1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * |
4 | * Copyright (C) 2011 Novell Inc. |
5 | */ |
6 | |
7 | #include <uapi/linux/magic.h> |
8 | #include <linux/fs.h> |
9 | #include <linux/namei.h> |
10 | #include <linux/xattr.h> |
11 | #include <linux/mount.h> |
12 | #include <linux/parser.h> |
13 | #include <linux/module.h> |
14 | #include <linux/statfs.h> |
15 | #include <linux/seq_file.h> |
16 | #include <linux/posix_acl_xattr.h> |
17 | #include <linux/exportfs.h> |
18 | #include <linux/file.h> |
19 | #include <linux/fs_context.h> |
20 | #include <linux/fs_parser.h> |
21 | #include "overlayfs.h" |
22 | #include "params.h" |
23 | |
24 | MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>" ); |
25 | MODULE_DESCRIPTION("Overlay filesystem" ); |
26 | MODULE_LICENSE("GPL" ); |
27 | |
28 | |
29 | struct ovl_dir_cache; |
30 | |
31 | static struct dentry *ovl_d_real(struct dentry *dentry, |
32 | const struct inode *inode) |
33 | { |
34 | struct dentry *real = NULL, *lower; |
35 | int err; |
36 | |
37 | /* |
38 | * vfs is only expected to call d_real() with NULL from d_real_inode() |
39 | * and with overlay inode from file_dentry() on an overlay file. |
40 | * |
41 | * TODO: remove @inode argument from d_real() API, remove code in this |
42 | * function that deals with non-NULL @inode and remove d_real() call |
43 | * from file_dentry(). |
44 | */ |
45 | if (inode && d_inode(dentry) == inode) |
46 | return dentry; |
47 | else if (inode) |
48 | goto bug; |
49 | |
50 | if (!d_is_reg(dentry)) { |
51 | /* d_real_inode() is only relevant for regular files */ |
52 | return dentry; |
53 | } |
54 | |
55 | real = ovl_dentry_upper(dentry); |
56 | if (real && (inode == d_inode(dentry: real))) |
57 | return real; |
58 | |
59 | if (real && !inode && ovl_has_upperdata(inode: d_inode(dentry))) |
60 | return real; |
61 | |
62 | /* |
63 | * Best effort lazy lookup of lowerdata for !inode case to return |
64 | * the real lowerdata dentry. The only current caller of d_real() with |
65 | * NULL inode is d_real_inode() from trace_uprobe and this caller is |
66 | * likely going to be followed reading from the file, before placing |
67 | * uprobes on offset within the file, so lowerdata should be available |
68 | * when setting the uprobe. |
69 | */ |
70 | err = ovl_verify_lowerdata(dentry); |
71 | if (err) |
72 | goto bug; |
73 | lower = ovl_dentry_lowerdata(dentry); |
74 | if (!lower) |
75 | goto bug; |
76 | real = lower; |
77 | |
78 | /* Handle recursion */ |
79 | real = d_real(dentry: real, inode); |
80 | |
81 | if (!inode || inode == d_inode(dentry: real)) |
82 | return real; |
83 | bug: |
84 | WARN(1, "%s(%pd4, %s:%lu): real dentry (%p/%lu) not found\n" , |
85 | __func__, dentry, inode ? inode->i_sb->s_id : "NULL" , |
86 | inode ? inode->i_ino : 0, real, |
87 | real && d_inode(real) ? d_inode(real)->i_ino : 0); |
88 | return dentry; |
89 | } |
90 | |
91 | static int ovl_revalidate_real(struct dentry *d, unsigned int flags, bool weak) |
92 | { |
93 | int ret = 1; |
94 | |
95 | if (!d) |
96 | return 1; |
97 | |
98 | if (weak) { |
99 | if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) |
100 | ret = d->d_op->d_weak_revalidate(d, flags); |
101 | } else if (d->d_flags & DCACHE_OP_REVALIDATE) { |
102 | ret = d->d_op->d_revalidate(d, flags); |
103 | if (!ret) { |
104 | if (!(flags & LOOKUP_RCU)) |
105 | d_invalidate(d); |
106 | ret = -ESTALE; |
107 | } |
108 | } |
109 | return ret; |
110 | } |
111 | |
112 | static int ovl_dentry_revalidate_common(struct dentry *dentry, |
113 | unsigned int flags, bool weak) |
114 | { |
115 | struct ovl_entry *oe; |
116 | struct ovl_path *lowerstack; |
117 | struct inode *inode = d_inode_rcu(dentry); |
118 | struct dentry *upper; |
119 | unsigned int i; |
120 | int ret = 1; |
121 | |
122 | /* Careful in RCU mode */ |
123 | if (!inode) |
124 | return -ECHILD; |
125 | |
126 | oe = OVL_I_E(inode); |
127 | lowerstack = ovl_lowerstack(oe); |
128 | upper = ovl_i_dentry_upper(inode); |
129 | if (upper) |
130 | ret = ovl_revalidate_real(d: upper, flags, weak); |
131 | |
132 | for (i = 0; ret > 0 && i < ovl_numlower(oe); i++) |
133 | ret = ovl_revalidate_real(d: lowerstack[i].dentry, flags, weak); |
134 | |
135 | return ret; |
136 | } |
137 | |
138 | static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags) |
139 | { |
140 | return ovl_dentry_revalidate_common(dentry, flags, weak: false); |
141 | } |
142 | |
143 | static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags) |
144 | { |
145 | return ovl_dentry_revalidate_common(dentry, flags, weak: true); |
146 | } |
147 | |
148 | static const struct dentry_operations ovl_dentry_operations = { |
149 | .d_real = ovl_d_real, |
150 | .d_revalidate = ovl_dentry_revalidate, |
151 | .d_weak_revalidate = ovl_dentry_weak_revalidate, |
152 | }; |
153 | |
154 | static struct kmem_cache *ovl_inode_cachep; |
155 | |
156 | static struct inode *ovl_alloc_inode(struct super_block *sb) |
157 | { |
158 | struct ovl_inode *oi = alloc_inode_sb(sb, cache: ovl_inode_cachep, GFP_KERNEL); |
159 | |
160 | if (!oi) |
161 | return NULL; |
162 | |
163 | oi->cache = NULL; |
164 | oi->redirect = NULL; |
165 | oi->version = 0; |
166 | oi->flags = 0; |
167 | oi->__upperdentry = NULL; |
168 | oi->lowerdata_redirect = NULL; |
169 | oi->oe = NULL; |
170 | mutex_init(&oi->lock); |
171 | |
172 | return &oi->vfs_inode; |
173 | } |
174 | |
175 | static void ovl_free_inode(struct inode *inode) |
176 | { |
177 | struct ovl_inode *oi = OVL_I(inode); |
178 | |
179 | kfree(objp: oi->redirect); |
180 | kfree(objp: oi->oe); |
181 | mutex_destroy(lock: &oi->lock); |
182 | kmem_cache_free(s: ovl_inode_cachep, objp: oi); |
183 | } |
184 | |
185 | static void ovl_destroy_inode(struct inode *inode) |
186 | { |
187 | struct ovl_inode *oi = OVL_I(inode); |
188 | |
189 | dput(oi->__upperdentry); |
190 | ovl_stack_put(stack: ovl_lowerstack(oe: oi->oe), n: ovl_numlower(oe: oi->oe)); |
191 | if (S_ISDIR(inode->i_mode)) |
192 | ovl_dir_cache_free(inode); |
193 | else |
194 | kfree(objp: oi->lowerdata_redirect); |
195 | } |
196 | |
197 | static void ovl_put_super(struct super_block *sb) |
198 | { |
199 | struct ovl_fs *ofs = OVL_FS(sb); |
200 | |
201 | if (ofs) |
202 | ovl_free_fs(ofs); |
203 | } |
204 | |
205 | /* Sync real dirty inodes in upper filesystem (if it exists) */ |
206 | static int ovl_sync_fs(struct super_block *sb, int wait) |
