1 // SPDX-License-Identifier: GPL-2.0-only
4 #include <linux/module.h>
5 #include <linux/namei.h>
6 #include <linux/fs_context.h>
7 #include <linux/fs_parser.h>
8 #include <linux/posix_acl_xattr.h>
9 #include <linux/seq_file.h>
10 #include <linux/xattr.h>
11 #include "overlayfs.h"
14 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
15 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
16 MODULE_PARM_DESC(redirect_dir,
17 "Default to on or off for the redirect_dir feature");
19 static bool ovl_redirect_always_follow =
20 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
21 module_param_named(redirect_always_follow, ovl_redirect_always_follow,
23 MODULE_PARM_DESC(redirect_always_follow,
24 "Follow redirects even if redirect_dir feature is turned off");
26 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
27 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
28 MODULE_PARM_DESC(xino_auto,
29 "Auto enable xino feature");
31 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
32 module_param_named(index, ovl_index_def, bool, 0644);
33 MODULE_PARM_DESC(index,
34 "Default to on or off for the inodes index feature");
36 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
37 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
38 MODULE_PARM_DESC(nfs_export,
39 "Default to on or off for the NFS export feature");
41 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
42 module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
43 MODULE_PARM_DESC(metacopy,
44 "Default to on or off for the metadata only copy up feature");
50 Opt_default_permissions,
61 static const struct constant_table ovl_parameter_bool[] = {
67 static const struct constant_table ovl_parameter_xino[] = {
68 { "off", OVL_XINO_OFF },
69 { "auto", OVL_XINO_AUTO },
70 { "on", OVL_XINO_ON },
74 const char *ovl_xino_mode(struct ovl_config *config)
76 return ovl_parameter_xino[config->xino].name;
79 static int ovl_xino_def(void)
81 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
84 const struct constant_table ovl_parameter_redirect_dir[] = {
85 { "off", OVL_REDIRECT_OFF },
86 { "follow", OVL_REDIRECT_FOLLOW },
87 { "nofollow", OVL_REDIRECT_NOFOLLOW },
88 { "on", OVL_REDIRECT_ON },
92 static const char *ovl_redirect_mode(struct ovl_config *config)
94 return ovl_parameter_redirect_dir[config->redirect_mode].name;
97 static int ovl_redirect_mode_def(void)
99 return ovl_redirect_dir_def ? OVL_REDIRECT_ON :
100 ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW :
101 OVL_REDIRECT_NOFOLLOW;
104 #define fsparam_string_empty(NAME, OPT) \
105 __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL)
107 const struct fs_parameter_spec ovl_parameter_spec[] = {
108 fsparam_string_empty("lowerdir", Opt_lowerdir),
109 fsparam_string("upperdir", Opt_upperdir),
110 fsparam_string("workdir", Opt_workdir),
111 fsparam_flag("default_permissions", Opt_default_permissions),
112 fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir),
113 fsparam_enum("index", Opt_index, ovl_parameter_bool),
114 fsparam_enum("uuid", Opt_uuid, ovl_parameter_bool),
115 fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool),
116 fsparam_flag("userxattr", Opt_userxattr),
117 fsparam_enum("xino", Opt_xino, ovl_parameter_xino),
118 fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool),
119 fsparam_flag("volatile", Opt_volatile),
123 static ssize_t ovl_parse_param_split_lowerdirs(char *str)
125 ssize_t nr_layers = 1, nr_colons = 0;
128 for (s = d = str;; s++, d++) {
131 } else if (*s == ':') {
132 bool next_colon = (*(s + 1) == ':');
135 if (nr_colons == 2 && next_colon) {
136 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n");
139 /* count layers, not colons */
149 /* trailing colons */
151 pr_err("unescaped trailing colons in lowerdir mount option.\n");
162 static int ovl_mount_dir_noesc(const char *name, struct path *path)
167 pr_err("empty lowerdir\n");
170 err = kern_path(name, LOOKUP_FOLLOW, path);
172 pr_err("failed to resolve '%s': %i\n", name, err);
176 if (ovl_dentry_weird(path->dentry)) {
177 pr_err("filesystem on '%s' not supported\n", name);
180 if (!d_is_dir(path->dentry)) {
181 pr_err("'%s' not a directory\n", name);
192 static void ovl_unescape(char *s)
205 static int ovl_mount_dir(const char *name, struct path *path)
208 char *tmp = kstrdup(name, GFP_KERNEL);
212 err = ovl_mount_dir_noesc(tmp, path);
214 if (!err && path->dentry->d_flags & DCACHE_OP_REAL) {
215 pr_err("filesystem on '%s' not supported as upperdir\n",
225 static int ovl_parse_param_upperdir(const char *name, struct fs_context *fc,
229 struct ovl_fs *ofs = fc->s_fs_info;
230 struct ovl_config *config = &ofs->config;
231 struct ovl_fs_context *ctx = fc->fs_private;
235 err = ovl_mount_dir(name, &path);
240 * Check whether upper path is read-only here to report failures
241 * early. Don't forget to recheck when the superblock is created
242 * as the mount attributes could change.
