1
2
3
4
5
6
7
8
9
10#include <uapi/linux/magic.h>
11#include <linux/fs.h>
12#include <linux/namei.h>
13#include <linux/xattr.h>
14#include <linux/mount.h>
15#include <linux/parser.h>
16#include <linux/module.h>
17#include <linux/statfs.h>
18#include <linux/seq_file.h>
19#include <linux/posix_acl_xattr.h>
20#include <linux/exportfs.h>
21#include "overlayfs.h"
22
23MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
24MODULE_DESCRIPTION("Overlay filesystem");
25MODULE_LICENSE("GPL");
26
27
28struct ovl_dir_cache;
29
30#define OVL_MAX_STACK 500
31
32static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
33module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
34MODULE_PARM_DESC(ovl_redirect_dir_def,
35 "Default to on or off for the redirect_dir feature");
36
37static bool ovl_redirect_always_follow =
38 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
39module_param_named(redirect_always_follow, ovl_redirect_always_follow,
40 bool, 0644);
41MODULE_PARM_DESC(ovl_redirect_always_follow,
42 "Follow redirects even if redirect_dir feature is turned off");
43
44static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
45module_param_named(index, ovl_index_def, bool, 0644);
46MODULE_PARM_DESC(ovl_index_def,
47 "Default to on or off for the inodes index feature");
48
49static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
50module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
51MODULE_PARM_DESC(ovl_nfs_export_def,
52 "Default to on or off for the NFS export feature");
53
54static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
55module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
56MODULE_PARM_DESC(ovl_xino_auto_def,
57 "Auto enable xino feature");
58
59static void ovl_entry_stack_free(struct ovl_entry *oe)
60{
61 unsigned int i;
62
63 for (i = 0; i < oe->numlower; i++)
64 dput(oe->lowerstack[i].dentry);
65}
66
67static void ovl_dentry_release(struct dentry *dentry)
68{
69 struct ovl_entry *oe = dentry->d_fsdata;
70
71 if (oe) {
72 ovl_entry_stack_free(oe);
73 kfree_rcu(oe, rcu);
74 }
75}
76
77static int ovl_check_append_only(struct inode *inode, int flag)
78{
79
80
81
82
83 if (IS_APPEND(inode)) {
84 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
85 return -EPERM;
86 if (flag & O_TRUNC)
87 return -EPERM;
88 }
89
90 return 0;
91}
92
93static struct dentry *ovl_d_real(struct dentry *dentry,
94 const struct inode *inode,
95 unsigned int open_flags, unsigned int flags)
96{
97 struct dentry *real;
98 int err;
99
100 if (flags & D_REAL_UPPER)
101 return ovl_dentry_upper(dentry);
102
103 if (!d_is_reg(dentry)) {
104 if (!inode || inode == d_inode(dentry))
105 return dentry;
106 goto bug;
107 }
108
109 if (open_flags) {
110 err = ovl_open_maybe_copy_up(dentry, open_flags);
111 if (err)
112 return ERR_PTR(err);
113 }
114
115 real = ovl_dentry_upper(dentry);
116 if (real && (!inode || inode == d_inode(real))) {
117 if (!inode) {
118 err = ovl_check_append_only(d_inode(real), open_flags);
119 if (err)
120 return ERR_PTR(err);
121 }
122 return real;
123 }
124
125 real = ovl_dentry_lower(dentry);
126 if (!real)
127 goto bug;
128
129
130 real = d_real(real, inode, open_flags, 0);
131
132 if (!inode || inode == d_inode(real))
133 return real;
134bug:
135 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
136 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
137 return dentry;
138}
139
140static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
141{
142 struct ovl_entry *oe = dentry->d_fsdata;
143 unsigned int i;
144 int ret = 1;
145
146 for (i = 0; i < oe->numlower; i++) {
147 struct dentry *d = oe->lowerstack[i].dentry;
148
149 if (d->d_flags & DCACHE_OP_REVALIDATE) {
150 ret = d->d_op->d_revalidate(d, flags);
151 if (ret < 0)
152 return ret;
153 if (!ret) {
154 if (!(flags & LOOKUP_RCU))
155 d_invalidate(d);
156 return -ESTALE;
157 }
158 }
159 }
160 return 1;
161}
162
163static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
164{
165 struct ovl_entry *oe = dentry->d_fsdata;
166 unsigned int i;
167 int ret = 1;
168
169 for (i = 0; i < oe->numlower; i++) {
170 struct dentry *d = oe->lowerstack[i].dentry;
171
172 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) {
173 ret = d->d_op->d_weak_revalidate(d, flags);
174 if (ret <= 0)
175 break;
176 }
177 }
178 return ret;
179}
180
181static const struct dentry_operations ovl_dentry_operations = {
182 .d_release = ovl_dentry_release,
183 .d_real = ovl_d_real,
184};
185
186static const struct dentry_operations ovl_reval_dentry_operations = {
187 .d_release = ovl_dentry_release,
