super.c 36.5 KB
Newer Older
M
Miklos Szeredi 已提交
1 2 3 4 5 6 7 8 9
/*
 *
 * Copyright (C) 2011 Novell Inc.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 as published by
 * the Free Software Foundation.
 */

10
#include <uapi/linux/magic.h>
M
Miklos Szeredi 已提交
11 12 13 14 15 16
#include <linux/fs.h>
#include <linux/namei.h>
#include <linux/xattr.h>
#include <linux/mount.h>
#include <linux/parser.h>
#include <linux/module.h>
A
Andy Whitcroft 已提交
17
#include <linux/statfs.h>
E
Erez Zadok 已提交
18
#include <linux/seq_file.h>
M
Miklos Szeredi 已提交
19
#include <linux/posix_acl_xattr.h>
20
#include <linux/exportfs.h>
M
Miklos Szeredi 已提交
21 22 23 24 25 26 27 28 29
#include "overlayfs.h"

MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
MODULE_DESCRIPTION("Overlay filesystem");
MODULE_LICENSE("GPL");


struct ovl_dir_cache;

30 31
#define OVL_MAX_STACK 500

32 33 34 35
static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
MODULE_PARM_DESC(ovl_redirect_dir_def,
		 "Default to on or off for the redirect_dir feature");
M
Miklos Szeredi 已提交
36

37 38 39 40 41 42 43
static bool ovl_redirect_always_follow =
	IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
module_param_named(redirect_always_follow, ovl_redirect_always_follow,
		   bool, 0644);
MODULE_PARM_DESC(ovl_redirect_always_follow,
		 "Follow redirects even if redirect_dir feature is turned off");

44 45 46 47 48
static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
module_param_named(index, ovl_index_def, bool, 0644);
MODULE_PARM_DESC(ovl_index_def,
		 "Default to on or off for the inodes index feature");

49 50 51 52 53
static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
MODULE_PARM_DESC(ovl_nfs_export_def,
		 "Default to on or off for the NFS export feature");

54 55 56 57 58
static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
MODULE_PARM_DESC(ovl_xino_auto_def,
		 "Auto enable xino feature");

59 60 61 62 63 64 65 66
static void ovl_entry_stack_free(struct ovl_entry *oe)
{
	unsigned int i;

	for (i = 0; i < oe->numlower; i++)
		dput(oe->lowerstack[i].dentry);
}

M
Miklos Szeredi 已提交
67 68 69 70 71
static void ovl_dentry_release(struct dentry *dentry)
{
	struct ovl_entry *oe = dentry->d_fsdata;

	if (oe) {
72
		ovl_entry_stack_free(oe);
M
Miklos Szeredi 已提交
73 74 75 76
		kfree_rcu(oe, rcu);
	}
}

77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
static int ovl_check_append_only(struct inode *inode, int flag)
{
	/*
	 * This test was moot in vfs may_open() because overlay inode does
	 * not have the S_APPEND flag, so re-check on real upper inode
	 */
	if (IS_APPEND(inode)) {
		if  ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
			return -EPERM;
		if (flag & O_TRUNC)
			return -EPERM;
	}

	return 0;
}

93 94
static struct dentry *ovl_d_real(struct dentry *dentry,
				 const struct inode *inode,
M
Miklos Szeredi 已提交
95
				 unsigned int open_flags, unsigned int flags)
M
Miklos Szeredi 已提交
96 97
{
	struct dentry *real;
98
	int err;
M
Miklos Szeredi 已提交
99

100 101 102
	if (flags & D_REAL_UPPER)
		return ovl_dentry_upper(dentry);

103
	if (!d_is_reg(dentry)) {
M
Miklos Szeredi 已提交
104 105 106 107 108
		if (!inode || inode == d_inode(dentry))
			return dentry;
		goto bug;
	}

109
	if (open_flags) {
110
		err = ovl_open_maybe_copy_up(dentry, open_flags);
111 112 113 114
		if (err)
			return ERR_PTR(err);
	}