207 | { |
208 | struct ovl_fs *ofs = OVL_FS(sb); |
209 | struct super_block *upper_sb; |
210 | int ret; |
211 | |
212 | ret = ovl_sync_status(ofs); |
213 | /* |
214 | * We have to always set the err, because the return value isn't |
215 | * checked in syncfs, and instead indirectly return an error via |
216 | * the sb's writeback errseq, which VFS inspects after this call. |
217 | */ |
218 | if (ret < 0) { |
219 | errseq_set(eseq: &sb->s_wb_err, err: -EIO); |
220 | return -EIO; |
221 | } |
222 | |
223 | if (!ret) |
224 | return ret; |
225 | |
226 | /* |
227 | * Not called for sync(2) call or an emergency sync (SB_I_SKIP_SYNC). |
228 | * All the super blocks will be iterated, including upper_sb. |
229 | * |
230 | * If this is a syncfs(2) call, then we do need to call |
231 | * sync_filesystem() on upper_sb, but enough if we do it when being |
232 | * called with wait == 1. |
233 | */ |
234 | if (!wait) |
235 | return 0; |
236 | |
237 | upper_sb = ovl_upper_mnt(ofs)->mnt_sb; |
238 | |
239 | down_read(sem: &upper_sb->s_umount); |
240 | ret = sync_filesystem(upper_sb); |
241 | up_read(sem: &upper_sb->s_umount); |
242 | |
243 | return ret; |
244 | } |
245 | |
246 | /** |
247 | * ovl_statfs |
248 | * @dentry: The dentry to query |
249 | * @buf: The struct kstatfs to fill in with stats |
250 | * |
251 | * Get the filesystem statistics. As writes always target the upper layer |
252 | * filesystem pass the statfs to the upper filesystem (if it exists) |
253 | */ |
254 | static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf) |
255 | { |
256 | struct super_block *sb = dentry->d_sb; |
257 | struct ovl_fs *ofs = OVL_FS(sb); |
258 | struct dentry *root_dentry = sb->s_root; |
259 | struct path path; |
260 | int err; |
261 | |
262 | ovl_path_real(dentry: root_dentry, path: &path); |
263 | |
264 | err = vfs_statfs(&path, buf); |
265 | if (!err) { |
266 | buf->f_namelen = ofs->namelen; |
267 | buf->f_type = OVERLAYFS_SUPER_MAGIC; |
268 | if (ovl_has_fsid(ofs)) |
269 | buf->f_fsid = uuid_to_fsid(uuid: sb->s_uuid.b); |
270 | } |
271 | |
272 | return err; |
273 | } |
274 | |
275 | static const struct super_operations ovl_super_operations = { |
276 | .alloc_inode = ovl_alloc_inode, |
277 | .free_inode = ovl_free_inode, |
278 | .destroy_inode = ovl_destroy_inode, |
279 | .drop_inode = generic_delete_inode, |
280 | .put_super = ovl_put_super, |
281 | .sync_fs = ovl_sync_fs, |
282 | .statfs = ovl_statfs, |
283 | .show_options = ovl_show_options, |
284 | }; |
285 | |
286 | #define OVL_WORKDIR_NAME "work" |
287 | #define OVL_INDEXDIR_NAME "index" |
288 | |
289 | static struct dentry *ovl_workdir_create(struct ovl_fs *ofs, |
290 | const char *name, bool persist) |
291 | { |
292 | struct inode *dir = ofs->workbasedir->d_inode; |
293 | struct vfsmount *mnt = ovl_upper_mnt(ofs); |
294 | struct dentry *work; |
295 | int err; |
296 | bool retried = false; |
297 | |
298 | inode_lock_nested(inode: dir, subclass: I_MUTEX_PARENT); |
299 | retry: |
300 | work = ovl_lookup_upper(ofs, name, base: ofs->workbasedir, strlen(name)); |
301 | |
302 | if (!IS_ERR(ptr: work)) { |
303 | struct iattr attr = { |
304 | .ia_valid = ATTR_MODE, |
305 | .ia_mode = S_IFDIR | 0, |
306 | }; |
307 | |
308 | if (work->d_inode) { |
309 | err = -EEXIST; |
310 | if (retried) |
311 | goto out_dput; |
312 | |
313 | if (persist) |
314 | goto out_unlock; |
315 | |
316 | retried = true; |
317 | err = ovl_workdir_cleanup(ofs, dir, mnt, dentry: work, level: 0); |
318 | dput(work); |
319 | if (err == -EINVAL) { |
320 | work = ERR_PTR(error: err); |
321 | goto out_unlock; |
322 | } |
323 | goto retry; |
324 | } |
325 | |
326 | err = ovl_mkdir_real(ofs, dir, newdentry: &work, mode: attr.ia_mode); |
327 | if (err) |
328 | goto out_dput; |
329 | |
330 | /* Weird filesystem returning with hashed negative (kernfs)? */ |
331 | err = -EINVAL; |
332 | if (d_really_is_negative(dentry: work)) |
333 | goto out_dput; |
334 | |
335 | /* |
336 | * Try to remove POSIX ACL xattrs from workdir. We are good if: |
337 | * |
338 | * a) success (there was a POSIX ACL xattr and was removed) |
339 | * b) -ENODATA (there was no POSIX ACL xattr) |
340 | * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported) |
341 | * |
342 | * There are various other error values that could effectively |
343 | * mean that the xattr doesn't exist (e.g. -ERANGE is returned |
344 | * if the xattr name is too long), but the set of filesystems |
345 | * allowed as upper are limited to "normal" ones, where checking |
346 | * for the above two errors is sufficient. |
347 | */ |
348 | err = ovl_do_remove_acl(ofs, dentry: work, XATTR_NAME_POSIX_ACL_DEFAULT); |
349 | if (err && err != -ENODATA && err != -EOPNOTSUPP) |
350 | goto out_dput; |
351 | |
352 | err = ovl_do_remove_acl(ofs, dentry: work, XATTR_NAME_POSIX_ACL_ACCESS); |
353 | if (err && err != -ENODATA && err != -EOPNOTSUPP) |
354 | goto out_dput; |
355 | |
356 | /* Clear any inherited mode bits */ |
357 | inode_lock(inode: work->d_inode); |
358 | err = ovl_do_notify_change(ofs, upperdentry: work, attr: &attr); |
359 | inode_unlock(inode: work->d_inode); |
360 | if (err) |
361 | goto out_dput; |
362 | } else { |
363 | err = PTR_ERR(ptr: work); |
364 | goto out_err; |
365 | } |
366 | out_unlock: |
367 | inode_unlock(inode: dir); |
368 | return work; |
369 | |
370 | out_dput: |
371 | dput(work); |
372 | out_err: |
373 | pr_warn("failed to create directory %s/%s (errno: %i); mounting read-only\n" , |
374 | ofs->config.workdir, name, -err); |
375 | work = NULL; |
376 | goto out_unlock; |
377 | } |
378 | |
379 | static int ovl_check_namelen(const struct path *path, struct ovl_fs *ofs, |
380 | const char *name) |
381 | { |
382 | struct kstatfs statfs; |
383 | int err = vfs_statfs(path, &statfs); |
384 | |
385 | if (err) |
386 | pr_err("statfs failed on '%s'\n" , name); |
387 | else |
388 | ofs->namelen = max(ofs->namelen, statfs.f_namelen); |
389 | |
390 | return err; |
391 | } |
392 | |
393 | static int ovl_lower_dir(const char *name, struct path *path, |
394 | struct ovl_fs *ofs, int *stack_depth) |
395 | { |
396 | int fh_type; |
397 | int err; |
398 | |
399 | err = ovl_check_namelen(path, ofs, name); |
400 | if (err) |
401 | return err; |
402 | |
403 | *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth); |
404 | |
405 | /* |
406 | * The inodes index feature and NFS export need to encode and decode |
