1// SPDX-License-Identifier: GPL-2.0-only 2 3#include <linux/fs.h> 4#include <linux/module.h> 5#include <linux/namei.h> 6#include <linux/fs_context.h> 7#include <linux/fs_parser.h> 8#include <linux/posix_acl_xattr.h> 9#include <linux/seq_file.h> 10#include <linux/xattr.h> 11#include "overlayfs.h" 12#include "params.h" 13 14static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 15module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); 16MODULE_PARM_DESC(redirect_dir, 17 "Default to on or off for the redirect_dir feature"); 18 19static bool ovl_redirect_always_follow = 20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW); 21module_param_named(redirect_always_follow, ovl_redirect_always_follow, 22 bool, 0644); 23MODULE_PARM_DESC(redirect_always_follow, 24 "Follow redirects even if redirect_dir feature is turned off"); 25 26static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO); 27module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644); 28MODULE_PARM_DESC(xino_auto, 29 "Auto enable xino feature"); 30 31static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX); 32module_param_named(index, ovl_index_def, bool, 0644); 33MODULE_PARM_DESC(index, 34 "Default to on or off for the inodes index feature"); 35 36static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT); 37module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644); 38MODULE_PARM_DESC(nfs_export, 39 "Default to on or off for the NFS export feature"); 40 41static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 42module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 43MODULE_PARM_DESC(metacopy, 44 "Default to on or off for the metadata only copy up feature"); 45 46enum ovl_opt { 47 Opt_lowerdir, 48 Opt_lowerdir_add, 49 Opt_datadir_add, 50 Opt_upperdir, 51 Opt_workdir, 52 Opt_default_permissions, 53 Opt_redirect_dir, 54 Opt_index, 55 Opt_uuid, 56 Opt_nfs_export, 57 Opt_userxattr, 58 Opt_xino, 59 Opt_metacopy, 60 Opt_verity, 61 Opt_volatile, 62}; 63 64static const struct constant_table ovl_parameter_bool[] = { 65 { "on", true }, 66 { "off", false }, 67 {} 68}; 69 70static const struct constant_table ovl_parameter_uuid[] = { 71 { "off", OVL_UUID_OFF }, 72 { "null", OVL_UUID_NULL }, 73 { "auto", OVL_UUID_AUTO }, 74 { "on", OVL_UUID_ON }, 75 {} 76}; 77 78static const char *ovl_uuid_mode(struct ovl_config *config) 79{ 80 return ovl_parameter_uuid[config->uuid].name; 81} 82 83static int ovl_uuid_def(void) 84{ 85 return OVL_UUID_AUTO; 86} 87 88static const struct constant_table ovl_parameter_xino[] = { 89 { "off", OVL_XINO_OFF }, 90 { "auto", OVL_XINO_AUTO }, 91 { "on", OVL_XINO_ON }, 92 {} 93}; 94 95const char *ovl_xino_mode(struct ovl_config *config) 96{ 97 return ovl_parameter_xino[config->xino].name; 98} 99 100static int ovl_xino_def(void) 101{ 102 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF; 103} 104 105const struct constant_table ovl_parameter_redirect_dir[] = { 106 { "off", OVL_REDIRECT_OFF }, 107 { "follow", OVL_REDIRECT_FOLLOW }, 108 { "nofollow", OVL_REDIRECT_NOFOLLOW }, 109 { "on", OVL_REDIRECT_ON }, 110 {} 111}; 112 113static const char *ovl_redirect_mode(struct ovl_config *config) 114{ 115 return ovl_parameter_redirect_dir[config->redirect_mode].name; 116} 117 118static int ovl_redirect_mode_def(void) 119{ 120 return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 121 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 122 OVL_REDIRECT_NOFOLLOW; 123} 124 125static const