188 .d_real = ovl_d_real,
189 .d_revalidate = ovl_dentry_revalidate,
190 .d_weak_revalidate = ovl_dentry_weak_revalidate,
191};
192
193static struct kmem_cache *ovl_inode_cachep;
194
195static struct inode *ovl_alloc_inode(struct super_block *sb)
196{
197 struct ovl_inode *oi = kmem_cache_alloc(ovl_inode_cachep, GFP_KERNEL);
198
199 if (!oi)
200 return NULL;
201
202 oi->cache = NULL;
203 oi->redirect = NULL;
204 oi->version = 0;
205 oi->flags = 0;
206 oi->__upperdentry = NULL;
207 oi->lower = NULL;
208 mutex_init(&oi->lock);
209
210 return &oi->vfs_inode;
211}
212
213static void ovl_i_callback(struct rcu_head *head)
214{
215 struct inode *inode = container_of(head, struct inode, i_rcu);
216
217 kmem_cache_free(ovl_inode_cachep, OVL_I(inode));
218}
219
220static void ovl_destroy_inode(struct inode *inode)
221{
222 struct ovl_inode *oi = OVL_I(inode);
223
224 dput(oi->__upperdentry);
225 iput(oi->lower);
226 kfree(oi->redirect);
227 ovl_dir_cache_free(inode);
228 mutex_destroy(&oi->lock);
229
230 call_rcu(&inode->i_rcu, ovl_i_callback);
231}
232
233static void ovl_free_fs(struct ovl_fs *ofs)
234{
235 unsigned i;
236
237 dput(ofs->indexdir);
238 dput(ofs->workdir);
239 if (ofs->workdir_locked)
240 ovl_inuse_unlock(ofs->workbasedir);
241 dput(ofs->workbasedir);
242 if (ofs->upperdir_locked)
243 ovl_inuse_unlock(ofs->upper_mnt->mnt_root);
244 mntput(ofs->upper_mnt);
245 for (i = 0; i < ofs->numlower; i++)
246 mntput(ofs->lower_layers[i].mnt);
247 for (i = 0; i < ofs->numlowerfs; i++)
248 free_anon_bdev(ofs->lower_fs[i].pseudo_dev);
249 kfree(ofs->lower_layers);
250 kfree(ofs->lower_fs);
251
252 kfree(ofs->config.lowerdir);
253 kfree(ofs->config.upperdir);
254 kfree(ofs->config.workdir);
255 kfree(ofs->config.redirect_mode);
256 if (ofs->creator_cred)
257 put_cred(ofs->creator_cred);
258 kfree(ofs);
259}
260
261static void ovl_put_super(struct super_block *sb)
262{
263 struct ovl_fs *ofs = sb->s_fs_info;
264
265 ovl_free_fs(ofs);
266}
267
268
269static int ovl_sync_fs(struct super_block *sb, int wait)
270{
271 struct ovl_fs *ofs = sb->s_fs_info;
272 struct super_block *upper_sb;
273 int ret;
274
275 if (!ofs->upper_mnt)
276 return 0;
277
278
279
280
281
282
283
284
285
286 if (!wait)
287 return 0;
288
289 upper_sb = ofs->upper_mnt->mnt_sb;
290
291 down_read(&upper_sb->s_umount);
292 ret = sync_filesystem(upper_sb);
293 up_read(&upper_sb->s_umount);
294
295 return ret;
296}
297
298
299
300
301
302
303
304
305
306static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
307{
308 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
309 struct dentry *root_dentry = dentry->d_sb->s_root;
310 struct path path;
311 int err;
312
313 ovl_path_real(root_dentry, &path);
314
315 err = vfs_statfs(&path, buf);
316 if (!err) {
317 buf->f_namelen = ofs->namelen;
318 buf->f_type = OVERLAYFS_SUPER_MAGIC;
319 }
320
321 return err;
322}
323
324
325static bool ovl_force_readonly(struct ovl_fs *ofs)
326{
327 return (!ofs->upper_mnt || !ofs->workdir);
328}
329
330static const char *ovl_redirect_mode_def(void)
331{
332 return ovl_redirect_dir_def ? "on" : "off";
333}
334
335enum {
336 OVL_XINO_OFF,
337 OVL_XINO_AUTO,
338 OVL_XINO_ON,
339};
340
341static const char * const ovl_xino_str[] = {
342 "off",
343 "auto",
344 "on",
345};
346
347static inline int ovl_xino_def(void)
348{
349 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
350}
351
352
353
354
355
356
357
358static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
359{
360 struct super_block *sb = dentry->d_sb;
361 struct ovl_fs *ofs = sb->s_fs_info;
362
363 seq_show_option(m, "lowerdir", ofs->config.lowerdir);
364 if (ofs->config.upperdir) {
365 seq_show_option(m, "upperdir", ofs->config.upperdir);
366 seq_show_option(m, "workdir", ofs->config.workdir);
367 }
368 if (ofs->config.default_permissions)
369 seq_puts(m, ",default_permissions");
370 if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0)
371 seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode);
372 if (ofs->config.index != ovl_index_def)
373 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
374 if (ofs->config.nfs_export != ovl_nfs_export_def)
375 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
376 "on" : "off");
377 if (ofs->config.xino != ovl_xino_def())
378 seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]);
379 return 0;
380}
381
382static int ovl_remount(struct super_block *sb, int *flags, char *data)
383{
384 struct ovl_fs *ofs = sb->s_fs_info;
385
386 if (!(*flags & SB_RDONLY) && ovl_force_readonly(ofs))
387 return -EROFS;
