]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - fs/overlayfs/super.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ovl: allocate an ovl_inode struct
[mirror_ubuntu-bionic-kernel.git] / fs / overlayfs / super.c
1 /*
2 *
3 * Copyright (C) 2011 Novell Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10 #include <uapi/linux/magic.h>
11 #include <linux/fs.h>
12 #include <linux/namei.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/parser.h>
16 #include <linux/module.h>
17 #include <linux/statfs.h>
18 #include <linux/seq_file.h>
19 #include <linux/posix_acl_xattr.h>
20 #include "overlayfs.h"
21 #include "ovl_entry.h"
22
23 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
24 MODULE_DESCRIPTION("Overlay filesystem");
25 MODULE_LICENSE("GPL");
26
27
28 struct ovl_dir_cache;
29
30 #define OVL_MAX_STACK 500
31
32 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
33 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
34 MODULE_PARM_DESC(ovl_redirect_dir_def,
35 "Default to on or off for the redirect_dir feature");
36
37 static void ovl_dentry_release(struct dentry *dentry)
38 {
39 struct ovl_entry *oe = dentry->d_fsdata;
40
41 if (oe) {
42 unsigned int i;
43
44 dput(oe->__upperdentry);
45 kfree(oe->redirect);
46 for (i = 0; i < oe->numlower; i++)
47 dput(oe->lowerstack[i].dentry);
48 kfree_rcu(oe, rcu);
49 }
50 }
51
52 static int ovl_check_append_only(struct inode *inode, int flag)
53 {
54 /*
55 * This test was moot in vfs may_open() because overlay inode does
56 * not have the S_APPEND flag, so re-check on real upper inode
57 */
58 if (IS_APPEND(inode)) {
59 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
60 return -EPERM;
61 if (flag & O_TRUNC)
62 return -EPERM;
63 }
64
65 return 0;
66 }
67
68 static struct dentry *ovl_d_real(struct dentry *dentry,
69 const struct inode *inode,
70 unsigned int open_flags)
71 {
72 struct dentry *real;
73 int err;
74
75 if (!d_is_reg(dentry)) {
76 if (!inode || inode == d_inode(dentry))
77 return dentry;
78 goto bug;
79 }
80
81 if (d_is_negative(dentry))
82 return dentry;
83
84 if (open_flags) {
85 err = ovl_open_maybe_copy_up(dentry, open_flags);
86 if (err)
87 return ERR_PTR(err);
88 }
89
90 real = ovl_dentry_upper(dentry);
91 if (real && (!inode || inode == d_inode(real))) {
92 if (!inode) {
93 err = ovl_check_append_only(d_inode(real), open_flags);
94 if (err)
95 return ERR_PTR(err);
96 }
97 return real;
98 }
99
100 real = ovl_dentry_lower(dentry);
101 if (!real)
102 goto bug;
103
104 /* Handle recursion */
105 real = d_real(real, inode, open_flags);
106
107 if (!inode || inode == d_inode(real))
108 return real;
109 bug:
110 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
111 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
112 return dentry;
113 }
114
115 static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
116 {
117 struct ovl_entry *oe = dentry->d_fsdata;
118 unsigned int i;
119 int ret = 1;
120
121 for (i = 0; i < oe->numlower; i++) {
122 struct dentry *d = oe->lowerstack[i].dentry;
123
124 if (d->d_flags & DCACHE_OP_REVALIDATE) {
125 ret = d->d_op->d_revalidate(d, flags);
126 if (ret < 0)
127 return ret;
128 if (!ret) {
129 if (!(flags & LOOKUP_RCU))