struct constant_table ovl_parameter_verity[] = { 126 { "off", OVL_VERITY_OFF }, 127 { "on", OVL_VERITY_ON }, 128 { "require", OVL_VERITY_REQUIRE }, 129 {} 130}; 131 132static const char *ovl_verity_mode(struct ovl_config *config) 133{ 134 return ovl_parameter_verity[config->verity_mode].name; 135} 136 137static int ovl_verity_mode_def(void) 138{ 139 return OVL_VERITY_OFF; 140} 141 142#define fsparam_string_empty(NAME, OPT) \ 143 __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) 144 145 146const struct fs_parameter_spec ovl_parameter_spec[] = { 147 fsparam_string_empty("lowerdir", Opt_lowerdir), 148 fsparam_string("lowerdir+", Opt_lowerdir_add), 149 fsparam_string("datadir+", Opt_datadir_add), 150 fsparam_string("upperdir", Opt_upperdir), 151 fsparam_string("workdir", Opt_workdir), 152 fsparam_flag("default_permissions", Opt_default_permissions), 153 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 154 fsparam_enum("index", Opt_index, ovl_parameter_bool), 155 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid), 156 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 157 fsparam_flag("userxattr", Opt_userxattr), 158 fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 159 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 160 fsparam_enum("verity", Opt_verity, ovl_parameter_verity), 161 fsparam_flag("volatile", Opt_volatile), 162 {} 163}; 164 165static char *ovl_next_opt(char **s) 166{ 167 char *sbegin = *s; 168 char *p; 169 170 if (sbegin == NULL) 171 return NULL; 172 173 for (p = sbegin; *p; p++) { 174 if (*p == '\\') { 175 p++; 176 if (!*p) 177 break; 178 } else if (*p == ',') { 179 *p = '\0'; 180 *s = p + 1; 181 return sbegin; 182 } 183 } 184 *s = NULL; 185 return sbegin; 186} 187 188static int ovl_parse_monolithic(struct fs_context *fc, void *data) 189{ 190 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt); 191} 192 193static ssize_t ovl_parse_param_split_lowerdirs(char *str) 194{ 195 ssize_t nr_layers = 1, nr_colons = 0; 196 char *s, *d; 197 198 for (s = d = str;; s++, d++) { 199 if (*s == '\\') { 200 /* keep esc chars in split lowerdir */ 201 *d++ = *s++; 202 } else if (*s == ':') { 203 bool next_colon = (*(s + 1) == ':'); 204 205 nr_colons++; 206 if (nr_colons == 2 && next_colon) { 207 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 208 return -EINVAL; 209 } 210 /* count layers, not colons */ 211 if (!next_colon) 212 nr_layers++; 213 214 *d = '\0'; 215 continue; 216 } 217 218 *d = *s; 219 if (!*s) { 220 /* trailing colons */ 221 if (nr_colons) { 222 pr_err("unescaped trailing colons in lowerdir mount option.\n"); 223 return -EINVAL; 224 } 225 break; 226 } 227 nr_colons = 0; 228 } 229 230 return nr_layers; 231} 232 233static int ovl_mount_dir_noesc(const char *name, struct path *path) 234{ 235 int err = -EINVAL; 236 237 if (!*name) { 238 pr_err("empty lowerdir\n"); 239 goto out; 240 } 241 err = kern_path(name, LOOKUP_FOLLOW, path); 242 if (err) { 243 pr_err("failed to resolve '%s': %i\n", name, err); 244 goto out; 245 } 246 return 0; 247 248out: 249 return err; 250} 251 252static void ovl_unescape(char *s) 253{ 254 char *d = s; 255 256 for (;; s++, d++) { 257 if (*s == '\\') 258 s++; 259 *d = *s; 260 if (!