388
389 return 0;
390}
391
392static const struct super_operations ovl_super_operations = {
393 .alloc_inode = ovl_alloc_inode,
394 .destroy_inode = ovl_destroy_inode,
395 .drop_inode = generic_delete_inode,
396 .put_super = ovl_put_super,
397 .sync_fs = ovl_sync_fs,
398 .statfs = ovl_statfs,
399 .show_options = ovl_show_options,
400 .remount_fs = ovl_remount,
401};
402
403enum {
404 OPT_LOWERDIR,
405 OPT_UPPERDIR,
406 OPT_WORKDIR,
407 OPT_DEFAULT_PERMISSIONS,
408 OPT_REDIRECT_DIR,
409 OPT_INDEX_ON,
410 OPT_INDEX_OFF,
411 OPT_NFS_EXPORT_ON,
412 OPT_NFS_EXPORT_OFF,
413 OPT_XINO_ON,
414 OPT_XINO_OFF,
415 OPT_XINO_AUTO,
416 OPT_ERR,
417};
418
419static const match_table_t ovl_tokens = {
420 {OPT_LOWERDIR, "lowerdir=%s"},
421 {OPT_UPPERDIR, "upperdir=%s"},
422 {OPT_WORKDIR, "workdir=%s"},
423 {OPT_DEFAULT_PERMISSIONS, "default_permissions"},
424 {OPT_REDIRECT_DIR, "redirect_dir=%s"},
425 {OPT_INDEX_ON, "index=on"},
426 {OPT_INDEX_OFF, "index=off"},
427 {OPT_NFS_EXPORT_ON, "nfs_export=on"},
428 {OPT_NFS_EXPORT_OFF, "nfs_export=off"},
429 {OPT_XINO_ON, "xino=on"},
430 {OPT_XINO_OFF, "xino=off"},
431 {OPT_XINO_AUTO, "xino=auto"},
432 {OPT_ERR, NULL}
433};
434
435static char *ovl_next_opt(char **s)
436{
437 char *sbegin = *s;
438 char *p;
439
440 if (sbegin == NULL)
441 return NULL;
442
443 for (p = sbegin; *p; p++) {
444 if (*p == '\\') {
445 p++;
446 if (!*p)
447 break;
448 } else if (*p == ',') {
449 *p = '\0';
450 *s = p + 1;
451 return sbegin;
452 }
453 }
454 *s = NULL;
455 return sbegin;
456}
457
458static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode)
459{
460 if (strcmp(mode, "on") == 0) {
461 config->redirect_dir = true;
462
463
464
465
466 config->redirect_follow = true;
467 } else if (strcmp(mode, "follow") == 0) {
468 config->redirect_follow = true;
469 } else if (strcmp(mode, "off") == 0) {
470 if (ovl_redirect_always_follow)
471 config->redirect_follow = true;
472 } else if (strcmp(mode, "nofollow") != 0) {
473 pr_err("overlayfs: bad mount option \"redirect_dir=%s\"\n",
474 mode);
475 return -EINVAL;
476 }
477
478 return 0;
479}
480
481static int ovl_parse_opt(char *opt, struct ovl_config *config)
482{
483 char *p;
484
485 config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL);
486 if (!config->redirect_mode)
487 return -ENOMEM;
488
489 while ((p = ovl_next_opt(&opt)) != NULL) {
490 int token;
491 substring_t args[MAX_OPT_ARGS];
492
493 if (!*p)
494 continue;
495
496 token = match_token(p, ovl_tokens, args);
497 switch (token) {
498 case OPT_UPPERDIR:
499 kfree(config->upperdir);
500 config->upperdir = match_strdup(&args[0]);
501 if (!config->upperdir)
502 return -ENOMEM;
503 break;
504
505 case OPT_LOWERDIR:
506 kfree(config->lowerdir);
507 config->lowerdir = match_strdup(&args[0]);
508 if (!config->lowerdir)
509 return -ENOMEM;
510 break;
511
512 case OPT_WORKDIR:
513 kfree(config->workdir);
514 config->workdir = match_strdup(&args[0]);
515 if (!config->workdir)
516 return -ENOMEM;
517 break;
518
519 case OPT_DEFAULT_PERMISSIONS:
520 config->default_permissions = true;
521 break;
522
523 case OPT_REDIRECT_DIR:
524 kfree(config->redirect_mode);
525 config->redirect_mode = match_strdup(&args[0]);
526 if (!config->redirect_mode)
527 return -ENOMEM;
528 break;
529
530 case OPT_INDEX_ON:
531 config->index = true;
532 break;
533
534 case OPT_INDEX_OFF:
535 config->index = false;
536 break;
537
538 case OPT_NFS_EXPORT_ON:
539 config->nfs_export = true;
540 break;
541
542 case OPT_NFS_EXPORT_OFF:
543 config->nfs_export = false;
544 break;
545
546 case OPT_XINO_ON:
547 config->xino = OVL_XINO_ON;
548 break;
549
550 case OPT_XINO_OFF:
551 config->xino = OVL_XINO_OFF;
552 break;
553
554 case OPT_XINO_AUTO:
555 config->xino = OVL_XINO_AUTO;
556 break;
557
558 default:
559 pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p);
560 return -EINVAL;
561 }
562 }
563
564
565 if (!config->upperdir && config->workdir) {
566 pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
567 config->workdir);
568 kfree(config->workdir);
569 config->workdir = NULL;
570 }
571
572 return ovl_parse_redirect_mode(config, config->redirect_mode);
573}
574
575#define OVL_WORKDIR_NAME "work"
576#define OVL_INDEXDIR_NAME "index"
577
578static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
579 const char *name, bool persist)
580{
581 struct inode *dir = ofs->workbasedir->d_inode;
582 struct vfsmount *mnt = ofs->upper_mnt;
583 struct dentry *work;
584 int err;
585 bool retried = false;
586 bool locked = false;
587
588 inode_lock_nested(dir, I_MUTEX_PARENT);
