1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 *
4 * Copyright (C) 2011 Novell Inc.
5 */
6
7#include <uapi/linux/magic.h>
8#include <linux/fs.h>
9#include <linux/namei.h>
10#include <linux/xattr.h>
11#include <linux/mount.h>
12#include <linux/parser.h>
13#include <linux/module.h>
14#include <linux/statfs.h>
15#include <linux/seq_file.h>
16#include <linux/posix_acl_xattr.h>
17#include <linux/exportfs.h>
18#include <linux/file.h>
19#include <linux/fs_context.h>
20#include <linux/fs_parser.h>
21#include "overlayfs.h"
22#include "params.h"
23
24MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
25MODULE_DESCRIPTION("Overlay filesystem");
26MODULE_LICENSE("GPL");
27
28
29struct ovl_dir_cache;
30
31static struct dentry *ovl_d_real(struct dentry *dentry,
32 const struct inode *inode)
33{
34 struct dentry *real = NULL, *lower;
35 int err;
36
37 /*
38 * vfs is only expected to call d_real() with NULL from d_real_inode()
39 * and with overlay inode from file_dentry() on an overlay file.
40 *
41 * TODO: remove @inode argument from d_real() API, remove code in this
42 * function that deals with non-NULL @inode and remove d_real() call
43 * from file_dentry().
44 */
45 if (inode && d_inode(dentry) == inode)
46 return dentry;
47 else if (inode)
48 goto bug;
49
50 if (!d_is_reg(dentry)) {
51 /* d_real_inode() is only relevant for regular files */
52 return dentry;
53 }
54
55 real = ovl_dentry_upper(dentry);
56 if (real && (inode == d_inode(dentry: real)))
57 return real;
58
59 if (real && !inode && ovl_has_upperdata(inode: d_inode(dentry)))
60 return real;
61
62 /*
63 * Best effort lazy lookup of lowerdata for !inode case to return
64 * the real lowerdata dentry. The only current caller of d_real() with
65 * NULL inode is d_real_inode() from trace_uprobe and this caller is
66 * likely going to be followed reading from the file, before placing
67 * uprobes on offset within the file, so lowerdata should be available
68 * when setting the uprobe.
69 */
70 err = ovl_verify_lowerdata(dentry);
71 if (err)
72 goto bug;
73 lower = ovl_dentry_lowerdata(dentry);
74 if (!lower)
75 goto bug;
76 real = lower;
77
78 /* Handle recursion */
79 real = d_real(dentry: real, inode);
80
81 if (!inode || inode == d_inode(dentry: real))
82 return real;
83bug:
84 WARN(1, "%s(%pd4, %s:%lu): real dentry (%p/%lu) not found\n",
85 __func__, dentry, inode ? inode->i_sb->s_id : "NULL",
86 inode ? inode->i_ino : 0, real,
87 real && d_inode(real) ? d_inode(real)->i_ino : 0);
88 return dentry;
89}
90
91static int ovl_revalidate_real(struct dentry *d, unsigned int flags, bool weak)
92{
93 int ret = 1;
94
95 if (!d)
96 return 1;
97
98 if (weak) {
99 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE)
100 ret = d->d_op->d_weak_revalidate(d, flags);
101 } else if (d->d_flags & DCACHE_OP_REVALIDATE) {
102 ret = d->d_op->d_revalidate(d, flags);
103 if (!ret) {
104 if (!(flags & LOOKUP_RCU))
105 d_invalidate(d);
106 ret = -ESTALE;
107 }
108 }
109 return ret;
110}
111
112static int ovl_dentry_revalidate_common(struct dentry *dentry,
113 unsigned int flags, bool weak)
114{
115 struct ovl_entry *oe;
116 struct ovl_path *lowerstack;
117 struct inode *inode = d_inode_rcu(dentry);
118 struct dentry *upper;
119 unsigned int i;
120 int ret = 1;
121
122 /* Careful in RCU mode */
123 if (!inode)
124 return -ECHILD;
125
126 oe = OVL_I_E(inode);
127 lowerstack = ovl_lowerstack(oe);
128 upper = ovl_i_dentry_upper(inode);
129 if (upper)
130 ret = ovl_revalidate_real(d: upper, flags, weak);
131
132 for (i = 0; ret > 0 && i < ovl_numlower(oe); i++)
133 ret = ovl_revalidate_real(d: lowerstack[i].dentry, flags, weak);
134
135 return ret;
136}
137
138static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
139{
140 return ovl_dentry_revalidate_common(dentry, flags, weak: false);
141}
142
143static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
144{
145 return ovl_dentry_revalidate_common(dentry, flags, weak: true);
146}
147
148static const struct dentry_operations ovl_dentry_operations = {
149 .d_real = ovl_d_real,
150 .d_revalidate = ovl_dentry_revalidate,
151 .d_weak_revalidate = ovl_dentry_weak_revalidate,
152};
153
154static struct kmem_cache *ovl_inode_cachep;
155
156static struct inode *ovl_alloc_inode(struct super_block *sb)
157{
158 struct ovl_inode *oi = alloc_inode_sb(sb, cache: ovl_inode_cachep, GFP_KERNEL);
159
160 if (!oi)
161 return NULL;
162
163 oi->cache = NULL;
164 oi->redirect = NULL;
165 oi->version = 0;
166 oi->flags = 0;
167 oi->__upperdentry = NULL;
168 oi->lowerdata_redirect = NULL;
169 oi->oe = NULL;
170 mutex_init(&oi->lock);
171
172 return &oi->vfs_inode;
173}
174
175static void ovl_free_inode(struct inode *inode)
176{
177 struct ovl_inode *oi = OVL_I(inode);
178
179 kfree(objp: oi->redirect);
180 kfree(objp: oi->oe);
181 mutex_destroy(lock: &oi->lock);
182 kmem_cache_free(s: ovl_inode_cachep, objp: oi);
183}
184
185static void ovl_destroy_inode(struct inode *inode)
186{
187 struct ovl_inode *oi = OVL_I(inode);
188
189 dput(oi->__upperdentry);
190 ovl_stack_put(stack: ovl_lowerstack(oe: oi->oe), n: ovl_numlower(oe: oi->oe));
191 if (S_ISDIR(inode->i_mode))
192 ovl_dir_cache_free(inode);
193 else
194 kfree(objp: oi->lowerdata_redirect);
195}
196
197static void ovl_put_super(struct super_block *sb)
198{
199 struct ovl_fs *ofs = OVL_FS(sb);
200
201 if (ofs)
202 ovl_free_fs(ofs);
203}
204
205/* Sync real dirty inodes in upper filesystem (if it exists) */
206static int ovl_sync_fs(struct super_block *sb, int wait)
207{
208 struct ovl_fs *ofs = OVL_FS(sb);
209 struct super_block *upper_sb;
210 int ret;
211
212 ret = ovl_sync_status(ofs);
213 /*
214 * We have to always set the err, because the return value isn't
215 * checked in syncfs, and instead indirectly return an error via
216 * the sb's writeback errseq, which VFS inspects after this call.