130 d_invalidate(d);
131 return -ESTALE;
132 }
133 }
134 }
135 return 1;
136 }
137
138 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
139 {
140 struct ovl_entry *oe = dentry->d_fsdata;
141 unsigned int i;
142 int ret = 1;
143
144 for (i = 0; i < oe->numlower; i++) {
145 struct dentry *d = oe->lowerstack[i].dentry;
146
147 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) {
148 ret = d->d_op->d_weak_revalidate(d, flags);
149 if (ret <= 0)
150 break;
151 }
152 }
153 return ret;
154 }
155
156 static const struct dentry_operations ovl_dentry_operations = {
157 .d_release = ovl_dentry_release,
158 .d_real = ovl_d_real,
159 };
160
161 static const struct dentry_operations ovl_reval_dentry_operations = {
162 .d_release = ovl_dentry_release,
163 .d_real = ovl_d_real,
164 .d_revalidate = ovl_dentry_revalidate,
165 .d_weak_revalidate = ovl_dentry_weak_revalidate,
166 };
167
168 static struct kmem_cache *ovl_inode_cachep;
169
170 static struct inode *ovl_alloc_inode(struct super_block *sb)
171 {
172 struct ovl_inode *oi = kmem_cache_alloc(ovl_inode_cachep, GFP_KERNEL);
173
174 return &oi->vfs_inode;
175 }
176
177 static void ovl_i_callback(struct rcu_head *head)
178 {
179 struct inode *inode = container_of(head, struct inode, i_rcu);
180
181 kmem_cache_free(ovl_inode_cachep, OVL_I(inode));
182 }
183
184 static void ovl_destroy_inode(struct inode *inode)
185 {
186 call_rcu(&inode->i_rcu, ovl_i_callback);
187 }
188
189 static void ovl_put_super(struct super_block *sb)
190 {
191 struct ovl_fs *ufs = sb->s_fs_info;
192 unsigned i;
193
194 dput(ufs->workdir);
195 mntput(ufs->upper_mnt);
196 for (i = 0; i < ufs->numlower; i++)
197 mntput(ufs->lower_mnt[i]);
198 kfree(ufs->lower_mnt);
199
200 kfree(ufs->config.lowerdir);
201 kfree(ufs->config.upperdir);
202 kfree(ufs->config.workdir);
203 put_cred(ufs->creator_cred);
204 kfree(ufs);
205 }
206
207 static int ovl_sync_fs(struct super_block *sb, int wait)
208 {
209 struct ovl_fs *ufs = sb->s_fs_info;
210 struct super_block *upper_sb;
211 int ret;
212
213 if (!ufs->upper_mnt)
214 return 0;
215 upper_sb = ufs->upper_mnt->mnt_sb;
216 if (!upper_sb->s_op->sync_fs)
217 return 0;
218
219 /* real inodes have already been synced by sync_filesystem(ovl_sb) */
220 down_read(&upper_sb->s_umount);
221 ret = upper_sb->s_op->sync_fs(upper_sb, wait);
222 up_read(&upper_sb->s_umount);
223 return ret;
224 }
225
226 /**
227 * ovl_statfs
228 * @sb: The overlayfs super block
229 * @buf: The struct kstatfs to fill in with stats
230 *
231 * Get the filesystem statistics. As writes always target the upper layer
232 * filesystem pass the statfs to the upper filesystem (if it exists)
233 */
234 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
235 {
236 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
237 struct dentry *root_dentry = dentry->d_sb->s_root;
238 struct path path;
239 int err;
240
241 ovl_path_real(root_dentry, &path);
242
243 err = vfs_statfs(&path, buf);
244 if (!err) {
245 buf->f_namelen = ofs->namelen;
246 buf->f_type = OVERLAYFS_SUPER_MAGIC;
247 }
248
249 return err;
250 }
251
252 /**
253 * ovl_show_options
254 *
255 * Prints the mount options for a given superblock.
256 * Returns zero; does not fail.
