params.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. #include <linux/fs.h>
  3. #include <linux/module.h>
  4. #include <linux/namei.h>
  5. #include <linux/fs_context.h>
  6. #include <linux/fs_parser.h>
  7. #include <linux/posix_acl_xattr.h>
  8. #include <linux/seq_file.h>
  9. #include <linux/xattr.h>
  10. #include "overlayfs.h"
  11. #include "params.h"
  12. static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
  13. module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
  14. MODULE_PARM_DESC(redirect_dir,
  15. "Default to on or off for the redirect_dir feature");
  16. static bool ovl_redirect_always_follow =
  17. IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
  18. module_param_named(redirect_always_follow, ovl_redirect_always_follow,
  19. bool, 0644);
  20. MODULE_PARM_DESC(redirect_always_follow,
  21. "Follow redirects even if redirect_dir feature is turned off");
  22. static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
  23. module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
  24. MODULE_PARM_DESC(xino_auto,
  25. "Auto enable xino feature");
  26. static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
  27. module_param_named(index, ovl_index_def, bool, 0644);
  28. MODULE_PARM_DESC(index,
  29. "Default to on or off for the inodes index feature");
  30. static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
  31. module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
  32. MODULE_PARM_DESC(nfs_export,
  33. "Default to on or off for the NFS export feature");
  34. static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
  35. module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
  36. MODULE_PARM_DESC(metacopy,
  37. "Default to on or off for the metadata only copy up feature");
  38. enum ovl_opt {
  39. Opt_lowerdir,
  40. Opt_lowerdir_add,
  41. Opt_datadir_add,
  42. Opt_upperdir,
  43. Opt_workdir,
  44. Opt_default_permissions,
  45. Opt_redirect_dir,
  46. Opt_index,
  47. Opt_uuid,
  48. Opt_nfs_export,
  49. Opt_userxattr,
  50. Opt_xino,
  51. Opt_metacopy,
  52. Opt_verity,
  53. Opt_fsync,
  54. Opt_volatile,
  55. Opt_override_creds,
  56. };
  57. static const struct constant_table ovl_parameter_bool[] = {
  58. { "on", true },
  59. { "off", false },
  60. {}
  61. };
  62. static const struct constant_table ovl_parameter_uuid[] = {
  63. { "off", OVL_UUID_OFF },
  64. { "null", OVL_UUID_NULL },
  65. { "auto", OVL_UUID_AUTO },
  66. { "on", OVL_UUID_ON },
  67. {}
  68. };
  69. static const char *ovl_uuid_mode(struct ovl_config *config)
  70. {
  71. return ovl_parameter_uuid[config->uuid].name;
  72. }
  73. static int ovl_uuid_def(void)
  74. {
  75. return OVL_UUID_AUTO;
  76. }
  77. static const struct constant_table ovl_parameter_xino[] = {
  78. { "off", OVL_XINO_OFF },
  79. { "auto", OVL_XINO_AUTO },
  80. { "on", OVL_XINO_ON },
  81. {}
  82. };
  83. const char *ovl_xino_mode(struct ovl_config *config)
  84. {
  85. return ovl_parameter_xino[config->xino].name;
  86. }
  87. static int ovl_xino_def(void)
  88. {
  89. return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
  90. }
  91. const struct constant_table ovl_parameter_redirect_dir[] = {
  92. { "off", OVL_REDIRECT_OFF },
  93. { "follow", OVL_REDIRECT_FOLLOW },
  94. { "nofollow", OVL_REDIRECT_NOFOLLOW },
  95. { "on", OVL_REDIRECT_ON },
  96. {}
  97. };
  98. static const char *ovl_redirect_mode(struct ovl_config *config)
  99. {
  100. return ovl_parameter_redirect_dir[config->redirect_mode].name;
  101. }
  102. static int ovl_redirect_mode_def(void)
  103. {
  104. return ovl_redirect_dir_def ? OVL_REDIRECT_ON :
  105. ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW :
  106. OVL_REDIRECT_NOFOLLOW;
  107. }
  108. static const struct constant_table ovl_parameter_verity[] = {
  109. { "off", OVL_VERITY_OFF },
  110. { "on", OVL_VERITY_ON },
  111. { "require", OVL_VERITY_REQUIRE },
  112. {}
  113. };
  114. static const char *ovl_verity_mode(struct ovl_config *config)
  115. {
  116. return ovl_parameter_verity[config->verity_mode].name;
  117. }
  118. static int ovl_verity_mode_def(void)
  119. {
  120. return OVL_VERITY_OFF;
  121. }
  122. static const struct constant_table ovl_parameter_fsync[] = {
  123. { "volatile", OVL_FSYNC_VOLATILE },
