]> Git Repo - linux.git/blame - fs/overlayfs/params.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovl: fix wrong lowerdir number check for parameter Opt_lowerdir
[linux.git] / fs / overlayfs / params.c
CommitLineData
b36a5780
CB		 1// SPDX-License-Identifier: GPL-2.0-only
2
3#include <linux/fs.h>
7fb7998b 4#include <linux/module.h>
b36a5780
CB		 5#include <linux/namei.h>
6#include <linux/fs_context.h>
7#include <linux/fs_parser.h>
8#include <linux/posix_acl_xattr.h>
7fb7998b 9#include <linux/seq_file.h>
b36a5780
CB		 10#include <linux/xattr.h>
11#include "overlayfs.h"
7fb7998b
CB		 12#include "params.h"
13
14static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
15module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
16MODULE_PARM_DESC(redirect_dir,
17 "Default to on or off for the redirect_dir feature");
18
19static bool ovl_redirect_always_follow =
20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
21module_param_named(redirect_always_follow, ovl_redirect_always_follow,
22 bool, 0644);
23MODULE_PARM_DESC(redirect_always_follow,
24 "Follow redirects even if redirect_dir feature is turned off");
25
26static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
27module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
28MODULE_PARM_DESC(xino_auto,
29 "Auto enable xino feature");
30
31static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
32module_param_named(index, ovl_index_def, bool, 0644);
33MODULE_PARM_DESC(index,
34 "Default to on or off for the inodes index feature");
35
36static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
37module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
38MODULE_PARM_DESC(nfs_export,
39 "Default to on or off for the NFS export feature");
40
41static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
42module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
43MODULE_PARM_DESC(metacopy,
44 "Default to on or off for the metadata only copy up feature");
45
819829f0 46enum ovl_opt {
7fb7998b 47 Opt_lowerdir,
24e16e38
AG		 48 Opt_lowerdir_add,
49 Opt_datadir_add,
7fb7998b
CB		 50 Opt_upperdir,
51 Opt_workdir,
52 Opt_default_permissions,
53 Opt_redirect_dir,
54 Opt_index,
55 Opt_uuid,
56 Opt_nfs_export,
57 Opt_userxattr,
58 Opt_xino,
59 Opt_metacopy,
ae8cba40 60 Opt_verity,
7fb7998b
CB		 61 Opt_volatile,
62};
63
64static const struct constant_table ovl_parameter_bool[] = {
65 { "on", true },
66 { "off", false },
67 {}
68};
69
b0504bfe
AG		 70static const struct constant_table ovl_parameter_uuid[] = {
71 { "off", OVL_UUID_OFF },
72 { "null", OVL_UUID_NULL },
cbb44f09 73 { "auto", OVL_UUID_AUTO },
b0504bfe
AG		 74 { "on", OVL_UUID_ON },
75 {}
76};
77
78static const char *ovl_uuid_mode(struct ovl_config *config)
79{
80 return ovl_parameter_uuid[config->uuid].name;
81}
82
83static int ovl_uuid_def(void)
84{
cbb44f09 85 return OVL_UUID_AUTO;
b0504bfe
AG		 86}
87
7fb7998b
CB		 88static const struct constant_table ovl_parameter_xino[] = {
89 { "off", OVL_XINO_OFF },
90 { "auto", OVL_XINO_AUTO },
91 { "on", OVL_XINO_ON },
92 {}
93};
94
95const char *ovl_xino_mode(struct ovl_config *config)
96{
97 return ovl_parameter_xino[config->xino].name;
98}
99
100static int ovl_xino_def(void)
101{
102 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
103}
104
105const struct constant_table ovl_parameter_redirect_dir[] = {
106 { "off", OVL_REDIRECT_OFF },
107 { "follow", OVL_REDIRECT_FOLLOW },
108 { "nofollow", OVL_REDIRECT_NOFOLLOW },
109 { "on", OVL_REDIRECT_ON },
110 {}
111};
112
113static const char *ovl_redirect_mode(struct ovl_config *config)
114{
115 return ovl_parameter_redirect_dir[config->redirect_mode].name;
116}
117
118static int ovl_redirect_mode_def(void)
119{
120 return ovl_redirect_dir_def ? OVL_REDIRECT_ON :
121 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW :
122 OVL_REDIRECT_NOFOLLOW;
123}
124
ae8cba40
AL		 125static const struct constant_table ovl_parameter_verity[] = {
126 { "off", OVL_VERITY_OFF },
127 { "on", OVL_VERITY_ON },
128 { "require", OVL_VERITY_REQUIRE },
129 {}