*s) 261 break; 262 } 263} 264 265static int ovl_mount_dir(const char *name, struct path *path) 266{ 267 int err = -ENOMEM; 268 char *tmp = kstrdup(name, GFP_KERNEL); 269 270 if (tmp) { 271 ovl_unescape(tmp); 272 err = ovl_mount_dir_noesc(tmp, path); 273 kfree(tmp); 274 } 275 return err; 276} 277 278static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path, 279 enum ovl_opt layer, const char *name, bool upper) 280{ 281 struct ovl_fs_context *ctx = fc->fs_private; 282 283 if (!d_is_dir(path->dentry)) 284 return invalfc(fc, "%s is not a directory", name); 285 286 /* 287 * Root dentries of case-insensitive capable filesystems might 288 * not have the dentry operations set, but still be incompatible 289 * with overlayfs. Check explicitly to prevent post-mount 290 * failures. 291 */ 292 if (sb_has_encoding(path->mnt->mnt_sb)) 293 return invalfc(fc, "case-insensitive capable filesystem on %s not supported", name); 294 295 if (ovl_dentry_weird(path->dentry)) 296 return invalfc(fc, "filesystem on %s not supported", name); 297 298 /* 299 * Check whether upper path is read-only here to report failures 300 * early. Don't forget to recheck when the superblock is created 301 * as the mount attributes could change. 302 */ 303 if (upper) { 304 if (path->dentry->d_flags & DCACHE_OP_REAL) 305 return invalfc(fc, "filesystem on %s not supported as upperdir", name); 306 if (__mnt_is_readonly(path->mnt)) 307 return invalfc(fc, "filesystem on %s is read-only", name); 308 } else { 309 if (ctx->lowerdir_all && layer != Opt_lowerdir) 310 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir"); 311 if (ctx->nr_data && layer == Opt_lowerdir_add) 312 return invalfc(fc, "regular lower layers cannot follow data layers"); 313 if (ctx->nr == OVL_MAX_STACK) 314 return invalfc(fc, "too many lower directories, limit is %d", 315 OVL_MAX_STACK); 316 } 317 return 0; 318} 319 320static int ovl_ctx_realloc_lower(struct fs_context *fc) 321{ 322 struct ovl_fs_context *ctx = fc->fs_private; 323 struct ovl_fs_context_layer *l; 324 size_t nr; 325 326 if (ctx->nr < ctx->capacity) 327 return 0; 328 329 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2), 330 OVL_MAX_STACK); 331 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT); 332 if (!l) 333 return -ENOMEM; 334 335 ctx->lower = l; 336 ctx->capacity = nr; 337 return 0; 338} 339 340static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer, 341 struct path *path, char **pname) 342{ 343 struct ovl_fs *ofs = fc->s_fs_info; 344 struct ovl_config *config = &ofs->config; 345 struct ovl_fs_context *ctx = fc->fs_private; 346 struct ovl_fs_context_layer *l; 347 348 switch (layer) { 349 case Opt_workdir: 350 swap(config->workdir, *pname); 351 swap(ctx->work, *path); 352 break; 353 case Opt_upperdir: 354 swap(config->upperdir, *pname); 355 swap(ctx->upper, *path); 356 break; 357 case Opt_datadir_add: 358 ctx->nr_data++; 359 fallthrough; 360 case Opt_lowerdir_add: 361 WARN_ON(ctx->nr >= ctx->capacity); 362 l = &ctx->lower[ctx->nr++]; 363 memset(l, 0, sizeof(*l)); 364 swap(l->name, *pname); 365 swap(l->path, *path); 366 break; 367 default: 368 WARN_ON(1); 369 } 370} 371 372static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param, 373 enum ovl_opt layer) 374{ 375 char *name = kstrdup(param->string, GFP_KERNEL); 376 bool upper = (layer == Opt_upperdir || layer == Opt_workdir); 377 struct path path; 378 int err; 379 380 if (!name) 381 return -ENOMEM; 382 383 if (upper) 384 err = ovl_mount_dir(name, &path); 385 else 386 err = ovl_mount_dir_noesc(name, &path); 387 if (err) 388 goto out_free; 389 390 err = ovl_mount_dir_check(fc, &path, layer, name, upper); 391 if (err) 392 goto out_put; 393 394 if (!upper) { 395 err = ovl_ctx_realloc_lower(fc); 