  124. { "auto", OVL_FSYNC_AUTO },
  125. { "strict", OVL_FSYNC_STRICT },
  126. {}
  127. };
  128. static const char *ovl_fsync_mode(struct ovl_config *config)
  129. {
  130. return ovl_parameter_fsync[config->fsync_mode].name;
  131. }
  132. static int ovl_fsync_mode_def(void)
  133. {
  134. return OVL_FSYNC_AUTO;
  135. }
  136. const struct fs_parameter_spec ovl_parameter_spec[] = {
  137. fsparam_string_empty("lowerdir", Opt_lowerdir),
  138. fsparam_file_or_string("lowerdir+", Opt_lowerdir_add),
  139. fsparam_file_or_string("datadir+", Opt_datadir_add),
  140. fsparam_file_or_string("upperdir", Opt_upperdir),
  141. fsparam_file_or_string("workdir", Opt_workdir),
  142. fsparam_flag("default_permissions", Opt_default_permissions),
  143. fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir),
  144. fsparam_enum("index", Opt_index, ovl_parameter_bool),
  145. fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid),
  146. fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool),
  147. fsparam_flag("userxattr", Opt_userxattr),
  148. fsparam_enum("xino", Opt_xino, ovl_parameter_xino),
  149. fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool),
  150. fsparam_enum("verity", Opt_verity, ovl_parameter_verity),
  151. fsparam_enum("fsync", Opt_fsync, ovl_parameter_fsync),
  152. fsparam_flag("volatile", Opt_volatile),
  153. fsparam_flag_no("override_creds", Opt_override_creds),
  154. {}
  155. };
  156. static char *ovl_next_opt(char **s)
  157. {
  158. char *sbegin = *s;
  159. char *p;
  160. if (sbegin == NULL)
  161. return NULL;
  162. for (p = sbegin; *p; p++) {
  163. if (*p == '\\') {
  164. p++;
  165. if (!*p)
  166. break;
  167. } else if (*p == ',') {
  168. *p = '\0';
  169. *s = p + 1;
  170. return sbegin;
  171. }
  172. }
  173. *s = NULL;
  174. return sbegin;
  175. }
  176. static int ovl_parse_monolithic(struct fs_context *fc, void *data)
  177. {
  178. return vfs_parse_monolithic_sep(fc, data, ovl_next_opt);
  179. }
  180. static ssize_t ovl_parse_param_split_lowerdirs(char *str)
  181. {
  182. ssize_t nr_layers = 1, nr_colons = 0;
  183. char *s, *d;
  184. for (s = d = str;; s++, d++) {
  185. if (*s == '\\') {
  186. /* keep esc chars in split lowerdir */
  187. *d++ = *s++;
  188. } else if (*s == ':') {
  189. bool next_colon = (*(s + 1) == ':');
  190. nr_colons++;
  191. if (nr_colons == 2 && next_colon) {
  192. pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n");
  193. return -EINVAL;
  194. }
  195. /* count layers, not colons */
  196. if (!next_colon)
  197. nr_layers++;
  198. *d = '\0';
  199. continue;
  200. }
  201. *d = *s;
  202. if (!*s) {
  203. /* trailing colons */
  204. if (nr_colons) {
  205. pr_err("unescaped trailing colons in lowerdir mount option.\n");
  206. return -EINVAL;
  207. }
  208. break;
  209. }
  210. nr_colons = 0;
  211. }
  212. return nr_layers;
  213. }
  214. static int ovl_mount_dir_noesc(const char *name, struct path *path)
  215. {
  216. int err = -EINVAL;
  217. if (!*name) {
  218. pr_err("empty lowerdir\n");
  219. goto out;
  220. }
  221. err = kern_path(name, LOOKUP_FOLLOW, path);
  222. if (err) {
  223. pr_err("failed to resolve '%s': %i\n", name, err);
  224. goto out;
  225. }
  226. return 0;
  227. out:
  228. return err;
  229. }
  230. static void ovl_unescape(char *s)
  231. {
  232. char *d = s;
  233. for (;; s++, d++) {
  234. if (*s == '\\')
  235. s++;
  236. *d = *s;
  237. if (!*s)
  238. break;
  239. }
  240. }
  241. static int ovl_mount_dir(const char *name, struct path *path)
  242. {
  243. int err = -ENOMEM;
  244. char *tmp = kstrdup(name, GFP_KERNEL);
  245. if (tmp) {
  246. ovl_unescape(tmp);
  247. err = ovl_mount_dir_noesc(tmp, path);
  248. kfree(tmp);
  249. }
  250. return err;
  251. }
  252. static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path,
  253. enum ovl_opt layer, const char *name, bool upper)
  254. {
  255. bool is_casefolded = ovl_dentry_casefolded(path->dentry);
  256. struct ovl_fs_context *ctx = fc->fs_private;
  257. struct ovl_fs *ofs = fc->s_fs_info;
  258. if (!d_is_dir(path->dentry))
  259. return invalfc(fc, "%s is not a directory", name);
  260. /*
  261. * Allow filesystems that are case-folding capable but deny composing
  262. * ovl stack from inconsistent case-folded directories.