407 | * file handles, so they require that all layers support them. |
408 | */ |
409 | fh_type = ovl_can_decode_fh(sb: path->dentry->d_sb); |
410 | if ((ofs->config.nfs_export || |
411 | (ofs->config.index && ofs->config.upperdir)) && !fh_type) { |
412 | ofs->config.index = false; |
413 | ofs->config.nfs_export = false; |
414 | pr_warn("fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n" , |
415 | name); |
416 | } |
417 | ofs->nofh |= !fh_type; |
418 | /* |
419 | * Decoding origin file handle is required for persistent st_ino. |
420 | * Without persistent st_ino, xino=auto falls back to xino=off. |
421 | */ |
422 | if (ofs->config.xino == OVL_XINO_AUTO && |
423 | ofs->config.upperdir && !fh_type) { |
424 | ofs->config.xino = OVL_XINO_OFF; |
425 | pr_warn("fs on '%s' does not support file handles, falling back to xino=off.\n" , |
426 | name); |
427 | } |
428 | |
429 | /* Check if lower fs has 32bit inode numbers */ |
430 | if (fh_type != FILEID_INO32_GEN) |
431 | ofs->xino_mode = -1; |
432 | |
433 | return 0; |
434 | } |
435 | |
436 | /* Workdir should not be subdir of upperdir and vice versa */ |
437 | static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir) |
438 | { |
439 | bool ok = false; |
440 | |
441 | if (workdir != upperdir) { |
442 | ok = (lock_rename(workdir, upperdir) == NULL); |
443 | unlock_rename(workdir, upperdir); |
444 | } |
445 | return ok; |
446 | } |
447 | |
448 | static int ovl_setup_trap(struct super_block *sb, struct dentry *dir, |
449 | struct inode **ptrap, const char *name) |
450 | { |
451 | struct inode *trap; |
452 | int err; |
453 | |
454 | trap = ovl_get_trap_inode(sb, dir); |
455 | err = PTR_ERR_OR_ZERO(ptr: trap); |
456 | if (err) { |
457 | if (err == -ELOOP) |
458 | pr_err("conflicting %s path\n" , name); |
459 | return err; |
460 | } |
461 | |
462 | *ptrap = trap; |
463 | return 0; |
464 | } |
465 | |
466 | /* |
467 | * Determine how we treat concurrent use of upperdir/workdir based on the |
468 | * index feature. This is papering over mount leaks of container runtimes, |
469 | * for example, an old overlay mount is leaked and now its upperdir is |
470 | * attempted to be used as a lower layer in a new overlay mount. |
471 | */ |
472 | static int ovl_report_in_use(struct ovl_fs *ofs, const char *name) |
473 | { |
474 | if (ofs->config.index) { |
475 | pr_err("%s is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.\n" , |
476 | name); |
477 | return -EBUSY; |
478 | } else { |
479 | pr_warn("%s is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.\n" , |
480 | name); |
481 | return 0; |
482 | } |
483 | } |
484 | |
485 | static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs, |
486 | struct ovl_layer *upper_layer, |
487 | const struct path *upperpath) |
488 | { |
489 | struct vfsmount *upper_mnt; |
490 | int err; |
491 | |
492 | /* Upperdir path should not be r/o */ |
493 | if (__mnt_is_readonly(mnt: upperpath->mnt)) { |
494 | pr_err("upper fs is r/o, try multi-lower layers mount\n" ); |
495 | err = -EINVAL; |
496 | goto out; |
497 | } |
498 | |
499 | err = ovl_check_namelen(path: upperpath, ofs, name: ofs->config.upperdir); |
500 | if (err) |
501 | goto out; |
502 | |
503 | err = ovl_setup_trap(sb, dir: upperpath->dentry, ptrap: &upper_layer->trap, |
504 | name: "upperdir" ); |
505 | if (err) |
506 | goto out; |
507 | |
508 | upper_mnt = clone_private_mount(path: upperpath); |
509 | err = PTR_ERR(ptr: upper_mnt); |
510 | if (IS_ERR(ptr: upper_mnt)) { |
511 | pr_err("failed to clone upperpath\n" ); |
512 | goto out; |
513 | } |
514 | |
515 | /* Don't inherit atime flags */ |
516 | upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); |
517 | upper_layer->mnt = upper_mnt; |
518 | upper_layer->idx = 0; |
519 | upper_layer->fsid = 0; |
520 | |
521 | /* |
522 | * Inherit SB_NOSEC flag from upperdir. |
523 | * |
524 | * This optimization changes behavior when a security related attribute |
525 | * (suid/sgid/security.*) is changed on an underlying layer. This is |
526 | * okay because we don't yet have guarantees in that case, but it will |
527 | * need careful treatment once we want to honour changes to underlying |
528 | * filesystems. |
529 | */ |
530 | if (upper_mnt->mnt_sb->s_flags & SB_NOSEC) |
531 | sb->s_flags |= SB_NOSEC; |
532 | |
533 | if (ovl_inuse_trylock(dentry: ovl_upper_mnt(ofs)->mnt_root)) { |
534 | ofs->upperdir_locked = true; |
535 | } else { |
536 | err = ovl_report_in_use(ofs, name: "upperdir" ); |
537 | if (err) |
538 | goto out; |
539 | } |
540 | |
541 | err = 0; |
542 | out: |
543 | return err; |
544 | } |
545 | |
546 | /* |
547 | * Returns 1 if RENAME_WHITEOUT is supported, 0 if not supported and |
548 | * negative values if error is encountered. |
549 | */ |
550 | static int ovl_check_rename_whiteout(struct ovl_fs *ofs) |
551 | { |
552 | struct dentry *workdir = ofs->workdir; |
553 | struct inode *dir = d_inode(dentry: workdir); |
554 | struct dentry *temp; |
555 | struct dentry *dest; |
556 | struct dentry *whiteout; |
557 | struct name_snapshot name; |
558 | int err; |
559 | |
560 | inode_lock_nested(inode: dir, subclass: I_MUTEX_PARENT); |
561 | |
562 | temp = ovl_create_temp(ofs, workdir, OVL_CATTR(S_IFREG | 0)); |
563 | err = PTR_ERR(ptr: temp); |
564 | if (IS_ERR(ptr: temp)) |
565 | goto out_unlock; |
566 | |
567 | dest = ovl_lookup_temp(ofs, workdir); |
568 | err = PTR_ERR(ptr: dest); |
569 | if (IS_ERR(ptr: dest)) { |
570 | dput(temp); |
571 | goto out_unlock; |
572 | } |
573 | |
574 | /* Name is inline and stable - using snapshot as a copy helper */ |
575 | take_dentry_name_snapshot(&name, temp); |
576 | err = ovl_do_rename(ofs, olddir: dir, olddentry: temp, newdir: dir, newdentry: dest, RENAME_WHITEOUT); |
577 | if (err) { |
578 | if (err == -EINVAL) |
579 | err = 0; |
580 | goto cleanup_temp; |
581 | } |
582 | |
583 | whiteout = ovl_lookup_upper(ofs, name: name.name.name, base: workdir, len: name.name.len); |
584 | err = PTR_ERR(ptr: whiteout); |
585 | if (IS_ERR(ptr: whiteout)) |
586 | goto cleanup_temp; |
587 | |
588 | err = ovl_upper_is_whiteout(ofs, upperdentry: whiteout); |
589 | |
590 | /* Best effort cleanup of whiteout and temp file */ |
591 | if (err) |
592 | ovl_cleanup(ofs, dir, dentry: whiteout); |
593 | dput(whiteout); |
594 | |
595 | cleanup_temp: |
596 | ovl_cleanup(ofs, dir, dentry: temp); |
597 | release_dentry_name_snapshot(&name); |