244 if (__mnt_is_readonly(path.mnt)) {
249 dup = kstrdup(name, GFP_KERNEL);
256 kfree(config->workdir);
257 config->workdir = dup;
258 path_put(&ctx->work);
261 kfree(config->upperdir);
262 config->upperdir = dup;
263 path_put(&ctx->upper);
269 static void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx)
271 for (size_t nr = 0; nr < ctx->nr; nr++) {
272 path_put(&ctx->lower[nr].path);
273 kfree(ctx->lower[nr].name);
274 ctx->lower[nr].name = NULL;
281 * Parse lowerdir= mount option:
283 * (1) lowerdir=/lower1:/lower2:/lower3::/data1::/data2
284 * Set "/lower1", "/lower2", and "/lower3" as lower layers and
285 * "/data1" and "/data2" as data lower layers. Any existing lower
286 * layers are replaced.
287 * (2) lowerdir=:/lower4
288 * Append "/lower4" to current stack of lower layers. This requires
289 * that there already is at least one lower layer configured.
290 * (3) lowerdir=::/lower5
291 * Append data "/lower5" as data lower layer. This requires that
292 * there's at least one regular lower layer present.
294 static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc)
297 struct ovl_fs_context *ctx = fc->fs_private;
298 struct ovl_fs_context_layer *l;
299 char *dup = NULL, *dup_iter;
300 ssize_t nr_lower = 0, nr = 0, nr_data = 0;
301 bool append = false, data_layer = false;
304 * Ensure we're backwards compatible with mount(2)
305 * by allowing relative paths.
308 /* drop all existing lower layers */
310 ovl_parse_param_drop_lowerdir(ctx);
314 if (strncmp(name, "::", 2) == 0) {
316 * This is a data layer.
317 * There must be at least one regular lower layer
321 pr_err("data lower layers without regular lower layers not allowed");
325 /* Skip the leading "::". */
329 * A data layer is automatically an append as there
330 * must've been at least one regular lower layer.
333 } else if (*name == ':') {
335 * This is a regular lower layer.
336 * If users want to append a layer enforce that they
337 * have already specified a first layer before. It's
338 * better to be strict.
341 pr_err("cannot append layer if no previous layer has been specified");
346 * Once a sequence of data layers has started regular
347 * lower layers are forbidden.
349 if (ctx->nr_data > 0) {
350 pr_err("regular lower layers cannot follow data lower layers");
354 /* Skip the leading ":". */
359 dup = kstrdup(name, GFP_KERNEL);
364 nr_lower = ovl_parse_param_split_lowerdirs(dup);
368 if ((nr_lower > OVL_MAX_STACK) ||
369 (append && (size_add(ctx->nr, nr_lower) > OVL_MAX_STACK))) {
370 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK);
375 ovl_parse_param_drop_lowerdir(ctx);
380 * We want nr <= nr_lower <= capacity We know nr > 0 and nr <=
381 * capacity. If nr == 0 this wouldn't be append. If nr +
382 * nr_lower is <= capacity then nr <= nr_lower <= capacity
383 * already holds. If nr + nr_lower exceeds capacity, we realloc.
387 * Ensure we're backwards compatible with mount(2) which allows
388 * "lowerdir=/a:/b:/c,lowerdir=/d:/e:/f" causing the last
389 * specified lowerdir mount option to win.