  263. */
  264. if (!ctx->casefold_set) {
  265. ofs->casefold = is_casefolded;
  266. ctx->casefold_set = true;
  267. }
  268. if (ofs->casefold != is_casefolded) {
  269. return invalfc(fc, "case-%ssensitive directory on %s is inconsistent",
  270. is_casefolded ? "in" : "", name);
  271. }
  272. if (ovl_dentry_weird(path->dentry))
  273. return invalfc(fc, "filesystem on %s not supported", name);
  274. /*
  275. * Check whether upper path is read-only here to report failures
  276. * early. Don't forget to recheck when the superblock is created
  277. * as the mount attributes could change.
  278. */
  279. if (upper) {
  280. if (path->dentry->d_flags & DCACHE_OP_REAL)
  281. return invalfc(fc, "filesystem on %s not supported as upperdir", name);
  282. if (__mnt_is_readonly(path->mnt))
  283. return invalfc(fc, "filesystem on %s is read-only", name);
  284. } else {
  285. if (ctx->lowerdir_all && layer != Opt_lowerdir)
  286. return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir");
  287. if (ctx->nr_data && layer == Opt_lowerdir_add)
  288. return invalfc(fc, "regular lower layers cannot follow data layers");
  289. if (ctx->nr == OVL_MAX_STACK)
  290. return invalfc(fc, "too many lower directories, limit is %d",
  291. OVL_MAX_STACK);
  292. }
  293. return 0;
  294. }
  295. static int ovl_ctx_realloc_lower(struct fs_context *fc)
  296. {
  297. struct ovl_fs_context *ctx = fc->fs_private;
  298. struct ovl_fs_context_layer *l;
  299. size_t nr;
  300. if (ctx->nr < ctx->capacity)
  301. return 0;
  302. nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2),
  303. OVL_MAX_STACK);
  304. l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT);
  305. if (!l)
  306. return -ENOMEM;
  307. ctx->lower = l;
  308. ctx->capacity = nr;
  309. return 0;
  310. }
  311. static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer,
  312. struct path *path, char **pname)
  313. {
  314. struct ovl_fs *ofs = fc->s_fs_info;
  315. struct ovl_config *config = &ofs->config;
  316. struct ovl_fs_context *ctx = fc->fs_private;
  317. struct ovl_fs_context_layer *l;
  318. switch (layer) {
  319. case Opt_workdir:
  320. swap(config->workdir, *pname);
  321. swap(ctx->work, *path);
  322. break;
  323. case Opt_upperdir:
  324. swap(config->upperdir, *pname);
  325. swap(ctx->upper, *path);
  326. break;
  327. case Opt_datadir_add:
  328. ctx->nr_data++;
  329. fallthrough;
  330. case Opt_lowerdir:
  331. fallthrough;
  332. case Opt_lowerdir_add:
  333. WARN_ON(ctx->nr >= ctx->capacity);
  334. l = &ctx->lower[ctx->nr++];
  335. memset(l, 0, sizeof(*l));
  336. swap(l->name, *pname);
  337. swap(l->path, *path);
  338. break;
  339. default:
  340. WARN_ON(1);
  341. }
  342. }
  343. static inline bool is_upper_layer(enum ovl_opt layer)
  344. {
  345. return layer == Opt_upperdir || layer == Opt_workdir;
  346. }
  347. /* Handle non-file descriptor-based layer options that require path lookup. */
  348. static inline int ovl_kern_path(const char *layer_name, struct path *layer_path,
  349. enum ovl_opt layer)
  350. {
  351. int err;
  352. switch (layer) {
  353. case Opt_upperdir:
  354. fallthrough;
  355. case Opt_workdir:
  356. fallthrough;
  357. case Opt_lowerdir:
  358. err = ovl_mount_dir(layer_name, layer_path);
  359. break;
  360. case Opt_lowerdir_add:
  361. fallthrough;
  362. case Opt_datadir_add:
  363. err = ovl_mount_dir_noesc(layer_name, layer_path);
  364. break;
  365. default:
  366. WARN_ON_ONCE(true);
  367. err = -EINVAL;
  368. }
  369. return err;
  370. }
  371. static int ovl_do_parse_layer(struct fs_context *fc, const char *layer_name,
  372. struct path *layer_path, enum ovl_opt layer)
  373. {
  374. char *name __free(kfree) = kstrdup(layer_name, GFP_KERNEL);
  375. bool upper;
  376. int err = 0;
  377. if (!name)
  378. return -ENOMEM;