130};
131
132static const char *ovl_verity_mode(struct ovl_config *config)
133{
134 return ovl_parameter_verity[config->verity_mode].name;
135}
136
137static int ovl_verity_mode_def(void)
138{
139 return OVL_VERITY_OFF;
140}
141
7fb7998b
CB		 142const struct fs_parameter_spec ovl_parameter_spec[] = {
143 fsparam_string_empty("lowerdir", Opt_lowerdir),
24e16e38
AG		 144 fsparam_string("lowerdir+", Opt_lowerdir_add),
145 fsparam_string("datadir+", Opt_datadir_add),
7fb7998b
CB		 146 fsparam_string("upperdir", Opt_upperdir),
147 fsparam_string("workdir", Opt_workdir),
148 fsparam_flag("default_permissions", Opt_default_permissions),
149 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir),
150 fsparam_enum("index", Opt_index, ovl_parameter_bool),
b0504bfe 151 fsparam_enum("uuid", Opt_uuid, ovl_parameter_uuid),
7fb7998b
CB		 152 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool),
153 fsparam_flag("userxattr", Opt_userxattr),
154 fsparam_enum("xino", Opt_xino, ovl_parameter_xino),
155 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool),
ae8cba40 156 fsparam_enum("verity", Opt_verity, ovl_parameter_verity),
7fb7998b
CB		 157 fsparam_flag("volatile", Opt_volatile),
158 {}
159};
b36a5780 160
c34706ac
AG		 161static char *ovl_next_opt(char **s)
162{
163 char *sbegin = *s;
164 char *p;
165
166 if (sbegin == NULL)
167 return NULL;
168
169 for (p = sbegin; *p; p++) {
170 if (*p == '\\') {
171 p++;
172 if (!*p)
173 break;
174 } else if (*p == ',') {
175 *p = '\0';
176 *s = p + 1;
177 return sbegin;
178 }
179 }
180 *s = NULL;
181 return sbegin;
182}
183
184static int ovl_parse_monolithic(struct fs_context *fc, void *data)
185{
186 return vfs_parse_monolithic_sep(fc, data, ovl_next_opt);
187}
188
b36a5780
CB		 189static ssize_t ovl_parse_param_split_lowerdirs(char *str)
190{
191 ssize_t nr_layers = 1, nr_colons = 0;
192 char *s, *d;
193
194 for (s = d = str;; s++, d++) {
195 if (*s == '\\') {
32db5107
AG		 196 /* keep esc chars in split lowerdir */
197 *d++ = *s++;
b36a5780
CB		 198 } else if (*s == ':') {
199 bool next_colon = (*(s + 1) == ':');
200
201 nr_colons++;
202 if (nr_colons == 2 && next_colon) {
203 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n");
204 return -EINVAL;
205 }
206 /* count layers, not colons */
207 if (!next_colon)
208 nr_layers++;
209
210 *d = '\0';
211 continue;
212 }
213
214 *d = *s;
215 if (!*s) {
216 /* trailing colons */
217 if (nr_colons) {
218 pr_err("unescaped trailing colons in lowerdir mount option.\n");
219 return -EINVAL;
220 }
221 break;
222 }
223 nr_colons = 0;
224 }
225
226 return nr_layers;
227}
228
229static int ovl_mount_dir_noesc(const char *name, struct path *path)
230{
231 int err = -EINVAL;
232
233 if (!*name) {
234 pr_err("empty lowerdir\n");
235 goto out;
236 }
237 err = kern_path(name, LOOKUP_FOLLOW, path);
238 if (err) {
239 pr_err("failed to resolve '%s': %i\n", name, err);
240 goto out;
241 }
b36a5780
CB		 242 return 0;
243
b36a5780
CB		 244out:
245 return err;
246}
247
248static void ovl_unescape(char *s)
249{
250 char *d = s;
251
252 for (;; s++, d++) {
253 if (*s == '\\')
254 s++;
255 *d = *s;
256 if (!*s)
257 break;
258 }
259}
260
819829f0 261static int ovl_mount_dir(const char *name, struct path *path)
b36a5780
CB		 262{
263 int err = -ENOMEM;
264 char *tmp = kstrdup(name, GFP_KERNEL);
265
266 if (tmp) {
267 ovl_unescape(tmp);
268 err = ovl_mount_dir_noesc(tmp, path);
b36a5780
CB		 269 kfree(tmp);
270 }
271 return err;
272}
273
819829f0
AG		 274static int ovl_mount_dir_check(struct fs_context *fc, const struct path *path,
275 enum ovl_opt layer, const char *name, bool upper)
b36a5780 276{
24e16e38
AG		 277 struct ovl_fs_context *ctx = fc->fs_private;
278
819829f0
AG		 279 if (!d_is_dir(path->dentry))
280 return invalfc(fc, "%s is not a directory", name);
b36a5780 281
2824083d
GKB		 282 /*
283 * Root dentries of case-insensitive capable filesystems might
284 * not have the dentry operations set, but still be incompatible
285 * with overlayfs. Check explicitly to prevent post-mount
286 * failures.