M
Miklos Szeredi 已提交
115
	real = ovl_dentry_upper(dentry);
116 117 118 119 120 121
	if (real && (!inode || inode == d_inode(real))) {
		if (!inode) {
			err = ovl_check_append_only(d_inode(real), open_flags);
			if (err)
				return ERR_PTR(err);
		}
M
Miklos Szeredi 已提交
122
		return real;
123
	}
M
Miklos Szeredi 已提交
124 125 126 127 128

	real = ovl_dentry_lower(dentry);
	if (!real)
		goto bug;

M
Miklos Szeredi 已提交
129
	/* Handle recursion */
M
Miklos Szeredi 已提交
130
	real = d_real(real, inode, open_flags, 0);
M
Miklos Szeredi 已提交
131

M
Miklos Szeredi 已提交
132 133 134
	if (!inode || inode == d_inode(real))
		return real;
bug:
M
Miklos Szeredi 已提交
135
	WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
M
Miklos Szeredi 已提交
136 137 138 139
	     inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
	return dentry;
}

140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180
static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
{
	struct ovl_entry *oe = dentry->d_fsdata;
	unsigned int i;
	int ret = 1;

	for (i = 0; i < oe->numlower; i++) {
		struct dentry *d = oe->lowerstack[i].dentry;

		if (d->d_flags & DCACHE_OP_REVALIDATE) {
			ret = d->d_op->d_revalidate(d, flags);
			if (ret < 0)
				return ret;
			if (!ret) {
				if (!(flags & LOOKUP_RCU))
					d_invalidate(d);
				return -ESTALE;
			}
		}
	}
	return 1;
}

static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
{
	struct ovl_entry *oe = dentry->d_fsdata;
	unsigned int i;
	int ret = 1;

	for (i = 0; i < oe->numlower; i++) {
		struct dentry *d = oe->lowerstack[i].dentry;

		if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) {
			ret = d->d_op->d_weak_revalidate(d, flags);
			if (ret <= 0)
				break;
		}
	}
	return ret;
}

M
Miklos Szeredi 已提交
181 182
static const struct dentry_operations ovl_dentry_operations = {
	.d_release = ovl_dentry_release,
M
Miklos Szeredi 已提交
183
	.d_real = ovl_d_real,
M
Miklos Szeredi 已提交
184 185
};

186 187
static const struct dentry_operations ovl_reval_dentry_operations = {
	.d_release = ovl_dentry_release,
M
Miklos Szeredi 已提交
188
	.d_real = ovl_d_real,
189 190 191 192
	.d_revalidate = ovl_dentry_revalidate,
	.d_weak_revalidate = ovl_dentry_weak_revalidate,
};

193 194 195 196 197 198
static struct kmem_cache *ovl_inode_cachep;

static struct inode *ovl_alloc_inode(struct super_block *sb)
{
	struct ovl_inode *oi = kmem_cache_alloc(ovl_inode_cachep, GFP_KERNEL);

199 200 201
	if (!oi)
		return NULL;

202
	oi->cache = NULL;
M
Miklos Szeredi 已提交
203
	oi->redirect = NULL;
204
	oi->version = 0;
M
Miklos Szeredi 已提交
205
	oi->flags = 0;
206
	oi->__upperdentry = NULL;
207
	oi->lower = NULL;
208
	mutex_init(&oi->lock);
209

210 211 212 213 214 215 216 217 218 219 220 221
	return &oi->vfs_inode;
}

static void ovl_i_callback(struct rcu_head *head)
{
	struct inode *inode = container_of(head, struct inode, i_rcu);

	kmem_cache_free(ovl_inode_cachep, OVL_I(inode));
}

static void ovl_destroy_inode(struct inode *inode)
{
222 223 224
	struct ovl_inode *oi = OVL_I(inode);

	dput(oi->__upperdentry);
225
	iput(oi->lower);
M
Miklos Szeredi 已提交
226
	kfree(oi->redirect);
227
	ovl_dir_cache_free(inode);
228
	mutex_destroy(&oi->lock);
229