391 * We want nr <= nr_lower <= capacity We know either (i) nr == 0
392 * or (ii) nr > 0. We also know nr_lower > 0. The capacity
393 * could've been changed multiple times already so we only know
394 * nr <= capacity. If nr + nr_lower > capacity we realloc,
395 * otherwise nr <= nr_lower <= capacity holds already.
398 if (nr_lower > ctx->capacity) {
400 l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower),
406 ctx->capacity = nr_lower;
410 * (3) By (1) and (2) we know nr <= nr_lower <= capacity.
411 * (4) If ctx->nr == 0 => replace
412 * We have verified above that the lowerdir mount option
413 * isn't an append, i.e., the lowerdir mount option
414 * doesn't start with ":" or "::".
415 * (4.1) The lowerdir mount options only contains regular lower
417 * => Nothing to verify.
418 * (4.2) The lowerdir mount options contains regular ":" and
420 * => We need to verify that data lower layers "::" aren't
421 * followed by regular ":" lower layers
422 * (5) If ctx->nr > 0 => append
423 * We know that there's at least one regular layer
424 * otherwise we would've failed when parsing the previous
425 * lowerdir mount option.
426 * (5.1) The lowerdir mount option is a regular layer ":" append
427 * => We need to verify that no data layers have been
429 * (5.2) The lowerdir mount option is a data layer "::" append
430 * We know that there's at least one regular layer or
431 * other data layers. => There's nothing to verify.
434 for (nr = ctx->nr; nr < nr_lower; nr++) {
436 memset(l, 0, sizeof(*l));
438 err = ovl_mount_dir_noesc(dup_iter, &l->path);
443 l->name = kstrdup(dup_iter, GFP_KERNEL_ACCOUNT);
450 /* Calling strchr() again would overrun. */
451 if ((nr + 1) == nr_lower)
455 dup_iter = strchr(dup_iter, '\0') + 1;
458 * This is a regular layer so we require that
459 * there are no data layers.
461 if ((ctx->nr_data + nr_data) > 0) {
462 pr_err("regular lower layers cannot follow data lower layers");
470 /* This is a data lower layer. */
475 ctx->nr_data += nr_data;
481 * We know nr >= ctx->nr < nr_lower. If we failed somewhere
482 * we want to undo until nr == ctx->nr. This is correct for
483 * both ctx->nr == 0 and ctx->nr > 0.
485 for (; nr >= ctx->nr; nr--) {
499 /* Intentionally don't realloc to a smaller size. */
503 static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param)
506 struct fs_parse_result result;
507 struct ovl_fs *ofs = fc->s_fs_info;
508 struct ovl_config *config = &ofs->config;
509 struct ovl_fs_context *ctx = fc->fs_private;
512 if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) {
514 * On remount overlayfs has always ignored all mount
515 * options no matter if malformed or not so for
516 * backwards compatibility we do the same here.
522 * Give us the freedom to allow changing mount options
523 * with the new mount api in the future. So instead of
524 * silently ignoring everything we report a proper
525 * error. This is only visible for users of the new
528 return invalfc(fc, "No changes allowed in reconfigure");
531 opt = fs_parse(fc, ovl_parameter_spec, param, &result);
537 err = ovl_parse_param_lowerdir(param->string, fc);
542 err = ovl_parse_param_upperdir(param->string, fc,
543 (Opt_workdir == opt));
545 case Opt_default_permissions:
546 config->default_permissions = true;
548 case Opt_redirect_dir:
549 config->redirect_mode = result.uint_32;
550 if (config->redirect_mode == OVL_REDIRECT_OFF) {
551 config->redirect_mode = ovl_redirect_always_follow ?
552 OVL_REDIRECT_FOLLOW :
553 OVL_REDIRECT_NOFOLLOW;
555 ctx->set.redirect = true;
558 config->index = result.uint_32;
559 ctx->set.index = true;
562 config->uuid = result.uint_32;
565 config->nfs_export = result.uint_32;
566 ctx->set.nfs_export = true;
569 config->xino = result.uint_32;
572 config->metacopy = result.uint_32;
573 ctx->set.metacopy = true;
576 config->ovl_volatile = true;
579 config->userxattr = true;
582 pr_err("unrecognized mount option \"%s\" or missing value\n",
590 static int ovl_get_tree(struct fs_context *fc)
592 return get_tree_nodev(fc, ovl_fill_super);
595 static inline void ovl_fs_context_free(struct ovl_fs_context *ctx)
597 ovl_parse_param_drop_lowerdir(ctx);
598 path_put(&ctx->upper);
599 path_put(&ctx->work);
604 static void ovl_free(struct fs_context *fc)
606 struct ovl_fs *ofs = fc->s_fs_info;
607 struct ovl_fs_context *ctx = fc->fs_private;
610 * ofs is stored in the fs_context when it is initialized.