257 */
258 static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
259 {
260 struct super_block *sb = dentry->d_sb;
261 struct ovl_fs *ufs = sb->s_fs_info;
262
263 seq_show_option(m, "lowerdir", ufs->config.lowerdir);
264 if (ufs->config.upperdir) {
265 seq_show_option(m, "upperdir", ufs->config.upperdir);
266 seq_show_option(m, "workdir", ufs->config.workdir);
267 }
268 if (ufs->config.default_permissions)
269 seq_puts(m, ",default_permissions");
270 if (ufs->config.redirect_dir != ovl_redirect_dir_def)
271 seq_printf(m, ",redirect_dir=%s",
272 ufs->config.redirect_dir ? "on" : "off");
273 return 0;
274 }
275
276 static int ovl_remount(struct super_block *sb, int *flags, char *data)
277 {
278 struct ovl_fs *ufs = sb->s_fs_info;
279
280 if (!(*flags & MS_RDONLY) && (!ufs->upper_mnt || !ufs->workdir))
281 return -EROFS;
282
283 return 0;
284 }
285
286 static const struct super_operations ovl_super_operations = {
287 .alloc_inode = ovl_alloc_inode,
288 .destroy_inode = ovl_destroy_inode,
289 .drop_inode = generic_delete_inode,
290 .put_super = ovl_put_super,
291 .sync_fs = ovl_sync_fs,
292 .statfs = ovl_statfs,
293 .show_options = ovl_show_options,
294 .remount_fs = ovl_remount,
295 };
296
297 enum {
298 OPT_LOWERDIR,
299 OPT_UPPERDIR,
300 OPT_WORKDIR,
301 OPT_DEFAULT_PERMISSIONS,
302 OPT_REDIRECT_DIR_ON,
303 OPT_REDIRECT_DIR_OFF,
304 OPT_ERR,
305 };
306
307 static const match_table_t ovl_tokens = {
308 {OPT_LOWERDIR, "lowerdir=%s"},
309 {OPT_UPPERDIR, "upperdir=%s"},
310 {OPT_WORKDIR, "workdir=%s"},
311 {OPT_DEFAULT_PERMISSIONS, "default_permissions"},
312 {OPT_REDIRECT_DIR_ON, "redirect_dir=on"},
313 {OPT_REDIRECT_DIR_OFF, "redirect_dir=off"},
314 {OPT_ERR, NULL}
315 };
316
317 static char *ovl_next_opt(char **s)
318 {
319 char *sbegin = *s;
320 char *p;
321
322 if (sbegin == NULL)
323 return NULL;
324
325 for (p = sbegin; *p; p++) {
326 if (*p == '\\') {
327 p++;
328 if (!*p)
329 break;
330 } else if (*p == ',') {
331 *p = '\0';
332 *s = p + 1;
333 return sbegin;
334 }
335 }
336 *s = NULL;
337 return sbegin;
338 }
339
340 static int ovl_parse_opt(char *opt, struct ovl_config *config)
341 {
342 char *p;
343
344 while ((p = ovl_next_opt(&opt)) != NULL) {
345 int token;
346 substring_t args[MAX_OPT_ARGS];
347
348 if (!*p)
349 continue;
350
351 token = match_token(p, ovl_tokens, args);
352 switch (token) {
353 case OPT_UPPERDIR:
354 kfree(config->upperdir);
355 config->upperdir = match_strdup(&args[0]);
356 if (!config->upperdir)
357 return -ENOMEM;
358 break;
359
360 case OPT_LOWERDIR:
361 kfree(config->lowerdir);
362 config->lowerdir = match_strdup(&args[0]);
363 if (!config->lowerdir)
364 return -ENOMEM;
365 break;
366
367 case OPT_WORKDIR:
368 kfree(config->workdir);
369 config->workdir = match_strdup(&args[0]);
370 if (!config->workdir)
371 return -ENOMEM;
372 break;
373
374 case OPT_DEFAULT_PERMISSIONS:
375 config->default_permissions = true;
376 break;
377
378 case OPT_REDIRECT_DIR_ON:
379 config->redirect_dir = true;
380 break;
381
382 case OPT_REDIRECT_DIR_OFF:
383 config->redirect_dir = false;
384 break;
385
386 default:
387 pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p);
388 return -EINVAL;
389 }
390 }
391
392 /* Workdir is useless in non-upper mount */
393 if (!config->upperdir && config->workdir) {
394 pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
395 config->workdir);
396 kfree(config->workdir);
397 config->workdir = NULL;
398 }
399
400 return 0;
401 }
402
403 #define OVL_WORKDIR_NAME "work"
404
405 static struct dentry *ovl_workdir_create(struct vfsmount *mnt,
406 struct dentry *dentry)
407 {
408 struct inode *dir = dentry->d_inode;
409 struct dentry *work;
410 int err;
411 bool retried = false;
412
413 err = mnt_want_write(mnt);
414 if (err)
415 return ERR_PTR(err);
416
417 inode_lock_nested(dir, I_MUTEX_PARENT);
418 retry:
419 work = lookup_one_len(OVL_WORKDIR_NAME, dentry,
420 strlen(OVL_WORKDIR_NAME));
421
422 if (!IS_ERR(work)) {
423 struct iattr attr = {
424 .ia_valid = ATTR_MODE,
425 .ia_mode = S_IFDIR | 0,
426 };
427
428 if (work->d_inode) {
429 err = -EEXIST;
430 if (retried)
431 goto out_dput;
432
433 retried = true;
434 ovl_workdir_cleanup(dir, mnt, work, 0);
435 dput(work);
436 goto retry;
437 }
438
439 err = ovl_create_real(dir, work,
440 &(struct cattr){.mode = S_IFDIR | 0},
441 NULL, true);
442 if (err)
443 goto out_dput;
444
445 /*
446 * Try to remove POSIX ACL xattrs from workdir. We are good if:
447 *
448 * a) success (there was a POSIX ACL xattr and was removed)
449 * b) -ENODATA (there was no POSIX ACL xattr)
450 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
451 *
452 * There are various other error values that could effectively
453 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
454 * if the xattr name is too long), but the set of filesystems
455 * allowed as upper are limited to "normal" ones, where checking
456 * for the above two errors is sufficient.