217 */
218 if (ret < 0) {
219 errseq_set(eseq: &sb->s_wb_err, err: -EIO);
220 return -EIO;
221 }
222
223 if (!ret)
224 return ret;
225
226 /*
227 * Not called for sync(2) call or an emergency sync (SB_I_SKIP_SYNC).
228 * All the super blocks will be iterated, including upper_sb.
229 *
230 * If this is a syncfs(2) call, then we do need to call
231 * sync_filesystem() on upper_sb, but enough if we do it when being
232 * called with wait == 1.
233 */
234 if (!wait)
235 return 0;
236
237 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
238
239 down_read(sem: &upper_sb->s_umount);
240 ret = sync_filesystem(upper_sb);
241 up_read(sem: &upper_sb->s_umount);
242
243 return ret;
244}
245
246/**
247 * ovl_statfs
248 * @dentry: The dentry to query
249 * @buf: The struct kstatfs to fill in with stats
250 *
251 * Get the filesystem statistics. As writes always target the upper layer
252 * filesystem pass the statfs to the upper filesystem (if it exists)
253 */
254static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
255{
256 struct super_block *sb = dentry->d_sb;
257 struct ovl_fs *ofs = OVL_FS(sb);
258 struct dentry *root_dentry = sb->s_root;
259 struct path path;
260 int err;
261
262 ovl_path_real(dentry: root_dentry, path: &path);
263
264 err = vfs_statfs(&path, buf);
265 if (!err) {
266 buf->f_namelen = ofs->namelen;
267 buf->f_type = OVERLAYFS_SUPER_MAGIC;
268 if (ovl_has_fsid(ofs))
269 buf->f_fsid = uuid_to_fsid(uuid: sb->s_uuid.b);
270 }
271
272 return err;
273}
274
275static const struct super_operations ovl_super_operations = {
276 .alloc_inode = ovl_alloc_inode,
277 .free_inode = ovl_free_inode,
278 .destroy_inode = ovl_destroy_inode,
279 .drop_inode = generic_delete_inode,
280 .put_super = ovl_put_super,
281 .sync_fs = ovl_sync_fs,
282 .statfs = ovl_statfs,
283 .show_options = ovl_show_options,
284};
285
286#define OVL_WORKDIR_NAME "work"
287#define OVL_INDEXDIR_NAME "index"
288
289static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
290 const char *name, bool persist)
291{
292 struct inode *dir = ofs->workbasedir->d_inode;
293 struct vfsmount *mnt = ovl_upper_mnt(ofs);
294 struct dentry *work;
295 int err;
296 bool retried = false;
297
298 inode_lock_nested(inode: dir, subclass: I_MUTEX_PARENT);
299retry:
300 work = ovl_lookup_upper(ofs, name, base: ofs->workbasedir, strlen(name));
301
302 if (!IS_ERR(ptr: work)) {
303 struct iattr attr = {
304 .ia_valid = ATTR_MODE,
305 .ia_mode = S_IFDIR | 0,
306 };
307
308 if (work->d_inode) {
309 err = -EEXIST;
310 if (retried)
311 goto out_dput;
312
313 if (persist)
314 goto out_unlock;
315
316 retried = true;
317 err = ovl_workdir_cleanup(ofs, dir, mnt, dentry: work, level: 0);
318 dput(work);
319 if (err == -EINVAL) {
320 work = ERR_PTR(error: err);
321 goto out_unlock;
322 }
323 goto retry;
324 }
325
326 err = ovl_mkdir_real(ofs, dir, newdentry: &work, mode: attr.ia_mode);
327 if (err)
328 goto out_dput;
329
330 /* Weird filesystem returning with hashed negative (kernfs)? */
331 err = -EINVAL;
332 if (d_really_is_negative(dentry: work))
333 goto out_dput;
334
335 /*
336 * Try to remove POSIX ACL xattrs from workdir. We are good if:
337 *
338 * a) success (there was a POSIX ACL xattr and was removed)
339 * b) -ENODATA (there was no POSIX ACL xattr)
340 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
341 *
342 * There are various other error values that could effectively
343 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
344 * if the xattr name is too long), but the set of filesystems
345 * allowed as upper are limited to "normal" ones, where checking
346 * for the above two errors is sufficient.
347 */
348 err = ovl_do_remove_acl(ofs, dentry: work, XATTR_NAME_POSIX_ACL_DEFAULT);
349 if (err && err != -ENODATA && err != -EOPNOTSUPP)
350 goto out_dput;
351
352 err = ovl_do_remove_acl(ofs, dentry: work, XATTR_NAME_POSIX_ACL_ACCESS);
353 if (err && err != -ENODATA && err != -EOPNOTSUPP)
354 goto out_dput;
355
356 /* Clear any inherited mode bits */
357 inode_lock(inode: work->d_inode);
358 err = ovl_do_notify_change(ofs, upperdentry: work, attr: &attr);
359 inode_unlock(inode: work->d_inode);
360 if (err)
361 goto out_dput;
362 } else {
363 err = PTR_ERR(ptr: work);
364 goto out_err;
365 }
366out_unlock:
367 inode_unlock(inode: dir);
368 return work;
369
370out_dput:
371 dput(work);
372out_err:
373 pr_warn("failed to create directory %s/%s (errno: %i); mounting read-only\n",
374 ofs->config.workdir, name, -err);
375 work = NULL;
376 goto out_unlock;
377}
378
379static int ovl_check_namelen(const struct path *path, struct ovl_fs *ofs,
380 const char *name)
381{
382 struct kstatfs statfs;
383 int err = vfs_statfs(path, &statfs);
384
385 if (err)
386 pr_err("statfs failed on '%s'\n", name);
387 else
388 ofs->namelen = max(ofs->namelen, statfs.f_namelen);
389
390 return err;
391}
392
393static int ovl_lower_dir(const char *name, struct path *path,
394 struct ovl_fs *ofs, int *stack_depth)
395{
396 int fh_type;
397 int err;
398
399 err = ovl_check_namelen(path, ofs, name);
400 if (err)
401 return err;
402
403 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
404
405 /*
406 * The inodes index feature and NFS export need to encode and decode
407 * file handles, so they require that all layers support them.
408 */
409 fh_type = ovl_can_decode_fh(sb: path->dentry->d_sb);
410 if ((ofs->config.nfs_export ||
411 (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
412 ofs->config.index = false;
413 ofs->config.nfs_export = false;
414 pr_warn("fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
415 name);
416 }
417 ofs->nofh |= !fh_type;
418 /*
419 * Decoding origin file handle is required for persistent st_ino.
420 * Without persistent st_ino, xino=auto falls back to xino=off.