611 * ofs is transferred to the superblock on a successful mount,
612 * but if an error occurs before the transfer we have to free
619 ovl_fs_context_free(ctx);
622 static int ovl_reconfigure(struct fs_context *fc)
624 struct super_block *sb = fc->root->d_sb;
625 struct ovl_fs *ofs = sb->s_fs_info;
626 struct super_block *upper_sb;
629 if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs))
632 if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) {
633 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
634 if (ovl_should_sync(ofs)) {
635 down_read(&upper_sb->s_umount);
636 ret = sync_filesystem(upper_sb);
637 up_read(&upper_sb->s_umount);
644 static const struct fs_context_operations ovl_context_ops = {
645 .parse_param = ovl_parse_param,
646 .get_tree = ovl_get_tree,
647 .reconfigure = ovl_reconfigure,
652 * This is called during fsopen() and will record the user namespace of
653 * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll
654 * need it when we actually create the superblock to verify that the
655 * process creating the superblock is in the same user namespace as
656 * process that called fsopen().
658 int ovl_init_fs_context(struct fs_context *fc)
660 struct ovl_fs_context *ctx;
663 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT);
668 * By default we allocate for three lower layers. It's likely
669 * that it'll cover most users.
671 ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT);
676 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
680 ofs->config.redirect_mode = ovl_redirect_mode_def();
681 ofs->config.index = ovl_index_def;
682 ofs->config.uuid = true;
683 ofs->config.nfs_export = ovl_nfs_export_def;
684 ofs->config.xino = ovl_xino_def();
685 ofs->config.metacopy = ovl_metacopy_def;
688 fc->fs_private = ctx;
689 fc->ops = &ovl_context_ops;
693 ovl_fs_context_free(ctx);
698 void ovl_free_fs(struct ovl_fs *ofs)
700 struct vfsmount **mounts;
703 iput(ofs->workbasedir_trap);
704 iput(ofs->indexdir_trap);
705 iput(ofs->workdir_trap);
709 if (ofs->workdir_locked)
710 ovl_inuse_unlock(ofs->workbasedir);
711 dput(ofs->workbasedir);
712 if (ofs->upperdir_locked)
713 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
715 /* Hack! Reuse ofs->layers as a vfsmount array before freeing it */
716 mounts = (struct vfsmount **) ofs->layers;
717 for (i = 0; i < ofs->numlayer; i++) {
718 iput(ofs->layers[i].trap);
719 mounts[i] = ofs->layers[i].mnt;
720 kfree(ofs->layers[i].name);
722 kern_unmount_array(mounts, ofs->numlayer);
724 for (i = 0; i < ofs->numfs; i++)
725 free_anon_bdev(ofs->fs[i].pseudo_dev);
728 kfree(ofs->config.upperdir);
729 kfree(ofs->config.workdir);
730 if (ofs->creator_cred)
731 put_cred(ofs->creator_cred);
735 int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
736 struct ovl_config *config)
738 struct ovl_opt_set set = ctx->set;
740 if (ctx->nr_data > 0 && !config->metacopy) {
741 pr_err("lower data-only dirs require metacopy support.\n");
745 /* Workdir/index are useless in non-upper mount */
746 if (!config->upperdir) {
747 if (config->workdir) {
748 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
750 kfree(config->workdir);
751 config->workdir = NULL;
753 if (config->index && set.index) {
754 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n");
757 config->index = false;
760 if (!config->upperdir && config->ovl_volatile) {
761 pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n");
762 config->ovl_volatile = false;
766 * This is to make the logic below simpler. It doesn't make any other
767 * difference, since redirect_dir=on is only used for upper.