  379. upper = is_upper_layer(layer);
  380. err = ovl_mount_dir_check(fc, layer_path, layer, name, upper);
  381. if (err)
  382. return err;
  383. if (!upper) {
  384. err = ovl_ctx_realloc_lower(fc);
  385. if (err)
  386. return err;
  387. }
  388. /* Store the user provided path string in ctx to show in mountinfo */
  389. ovl_add_layer(fc, layer, layer_path, &name);
  390. return err;
  391. }
  392. static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param,
  393. enum ovl_opt layer)
  394. {
  395. struct path layer_path __free(path_put) = {};
  396. int err = 0;
  397. switch (param->type) {
  398. case fs_value_is_string:
  399. err = ovl_kern_path(param->string, &layer_path, layer);
  400. if (err)
  401. return err;
  402. err = ovl_do_parse_layer(fc, param->string, &layer_path, layer);
  403. break;
  404. case fs_value_is_file: {
  405. char *buf __free(kfree);
  406. char *layer_name;
  407. buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT);
  408. if (!buf)
  409. return -ENOMEM;
  410. layer_path = param->file->f_path;
  411. path_get(&layer_path);
  412. layer_name = d_path(&layer_path, buf, PATH_MAX);
  413. if (IS_ERR(layer_name))
  414. return PTR_ERR(layer_name);
  415. err = ovl_do_parse_layer(fc, layer_name, &layer_path, layer);
  416. break;
  417. }
  418. default:
  419. WARN_ON_ONCE(true);
  420. err = -EINVAL;
  421. }
  422. return err;
  423. }
  424. static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx)
  425. {
  426. struct ovl_fs_context_layer *l = ctx->lower;
  427. // Reset old user provided lowerdir string
  428. kfree(ctx->lowerdir_all);
  429. ctx->lowerdir_all = NULL;
  430. for (size_t nr = 0; nr < ctx->nr; nr++, l++) {
  431. path_put(&l->path);
  432. kfree(l->name);
  433. l->name = NULL;
  434. }
  435. ctx->nr = 0;
  436. ctx->nr_data = 0;
  437. }
  438. /*
  439. * Parse lowerdir= mount option:
  440. *
  441. * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2
  442. * Set "/lower1", "/lower2", and "/lower3" as lower layers and
  443. * "/data1" and "/data2" as data lower layers. Any existing lower
  444. * layers are replaced.
  445. */
  446. static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc)
  447. {
  448. int err;
  449. struct ovl_fs_context *ctx = fc->fs_private;
  450. char *dup = NULL, *iter;
  451. ssize_t nr_lower, nr;
  452. bool data_layer = false;
  453. /*
  454. * Ensure we're backwards compatible with mount(2)
  455. * by allowing relative paths.
  456. */
  457. /* drop all existing lower layers */
  458. ovl_reset_lowerdirs(ctx);
  459. if (!*name)
  460. return 0;
  461. if (*name == ':') {
  462. pr_err("cannot append lower layer\n");
  463. return -EINVAL;
  464. }
  465. // Store user provided lowerdir string to show in mount options
  466. ctx->lowerdir_all = kstrdup(name, GFP_KERNEL);
  467. if (!ctx->lowerdir_all)
  468. return -ENOMEM;
  469. dup = kstrdup(name, GFP_KERNEL);
  470. if (!dup)
  471. return -ENOMEM;
  472. err = -EINVAL;
  473. nr_lower = ovl_parse_param_split_lowerdirs(dup);
  474. if (nr_lower < 0)
  475. goto out_err;
  476. if (nr_lower > OVL_MAX_STACK) {
  477. pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK);
  478. goto out_err;
  479. }
  480. iter = dup;
  481. for (nr = 0; nr < nr_lower; nr++) {
  482. struct path path __free(path_put) = {};
  483. err = ovl_kern_path(iter, &path, Opt_lowerdir);
  484. if (err)
  485. goto out_err;
  486. err = ovl_do_parse_layer(fc, iter, &path, Opt_lowerdir);
  487. if (err)
  488. goto out_err;
  489. if (data_layer)
  490. ctx->nr_data++;
  491. /* Calling strchr() again would overrun. */
  492. if (ctx->nr == nr_lower)
  493. break;
  494. err = -EINVAL;
  495. iter = strchr(iter, '\0') + 1;
  496. if (*iter) {
  497. /*
  498. * This is a regular layer so we require that
  499. * there are no data layers.
