super.c 36.5 KB
Newer Older
M
Miklos Szeredi 已提交
1 2 3 4 5 6 7 8 9
/*
 *
 * Copyright (C) 2011 Novell Inc.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 as published by
 * the Free Software Foundation.
 */

10
#include <uapi/linux/magic.h>
M
Miklos Szeredi 已提交
11 12 13 14 15 16
#include <linux/fs.h>
#include <linux/namei.h>
#include <linux/xattr.h>
#include <linux/mount.h>
#include <linux/parser.h>
#include <linux/module.h>
A
Andy Whitcroft 已提交
17
#include <linux/statfs.h>
E
Erez Zadok 已提交
18
#include <linux/seq_file.h>
M
Miklos Szeredi 已提交
19
#include <linux/posix_acl_xattr.h>
20
#include <linux/exportfs.h>
M
Miklos Szeredi 已提交
21 22 23 24 25 26 27 28 29
#include "overlayfs.h"

MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
MODULE_DESCRIPTION("Overlay filesystem");
MODULE_LICENSE("GPL");


struct ovl_dir_cache;

30 31
#define OVL_MAX_STACK 500

32 33 34 35
static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
MODULE_PARM_DESC(ovl_redirect_dir_def,
		 "Default to on or off for the redirect_dir feature");
M
Miklos Szeredi 已提交
36

37 38 39 40 41 42 43
static bool ovl_redirect_always_follow =
	IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
module_param_named(redirect_always_follow, ovl_redirect_always_follow,
		   bool, 0644);
MODULE_PARM_DESC(ovl_redirect_always_follow,
		 "Follow redirects even if redirect_dir feature is turned off");

44 45 46 47 48
static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
module_param_named(index, ovl_index_def, bool, 0644);
MODULE_PARM_DESC(ovl_index_def,
		 "Default to on or off for the inodes index feature");

49 50 51 52 53
static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
MODULE_PARM_DESC(ovl_nfs_export_def,
		 "Default to on or off for the NFS export feature");

54 55 56 57 58
static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
MODULE_PARM_DESC(ovl_xino_auto_def,
		 "Auto enable xino feature");

59 60 61 62 63 64 65 66
static void ovl_entry_stack_free(struct ovl_entry *oe)
{
	unsigned int i;

	for (i = 0; i < oe->numlower; i++)
		dput(oe->lowerstack[i].dentry);
}

M
Miklos Szeredi 已提交
67 68 69 70 71
static void ovl_dentry_release(struct dentry *dentry)
{
	struct ovl_entry *oe = dentry->d_fsdata;

	if (oe) {
72
		ovl_entry_stack_free(oe);
M
Miklos Szeredi 已提交
73 74 75 76
		kfree_rcu(oe, rcu);
	}
}

77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
static int ovl_check_append_only(struct inode *inode, int flag)
{
	/*
	 * This test was moot in vfs may_open() because overlay inode does
	 * not have the S_APPEND flag, so re-check on real upper inode
	 */
	if (IS_APPEND(inode)) {
		if  ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
			return -EPERM;
		if (flag & O_TRUNC)
			return -EPERM;
	}

	return 0;
}

93 94
static struct dentry *ovl_d_real(struct dentry *dentry,
				 const struct inode *inode,
M
Miklos Szeredi 已提交
95
				 unsigned int open_flags, unsigned int flags)
M
Miklos Szeredi 已提交
96 97
{
	struct dentry *real;
98
	int err;
M
Miklos Szeredi 已提交
99

100 101 102
	if (flags & D_REAL_UPPER)
		return ovl_dentry_upper(dentry);

103
	if (!d_is_reg(dentry)) {
M
Miklos Szeredi 已提交
104 105 106 107 108
		if (!inode || inode == d_inode(dentry))
			return dentry;
		goto bug;
	}

109
	if (open_flags) {
110
		err = ovl_open_maybe_copy_up(dentry, open_flags);
111 112 113 114
		if (err)
			return ERR_PTR(err);
	}

M
Miklos Szeredi 已提交
115
	real = ovl_dentry_upper(dentry);
116 117 118 119 120 121
	if (real && (!inode || inode == d_inode(real))) {
		if (!inode) {
			err = ovl_check_append_only(d_inode(real), open_flags);
			if (err)
				return ERR_PTR(err);
		}
M
Miklos Szeredi 已提交
122
		return real;
123
	}
M
Miklos Szeredi 已提交
124 125 126 127 128

	real = ovl_dentry_lower(dentry);
	if (!real)
		goto bug;

M
Miklos Szeredi 已提交
129
	/* Handle recursion */
M
Miklos Szeredi 已提交
130
	real = d_real(real, inode, open_flags, 0);
M
Miklos Szeredi 已提交
131

M
Miklos Szeredi 已提交
132 133 134
	if (!inode || inode == d_inode(real))
		return real;
bug:
M
Miklos Szeredi 已提交
135
	WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
M
Miklos Szeredi 已提交
136 137 138 139
	     inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
	return dentry;
}

140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180
static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
{
	struct ovl_entry *oe = dentry->d_fsdata;
	unsigned int i;
	int ret = 1;

	for (i = 0; i < oe->numlower; i++) {
		struct dentry *d = oe->lowerstack[i].dentry;

		if (d->d_flags & DCACHE_OP_REVALIDATE) {
			ret = d->d_op->d_revalidate(d, flags);
			if (ret < 0)
				return ret;
			if (!ret) {
				if (!(flags & LOOKUP_RCU))
					d_invalidate(d);
				return -ESTALE;
			}
		}
	}
	return 1;
}

static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
{
	struct ovl_entry *oe = dentry->d_fsdata;
	unsigned int i;
	int ret = 1;

	for (i = 0; i < oe->numlower; i++) {
		struct dentry *d = oe->lowerstack[i].dentry;

		if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) {
			ret = d->d_op->d_weak_revalidate(d, flags);
			if (ret <= 0)
				break;
		}
	}
	return ret;
}

M
Miklos Szeredi 已提交
181 182
static const struct dentry_operations ovl_dentry_operations = {
	.d_release = ovl_dentry_release,
M
Miklos Szeredi 已提交
183
	.d_real = ovl_d_real,
M
Miklos Szeredi 已提交
184 185
};

186 187
static const struct dentry_operations ovl_reval_dentry_operations = {
	.d_release = ovl_dentry_release,
M
Miklos Szeredi 已提交
188
	.d_real = ovl_d_real,
189 190 191 192
	.d_revalidate = ovl_dentry_revalidate,
	.d_weak_revalidate = ovl_dentry_weak_revalidate,
};

193 194 195 196 197 198
static struct kmem_cache *ovl_inode_cachep;

static struct inode *ovl_alloc_inode(struct super_block *sb)
{
	struct ovl_inode *oi = kmem_cache_alloc(ovl_inode_cachep, GFP_KERNEL);

199 200 201
	if (!oi)
		return NULL;

202
	oi->cache = NULL;
M
Miklos Szeredi 已提交
203
	oi->redirect = NULL;
204
	oi->version = 0;
M
Miklos Szeredi 已提交
205
	oi->flags = 0;
206
	oi->__upperdentry = NULL;
207
	oi->lower = NULL;
208
	mutex_init(&oi->lock);
209