589 locked = true;
590
591retry:
592 work = lookup_one_len(name, ofs->workbasedir, strlen(name));
593
594 if (!IS_ERR(work)) {
595 struct iattr attr = {
596 .ia_valid = ATTR_MODE,
597 .ia_mode = S_IFDIR | 0,
598 };
599
600 if (work->d_inode) {
601 err = -EEXIST;
602 if (retried)
603 goto out_dput;
604
605 if (persist)
606 goto out_unlock;
607
608 retried = true;
609 ovl_workdir_cleanup(dir, mnt, work, 0);
610 dput(work);
611 goto retry;
612 }
613
614 err = ovl_create_real(dir, work,
615 &(struct cattr){.mode = S_IFDIR | 0},
616 NULL, true);
617 if (err)
618 goto out_dput;
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
634 if (err && err != -ENODATA && err != -EOPNOTSUPP)
635 goto out_dput;
636
637 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
638 if (err && err != -ENODATA && err != -EOPNOTSUPP)
639 goto out_dput;
640
641
642 inode_lock(work->d_inode);
643 err = notify_change(work, &attr, NULL);
644 inode_unlock(work->d_inode);
645 if (err)
646 goto out_dput;
647 } else {
648 err = PTR_ERR(work);
649 goto out_err;
650 }
651out_unlock:
652 if (locked)
653 inode_unlock(dir);
654
655 return work;
656
657out_dput:
658 dput(work);
659out_err:
660 pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n",
661 ofs->config.workdir, name, -err);
662 work = NULL;
663 goto out_unlock;
664}
665
666static void ovl_unescape(char *s)
667{
668 char *d = s;
669
670 for (;; s++, d++) {
671 if (*s == '\\')
672 s++;
673 *d = *s;
674 if (!*s)
675 break;
676 }
677}
678
679static int ovl_mount_dir_noesc(const char *name, struct path *path)
680{
681 int err = -EINVAL;
682
683 if (!*name) {
684 pr_err("overlayfs: empty lowerdir\n");
685 goto out;
686 }
687 err = kern_path(name, LOOKUP_FOLLOW, path);
688 if (err) {
689 pr_err("overlayfs: failed to resolve '%s': %i\n", name, err);
690 goto out;
691 }
692 err = -EINVAL;
693 if (ovl_dentry_weird(path->dentry)) {
694 pr_err("overlayfs: filesystem on '%s' not supported\n", name);
695 goto out_put;
696 }
697 if (!d_is_dir(path->dentry)) {
698 pr_err("overlayfs: '%s' not a directory\n", name);
699 goto out_put;
700 }
701 return 0;
702
703out_put:
704 path_put_init(path);
705out:
706 return err;
707}
708
709static int ovl_mount_dir(const char *name, struct path *path)
710{
711 int err = -ENOMEM;
712 char *tmp = kstrdup(name, GFP_KERNEL);
713
714 if (tmp) {
715 ovl_unescape(tmp);
716 err = ovl_mount_dir_noesc(tmp, path);
717
718 if (!err)
719 if (ovl_dentry_remote(path->dentry)) {
720 pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n",
721 tmp);
722 path_put_init(path);
723 err = -EINVAL;
724 }
725 kfree(tmp);
726 }
727 return err;
728}
729
730static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
731 const char *name)
732{
733 struct kstatfs statfs;
734 int err = vfs_statfs(path, &statfs);
735
736 if (err)
737 pr_err("overlayfs: statfs failed on '%s'\n", name);
738 else
739 ofs->namelen = max(ofs->namelen, statfs.f_namelen);
740
741 return err;
742}
743
744static int ovl_lower_dir(const char *name, struct path *path,
745 struct ovl_fs *ofs, int *stack_depth, bool *remote)
746{
747 int fh_type;
748 int err;
749
750 err = ovl_mount_dir_noesc(name, path);
751 if (err)
752 goto out;
753
754 err = ovl_check_namelen(path, ofs, name);
755 if (err)
756 goto out_put;
757
758 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
759
760 if (ovl_dentry_remote(path->dentry))
761 *remote = true;
762
763
764
765
766
767 fh_type = ovl_can_decode_fh(path->dentry->d_sb);
768 if ((ofs->config.nfs_export ||
769 (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
770 ofs->config.index = false;
771 ofs->config.nfs_export = false;
772 pr_warn("overlayfs: fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
773 name);
774 }
775
776
777 if (fh_type != FILEID_INO32_GEN)
778 ofs->xino_bits = 0;
779
780 return 0;
781
782out_put:
783 path_put_init(path);
784out:
785 return err;
786}
787
788
789static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
790{
791 bool ok = false;
792
793 if (workdir != upperdir) {
794 ok = (lock_rename(workdir, upperdir) == NULL);
795 unlock_rename(workdir, upperdir);
796 }
797 return ok;
798}
799
800static unsigned int ovl_split_lowerdirs(char *str)
801{
802 unsigned int ctr = 1;
803 char *s, *d;
804
805 for (s = d = str;; s++, d++) {
806 if (*s == '\\') {
807 s++;
808 } else if (*s == ':') {
809 *d = '\0';
810 ctr++;
811 continue;
812 }
813 *d = *s;
814 if (!*s)
815 break;
816 }
817 return ctr;
818}
819
820static int __maybe_unused
821ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