  500. */
  501. if (ctx->nr_data > 0) {
  502. pr_err("regular lower layers cannot follow data lower layers\n");
  503. goto out_err;
  504. }
  505. data_layer = false;
  506. continue;
  507. }
  508. /* This is a data lower layer. */
  509. data_layer = true;
  510. iter++;
  511. }
  512. kfree(dup);
  513. return 0;
  514. out_err:
  515. kfree(dup);
  516. /* Intentionally don't realloc to a smaller size. */
  517. return err;
  518. }
  519. static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param)
  520. {
  521. int err = 0;
  522. struct fs_parse_result result;
  523. struct ovl_fs *ofs = fc->s_fs_info;
  524. struct ovl_config *config = &ofs->config;
  525. struct ovl_fs_context *ctx = fc->fs_private;
  526. int opt;
  527. if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) {
  528. /*
  529. * On remount overlayfs has always ignored all mount
  530. * options no matter if malformed or not so for
  531. * backwards compatibility we do the same here.
  532. */
  533. if (fc->oldapi)
  534. return 0;
  535. /*
  536. * Give us the freedom to allow changing mount options
  537. * with the new mount api in the future. So instead of
  538. * silently ignoring everything we report a proper
  539. * error. This is only visible for users of the new
  540. * mount api.
  541. */
  542. return invalfc(fc, "No changes allowed in reconfigure");
  543. }
  544. opt = fs_parse(fc, ovl_parameter_spec, param, &result);
  545. if (opt < 0)
  546. return opt;
  547. switch (opt) {
  548. case Opt_lowerdir:
  549. err = ovl_parse_param_lowerdir(param->string, fc);
  550. break;
  551. case Opt_lowerdir_add:
  552. case Opt_datadir_add:
  553. case Opt_upperdir:
  554. case Opt_workdir:
  555. err = ovl_parse_layer(fc, param, opt);
  556. break;
  557. case Opt_default_permissions:
  558. config->default_permissions = true;
  559. break;
  560. case Opt_redirect_dir:
  561. config->redirect_mode = result.uint_32;
  562. if (config->redirect_mode == OVL_REDIRECT_OFF) {
  563. config->redirect_mode = ovl_redirect_always_follow ?
  564. OVL_REDIRECT_FOLLOW :
  565. OVL_REDIRECT_NOFOLLOW;
  566. }
  567. ctx->set.redirect = true;
  568. break;
  569. case Opt_index:
  570. config->index = result.uint_32;
  571. ctx->set.index = true;
  572. break;
  573. case Opt_uuid:
  574. config->uuid = result.uint_32;
  575. break;
  576. case Opt_nfs_export:
  577. config->nfs_export = result.uint_32;
  578. ctx->set.nfs_export = true;
  579. break;
  580. case Opt_xino:
  581. config->xino = result.uint_32;
  582. break;
  583. case Opt_metacopy:
  584. config->metacopy = result.uint_32;
  585. ctx->set.metacopy = true;
  586. break;
  587. case Opt_verity:
  588. config->verity_mode = result.uint_32;
  589. break;
  590. case Opt_fsync:
  591. config->fsync_mode = result.uint_32;
  592. break;
  593. case Opt_volatile:
  594. config->fsync_mode = OVL_FSYNC_VOLATILE;
  595. break;
  596. case Opt_userxattr:
  597. config->userxattr = true;
  598. break;
  599. case Opt_override_creds: {
  600. const struct cred *cred = NULL;
  601. if (result.negated) {
  602. swap(cred, ofs->creator_cred);
  603. put_cred(cred);
  604. break;
  605. }
  606. if (!current_in_userns(fc->user_ns)) {
  607. err = -EINVAL;
  608. break;
  609. }
  610. cred = prepare_creds();
  611. if (cred)
  612. swap(cred, ofs->creator_cred);
  613. else
  614. err = -ENOMEM;
  615. put_cred(cred);
  616. break;
  617. }
  618. default:
  619. pr_err("unrecognized mount option \"%s\" or missing value\n",
  620. param->key);
  621. return -EINVAL;
  622. }
  623. return err;
  624. }
  625. static int ovl_get_tree(struct fs_context *fc)
  626. {
  627. return get_tree_nodev(fc, ovl_fill_super);
  628. }
  629. static inline void ovl_fs_context_free(struct ovl_fs_context *ctx)
  630. {
  631. ovl_reset_lowerdirs(ctx);
  632. path_put(&ctx->upper);
  633. path_put(&ctx->work);
  634. kfree(ctx->lower);
  635. kfree(ctx);
  636. }
  637. static void ovl_free(struct fs_context *fc)
  638. {
  639. struct ovl_fs *ofs = fc->s_fs_info;
  640. struct ovl_fs_context *ctx = fc->fs_private;
  641. /*
  642. * ofs is stored in the fs_context when it is initialized.