230 231 232
	call_rcu(&inode->i_rcu, ovl_i_callback);
}

M
Miklos Szeredi 已提交
233
static void ovl_free_fs(struct ovl_fs *ofs)
M
Miklos Szeredi 已提交
234
{
235
	unsigned i;
M
Miklos Szeredi 已提交
236

M
Miklos Szeredi 已提交
237 238 239 240 241 242 243 244
	dput(ofs->indexdir);
	dput(ofs->workdir);
	if (ofs->workdir_locked)
		ovl_inuse_unlock(ofs->workbasedir);
	dput(ofs->workbasedir);
	if (ofs->upperdir_locked)
		ovl_inuse_unlock(ofs->upper_mnt->mnt_root);
	mntput(ofs->upper_mnt);
245
	for (i = 0; i < ofs->numlower; i++)
M
Miklos Szeredi 已提交
246
		mntput(ofs->lower_layers[i].mnt);
247 248
	for (i = 0; i < ofs->numlowerfs; i++)
		free_anon_bdev(ofs->lower_fs[i].pseudo_dev);
M
Miklos Szeredi 已提交
249
	kfree(ofs->lower_layers);
250
	kfree(ofs->lower_fs);
M
Miklos Szeredi 已提交
251 252 253 254

	kfree(ofs->config.lowerdir);
	kfree(ofs->config.upperdir);
	kfree(ofs->config.workdir);
255
	kfree(ofs->config.redirect_mode);
M
Miklos Szeredi 已提交
256 257 258
	if (ofs->creator_cred)
		put_cred(ofs->creator_cred);
	kfree(ofs);
M
Miklos Szeredi 已提交
259 260
}

261 262 263 264 265 266 267
static void ovl_put_super(struct super_block *sb)
{
	struct ovl_fs *ofs = sb->s_fs_info;

	ovl_free_fs(ofs);
}

268
/* Sync real dirty inodes in upper filesystem (if it exists) */
269 270
static int ovl_sync_fs(struct super_block *sb, int wait)
{
M
Miklos Szeredi 已提交
271
	struct ovl_fs *ofs = sb->s_fs_info;
272 273 274
	struct super_block *upper_sb;
	int ret;

M
Miklos Szeredi 已提交
275
	if (!ofs->upper_mnt)
276
		return 0;
277 278 279 280 281 282 283 284 285 286

	/*
	 * If this is a sync(2) call or an emergency sync, all the super blocks
	 * will be iterated, including upper_sb, so no need to do anything.
	 *
	 * If this is a syncfs(2) call, then we do need to call
	 * sync_filesystem() on upper_sb, but enough if we do it when being
	 * called with wait == 1.
	 */
	if (!wait)
287 288
		return 0;

289 290
	upper_sb = ofs->upper_mnt->mnt_sb;

291
	down_read(&upper_sb->s_umount);
292
	ret = sync_filesystem(upper_sb);
293
	up_read(&upper_sb->s_umount);
294

295 296 297
	return ret;
}

A
Andy Whitcroft 已提交
298 299 300 301 302 303
/**
 * ovl_statfs
 * @sb: The overlayfs super block
 * @buf: The struct kstatfs to fill in with stats
 *
 * Get the filesystem statistics.  As writes always target the upper layer
304
 * filesystem pass the statfs to the upper filesystem (if it exists)
A
Andy Whitcroft 已提交
305 306 307 308 309 310 311 312
 */
static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
{
	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
	struct dentry *root_dentry = dentry->d_sb->s_root;
	struct path path;
	int err;