421 */
422 if (ofs->config.xino == OVL_XINO_AUTO &&
423 ofs->config.upperdir && !fh_type) {
424 ofs->config.xino = OVL_XINO_OFF;
425 pr_warn("fs on '%s' does not support file handles, falling back to xino=off.\n",
426 name);
427 }
428
429 /* Check if lower fs has 32bit inode numbers */
430 if (fh_type != FILEID_INO32_GEN)
431 ofs->xino_mode = -1;
432
433 return 0;
434}
435
436/* Workdir should not be subdir of upperdir and vice versa */
437static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
438{
439 bool ok = false;
440
441 if (workdir != upperdir) {
442 ok = (lock_rename(workdir, upperdir) == NULL);
443 unlock_rename(workdir, upperdir);
444 }
445 return ok;
446}
447
448static int ovl_setup_trap(struct super_block *sb, struct dentry *dir,
449 struct inode **ptrap, const char *name)
450{
451 struct inode *trap;
452 int err;
453
454 trap = ovl_get_trap_inode(sb, dir);
455 err = PTR_ERR_OR_ZERO(ptr: trap);
456 if (err) {
457 if (err == -ELOOP)
458 pr_err("conflicting %s path\n", name);
459 return err;
460 }
461
462 *ptrap = trap;
463 return 0;
464}
465
466/*
467 * Determine how we treat concurrent use of upperdir/workdir based on the
468 * index feature. This is papering over mount leaks of container runtimes,
469 * for example, an old overlay mount is leaked and now its upperdir is
470 * attempted to be used as a lower layer in a new overlay mount.
471 */
472static int ovl_report_in_use(struct ovl_fs *ofs, const char *name)
473{
474 if (ofs->config.index) {
475 pr_err("%s is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.\n",
476 name);
477 return -EBUSY;
478 } else {
479 pr_warn("%s is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.\n",
480 name);
481 return 0;
482 }
483}
484
485static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs,
486 struct ovl_layer *upper_layer,
487 const struct path *upperpath)
488{
489 struct vfsmount *upper_mnt;
490 int err;
491
492 /* Upperdir path should not be r/o */
493 if (__mnt_is_readonly(mnt: upperpath->mnt)) {
494 pr_err("upper fs is r/o, try multi-lower layers mount\n");
495 err = -EINVAL;
496 goto out;
497 }
498
499 err = ovl_check_namelen(path: upperpath, ofs, name: ofs->config.upperdir);
500 if (err)
501 goto out;
502
503 err = ovl_setup_trap(sb, dir: upperpath->dentry, ptrap: &upper_layer->trap,
504 name: "upperdir");
505 if (err)
506 goto out;
507
508 upper_mnt = clone_private_mount(path: upperpath);
509 err = PTR_ERR(ptr: upper_mnt);
510 if (IS_ERR(ptr: upper_mnt)) {
511 pr_err("failed to clone upperpath\n");
512 goto out;
513 }
514
515 /* Don't inherit atime flags */
516 upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
517 upper_layer->mnt = upper_mnt;
518 upper_layer->idx = 0;
519 upper_layer->fsid = 0;
520
521 /*
522 * Inherit SB_NOSEC flag from upperdir.
523 *
524 * This optimization changes behavior when a security related attribute
525 * (suid/sgid/security.*) is changed on an underlying layer. This is
526 * okay because we don't yet have guarantees in that case, but it will
527 * need careful treatment once we want to honour changes to underlying
528 * filesystems.
529 */
530 if (upper_mnt->mnt_sb->s_flags & SB_NOSEC)
531 sb->s_flags |= SB_NOSEC;
532
533 if (ovl_inuse_trylock(dentry: ovl_upper_mnt(ofs)->mnt_root)) {
534 ofs->upperdir_locked = true;
535 } else {
536 err = ovl_report_in_use(ofs, name: "upperdir");
537 if (err)
538 goto out;
539 }
540
541 err = 0;
542out:
543 return err;
544}
545
546/*
547 * Returns 1 if RENAME_WHITEOUT is supported, 0 if not supported and
548 * negative values if error is encountered.
549 */
550static int ovl_check_rename_whiteout(struct ovl_fs *ofs)
551{
552 struct dentry *workdir = ofs->workdir;
553 struct inode *dir = d_inode(dentry: workdir);
554 struct dentry *temp;
555 struct dentry *dest;
556 struct dentry *whiteout;
557 struct name_snapshot name;
558 int err;
559
560 inode_lock_nested(inode: dir, subclass: I_MUTEX_PARENT);
561
562 temp = ovl_create_temp(ofs, workdir, OVL_CATTR(S_IFREG | 0));
563 err = PTR_ERR(ptr: temp);
564 if (IS_ERR(ptr: temp))
565 goto out_unlock;
566
567 dest = ovl_lookup_temp(ofs, workdir);
568 err = PTR_ERR(ptr: dest);
569 if (IS_ERR(ptr: dest)) {
570 dput(temp);
571 goto out_unlock;
572 }
573
574 /* Name is inline and stable - using snapshot as a copy helper */
575 take_dentry_name_snapshot(&name, temp);
576 err = ovl_do_rename(ofs, olddir: dir, olddentry: temp, newdir: dir, newdentry: dest, RENAME_WHITEOUT);
577 if (err) {
578 if (err == -EINVAL)
579 err = 0;
580 goto cleanup_temp;
581 }
582
583 whiteout = ovl_lookup_upper(ofs, name: name.name.name, base: workdir, len: name.name.len);
584 err = PTR_ERR(ptr: whiteout);
585 if (IS_ERR(ptr: whiteout))
586 goto cleanup_temp;
587
588 err = ovl_upper_is_whiteout(ofs, upperdentry: whiteout);
589
590 /* Best effort cleanup of whiteout and temp file */
591 if (err)
592 ovl_cleanup(ofs, dir, dentry: whiteout);
593 dput(whiteout);
594
595cleanup_temp:
596 ovl_cleanup(ofs, dir, dentry: temp);
597 release_dentry_name_snapshot(&name);
598 dput(temp);
599 dput(dest);
600
601out_unlock:
602 inode_unlock(inode: dir);
603
604 return err;
605}
606
607static struct dentry *ovl_lookup_or_create(struct ovl_fs *ofs,
608 struct dentry *parent,
609 const char *name, umode_t mode)
610{
611 size_t len = strlen(name);
612 struct dentry *child;
613
614 inode_lock_nested(inode: parent->d_inode, subclass: I_MUTEX_PARENT);
615 child = ovl_lookup_upper(ofs, name, base: parent, len);
616 if (!IS_ERR(ptr: child) && !child->d_inode)
617 child = ovl_create_real(ofs, dir: parent->d_inode, newdentry: child,
618 OVL_CATTR(mode));
619 inode_unlock(inode: parent->d_inode);
620 dput(parent);
621
622 return child;
623}
624
625/*
626 * Creates $workdir/work/incompat/volatile/dirty file if it is not already
627 * present.