  643. * ofs is transferred to the superblock on a successful mount,
  644. * but if an error occurs before the transfer we have to free
  645. * it here.
  646. */
  647. if (ofs)
  648. ovl_free_fs(ofs);
  649. if (ctx)
  650. ovl_fs_context_free(ctx);
  651. }
  652. static int ovl_reconfigure(struct fs_context *fc)
  653. {
  654. struct super_block *sb = fc->root->d_sb;
  655. struct ovl_fs *ofs = OVL_FS(sb);
  656. struct super_block *upper_sb;
  657. int ret = 0;
  658. if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs))
  659. return -EROFS;
  660. if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) {
  661. upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
  662. if (ovl_should_sync(ofs)) {
  663. down_read(&upper_sb->s_umount);
  664. ret = sync_filesystem(upper_sb);
  665. up_read(&upper_sb->s_umount);
  666. }
  667. }
  668. return ret;
  669. }
  670. static const struct fs_context_operations ovl_context_ops = {
  671. .parse_monolithic = ovl_parse_monolithic,
  672. .parse_param = ovl_parse_param,
  673. .get_tree = ovl_get_tree,
  674. .reconfigure = ovl_reconfigure,
  675. .free = ovl_free,
  676. };
  677. /*
  678. * This is called during fsopen() and will record the user namespace of
  679. * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll
  680. * need it when we actually create the superblock to verify that the
  681. * process creating the superblock is in the same user namespace as
  682. * process that called fsopen().
  683. */
  684. int ovl_init_fs_context(struct fs_context *fc)
  685. {
  686. struct ovl_fs_context *ctx;
  687. struct ovl_fs *ofs;
  688. ctx = kzalloc_obj(*ctx, GFP_KERNEL_ACCOUNT);
  689. if (!ctx)
  690. return -ENOMEM;
  691. /*
  692. * By default we allocate for three lower layers. It's likely
  693. * that it'll cover most users.
  694. */
  695. ctx->lower = kmalloc_objs(*ctx->lower, 3, GFP_KERNEL_ACCOUNT);
  696. if (!ctx->lower)
  697. goto out_err;
  698. ctx->capacity = 3;
  699. ofs = kzalloc_obj(struct ovl_fs);
  700. if (!ofs)
  701. goto out_err;
  702. ofs->config.redirect_mode = ovl_redirect_mode_def();
  703. ofs->config.index = ovl_index_def;
  704. ofs->config.uuid = ovl_uuid_def();
  705. ofs->config.nfs_export = ovl_nfs_export_def;
  706. ofs->config.xino = ovl_xino_def();
  707. ofs->config.metacopy = ovl_metacopy_def;
  708. ofs->config.fsync_mode = ovl_fsync_mode_def();
  709. fc->s_fs_info = ofs;
  710. fc->fs_private = ctx;
  711. fc->ops = &ovl_context_ops;
  712. mutex_init(&ofs->whiteout_lock);
  713. return 0;
  714. out_err:
  715. ovl_fs_context_free(ctx);
  716. return -ENOMEM;
  717. }
  718. void ovl_free_fs(struct ovl_fs *ofs)
  719. {
  720. struct vfsmount **mounts;
  721. unsigned i;
  722. iput(ofs->workbasedir_trap);
  723. iput(ofs->workdir_trap);
  724. dput(ofs->whiteout);
  725. dput(ofs->workdir);
  726. if (ofs->workdir_locked)
  727. ovl_inuse_unlock(ofs->workbasedir);
  728. dput(ofs->workbasedir);
  729. if (ofs->upperdir_locked)
  730. ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
  731. /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */
  732. mounts = (struct vfsmount **) ofs->config.lowerdirs;
  733. for (i = 0; i < ofs->numlayer; i++) {
  734. iput(ofs->layers[i].trap);
  735. kfree(ofs->config.lowerdirs[i]);
  736. mounts[i] = ofs->layers[i].mnt;
  737. }
  738. kern_unmount_array(mounts, ofs->numlayer);
  739. kfree(ofs->layers);
  740. for (i = 0; i < ofs->numfs; i++)
  741. free_anon_bdev(ofs->fs[i].pseudo_dev);
  742. kfree(ofs->fs);
  743. kfree(ofs->config.lowerdirs);
  744. kfree(ofs->config.upperdir);
  745. kfree(ofs->config.workdir);
  746. if (ofs->creator_cred)
  747. put_cred(ofs->creator_cred);
  748. kfree(ofs);
  749. }
  750. int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
  751. struct ovl_config *config)
  752. {
  753. struct ovl_opt_set set = ctx->set;
  754. /* Workdir/index are useless in non-upper mount */
  755. if (!config->upperdir) {