457 */
458 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
459 if (err && err != -ENODATA && err != -EOPNOTSUPP)
460 goto out_dput;
461
462 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
463 if (err && err != -ENODATA && err != -EOPNOTSUPP)
464 goto out_dput;
465
466 /* Clear any inherited mode bits */
467 inode_lock(work->d_inode);
468 err = notify_change(work, &attr, NULL);
469 inode_unlock(work->d_inode);
470 if (err)
471 goto out_dput;
472 }
473 out_unlock:
474 inode_unlock(dir);
475 mnt_drop_write(mnt);
476
477 return work;
478
479 out_dput:
480 dput(work);
481 work = ERR_PTR(err);
482 goto out_unlock;
483 }
484
485 static void ovl_unescape(char *s)
486 {
487 char *d = s;
488
489 for (;; s++, d++) {
490 if (*s == '\\')
491 s++;
492 *d = *s;
493 if (!*s)
494 break;
495 }
496 }
497
498 static int ovl_mount_dir_noesc(const char *name, struct path *path)
499 {
500 int err = -EINVAL;
501
502 if (!*name) {
503 pr_err("overlayfs: empty lowerdir\n");
504 goto out;
505 }
506 err = kern_path(name, LOOKUP_FOLLOW, path);
507 if (err) {
508 pr_err("overlayfs: failed to resolve '%s': %i\n", name, err);
509 goto out;
510 }
511 err = -EINVAL;
512 if (ovl_dentry_weird(path->dentry)) {
513 pr_err("overlayfs: filesystem on '%s' not supported\n", name);
514 goto out_put;
515 }
516 if (!d_is_dir(path->dentry)) {
517 pr_err("overlayfs: '%s' not a directory\n", name);
518 goto out_put;
519 }
520 return 0;
521
522 out_put:
523 path_put(path);
524 out:
525 return err;
526 }
527
528 static int ovl_mount_dir(const char *name, struct path *path)
529 {
530 int err = -ENOMEM;
531 char *tmp = kstrdup(name, GFP_KERNEL);
532
533 if (tmp) {
534 ovl_unescape(tmp);
535 err = ovl_mount_dir_noesc(tmp, path);
536
537 if (!err)
538 if (ovl_dentry_remote(path->dentry)) {
539 pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n",
540 tmp);
541 path_put(path);
542 err = -EINVAL;
543 }
544 kfree(tmp);
545 }
546 return err;
547 }
548
549 static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
550 const char *name)
551 {
552 struct kstatfs statfs;
553 int err = vfs_statfs(path, &statfs);
554
555 if (err)
556 pr_err("overlayfs: statfs failed on '%s'\n", name);
557 else
558 ofs->namelen = max(ofs->namelen, statfs.f_namelen);
559
560 return err;
561 }
562
563 static int ovl_lower_dir(const char *name, struct path *path,
564 struct ovl_fs *ofs, int *stack_depth, bool *remote)
565 {
566 int err;
567
568 err = ovl_mount_dir_noesc(name, path);
569 if (err)
570 goto out;
571
572 err = ovl_check_namelen(path, ofs, name);
573 if (err)
574 goto out_put;
575
576 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
577
578 if (ovl_dentry_remote(path->dentry))
579 *remote = true;
580
581 return 0;
582
583 out_put:
584 path_put(path);
585 out:
586 return err;
587 }
588
589 /* Workdir should not be subdir of upperdir and vice versa */
590 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
591 {
592 bool ok = false;
593
594 if (workdir != upperdir) {
595 ok = (lock_rename(workdir, upperdir) == NULL);
596 unlock_rename(workdir, upperdir);
597 }
598 return ok;
599 }
600
601 static unsigned int ovl_split_lowerdirs(char *str)
602 {
603 unsigned int ctr = 1;
604 char *s, *d;
605
606 for (s = d = str;; s++, d++) {
607 if (*s == '\\') {
608 s++;
609 } else if (*s == ':') {
610 *d = '\0';
611 ctr++;
612 continue;
613 }
614 *d = *s;
615 if (!*s)
616 break;
617 }
618 return ctr;
619 }
620
621 static int __maybe_unused
622 ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
623 struct dentry *dentry, struct inode *inode,
624 const char *name, void *buffer, size_t size)
625 {
626 return ovl_xattr_get(dentry, handler->name, buffer, size);
627 }
628
629 static int __maybe_unused
630 ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
631 struct dentry *dentry, struct inode *inode,