769 if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW)
770 config->redirect_mode = OVL_REDIRECT_ON;
772 /* Resolve metacopy -> redirect_dir dependency */
773 if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) {
774 if (set.metacopy && set.redirect) {
775 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
776 ovl_redirect_mode(config));
781 * There was an explicit redirect_dir=... that resulted
784 pr_info("disabling metacopy due to redirect_dir=%s\n",
785 ovl_redirect_mode(config));
786 config->metacopy = false;
788 /* Automatically enable redirect otherwise. */
789 config->redirect_mode = OVL_REDIRECT_ON;
793 /* Resolve nfs_export -> index dependency */
794 if (config->nfs_export && !config->index) {
795 if (!config->upperdir &&
796 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
797 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
798 config->nfs_export = false;
799 } else if (set.nfs_export && set.index) {
800 pr_err("conflicting options: nfs_export=on,index=off\n");
802 } else if (set.index) {
804 * There was an explicit index=off that resulted
807 pr_info("disabling nfs_export due to index=off\n");
808 config->nfs_export = false;
810 /* Automatically enable index otherwise. */
811 config->index = true;
815 /* Resolve nfs_export -> !metacopy dependency */
816 if (config->nfs_export && config->metacopy) {
817 if (set.nfs_export && set.metacopy) {
818 pr_err("conflicting options: nfs_export=on,metacopy=on\n");
823 * There was an explicit metacopy=on that resulted
826 pr_info("disabling nfs_export due to metacopy=on\n");
827 config->nfs_export = false;
830 * There was an explicit nfs_export=on that resulted
833 pr_info("disabling metacopy due to nfs_export=on\n");
834 config->metacopy = false;
839 /* Resolve userxattr -> !redirect && !metacopy dependency */
840 if (config->userxattr) {
842 config->redirect_mode != OVL_REDIRECT_NOFOLLOW) {
843 pr_err("conflicting options: userxattr,redirect_dir=%s\n",
844 ovl_redirect_mode(config));
847 if (config->metacopy && set.metacopy) {
848 pr_err("conflicting options: userxattr,metacopy=on\n");
852 * Silently disable default setting of redirect and metacopy.
853 * This shall be the default in the future as well: these
854 * options must be explicitly enabled if used together with
857 config->redirect_mode = OVL_REDIRECT_NOFOLLOW;
858 config->metacopy = false;
866 * @m: the seq_file handle
867 * @dentry: The dentry to query
869 * Prints the mount options for a given superblock.
870 * Returns zero; does not fail.
872 int ovl_show_options(struct seq_file *m, struct dentry *dentry)
874 struct super_block *sb = dentry->d_sb;
875 struct ovl_fs *ofs = sb->s_fs_info;
876 size_t nr, nr_merged_lower = ofs->numlayer - ofs->numdatalayer;
877 const struct ovl_layer *data_layers = &ofs->layers[nr_merged_lower];
879 /* ofs->layers[0] is the upper layer */
880 seq_printf(m, ",lowerdir=%s", ofs->layers[1].name);
881 /* dump regular lower layers */
882 for (nr = 2; nr < nr_merged_lower; nr++)
883 seq_printf(m, ":%s", ofs->layers[nr].name);
884 /* dump data lower layers */
885 for (nr = 0; nr < ofs->numdatalayer; nr++)
886 seq_printf(m, "::%s", data_layers[nr].name);
887 if (ofs->config.upperdir) {
888 seq_show_option(m, "upperdir", ofs->config.upperdir);
889 seq_show_option(m, "workdir", ofs->config.workdir);
891 if (ofs->config.default_permissions)
892 seq_puts(m, ",default_permissions");
893 if (ofs->config.redirect_mode != ovl_redirect_mode_def())
894 seq_printf(m, ",redirect_dir=%s",
895 ovl_redirect_mode(&ofs->config));
896 if (ofs->config.index != ovl_index_def)
897 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
898 if (!ofs->config.uuid)
899 seq_puts(m, ",uuid=off");
900 if (ofs->config.nfs_export != ovl_nfs_export_def)
901 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
903 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs))
904 seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config));
905 if (ofs->config.metacopy != ovl_metacopy_def)
906 seq_printf(m, ",metacopy=%s",
907 ofs->config.metacopy ? "on" : "off");
908 if (ofs->config.ovl_volatile)
909 seq_puts(m, ",volatile");
910 if (ofs->config.userxattr)
911 seq_puts(m, ",userxattr");
projects / linux.git / blob