210 211 212 213 214 215 216 217 218 219 220 221
	return &oi->vfs_inode;
}

static void ovl_i_callback(struct rcu_head *head)
{
	struct inode *inode = container_of(head, struct inode, i_rcu);

	kmem_cache_free(ovl_inode_cachep, OVL_I(inode));
}

static void ovl_destroy_inode(struct inode *inode)
{
222 223 224
	struct ovl_inode *oi = OVL_I(inode);

	dput(oi->__upperdentry);
225
	iput(oi->lower);
M
Miklos Szeredi 已提交
226
	kfree(oi->redirect);
227
	ovl_dir_cache_free(inode);
228
	mutex_destroy(&oi->lock);
229

230 231 232
	call_rcu(&inode->i_rcu, ovl_i_callback);
}

M
Miklos Szeredi 已提交
233
static void ovl_free_fs(struct ovl_fs *ofs)
M
Miklos Szeredi 已提交
234
{
235
	unsigned i;
M
Miklos Szeredi 已提交
236

M
Miklos Szeredi 已提交
237 238 239 240 241 242 243 244
	dput(ofs->indexdir);
	dput(ofs->workdir);
	if (ofs->workdir_locked)
		ovl_inuse_unlock(ofs->workbasedir);
	dput(ofs->workbasedir);
	if (ofs->upperdir_locked)
		ovl_inuse_unlock(ofs->upper_mnt->mnt_root);
	mntput(ofs->upper_mnt);
245
	for (i = 0; i < ofs->numlower; i++)
M
Miklos Szeredi 已提交
246
		mntput(ofs->lower_layers[i].mnt);
247 248
	for (i = 0; i < ofs->numlowerfs; i++)
		free_anon_bdev(ofs->lower_fs[i].pseudo_dev);
M
Miklos Szeredi 已提交
249
	kfree(ofs->lower_layers);
250
	kfree(ofs->lower_fs);
M
Miklos Szeredi 已提交
251 252 253 254

	kfree(ofs->config.lowerdir);
	kfree(ofs->config.upperdir);
	kfree(ofs->config.workdir);
255
	kfree(ofs->config.redirect_mode);
M
Miklos Szeredi 已提交
256 257 258
	if (ofs->creator_cred)
		put_cred(ofs->creator_cred);
	kfree(ofs);
M
Miklos Szeredi 已提交
259 260
}

261 262 263 264 265 266 267
static void ovl_put_super(struct super_block *sb)
{
	struct ovl_fs *ofs = sb->s_fs_info;

	ovl_free_fs(ofs);
}

268
/* Sync real dirty inodes in upper filesystem (if it exists) */
269 270
static int ovl_sync_fs(struct super_block *sb, int wait)
{
M
Miklos Szeredi 已提交
271
	struct ovl_fs *ofs = sb->s_fs_info;
272 273 274
	struct super_block *upper_sb;
	int ret;

M
Miklos Szeredi 已提交
275
	if (!ofs->upper_mnt)
276
		return 0;
277 278 279 280 281 282 283 284 285 286

	/*
	 * If this is a sync(2) call or an emergency sync, all the super blocks
	 * will be iterated, including upper_sb, so no need to do anything.
	 *
	 * If this is a syncfs(2) call, then we do need to call
	 * sync_filesystem() on upper_sb, but enough if we do it when being
	 * called with wait == 1.
	 */
	if (!wait)
287 288
		return 0;

289 290
	upper_sb = ofs->upper_mnt->mnt_sb;

291
	down_read(&upper_sb->s_umount);
292
	ret = sync_filesystem(upper_sb);
293
	up_read(&upper_sb->s_umount);
294

295 296 297
	return ret;
}

A
Andy Whitcroft 已提交
298 299 300 301 302 303
/**
 * ovl_statfs
 * @sb: The overlayfs super block
 * @buf: The struct kstatfs to fill in with stats
 *
 * Get the filesystem statistics.  As writes always target the upper layer
304
 * filesystem pass the statfs to the upper filesystem (if it exists)
A
Andy Whitcroft 已提交
305 306 307 308 309 310 311 312
 */
static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
{
	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
	struct dentry *root_dentry = dentry->d_sb->s_root;
	struct path path;
	int err;

313
	ovl_path_real(root_dentry, &path);
A
Andy Whitcroft 已提交
314 315 316

	err = vfs_statfs(&path, buf);
	if (!err) {
M
Miklos Szeredi 已提交
317
		buf->f_namelen = ofs->namelen;
A
Andy Whitcroft 已提交
318 319 320 321 322 323
		buf->f_type = OVERLAYFS_SUPER_MAGIC;
	}

	return err;
}

324
/* Will this overlay be forced to mount/remount ro? */
M
Miklos Szeredi 已提交
325
static bool ovl_force_readonly(struct ovl_fs *ofs)
326
{
M
Miklos Szeredi 已提交
327
	return (!ofs->upper_mnt || !ofs->workdir);
328 329
}

330 331 332 333 334
static const char *ovl_redirect_mode_def(void)
{
	return ovl_redirect_dir_def ? "on" : "off";
}

335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351
enum {
	OVL_XINO_OFF,
	OVL_XINO_AUTO,
	OVL_XINO_ON,
};

static const char * const ovl_xino_str[] = {
	"off",
	"auto",
	"on",
};

static inline int ovl_xino_def(void)
{
	return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
}

E
Erez Zadok 已提交
352 353 354 355 356 357 358 359 360
/**
 * ovl_show_options
 *
 * Prints the mount options for a given superblock.
 * Returns zero; does not fail.
 */
static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
{
	struct super_block *sb = dentry->d_sb;
M
Miklos Szeredi 已提交
361
	struct ovl_fs *ofs = sb->s_fs_info;
E
Erez Zadok 已提交
362

M
Miklos Szeredi 已提交
363 364 365 366
	seq_show_option(m, "lowerdir", ofs->config.lowerdir);
	if (ofs->config.upperdir) {
		seq_show_option(m, "upperdir", ofs->config.upperdir);
		seq_show_option(m, "workdir", ofs->config.workdir);
M
Miklos Szeredi 已提交
367
	}
M
Miklos Szeredi 已提交
368
	if (ofs->config.default_permissions)
M
Miklos Szeredi 已提交
369
		seq_puts(m, ",default_permissions");
370 371
	if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0)
		seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode);
M
Miklos Szeredi 已提交
372
	if (ofs->config.index != ovl_index_def)
373
		seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
374 375 376
	if (ofs->config.nfs_export != ovl_nfs_export_def)
		seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
						"on" : "off");
377 378
	if (ofs->config.xino != ovl_xino_def())
		seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]);
E
Erez Zadok 已提交
379 380 381
	return 0;
}

382 383
static int ovl_remount(struct super_block *sb, int *flags, char *data)
{
M
Miklos Szeredi 已提交
384
	struct ovl_fs *ofs = sb->s_fs_info;
385

