vfs_parse_fs_string(fc, key, value);
  187. if (ret < 0)
  188. break;
  189. }
  190. }
  191. return ret;
  192. }
  193. EXPORT_SYMBOL(vfs_parse_monolithic_sep);
  194. static char *vfs_parse_comma_sep(char **s)
  195. {
  196. return strsep(s, ",");
  197. }
  198. /**
  199. * generic_parse_monolithic - Parse key[=val][,key[=val]]* mount data
  200. * @fc: The superblock configuration to fill in.
  201. * @data: The data to parse
  202. *
  203. * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be
  204. * called from the ->monolithic_mount_data() fs_context operation.
  205. *
  206. * Returns 0 on success or the error returned by the ->parse_option() fs_context
  207. * operation on failure.
  208. */
  209. int generic_parse_monolithic(struct fs_context *fc, void *data)
  210. {
  211. return vfs_parse_monolithic_sep(fc, data, vfs_parse_comma_sep);
  212. }
  213. EXPORT_SYMBOL(generic_parse_monolithic);
  214. /**
  215. * alloc_fs_context - Create a filesystem context.
  216. * @fs_type: The filesystem type.
  217. * @reference: The dentry from which this one derives (or NULL)
  218. * @sb_flags: Filesystem/superblock flags (SB_*)
  219. * @sb_flags_mask: Applicable members of @sb_flags
  220. * @purpose: The purpose that this configuration shall be used for.
  221. *
  222. * Open a filesystem and create a mount context. The mount context is
  223. * initialised with the supplied flags and, if a submount/automount from
  224. * another superblock (referred to by @reference) is supplied, may have
  225. * parameters such as namespaces copied across from that superblock.
  226. */
  227. static struct fs_context *alloc_fs_context(struct file_system_type *fs_type,
  228. struct dentry *reference,
  229. unsigned int sb_flags,
  230. unsigned int sb_flags_mask,
  231. enum fs_context_purpose purpose)
  232. {
  233. struct fs_context *fc;
  234. int ret = -ENOMEM;
  235. fc = kzalloc_obj(struct fs_context, GFP_KERNEL_ACCOUNT);
  236. if (!fc)
  237. return ERR_PTR(-ENOMEM);
  238. fc->purpose = purpose;
  239. fc->sb_flags = sb_flags;
  240. fc->sb_flags_mask = sb_flags_mask;
  241. fc->fs_type = get_filesystem(fs_type);
  242. fc->cred = get_current_cred();
  243. fc->net_ns = get_net(current->nsproxy->net_ns);
  244. fc->log.prefix = fs_type->name;
  245. mutex_init(&fc->uapi_mutex);
  246. switch (purpose) {
  247. case FS_CONTEXT_FOR_MOUNT:
  248. fc->user_ns = get_user_ns(fc->cred->user_ns);
  249. break;
  250. case FS_CONTEXT_FOR_SUBMOUNT:
  251. fc->user_ns = get_user_ns(reference->d_sb->s_user_ns);
  252. break;
  253. case FS_CONTEXT_FOR_RECONFIGURE:
  254. atomic_inc(&reference->d_sb->s_active);
  255. fc->user_ns = get_user_ns(reference->d_sb->s_user_ns);
  256. fc->root = dget(reference);
  257. break;
  258. }
  259. ret = fc->fs_type->init_fs_context(fc);
  260. if (ret < 0)
  261. goto err_fc;
  262. fc->need_free = true;
  263. return fc;
  264. err_fc:
  265. put_fs_context(fc);
  266. return ERR_PTR(ret);
  267. }
  268. struct fs_context *fs_context_for_mount(struct file_system_type *fs_type,
  269. unsigned int sb_flags)
  270. {
  271. return alloc_fs_context(fs_type, NULL, sb_flags, 0,
  272. FS_CONTEXT_FOR_MOUNT);
  273. }
  274. EXPORT_SYMBOL(fs_context_for_mount);
  275. struct fs_context *fs_context_for_reconfigure(struct dentry *dentry,
  276. unsigned int sb_flags,
  277. unsigned int sb_flags_mask)
  278. {
  279. return alloc_fs_context(dentry->d_sb->s_type, dentry, sb_flags,
  280. sb_flags_mask, FS_CONTEXT_FOR_RECONFIGURE);
  281. }
  282. EXPORT_SYMBOL(fs_context_for_reconfigure);
  283. /**
  284. * fs_context_for_submount: allocate a new fs_context for a submount
  285. * @type: file_system_type of the new context
  286. * @reference: reference dentry from which to copy relevant info
  287. *
  288. * Allocate a new fs_context suitable for a submount. This also ensures that
  289. * the fc->security object is inherited from @reference (if needed).