822 struct dentry *dentry, struct inode *inode,
823 const char *name, void *buffer, size_t size)
824{
825 return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
826}
827
828static int __maybe_unused
829ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
830 struct dentry *dentry, struct inode *inode,
831 const char *name, const void *value,
832 size_t size, int flags)
833{
834 struct dentry *workdir = ovl_workdir(dentry);
835 struct inode *realinode = ovl_inode_real(inode);
836 struct posix_acl *acl = NULL;
837 int err;
838
839
840 if (value) {
841 acl = posix_acl_from_xattr(&init_user_ns, value, size);
842 if (IS_ERR(acl))
843 return PTR_ERR(acl);
844 }
845 err = -EOPNOTSUPP;
846 if (!IS_POSIXACL(d_inode(workdir)))
847 goto out_acl_release;
848 if (!realinode->i_op->set_acl)
849 goto out_acl_release;
850 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
851 err = acl ? -EACCES : 0;
852 goto out_acl_release;
853 }
854 err = -EPERM;
855 if (!inode_owner_or_capable(inode))
856 goto out_acl_release;
857
858 posix_acl_release(acl);
859
860
861
862
863
864 if (unlikely(inode->i_mode & S_ISGID) &&
865 handler->flags == ACL_TYPE_ACCESS &&
866 !in_group_p(inode->i_gid) &&
867 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
868 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
869
870 err = ovl_setattr(dentry, &iattr);
871 if (err)
872 return err;
873 }
874
875 err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
876 if (!err)
877 ovl_copyattr(ovl_inode_real(inode), inode);
878
879 return err;
880
881out_acl_release:
882 posix_acl_release(acl);
883 return err;
884}
885
886static int ovl_own_xattr_get(const struct xattr_handler *handler,
887 struct dentry *dentry, struct inode *inode,
888 const char *name, void *buffer, size_t size)
889{
890 return -EOPNOTSUPP;
891}
892
893static int ovl_own_xattr_set(const struct xattr_handler *handler,
894 struct dentry *dentry, struct inode *inode,
895 const char *name, const void *value,
896 size_t size, int flags)
897{
898 return -EOPNOTSUPP;
899}
900
901static int ovl_other_xattr_get(const struct xattr_handler *handler,
902 struct dentry *dentry, struct inode *inode,
903 const char *name, void *buffer, size_t size)
904{
905 return ovl_xattr_get(dentry, inode, name, buffer, size);
906}
907
908static int ovl_other_xattr_set(const struct xattr_handler *handler,
909 struct dentry *dentry, struct inode *inode,
910 const char *name, const void *value,
911 size_t size, int flags)
912{
913 return ovl_xattr_set(dentry, inode, name, value, size, flags);
914}
915
916static const struct xattr_handler __maybe_unused
917ovl_posix_acl_access_xattr_handler = {
918 .name = XATTR_NAME_POSIX_ACL_ACCESS,
919 .flags = ACL_TYPE_ACCESS,
920 .get = ovl_posix_acl_xattr_get,
921 .set = ovl_posix_acl_xattr_set,
922};
923
924static const struct xattr_handler __maybe_unused
925ovl_posix_acl_default_xattr_handler = {
926 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
927 .flags = ACL_TYPE_DEFAULT,
928 .get = ovl_posix_acl_xattr_get,
929 .set = ovl_posix_acl_xattr_set,
930};
931
932static const struct xattr_handler ovl_own_xattr_handler = {
933 .prefix = OVL_XATTR_PREFIX,
934 .get = ovl_own_xattr_get,
935 .set = ovl_own_xattr_set,
936};
937
938static const struct xattr_handler ovl_other_xattr_handler = {
939 .prefix = "",
940 .get = ovl_other_xattr_get,
941 .set = ovl_other_xattr_set,
942};
943
944static const struct xattr_handler *ovl_xattr_handlers[] = {
945#ifdef CONFIG_FS_POSIX_ACL
946 &ovl_posix_acl_access_xattr_handler,
947 &ovl_posix_acl_default_xattr_handler,
948#endif
949 &ovl_own_xattr_handler,
950 &ovl_other_xattr_handler,
951 NULL
952};
953
954static int ovl_get_upper(struct ovl_fs *ofs, struct path *upperpath)
955{
956 struct vfsmount *upper_mnt;
957 int err;
958
959 err = ovl_mount_dir(ofs->config.upperdir, upperpath);
960 if (err)
961 goto out;
962
963
964 if (sb_rdonly(upperpath->mnt->mnt_sb)) {
965 pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n");
966 err = -EINVAL;
967 goto out;
968 }
969
970 err = ovl_check_namelen(upperpath, ofs, ofs->config.upperdir);
971 if (err)
972 goto out;
973
974 err = -EBUSY;
975 if (ovl_inuse_trylock(upperpath->dentry)) {
976 ofs->upperdir_locked = true;
977 } else if (ofs->config.index) {
978 pr_err("overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection.\n");
979 goto out;
980 } else {
981 pr_warn("overlayfs: upperdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
982 }
983
984 upper_mnt = clone_private_mount(upperpath);
985 err = PTR_ERR(upper_mnt);
986 if (IS_ERR(upper_mnt)) {