313
	ovl_path_real(root_dentry, &path);
A
Andy Whitcroft 已提交
314 315 316

	err = vfs_statfs(&path, buf);
	if (!err) {
M
Miklos Szeredi 已提交
317
		buf->f_namelen = ofs->namelen;
A
Andy Whitcroft 已提交
318 319 320 321 322 323
		buf->f_type = OVERLAYFS_SUPER_MAGIC;
	}

	return err;
}

324
/* Will this overlay be forced to mount/remount ro? */
M
Miklos Szeredi 已提交
325
static bool ovl_force_readonly(struct ovl_fs *ofs)
326
{
M
Miklos Szeredi 已提交
327
	return (!ofs->upper_mnt || !ofs->workdir);
328 329
}

330 331 332 333 334
static const char *ovl_redirect_mode_def(void)
{
	return ovl_redirect_dir_def ? "on" : "off";
}

335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351
enum {
	OVL_XINO_OFF,
	OVL_XINO_AUTO,
	OVL_XINO_ON,
};

static const char * const ovl_xino_str[] = {
	"off",
	"auto",
	"on",
};

static inline int ovl_xino_def(void)
{
	return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
}

E
Erez Zadok 已提交
352 353 354 355 356 357 358 359 360
/**
 * ovl_show_options
 *
 * Prints the mount options for a given superblock.
 * Returns zero; does not fail.
 */
static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
{
	struct super_block *sb = dentry->d_sb;
M
Miklos Szeredi 已提交
361
	struct ovl_fs *ofs = sb->s_fs_info;
E
Erez Zadok 已提交
362

M
Miklos Szeredi 已提交
363 364 365 366
	seq_show_option(m, "lowerdir", ofs->config.lowerdir);
	if (ofs->config.upperdir) {
		seq_show_option(m, "upperdir", ofs->config.upperdir);
		seq_show_option(m, "workdir", ofs->config.workdir);
M
Miklos Szeredi 已提交
367
	}
M
Miklos Szeredi 已提交
368
	if (ofs->config.default_permissions)
M
Miklos Szeredi 已提交
369
		seq_puts(m, ",default_permissions");
370 371
	if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0)
		seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode);
M
Miklos Szeredi 已提交
372
	if (ofs->config.index != ovl_index_def)
373
		seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
374 375 376
	if (ofs->config.nfs_export != ovl_nfs_export_def)
		seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
						"on" : "off");
377 378
	if (ofs->config.xino != ovl_xino_def())
		seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]);
E
Erez Zadok 已提交
379 380 381
	return 0;
}

382 383
static int ovl_remount(struct super_block *sb, int *flags, char *data)
{
M
Miklos Szeredi 已提交
384
	struct ovl_fs *ofs = sb->s_fs_info;
385

386
	if (!(*flags & SB_RDONLY) && ovl_force_readonly(ofs))
387 388 389 390 391
		return -EROFS;

	return 0;
}

M
Miklos Szeredi 已提交
392
static const struct super_operations ovl_super_operations = {
393 394 395
	.alloc_inode	= ovl_alloc_inode,
	.destroy_inode	= ovl_destroy_inode,
	.drop_inode	= generic_delete_inode,
M
Miklos Szeredi 已提交
396
	.put_super	= ovl_put_super,
397
	.sync_fs	= ovl_sync_fs,
A
Andy Whitcroft 已提交
398
	.statfs		= ovl_statfs,
E
Erez Zadok 已提交
399
	.show_options	= ovl_show_options,
400
	.remount_fs	= ovl_remount,
M
Miklos Szeredi 已提交
401 402 403 404 405 406
};

enum {
	OPT_LOWERDIR,
	OPT_UPPERDIR,
	OPT_WORKDIR,
M
Miklos Szeredi 已提交
407
	OPT_DEFAULT_PERMISSIONS,
408
	OPT_REDIRECT_DIR,
409 410
	OPT_INDEX_ON,
	OPT_INDEX_OFF,
411 412
	OPT_NFS_EXPORT_ON,
	OPT_NFS_EXPORT_OFF,
413 414 415
	OPT_XINO_ON,
	OPT_XINO_OFF,
	OPT_XINO_AUTO,
M
Miklos Szeredi 已提交
416 417 418 419 420 421 422
	OPT_ERR,
};