386
	if (!(*flags & SB_RDONLY) && ovl_force_readonly(ofs))
387 388 389 390 391
		return -EROFS;

	return 0;
}

M
Miklos Szeredi 已提交
392
static const struct super_operations ovl_super_operations = {
393 394 395
	.alloc_inode	= ovl_alloc_inode,
	.destroy_inode	= ovl_destroy_inode,
	.drop_inode	= generic_delete_inode,
M
Miklos Szeredi 已提交
396
	.put_super	= ovl_put_super,
397
	.sync_fs	= ovl_sync_fs,
A
Andy Whitcroft 已提交
398
	.statfs		= ovl_statfs,
E
Erez Zadok 已提交
399
	.show_options	= ovl_show_options,
400
	.remount_fs	= ovl_remount,
M
Miklos Szeredi 已提交
401 402 403 404 405 406
};

enum {
	OPT_LOWERDIR,
	OPT_UPPERDIR,
	OPT_WORKDIR,
M
Miklos Szeredi 已提交
407
	OPT_DEFAULT_PERMISSIONS,
408
	OPT_REDIRECT_DIR,
409 410
	OPT_INDEX_ON,
	OPT_INDEX_OFF,
411 412
	OPT_NFS_EXPORT_ON,
	OPT_NFS_EXPORT_OFF,
413 414 415
	OPT_XINO_ON,
	OPT_XINO_OFF,
	OPT_XINO_AUTO,
M
Miklos Szeredi 已提交
416 417 418 419 420 421 422
	OPT_ERR,
};

static const match_table_t ovl_tokens = {
	{OPT_LOWERDIR,			"lowerdir=%s"},
	{OPT_UPPERDIR,			"upperdir=%s"},
	{OPT_WORKDIR,			"workdir=%s"},
M
Miklos Szeredi 已提交
423
	{OPT_DEFAULT_PERMISSIONS,	"default_permissions"},
424
	{OPT_REDIRECT_DIR,		"redirect_dir=%s"},
425 426
	{OPT_INDEX_ON,			"index=on"},
	{OPT_INDEX_OFF,			"index=off"},
427 428
	{OPT_NFS_EXPORT_ON,		"nfs_export=on"},
	{OPT_NFS_EXPORT_OFF,		"nfs_export=off"},
429 430 431
	{OPT_XINO_ON,			"xino=on"},
	{OPT_XINO_OFF,			"xino=off"},
	{OPT_XINO_AUTO,			"xino=auto"},
M
Miklos Szeredi 已提交
432 433 434
	{OPT_ERR,			NULL}
};

M
Miklos Szeredi 已提交
435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457
static char *ovl_next_opt(char **s)
{
	char *sbegin = *s;
	char *p;

	if (sbegin == NULL)
		return NULL;

	for (p = sbegin; *p; p++) {
		if (*p == '\\') {
			p++;
			if (!*p)
				break;
		} else if (*p == ',') {
			*p = '\0';
			*s = p + 1;
			return sbegin;
		}
	}
	*s = NULL;
	return sbegin;
}

458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480
static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode)
{
	if (strcmp(mode, "on") == 0) {
		config->redirect_dir = true;
		/*
		 * Does not make sense to have redirect creation without
		 * redirect following.
		 */
		config->redirect_follow = true;
	} else if (strcmp(mode, "follow") == 0) {
		config->redirect_follow = true;
	} else if (strcmp(mode, "off") == 0) {
		if (ovl_redirect_always_follow)
			config->redirect_follow = true;
	} else if (strcmp(mode, "nofollow") != 0) {
		pr_err("overlayfs: bad mount option \"redirect_dir=%s\"\n",
		       mode);
		return -EINVAL;
	}

	return 0;
}

M
Miklos Szeredi 已提交
481 482 483 484
static int ovl_parse_opt(char *opt, struct ovl_config *config)
{
	char *p;

485 486 487 488
	config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL);
	if (!config->redirect_mode)
		return -ENOMEM;

M
Miklos Szeredi 已提交
489
	while ((p = ovl_next_opt(&opt)) != NULL) {
M
Miklos Szeredi 已提交
490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518
		int token;
		substring_t args[MAX_OPT_ARGS];

		if (!*p)
			continue;

		token = match_token(p, ovl_tokens, args);
		switch (token) {
		case OPT_UPPERDIR:
			kfree(config->upperdir);
			config->upperdir = match_strdup(&args[0]);
			if (!config->upperdir)
				return -ENOMEM;
			break;

		case OPT_LOWERDIR:
			kfree(config->lowerdir);
			config->lowerdir = match_strdup(&args[0]);
			if (!config->lowerdir)
				return -ENOMEM;
			break;

		case OPT_WORKDIR:
			kfree(config->workdir);
			config->workdir = match_strdup(&args[0]);
			if (!config->workdir)
				return -ENOMEM;
			break;

M
Miklos Szeredi 已提交
519 520 521 522
		case OPT_DEFAULT_PERMISSIONS:
			config->default_permissions = true;
			break;

523 524 525 526 527
		case OPT_REDIRECT_DIR:
			kfree(config->redirect_mode);
			config->redirect_mode = match_strdup(&args[0]);
			if (!config->redirect_mode)
				return -ENOMEM;
M
Miklos Szeredi 已提交
528 529
			break;

530 531 532 533 534 535 536 537
		case OPT_INDEX_ON:
			config->index = true;
			break;

		case OPT_INDEX_OFF:
			config->index = false;
			break;

538 539 540 541 542 543 544 545
		case OPT_NFS_EXPORT_ON:
			config->nfs_export = true;
			break;

		case OPT_NFS_EXPORT_OFF:
			config->nfs_export = false;
			break;

546 547 548 549 550 551 552 553 554 555 556 557
		case OPT_XINO_ON:
			config->xino = OVL_XINO_ON;
			break;

		case OPT_XINO_OFF:
			config->xino = OVL_XINO_OFF;
			break;

		case OPT_XINO_AUTO:
			config->xino = OVL_XINO_AUTO;
			break;

M
Miklos Szeredi 已提交
558
		default:
559
			pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p);
M
Miklos Szeredi 已提交
560 561 562
			return -EINVAL;
		}
	}
H
hujianyang 已提交
563 564 565 566 567 568 569 570 571

	/* Workdir is useless in non-upper mount */
	if (!config->upperdir && config->workdir) {
		pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
			config->workdir);
		kfree(config->workdir);
		config->workdir = NULL;
	}

572
	return ovl_parse_redirect_mode(config, config->redirect_mode);
M
Miklos Szeredi 已提交
573 574 575
}

#define OVL_WORKDIR_NAME "work"
576
#define OVL_INDEXDIR_NAME "index"
M
Miklos Szeredi 已提交
577

M
Miklos Szeredi 已提交
578
static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
579
					 const char *name, bool persist)
M
Miklos Szeredi 已提交
580
{
M
Miklos Szeredi 已提交
581 582
	struct inode *dir =  ofs->workbasedir->d_inode;
	struct vfsmount *mnt = ofs->upper_mnt;
M
Miklos Szeredi 已提交
583 584 585
	struct dentry *work;
	int err;
	bool retried = false;
586
	bool locked = false;
M
Miklos Szeredi 已提交
587

A
Al Viro 已提交
588
	inode_lock_nested(dir, I_MUTEX_PARENT);
589 590
	locked = true;

M
Miklos Szeredi 已提交
591
retry:
M
Miklos Szeredi 已提交
592
	work = lookup_one_len(name, ofs->workbasedir, strlen(name));
M
Miklos Szeredi 已提交
593 594

	if (!IS_ERR(work)) {
595 596
		struct iattr attr = {
			.ia_valid = ATTR_MODE,
A
Al Viro 已提交
597
			.ia_mode = S_IFDIR | 0,
598
		};
M
Miklos Szeredi 已提交
599 600 601 602 603 604

		if (work->d_inode) {
			err = -EEXIST;
			if (retried)
				goto out_dput;

605 606 607
			if (persist)
				goto out_unlock;

M
Miklos Szeredi 已提交
608
			retried = true;
M
Miklos Szeredi 已提交
609
			ovl_workdir_cleanup(dir, mnt, work, 0);
M
Miklos Szeredi 已提交
610 611 612 613
			dput(work);
			goto retry;
		}