987 pr_err("overlayfs: failed to clone upperpath\n");
988 goto out;
989 }
990
991
992 upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
993 ofs->upper_mnt = upper_mnt;
994 err = 0;
995out:
996 return err;
997}
998
999static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath)
1000{
1001 struct vfsmount *mnt = ofs->upper_mnt;
1002 struct dentry *temp;
1003 int fh_type;
1004 int err;
1005
1006 err = mnt_want_write(mnt);
1007 if (err)
1008 return err;
1009
1010 ofs->workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, false);
1011 if (!ofs->workdir)
1012 goto out;
1013
1014
1015
1016
1017
1018
1019
1020 err = ovl_check_d_type_supported(workpath);
1021 if (err < 0)
1022 goto out;
1023
1024
1025
1026
1027
1028 if (!err)
1029 pr_warn("overlayfs: upper fs needs to support d_type.\n");
1030
1031
1032 temp = ovl_do_tmpfile(ofs->workdir, S_IFREG | 0);
1033 ofs->tmpfile = !IS_ERR(temp);
1034 if (ofs->tmpfile)
1035 dput(temp);
1036 else
1037 pr_warn("overlayfs: upper fs does not support tmpfile.\n");
1038
1039
1040
1041
1042 err = ovl_do_setxattr(ofs->workdir, OVL_XATTR_OPAQUE, "0", 1, 0);
1043 if (err) {
1044 ofs->noxattr = true;
1045 ofs->config.index = false;
1046 pr_warn("overlayfs: upper fs does not support xattr, falling back to index=off.\n");
1047 err = 0;
1048 } else {
1049 vfs_removexattr(ofs->workdir, OVL_XATTR_OPAQUE);
1050 }
1051
1052
1053 fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
1054 if (ofs->config.index && !fh_type) {
1055 ofs->config.index = false;
1056 pr_warn("overlayfs: upper fs does not support file handles, falling back to index=off.\n");
1057 }
1058
1059
1060 if (fh_type != FILEID_INO32_GEN)
1061 ofs->xino_bits = 0;
1062
1063
1064 if (ofs->config.nfs_export && !ofs->config.index) {
1065 pr_warn("overlayfs: NFS export requires \"index=on\", falling back to nfs_export=off.\n");
1066 ofs->config.nfs_export = false;
1067 }
1068
1069out:
1070 mnt_drop_write(mnt);
1071 return err;
1072}
1073
1074static int ovl_get_workdir(struct ovl_fs *ofs, struct path *upperpath)
1075{
1076 int err;
1077 struct path workpath = { };
1078
1079 err = ovl_mount_dir(ofs->config.workdir, &workpath);
1080 if (err)
1081 goto out;
1082
1083 err = -EINVAL;
1084 if (upperpath->mnt != workpath.mnt) {
1085 pr_err("overlayfs: workdir and upperdir must reside under the same mount\n");
1086 goto out;
1087 }
1088 if (!ovl_workdir_ok(workpath.dentry, upperpath->dentry)) {
1089 pr_err("overlayfs: workdir and upperdir must be separate subtrees\n");
1090 goto out;
1091 }
1092
1093 err = -EBUSY;
1094 if (ovl_inuse_trylock(workpath.dentry)) {
1095 ofs->workdir_locked = true;
1096 } else if (ofs->config.index) {
1097 pr_err("overlayfs: workdir is in-use by another mount, mount with '-o index=off' to override exclusive workdir protection.\n");
1098 goto out;
1099 } else {
1100 pr_warn("overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
1101 }
1102
1103 ofs->workbasedir = dget(workpath.dentry);
1104 err = ovl_make_workdir(ofs, &workpath);
1105 if (err)
1106 goto out;
1107
1108 err = 0;
1109out:
1110 path_put(&workpath);
1111
1112 return err;
1113}
1114
1115static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
1116 struct path *upperpath)
1117{
1118 struct vfsmount *mnt = ofs->upper_mnt;
1119 int err;
1120
1121 err = mnt_want_write(mnt);
1122 if (err)
1123 return err;
1124
1125
1126 err = ovl_verify_origin(upperpath->dentry, oe->lowerstack[0].dentry,
1127 true);
1128 if (err) {
1129 pr_err("overlayfs: failed to verify upper root origin\n");
1130 goto out;
1131 }
1132
1133 ofs->indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
1134 if (ofs->indexdir) {
1135
1136
1137
1138
1139
1140
1141
1142
1143 if (ovl_check_origin_xattr(ofs->indexdir)) {
1144 err = ovl_verify_set_fh(ofs->indexdir, OVL_XATTR_ORIGIN,
1145 upperpath->dentry, true, false);
1146 if (err)
1147 pr_err("overlayfs: failed to verify index dir 'origin' xattr\n");
1148 }
1149 err = ovl_verify_upper(ofs->indexdir, upperpath->dentry, true);
1150 if (err)
1151 pr_err("overlayfs: failed to verify index dir 'upper' xattr\n");
1152
1153
1154 if (!err)
1155 err = ovl_indexdir_cleanup(ofs);
1156 }
1157 if (err || !ofs->indexdir)
1158 pr_warn("overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");
1159
1160out:
1161 mnt_drop_write(mnt);
1162 return err;
1163}
1164
1165
1166static int ovl_get_fsid(struct ovl_fs *ofs, struct super_block *sb)
1167{
1168 unsigned int i;
1169 dev_t dev;
1170 int err;
1171
1172
1173 if (ofs->upper_mnt && ofs->upper_mnt->mnt_sb == sb)
1174 return 0;
1175