628 */
629static int ovl_create_volatile_dirty(struct ovl_fs *ofs)
630{
631 unsigned int ctr;
632 struct dentry *d = dget(dentry: ofs->workbasedir);
633 static const char *const volatile_path[] = {
634 OVL_WORKDIR_NAME, "incompat", "volatile", "dirty"
635 };
636 const char *const *name = volatile_path;
637
638 for (ctr = ARRAY_SIZE(volatile_path); ctr; ctr--, name++) {
639 d = ovl_lookup_or_create(ofs, parent: d, name: *name, mode: ctr > 1 ? S_IFDIR : S_IFREG);
640 if (IS_ERR(ptr: d))
641 return PTR_ERR(ptr: d);
642 }
643 dput(d);
644 return 0;
645}
646
647static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
648 const struct path *workpath)
649{
650 struct vfsmount *mnt = ovl_upper_mnt(ofs);
651 struct dentry *workdir;
652 struct file *tmpfile;
653 bool rename_whiteout;
654 bool d_type;
655 int fh_type;
656 int err;
657
658 err = mnt_want_write(mnt);
659 if (err)
660 return err;
661
662 workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, persist: false);
663 err = PTR_ERR(ptr: workdir);
664 if (IS_ERR_OR_NULL(ptr: workdir))
665 goto out;
666
667 ofs->workdir = workdir;
668
669 err = ovl_setup_trap(sb, dir: ofs->workdir, ptrap: &ofs->workdir_trap, name: "workdir");
670 if (err)
671 goto out;
672
673 /*
674 * Upper should support d_type, else whiteouts are visible. Given
675 * workdir and upper are on same fs, we can do iterate_dir() on
676 * workdir. This check requires successful creation of workdir in
677 * previous step.
678 */
679 err = ovl_check_d_type_supported(realpath: workpath);
680 if (err < 0)
681 goto out;
682
683 d_type = err;
684 if (!d_type)
685 pr_warn("upper fs needs to support d_type.\n");
686
687 /* Check if upper/work fs supports O_TMPFILE */
688 tmpfile = ovl_do_tmpfile(ofs, dentry: ofs->workdir, S_IFREG | 0);
689 ofs->tmpfile = !IS_ERR(ptr: tmpfile);
690 if (ofs->tmpfile)
691 fput(tmpfile);
692 else
693 pr_warn("upper fs does not support tmpfile.\n");
694
695
696 /* Check if upper/work fs supports RENAME_WHITEOUT */
697 err = ovl_check_rename_whiteout(ofs);
698 if (err < 0)
699 goto out;
700
701 rename_whiteout = err;
702 if (!rename_whiteout)
703 pr_warn("upper fs does not support RENAME_WHITEOUT.\n");
704
705 /*
706 * Check if upper/work fs supports (trusted|user).overlay.* xattr
707 */
708 err = ovl_setxattr(ofs, dentry: ofs->workdir, ox: OVL_XATTR_OPAQUE, value: "0", size: 1);
709 if (err) {
710 pr_warn("failed to set xattr on upper\n");
711 ofs->noxattr = true;
712 if (ovl_redirect_follow(ofs)) {
713 ofs->config.redirect_mode = OVL_REDIRECT_NOFOLLOW;
714 pr_warn("...falling back to redirect_dir=nofollow.\n");
715 }
716 if (ofs->config.metacopy) {
717 ofs->config.metacopy = false;
718 pr_warn("...falling back to metacopy=off.\n");
719 }
720 if (ofs->config.index) {
721 ofs->config.index = false;
722 pr_warn("...falling back to index=off.\n");
723 }
724 if (ovl_has_fsid(ofs)) {
725 ofs->config.uuid = OVL_UUID_NULL;
726 pr_warn("...falling back to uuid=null.\n");
727 }
728 /*
729 * xattr support is required for persistent st_ino.
730 * Without persistent st_ino, xino=auto falls back to xino=off.
731 */
732 if (ofs->config.xino == OVL_XINO_AUTO) {
733 ofs->config.xino = OVL_XINO_OFF;
734 pr_warn("...falling back to xino=off.\n");
735 }
736 if (err == -EPERM && !ofs->config.userxattr)
737 pr_info("try mounting with 'userxattr' option\n");
738 err = 0;
739 } else {
740 ovl_removexattr(ofs, dentry: ofs->workdir, ox: OVL_XATTR_OPAQUE);
741 }
742
743 /*
744 * We allowed sub-optimal upper fs configuration and don't want to break
745 * users over kernel upgrade, but we never allowed remote upper fs, so
746 * we can enforce strict requirements for remote upper fs.
747 */
748 if (ovl_dentry_remote(dentry: ofs->workdir) &&
749 (!d_type || !rename_whiteout || ofs->noxattr)) {
750 pr_err("upper fs missing required features.\n");
751 err = -EINVAL;
752 goto out;
753 }
754
755 /*
756 * For volatile mount, create a incompat/volatile/dirty file to keep
757 * track of it.
758 */
759 if (ofs->config.ovl_volatile) {
760 err = ovl_create_volatile_dirty(ofs);
761 if (err < 0) {
762 pr_err("Failed to create volatile/dirty file.\n");
763 goto out;
764 }
765 }
766
767 /* Check if upper/work fs supports file handles */
768 fh_type = ovl_can_decode_fh(sb: ofs->workdir->d_sb);
769 if (ofs->config.index && !fh_type) {
770 ofs->config.index = false;
771 pr_warn("upper fs does not support file handles, falling back to index=off.\n");
772 }
773 ofs->nofh |= !fh_type;
774
775 /* Check if upper fs has 32bit inode numbers */
776 if (fh_type != FILEID_INO32_GEN)
777 ofs->xino_mode = -1;
778
779 /* NFS export of r/w mount depends on index */
780 if (ofs->config.nfs_export && !ofs->config.index) {
781 pr_warn("NFS export requires \"index=on\", falling back to nfs_export=off.\n");
782 ofs->config.nfs_export = false;
783 }
784out:
785 mnt_drop_write(mnt);
786 return err;
787}
788
789static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs,
790 const struct path *upperpath,
791 const struct path *workpath)
792{
793 int err;
794
795 err = -EINVAL;
796 if (upperpath->mnt != workpath->mnt) {
797 pr_err("workdir and upperdir must reside under the same mount\n");
798 return err;
799 }
800 if (!ovl_workdir_ok(workdir: workpath->dentry, upperdir: upperpath->dentry)) {
801 pr_err("workdir and upperdir must be separate subtrees\n");
802 return err;
803 }
804
805 ofs->workbasedir = dget(dentry: workpath->dentry);
806
807 if (ovl_inuse_trylock(dentry: ofs->workbasedir)) {
808 ofs->workdir_locked = true;
809 } else {
810 err = ovl_report_in_use(ofs, name: "workdir");
811 if (err)
812 return err;
813 }
814
815 err = ovl_setup_trap(sb, dir: ofs->workbasedir, ptrap: &ofs->workbasedir_trap,
816 name: "workdir");
817 if (err)
818 return err;
819
820 return ovl_make_workdir(sb, ofs, workpath);
821}
822
823static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs,
824 struct ovl_entry *oe, const struct path *upperpath)
825{
826 struct vfsmount *mnt = ovl_upper_mnt(ofs);
827 struct dentry *indexdir;
828 struct dentry *origin = ovl_lowerstack(oe)->dentry;
829 const struct ovl_fh *fh;
830 int err;
831
832 fh = ovl_get_origin_fh(ofs, origin);
833 if (IS_ERR(ptr: fh))
834 return PTR_ERR(ptr: fh);
835
836 err = mnt_want_write(mnt);
837 if (err)
838 goto out_free_fh;
839
840 /* Verify lower root is upper root origin */
841 err = ovl_verify_origin_fh(ofs, upper: upperpath->dentry, fh, set: true);
842 if (err) {
843 pr_err("failed to verify upper root origin\n");
844 goto out;
845 }
846
847 /* index dir will act also as workdir */
848 iput(ofs->workdir_trap);
849 ofs->workdir_trap = NULL;
850 dput(ofs->workdir);
851 ofs->workdir = NULL;
852 indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, persist: true);
853 if (IS_ERR(ptr: indexdir)) {
854 err = PTR_ERR(ptr: indexdir);
855 } else if (indexdir) {
856 ofs->indexdir = indexdir;
857 ofs->workdir = dget(dentry: indexdir);
858
859 err = ovl_setup_trap(sb, dir: ofs->indexdir, ptrap: &ofs->indexdir_trap,
860 name: "indexdir");
861 if (err)
862 goto out;
863
864 /*
865 * Verify upper root is exclusively associated with index dir.