632 const char *name, const void *value,
633 size_t size, int flags)
634 {
635 struct dentry *workdir = ovl_workdir(dentry);
636 struct inode *realinode = ovl_inode_real(inode, NULL);
637 struct posix_acl *acl = NULL;
638 int err;
639
640 /* Check that everything is OK before copy-up */
641 if (value) {
642 acl = posix_acl_from_xattr(&init_user_ns, value, size);
643 if (IS_ERR(acl))
644 return PTR_ERR(acl);
645 }
646 err = -EOPNOTSUPP;
647 if (!IS_POSIXACL(d_inode(workdir)))
648 goto out_acl_release;
649 if (!realinode->i_op->set_acl)
650 goto out_acl_release;
651 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
652 err = acl ? -EACCES : 0;
653 goto out_acl_release;
654 }
655 err = -EPERM;
656 if (!inode_owner_or_capable(inode))
657 goto out_acl_release;
658
659 posix_acl_release(acl);
660
661 /*
662 * Check if sgid bit needs to be cleared (actual setacl operation will
663 * be done with mounter's capabilities and so that won't do it for us).
664 */
665 if (unlikely(inode->i_mode & S_ISGID) &&
666 handler->flags == ACL_TYPE_ACCESS &&
667 !in_group_p(inode->i_gid) &&
668 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
669 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
670
671 err = ovl_setattr(dentry, &iattr);
672 if (err)
673 return err;
674 }
675
676 err = ovl_xattr_set(dentry, handler->name, value, size, flags);
677 if (!err)
678 ovl_copyattr(ovl_inode_real(inode, NULL), inode);
679
680 return err;
681
682 out_acl_release:
683 posix_acl_release(acl);
684 return err;
685 }
686
687 static int ovl_own_xattr_get(const struct xattr_handler *handler,
688 struct dentry *dentry, struct inode *inode,
689 const char *name, void *buffer, size_t size)
690 {
691 return -EOPNOTSUPP;
692 }
693
694 static int ovl_own_xattr_set(const struct xattr_handler *handler,
695 struct dentry *dentry, struct inode *inode,
696 const char *name, const void *value,
697 size_t size, int flags)
698 {
699 return -EOPNOTSUPP;
700 }
701
702 static int ovl_other_xattr_get(const struct xattr_handler *handler,
703 struct dentry *dentry, struct inode *inode,
704 const char *name, void *buffer, size_t size)
705 {
706 return ovl_xattr_get(dentry, name, buffer, size);
707 }
708
709 static int ovl_other_xattr_set(const struct xattr_handler *handler,
710 struct dentry *dentry, struct inode *inode,
711 const char *name, const void *value,
712 size_t size, int flags)
713 {
714 return ovl_xattr_set(dentry, name, value, size, flags);
715 }
716
717 static const struct xattr_handler __maybe_unused
718 ovl_posix_acl_access_xattr_handler = {
719 .name = XATTR_NAME_POSIX_ACL_ACCESS,
720 .flags = ACL_TYPE_ACCESS,
721 .get = ovl_posix_acl_xattr_get,
722 .set = ovl_posix_acl_xattr_set,
723 };
724
725 static const struct xattr_handler __maybe_unused
726 ovl_posix_acl_default_xattr_handler = {
727 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
728 .flags = ACL_TYPE_DEFAULT,
729 .get = ovl_posix_acl_xattr_get,
730 .set = ovl_posix_acl_xattr_set,
731 };
732
733 static const struct xattr_handler ovl_own_xattr_handler = {
734 .prefix = OVL_XATTR_PREFIX,
735 .get = ovl_own_xattr_get,
736 .set = ovl_own_xattr_set,
737 };
738
739 static const struct xattr_handler ovl_other_xattr_handler = {
740 .prefix = "", /* catch all */
741 .get = ovl_other_xattr_get,
742 .set = ovl_other_xattr_set,
743 };
744
745 static const struct xattr_handler *ovl_xattr_handlers[] = {
746 #ifdef CONFIG_FS_POSIX_ACL
747 &ovl_posix_acl_access_xattr_handler,
748 &ovl_posix_acl_default_xattr_handler,
749 #endif
750 &ovl_own_xattr_handler,
751 &ovl_other_xattr_handler,
752 NULL
753 };
754
755 static int ovl_fill_super(struct super_block *sb, void *data, int silent)
756 {
757 struct path upperpath = { };
758 struct path workpath = { };
759 struct dentry *root_dentry;