  290. */
  291. struct fs_context *fs_context_for_submount(struct file_system_type *type,
  292. struct dentry *reference)
  293. {
  294. struct fs_context *fc;
  295. int ret;
  296. fc = alloc_fs_context(type, reference, 0, 0, FS_CONTEXT_FOR_SUBMOUNT);
  297. if (IS_ERR(fc))
  298. return fc;
  299. ret = security_fs_context_submount(fc, reference->d_sb);
  300. if (ret) {
  301. put_fs_context(fc);
  302. return ERR_PTR(ret);
  303. }
  304. return fc;
  305. }
  306. EXPORT_SYMBOL(fs_context_for_submount);
  307. void fc_drop_locked(struct fs_context *fc)
  308. {
  309. struct super_block *sb = fc->root->d_sb;
  310. dput(fc->root);
  311. fc->root = NULL;
  312. deactivate_locked_super(sb);
  313. }
  314. /**
  315. * vfs_dup_fs_context - Duplicate a filesystem context.
  316. * @src_fc: The context to copy.
  317. */
  318. struct fs_context *vfs_dup_fs_context(struct fs_context *src_fc)
  319. {
  320. struct fs_context *fc;
  321. int ret;
  322. if (!src_fc->ops->dup)
  323. return ERR_PTR(-EOPNOTSUPP);
  324. fc = kmemdup(src_fc, sizeof(struct fs_context), GFP_KERNEL);
  325. if (!fc)
  326. return ERR_PTR(-ENOMEM);
  327. mutex_init(&fc->uapi_mutex);
  328. fc->fs_private = NULL;
  329. fc->s_fs_info = NULL;
  330. fc->source = NULL;
  331. fc->security = NULL;
  332. get_filesystem(fc->fs_type);
  333. get_net(fc->net_ns);
  334. get_user_ns(fc->user_ns);
  335. get_cred(fc->cred);
  336. if (fc->log.log)
  337. refcount_inc(&fc->log.log->usage);
  338. /* Can't call put until we've called ->dup */
  339. ret = fc->ops->dup(fc, src_fc);
  340. if (ret < 0)
  341. goto err_fc;
  342. ret = security_fs_context_dup(fc, src_fc);
  343. if (ret < 0)
  344. goto err_fc;
  345. return fc;
  346. err_fc:
  347. put_fs_context(fc);
  348. return ERR_PTR(ret);
  349. }
  350. EXPORT_SYMBOL(vfs_dup_fs_context);
  351. /**
  352. * logfc - Log a message to a filesystem context
  353. * @log: The filesystem context to log to, or NULL to use printk.
  354. * @prefix: A string to prefix the output with, or NULL.
  355. * @level: 'w' for a warning, 'e' for an error. Anything else is a notice.
  356. * @fmt: The format of the buffer.
  357. */
  358. void logfc(struct fc_log *log, const char *prefix, char level, const char *fmt, ...)
  359. {
  360. va_list va;
  361. struct va_format vaf = {.fmt = fmt, .va = &va};
  362. va_start(va, fmt);
  363. if (!log) {
  364. switch (level) {
  365. case 'w':
  366. printk(KERN_WARNING "%s%s%pV\n", prefix ? prefix : "",
  367. prefix ? ": " : "", &vaf);
  368. break;
  369. case 'e':
  370. printk(KERN_ERR "%s%s%pV\n", prefix ? prefix : "",
  371. prefix ? ": " : "", &vaf);
  372. break;
  373. case 'i':
  374. printk(KERN_INFO "%s%s%pV\n", prefix ? prefix : "",
  375. prefix ? ": " : "", &vaf);
  376. break;
  377. default:
  378. printk(KERN_NOTICE "%s%s%pV\n", prefix ? prefix : "",
  379. prefix ? ": " : "", &vaf);
  380. break;
  381. }
  382. } else {
  383. unsigned int logsize = ARRAY_SIZE(log->buffer);
  384. u8 index;
  385. char *q = kasprintf(GFP_KERNEL, "%c %s%s%pV\n", level,
  386. prefix ? prefix : "",
  387. prefix ? ": " : "", &vaf);
  388. index = log->head & (logsize - 1);
  389. BUILD_BUG_ON(sizeof(log->head) != sizeof(u8) ||
  390. sizeof(log->tail) != sizeof(u8));
  391. if ((u8)(log->head - log->tail) == logsize) {
  392. /* The buffer is full, discard the oldest message */
  393. if (log->need_free & (1 << index))
  394. kfree(log->buffer[index]);
  395. log->tail++;
  396. }
  397. log->buffer[index] = q ? q : "OOM: Can't store error string";
  398. if (q)
  399. log->need_free |= 1 << index;
  400. else
  401. log->need_free &= ~(1 << index);
  402. log->head++;
  403. }
  404. va_end(va);
  405. }
  406. EXPORT_SYMBOL(logfc);
  407. /*
  408. * Free a logging structure.