866 * Older kernels stored upper fh in ".overlay.origin"
867 * xattr. If that xattr exists, verify that it is a match to
868 * upper dir file handle. In any case, verify or set xattr
869 * ".overlay.upper" to indicate that index may have
870 * directory entries.
871 */
872 if (ovl_check_origin_xattr(ofs, upperdentry: ofs->indexdir)) {
873 err = ovl_verify_origin_xattr(ofs, dentry: ofs->indexdir,
874 ox: OVL_XATTR_ORIGIN,
875 real: upperpath->dentry, is_upper: true,
876 set: false);
877 if (err)
878 pr_err("failed to verify index dir 'origin' xattr\n");
879 }
880 err = ovl_verify_upper(ofs, index: ofs->indexdir, upper: upperpath->dentry,
881 set: true);
882 if (err)
883 pr_err("failed to verify index dir 'upper' xattr\n");
884
885 /* Cleanup bad/stale/orphan index entries */
886 if (!err)
887 err = ovl_indexdir_cleanup(ofs);
888 }
889 if (err || !ofs->indexdir)
890 pr_warn("try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");
891
892out:
893 mnt_drop_write(mnt);
894out_free_fh:
895 kfree(objp: fh);
896 return err;
897}
898
899static bool ovl_lower_uuid_ok(struct ovl_fs *ofs, const uuid_t *uuid)
900{
901 unsigned int i;
902
903 if (!ofs->config.nfs_export && !ovl_upper_mnt(ofs))
904 return true;
905
906 /*
907 * We allow using single lower with null uuid for index and nfs_export
908 * for example to support those features with single lower squashfs.
909 * To avoid regressions in setups of overlay with re-formatted lower
910 * squashfs, do not allow decoding origin with lower null uuid unless
911 * user opted-in to one of the new features that require following the
912 * lower inode of non-dir upper.
913 */
914 if (ovl_allow_offline_changes(ofs) && uuid_is_null(uuid))
915 return false;
916
917 for (i = 0; i < ofs->numfs; i++) {
918 /*
919 * We use uuid to associate an overlay lower file handle with a
920 * lower layer, so we can accept lower fs with null uuid as long
921 * as all lower layers with null uuid are on the same fs.
922 * if we detect multiple lower fs with the same uuid, we
923 * disable lower file handle decoding on all of them.
924 */
925 if (ofs->fs[i].is_lower &&
926 uuid_equal(u1: &ofs->fs[i].sb->s_uuid, u2: uuid)) {
927 ofs->fs[i].bad_uuid = true;
928 return false;
929 }
930 }
931 return true;
932}
933
934/* Get a unique fsid for the layer */
935static int ovl_get_fsid(struct ovl_fs *ofs, const struct path *path)
936{
937 struct super_block *sb = path->mnt->mnt_sb;
938 unsigned int i;
939 dev_t dev;
940 int err;
941 bool bad_uuid = false;
942 bool warn = false;
943
944 for (i = 0; i < ofs->numfs; i++) {
945 if (ofs->fs[i].sb == sb)
946 return i;
947 }
948
949 if (!ovl_lower_uuid_ok(ofs, uuid: &sb->s_uuid)) {
950 bad_uuid = true;
951 if (ofs->config.xino == OVL_XINO_AUTO) {
952 ofs->config.xino = OVL_XINO_OFF;
953 warn = true;
954 }
955 if (ofs->config.index || ofs->config.nfs_export) {
956 ofs->config.index = false;
957 ofs->config.nfs_export = false;
958 warn = true;
959 }
960 if (warn) {
961 pr_warn("%s uuid detected in lower fs '%pd2', falling back to xino=%s,index=off,nfs_export=off.\n",
962 uuid_is_null(&sb->s_uuid) ? "null" :
963 "conflicting",
964 path->dentry, ovl_xino_mode(&ofs->config));
965 }
966 }
967
968 err = get_anon_bdev(&dev);
969 if (err) {
970 pr_err("failed to get anonymous bdev for lowerpath\n");
971 return err;
972 }
973
974 ofs->fs[ofs->numfs].sb = sb;
975 ofs->fs[ofs->numfs].pseudo_dev = dev;
976 ofs->fs[ofs->numfs].bad_uuid = bad_uuid;
977
978 return ofs->numfs++;
979}
980
981/*
982 * The fsid after the last lower fsid is used for the data layers.
983 * It is a "null fs" with a null sb, null uuid, and no pseudo dev.
984 */
985static int ovl_get_data_fsid(struct ovl_fs *ofs)
986{
987 return ofs->numfs;
988}
989
990
991static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs,
992 struct ovl_fs_context *ctx, struct ovl_layer *layers)
993{
994 int err;
995 unsigned int i;
996 size_t nr_merged_lower;
997
998 ofs->fs = kcalloc(n: ctx->nr + 2, size: sizeof(struct ovl_sb), GFP_KERNEL);
999 if (ofs->fs == NULL)
1000 return -ENOMEM;
1001
1002 /*
1003 * idx/fsid 0 are reserved for upper fs even with lower only overlay
1004 * and the last fsid is reserved for "null fs" of the data layers.