287 */
288 if (sb_has_encoding(path->mnt->mnt_sb))
289 return invalfc(fc, "case-insensitive capable filesystem on %s not supported", name);
290
291 if (ovl_dentry_weird(path->dentry))
292 return invalfc(fc, "filesystem on %s not supported", name);
24e16e38 293
b36a5780
CB		 294 /*
295 * Check whether upper path is read-only here to report failures
296 * early. Don't forget to recheck when the superblock is created
297 * as the mount attributes could change.
298 */
819829f0
AG		 299 if (upper) {
300 if (path->dentry->d_flags & DCACHE_OP_REAL)
301 return invalfc(fc, "filesystem on %s not supported as upperdir", name);
302 if (__mnt_is_readonly(path->mnt))
303 return invalfc(fc, "filesystem on %s is read-only", name);
24e16e38
AG		 304 } else {
305 if (ctx->lowerdir_all && layer != Opt_lowerdir)
306 return invalfc(fc, "lowerdir+ and datadir+ cannot follow lowerdir");
307 if (ctx->nr_data && layer == Opt_lowerdir_add)
308 return invalfc(fc, "regular lower layers cannot follow data layers");
309 if (ctx->nr == OVL_MAX_STACK)
310 return invalfc(fc, "too many lower directories, limit is %d",
311 OVL_MAX_STACK);
b36a5780 312 }
819829f0
AG		 313 return 0;
314}
b36a5780 315
24e16e38
AG		 316static int ovl_ctx_realloc_lower(struct fs_context *fc)
317{
318 struct ovl_fs_context *ctx = fc->fs_private;
319 struct ovl_fs_context_layer *l;
320 size_t nr;
321
322 if (ctx->nr < ctx->capacity)
323 return 0;
324
325 nr = min_t(size_t, max(4096 / sizeof(*l), ctx->capacity * 2),
326 OVL_MAX_STACK);
327 l = krealloc_array(ctx->lower, nr, sizeof(*l), GFP_KERNEL_ACCOUNT);
328 if (!l)
329 return -ENOMEM;
330
331 ctx->lower = l;
332 ctx->capacity = nr;
333 return 0;
334}
335
819829f0
AG		 336static void ovl_add_layer(struct fs_context *fc, enum ovl_opt layer,
337 struct path *path, char **pname)
338{
339 struct ovl_fs *ofs = fc->s_fs_info;
340 struct ovl_config *config = &ofs->config;
341 struct ovl_fs_context *ctx = fc->fs_private;
24e16e38 342 struct ovl_fs_context_layer *l;
b36a5780 343
819829f0
AG		 344 switch (layer) {
345 case Opt_workdir:
346 swap(config->workdir, *pname);
347 swap(ctx->work, *path);
348 break;
349 case Opt_upperdir:
350 swap(config->upperdir, *pname);
351 swap(ctx->upper, *path);
352 break;
24e16e38
AG		 353 case Opt_datadir_add:
354 ctx->nr_data++;
355 fallthrough;
ca76ac36
ZC		 356 case Opt_lowerdir:
357 fallthrough;
24e16e38
AG		 358 case Opt_lowerdir_add:
359 WARN_ON(ctx->nr >= ctx->capacity);
360 l = &ctx->lower[ctx->nr++];
361 memset(l, 0, sizeof(*l));
362 swap(l->name, *pname);
363 swap(l->path, *path);
364 break;
819829f0
AG		 365 default:
366 WARN_ON(1);
b36a5780 367 }
819829f0
AG		 368}
369
7eff3453 370static int ovl_parse_layer(struct fs_context *fc, const char *layer_name, enum ovl_opt layer)
819829f0 371{
7eff3453 372 char *name = kstrdup(layer_name, GFP_KERNEL);
819829f0
AG		 373 bool upper = (layer == Opt_upperdir || layer == Opt_workdir);
374 struct path path;
375 int err;
376
377 if (!name)
378 return -ENOMEM;
379
ca76ac36 380 if (upper || layer == Opt_lowerdir)
24e16e38
AG		 381 err = ovl_mount_dir(name, &path);