396 if (err) 397 goto out_put; 398 } 399 400 /* Store the user provided path string in ctx to show in mountinfo */ 401 ovl_add_layer(fc, layer, &path, &name); 402 403out_put: 404 path_put(&path); 405out_free: 406 kfree(name); 407 return err; 408} 409 410static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx) 411{ 412 struct ovl_fs_context_layer *l = ctx->lower; 413 414 // Reset old user provided lowerdir string 415 kfree(ctx->lowerdir_all); 416 ctx->lowerdir_all = NULL; 417 418 for (size_t nr = 0; nr < ctx->nr; nr++, l++) { 419 path_put(&l->path); 420 kfree(l->name); 421 l->name = NULL; 422 } 423 ctx->nr = 0; 424 ctx->nr_data = 0; 425} 426 427/* 428 * Parse lowerdir= mount option: 429 * 430 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2 431 * Set "/lower1", "/lower2", and "/lower3" as lower layers and 432 * "/data1" and "/data2" as data lower layers. Any existing lower 433 * layers are replaced. 434 */ 435static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 436{ 437 int err; 438 struct ovl_fs_context *ctx = fc->fs_private; 439 struct ovl_fs_context_layer *l; 440 char *dup = NULL, *iter; 441 ssize_t nr_lower = 0, nr = 0, nr_data = 0; 442 bool data_layer = false; 443 444 /* 445 * Ensure we're backwards compatible with mount(2) 446 * by allowing relative paths. 447 */ 448 449 /* drop all existing lower layers */ 450 ovl_reset_lowerdirs(ctx); 451 452 if (!*name) 453 return 0; 454 455 if (*name == ':') { 456 pr_err("cannot append lower layer"); 457 return -EINVAL; 458 } 459 460 // Store user provided lowerdir string to show in mount options 461 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL); 462 if (!ctx->lowerdir_all) 463 return -ENOMEM; 464 465 dup = kstrdup(name, GFP_KERNEL); 466 if (!dup) 467 return -ENOMEM; 468 469 err = -EINVAL; 470 nr_lower = ovl_parse_param_split_lowerdirs(dup); 471 if (nr_lower < 0) 472 goto out_err; 473 474 if (nr_lower > OVL_MAX_STACK) { 475 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 476 goto out_err; 477 } 478 479 if (nr_lower > ctx->capacity) { 480 err = -ENOMEM; 481 l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower), 482 GFP_KERNEL_ACCOUNT); 483 if (!l) 484 goto out_err; 485 486 ctx->lower = l; 487 ctx->capacity = nr_lower; 488 } 489 490 iter = dup; 491 l = ctx->lower; 492 for (nr = 0; nr < nr_lower; nr++, l++) { 493 memset(l, 0, sizeof(*l)); 494 495 err = ovl_mount_dir(iter, &l->path); 496 if (err) 497 goto out_put; 498 499 err = ovl_mount_dir_check(fc, &l->path, Opt_lowerdir, iter, false); 500 if (err) 501 goto out_put; 502 503 err = -ENOMEM; 504 l->name = kstrdup(iter, GFP_KERNEL_ACCOUNT); 505 if (!l->name) 506 goto out_put; 507 508 if (data_layer) 509 nr_data++; 510 511 /* Calling strchr() again would overrun. */ 512 if ((nr + 1) == nr_lower) 513 break; 514 515 err = -EINVAL; 516 iter = strchr(iter, '\0') + 1; 517 if (*iter) { 518 /* 519 * This is a regular layer so we require that 520 * there are no data layers. 