760 struct inode *realinode;
761 struct ovl_entry *oe;
762 struct ovl_fs *ufs;
763 struct path *stack = NULL;
764 char *lowertmp;
765 char *lower;
766 unsigned int numlower;
767 unsigned int stacklen = 0;
768 unsigned int i;
769 bool remote = false;
770 struct cred *cred;
771 int err;
772
773 err = -ENOMEM;
774 ufs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
775 if (!ufs)
776 goto out;
777
778 init_waitqueue_head(&ufs->copyup_wq);
779 ufs->config.redirect_dir = ovl_redirect_dir_def;
780 err = ovl_parse_opt((char *) data, &ufs->config);
781 if (err)
782 goto out_free_config;
783
784 err = -EINVAL;
785 if (!ufs->config.lowerdir) {
786 if (!silent)
787 pr_err("overlayfs: missing 'lowerdir'\n");
788 goto out_free_config;
789 }
790
791 sb->s_stack_depth = 0;
792 sb->s_maxbytes = MAX_LFS_FILESIZE;
793 if (ufs->config.upperdir) {
794 if (!ufs->config.workdir) {
795 pr_err("overlayfs: missing 'workdir'\n");
796 goto out_free_config;
797 }
798
799 err = ovl_mount_dir(ufs->config.upperdir, &upperpath);
800 if (err)
801 goto out_free_config;
802
803 /* Upper fs should not be r/o */
804 if (upperpath.mnt->mnt_sb->s_flags & MS_RDONLY) {
805 pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n");
806 err = -EINVAL;
807 goto out_put_upperpath;
808 }
809
810 err = ovl_check_namelen(&upperpath, ufs, ufs->config.upperdir);
811 if (err)
812 goto out_put_upperpath;
813
814 err = ovl_mount_dir(ufs->config.workdir, &workpath);
815 if (err)
816 goto out_put_upperpath;
817
818 err = -EINVAL;
819 if (upperpath.mnt != workpath.mnt) {
820 pr_err("overlayfs: workdir and upperdir must reside under the same mount\n");
821 goto out_put_workpath;
822 }
823 if (!ovl_workdir_ok(workpath.dentry, upperpath.dentry)) {
824 pr_err("overlayfs: workdir and upperdir must be separate subtrees\n");
825 goto out_put_workpath;
826 }
827 sb->s_stack_depth = upperpath.mnt->mnt_sb->s_stack_depth;
828 }
829 err = -ENOMEM;
830 lowertmp = kstrdup(ufs->config.lowerdir, GFP_KERNEL);
831 if (!lowertmp)
832 goto out_put_workpath;
833
834 err = -EINVAL;
835 stacklen = ovl_split_lowerdirs(lowertmp);
836 if (stacklen > OVL_MAX_STACK) {
837 pr_err("overlayfs: too many lower directories, limit is %d\n",
838 OVL_MAX_STACK);
839 goto out_free_lowertmp;
840 } else if (!ufs->config.upperdir && stacklen == 1) {
841 pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n");
842 goto out_free_lowertmp;
843 }
844
845 err = -ENOMEM;
846 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL);
847 if (!stack)
848 goto out_free_lowertmp;
849
850 err = -EINVAL;
851 lower = lowertmp;
852 for (numlower = 0; numlower < stacklen; numlower++) {
853 err = ovl_lower_dir(lower, &stack[numlower], ufs,
854 &sb->s_stack_depth, &remote);
855 if (err)
856 goto out_put_lowerpath;
857
858 lower = strchr(lower, '\0') + 1;
859 }
860
861 err = -EINVAL;
862 sb->s_stack_depth++;
863 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
864 pr_err("overlayfs: maximum fs stacking depth exceeded\n");
865 goto out_put_lowerpath;
866 }
867
868 if (ufs->config.upperdir) {
869 ufs->upper_mnt = clone_private_mount(&upperpath);
870 err = PTR_ERR(ufs->upper_mnt);
871 if (IS_ERR(ufs->upper_mnt)) {
872 pr_err("overlayfs: failed to clone upperpath\n");
873 goto out_put_lowerpath;
874 }
875 /* Don't inherit atime flags */
876 ufs->upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
877
878 sb->s_time_gran = ufs->upper_mnt->mnt_sb->s_time_gran;
879
880 ufs->workdir = ovl_workdir_create(ufs->upper_mnt, workpath.dentry);
881 err = PTR_ERR(ufs->workdir);
882 if (IS_ERR(ufs->workdir)) {
883 pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n",
884 ufs->config.workdir, OVL_WORKDIR_NAME, -err);
885 sb->s_flags |= MS_RDONLY;
886 ufs->workdir = NULL;
887 }
888
889 /*
890 * Upper should support d_type, else whiteouts are visible.