382 else
383 err = ovl_mount_dir_noesc(name, &path);
819829f0
AG		 384 if (err)
385 goto out_free;
386
387 err = ovl_mount_dir_check(fc, &path, layer, name, upper);
388 if (err)
389 goto out_put;
390
24e16e38
AG		 391 if (!upper) {
392 err = ovl_ctx_realloc_lower(fc);
393 if (err)
394 goto out_put;
395 }
396
819829f0
AG		 397 /* Store the user provided path string in ctx to show in mountinfo */
398 ovl_add_layer(fc, layer, &path, &name);
399
400out_put:
401 path_put(&path);
402out_free:
403 kfree(name);
404 return err;
b36a5780
CB		 405}
406
0cea4c09 407static void ovl_reset_lowerdirs(struct ovl_fs_context *ctx)
b36a5780 408{
0cea4c09
AG		 409 struct ovl_fs_context_layer *l = ctx->lower;
410
411 // Reset old user provided lowerdir string
412 kfree(ctx->lowerdir_all);
413 ctx->lowerdir_all = NULL;
414
415 for (size_t nr = 0; nr < ctx->nr; nr++, l++) {
416 path_put(&l->path);
417 kfree(l->name);
418 l->name = NULL;
b36a5780
CB		 419 }
420 ctx->nr = 0;
421 ctx->nr_data = 0;
422}
423
424/*
425 * Parse lowerdir= mount option:
426 *
c835110b 427 * e.g.: lowerdir=/lower1:/lower2:/lower3::/data1::/data2
b36a5780
CB		 428 * Set "/lower1", "/lower2", and "/lower3" as lower layers and
429 * "/data1" and "/data2" as data lower layers. Any existing lower
430 * layers are replaced.
b36a5780 431 */
7fb7998b 432static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc)
b36a5780
CB		 433{
434 int err;
435 struct ovl_fs_context *ctx = fc->fs_private;
c835110b 436 char *dup = NULL, *iter;
37f32f52 437 ssize_t nr_lower, nr;
c835110b 438 bool data_layer = false;
b36a5780
CB		 439
440 /*
441 * Ensure we're backwards compatible with mount(2)
442 * by allowing relative paths.
443 */
444
445 /* drop all existing lower layers */
0cea4c09 446 ovl_reset_lowerdirs(ctx);
c835110b
AG		 447
448 if (!*name)
b36a5780 449 return 0;
b36a5780 450
beae836e
AG		 451 if (*name == ':') {
452 pr_err("cannot append lower layer");
453 return -EINVAL;
b36a5780
CB		 454 }
455
0cea4c09
AG		 456 // Store user provided lowerdir string to show in mount options
457 ctx->lowerdir_all = kstrdup(name, GFP_KERNEL);
458 if (!ctx->lowerdir_all)
459 return -ENOMEM;
460
b36a5780
CB		 461 dup = kstrdup(name, GFP_KERNEL);
462 if (!dup)
463 return -ENOMEM;
464
465 err = -EINVAL;
466 nr_lower = ovl_parse_param_split_lowerdirs(dup);
467 if (nr_lower < 0)
468 goto out_err;
469
c835110b 470 if (nr_lower > OVL_MAX_STACK) {
b36a5780
CB		 471 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK);
472 goto out_err;
473 }
474
c835110b 475 iter = dup;
ca76ac36
ZC		 476 for (nr = 0; nr < nr_lower; nr++) {
477 err = ovl_parse_layer(fc, iter, Opt_lowerdir);
b36a5780 478 if (err)
ca76ac36 479 goto out_err;
b36a5780
CB		 480
481 if (data_layer)
37f32f52 482 ctx->nr_data++;
b36a5780
CB		 483
484 /* Calling strchr() again would overrun. */
37f32f52 485 if (ctx->nr == nr_lower)
b36a5780
CB		 486 break;
487
488 err = -EINVAL;
c835110b
AG		 489 iter = strchr(iter, '\0') + 1;
490 if (*iter) {
b36a5780
CB		 491 /*
492 * This is a regular layer so we require that
493 * there are no data layers.