  409. */
  410. static void put_fc_log(struct fs_context *fc)
  411. {
  412. struct fc_log *log = fc->log.log;
  413. int i;
  414. if (log) {
  415. if (refcount_dec_and_test(&log->usage)) {
  416. fc->log.log = NULL;
  417. for (i = 0; i < ARRAY_SIZE(log->buffer) ; i++)
  418. if (log->need_free & (1 << i))
  419. kfree(log->buffer[i]);
  420. kfree(log);
  421. }
  422. }
  423. }
  424. /**
  425. * put_fs_context - Dispose of a superblock configuration context.
  426. * @fc: The context to dispose of.
  427. */
  428. void put_fs_context(struct fs_context *fc)
  429. {
  430. struct super_block *sb;
  431. if (fc->root) {
  432. sb = fc->root->d_sb;
  433. dput(fc->root);
  434. fc->root = NULL;
  435. deactivate_super(sb);
  436. }
  437. if (fc->need_free && fc->ops && fc->ops->free)
  438. fc->ops->free(fc);
  439. security_free_mnt_opts(&fc->security);
  440. put_net(fc->net_ns);
  441. put_user_ns(fc->user_ns);
  442. put_cred(fc->cred);
  443. put_fc_log(fc);
  444. put_filesystem(fc->fs_type);
  445. kfree(fc->source);
  446. kfree(fc);
  447. }
  448. EXPORT_SYMBOL(put_fs_context);
  449. int parse_monolithic_mount_data(struct fs_context *fc, void *data)
  450. {
  451. int (*monolithic_mount_data)(struct fs_context *, void *);
  452. monolithic_mount_data = fc->ops->parse_monolithic;
  453. if (!monolithic_mount_data)
  454. monolithic_mount_data = generic_parse_monolithic;
  455. return monolithic_mount_data(fc, data);
  456. }
  457. /*
  458. * Clean up a context after performing an action on it and put it into a state
  459. * from where it can be used to reconfigure a superblock.
  460. *
  461. * Note that here we do only the parts that can't fail; the rest is in
  462. * finish_clean_context() below and in between those fs_context is marked
  463. * FS_CONTEXT_AWAITING_RECONF. The reason for splitup is that after
  464. * successful mount or remount we need to report success to userland.
  465. * Trying to do full reinit (for the sake of possible subsequent remount)
  466. * and failing to allocate memory would've put us into a nasty situation.
  467. * So here we only discard the old state and reinitialization is left
  468. * until we actually try to reconfigure.
  469. */
  470. void vfs_clean_context(struct fs_context *fc)
  471. {
  472. if (fc->need_free && fc->ops && fc->ops->free)
  473. fc->ops->free(fc);
  474. fc->need_free = false;
  475. fc->fs_private = NULL;
  476. fc->s_fs_info = NULL;
  477. fc->sb_flags = 0;
  478. security_free_mnt_opts(&fc->security);
  479. kfree(fc->source);
  480. fc->source = NULL;
  481. fc->exclusive = false;
  482. fc->purpose = FS_CONTEXT_FOR_RECONFIGURE;
  483. fc->phase = FS_CONTEXT_AWAITING_RECONF;
  484. }
  485. int finish_clean_context(struct fs_context *fc)
  486. {
  487. int error;
  488. if (fc->phase != FS_CONTEXT_AWAITING_RECONF)
  489. return 0;
  490. error = fc->fs_type->init_fs_context(fc);
  491. if (unlikely(error)) {
  492. fc->phase = FS_CONTEXT_FAILED;
  493. return error;
  494. }
  495. fc->need_free = true;
  496. fc->phase = FS_CONTEXT_RECONF_PARAMS;
  497. return 0;
  498. }