521 */ 522 if ((ctx->nr_data + nr_data) > 0) { 523 pr_err("regular lower layers cannot follow data lower layers"); 524 goto out_put; 525 } 526 527 data_layer = false; 528 continue; 529 } 530 531 /* This is a data lower layer. */ 532 data_layer = true; 533 iter++; 534 } 535 ctx->nr = nr_lower; 536 ctx->nr_data += nr_data; 537 kfree(dup); 538 return 0; 539 540out_put: 541 ovl_reset_lowerdirs(ctx); 542 543out_err: 544 kfree(dup); 545 546 /* Intentionally don't realloc to a smaller size. */ 547 return err; 548} 549 550static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 551{ 552 int err = 0; 553 struct fs_parse_result result; 554 struct ovl_fs *ofs = fc->s_fs_info; 555 struct ovl_config *config = &ofs->config; 556 struct ovl_fs_context *ctx = fc->fs_private; 557 int opt; 558 559 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 560 /* 561 * On remount overlayfs has always ignored all mount 562 * options no matter if malformed or not so for 563 * backwards compatibility we do the same here. 564 */ 565 if (fc->oldapi) 566 return 0; 567 568 /* 569 * Give us the freedom to allow changing mount options 570 * with the new mount api in the future. So instead of 571 * silently ignoring everything we report a proper 572 * error. This is only visible for users of the new 573 * mount api. 574 */ 575 return invalfc(fc, "No changes allowed in reconfigure"); 576 } 577 578 opt = fs_parse(fc, ovl_parameter_spec, param, &result); 579 if (opt < 0) 580 return opt; 581 582 switch (opt) { 583 case Opt_lowerdir: 584 err = ovl_parse_param_lowerdir(param->string, fc); 585 break; 586 case Opt_lowerdir_add: 587 case Opt_datadir_add: 588 case Opt_upperdir: 589 case Opt_workdir: 590 err = ovl_parse_layer(fc, param, opt); 591 break; 592 case Opt_default_permissions: 593 config->default_permissions = true; 594 break; 595 case Opt_redirect_dir: 596 config->redirect_mode = result.uint_32; 597 if (config->redirect_mode == OVL_REDIRECT_OFF) { 598 config->redirect_mode = ovl_redirect_always_follow ? 599 OVL_REDIRECT_FOLLOW : 600 OVL_REDIRECT_NOFOLLOW; 601 } 602 ctx->set.redirect = true; 603 break; 604 case Opt_index: 605 config->index = result.uint_32; 606 ctx->set.index = true; 607 break; 608 case Opt_uuid: 609 config->uuid = result.uint_32; 610 break; 611 case Opt_nfs_export: 612 config->nfs_export = result.uint_32; 613 ctx->set.nfs_export = true; 614 break; 615 case Opt_xino: 616 config->xino = result.uint_32; 617 break; 618 case Opt_metacopy: 619 config->metacopy = result.uint_32; 620 ctx->set.metacopy = true; 621 break; 622 case Opt_verity: 623 config->verity_mode = result.uint_32; 624 break; 625 case Opt_volatile: 626 config->ovl_volatile = true; 627 break; 628 case Opt_userxattr: 629 config->userxattr = true; 630 break; 631 default: 632 pr_err("unrecognized mount option \"%s\" or missing value\n", 633 param->key); 634 return -EINVAL; 635 } 636 637 return err; 638} 639 640static int ovl_get_tree(struct fs_context *fc) 641{ 642 return get_tree_nodev(fc, ovl_fill_super); 643} 644 645static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 646{ 647 ovl_reset_lowerdirs(ctx); 648 path_put(&ctx->upper); 649 path_put(&ctx->work); 650 kfree(ctx->lower); 651 kfree(ctx); 652} 653 654static void ovl_free(struct fs_context *fc) 655{ 656 struct ovl_fs *ofs = fc->s_fs_info; 657 struct ovl_fs_context *ctx = fc->fs_private; 658 659 /* 660 * ofs is stored in the fs_context when it is initialized. 661 * ofs is transferred to the superblock on a successful mount, 662 * but if an error occurs before the transfer we have to free 663 * it here. 664 */ 665 if (ofs) 666 ovl_free_fs(ofs); 667 668 if (ctx) 669 ovl_fs_context_free(ctx); 670} 671 672static int ovl_reconfigure(struct fs_context *fc) 673{ 674 struct super_block *sb = fc->root->d_sb; 675 struct ovl_fs *ofs = OVL_FS(sb); 676 struct super_block *upper_sb; 677 int ret = 0; 678 679 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 680 return -EROFS; 681 682 