494 */
37f32f52 495 if (ctx->nr_data > 0) {
b36a5780 496 pr_err("regular lower layers cannot follow data lower layers");
ca76ac36 497 goto out_err;
b36a5780
CB		 498 }
499
500 data_layer = false;
501 continue;
502 }
503
504 /* This is a data lower layer. */
505 data_layer = true;
c835110b 506 iter++;
b36a5780 507 }
b36a5780
CB		 508 kfree(dup);
509 return 0;
510
b36a5780
CB		 511out_err:
512 kfree(dup);
513
514 /* Intentionally don't realloc to a smaller size. */
515 return err;
516}
7fb7998b
CB		 517
518static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param)
519{
520 int err = 0;
521 struct fs_parse_result result;
522 struct ovl_fs *ofs = fc->s_fs_info;
523 struct ovl_config *config = &ofs->config;
524 struct ovl_fs_context *ctx = fc->fs_private;
525 int opt;
526
527 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) {
528 /*
529 * On remount overlayfs has always ignored all mount
530 * options no matter if malformed or not so for
531 * backwards compatibility we do the same here.
532 */
533 if (fc->oldapi)
534 return 0;
535
536 /*
537 * Give us the freedom to allow changing mount options
538 * with the new mount api in the future. So instead of
539 * silently ignoring everything we report a proper
540 * error. This is only visible for users of the new
541 * mount api.
542 */
543 return invalfc(fc, "No changes allowed in reconfigure");
544 }
545
546 opt = fs_parse(fc, ovl_parameter_spec, param, &result);
547 if (opt < 0)
548 return opt;
549
550 switch (opt) {
551 case Opt_lowerdir:
552 err = ovl_parse_param_lowerdir(param->string, fc);
553 break;
24e16e38
AG		 554 case Opt_lowerdir_add:
555 case Opt_datadir_add:
7fb7998b 556 case Opt_upperdir:
7fb7998b 557 case Opt_workdir:
7eff3453 558 err = ovl_parse_layer(fc, param->string, opt);
7fb7998b
CB		 559 break;
560 case Opt_default_permissions:
561 config->default_permissions = true;
562 break;
563 case Opt_redirect_dir:
564 config->redirect_mode = result.uint_32;
565 if (config->redirect_mode == OVL_REDIRECT_OFF) {
566 config->redirect_mode = ovl_redirect_always_follow ?
567 OVL_REDIRECT_FOLLOW :
568 OVL_REDIRECT_NOFOLLOW;
569 }
570 ctx->set.redirect = true;
571 break;
572 case Opt_index:
573 config->index = result.uint_32;
574 ctx->set.index = true;
575 break;
576 case Opt_uuid:
577 config->uuid = result.uint_32;
578 break;
579 case Opt_nfs_export:
580 config->nfs_export = result.uint_32;
581 ctx->set.nfs_export = true;
582 break;
583 case Opt_xino:
584 config->xino = result.uint_32;
585 break;
586 case Opt_metacopy:
587 config->metacopy = result.uint_32;
588 ctx->set.metacopy = true;
589 break;
ae8cba40
AL		 590 case Opt_verity:
591 config->verity_mode = result.uint_32;
592 break;
7fb7998b
CB		 593 case Opt_volatile:
594 config->ovl_volatile = true;
595 break;
596 case Opt_userxattr:
597 config->userxattr = true;
598 break;
599 default:
600 pr_err("unrecognized mount option \"%s\" or missing value\n",
601 param->key);
602 return -EINVAL;
603 }
604
605 return err;
606}
607
608static int ovl_get_tree(struct fs_context *fc)
609{
610 return get_tree_nodev(fc, ovl_fill_super);
611}
612
613static inline void ovl_fs_context_free(struct ovl_fs_context *ctx)
614{
0cea4c09 615 ovl_reset_lowerdirs(ctx);
7fb7998b
CB		 616 path_put(&ctx->upper);
617 path_put(&ctx->work);
618 kfree(ctx->lower);
619 kfree(ctx);
620}
621
622static void ovl_free(struct fs_context *fc)
623{
624 struct ovl_fs *ofs = fc->s_fs_info;
625 struct ovl_fs_context *ctx = fc->fs_private;
626
627 /*
628 * ofs is stored in the fs_context when it is initialized.