static const match_table_t ovl_tokens = {
	{OPT_LOWERDIR,			"lowerdir=%s"},
	{OPT_UPPERDIR,			"upperdir=%s"},
	{OPT_WORKDIR,			"workdir=%s"},
M
Miklos Szeredi 已提交
423
	{OPT_DEFAULT_PERMISSIONS,	"default_permissions"},
424
	{OPT_REDIRECT_DIR,		"redirect_dir=%s"},
425 426
	{OPT_INDEX_ON,			"index=on"},
	{OPT_INDEX_OFF,			"index=off"},
427 428
	{OPT_NFS_EXPORT_ON,		"nfs_export=on"},
	{OPT_NFS_EXPORT_OFF,		"nfs_export=off"},
429 430 431
	{OPT_XINO_ON,			"xino=on"},
	{OPT_XINO_OFF,			"xino=off"},
	{OPT_XINO_AUTO,			"xino=auto"},
M
Miklos Szeredi 已提交
432 433 434
	{OPT_ERR,			NULL}
};

M
Miklos Szeredi 已提交
435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457
static char *ovl_next_opt(char **s)
{
	char *sbegin = *s;
	char *p;

	if (sbegin == NULL)
		return NULL;

	for (p = sbegin; *p; p++) {
		if (*p == '\\') {
			p++;
			if (!*p)
				break;
		} else if (*p == ',') {
			*p = '\0';
			*s = p + 1;
			return sbegin;
		}
	}
	*s = NULL;
	return sbegin;
}

458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480
static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode)
{
	if (strcmp(mode, "on") == 0) {
		config->redirect_dir = true;
		/*
		 * Does not make sense to have redirect creation without
		 * redirect following.
		 */
		config->redirect_follow = true;
	} else if (strcmp(mode, "follow") == 0) {
		config->redirect_follow = true;
	} else if (strcmp(mode, "off") == 0) {
		if (ovl_redirect_always_follow)
			config->redirect_follow = true;
	} else if (strcmp(mode, "nofollow") != 0) {
		pr_err("overlayfs: bad mount option \"redirect_dir=%s\"\n",
		       mode);
		return -EINVAL;
	}

	return 0;
}

M
Miklos Szeredi 已提交
481 482 483 484
static int ovl_parse_opt(char *opt, struct ovl_config *config)
{
	char *p;

485 486 487 488
	config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL);
	if (!config->redirect_mode)
		return -ENOMEM;

M
Miklos Szeredi 已提交
489
	while ((p = ovl_next_opt(&opt)) != NULL) {
M
Miklos Szeredi 已提交
490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518
		int token;
		substring_t args[MAX_OPT_ARGS];

		if (!*p)
			continue;

		token = match_token(p, ovl_tokens, args);
		switch (token) {
		case OPT_UPPERDIR:
			kfree(config->upperdir);
			config->upperdir = match_strdup(&args[0]);
			if (!config->upperdir)
				return -ENOMEM;
			break;

		case OPT_LOWERDIR:
			kfree(config->lowerdir);
			config->lowerdir = match_strdup(&args[0]);
			if (!config->lowerdir)
				return -ENOMEM;
			break;

		case OPT_WORKDIR:
			kfree(config->workdir);
			config->workdir = match_strdup(&args[0]);
			if (!config->workdir)
				return -ENOMEM;
			break;

M
Miklos Szeredi 已提交
519 520 521 522
		case OPT_DEFAULT_PERMISSIONS:
			config->default_permissions = true;
			break;

523 524 525 526 527
		case OPT_REDIRECT_DIR:
			kfree(config->redirect_mode);
			config->redirect_mode = match_strdup(&args[0]);
			if (!config->redirect_mode)
				return -ENOMEM;
M
Miklos Szeredi 已提交
528 529
			break;

530 531 532 533 534 535 536 537
		case OPT_INDEX_ON:
			config->index = true;
			break;

		case OPT_INDEX_OFF:
			config->index = false;
			break;