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 683 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 684 if (ovl_should_sync(ofs)) { 685 down_read(&upper_sb->s_umount); 686 ret = sync_filesystem(upper_sb); 687 up_read(&upper_sb->s_umount); 688 } 689 } 690 691 return ret; 692} 693 694static const struct fs_context_operations ovl_context_ops = { 695 .parse_monolithic = ovl_parse_monolithic, 696 .parse_param = ovl_parse_param, 697 .get_tree = ovl_get_tree, 698 .reconfigure = ovl_reconfigure, 699 .free = ovl_free, 700}; 701 702/* 703 * This is called during fsopen() and will record the user namespace of 704 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 705 * need it when we actually create the superblock to verify that the 706 * process creating the superblock is in the same user namespace as 707 * process that called fsopen(). 708 */ 709int ovl_init_fs_context(struct fs_context *fc) 710{ 711 struct ovl_fs_context *ctx; 712 struct ovl_fs *ofs; 713 714 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 715 if (!ctx) 716 return -ENOMEM; 717 718 /* 719 * By default we allocate for three lower layers. It's likely 720 * that it'll cover most users. 721 */ 722 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 723 if (!ctx->lower) 724 goto out_err; 725 ctx->capacity = 3; 726 727 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 728 if (!ofs) 729 goto out_err; 730 731 ofs->config.redirect_mode = ovl_redirect_mode_def(); 732 ofs->config.index = ovl_index_def; 733 ofs->config.uuid = ovl_uuid_def(); 734 ofs->config.nfs_export = ovl_nfs_export_def; 735 ofs->config.xino = ovl_xino_def(); 736 ofs->config.metacopy = ovl_metacopy_def; 737 738 fc->s_fs_info = ofs; 739 fc->fs_private = ctx; 740 fc->ops = &ovl_context_ops; 741 return 0; 742 743out_err: 744 ovl_fs_context_free(ctx); 745 return -ENOMEM; 746 747} 748 749void ovl_free_fs(struct ovl_fs *ofs) 750{ 751 struct vfsmount **mounts; 752 unsigned i; 753 754 iput(ofs->workbasedir_trap); 755 iput(ofs->indexdir_trap); 756 iput(ofs->workdir_trap); 757 dput(ofs->whiteout); 758 dput(ofs->indexdir); 759 dput(ofs->workdir); 760 if (ofs->workdir_locked) 761 ovl_inuse_unlock(ofs->workbasedir); 762 dput(ofs->workbasedir); 763 if (ofs->upperdir_locked) 764 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root); 765 766 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */ 767 mounts = (struct vfsmount **) ofs->config.lowerdirs; 768 for (i = 0; i < ofs->numlayer; i++) { 769 iput(ofs->layers[i].trap); 770 kfree(ofs->config.lowerdirs[i]); 771 mounts[i] = ofs->layers[i].mnt; 772 } 773 kern_unmount_array(mounts, ofs->numlayer); 774 kfree(ofs->layers); 775 for (i = 0; i < ofs->numfs; i++) 776 free_anon_bdev(ofs->fs[i].pseudo_dev); 777 kfree(ofs->fs); 778 779 kfree(ofs->config.lowerdirs); 780 kfree(ofs->config.upperdir); 781 kfree(ofs->config.workdir); 782 if (ofs->creator_cred) 783 put_cred(ofs->creator_cred); 784 kfree(ofs); 785} 786 787int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 788 struct ovl_config *config) 789{ 790 struct ovl_opt_set set = ctx->set; 791 792 if (ctx->nr_data > 0 && !config->metacopy) { 793 pr_err("lower data-only dirs require metacopy support.