629 * ofs is transferred to the superblock on a successful mount,
630 * but if an error occurs before the transfer we have to free
631 * it here.
632 */
633 if (ofs)
634 ovl_free_fs(ofs);
635
636 if (ctx)
637 ovl_fs_context_free(ctx);
638}
639
640static int ovl_reconfigure(struct fs_context *fc)
641{
642 struct super_block *sb = fc->root->d_sb;
f01d0889 643 struct ovl_fs *ofs = OVL_FS(sb);
7fb7998b
CB		 644 struct super_block *upper_sb;
645 int ret = 0;
646
647 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs))
648 return -EROFS;
649
650 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) {
651 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
652 if (ovl_should_sync(ofs)) {
653 down_read(&upper_sb->s_umount);
654 ret = sync_filesystem(upper_sb);
655 up_read(&upper_sb->s_umount);
656 }
657 }
658
659 return ret;
660}
661
662static const struct fs_context_operations ovl_context_ops = {
c34706ac 663 .parse_monolithic = ovl_parse_monolithic,
7fb7998b
CB		 664 .parse_param = ovl_parse_param,
665 .get_tree = ovl_get_tree,
666 .reconfigure = ovl_reconfigure,
667 .free = ovl_free,
668};
669
670/*
671 * This is called during fsopen() and will record the user namespace of
672 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll
673 * need it when we actually create the superblock to verify that the
674 * process creating the superblock is in the same user namespace as
675 * process that called fsopen().
676 */
677int ovl_init_fs_context(struct fs_context *fc)
678{
679 struct ovl_fs_context *ctx;
680 struct ovl_fs *ofs;
681
682 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT);
683 if (!ctx)
684 return -ENOMEM;
685
686 /*
687 * By default we allocate for three lower layers. It's likely
688 * that it'll cover most users.
689 */
690 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT);
691 if (!ctx->lower)
692 goto out_err;
693 ctx->capacity = 3;
694
695 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
696 if (!ofs)
697 goto out_err;
698
699 ofs->config.redirect_mode = ovl_redirect_mode_def();
700 ofs->config.index = ovl_index_def;
b0504bfe 701 ofs->config.uuid = ovl_uuid_def();
7fb7998b
CB		 702 ofs->config.nfs_export = ovl_nfs_export_def;
703 ofs->config.xino = ovl_xino_def();
704 ofs->config.metacopy = ovl_metacopy_def;
705
706 fc->s_fs_info = ofs;
707 fc->fs_private = ctx;
708 fc->ops = &ovl_context_ops;
709 return 0;
710
711out_err:
712 ovl_fs_context_free(ctx);
713 return -ENOMEM;
714
715}
716
717void ovl_free_fs(struct ovl_fs *ofs)
718{
719 struct vfsmount **mounts;
720 unsigned i;
721
722 iput(ofs->workbasedir_trap);
7fb7998b
CB		 723 iput(ofs->workdir_trap);
724 dput(ofs->whiteout);
7fb7998b
CB		 725 dput(ofs->workdir);
726 if (ofs->workdir_locked)
727 ovl_inuse_unlock(ofs->workbasedir);
728 dput(ofs->workbasedir);
729 if (ofs->upperdir_locked)
730 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
731
a535116d
AG		 732 /* Reuse ofs->config.lowerdirs as a vfsmount array before freeing it */
733 mounts = (struct vfsmount **) ofs->config.lowerdirs;
7fb7998b
CB		 734 for (i = 0; i < ofs->numlayer; i++) {
735 iput(ofs->layers[i].trap);
a535116d 736 kfree(ofs->config.lowerdirs[i]);
7fb7998b 737 mounts[i] = ofs->layers[i].mnt;
7fb7998b
CB		 738 }
739 kern_unmount_array(mounts, ofs->numlayer);
740 kfree(ofs->layers);
741 for (i = 0; i < ofs->numfs; i++)
742 free_anon_bdev(ofs->fs[i].pseudo_dev);
743 kfree(ofs->fs);
744
a535116d 745 kfree(ofs->config.lowerdirs);
7fb7998b
CB		 746 kfree(ofs->config.upperdir);
747 kfree(ofs->config.workdir);
748 if (ofs->creator_cred)
749 put_cred(ofs->creator_cred);
750 kfree(ofs);
751}
752
753int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
754 struct ovl_config *config)
755{
756 struct ovl_opt_set set = ctx->set;
757
758 if (ctx->nr_data > 0 && !config->metacopy) {
759 pr_err("lower data-only dirs require metacopy support.\n");
760 return -EINVAL;
761 }
762