538 539 540 541 542 543 544 545
		case OPT_NFS_EXPORT_ON:
			config->nfs_export = true;
			break;

		case OPT_NFS_EXPORT_OFF:
			config->nfs_export = false;
			break;

546 547 548 549 550 551 552 553 554 555 556 557
		case OPT_XINO_ON:
			config->xino = OVL_XINO_ON;
			break;

		case OPT_XINO_OFF:
			config->xino = OVL_XINO_OFF;
			break;

		case OPT_XINO_AUTO:
			config->xino = OVL_XINO_AUTO;
			break;

M
Miklos Szeredi 已提交
558
		default:
559
			pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p);
M
Miklos Szeredi 已提交
560 561 562
			return -EINVAL;
		}
	}
H
hujianyang 已提交
563 564 565 566 567 568 569 570 571

	/* Workdir is useless in non-upper mount */
	if (!config->upperdir && config->workdir) {
		pr_info("overlayfs: option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
			config->workdir);
		kfree(config->workdir);
		config->workdir = NULL;
	}

572
	return ovl_parse_redirect_mode(config, config->redirect_mode);
M
Miklos Szeredi 已提交
573 574 575
}

#define OVL_WORKDIR_NAME "work"
576
#define OVL_INDEXDIR_NAME "index"
M
Miklos Szeredi 已提交
577

M
Miklos Szeredi 已提交
578
static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
579
					 const char *name, bool persist)
M
Miklos Szeredi 已提交
580
{
M
Miklos Szeredi 已提交
581 582
	struct inode *dir =  ofs->workbasedir->d_inode;
	struct vfsmount *mnt = ofs->upper_mnt;
M
Miklos Szeredi 已提交
583 584 585
	struct dentry *work;
	int err;
	bool retried = false;
586
	bool locked = false;
M
Miklos Szeredi 已提交
587

A
Al Viro 已提交
588
	inode_lock_nested(dir, I_MUTEX_PARENT);
589 590
	locked = true;

M
Miklos Szeredi 已提交
591
retry:
M
Miklos Szeredi 已提交
592
	work = lookup_one_len(name, ofs->workbasedir, strlen(name));
M
Miklos Szeredi 已提交
593 594

	if (!IS_ERR(work)) {
595 596
		struct iattr attr = {
			.ia_valid = ATTR_MODE,
A
Al Viro 已提交
597
			.ia_mode = S_IFDIR | 0,
598
		};
M
Miklos Szeredi 已提交
599 600 601 602 603 604

		if (work->d_inode) {
			err = -EEXIST;
			if (retried)
				goto out_dput;

605 606 607
			if (persist)
				goto out_unlock;

M
Miklos Szeredi 已提交
608
			retried = true;
M
Miklos Szeredi 已提交
609
			ovl_workdir_cleanup(dir, mnt, work, 0);
M
Miklos Szeredi 已提交
610 611 612 613
			dput(work);
			goto retry;
		}

A
Amir Goldstein 已提交
614
		err = ovl_create_real(dir, work, OVL_CATTR(attr.ia_mode));
M
Miklos Szeredi 已提交
615 616
		if (err)
			goto out_dput;
617

618 619 620 621 622 623 624 625 626 627 628 629 630
		/*
		 * Try to remove POSIX ACL xattrs from workdir.  We are good if:
		 *
		 * a) success (there was a POSIX ACL xattr and was removed)
		 * b) -ENODATA (there was no POSIX ACL xattr)
		 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
		 *
		 * There are various other error values that could effectively
		 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
		 * if the xattr name is too long), but the set of filesystems
		 * allowed as upper are limited to "normal" ones, where checking
		 * for the above two errors is sufficient.
		 */
631
		err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
M
Miklos Szeredi 已提交
632
		if (err && err != -ENODATA && err != -EOPNOTSUPP)
633 634 635
			goto out_dput;

		err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
M
Miklos Szeredi 已提交
636
		if (err && err != -ENODATA && err != -EOPNOTSUPP)
637 638 639 640 641 642 643 644
			goto out_dput;