1176 for (i = 0; i < ofs->numlowerfs; i++) {
1177 if (ofs->lower_fs[i].sb == sb)
1178 return i + 1;
1179 }
1180
1181 err = get_anon_bdev(&dev);
1182 if (err) {
1183 pr_err("overlayfs: failed to get anonymous bdev for lowerpath\n");
1184 return err;
1185 }
1186
1187 ofs->lower_fs[ofs->numlowerfs].sb = sb;
1188 ofs->lower_fs[ofs->numlowerfs].pseudo_dev = dev;
1189 ofs->numlowerfs++;
1190
1191 return ofs->numlowerfs;
1192}
1193
1194static int ovl_get_lower_layers(struct ovl_fs *ofs, struct path *stack,
1195 unsigned int numlower)
1196{
1197 int err;
1198 unsigned int i;
1199
1200 err = -ENOMEM;
1201 ofs->lower_layers = kcalloc(numlower, sizeof(struct ovl_layer),
1202 GFP_KERNEL);
1203 if (ofs->lower_layers == NULL)
1204 goto out;
1205
1206 ofs->lower_fs = kcalloc(numlower, sizeof(struct ovl_sb),
1207 GFP_KERNEL);
1208 if (ofs->lower_fs == NULL)
1209 goto out;
1210
1211 for (i = 0; i < numlower; i++) {
1212 struct vfsmount *mnt;
1213 int fsid;
1214
1215 err = fsid = ovl_get_fsid(ofs, stack[i].mnt->mnt_sb);
1216 if (err < 0)
1217 goto out;
1218
1219 mnt = clone_private_mount(&stack[i]);
1220 err = PTR_ERR(mnt);
1221 if (IS_ERR(mnt)) {
1222 pr_err("overlayfs: failed to clone lowerpath\n");
1223 goto out;
1224 }
1225
1226
1227
1228
1229
1230 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
1231
1232 ofs->lower_layers[ofs->numlower].mnt = mnt;
1233 ofs->lower_layers[ofs->numlower].idx = i + 1;
1234 ofs->lower_layers[ofs->numlower].fsid = fsid;
1235 if (fsid) {
1236 ofs->lower_layers[ofs->numlower].fs =
1237 &ofs->lower_fs[fsid - 1];
1238 }
1239 ofs->numlower++;
1240 }
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250 if (!ofs->numlowerfs || (ofs->numlowerfs == 1 && !ofs->upper_mnt)) {
1251 ofs->xino_bits = 0;
1252 ofs->config.xino = OVL_XINO_OFF;
1253 } else if (ofs->config.xino == OVL_XINO_ON && !ofs->xino_bits) {
1254
1255
1256
1257
1258
1259 BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 31);
1260 ofs->xino_bits = ilog2(ofs->numlowerfs) + 1;
1261 }
1262
1263 if (ofs->xino_bits) {
1264 pr_info("overlayfs: \"xino\" feature enabled using %d upper inode bits.\n",
1265 ofs->xino_bits);
1266 }
1267
1268 err = 0;
1269out:
1270 return err;
1271}
1272
1273static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
1274 struct ovl_fs *ofs)
1275{
1276 int err;
1277 char *lowertmp, *lower;
1278 struct path *stack = NULL;
1279 unsigned int stacklen, numlower = 0, i;
1280 bool remote = false;
1281 struct ovl_entry *oe;
1282
1283 err = -ENOMEM;
1284 lowertmp = kstrdup(ofs->config.lowerdir, GFP_KERNEL);
1285 if (!lowertmp)
1286 goto out_err;
1287
1288 err = -EINVAL;
1289 stacklen = ovl_split_lowerdirs(lowertmp);
1290 if (stacklen > OVL_MAX_STACK) {
1291 pr_err("overlayfs: too many lower directories, limit is %d\n",
1292 OVL_MAX_STACK);
1293 goto out_err;
1294 } else if (!ofs->config.upperdir && stacklen == 1) {
1295 pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n");
1296 goto out_err;
1297 } else if (!ofs->config.upperdir && ofs->config.nfs_export &&
1298 ofs->config.redirect_follow) {
1299 pr_warn("overlayfs: NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
1300 ofs->config.nfs_export = false;
1301 }
1302
1303 err = -ENOMEM;
1304 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL);
1305 if (!stack)
1306 goto out_err;
1307
1308 err = -EINVAL;
1309 lower = lowertmp;
1310 for (numlower = 0; numlower < stacklen; numlower++) {
1311 err = ovl_lower_dir(lower, &stack[numlower], ofs,
1312 &sb->s_stack_depth, &remote);
1313 if (err)
1314 goto out_err;
1315
1316 lower = strchr(lower, '\0') + 1;
1317 }
1318
1319 err = -EINVAL;
1320 sb->s_stack_depth++;
1321 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1322 pr_err("overlayfs: maximum fs stacking depth exceeded\n");
1323 goto out_err;
1324 }
1325
1326 err = ovl_get_lower_layers(ofs, stack, numlower);
1327 if (err)
1328 goto out_err;
1329
1330 err = -ENOMEM;
1331 oe = ovl_alloc_entry(numlower);
1332 if (!oe)
1333 goto out_err;
1334
1335 for (i = 0; i < numlower; i++) {
1336 oe->lowerstack[i].dentry = dget(stack[i].dentry);
1337 oe->lowerstack[i].layer = &ofs->lower_layers[i];
1338 }
1339
1340 if (remote)
1341 sb->s_d_op = &ovl_reval_dentry_operations;
1342 else
1343 sb->s_d_op = &ovl_dentry_operations;
1344
1345out:
1346 for (i = 0; i < numlower; i++)
1347 path_put(&stack[i]);
1348 kfree(stack);
1349 kfree(lowertmp);
1350
1351 return oe;
1352
1353out_err:
1354 oe = ERR_PTR(err);
1355 goto out;
1356}
1357
1358static int ovl_fill_super(struct super_block *sb, void *data, int silent)
1359{