614 615 616 617
		work = ovl_create_real(dir, work, OVL_CATTR(attr.ia_mode));
		err = PTR_ERR(work);
		if (IS_ERR(work))
			goto out_err;
618

619 620 621 622 623 624 625 626 627 628 629 630 631
		/*
		 * Try to remove POSIX ACL xattrs from workdir.  We are good if:
		 *
		 * a) success (there was a POSIX ACL xattr and was removed)
		 * b) -ENODATA (there was no POSIX ACL xattr)
		 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
		 *
		 * There are various other error values that could effectively
		 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
		 * if the xattr name is too long), but the set of filesystems
		 * allowed as upper are limited to "normal" ones, where checking
		 * for the above two errors is sufficient.
		 */
632
		err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
M
Miklos Szeredi 已提交
633
		if (err && err != -ENODATA && err != -EOPNOTSUPP)
634 635 636
			goto out_dput;

		err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
M
Miklos Szeredi 已提交
637
		if (err && err != -ENODATA && err != -EOPNOTSUPP)
638 639 640 641 642 643 644 645
			goto out_dput;

		/* Clear any inherited mode bits */
		inode_lock(work->d_inode);
		err = notify_change(work, &attr, NULL);
		inode_unlock(work->d_inode);
		if (err)
			goto out_dput;
646 647 648
	} else {
		err = PTR_ERR(work);
		goto out_err;
M
Miklos Szeredi 已提交
649 650
	}
out_unlock:
651 652
	if (locked)
		inode_unlock(dir);
M
Miklos Szeredi 已提交
653 654 655 656 657

	return work;

out_dput:
	dput(work);
658 659
out_err:
	pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n",
M
Miklos Szeredi 已提交
660
		ofs->config.workdir, name, -err);
661
	work = NULL;
M
Miklos Szeredi 已提交
662 663 664
	goto out_unlock;
}

M
Miklos Szeredi 已提交
665 666 667 668 669 670 671 672 673 674 675 676 677
static void ovl_unescape(char *s)
{
	char *d = s;

	for (;; s++, d++) {
		if (*s == '\\')
			s++;
		*d = *s;
		if (!*s)
			break;
	}
}

M
Miklos Szeredi 已提交
678 679
static int ovl_mount_dir_noesc(const char *name, struct path *path)
{
680
	int err = -EINVAL;
M
Miklos Szeredi 已提交
681

682 683 684 685
	if (!*name) {
		pr_err("overlayfs: empty lowerdir\n");
		goto out;
	}
M
Miklos Szeredi 已提交
686 687 688 689 690 691
	err = kern_path(name, LOOKUP_FOLLOW, path);
	if (err) {
		pr_err("overlayfs: failed to resolve '%s': %i\n", name, err);
		goto out;
	}
	err = -EINVAL;
692
	if (ovl_dentry_weird(path->dentry)) {
M
Miklos Szeredi 已提交
693 694 695
		pr_err("overlayfs: filesystem on '%s' not supported\n", name);
		goto out_put;
	}
M
Miklos Szeredi 已提交
696
	if (!d_is_dir(path->dentry)) {
M
Miklos Szeredi 已提交
697 698 699 700 701 702
		pr_err("overlayfs: '%s' not a directory\n", name);
		goto out_put;
	}
	return 0;

out_put:
703
	path_put_init(path);
M
Miklos Szeredi 已提交
704 705 706 707 708 709 710 711 712 713 714 715
out:
	return err;
}

static int ovl_mount_dir(const char *name, struct path *path)
{
	int err = -ENOMEM;
	char *tmp = kstrdup(name, GFP_KERNEL);

	if (tmp) {
		ovl_unescape(tmp);
		err = ovl_mount_dir_noesc(tmp, path);
716 717 718 719 720

		if (!err)
			if (ovl_dentry_remote(path->dentry)) {
				pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n",
				       tmp);
721
				path_put_init(path);
722 723
				err = -EINVAL;
			}
M
Miklos Szeredi 已提交
724 725 726 727 728
		kfree(tmp);
	}
	return err;
}

M
Miklos Szeredi 已提交
729 730
static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
			     const char *name)
M
Miklos Szeredi 已提交
731 732
{
	struct kstatfs statfs;
M
Miklos Szeredi 已提交
733 734 735 736 737 738 739 740 741 742 743 744 745
	int err = vfs_statfs(path, &statfs);

	if (err)
		pr_err("overlayfs: statfs failed on '%s'\n", name);
	else
		ofs->namelen = max(ofs->namelen, statfs.f_namelen);

	return err;
}

static int ovl_lower_dir(const char *name, struct path *path,
			 struct ovl_fs *ofs, int *stack_depth, bool *remote)
{
746
	int fh_type;
M
Miklos Szeredi 已提交
747
	int err;
M
Miklos Szeredi 已提交
748

749
	err = ovl_mount_dir_noesc(name, path);
M
Miklos Szeredi 已提交
750 751 752
	if (err)
		goto out;

M
Miklos Szeredi 已提交
753 754
	err = ovl_check_namelen(path, ofs, name);
	if (err)
M
Miklos Szeredi 已提交
755
		goto out_put;
M
Miklos Szeredi 已提交
756

M
Miklos Szeredi 已提交
757 758
	*stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);

759 760 761
	if (ovl_dentry_remote(path->dentry))
		*remote = true;

762
	/*
763 764
	 * The inodes index feature and NFS export need to encode and decode
	 * file handles, so they require that all layers support them.
765
	 */
766
	fh_type = ovl_can_decode_fh(path->dentry->d_sb);
767
	if ((ofs->config.nfs_export ||
768
	     (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
769
		ofs->config.index = false;
770 771 772
		ofs->config.nfs_export = false;
		pr_warn("overlayfs: fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
			name);
773 774
	}

775 776 777 778
	/* Check if lower fs has 32bit inode numbers */
	if (fh_type != FILEID_INO32_GEN)
		ofs->xino_bits = 0;

M
Miklos Szeredi 已提交
779 780 781
	return 0;

out_put:
782
	path_put_init(path);
M
Miklos Szeredi 已提交
783 784 785 786
out:
	return err;
}

M
Miklos Szeredi 已提交
787 788 789 790 791 792 793 794 795 796 797 798
/* Workdir should not be subdir of upperdir and vice versa */
static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
{
	bool ok = false;

	if (workdir != upperdir) {
		ok = (lock_rename(workdir, upperdir) == NULL);
		unlock_rename(workdir, upperdir);
	}
	return ok;
}

799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818
static unsigned int ovl_split_lowerdirs(char *str)
{
	unsigned int ctr = 1;
	char *s, *d;

	for (s = d = str;; s++, d++) {
		if (*s == '\\') {
			s++;
		} else if (*s == ':') {
			*d = '\0';
			ctr++;
			continue;
		}
		*d = *s;
		if (!*s)
			break;
	}
	return ctr;
}

819 820 821 822 823
static int __maybe_unused
ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
			struct dentry *dentry, struct inode *inode,
			const char *name, void *buffer, size_t size)
{
824
	return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
825 826
}

827 828 829 830 831
static int __maybe_unused
ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
			struct dentry *dentry, struct inode *inode,
			const char *name, const void *value,
			size_t size, int flags)
M
Miklos Szeredi 已提交
832 833
{
	struct dentry *workdir = ovl_workdir(dentry);
834
	struct inode *realinode = ovl_inode_real(inode);
M
Miklos Szeredi 已提交
835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858
	struct posix_acl *acl = NULL;
	int err;