763 /* Workdir/index are useless in non-upper mount */
764 if (!config->upperdir) {
765 if (config->workdir) {
766 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
767 config->workdir);
768 kfree(config->workdir);
769 config->workdir = NULL;
770 }
771 if (config->index && set.index) {
772 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n");
773 set.index = false;
774 }
775 config->index = false;
776 }
777
778 if (!config->upperdir && config->ovl_volatile) {
779 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n");
780 config->ovl_volatile = false;
781 }
782
d9544c1b
AG		 783 if (!config->upperdir && config->uuid == OVL_UUID_ON) {
784 pr_info("option \"uuid=on\" requires an upper fs, falling back to uuid=null.\n");
785 config->uuid = OVL_UUID_NULL;
786 }
787
ae8cba40
AL		 788 /* Resolve verity -> metacopy dependency */
789 if (config->verity_mode && !config->metacopy) {
790 /* Don't allow explicit specified conflicting combinations */
791 if (set.metacopy) {
792 pr_err("conflicting options: metacopy=off,verity=%s\n",
793 ovl_verity_mode(config));
794 return -EINVAL;
795 }
796 /* Otherwise automatically enable metacopy. */
797 config->metacopy = true;
798 }
799
7fb7998b
CB		 800 /*
801 * This is to make the logic below simpler. It doesn't make any other
802 * difference, since redirect_dir=on is only used for upper.
803 */
804 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW)
805 config->redirect_mode = OVL_REDIRECT_ON;
806
ae8cba40 807 /* Resolve verity -> metacopy -> redirect_dir dependency */
7fb7998b
CB		 808 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) {
809 if (set.metacopy && set.redirect) {
810 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
811 ovl_redirect_mode(config));
812 return -EINVAL;
813 }
ae8cba40
AL		 814 if (config->verity_mode && set.redirect) {
815 pr_err("conflicting options: verity=%s,redirect_dir=%s\n",
816 ovl_verity_mode(config), ovl_redirect_mode(config));
817 return -EINVAL;
818 }
7fb7998b
CB		 819 if (set.redirect) {
820 /*
821 * There was an explicit redirect_dir=... that resulted
822 * in this conflict.
823 */
824 pr_info("disabling metacopy due to redirect_dir=%s\n",
825 ovl_redirect_mode(config));
826 config->metacopy = false;
827 } else {
828 /* Automatically enable redirect otherwise. */
829 config->redirect_mode = OVL_REDIRECT_ON;
830 }
831 }
832
833 /* Resolve nfs_export -> index dependency */
834 if (config->nfs_export && !config->index) {
835 if (!config->upperdir &&
836 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
837 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
838 config->nfs_export = false;
839 } else if (set.nfs_export && set.index) {
840 pr_err("conflicting options: nfs_export=on,index=off\n");
841 return -EINVAL;
842 } else if (set.index) {
843 /*
844 * There was an explicit index=off that resulted
845 * in this conflict.
846 */
847 pr_info("disabling nfs_export due to index=off\n");
848 config->nfs_export = false;
849 } else {
850 /* Automatically enable index otherwise. */
851 config->index = true;
852 }
853 }
854
ae8cba40 855 /* Resolve nfs_export -> !metacopy && !verity dependency */
7fb7998b
CB		 856 if (config->nfs_export && config->metacopy) {
857 if (set.nfs_export && set.metacopy) {
858 pr_err("conflicting options: nfs_export=on,metacopy=on\n");
859 return -EINVAL;
860 }
861 if (set.metacopy) {
862 /*
863 * There was an explicit metacopy=on that resulted
864 * in this conflict.
865 */
866 pr_info("disabling nfs_export due to metacopy=on\n");
867 config->nfs_export = false;
ae8cba40
AL		 868 } else if (config->verity_mode) {
869 /*
870 * There was an explicit verity=.. that resulted
871 * in this conflict.
872 */
873 pr_info("disabling nfs_export due to verity=%s\n",
874 ovl_verity_mode(config));
875 config->nfs_export = false;
7fb7998b
CB		 876 } else {
877 /*
878 * There was an explicit nfs_export=on that resulted
879 * in this conflict.