  756. if (config->workdir) {
  757. pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
  758. config->workdir);
  759. kfree(config->workdir);
  760. config->workdir = NULL;
  761. }
  762. if (config->index && set.index) {
  763. pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n");
  764. set.index = false;
  765. }
  766. config->index = false;
  767. }
  768. if (!config->upperdir && ovl_is_volatile(config)) {
  769. pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n");
  770. config->fsync_mode = ovl_fsync_mode_def();
  771. }
  772. if (!config->upperdir && config->uuid == OVL_UUID_ON) {
  773. pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n");
  774. config->uuid = OVL_UUID_NULL;
  775. }
  776. /*
  777. * This is to make the logic below simpler. It doesn't make any other
  778. * difference, since redirect_dir=on is only used for upper.
  779. */
  780. if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW)
  781. config->redirect_mode = OVL_REDIRECT_ON;
  782. /* metacopy -> redirect_dir dependency */
  783. if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) {
  784. if (set.metacopy && set.redirect) {
  785. pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
  786. ovl_redirect_mode(config));
  787. return -EINVAL;
  788. }
  789. if (set.redirect) {
  790. /*
  791. * There was an explicit redirect_dir=... that resulted
  792. * in this conflict.
  793. */
  794. pr_info("disabling metacopy due to redirect_dir=%s\n",
  795. ovl_redirect_mode(config));
  796. config->metacopy = false;
  797. } else {
  798. /* Automatically enable redirect otherwise. */
  799. config->redirect_mode = OVL_REDIRECT_ON;
  800. }
  801. }
  802. /* Resolve nfs_export -> index dependency */
  803. if (config->nfs_export && !config->index) {
  804. if (!config->upperdir &&
  805. config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
  806. pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
  807. config->nfs_export = false;
  808. } else if (set.nfs_export && set.index) {
  809. pr_err("conflicting options: nfs_export=on,index=off\n");
  810. return -EINVAL;
  811. } else if (set.index) {
  812. /*
  813. * There was an explicit index=off that resulted
  814. * in this conflict.
  815. */
  816. pr_info("disabling nfs_export due to index=off\n");
  817. config->nfs_export = false;
  818. } else {
  819. /* Automatically enable index otherwise. */
  820. config->index = true;
  821. }
  822. }
  823. /* Resolve nfs_export -> !metacopy && !verity dependency */
  824. if (config->nfs_export && config->metacopy) {
  825. if (set.nfs_export && set.metacopy) {
  826. pr_err("conflicting options: nfs_export=on,metacopy=on\n");
  827. return -EINVAL;
  828. }
  829. if (set.metacopy) {
  830. /*
  831. * There was an explicit metacopy=on that resulted
  832. * in this conflict.
  833. */
  834. pr_info("disabling nfs_export due to metacopy=on\n");
  835. config->nfs_export = false;
  836. } else if (config->verity_mode) {
  837. /*
  838. * There was an explicit verity=.. that resulted
  839. * in this conflict.
  840. */
  841. pr_info("disabling nfs_export due to verity=%s\n",
  842. ovl_verity_mode(config));
  843. config->nfs_export = false;
  844. } else {
  845. /*
  846. * There was an explicit nfs_export=on that resulted
  847. * in this conflict.
  848. */
  849. pr_info("disabling metacopy due to nfs_export=on\n");
  850. config->metacopy = false;
  851. }
  852. }
  853. /* Resolve userxattr -> !redirect && !metacopy dependency */
  854. if (config->userxattr) {
  855. if (set.redirect &&
  856. config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
  857. pr_err("conflicting options: userxattr,redirect_dir=%s\n",
  858. ovl_redirect_mode(config));
  859. return -EINVAL;
  860. }
  861. if (config->metacopy && set.metacopy) {
  862. pr_err("conflicting options: userxattr,metacopy=on\n");
  863. return -EINVAL;
  864. }
  865. /*
  866. * Silently disable default setting of redirect and metacopy.