598 | dput(temp); |
599 | dput(dest); |
600 | |
601 | out_unlock: |
602 | inode_unlock(inode: dir); |
603 | |
604 | return err; |
605 | } |
606 | |
607 | static struct dentry *ovl_lookup_or_create(struct ovl_fs *ofs, |
608 | struct dentry *parent, |
609 | const char *name, umode_t mode) |
610 | { |
611 | size_t len = strlen(name); |
612 | struct dentry *child; |
613 | |
614 | inode_lock_nested(inode: parent->d_inode, subclass: I_MUTEX_PARENT); |
615 | child = ovl_lookup_upper(ofs, name, base: parent, len); |
616 | if (!IS_ERR(ptr: child) && !child->d_inode) |
617 | child = ovl_create_real(ofs, dir: parent->d_inode, newdentry: child, |
618 | OVL_CATTR(mode)); |
619 | inode_unlock(inode: parent->d_inode); |
620 | dput(parent); |
621 | |
622 | return child; |
623 | } |
624 | |
625 | /* |
626 | * Creates $workdir/work/incompat/volatile/dirty file if it is not already |
627 | * present. |
628 | */ |
629 | static int ovl_create_volatile_dirty(struct ovl_fs *ofs) |
630 | { |
631 | unsigned int ctr; |
632 | struct dentry *d = dget(dentry: ofs->workbasedir); |
633 | static const char *const volatile_path[] = { |
634 | OVL_WORKDIR_NAME, "incompat" , "volatile" , "dirty" |
635 | }; |
636 | const char *const *name = volatile_path; |
637 | |
638 | for (ctr = ARRAY_SIZE(volatile_path); ctr; ctr--, name++) { |
639 | d = ovl_lookup_or_create(ofs, parent: d, name: *name, mode: ctr > 1 ? S_IFDIR : S_IFREG); |
640 | if (IS_ERR(ptr: d)) |
641 | return PTR_ERR(ptr: d); |
642 | } |
643 | dput(d); |
644 | return 0; |
645 | } |
646 | |
647 | static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs, |
648 | const struct path *workpath) |
649 | { |
650 | struct vfsmount *mnt = ovl_upper_mnt(ofs); |
651 | struct dentry *workdir; |
652 | struct file *tmpfile; |
653 | bool rename_whiteout; |
654 | bool d_type; |
655 | int fh_type; |
656 | int err; |
657 | |
658 | err = mnt_want_write(mnt); |
659 | if (err) |
660 | return err; |
661 | |
662 | workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, persist: false); |
663 | err = PTR_ERR(ptr: workdir); |
664 | if (IS_ERR_OR_NULL(ptr: workdir)) |
665 | goto out; |
666 | |
667 | ofs->workdir = workdir; |
668 | |
669 | err = ovl_setup_trap(sb, dir: ofs->workdir, ptrap: &ofs->workdir_trap, name: "workdir" ); |
670 | if (err) |
671 | goto out; |
672 | |
673 | /* |
674 | * Upper should support d_type, else whiteouts are visible. Given |
675 | * workdir and upper are on same fs, we can do iterate_dir() on |
676 | * workdir. This check requires successful creation of workdir in |
677 | * previous step. |
678 | */ |
679 | err = ovl_check_d_type_supported(realpath: workpath); |
680 | if (err < 0) |
681 | goto out; |
682 | |
683 | d_type = err; |
684 | if (!d_type) |
685 | pr_warn("upper fs needs to support d_type.\n" ); |
686 | |
687 | /* Check if upper/work fs supports O_TMPFILE */ |
688 | tmpfile = ovl_do_tmpfile(ofs, dentry: ofs->workdir, S_IFREG | 0); |
689 | ofs->tmpfile = !IS_ERR(ptr: tmpfile); |
690 | if (ofs->tmpfile) |
691 | fput(tmpfile); |
692 | else |
693 | pr_warn("upper fs does not support tmpfile.\n" ); |
694 | |
695 | |
696 | /* Check if upper/work fs supports RENAME_WHITEOUT */ |
697 | err = ovl_check_rename_whiteout(ofs); |
698 | if (err < 0) |
699 | goto out; |
700 | |
701 | rename_whiteout = err; |
702 | if (!rename_whiteout) |
703 | pr_warn("upper fs does not support RENAME_WHITEOUT.\n" ); |
704 | |
705 | /* |
706 | * Check if upper/work fs supports (trusted|user).overlay.* xattr |
707 | */ |
708 | err = ovl_setxattr(ofs, dentry: ofs->workdir, ox: OVL_XATTR_OPAQUE, value: "0" , size: 1); |
709 | if (err) { |
710 | pr_warn("failed to set xattr on upper\n" ); |
711 | ofs->noxattr = true; |
712 | if (ovl_redirect_follow(ofs)) { |
713 | ofs->config.redirect_mode = OVL_REDIRECT_NOFOLLOW; |
714 | pr_warn("...falling back to redirect_dir=nofollow.\n" ); |
715 | } |
716 | if (ofs->config.metacopy) { |
717 | ofs->config.metacopy = false; |
718 | pr_warn("...falling back to metacopy=off.\n" ); |
719 | } |
720 | if (ofs->config.index) { |
721 | ofs->config.index = false; |
722 | pr_warn("...falling back to index=off.\n" ); |
723 | } |
724 | if (ovl_has_fsid(ofs)) { |
725 | ofs->config.uuid = OVL_UUID_NULL; |
726 | pr_warn("...falling back to uuid=null.\n" ); |
727 | } |
728 | /* |
729 | * xattr support is required for persistent st_ino. |
730 | * Without persistent st_ino, xino=auto falls back to xino=off. |
731 | */ |
732 | if (ofs->config.xino == OVL_XINO_AUTO) { |
733 | ofs->config.xino = OVL_XINO_OFF; |
734 | pr_warn("...falling back to xino=off.\n" ); |
735 | } |
736 | if (err == -EPERM && !ofs->config.userxattr) |
737 | pr_info("try mounting with 'userxattr' option\n" ); |
738 | err = 0; |
739 | } else { |
740 | ovl_removexattr(ofs, dentry: ofs->workdir, ox: OVL_XATTR_OPAQUE); |
741 | } |
742 | |
743 | /* |
744 | * We allowed sub-optimal upper fs configuration and don't want to break |
745 | * users over kernel upgrade, but we never allowed remote upper fs, so |
746 | * we can enforce strict requirements for remote upper fs. |
747 | */ |
748 | if (ovl_dentry_remote(dentry: ofs->workdir) && |
749 | (!d_type || !rename_whiteout || ofs->noxattr)) { |
750 | pr_err("upper fs missing required features.\n" ); |
751 | err = -EINVAL; |
752 | goto out; |
753 | } |
754 | |
755 | /* |
756 | * For volatile mount, create a incompat/volatile/dirty file to keep |
757 | * track of it. |
758 | */ |
759 | if (ofs->config.ovl_volatile) { |
760 | err = ovl_create_volatile_dirty(ofs); |
761 | if (err < 0) { |
762 | pr_err("Failed to create volatile/dirty file.\n" ); |
763 | goto out; |
764 | } |
765 | } |
766 | |
767 | /* Check if upper/work fs supports file handles */ |
768 | fh_type = ovl_can_decode_fh(sb: ofs->workdir->d_sb); |
769 | if (ofs->config.index && !fh_type) { |
770 | ofs->config.index = false; |
771 | pr_warn("upper fs does not support file handles, falling back to index=off.\n" ); |
772 | } |
773 | ofs->nofh |= !fh_type; |
774 | |
775 | /* Check if upper fs has 32bit inode numbers */ |
776 | if (fh_type != FILEID_INO32_GEN) |
777 | ofs->xino_mode = -1; |
778 | |
779 | /* NFS export of r/w mount depends on index */ |
780 | if (ofs->config.nfs_export && !ofs->config.index) { |
781 | pr_warn("NFS export requires \"index=on\", falling back to nfs_export=off.\n" ); |
782 | ofs->config.nfs_export = false; |