1360 struct path upperpath = { };
1361 struct dentry *root_dentry;
1362 struct ovl_entry *oe;
1363 struct ovl_fs *ofs;
1364 struct cred *cred;
1365 int err;
1366
1367 err = -ENOMEM;
1368 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
1369 if (!ofs)
1370 goto out;
1371
1372 ofs->creator_cred = cred = prepare_creds();
1373 if (!cred)
1374 goto out_err;
1375
1376 ofs->config.index = ovl_index_def;
1377 ofs->config.nfs_export = ovl_nfs_export_def;
1378 ofs->config.xino = ovl_xino_def();
1379 err = ovl_parse_opt((char *) data, &ofs->config);
1380 if (err)
1381 goto out_err;
1382
1383 err = -EINVAL;
1384 if (!ofs->config.lowerdir) {
1385 if (!silent)
1386 pr_err("overlayfs: missing 'lowerdir'\n");
1387 goto out_err;
1388 }
1389
1390 sb->s_stack_depth = 0;
1391 sb->s_maxbytes = MAX_LFS_FILESIZE;
1392
1393 if (ofs->config.xino != OVL_XINO_OFF)
1394 ofs->xino_bits = BITS_PER_LONG - 32;
1395
1396 if (ofs->config.upperdir) {
1397 if (!ofs->config.workdir) {
1398 pr_err("overlayfs: missing 'workdir'\n");
1399 goto out_err;
1400 }
1401
1402 err = ovl_get_upper(ofs, &upperpath);
1403 if (err)
1404 goto out_err;
1405
1406 err = ovl_get_workdir(ofs, &upperpath);
1407 if (err)
1408 goto out_err;
1409
1410 if (!ofs->workdir)
1411 sb->s_flags |= SB_RDONLY;
1412
1413 sb->s_stack_depth = ofs->upper_mnt->mnt_sb->s_stack_depth;
1414 sb->s_time_gran = ofs->upper_mnt->mnt_sb->s_time_gran;
1415
1416 }
1417 oe = ovl_get_lowerstack(sb, ofs);
1418 err = PTR_ERR(oe);
1419 if (IS_ERR(oe))
1420 goto out_err;
1421
1422
1423 if (!ofs->upper_mnt)
1424 sb->s_flags |= SB_RDONLY;
1425
1426 if (!(ovl_force_readonly(ofs)) && ofs->config.index) {
1427 err = ovl_get_indexdir(ofs, oe, &upperpath);
1428 if (err)
1429 goto out_free_oe;
1430
1431
1432 if (!ofs->indexdir) {
1433 dput(ofs->workdir);
1434 ofs->workdir = NULL;
1435 sb->s_flags |= SB_RDONLY;
1436 }
1437
1438 }
1439
1440
1441 if (!ofs->indexdir) {
1442 ofs->config.index = false;
1443 if (ofs->upper_mnt && ofs->config.nfs_export) {
1444 pr_warn("overlayfs: NFS export requires an index dir, falling back to nfs_export=off.\n");
1445 ofs->config.nfs_export = false;
1446 }
1447 }
1448
1449 if (ofs->config.nfs_export)
1450 sb->s_export_op = &ovl_export_operations;
1451
1452
1453 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
1454
1455 sb->s_magic = OVERLAYFS_SUPER_MAGIC;
1456 sb->s_op = &ovl_super_operations;
1457 sb->s_xattr = ovl_xattr_handlers;
1458 sb->s_fs_info = ofs;
1459 sb->s_flags |= SB_POSIXACL | SB_NOREMOTELOCK;
1460
1461 err = -ENOMEM;
1462 root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
1463 if (!root_dentry)
1464 goto out_free_oe;
1465
1466 root_dentry->d_fsdata = oe;
1467
1468 mntput(upperpath.mnt);
1469 if (upperpath.dentry) {
1470 ovl_dentry_set_upper_alias(root_dentry);
1471 if (ovl_is_impuredir(upperpath.dentry))
1472 ovl_set_flag(OVL_IMPURE, d_inode(root_dentry));
1473 }
1474
1475
1476 ovl_set_flag(OVL_WHITEOUTS, d_inode(root_dentry));
1477 ovl_dentry_set_flag(OVL_E_CONNECTED, root_dentry);
1478 ovl_inode_init(d_inode(root_dentry), upperpath.dentry,
1479 ovl_dentry_lower(root_dentry));
1480
1481 sb->s_root = root_dentry;
1482
1483 return 0;
1484
1485out_free_oe:
1486 ovl_entry_stack_free(oe);
1487 kfree(oe);
1488out_err:
1489 path_put(&upperpath);
1490 ovl_free_fs(ofs);
1491out:
1492 return err;
1493}
1494
1495static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
1496 const char *dev_name, void *raw_data)
1497{
1498 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
1499}
1500
1501static struct file_system_type ovl_fs_type = {
1502 .owner = THIS_MODULE,
1503 .name = "overlay",
1504 .mount = ovl_mount,
1505 .kill_sb = kill_anon_super,
1506};
1507MODULE_ALIAS_FS("overlay");
1508
1509static void ovl_inode_init_once(void *foo)
1510{
1511 struct ovl_inode *oi = foo;
1512
1513 inode_init_once(&oi->vfs_inode);
1514}
1515
1516static int __init ovl_init(void)
1517{
1518 int err;
1519
1520 ovl_inode_cachep = kmem_cache_create("ovl_inode",
1521 sizeof(struct ovl_inode), 0,
1522 (SLAB_RECLAIM_ACCOUNT|
1523 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
1524 ovl_inode_init_once);
1525 if (ovl_inode_cachep == NULL)
1526 return -ENOMEM;
1527
1528 err = register_filesystem(&ovl_fs_type);
1529 if (err)
1530 kmem_cache_destroy(ovl_inode_cachep);
1531
1532 return err;
1533}
1534
1535static void __exit ovl_exit(void)
1536{
1537 unregister_filesystem(&ovl_fs_type);
1538
1539
1540
1541
1542
1543 rcu_barrier();
1544 kmem_cache_destroy(ovl_inode_cachep);
1545
1546}
1547
1548module_init(ovl_init);
1549module_exit(ovl_exit);
1550