\n"); 794 return -EINVAL; 795 } 796 797 /* Workdir/index are useless in non-upper mount */ 798 if (!config->upperdir) { 799 if (config->workdir) { 800 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n", 801 config->workdir); 802 kfree(config->workdir); 803 config->workdir = NULL; 804 } 805 if (config->index && set.index) { 806 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 807 set.index = false; 808 } 809 config->index = false; 810 } 811 812 if (!config->upperdir && config->ovl_volatile) { 813 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n"); 814 config->ovl_volatile = false; 815 } 816 817 if (!config->upperdir && config->uuid == OVL_UUID_ON) { 818 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n"); 819 config->uuid = OVL_UUID_NULL; 820 } 821 822 /* Resolve verity -> metacopy dependency */ 823 if (config->verity_mode && !config->metacopy) { 824 /* Don't allow explicit specified conflicting combinations */ 825 if (set.metacopy) { 826 pr_err("conflicting options: metacopy=off,verity=%s\n", 827 ovl_verity_mode(config)); 828 return -EINVAL; 829 } 830 /* Otherwise automatically enable metacopy. */ 831 config->metacopy = true; 832 } 833 834 /* 835 * This is to make the logic below simpler. It doesn't make any other 836 * difference, since redirect_dir=on is only used for upper. 837 */ 838 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 839 config->redirect_mode = OVL_REDIRECT_ON; 840 841 /* Resolve verity -> metacopy -> redirect_dir dependency */ 842 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 843 if (set.metacopy && set.redirect) { 844 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 845 ovl_redirect_mode(config)); 846 return -EINVAL; 847 } 848 if (config->verity_mode && set.redirect) { 849 pr_err("conflicting options: verity=%s,redirect_dir=%s\n", 850 ovl_verity_mode(config), ovl_redirect_mode(config)); 851 return -EINVAL; 852 } 853 if (set.redirect) { 854 /* 855 * There was an explicit redirect_dir=... that resulted 856 * in this conflict. 857 */ 858 pr_info("disabling metacopy due to redirect_dir=%s\n", 859 ovl_redirect_mode(config)); 860 config->metacopy = false; 861 } else { 862 /* Automatically enable redirect otherwise. */ 863 config->redirect_mode = OVL_REDIRECT_ON; 864 } 865 } 866 867 /* Resolve nfs_export -> index dependency */ 868 if (config->nfs_export && !config->index) { 869 if (!config->upperdir && 870 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 871 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 872 config->nfs_export = false; 873 } else if (set.nfs_export && set.index) { 874 pr_err("conflicting options: nfs_export=on,index=off\n"); 875 return -EINVAL; 876 } else if (set.index) { 877 /* 878 * There was an explicit index=off that resulted 879 * in this conflict. 880 */ 881 pr_info("disabling nfs_export due to index=off\n"); 882 config->nfs_export = false; 883 } else { 884 /* Automatically enable index otherwise. */ 885 config->index = true; 886 } 887 } 888 889 /* Resolve nfs_export -> !metacopy && !verity dependency */ 890 if (config->nfs_export && config->metacopy) { 891 if (set.nfs_export && set.metacopy) { 892 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 893 return -EINVAL; 894 } 895 if (set.metacopy) { 896 /* 897 * There was an explicit metacopy=on that resulted 898 * in this conflict. 899 */ 900 pr_info("disabling nfs_export due to metacopy=on\n"); 901 config->nfs_export = false; 902 } else if (config->verity_mode) { 903 /* 904 * There was an explicit verity=.. that resulted 905 * in this conflict. 906 */ 907 pr_info("disabling nfs_export due to verity=%s\n", 908 ovl_verity_mode(config)); 909 config->nfs_export = false; 910 } else { 911 /* 912 * There was an explicit nfs_export=on that resulted 913 * in this conflict. 