880 */
881 pr_info("disabling metacopy due to nfs_export=on\n");
882 config->metacopy = false;
883 }
884 }
885
886
ae8cba40 887 /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */
7fb7998b
CB		 888 if (config->userxattr) {
889 if (set.redirect &&
890 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
891 pr_err("conflicting options: userxattr,redirect_dir=%s\n",
892 ovl_redirect_mode(config));
893 return -EINVAL;
894 }
895 if (config->metacopy && set.metacopy) {
896 pr_err("conflicting options: userxattr,metacopy=on\n");
897 return -EINVAL;
898 }
ae8cba40
AL		 899 if (config->verity_mode) {
900 pr_err("conflicting options: userxattr,verity=%s\n",
901 ovl_verity_mode(config));
902 return -EINVAL;
903 }
7fb7998b
CB		 904 /*
905 * Silently disable default setting of redirect and metacopy.
906 * This shall be the default in the future as well: these
907 * options must be explicitly enabled if used together with
908 * userxattr.
909 */
910 config->redirect_mode = OVL_REDIRECT_NOFOLLOW;
911 config->metacopy = false;
912 }
913
914 return 0;
915}
916
917/**
918 * ovl_show_options
919 * @m: the seq_file handle
920 * @dentry: The dentry to query
921 *
922 * Prints the mount options for a given superblock.
923 * Returns zero; does not fail.
924 */
925int ovl_show_options(struct seq_file *m, struct dentry *dentry)
926{
927 struct super_block *sb = dentry->d_sb;
f01d0889 928 struct ovl_fs *ofs = OVL_FS(sb);
24e16e38 929 size_t nr, nr_merged_lower, nr_lower = 0;
0cea4c09 930 char **lowerdirs = ofs->config.lowerdirs;
32db5107
AG		 931
932 /*
0cea4c09
AG		 933 * lowerdirs[0] holds the colon separated list that user provided
934 * with lowerdir mount option.
24e16e38
AG		 935 * lowerdirs[1..numlayer] hold the lowerdir paths that were added
936 * using the lowerdir+ and datadir+ mount options.
937 * For now, we do not allow mixing the legacy lowerdir mount option
938 * with the new lowerdir+ and datadir+ mount options.
32db5107 939 */
24e16e38
AG		 940 if (lowerdirs[0]) {
941 seq_show_option(m, "lowerdir", lowerdirs[0]);
942 } else {
943 nr_lower = ofs->numlayer;
944 nr_merged_lower = nr_lower - ofs->numdatalayer;
945 }
946 for (nr = 1; nr < nr_lower; nr++) {
947 if (nr < nr_merged_lower)
948 seq_show_option(m, "lowerdir+", lowerdirs[nr]);
949 else
950 seq_show_option(m, "datadir+", lowerdirs[nr]);
951 }
7fb7998b
CB		 952 if (ofs->config.upperdir) {
953 seq_show_option(m, "upperdir", ofs->config.upperdir);
954 seq_show_option(m, "workdir", ofs->config.workdir);
955 }
956 if (ofs->config.default_permissions)
957 seq_puts(m, ",default_permissions");
958 if (ofs->config.redirect_mode != ovl_redirect_mode_def())
959 seq_printf(m, ",redirect_dir=%s",
960 ovl_redirect_mode(&ofs->config));
961 if (ofs->config.index != ovl_index_def)
962 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
b0504bfe
AG		 963 if (ofs->config.uuid != ovl_uuid_def())
964 seq_printf(m, ",uuid=%s", ovl_uuid_mode(&ofs->config));
7fb7998b
CB		 965 if (ofs->config.nfs_export != ovl_nfs_export_def)
966 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
967 "on" : "off");
968 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs))
969 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config));
970 if (ofs->config.metacopy != ovl_metacopy_def)
971 seq_printf(m, ",metacopy=%s",
972 ofs->config.metacopy ? "on" : "off");
973 if (ofs->config.ovl_volatile)
974 seq_puts(m, ",volatile");
975 if (ofs->config.userxattr)
976 seq_puts(m, ",userxattr");
ae8cba40
AL		 977 if (ofs->config.verity_mode != ovl_verity_mode_def())
978 seq_printf(m, ",verity=%s",
979 ovl_verity_mode(&ofs->config));
7fb7998b
CB		 980 return 0;
981}
Empty description
This page took 0.255957 seconds and 4 git commands to generate.