891 * Given workdir and upper are on same fs, we can do
892 * iterate_dir() on workdir. This check requires successful
893 * creation of workdir in previous step.
894 */
895 if (ufs->workdir) {
896 struct dentry *temp;
897
898 err = ovl_check_d_type_supported(&workpath);
899 if (err < 0)
900 goto out_put_workdir;
901
902 /*
903 * We allowed this configuration and don't want to
904 * break users over kernel upgrade. So warn instead
905 * of erroring out.
906 */
907 if (!err)
908 pr_warn("overlayfs: upper fs needs to support d_type.\n");
909
910 /* Check if upper/work fs supports O_TMPFILE */
911 temp = ovl_do_tmpfile(ufs->workdir, S_IFREG | 0);
912 ufs->tmpfile = !IS_ERR(temp);
913 if (ufs->tmpfile)
914 dput(temp);
915 else
916 pr_warn("overlayfs: upper fs does not support tmpfile.\n");
917
918 /*
919 * Check if upper/work fs supports trusted.overlay.*
920 * xattr
921 */
922 err = ovl_do_setxattr(ufs->workdir, OVL_XATTR_OPAQUE,
923 "0", 1, 0);
924 if (err) {
925 ufs->noxattr = true;
926 pr_warn("overlayfs: upper fs does not support xattr.\n");
927 } else {
928 vfs_removexattr(ufs->workdir, OVL_XATTR_OPAQUE);
929 }
930 }
931 }
932
933 err = -ENOMEM;
934 ufs->lower_mnt = kcalloc(numlower, sizeof(struct vfsmount *), GFP_KERNEL);
935 if (ufs->lower_mnt == NULL)
936 goto out_put_workdir;
937 for (i = 0; i < numlower; i++) {
938 struct vfsmount *mnt = clone_private_mount(&stack[i]);
939
940 err = PTR_ERR(mnt);
941 if (IS_ERR(mnt)) {
942 pr_err("overlayfs: failed to clone lowerpath\n");
943 goto out_put_lower_mnt;
944 }
945 /*
946 * Make lower_mnt R/O. That way fchmod/fchown on lower file
947 * will fail instead of modifying lower fs.