	/* Check that everything is OK before copy-up */
	if (value) {
		acl = posix_acl_from_xattr(&init_user_ns, value, size);
		if (IS_ERR(acl))
			return PTR_ERR(acl);
	}
	err = -EOPNOTSUPP;
	if (!IS_POSIXACL(d_inode(workdir)))
		goto out_acl_release;
	if (!realinode->i_op->set_acl)
		goto out_acl_release;
	if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
		err = acl ? -EACCES : 0;
		goto out_acl_release;
	}
	err = -EPERM;
	if (!inode_owner_or_capable(inode))
		goto out_acl_release;

	posix_acl_release(acl);

859 860 861 862 863 864 865 866 867 868 869 870 871 872 873
	/*
	 * Check if sgid bit needs to be cleared (actual setacl operation will
	 * be done with mounter's capabilities and so that won't do it for us).
	 */
	if (unlikely(inode->i_mode & S_ISGID) &&
	    handler->flags == ACL_TYPE_ACCESS &&
	    !in_group_p(inode->i_gid) &&
	    !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
		struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };

		err = ovl_setattr(dentry, &iattr);
		if (err)
			return err;
	}

874
	err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
875
	if (!err)
876
		ovl_copyattr(ovl_inode_real(inode), inode);
877 878

	return err;
M
Miklos Szeredi 已提交
879 880 881 882 883 884

out_acl_release:
	posix_acl_release(acl);
	return err;
}

885 886 887 888
static int ovl_own_xattr_get(const struct xattr_handler *handler,
			     struct dentry *dentry, struct inode *inode,
			     const char *name, void *buffer, size_t size)
{
A
Amir Goldstein 已提交
889
	return -EOPNOTSUPP;
890 891
}

M
Miklos Szeredi 已提交
892 893 894 895 896
static int ovl_own_xattr_set(const struct xattr_handler *handler,
			     struct dentry *dentry, struct inode *inode,
			     const char *name, const void *value,
			     size_t size, int flags)
{
A
Amir Goldstein 已提交
897
	return -EOPNOTSUPP;
M
Miklos Szeredi 已提交
898 899
}

900 901 902 903
static int ovl_other_xattr_get(const struct xattr_handler *handler,
			       struct dentry *dentry, struct inode *inode,
			       const char *name, void *buffer, size_t size)
{
904
	return ovl_xattr_get(dentry, inode, name, buffer, size);
905 906
}

907 908 909 910 911
static int ovl_other_xattr_set(const struct xattr_handler *handler,
			       struct dentry *dentry, struct inode *inode,
			       const char *name, const void *value,
			       size_t size, int flags)
{
912
	return ovl_xattr_set(dentry, inode, name, value, size, flags);
913 914
}

915 916
static const struct xattr_handler __maybe_unused
ovl_posix_acl_access_xattr_handler = {
M
Miklos Szeredi 已提交
917 918
	.name = XATTR_NAME_POSIX_ACL_ACCESS,
	.flags = ACL_TYPE_ACCESS,
919
	.get = ovl_posix_acl_xattr_get,
M
Miklos Szeredi 已提交
920 921 922
	.set = ovl_posix_acl_xattr_set,
};

923 924
static const struct xattr_handler __maybe_unused
ovl_posix_acl_default_xattr_handler = {
M
Miklos Szeredi 已提交
925 926
	.name = XATTR_NAME_POSIX_ACL_DEFAULT,
	.flags = ACL_TYPE_DEFAULT,
927
	.get = ovl_posix_acl_xattr_get,
M
Miklos Szeredi 已提交
928 929 930 931 932
	.set = ovl_posix_acl_xattr_set,
};

static const struct xattr_handler ovl_own_xattr_handler = {
	.prefix	= OVL_XATTR_PREFIX,
933
	.get = ovl_own_xattr_get,
M
Miklos Szeredi 已提交
934 935 936 937 938
	.set = ovl_own_xattr_set,
};

static const struct xattr_handler ovl_other_xattr_handler = {
	.prefix	= "", /* catch all */
939
	.get = ovl_other_xattr_get,
M
Miklos Szeredi 已提交
940 941 942 943
	.set = ovl_other_xattr_set,
};

static const struct xattr_handler *ovl_xattr_handlers[] = {
944
#ifdef CONFIG_FS_POSIX_ACL
M
Miklos Szeredi 已提交
945 946
	&ovl_posix_acl_access_xattr_handler,
	&ovl_posix_acl_default_xattr_handler,
947
#endif
M
Miklos Szeredi 已提交
948 949 950 951 952
	&ovl_own_xattr_handler,
	&ovl_other_xattr_handler,
	NULL
};

M
Miklos Szeredi 已提交
953
static int ovl_get_upper(struct ovl_fs *ofs, struct path *upperpath)
954
{
M
Miklos Szeredi 已提交
955
	struct vfsmount *upper_mnt;
956 957
	int err;

M
Miklos Szeredi 已提交
958
	err = ovl_mount_dir(ofs->config.upperdir, upperpath);
959 960 961 962 963 964 965 966 967 968
	if (err)
		goto out;

	/* Upper fs should not be r/o */
	if (sb_rdonly(upperpath->mnt->mnt_sb)) {
		pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n");
		err = -EINVAL;
		goto out;
	}

M
Miklos Szeredi 已提交
969
	err = ovl_check_namelen(upperpath, ofs, ofs->config.upperdir);
970 971 972 973 974
	if (err)
		goto out;

	err = -EBUSY;
	if (ovl_inuse_trylock(upperpath->dentry)) {
M
Miklos Szeredi 已提交
975 976
		ofs->upperdir_locked = true;
	} else if (ofs->config.index) {
977 978 979 980 981
		pr_err("overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection.\n");
		goto out;
	} else {
		pr_warn("overlayfs: upperdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
	}
M
Miklos Szeredi 已提交
982 983 984 985 986 987 988 989 990 991

	upper_mnt = clone_private_mount(upperpath);
	err = PTR_ERR(upper_mnt);
	if (IS_ERR(upper_mnt)) {
		pr_err("overlayfs: failed to clone upperpath\n");
		goto out;
	}

	/* Don't inherit atime flags */
	upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
M
Miklos Szeredi 已提交
992
	ofs->upper_mnt = upper_mnt;
993 994 995 996 997
	err = 0;
out:
	return err;
}

M
Miklos Szeredi 已提交
998
static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath)
999
{
1000
	struct vfsmount *mnt = ofs->upper_mnt;
1001
	struct dentry *temp;
1002
	int fh_type;
1003 1004
	int err;

1005 1006 1007 1008
	err = mnt_want_write(mnt);
	if (err)
		return err;

M
Miklos Szeredi 已提交
1009 1010
	ofs->workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, false);
	if (!ofs->workdir)
1011
		goto out;
1012 1013 1014 1015 1016 1017 1018 1019 1020

	/*
	 * Upper should support d_type, else whiteouts are visible.  Given
	 * workdir and upper are on same fs, we can do iterate_dir() on
	 * workdir. This check requires successful creation of workdir in
	 * previous step.
	 */
	err = ovl_check_d_type_supported(workpath);
	if (err < 0)
1021
		goto out;
1022 1023 1024 1025 1026 1027 1028 1029 1030

	/*
	 * We allowed this configuration and don't want to break users over
	 * kernel upgrade. So warn instead of erroring out.
	 */
	if (!err)
		pr_warn("overlayfs: upper fs needs to support d_type.\n");