1005 */
1006 ofs->numfs++;
1007
1008 /*
1009 * All lower layers that share the same fs as upper layer, use the same
1010 * pseudo_dev as upper layer. Allocate fs[0].pseudo_dev even for lower
1011 * only overlay to simplify ovl_fs_free().
1012 * is_lower will be set if upper fs is shared with a lower layer.
1013 */
1014 err = get_anon_bdev(&ofs->fs[0].pseudo_dev);
1015 if (err) {
1016 pr_err("failed to get anonymous bdev for upper fs\n");
1017 return err;
1018 }
1019
1020 if (ovl_upper_mnt(ofs)) {
1021 ofs->fs[0].sb = ovl_upper_mnt(ofs)->mnt_sb;
1022 ofs->fs[0].is_lower = false;
1023 }
1024
1025 nr_merged_lower = ctx->nr - ctx->nr_data;
1026 for (i = 0; i < ctx->nr; i++) {
1027 struct ovl_fs_context_layer *l = &ctx->lower[i];
1028 struct vfsmount *mnt;
1029 struct inode *trap;
1030 int fsid;
1031
1032 if (i < nr_merged_lower)
1033 fsid = ovl_get_fsid(ofs, path: &l->path);
1034 else
1035 fsid = ovl_get_data_fsid(ofs);
1036 if (fsid < 0)
1037 return fsid;
1038
1039 /*
1040 * Check if lower root conflicts with this overlay layers before
1041 * checking if it is in-use as upperdir/workdir of "another"
1042 * mount, because we do not bother to check in ovl_is_inuse() if
1043 * the upperdir/workdir is in fact in-use by our
1044 * upperdir/workdir.
1045 */
1046 err = ovl_setup_trap(sb, dir: l->path.dentry, ptrap: &trap, name: "lowerdir");
1047 if (err)
1048 return err;
1049
1050 if (ovl_is_inuse(dentry: l->path.dentry)) {
1051 err = ovl_report_in_use(ofs, name: "lowerdir");
1052 if (err) {
1053 iput(trap);
1054 return err;
1055 }
1056 }
1057
1058 mnt = clone_private_mount(path: &l->path);
1059 err = PTR_ERR(ptr: mnt);
1060 if (IS_ERR(ptr: mnt)) {
1061 pr_err("failed to clone lowerpath\n");
1062 iput(trap);
1063 return err;
1064 }
1065
1066 /*
1067 * Make lower layers R/O. That way fchmod/fchown on lower file
1068 * will fail instead of modifying lower fs.
1069 */
1070 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
1071
1072 layers[ofs->numlayer].trap = trap;
1073 layers[ofs->numlayer].mnt = mnt;
1074 layers[ofs->numlayer].idx = ofs->numlayer;
1075 layers[ofs->numlayer].fsid = fsid;
1076 layers[ofs->numlayer].fs = &ofs->fs[fsid];
1077 /* Store for printing lowerdir=... in ovl_show_options() */
1078 ofs->config.lowerdirs[ofs->numlayer] = l->name;
1079 l->name = NULL;
1080 ofs->numlayer++;
1081 ofs->fs[fsid].is_lower = true;
1082 }
1083
1084 /*
1085 * When all layers on same fs, overlay can use real inode numbers.
1086 * With mount option "xino=<on|auto>", mounter declares that there are
1087 * enough free high bits in underlying fs to hold the unique fsid.
1088 * If overlayfs does encounter underlying inodes using the high xino
1089 * bits reserved for fsid, it emits a warning and uses the original
1090 * inode number or a non persistent inode number allocated from a
1091 * dedicated range.
1092 */
1093 if (ofs->numfs - !ovl_upper_mnt(ofs) == 1) {
1094 if (ofs->config.xino == OVL_XINO_ON)
1095 pr_info("\"xino=on\" is useless with all layers on same fs, ignore.\n");
1096 ofs->xino_mode = 0;
1097 } else if (ofs->config.xino == OVL_XINO_OFF) {
1098 ofs->xino_mode = -1;
1099 } else if (ofs->xino_mode < 0) {
1100 /*
1101 * This is a roundup of number of bits needed for encoding
1102 * fsid, where fsid 0 is reserved for upper fs (even with
1103 * lower only overlay) +1 extra bit is reserved for the non
1104 * persistent inode number range that is used for resolving
1105 * xino lower bits overflow.
1106 */
1107 BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 30);
1108 ofs->xino_mode = ilog2(ofs->numfs - 1) + 2;
1109 }
1110
1111 if (ofs->xino_mode > 0) {
1112 pr_info("\"xino\" feature enabled using %d upper inode bits.\n",
1113 ofs->xino_mode);
1114 }
1115
1116 return 0;
1117}
1118
1119static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
1120 struct ovl_fs_context *ctx,
1121 struct ovl_fs *ofs,
1122 struct ovl_layer *layers)
1123{
1124 int err;
1125 unsigned int i;
1126 size_t nr_merged_lower;
1127 struct ovl_entry *oe;
1128 struct ovl_path *lowerstack;
1129
1130 struct ovl_fs_context_layer *l;
1131
1132 if (!ofs->config.upperdir && ctx->nr == 1) {
1133 pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n");
1134 return ERR_PTR(error: -EINVAL);
1135 }
1136
1137 err = -EINVAL;
1138 for (i = 0; i < ctx->nr; i++) {
1139 l = &ctx->lower[i];
1140
1141 err = ovl_lower_dir(name: l->name, path: &l->path, ofs, stack_depth: &sb->s_stack_depth);
1142 if (err)
1143 return ERR_PTR(error: err);
1144 }
1145
1146 err = -EINVAL;
1147 sb->s_stack_depth++;
1148 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1149 pr_err("maximum fs stacking depth exceeded\n");
1150 return ERR_PTR(error: err);
1151 }
1152
1153 err = ovl_get_layers(sb, ofs, ctx, layers);
1154 if (err)
1155 return ERR_PTR(error: err);
1156
1157 err = -ENOMEM;
1158 /* Data-only layers are not merged in root directory */
1159 nr_merged_lower = ctx->nr - ctx->nr_data;
1160 oe = ovl_alloc_entry(numlower: nr_merged_lower);
1161 if (!oe)
1162 return ERR_PTR(error: err);
1163
1164 lowerstack = ovl_lowerstack(oe);
1165 for (i = 0; i < nr_merged_lower; i++) {
1166 l = &ctx->lower[i];
1167 lowerstack[i].dentry = dget(dentry: l->path.dentry);
1168 lowerstack[i].layer = &ofs->layers[i + 1];
1169 }
1170 ofs->numdatalayer = ctx->nr_data;
1171
1172 return oe;
1173}
1174
1175/*
1176 * Check if this layer root is a descendant of:
1177 * - another layer of this overlayfs instance
1178 * - upper/work dir of any overlayfs instance
1179 */
1180static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs,
1181 struct dentry *dentry, const char *name,
1182 bool is_lower)
1183{
1184 struct dentry *next = dentry, *parent;
1185 int err = 0;
1186
1187 if (!dentry)
1188 return 0;
1189
1190 parent = dget_parent(dentry: next);
1191
1192 /* Walk back ancestors to root (inclusive) looking for traps */
1193 while (!err && parent != next) {
1194 if (is_lower && ovl_lookup_trap_inode(sb, dir: parent)) {
1195 err = -ELOOP;
1196 pr_err("overlapping %s path\n", name);
1197 } else if (ovl_is_inuse(dentry: parent)) {
1198 err = ovl_report_in_use(ofs, name);
1199 }
1200 next = parent;
1201 parent = dget_parent(dentry: next);
1202 dput(next);
1203 }
1204
1205 dput(parent);
1206
1207 return err;
1208}
1209
1210/*
1211 * Check if any of the layers or work dirs overlap.