783 | } |
784 | out: |
785 | mnt_drop_write(mnt); |
786 | return err; |
787 | } |
788 | |
789 | static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs, |
790 | const struct path *upperpath, |
791 | const struct path *workpath) |
792 | { |
793 | int err; |
794 | |
795 | err = -EINVAL; |
796 | if (upperpath->mnt != workpath->mnt) { |
797 | pr_err("workdir and upperdir must reside under the same mount\n" ); |
798 | return err; |
799 | } |
800 | if (!ovl_workdir_ok(workdir: workpath->dentry, upperdir: upperpath->dentry)) { |
801 | pr_err("workdir and upperdir must be separate subtrees\n" ); |
802 | return err; |
803 | } |
804 | |
805 | ofs->workbasedir = dget(dentry: workpath->dentry); |
806 | |
807 | if (ovl_inuse_trylock(dentry: ofs->workbasedir)) { |
808 | ofs->workdir_locked = true; |
809 | } else { |
810 | err = ovl_report_in_use(ofs, name: "workdir" ); |
811 | if (err) |
812 | return err; |
813 | } |
814 | |
815 | err = ovl_setup_trap(sb, dir: ofs->workbasedir, ptrap: &ofs->workbasedir_trap, |
816 | name: "workdir" ); |
817 | if (err) |
818 | return err; |
819 | |
820 | return ovl_make_workdir(sb, ofs, workpath); |
821 | } |
822 | |
823 | static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs, |
824 | struct ovl_entry *oe, const struct path *upperpath) |
825 | { |
826 | struct vfsmount *mnt = ovl_upper_mnt(ofs); |
827 | struct dentry *indexdir; |
828 | struct dentry *origin = ovl_lowerstack(oe)->dentry; |
829 | const struct ovl_fh *fh; |
830 | int err; |
831 | |
832 | fh = ovl_get_origin_fh(ofs, origin); |
833 | if (IS_ERR(ptr: fh)) |
834 | return PTR_ERR(ptr: fh); |
835 | |
836 | err = mnt_want_write(mnt); |
837 | if (err) |
838 | goto out_free_fh; |
839 | |
840 | /* Verify lower root is upper root origin */ |
841 | err = ovl_verify_origin_fh(ofs, upper: upperpath->dentry, fh, set: true); |
842 | if (err) { |
843 | pr_err("failed to verify upper root origin\n" ); |
844 | goto out; |
845 | } |
846 | |
847 | /* index dir will act also as workdir */ |
848 | iput(ofs->workdir_trap); |
849 | ofs->workdir_trap = NULL; |
850 | dput(ofs->workdir); |
851 | ofs->workdir = NULL; |
852 | indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, persist: true); |
853 | if (IS_ERR(ptr: indexdir)) { |
854 | err = PTR_ERR(ptr: indexdir); |
855 | } else if (indexdir) { |
856 | ofs->indexdir = indexdir; |
857 | ofs->workdir = dget(dentry: indexdir); |
858 | |
859 | err = ovl_setup_trap(sb, dir: ofs->indexdir, ptrap: &ofs->indexdir_trap, |
860 | name: "indexdir" ); |
861 | if (err) |
862 | goto out; |
863 | |
864 | /* |
865 | * Verify upper root is exclusively associated with index dir. |
866 | * Older kernels stored upper fh in ".overlay.origin" |
867 | * xattr. If that xattr exists, verify that it is a match to |
868 | * upper dir file handle. In any case, verify or set xattr |
869 | * ".overlay.upper" to indicate that index may have |
870 | * directory entries. |
871 | */ |
872 | if (ovl_check_origin_xattr(ofs, upperdentry: ofs->indexdir)) { |
873 | err = ovl_verify_origin_xattr(ofs, dentry: ofs->indexdir, |
874 | ox: OVL_XATTR_ORIGIN, |
875 | real: upperpath->dentry, is_upper: true, |
876 | set: false); |
877 | if (err) |
878 | pr_err("failed to verify index dir 'origin' xattr\n" ); |
879 | } |
880 | err = ovl_verify_upper(ofs, index: ofs->indexdir, upper: upperpath->dentry, |
881 | set: true); |
882 | if (err) |
883 | pr_err("failed to verify index dir 'upper' xattr\n" ); |
884 | |
885 | /* Cleanup bad/stale/orphan index entries */ |
886 | if (!err) |
887 | err = ovl_indexdir_cleanup(ofs); |
888 | } |
889 | if (err || !ofs->indexdir) |
890 | pr_warn("try deleting index dir or mounting with '-o index=off' to disable inodes index.\n" ); |
891 | |
892 | out: |
893 | mnt_drop_write(mnt); |
894 | out_free_fh: |
895 | kfree(objp: fh); |
896 | return err; |
897 | } |
898 | |
899 | static bool ovl_lower_uuid_ok(struct ovl_fs *ofs, const uuid_t *uuid) |
900 | { |
901 | unsigned int i; |
902 | |
903 | if (!ofs->config.nfs_export && !ovl_upper_mnt(ofs)) |
904 | return true; |
905 | |
906 | /* |
907 | * We allow using single lower with null uuid for index and nfs_export |
908 | * for example to support those features with single lower squashfs. |
909 | * To avoid regressions in setups of overlay with re-formatted lower |
910 | * squashfs, do not allow decoding origin with lower null uuid unless |
911 | * user opted-in to one of the new features that require following the |
912 | * lower inode of non-dir upper. |
913 | */ |
914 | if (ovl_allow_offline_changes(ofs) && uuid_is_null(uuid)) |
915 | return false; |
916 | |
917 | for (i = 0; i < ofs->numfs; i++) { |
918 | /* |
919 | * We use uuid to associate an overlay lower file handle with a |
920 | * lower layer, so we can accept lower fs with null uuid as long |
921 | * as all lower layers with null uuid are on the same fs. |
922 | * if we detect multiple lower fs with the same uuid, we |
923 | * disable lower file handle decoding on all of them. |
924 | */ |
925 | if (ofs->fs[i].is_lower && |
926 | uuid_equal(u1: &ofs->fs[i].sb->s_uuid, u2: uuid)) { |
927 | ofs->fs[i].bad_uuid = true; |
928 | return false; |
929 | } |
930 | } |
931 | return true; |
932 | } |
933 | |
934 | /* Get a unique fsid for the layer */ |
935 | static int ovl_get_fsid(struct ovl_fs *ofs, const struct path *path) |
936 | { |
937 | struct super_block *sb = path->mnt->mnt_sb; |
938 | unsigned int i; |
939 | dev_t dev; |
940 | int err; |
941 | bool bad_uuid = false; |
942 | bool warn = false; |
943 | |
944 | for (i = 0; i < ofs->numfs; i++) { |
945 | if (ofs->fs[i].sb == sb) |
946 | return i; |
947 | } |
948 | |
949 | if (!ovl_lower_uuid_ok(ofs, uuid: &sb->s_uuid)) { |
950 | bad_uuid = true; |
951 | if (ofs->config.xino == OVL_XINO_AUTO) { |
952 | ofs->config.xino = OVL_XINO_OFF; |
953 | warn = true; |
954 | } |
955 | if (ofs->config.index || ofs->config.nfs_export) { |
956 | ofs->config.index = false; |
957 | ofs->config.nfs_export = false; |
958 | warn = true; |
959 | } |
960 | if (warn) { |
961 | pr_warn("%s uuid detected in lower fs '%pd2', falling back to xino=%s,index=off,nfs_export=off.\n" , |
962 | uuid_is_null(&sb->s_uuid) ? "null" : |
963 | "conflicting" , |
964 | path->dentry, ovl_xino_mode(&ofs->config)); |
965 | } |
966 | } |
967 | |
968 | err = get_anon_bdev(&dev); |
969 | if (err) { |
970 | pr_err("failed to get anonymous bdev for lowerpath\n" ); |