	/* Check if upper/work fs supports O_TMPFILE */
M
Miklos Szeredi 已提交
1031 1032 1033
	temp = ovl_do_tmpfile(ofs->workdir, S_IFREG | 0);
	ofs->tmpfile = !IS_ERR(temp);
	if (ofs->tmpfile)
1034 1035 1036 1037 1038 1039 1040
		dput(temp);
	else
		pr_warn("overlayfs: upper fs does not support tmpfile.\n");

	/*
	 * Check if upper/work fs supports trusted.overlay.* xattr
	 */
M
Miklos Szeredi 已提交
1041
	err = ovl_do_setxattr(ofs->workdir, OVL_XATTR_OPAQUE, "0", 1, 0);
1042
	if (err) {
M
Miklos Szeredi 已提交
1043
		ofs->noxattr = true;
1044 1045
		ofs->config.index = false;
		pr_warn("overlayfs: upper fs does not support xattr, falling back to index=off.\n");
1046
		err = 0;
1047
	} else {
M
Miklos Szeredi 已提交
1048
		vfs_removexattr(ofs->workdir, OVL_XATTR_OPAQUE);
1049 1050 1051
	}

	/* Check if upper/work fs supports file handles */
1052 1053
	fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
	if (ofs->config.index && !fh_type) {
M
Miklos Szeredi 已提交
1054
		ofs->config.index = false;
1055 1056 1057
		pr_warn("overlayfs: upper fs does not support file handles, falling back to index=off.\n");
	}

1058 1059 1060 1061
	/* Check if upper fs has 32bit inode numbers */
	if (fh_type != FILEID_INO32_GEN)
		ofs->xino_bits = 0;

1062 1063 1064 1065 1066 1067
	/* NFS export of r/w mount depends on index */
	if (ofs->config.nfs_export && !ofs->config.index) {
		pr_warn("overlayfs: NFS export requires \"index=on\", falling back to nfs_export=off.\n");
		ofs->config.nfs_export = false;
	}

1068 1069 1070
out:
	mnt_drop_write(mnt);
	return err;
1071 1072
}

M
Miklos Szeredi 已提交
1073
static int ovl_get_workdir(struct ovl_fs *ofs, struct path *upperpath)
1074 1075
{
	int err;
M
Miklos Szeredi 已提交
1076
	struct path workpath = { };
1077

M
Miklos Szeredi 已提交
1078
	err = ovl_mount_dir(ofs->config.workdir, &workpath);
1079 1080 1081 1082
	if (err)
		goto out;

	err = -EINVAL;
M
Miklos Szeredi 已提交
1083
	if (upperpath->mnt != workpath.mnt) {
1084 1085 1086
		pr_err("overlayfs: workdir and upperdir must reside under the same mount\n");
		goto out;
	}
M
Miklos Szeredi 已提交
1087
	if (!ovl_workdir_ok(workpath.dentry, upperpath->dentry)) {
1088 1089 1090 1091 1092
		pr_err("overlayfs: workdir and upperdir must be separate subtrees\n");
		goto out;
	}

	err = -EBUSY;
M
Miklos Szeredi 已提交
1093
	if (ovl_inuse_trylock(workpath.dentry)) {
M
Miklos Szeredi 已提交
1094 1095
		ofs->workdir_locked = true;
	} else if (ofs->config.index) {
1096 1097 1098 1099 1100 1101
		pr_err("overlayfs: workdir is in-use by another mount, mount with '-o index=off' to override exclusive workdir protection.\n");
		goto out;
	} else {
		pr_warn("overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
	}

M
Miklos Szeredi 已提交
1102 1103
	ofs->workbasedir = dget(workpath.dentry);
	err = ovl_make_workdir(ofs, &workpath);
M
Miklos Szeredi 已提交
1104 1105 1106
	if (err)
		goto out;

1107 1108
	err = 0;
out:
M
Miklos Szeredi 已提交
1109 1110
	path_put(&workpath);

1111 1112 1113
	return err;
}

M
Miklos Szeredi 已提交
1114
static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
1115
			    struct path *upperpath)
1116
{
1117
	struct vfsmount *mnt = ofs->upper_mnt;
1118 1119
	int err;

1120 1121 1122 1123
	err = mnt_want_write(mnt);
	if (err)
		return err;

1124
	/* Verify lower root is upper root origin */
1125
	err = ovl_verify_origin(upperpath->dentry, oe->lowerstack[0].dentry,
1126
				true);
1127 1128 1129 1130 1131
	if (err) {
		pr_err("overlayfs: failed to verify upper root origin\n");
		goto out;
	}

M
Miklos Szeredi 已提交
1132 1133
	ofs->indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
	if (ofs->indexdir) {
1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148
		/*
		 * Verify upper root is exclusively associated with index dir.
		 * Older kernels stored upper fh in "trusted.overlay.origin"
		 * xattr. If that xattr exists, verify that it is a match to
		 * upper dir file handle. In any case, verify or set xattr
		 * "trusted.overlay.upper" to indicate that index may have
		 * directory entries.
		 */
		if (ovl_check_origin_xattr(ofs->indexdir)) {
			err = ovl_verify_set_fh(ofs->indexdir, OVL_XATTR_ORIGIN,
						upperpath->dentry, true, false);
			if (err)
				pr_err("overlayfs: failed to verify index dir 'origin' xattr\n");
		}
		err = ovl_verify_upper(ofs->indexdir, upperpath->dentry, true);
1149
		if (err)
1150
			pr_err("overlayfs: failed to verify index dir 'upper' xattr\n");
1151 1152 1153

		/* Cleanup bad/stale/orphan index entries */
		if (!err)
1154
			err = ovl_indexdir_cleanup(ofs);
1155
	}
M
Miklos Szeredi 已提交
1156
	if (err || !ofs->indexdir)
1157 1158 1159
		pr_warn("overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");

out:
1160
	mnt_drop_write(mnt);
1161 1162 1163
	return err;
}

1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192
/* Get a unique fsid for the layer */
static int ovl_get_fsid(struct ovl_fs *ofs, struct super_block *sb)
{
	unsigned int i;
	dev_t dev;
	int err;

	/* fsid 0 is reserved for upper fs even with non upper overlay */
	if (ofs->upper_mnt && ofs->upper_mnt->mnt_sb == sb)
		return 0;

	for (i = 0; i < ofs->numlowerfs; i++) {
		if (ofs->lower_fs[i].sb == sb)
			return i + 1;
	}

	err = get_anon_bdev(&dev);
	if (err) {
		pr_err("overlayfs: failed to get anonymous bdev for lowerpath\n");
		return err;
	}

	ofs->lower_fs[ofs->numlowerfs].sb = sb;
	ofs->lower_fs[ofs->numlowerfs].pseudo_dev = dev;
	ofs->numlowerfs++;

	return ofs->numlowerfs;
}

M
Miklos Szeredi 已提交
1193
static int ovl_get_lower_layers(struct ovl_fs *ofs, struct path *stack,
1194 1195 1196 1197 1198 1199
				unsigned int numlower)
{
	int err;
	unsigned int i;

	err = -ENOMEM;
M
Miklos Szeredi 已提交
1200
	ofs->lower_layers = kcalloc(numlower, sizeof(struct ovl_layer),
1201
				    GFP_KERNEL);
M
Miklos Szeredi 已提交
1202
	if (ofs->lower_layers == NULL)
1203
		goto out;
1204 1205 1206 1207 1208 1209

	ofs->lower_fs = kcalloc(numlower, sizeof(struct ovl_sb),
				GFP_KERNEL);
	if (ofs->lower_fs == NULL)
		goto out;