1212 */
1213static int ovl_check_overlapping_layers(struct super_block *sb,
1214 struct ovl_fs *ofs)
1215{
1216 int i, err;
1217
1218 if (ovl_upper_mnt(ofs)) {
1219 err = ovl_check_layer(sb, ofs, dentry: ovl_upper_mnt(ofs)->mnt_root,
1220 name: "upperdir", is_lower: false);
1221 if (err)
1222 return err;
1223
1224 /*
1225 * Checking workbasedir avoids hitting ovl_is_inuse(parent) of
1226 * this instance and covers overlapping work and index dirs,
1227 * unless work or index dir have been moved since created inside
1228 * workbasedir. In that case, we already have their traps in
1229 * inode cache and we will catch that case on lookup.
1230 */
1231 err = ovl_check_layer(sb, ofs, dentry: ofs->workbasedir, name: "workdir",
1232 is_lower: false);
1233 if (err)
1234 return err;
1235 }
1236
1237 for (i = 1; i < ofs->numlayer; i++) {
1238 err = ovl_check_layer(sb, ofs,
1239 dentry: ofs->layers[i].mnt->mnt_root,
1240 name: "lowerdir", is_lower: true);
1241 if (err)
1242 return err;
1243 }
1244
1245 return 0;
1246}
1247
1248static struct dentry *ovl_get_root(struct super_block *sb,
1249 struct dentry *upperdentry,
1250 struct ovl_entry *oe)
1251{
1252 struct dentry *root;
1253 struct ovl_path *lowerpath = ovl_lowerstack(oe);
1254 unsigned long ino = d_inode(dentry: lowerpath->dentry)->i_ino;
1255 int fsid = lowerpath->layer->fsid;
1256 struct ovl_inode_params oip = {
1257 .upperdentry = upperdentry,
1258 .oe = oe,
1259 };
1260
1261 root = d_make_root(ovl_new_inode(sb, S_IFDIR, rdev: 0));
1262 if (!root)
1263 return NULL;
1264
1265 if (upperdentry) {
1266 /* Root inode uses upper st_ino/i_ino */
1267 ino = d_inode(dentry: upperdentry)->i_ino;
1268 fsid = 0;
1269 ovl_dentry_set_upper_alias(dentry: root);
1270 if (ovl_is_impuredir(sb, upperdentry))
1271 ovl_set_flag(flag: OVL_IMPURE, inode: d_inode(dentry: root));
1272 }
1273
1274 /* Root is always merge -> can have whiteouts */
1275 ovl_set_flag(flag: OVL_WHITEOUTS, inode: d_inode(dentry: root));
1276 ovl_dentry_set_flag(flag: OVL_E_CONNECTED, dentry: root);
1277 ovl_set_upperdata(inode: d_inode(dentry: root));
1278 ovl_inode_init(inode: d_inode(dentry: root), oip: &oip, ino, fsid);
1279 ovl_dentry_init_flags(dentry: root, upperdentry, oe, DCACHE_OP_WEAK_REVALIDATE);
1280 /* root keeps a reference of upperdentry */
1281 dget(dentry: upperdentry);
1282
1283 return root;
1284}
1285
1286int ovl_fill_super(struct super_block *sb, struct fs_context *fc)
1287{
1288 struct ovl_fs *ofs = sb->s_fs_info;
1289 struct ovl_fs_context *ctx = fc->fs_private;
1290 struct dentry *root_dentry;
1291 struct ovl_entry *oe;
1292 struct ovl_layer *layers;
1293 struct cred *cred;
1294 int err;
1295
1296 err = -EIO;
1297 if (WARN_ON(fc->user_ns != current_user_ns()))
1298 goto out_err;
1299
1300 sb->s_d_op = &ovl_dentry_operations;
1301
1302 err = -ENOMEM;
1303 ofs->creator_cred = cred = prepare_creds();
1304 if (!cred)
1305 goto out_err;
1306
1307 err = ovl_fs_params_verify(ctx, config: &ofs->config);
1308 if (err)
1309 goto out_err;
1310
1311 err = -EINVAL;
1312 if (ctx->nr == 0) {
1313 if (!(fc->sb_flags & SB_SILENT))
1314 pr_err("missing 'lowerdir'\n");
1315 goto out_err;
1316 }
1317
1318 err = -ENOMEM;
1319 layers = kcalloc(n: ctx->nr + 1, size: sizeof(struct ovl_layer), GFP_KERNEL);
1320 if (!layers)
1321 goto out_err;
1322
1323 ofs->config.lowerdirs = kcalloc(n: ctx->nr + 1, size: sizeof(char *), GFP_KERNEL);
1324 if (!ofs->config.lowerdirs) {
1325 kfree(objp: layers);
1326 goto out_err;
1327 }
1328 ofs->layers = layers;
1329 /*
1330 * Layer 0 is reserved for upper even if there's no upper.
1331 * config.lowerdirs[0] is used for storing the user provided colon
1332 * separated lowerdir string.