971 | return err; |
972 | } |
973 | |
974 | ofs->fs[ofs->numfs].sb = sb; |
975 | ofs->fs[ofs->numfs].pseudo_dev = dev; |
976 | ofs->fs[ofs->numfs].bad_uuid = bad_uuid; |
977 | |
978 | return ofs->numfs++; |
979 | } |
980 | |
981 | /* |
982 | * The fsid after the last lower fsid is used for the data layers. |
983 | * It is a "null fs" with a null sb, null uuid, and no pseudo dev. |
984 | */ |
985 | static int ovl_get_data_fsid(struct ovl_fs *ofs) |
986 | { |
987 | return ofs->numfs; |
988 | } |
989 | |
990 | |
991 | static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs, |
992 | struct ovl_fs_context *ctx, struct ovl_layer *layers) |
993 | { |
994 | int err; |
995 | unsigned int i; |
996 | size_t nr_merged_lower; |
997 | |
998 | ofs->fs = kcalloc(n: ctx->nr + 2, size: sizeof(struct ovl_sb), GFP_KERNEL); |
999 | if (ofs->fs == NULL) |
1000 | return -ENOMEM; |
1001 | |
1002 | /* |
1003 | * idx/fsid 0 are reserved for upper fs even with lower only overlay |
1004 | * and the last fsid is reserved for "null fs" of the data layers. |
1005 | */ |
1006 | ofs->numfs++; |
1007 | |
1008 | /* |
1009 | * All lower layers that share the same fs as upper layer, use the same |
1010 | * pseudo_dev as upper layer. Allocate fs[0].pseudo_dev even for lower |
1011 | * only overlay to simplify ovl_fs_free(). |
1012 | * is_lower will be set if upper fs is shared with a lower layer. |
1013 | */ |
1014 | err = get_anon_bdev(&ofs->fs[0].pseudo_dev); |
1015 | if (err) { |
1016 | pr_err("failed to get anonymous bdev for upper fs\n" ); |
1017 | return err; |
1018 | } |
1019 | |
1020 | if (ovl_upper_mnt(ofs)) { |
1021 | ofs->fs[0].sb = ovl_upper_mnt(ofs)->mnt_sb; |
1022 | ofs->fs[0].is_lower = false; |
1023 | } |
1024 | |
1025 | nr_merged_lower = ctx->nr - ctx->nr_data; |
1026 | for (i = 0; i < ctx->nr; i++) { |
1027 | struct ovl_fs_context_layer *l = &ctx->lower[i]; |
1028 | struct vfsmount *mnt; |
1029 | struct inode *trap; |
1030 | int fsid; |
1031 | |
1032 | if (i < nr_merged_lower) |
1033 | fsid = ovl_get_fsid(ofs, path: &l->path); |
1034 | else |
1035 | fsid = ovl_get_data_fsid(ofs); |
1036 | if (fsid < 0) |
1037 | return fsid; |
1038 | |
1039 | /* |
1040 | * Check if lower root conflicts with this overlay layers before |
1041 | * checking if it is in-use as upperdir/workdir of "another" |
1042 | * mount, because we do not bother to check in ovl_is_inuse() if |
1043 | * the upperdir/workdir is in fact in-use by our |
1044 | * upperdir/workdir. |
1045 | */ |
1046 | err = ovl_setup_trap(sb, dir: l->path.dentry, ptrap: &trap, name: "lowerdir" ); |
1047 | if (err) |
1048 | return err; |
1049 | |
1050 | if (ovl_is_inuse(dentry: l->path.dentry)) { |
1051 | err = ovl_report_in_use(ofs, name: "lowerdir" ); |
1052 | if (err) { |
1053 | iput(trap); |
1054 | return err; |
1055 | } |
1056 | } |
1057 | |
1058 | mnt = clone_private_mount(path: &l->path); |
1059 | err = PTR_ERR(ptr: mnt); |
1060 | if (IS_ERR(ptr: mnt)) { |
1061 | pr_err("failed to clone lowerpath\n" ); |
1062 | iput(trap); |
1063 | return err; |
1064 | } |
1065 | |
1066 | /* |
1067 | * Make lower layers R/O. That way fchmod/fchown on lower file |
1068 | * will fail instead of modifying lower fs. |
1069 | */ |
1070 | mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME; |
1071 | |
1072 | layers[ofs->numlayer].trap = trap; |
1073 | layers[ofs->numlayer].mnt = mnt; |
1074 | layers[ofs->numlayer].idx = ofs->numlayer; |
1075 | layers[ofs->numlayer].fsid = fsid; |
1076 | layers[ofs->numlayer].fs = &ofs->fs[fsid]; |
1077 | /* Store for printing lowerdir=... in ovl_show_options() */ |
1078 | ofs->config.lowerdirs[ofs->numlayer] = l->name; |
1079 | l->name = NULL; |
1080 | ofs->numlayer++; |
1081 | ofs->fs[fsid].is_lower = true; |
1082 | } |
1083 | |
1084 | /* |
1085 | * When all layers on same fs, overlay can use real inode numbers. |
1086 | * With mount option "xino=<on|auto>", mounter declares that there are |
1087 | * enough free high bits in underlying fs to hold the unique fsid. |
1088 | * If overlayfs does encounter underlying inodes using the high xino |
1089 | * bits reserved for fsid, it emits a warning and uses the original |
1090 | * inode number or a non persistent inode number allocated from a |
1091 | * dedicated range. |
1092 | */ |
1093 | if (ofs->numfs - !ovl_upper_mnt(ofs) == 1) { |
1094 | if (ofs->config.xino == OVL_XINO_ON) |
1095 | pr_info("\"xino=on\" is useless with all layers on same fs, ignore.\n" ); |
1096 | ofs->xino_mode = 0; |
1097 | } else if (ofs->config.xino == OVL_XINO_OFF) { |
1098 | ofs->xino_mode = -1; |
1099 | } else if (ofs->xino_mode < 0) { |
1100 | /* |
1101 | * This is a roundup of number of bits needed for encoding |
1102 | * fsid, where fsid 0 is reserved for upper fs (even with |
1103 | * lower only overlay) +1 extra bit is reserved for the non |
1104 | * persistent inode number range that is used for resolving |
1105 | * xino lower bits overflow. |
1106 | */ |
1107 | BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 30); |
1108 | ofs->xino_mode = ilog2(ofs->numfs - 1) + 2; |
1109 | } |
1110 | |
1111 | if (ofs->xino_mode > 0) { |
1112 | pr_info("\"xino\" feature enabled using %d upper inode bits.\n" , |
1113 | ofs->xino_mode); |
1114 | } |
1115 | |
1116 | return 0; |
1117 | } |
1118 | |
1119 | static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, |
1120 | struct ovl_fs_context *ctx, |
1121 | struct ovl_fs *ofs, |
1122 | struct ovl_layer *layers) |
1123 | { |
1124 | int err; |
1125 | unsigned int i; |
1126 | size_t nr_merged_lower; |
1127 | struct ovl_entry *oe; |
1128 | struct ovl_path *lowerstack; |
1129 | |
1130 | struct ovl_fs_context_layer *l; |
1131 | |
1132 | if (!ofs->config.upperdir && ctx->nr == 1) { |
1133 | pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n" ); |
1134 | return ERR_PTR(error: -EINVAL); |
1135 | } |
1136 | |
1137 | err = -EINVAL; |
1138 | for (i = 0; i < ctx->nr; i++) { |
1139 | l = &ctx->lower[i]; |
1140 | |
1141 | err = ovl_lower_dir(name: l->name, path: &l->path, ofs, stack_depth: &sb->s_stack_depth); |
1142 | if (err) |
1143 | return ERR_PTR(error: err); |
1144 | } |
1145 | |
1146 | err = -EINVAL; |
1147 | sb->s_stack_depth++; |
1148 | if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { |
1149 | pr_err("maximum fs stacking depth exceeded\n" ); |
1150 | return ERR_PTR(error: err); |
1151 | } |