1210 1211
	for (i = 0; i < numlower; i++) {
		struct vfsmount *mnt;
1212
		int fsid;
1213

1214 1215
		err = fsid = ovl_get_fsid(ofs, stack[i].mnt->mnt_sb);
		if (err < 0)
1216 1217 1218 1219 1220 1221 1222 1223
			goto out;

		mnt = clone_private_mount(&stack[i]);
		err = PTR_ERR(mnt);
		if (IS_ERR(mnt)) {
			pr_err("overlayfs: failed to clone lowerpath\n");
			goto out;
		}
1224

1225 1226 1227 1228 1229 1230
		/*
		 * Make lower layers R/O.  That way fchmod/fchown on lower file
		 * will fail instead of modifying lower fs.
		 */
		mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;

M
Miklos Szeredi 已提交
1231
		ofs->lower_layers[ofs->numlower].mnt = mnt;
1232
		ofs->lower_layers[ofs->numlower].idx = i + 1;
1233 1234 1235 1236 1237
		ofs->lower_layers[ofs->numlower].fsid = fsid;
		if (fsid) {
			ofs->lower_layers[ofs->numlower].fs =
				&ofs->lower_fs[fsid - 1];
		}
M
Miklos Szeredi 已提交
1238
		ofs->numlower++;
1239
	}
1240

1241 1242 1243 1244 1245 1246 1247 1248 1249
	/*
	 * When all layers on same fs, overlay can use real inode numbers.
	 * With mount option "xino=on", mounter declares that there are enough
	 * free high bits in underlying fs to hold the unique fsid.
	 * If overlayfs does encounter underlying inodes using the high xino
	 * bits reserved for fsid, it emits a warning and uses the original
	 * inode number.
	 */
	if (!ofs->numlowerfs || (ofs->numlowerfs == 1 && !ofs->upper_mnt)) {
1250
		ofs->xino_bits = 0;
1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265
		ofs->config.xino = OVL_XINO_OFF;
	} else if (ofs->config.xino == OVL_XINO_ON && !ofs->xino_bits) {
		/*
		 * This is a roundup of number of bits needed for numlowerfs+1
		 * (i.e. ilog2(numlowerfs+1 - 1) + 1). fsid 0 is reserved for
		 * upper fs even with non upper overlay.
		 */
		BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 31);
		ofs->xino_bits = ilog2(ofs->numlowerfs) + 1;
	}

	if (ofs->xino_bits) {
		pr_info("overlayfs: \"xino\" feature enabled using %d upper inode bits.\n",
			ofs->xino_bits);
	}
1266

1267 1268 1269 1270 1271
	err = 0;
out:
	return err;
}

1272
static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
M
Miklos Szeredi 已提交
1273
					    struct ovl_fs *ofs)
1274 1275 1276
{
	int err;
	char *lowertmp, *lower;
1277 1278
	struct path *stack = NULL;
	unsigned int stacklen, numlower = 0, i;
1279
	bool remote = false;
1280
	struct ovl_entry *oe;
1281 1282

	err = -ENOMEM;
M
Miklos Szeredi 已提交
1283
	lowertmp = kstrdup(ofs->config.lowerdir, GFP_KERNEL);
1284
	if (!lowertmp)
1285
		goto out_err;
1286 1287 1288 1289 1290 1291

	err = -EINVAL;
	stacklen = ovl_split_lowerdirs(lowertmp);
	if (stacklen > OVL_MAX_STACK) {
		pr_err("overlayfs: too many lower directories, limit is %d\n",
		       OVL_MAX_STACK);
1292
		goto out_err;
M
Miklos Szeredi 已提交
1293
	} else if (!ofs->config.upperdir && stacklen == 1) {
1294
		pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n");
1295
		goto out_err;
1296 1297 1298 1299
	} else if (!ofs->config.upperdir && ofs->config.nfs_export &&
		   ofs->config.redirect_follow) {
		pr_warn("overlayfs: NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
		ofs->config.nfs_export = false;
1300 1301 1302 1303 1304
	}

	err = -ENOMEM;
	stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL);
	if (!stack)
1305
		goto out_err;
1306 1307 1308 1309

	err = -EINVAL;
	lower = lowertmp;
	for (numlower = 0; numlower < stacklen; numlower++) {
M
Miklos Szeredi 已提交
1310
		err = ovl_lower_dir(lower, &stack[numlower], ofs,
1311 1312
				    &sb->s_stack_depth, &remote);
		if (err)
1313
			goto out_err;
1314 1315 1316 1317 1318 1319 1320 1321

		lower = strchr(lower, '\0') + 1;
	}

	err = -EINVAL;
	sb->s_stack_depth++;
	if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
		pr_err("overlayfs: maximum fs stacking depth exceeded\n");
1322
		goto out_err;
1323 1324
	}

M
Miklos Szeredi 已提交
1325
	err = ovl_get_lower_layers(ofs, stack, numlower);
1326 1327 1328 1329 1330 1331 1332 1333 1334 1335
	if (err)
		goto out_err;

	err = -ENOMEM;
	oe = ovl_alloc_entry(numlower);
	if (!oe)
		goto out_err;

	for (i = 0; i < numlower; i++) {
		oe->lowerstack[i].dentry = dget(stack[i].dentry);
M
Miklos Szeredi 已提交
1336
		oe->lowerstack[i].layer = &ofs->lower_layers[i];
1337
	}
1338 1339 1340 1341 1342 1343 1344 1345 1346 1347

	if (remote)
		sb->s_d_op = &ovl_reval_dentry_operations;
	else
		sb->s_d_op = &ovl_dentry_operations;

out:
	for (i = 0; i < numlower; i++)
		path_put(&stack[i]);
	kfree(stack);
1348 1349 1350 1351 1352 1353
	kfree(lowertmp);

	return oe;

out_err:
	oe = ERR_PTR(err);
1354 1355 1356
	goto out;
}

M
Miklos Szeredi 已提交
1357 1358
static int ovl_fill_super(struct super_block *sb, void *data, int silent)
{
K
Kees Cook 已提交
1359
	struct path upperpath = { };
M
Miklos Szeredi 已提交
1360
	struct dentry *root_dentry;
1361
	struct ovl_entry *oe;
M
Miklos Szeredi 已提交
1362
	struct ovl_fs *ofs;
1363
	struct cred *cred;
M
Miklos Szeredi 已提交
1364 1365
	int err;

E
Erez Zadok 已提交
1366
	err = -ENOMEM;
M
Miklos Szeredi 已提交
1367 1368
	ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
	if (!ofs)
M
Miklos Szeredi 已提交
1369 1370
		goto out;

M
Miklos Szeredi 已提交
1371
	ofs->creator_cred = cred = prepare_creds();
1372 1373 1374
	if (!cred)
		goto out_err;

M
Miklos Szeredi 已提交
1375
	ofs->config.index = ovl_index_def;
1376
	ofs->config.nfs_export = ovl_nfs_export_def;
1377
	ofs->config.xino = ovl_xino_def();
M
Miklos Szeredi 已提交
1378
	err = ovl_parse_opt((char *) data, &ofs->config);
E
Erez Zadok 已提交
1379
	if (err)
1380
		goto out_err;
E
Erez Zadok 已提交
1381