1333 */
1334 ofs->config.lowerdirs[0] = ctx->lowerdir_all;
1335 ctx->lowerdir_all = NULL;
1336 ofs->numlayer = 1;
1337
1338 sb->s_stack_depth = 0;
1339 sb->s_maxbytes = MAX_LFS_FILESIZE;
1340 atomic_long_set(v: &ofs->last_ino, i: 1);
1341 /* Assume underlying fs uses 32bit inodes unless proven otherwise */
1342 if (ofs->config.xino != OVL_XINO_OFF) {
1343 ofs->xino_mode = BITS_PER_LONG - 32;
1344 if (!ofs->xino_mode) {
1345 pr_warn("xino not supported on 32bit kernel, falling back to xino=off.\n");
1346 ofs->config.xino = OVL_XINO_OFF;
1347 }
1348 }
1349
1350 /* alloc/destroy_inode needed for setting up traps in inode cache */
1351 sb->s_op = &ovl_super_operations;
1352
1353 if (ofs->config.upperdir) {
1354 struct super_block *upper_sb;
1355
1356 err = -EINVAL;
1357 if (!ofs->config.workdir) {
1358 pr_err("missing 'workdir'\n");
1359 goto out_err;
1360 }
1361
1362 err = ovl_get_upper(sb, ofs, upper_layer: &layers[0], upperpath: &ctx->upper);
1363 if (err)
1364 goto out_err;
1365
1366 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
1367 if (!ovl_should_sync(ofs)) {
1368 ofs->errseq = errseq_sample(eseq: &upper_sb->s_wb_err);
1369 if (errseq_check(eseq: &upper_sb->s_wb_err, since: ofs->errseq)) {
1370 err = -EIO;
1371 pr_err("Cannot mount volatile when upperdir has an unseen error. Sync upperdir fs to clear state.\n");
1372 goto out_err;
1373 }
1374 }
1375
1376 err = ovl_get_workdir(sb, ofs, upperpath: &ctx->upper, workpath: &ctx->work);
1377 if (err)
1378 goto out_err;
1379
1380 if (!ofs->workdir)
1381 sb->s_flags |= SB_RDONLY;
1382
1383 sb->s_stack_depth = upper_sb->s_stack_depth;
1384 sb->s_time_gran = upper_sb->s_time_gran;
1385 }
1386 oe = ovl_get_lowerstack(sb, ctx, ofs, layers);
1387 err = PTR_ERR(ptr: oe);
1388 if (IS_ERR(ptr: oe))
1389 goto out_err;
1390
1391 /* If the upper fs is nonexistent, we mark overlayfs r/o too */
1392 if (!ovl_upper_mnt(ofs))
1393 sb->s_flags |= SB_RDONLY;
1394
1395 if (!ovl_origin_uuid(ofs) && ofs->numfs > 1) {
1396 pr_warn("The uuid=off requires a single fs for lower and upper, falling back to uuid=null.\n");
1397 ofs->config.uuid = OVL_UUID_NULL;
1398 } else if (ovl_has_fsid(ofs) && ovl_upper_mnt(ofs)) {
1399 /* Use per instance persistent uuid/fsid */
1400 ovl_init_uuid_xattr(sb, ofs, upperpath: &ctx->upper);
1401 }
1402
1403 if (!ovl_force_readonly(ofs) && ofs->config.index) {
1404 err = ovl_get_indexdir(sb, ofs, oe, upperpath: &ctx->upper);
1405 if (err)
1406 goto out_free_oe;
1407
1408 /* Force r/o mount with no index dir */
1409 if (!ofs->indexdir)
1410 sb->s_flags |= SB_RDONLY;
1411 }
1412
1413 err = ovl_check_overlapping_layers(sb, ofs);
1414 if (err)
1415 goto out_free_oe;
1416
1417 /* Show index=off in /proc/mounts for forced r/o mount */
1418 if (!ofs->indexdir) {
1419 ofs->config.index = false;
1420 if (ovl_upper_mnt(ofs) && ofs->config.nfs_export) {
1421 pr_warn("NFS export requires an index dir, falling back to nfs_export=off.\n");
1422 ofs->config.nfs_export = false;
1423 }
1424 }
1425
1426 if (ofs->config.metacopy && ofs->config.nfs_export) {
1427 pr_warn("NFS export is not supported with metadata only copy up, falling back to nfs_export=off.\n");
1428 ofs->config.nfs_export = false;
1429 }
1430
1431 /*
1432 * Support encoding decodable file handles with nfs_export=on
1433 * and encoding non-decodable file handles with nfs_export=off
1434 * if all layers support file handles.
1435 */
1436 if (ofs->config.nfs_export)
1437 sb->s_export_op = &ovl_export_operations;
1438 else if (!ofs->nofh)
1439 sb->s_export_op = &ovl_export_fid_operations;
1440
1441 /* Never override disk quota limits or use reserved space */
1442 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
1443
1444 sb->s_magic = OVERLAYFS_SUPER_MAGIC;
1445 sb->s_xattr = ovl_xattr_handlers(ofs);
1446 sb->s_fs_info = ofs;
1447#ifdef CONFIG_FS_POSIX_ACL
1448 sb->s_flags |= SB_POSIXACL;
1449#endif
1450 sb->s_iflags |= SB_I_SKIP_SYNC;
1451 /*
1452 * Ensure that umask handling is done by the filesystems used
1453 * for the the upper layer instead of overlayfs as that would
1454 * lead to unexpected results.
1455 */
1456 sb->s_iflags |= SB_I_NOUMASK;
1457
1458 err = -ENOMEM;
1459 root_dentry = ovl_get_root(sb, upperdentry: ctx->upper.dentry, oe);
1460 if (!root_dentry)
1461 goto out_free_oe;
1462
1463 sb->s_root = root_dentry;
1464
1465 return 0;
1466
1467out_free_oe:
1468 ovl_free_entry(oe);
1469out_err:
1470 ovl_free_fs(ofs);
1471 sb->s_fs_info = NULL;
1472 return err;
1473}
1474
1475struct file_system_type ovl_fs_type = {
1476 .owner = THIS_MODULE,
1477 .name = "overlay",
1478 .init_fs_context = ovl_init_fs_context,
1479 .parameters = ovl_parameter_spec,
1480 .fs_flags = FS_USERNS_MOUNT,
1481 .kill_sb = kill_anon_super,
1482};
1483MODULE_ALIAS_FS("overlay");
1484
1485static void ovl_inode_init_once(void *foo)
1486{
1487 struct ovl_inode *oi = foo;
1488
1489 inode_init_once(&oi->vfs_inode);
1490}
1491
1492static int __init ovl_init(void)
1493{
1494 int err;
1495
1496 ovl_inode_cachep = kmem_cache_create(name: "ovl_inode",
1497 size: sizeof(struct ovl_inode), align: 0,
1498 flags: (SLAB_RECLAIM_ACCOUNT|
1499 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
1500 ctor: ovl_inode_init_once);
1501 if (ovl_inode_cachep == NULL)
1502 return -ENOMEM;
1503
1504 err = ovl_aio_request_cache_init();
1505 if (!err) {
1506 err = register_filesystem(&ovl_fs_type);
1507 if (!err)
1508 return 0;
1509
1510 ovl_aio_request_cache_destroy();
1511 }
1512 kmem_cache_destroy(s: ovl_inode_cachep);
1513
1514 return err;
1515}
1516
1517static void __exit ovl_exit(void)
1518{
1519 unregister_filesystem(&ovl_fs_type);
1520
1521 /*
1522 * Make sure all delayed rcu free inodes are flushed before we
1523 * destroy cache.
1524 */
1525 rcu_barrier();
1526 kmem_cache_destroy(s: ovl_inode_cachep);
1527 ovl_aio_request_cache_destroy();
1528}
1529
1530module_init(ovl_init);
1531module_exit(ovl_exit);
1532

source code of linux/fs/overlayfs/super.c