1152 | |
1153 | err = ovl_get_layers(sb, ofs, ctx, layers); |
1154 | if (err) |
1155 | return ERR_PTR(error: err); |
1156 | |
1157 | err = -ENOMEM; |
1158 | /* Data-only layers are not merged in root directory */ |
1159 | nr_merged_lower = ctx->nr - ctx->nr_data; |
1160 | oe = ovl_alloc_entry(numlower: nr_merged_lower); |
1161 | if (!oe) |
1162 | return ERR_PTR(error: err); |
1163 | |
1164 | lowerstack = ovl_lowerstack(oe); |
1165 | for (i = 0; i < nr_merged_lower; i++) { |
1166 | l = &ctx->lower[i]; |
1167 | lowerstack[i].dentry = dget(dentry: l->path.dentry); |
1168 | lowerstack[i].layer = &ofs->layers[i + 1]; |
1169 | } |
1170 | ofs->numdatalayer = ctx->nr_data; |
1171 | |
1172 | return oe; |
1173 | } |
1174 | |
1175 | /* |
1176 | * Check if this layer root is a descendant of: |
1177 | * - another layer of this overlayfs instance |
1178 | * - upper/work dir of any overlayfs instance |
1179 | */ |
1180 | static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs, |
1181 | struct dentry *dentry, const char *name, |
1182 | bool is_lower) |
1183 | { |
1184 | struct dentry *next = dentry, *parent; |
1185 | int err = 0; |
1186 | |
1187 | if (!dentry) |
1188 | return 0; |
1189 | |
1190 | parent = dget_parent(dentry: next); |
1191 | |
1192 | /* Walk back ancestors to root (inclusive) looking for traps */ |
1193 | while (!err && parent != next) { |
1194 | if (is_lower && ovl_lookup_trap_inode(sb, dir: parent)) { |
1195 | err = -ELOOP; |
1196 | pr_err("overlapping %s path\n" , name); |
1197 | } else if (ovl_is_inuse(dentry: parent)) { |
1198 | err = ovl_report_in_use(ofs, name); |
1199 | } |
1200 | next = parent; |
1201 | parent = dget_parent(dentry: next); |
1202 | dput(next); |
1203 | } |
1204 | |
1205 | dput(parent); |
1206 | |
1207 | return err; |
1208 | } |
1209 | |
1210 | /* |
1211 | * Check if any of the layers or work dirs overlap. |
1212 | */ |
1213 | static int ovl_check_overlapping_layers(struct super_block *sb, |
1214 | struct ovl_fs *ofs) |
1215 | { |
1216 | int i, err; |
1217 | |
1218 | if (ovl_upper_mnt(ofs)) { |
1219 | err = ovl_check_layer(sb, ofs, dentry: ovl_upper_mnt(ofs)->mnt_root, |
1220 | name: "upperdir" , is_lower: false); |
1221 | if (err) |
1222 | return err; |
1223 | |
1224 | /* |
1225 | * Checking workbasedir avoids hitting ovl_is_inuse(parent) of |
1226 | * this instance and covers overlapping work and index dirs, |
1227 | * unless work or index dir have been moved since created inside |
1228 | * workbasedir. In that case, we already have their traps in |
1229 | * inode cache and we will catch that case on lookup. |
1230 | */ |
1231 | err = ovl_check_layer(sb, ofs, dentry: ofs->workbasedir, name: "workdir" , |
1232 | is_lower: false); |
1233 | if (err) |
1234 | return err; |
1235 | } |
1236 | |
1237 | for (i = 1; i < ofs->numlayer; i++) { |
1238 | err = ovl_check_layer(sb, ofs, |
1239 | dentry: ofs->layers[i].mnt->mnt_root, |
1240 | name: "lowerdir" , is_lower: true); |
1241 | if (err) |
1242 | return err; |
1243 | } |
1244 | |
1245 | return 0; |
1246 | } |
1247 | |
1248 | static struct dentry *ovl_get_root(struct super_block *sb, |
1249 | struct dentry *upperdentry, |
1250 | struct ovl_entry *oe) |
1251 | { |
1252 | struct dentry *root; |
1253 | struct ovl_path *lowerpath = ovl_lowerstack(oe); |
1254 | unsigned long ino = d_inode(dentry: lowerpath->dentry)->i_ino; |
1255 | int fsid = lowerpath->layer->fsid; |
1256 | struct ovl_inode_params oip = { |
1257 | .upperdentry = upperdentry, |
1258 | .oe = oe, |
1259 | }; |
1260 | |
1261 | root = d_make_root(ovl_new_inode(sb, S_IFDIR, rdev: 0)); |
1262 | if (!root) |
1263 | return NULL; |
1264 | |
1265 | if (upperdentry) { |
1266 | /* Root inode uses upper st_ino/i_ino */ |
1267 | ino = d_inode(dentry: upperdentry)->i_ino; |
1268 | fsid = 0; |
1269 | ovl_dentry_set_upper_alias(dentry: root); |
1270 | if (ovl_is_impuredir(sb, upperdentry)) |
1271 | ovl_set_flag(flag: OVL_IMPURE, inode: d_inode(dentry: root)); |
1272 | } |
1273 | |
1274 | /* Root is always merge -> can have whiteouts */ |
1275 | ovl_set_flag(flag: OVL_WHITEOUTS, inode: d_inode(dentry: root)); |
1276 | ovl_dentry_set_flag(flag: OVL_E_CONNECTED, dentry: root); |
1277 | ovl_set_upperdata(inode: d_inode(dentry: root)); |
1278 | ovl_inode_init(inode: d_inode(dentry: root), oip: &oip, ino, fsid); |
1279 | ovl_dentry_init_flags(dentry: root, upperdentry, oe, DCACHE_OP_WEAK_REVALIDATE); |
1280 | /* root keeps a reference of upperdentry */ |
1281 | dget(dentry: upperdentry); |
1282 | |
1283 | return root; |
1284 | } |
1285 | |
1286 | int ovl_fill_super(struct super_block *sb, struct fs_context *fc) |
1287 | { |
1288 | struct ovl_fs *ofs = sb->s_fs_info; |
1289 | struct ovl_fs_context *ctx = fc->fs_private; |
1290 | struct dentry *root_dentry; |
1291 | struct ovl_entry *oe; |
1292 | struct ovl_layer *layers; |
1293 | struct cred *cred; |
1294 | int err; |
1295 | |
1296 | err = -EIO; |
1297 | if (WARN_ON(fc->user_ns != current_user_ns())) |
1298 | goto out_err; |
1299 | |
1300 | sb->s_d_op = &ovl_dentry_operations; |
1301 | |
1302 | err = -ENOMEM; |
1303 | ofs->creator_cred = cred = prepare_creds(); |
1304 | if (!cred) |
1305 | goto out_err; |
1306 | |
1307 | err = ovl_fs_params_verify(ctx, config: &ofs->config); |
1308 | if (err) |
1309 | goto out_err; |
1310 | |
1311 | err = -EINVAL; |
1312 | if (ctx->nr == 0) { |
1313 | if (!(fc->sb_flags & SB_SILENT)) |
1314 | pr_err("missing 'lowerdir'\n" ); |
1315 | goto out_err; |
1316 | } |
1317 | |
1318 | err = -ENOMEM; |
1319 | layers = kcalloc(n: ctx->nr + 1, size: sizeof(struct ovl_layer), GFP_KERNEL); |
1320 | if (!layers) |
1321 | goto out_err; |
1322 | |
1323 | ofs->config.lowerdirs = kcalloc(n: ctx->nr + 1, size: sizeof(char *), GFP_KERNEL); |
1324 | if (!ofs->config.lowerdirs) { |
1325 | kfree(objp: layers); |
1326 | goto out_err; |
1327 | } |
1328 | ofs->layers = layers; |
1329 | /* |
1330 | * Layer 0 is reserved for upper even if there's no upper. |
1331 | * config.lowerdirs[0] is used for storing the user provided colon |
1332 | * separated lowerdir string. |
1333 | */ |
1334 | ofs->config.lowerdirs[0] = ctx->lowerdir_all; |
1335 | ctx->lowerdir_all = NULL; |
1336 | ofs->numlayer = 1; |
1337 | |
1338 | sb->s_stack_depth = 0; |
1339 | sb->s_maxbytes = MAX_LFS_FILESIZE; |
1340 | atomic_long_set(v: &ofs->last_ino, i: 1); |
1341 | /* Assume underlying fs uses 32bit inodes unless proven otherwise */ |