M
Miklos Szeredi 已提交
1382
	err = -EINVAL;
M
Miklos Szeredi 已提交
1383
	if (!ofs->config.lowerdir) {
1384 1385
		if (!silent)
			pr_err("overlayfs: missing 'lowerdir'\n");
1386
		goto out_err;
M
Miklos Szeredi 已提交
1387 1388
	}

M
Miklos Szeredi 已提交
1389
	sb->s_stack_depth = 0;
1390
	sb->s_maxbytes = MAX_LFS_FILESIZE;
1391
	/* Assume underlaying fs uses 32bit inodes unless proven otherwise */
1392 1393 1394
	if (ofs->config.xino != OVL_XINO_OFF)
		ofs->xino_bits = BITS_PER_LONG - 32;

M
Miklos Szeredi 已提交
1395 1396
	if (ofs->config.upperdir) {
		if (!ofs->config.workdir) {
M
Miklos Szeredi 已提交
1397
			pr_err("overlayfs: missing 'workdir'\n");
1398
			goto out_err;
M
Miklos Szeredi 已提交
1399
		}
M
Miklos Szeredi 已提交
1400

M
Miklos Szeredi 已提交
1401
		err = ovl_get_upper(ofs, &upperpath);
M
Miklos Szeredi 已提交
1402
		if (err)
1403
			goto out_err;
1404

M
Miklos Szeredi 已提交
1405
		err = ovl_get_workdir(ofs, &upperpath);
1406
		if (err)
1407
			goto out_err;
1408

M
Miklos Szeredi 已提交
1409
		if (!ofs->workdir)
1410
			sb->s_flags |= SB_RDONLY;
1411

M
Miklos Szeredi 已提交
1412 1413
		sb->s_stack_depth = ofs->upper_mnt->mnt_sb->s_stack_depth;
		sb->s_time_gran = ofs->upper_mnt->mnt_sb->s_time_gran;
1414

M
Miklos Szeredi 已提交
1415
	}
M
Miklos Szeredi 已提交
1416
	oe = ovl_get_lowerstack(sb, ofs);
1417 1418
	err = PTR_ERR(oe);
	if (IS_ERR(oe))
1419
		goto out_err;
M
Miklos Szeredi 已提交
1420

H
hujianyang 已提交
1421
	/* If the upper fs is nonexistent, we mark overlayfs r/o too */
M
Miklos Szeredi 已提交
1422
	if (!ofs->upper_mnt)
1423
		sb->s_flags |= SB_RDONLY;
M
Miklos Szeredi 已提交
1424

M
Miklos Szeredi 已提交
1425 1426
	if (!(ovl_force_readonly(ofs)) && ofs->config.index) {
		err = ovl_get_indexdir(ofs, oe, &upperpath);
1427
		if (err)
1428
			goto out_free_oe;
1429

1430 1431 1432 1433
		/* Force r/o mount with no index dir */
		if (!ofs->indexdir) {
			dput(ofs->workdir);
			ofs->workdir = NULL;
1434
			sb->s_flags |= SB_RDONLY;
1435 1436
		}

1437 1438
	}

1439
	/* Show index=off in /proc/mounts for forced r/o mount */
1440
	if (!ofs->indexdir) {
M
Miklos Szeredi 已提交
1441
		ofs->config.index = false;
1442 1443 1444 1445 1446
		if (ofs->upper_mnt && ofs->config.nfs_export) {
			pr_warn("overlayfs: NFS export requires an index dir, falling back to nfs_export=off.\n");
			ofs->config.nfs_export = false;
		}
	}
1447

1448 1449 1450
	if (ofs->config.nfs_export)
		sb->s_export_op = &ovl_export_operations;

1451 1452 1453
	/* Never override disk quota limits or use reserved space */
	cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);

1454 1455 1456
	sb->s_magic = OVERLAYFS_SUPER_MAGIC;
	sb->s_op = &ovl_super_operations;
	sb->s_xattr = ovl_xattr_handlers;
M
Miklos Szeredi 已提交
1457
	sb->s_fs_info = ofs;
1458
	sb->s_flags |= SB_POSIXACL | SB_NOREMOTELOCK;
1459

1460
	err = -ENOMEM;
1461
	root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
M
Miklos Szeredi 已提交
1462
	if (!root_dentry)
1463
		goto out_free_oe;
M
Miklos Szeredi 已提交
1464

1465 1466
	root_dentry->d_fsdata = oe;

M
Miklos Szeredi 已提交
1467
	mntput(upperpath.mnt);
1468
	if (upperpath.dentry) {
1469
		ovl_dentry_set_upper_alias(root_dentry);
M
Miklos Szeredi 已提交
1470 1471
		if (ovl_is_impuredir(upperpath.dentry))
			ovl_set_flag(OVL_IMPURE, d_inode(root_dentry));
1472
	}
M
Miklos Szeredi 已提交
1473

1474 1475
	/* Root is always merge -> can have whiteouts */
	ovl_set_flag(OVL_WHITEOUTS, d_inode(root_dentry));
1476
	ovl_dentry_set_flag(OVL_E_CONNECTED, root_dentry);
1477 1478
	ovl_inode_init(d_inode(root_dentry), upperpath.dentry,
		       ovl_dentry_lower(root_dentry));
M
Miklos Szeredi 已提交
1479

M
Miklos Szeredi 已提交
1480 1481 1482 1483
	sb->s_root = root_dentry;

	return 0;

1484 1485
out_free_oe:
	ovl_entry_stack_free(oe);
1486
	kfree(oe);
1487
out_err:
M
Miklos Szeredi 已提交
1488
	path_put(&upperpath);
M
Miklos Szeredi 已提交
1489
	ovl_free_fs(ofs);
M
Miklos Szeredi 已提交
1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501
out:
	return err;
}

static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
				const char *dev_name, void *raw_data)
{
	return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
}

static struct file_system_type ovl_fs_type = {
	.owner		= THIS_MODULE,
1502
	.name		= "overlay",
M
Miklos Szeredi 已提交
1503 1504 1505
	.mount		= ovl_mount,
	.kill_sb	= kill_anon_super,
};
1506
MODULE_ALIAS_FS("overlay");
M
Miklos Szeredi 已提交
1507

1508 1509 1510 1511 1512 1513 1514
static void ovl_inode_init_once(void *foo)
{
	struct ovl_inode *oi = foo;

	inode_init_once(&oi->vfs_inode);
}

M
Miklos Szeredi 已提交
1515 1516
static int __init ovl_init(void)
{
1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531
	int err;

	ovl_inode_cachep = kmem_cache_create("ovl_inode",
					     sizeof(struct ovl_inode), 0,
					     (SLAB_RECLAIM_ACCOUNT|
					      SLAB_MEM_SPREAD|SLAB_ACCOUNT),
					     ovl_inode_init_once);
	if (ovl_inode_cachep == NULL)
		return -ENOMEM;

	err = register_filesystem(&ovl_fs_type);
	if (err)
		kmem_cache_destroy(ovl_inode_cachep);

	return err;
M
Miklos Szeredi 已提交
1532 1533 1534 1535 1536
}

static void __exit ovl_exit(void)
{
	unregister_filesystem(&ovl_fs_type);
1537 1538 1539 1540 1541 1542 1543 1544

	/*
	 * Make sure all delayed rcu free inodes are flushed before we
	 * destroy cache.
	 */
	rcu_barrier();
	kmem_cache_destroy(ovl_inode_cachep);

M
Miklos Szeredi 已提交
1545 1546 1547 1548
}

module_init(ovl_init);
module_exit(ovl_exit);