  867. * This shall be the default in the future as well: these
  868. * options must be explicitly enabled if used together with
  869. * userxattr.
  870. */
  871. config->redirect_mode = OVL_REDIRECT_NOFOLLOW;
  872. config->metacopy = false;
  873. }
  874. /*
  875. * Fail if we don't have trusted xattr capability and a feature was
  876. * explicitly requested that requires them.
  877. */
  878. if (!config->userxattr && !capable(CAP_SYS_ADMIN)) {
  879. if (set.redirect &&
  880. config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
  881. pr_err("redirect_dir requires permission to access trusted xattrs\n");
  882. return -EPERM;
  883. }
  884. if (config->metacopy && set.metacopy) {
  885. pr_err("metacopy requires permission to access trusted xattrs\n");
  886. return -EPERM;
  887. }
  888. if (config->verity_mode) {
  889. pr_err("verity requires permission to access trusted xattrs\n");
  890. return -EPERM;
  891. }
  892. if (ctx->nr_data > 0) {
  893. pr_err("lower data-only dirs require permission to access trusted xattrs\n");
  894. return -EPERM;
  895. }
  896. /*
  897. * Other xattr-dependent features should be disabled without
  898. * great disturbance to the user in ovl_make_workdir().
  899. */
  900. }
  901. return 0;
  902. }
  903. /**
  904. * ovl_show_options
  905. * @m: the seq_file handle
  906. * @dentry: The dentry to query
  907. *
  908. * Prints the mount options for a given superblock.
  909. * Returns zero; does not fail.
  910. */
  911. int ovl_show_options(struct seq_file *m, struct dentry *dentry)
  912. {
  913. struct super_block *sb = dentry->d_sb;
  914. struct ovl_fs *ofs = OVL_FS(sb);
  915. size_t nr, nr_merged_lower, nr_lower = 0;
  916. char **lowerdirs = ofs->config.lowerdirs;
  917. /*
  918. * lowerdirs[0] holds the colon separated list that user provided
  919. * with lowerdir mount option.
  920. * lowerdirs[1..numlayer] hold the lowerdir paths that were added
  921. * using the lowerdir+ and datadir+ mount options.
  922. * For now, we do not allow mixing the legacy lowerdir mount option
  923. * with the new lowerdir+ and datadir+ mount options.
  924. */
  925. if (lowerdirs[0]) {
  926. seq_show_option(m, "lowerdir", lowerdirs[0]);
  927. } else {
  928. nr_lower = ofs->numlayer;
  929. nr_merged_lower = nr_lower - ofs->numdatalayer;
  930. }
  931. for (nr = 1; nr < nr_lower; nr++) {
  932. if (nr < nr_merged_lower)
  933. seq_show_option(m, "lowerdir+", lowerdirs[nr]);
  934. else
  935. seq_show_option(m, "datadir+", lowerdirs[nr]);
  936. }
  937. if (ofs->config.upperdir) {
  938. seq_show_option(m, "upperdir", ofs->config.upperdir);
  939. seq_show_option(m, "workdir", ofs->config.workdir);
  940. }
  941. if (ofs->config.default_permissions)
  942. seq_puts(m, ",default_permissions");
  943. if (ofs->config.redirect_mode != ovl_redirect_mode_def())
  944. seq_printf(m, ",redirect_dir=%s",
  945. ovl_redirect_mode(&ofs->config));
  946. if (ofs->config.index != ovl_index_def)
  947. seq_printf(m, ",index=%s", str_on_off(ofs->config.index));
  948. if (ofs->config.uuid != ovl_uuid_def())
  949. seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config));
  950. if (ofs->config.nfs_export != ovl_nfs_export_def)
  951. seq_printf(m, ",nfs_export=%s",
  952. str_on_off(ofs->config.nfs_export));
  953. if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs))
  954. seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config));
  955. if (ofs->config.metacopy != ovl_metacopy_def)
  956. seq_printf(m, ",metacopy=%s", str_on_off(ofs->config.metacopy));
  957. if (ofs->config.fsync_mode != ovl_fsync_mode_def())
  958. seq_printf(m, ",fsync=%s", ovl_fsync_mode(&ofs->config));
  959. if (ofs->config.userxattr)
  960. seq_puts(m, ",userxattr");
  961. if (ofs->config.verity_mode != ovl_verity_mode_def())
  962. seq_printf(m, ",verity=%s",
  963. ovl_verity_mode(&ofs->config));
  964. return 0;
  965. }