1342 | if (ofs->config.xino != OVL_XINO_OFF) { |
1343 | ofs->xino_mode = BITS_PER_LONG - 32; |
1344 | if (!ofs->xino_mode) { |
1345 | pr_warn("xino not supported on 32bit kernel, falling back to xino=off.\n" ); |
1346 | ofs->config.xino = OVL_XINO_OFF; |
1347 | } |
1348 | } |
1349 | |
1350 | /* alloc/destroy_inode needed for setting up traps in inode cache */ |
1351 | sb->s_op = &ovl_super_operations; |
1352 | |
1353 | if (ofs->config.upperdir) { |
1354 | struct super_block *upper_sb; |
1355 | |
1356 | err = -EINVAL; |
1357 | if (!ofs->config.workdir) { |
1358 | pr_err("missing 'workdir'\n" ); |
1359 | goto out_err; |
1360 | } |
1361 | |
1362 | err = ovl_get_upper(sb, ofs, upper_layer: &layers[0], upperpath: &ctx->upper); |
1363 | if (err) |
1364 | goto out_err; |
1365 | |
1366 | upper_sb = ovl_upper_mnt(ofs)->mnt_sb; |
1367 | if (!ovl_should_sync(ofs)) { |
1368 | ofs->errseq = errseq_sample(eseq: &upper_sb->s_wb_err); |
1369 | if (errseq_check(eseq: &upper_sb->s_wb_err, since: ofs->errseq)) { |
1370 | err = -EIO; |
1371 | pr_err("Cannot mount volatile when upperdir has an unseen error. Sync upperdir fs to clear state.\n" ); |
1372 | goto out_err; |
1373 | } |
1374 | } |
1375 | |
1376 | err = ovl_get_workdir(sb, ofs, upperpath: &ctx->upper, workpath: &ctx->work); |
1377 | if (err) |
1378 | goto out_err; |
1379 | |
1380 | if (!ofs->workdir) |
1381 | sb->s_flags |= SB_RDONLY; |
1382 | |
1383 | sb->s_stack_depth = upper_sb->s_stack_depth; |
1384 | sb->s_time_gran = upper_sb->s_time_gran; |
1385 | } |
1386 | oe = ovl_get_lowerstack(sb, ctx, ofs, layers); |
1387 | err = PTR_ERR(ptr: oe); |
1388 | if (IS_ERR(ptr: oe)) |
1389 | goto out_err; |
1390 | |
1391 | /* If the upper fs is nonexistent, we mark overlayfs r/o too */ |
1392 | if (!ovl_upper_mnt(ofs)) |
1393 | sb->s_flags |= SB_RDONLY; |
1394 | |
1395 | if (!ovl_origin_uuid(ofs) && ofs->numfs > 1) { |
1396 | pr_warn("The uuid=off requires a single fs for lower and upper, falling back to uuid=null.\n" ); |
1397 | ofs->config.uuid = OVL_UUID_NULL; |
1398 | } else if (ovl_has_fsid(ofs) && ovl_upper_mnt(ofs)) { |
1399 | /* Use per instance persistent uuid/fsid */ |
1400 | ovl_init_uuid_xattr(sb, ofs, upperpath: &ctx->upper); |
1401 | } |
1402 | |
1403 | if (!ovl_force_readonly(ofs) && ofs->config.index) { |
1404 | err = ovl_get_indexdir(sb, ofs, oe, upperpath: &ctx->upper); |
1405 | if (err) |
1406 | goto out_free_oe; |
1407 | |
1408 | /* Force r/o mount with no index dir */ |
1409 | if (!ofs->indexdir) |
1410 | sb->s_flags |= SB_RDONLY; |
1411 | } |
1412 | |
1413 | err = ovl_check_overlapping_layers(sb, ofs); |
1414 | if (err) |
1415 | goto out_free_oe; |
1416 | |
1417 | /* Show index=off in /proc/mounts for forced r/o mount */ |
1418 | if (!ofs->indexdir) { |
1419 | ofs->config.index = false; |
1420 | if (ovl_upper_mnt(ofs) && ofs->config.nfs_export) { |
1421 | pr_warn("NFS export requires an index dir, falling back to nfs_export=off.\n" ); |
1422 | ofs->config.nfs_export = false; |
1423 | } |
1424 | } |
1425 | |
1426 | if (ofs->config.metacopy && ofs->config.nfs_export) { |
1427 | pr_warn("NFS export is not supported with metadata only copy up, falling back to nfs_export=off.\n" ); |
1428 | ofs->config.nfs_export = false; |
1429 | } |
1430 | |
1431 | /* |
1432 | * Support encoding decodable file handles with nfs_export=on |
1433 | * and encoding non-decodable file handles with nfs_export=off |
1434 | * if all layers support file handles. |
1435 | */ |
1436 | if (ofs->config.nfs_export) |
1437 | sb->s_export_op = &ovl_export_operations; |
1438 | else if (!ofs->nofh) |
1439 | sb->s_export_op = &ovl_export_fid_operations; |
1440 | |
1441 | /* Never override disk quota limits or use reserved space */ |
1442 | cap_lower(cred->cap_effective, CAP_SYS_RESOURCE); |
1443 | |
1444 | sb->s_magic = OVERLAYFS_SUPER_MAGIC; |
1445 | sb->s_xattr = ovl_xattr_handlers(ofs); |
1446 | sb->s_fs_info = ofs; |
1447 | #ifdef CONFIG_FS_POSIX_ACL |
1448 | sb->s_flags |= SB_POSIXACL; |
1449 | #endif |
1450 | sb->s_iflags |= SB_I_SKIP_SYNC; |
1451 | /* |
1452 | * Ensure that umask handling is done by the filesystems used |
1453 | * for the the upper layer instead of overlayfs as that would |
1454 | * lead to unexpected results. |
1455 | */ |
1456 | sb->s_iflags |= SB_I_NOUMASK; |
1457 | |
1458 | err = -ENOMEM; |
1459 | root_dentry = ovl_get_root(sb, upperdentry: ctx->upper.dentry, oe); |
1460 | if (!root_dentry) |
1461 | goto out_free_oe; |
1462 | |
1463 | sb->s_root = root_dentry; |
1464 | |
1465 | return 0; |
1466 | |
1467 | out_free_oe: |
1468 | ovl_free_entry(oe); |
1469 | out_err: |
1470 | ovl_free_fs(ofs); |
1471 | sb->s_fs_info = NULL; |
1472 | return err; |
1473 | } |
1474 | |
1475 | struct file_system_type ovl_fs_type = { |
1476 | .owner = THIS_MODULE, |
1477 | .name = "overlay" , |
1478 | .init_fs_context = ovl_init_fs_context, |
1479 | .parameters = ovl_parameter_spec, |
1480 | .fs_flags = FS_USERNS_MOUNT, |
1481 | .kill_sb = kill_anon_super, |
1482 | }; |
1483 | MODULE_ALIAS_FS("overlay" ); |
1484 | |
1485 | static void ovl_inode_init_once(void *foo) |
1486 | { |
1487 | struct ovl_inode *oi = foo; |
1488 | |
1489 | inode_init_once(&oi->vfs_inode); |
1490 | } |
1491 | |
1492 | static int __init ovl_init(void) |
1493 | { |
1494 | int err; |
1495 | |
1496 | ovl_inode_cachep = kmem_cache_create(name: "ovl_inode" , |
1497 | size: sizeof(struct ovl_inode), align: 0, |
1498 | flags: (SLAB_RECLAIM_ACCOUNT| |
1499 | SLAB_MEM_SPREAD|SLAB_ACCOUNT), |
1500 | ctor: ovl_inode_init_once); |
1501 | if (ovl_inode_cachep == NULL) |
1502 | return -ENOMEM; |
1503 | |
1504 | err = ovl_aio_request_cache_init(); |
1505 | if (!err) { |
1506 | err = register_filesystem(&ovl_fs_type); |
1507 | if (!err) |
1508 | return 0; |
1509 | |
1510 | ovl_aio_request_cache_destroy(); |
1511 | } |
1512 | kmem_cache_destroy(s: ovl_inode_cachep); |
1513 | |
1514 | return err; |
1515 | } |
1516 | |
1517 | static void __exit ovl_exit(void) |
1518 | { |
1519 | unregister_filesystem(&ovl_fs_type); |
1520 | |
1521 | /* |
1522 | * Make sure all delayed rcu free inodes are flushed before we |
1523 | * destroy cache. |
1524 | */ |
1525 | rcu_barrier(); |
1526 | kmem_cache_destroy(s: ovl_inode_cachep); |
1527 | ovl_aio_request_cache_destroy(); |
1528 | } |
1529 | |
1530 | module_init(ovl_init); |
1531 | module_exit(ovl_exit); |
1532 | |