948 */
949 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
950
951 ufs->lower_mnt[ufs->numlower] = mnt;
952 ufs->numlower++;
953
954 /* Check if all lower layers are on same sb */
955 if (i == 0)
956 ufs->same_sb = mnt->mnt_sb;
957 else if (ufs->same_sb != mnt->mnt_sb)
958 ufs->same_sb = NULL;
959 }
960
961 /* If the upper fs is nonexistent, we mark overlayfs r/o too */
962 if (!ufs->upper_mnt)
963 sb->s_flags |= MS_RDONLY;
964 else if (ufs->upper_mnt->mnt_sb != ufs->same_sb)
965 ufs->same_sb = NULL;
966
967 if (remote)
968 sb->s_d_op = &ovl_reval_dentry_operations;
969 else
970 sb->s_d_op = &ovl_dentry_operations;
971
972 ufs->creator_cred = cred = prepare_creds();
973 if (!cred)
974 goto out_put_lower_mnt;
975
976 /* Never override disk quota limits or use reserved space */
977 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
978
979 err = -ENOMEM;
980 oe = ovl_alloc_entry(numlower);
981 if (!oe)
982 goto out_put_cred;
983
984 sb->s_magic = OVERLAYFS_SUPER_MAGIC;
985 sb->s_op = &ovl_super_operations;
986 sb->s_xattr = ovl_xattr_handlers;
987 sb->s_fs_info = ufs;
988 sb->s_flags |= MS_POSIXACL | MS_NOREMOTELOCK;
989
990 root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
991 if (!root_dentry)
992 goto out_free_oe;
993
994 mntput(upperpath.mnt);
995 for (i = 0; i < numlower; i++)
996 mntput(stack[i].mnt);
997 path_put(&workpath);
998 kfree(lowertmp);
999
1000 if (upperpath.dentry) {
1001 oe->__upperdentry = upperpath.dentry;
1002 oe->impure = ovl_is_impuredir(upperpath.dentry);
1003 }
1004 for (i = 0; i < numlower; i++) {
1005 oe->lowerstack[i].dentry = stack[i].dentry;
1006 oe->lowerstack[i].mnt = ufs->lower_mnt[i];
1007 }
1008 kfree(stack);
1009
1010 root_dentry->d_fsdata = oe;
1011
1012 realinode = d_inode(ovl_dentry_real(root_dentry));
1013 ovl_inode_init(d_inode(root_dentry), realinode, !!upperpath.dentry);
1014 ovl_copyattr(realinode, d_inode(root_dentry));
1015
1016 sb->s_root = root_dentry;
1017
1018 return 0;
1019
1020 out_free_oe:
1021 kfree(oe);
1022 out_put_cred:
1023 put_cred(ufs->creator_cred);
1024 out_put_lower_mnt:
1025 for (i = 0; i < ufs->numlower; i++)
1026 mntput(ufs->lower_mnt[i]);
1027 kfree(ufs->lower_mnt);
1028 out_put_workdir:
1029 dput(ufs->workdir);
1030 mntput(ufs->upper_mnt);
1031 out_put_lowerpath:
1032 for (i = 0; i < numlower; i++)
1033 path_put(&stack[i]);
1034 kfree(stack);
1035 out_free_lowertmp:
1036 kfree(lowertmp);
1037 out_put_workpath:
1038 path_put(&workpath);
1039 out_put_upperpath:
1040 path_put(&upperpath);
1041 out_free_config:
1042 kfree(ufs->config.lowerdir);
1043 kfree(ufs->config.upperdir);
1044 kfree(ufs->config.workdir);
1045 kfree(ufs);
1046 out:
1047 return err;
1048 }
1049
1050 static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
1051 const char *dev_name, void *raw_data)
1052 {
1053 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
1054 }
1055
1056 static struct file_system_type ovl_fs_type = {
1057 .owner = THIS_MODULE,
1058 .name = "overlay",
1059 .mount = ovl_mount,
1060 .kill_sb = kill_anon_super,
1061 };
1062 MODULE_ALIAS_FS("overlay");
1063
1064 static void ovl_inode_init_once(void *foo)
1065 {
1066 struct ovl_inode *oi = foo;
1067
1068 inode_init_once(&oi->vfs_inode);
1069 }
1070
1071 static int __init ovl_init(void)
1072 {
1073 int err;
1074
1075 ovl_inode_cachep = kmem_cache_create("ovl_inode",
1076 sizeof(struct ovl_inode), 0,
1077 (SLAB_RECLAIM_ACCOUNT|
1078 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
1079 ovl_inode_init_once);
1080 if (ovl_inode_cachep == NULL)
1081 return -ENOMEM;
1082
1083 err = register_filesystem(&ovl_fs_type);
1084 if (err)
1085 kmem_cache_destroy(ovl_inode_cachep);
1086
1087 return err;
1088 }
1089
1090 static void __exit ovl_exit(void)
1091 {
1092 unregister_filesystem(&ovl_fs_type);
1093
1094 /*
1095 * Make sure all delayed rcu free inodes are flushed before we
1096 * destroy cache.
1097 */
1098 rcu_barrier();
1099 kmem_cache_destroy(ovl_inode_cachep);
1100
1101 }
1102
1103 module_init(ovl_init);
1104 module_exit(ovl_exit);
ubuntu-bionic-kernel mirror