914 */ 915 pr_info("disabling metacopy due to nfs_export=on\n"); 916 config->metacopy = false; 917 } 918 } 919 920 921 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ 922 if (config->userxattr) { 923 if (set.redirect && 924 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 925 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 926 ovl_redirect_mode(config)); 927 return -EINVAL; 928 } 929 if (config->metacopy && set.metacopy) { 930 pr_err("conflicting options: userxattr,metacopy=on\n"); 931 return -EINVAL; 932 } 933 if (config->verity_mode) { 934 pr_err("conflicting options: userxattr,verity=%s\n", 935 ovl_verity_mode(config)); 936 return -EINVAL; 937 } 938 /* 939 * Silently disable default setting of redirect and metacopy. 940 * This shall be the default in the future as well: these 941 * options must be explicitly enabled if used together with 942 * userxattr. 943 */ 944 config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 945 config->metacopy = false; 946 } 947 948 return 0; 949} 950 951/** 952 * ovl_show_options 953 * @m: the seq_file handle 954 * @dentry: The dentry to query 955 * 956 * Prints the mount options for a given superblock. 957 * Returns zero; does not fail. 958 */ 959int ovl_show_options(struct seq_file *m, struct dentry *dentry) 960{ 961 struct super_block *sb = dentry->d_sb; 962 struct ovl_fs *ofs = OVL_FS(sb); 963 size_t nr, nr_merged_lower, nr_lower = 0; 964 char **lowerdirs = ofs->config.lowerdirs; 965 966 /* 967 * lowerdirs[0] holds the colon separated list that user provided 968 * with lowerdir mount option. 969 * lowerdirs[1..numlayer] hold the lowerdir paths that were added 970 * using the lowerdir+ and datadir+ mount options. 971 * For now, we do not allow mixing the legacy lowerdir mount option 972 * with the new lowerdir+ and datadir+ mount options. 973 */ 974 if (lowerdirs[0]) { 975 seq_show_option(m, "lowerdir", lowerdirs[0]); 976 } else { 977 nr_lower = ofs->numlayer; 978 nr_merged_lower = nr_lower - ofs->numdatalayer; 979 } 980 for (nr = 1; nr < nr_lower; nr++) { 981 if (nr < nr_merged_lower) 982 seq_show_option(m, "lowerdir+", lowerdirs[nr]); 983 else 984 seq_show_option(m, "datadir+", lowerdirs[nr]); 985 } 986 if (ofs->config.upperdir) { 987 seq_show_option(m, "upperdir", ofs->config.upperdir); 988 seq_show_option(m, "workdir", ofs->config.workdir); 989 } 990 if (ofs->config.default_permissions) 991 seq_puts(m, ",default_permissions"); 992 if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 993 seq_printf(m, ",redirect_dir=%s", 994 ovl_redirect_mode(&ofs->config)); 995 if (ofs->config.index != ovl_index_def) 996 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 997 if (ofs->config.uuid != ovl_uuid_def()) 998 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config)); 999 if (ofs->config.nfs_export != ovl_nfs_export_def) 1000 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 1001 "on" : "off"); 1002 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 1003 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 1004 if (ofs->config.metacopy != ovl_metacopy_def) 1005 seq_printf(m, ",metacopy=%s", 1006 ofs->config.metacopy ? "on" : "off"); 1007 if (ofs->config.ovl_volatile) 1008 seq_puts(m, ",volatile"); 1009 if (ofs->config.userxattr) 1010 seq_puts(m, ",userxattr"); 1011 if (ofs->config.verity_mode != ovl_verity_mode_def()) 1012 seq_printf(m, ",verity=%s", 1013 ovl_verity_mode(&ofs->config)); 1014 return 0; 1015} 1016