		/* Clear any inherited mode bits */
		inode_lock(work->d_inode);
		err = notify_change(work, &attr, NULL);
		inode_unlock(work->d_inode);
		if (err)
			goto out_dput;
645 646 647
	} else {
		err = PTR_ERR(work);
		goto out_err;
M
Miklos Szeredi 已提交
648 649
	}
out_unlock:
650 651
	if (locked)
		inode_unlock(dir);
M
Miklos Szeredi 已提交
652 653 654 655 656

	return work;

out_dput:
	dput(work);
657 658
out_err:
	pr_warn("overlayfs: failed to create directory %s/%s (errno: %i); mounting read-only\n",
M
Miklos Szeredi 已提交
659
		ofs->config.workdir, name, -err);
660
	work = NULL;
M
Miklos Szeredi 已提交
661 662 663
	goto out_unlock;
}

M
Miklos Szeredi 已提交
664 665 666 667 668 669 670 671 672 673 674 675 676
static void ovl_unescape(char *s)
{
	char *d = s;

	for (;; s++, d++) {
		if (*s == '\\')
			s++;
		*d = *s;
		if (!*s)
			break;
	}
}

M
Miklos Szeredi 已提交
677 678
static int ovl_mount_dir_noesc(const char *name, struct path *path)
{
679
	int err = -EINVAL;
M
Miklos Szeredi 已提交
680

681 682 683 684
	if (!*name) {
		pr_err("overlayfs: empty lowerdir\n");
		goto out;
	}
M
Miklos Szeredi 已提交
685 686 687 688 689 690
	err = kern_path(name, LOOKUP_FOLLOW, path);
	if (err) {
		pr_err("overlayfs: failed to resolve '%s': %i\n", name, err);
		goto out;
	}
	err = -EINVAL;
691
	if (ovl_dentry_weird(path->dentry)) {
M
Miklos Szeredi 已提交
692 693 694
		pr_err("overlayfs: filesystem on '%s' not supported\n", name);
		goto out_put;
	}
M
Miklos Szeredi 已提交
695
	if (!d_is_dir(path->dentry)) {
M
Miklos Szeredi 已提交
696 697 698 699 700 701
		pr_err("overlayfs: '%s' not a directory\n", name);
		goto out_put;
	}
	return 0;

out_put:
702
	path_put_init(path);
M
Miklos Szeredi 已提交
703 704 705 706 707 708 709 710 711 712 713 714
out:
	return err;
}

static int ovl_mount_dir(const char *name, struct path *path)
{
	int err = -ENOMEM;
	char *tmp = kstrdup(name, GFP_KERNEL);

	if (tmp) {
		ovl_unescape(tmp);
		err = ovl_mount_dir_noesc(tmp, path);
715 716 717 718 719

		if (!err)
			if (ovl_dentry_remote(path->dentry)) {
				pr_err("overlayfs: filesystem on '%s' not supported as upperdir\n",
				       tmp);
720
				path_put_init(path);
721 722
				err = -EINVAL;
			}
M
Miklos Szeredi 已提交
723 724 725 726 727
		kfree(tmp);
	}
	return err;
}

M
Miklos Szeredi 已提交
728 729
static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
			     const char *name)
M
Miklos Szeredi 已提交
730 731
{
	struct kstatfs statfs;
M
Miklos Szeredi 已提交
732 733 734 735 736 737 738 739 740 741 742 743 744
	int err = vfs_statfs(path, &statfs);

	if (err)
		pr_err("overlayfs: statfs failed on '%s'\n", name);
	else
		ofs->namelen = max(ofs->namelen, statfs.f_namelen);

	return err;
}

static int ovl_lower_dir(const char *name, struct path *path,
			 struct ovl_fs *ofs, int *stack_depth, bool *remote)
{
745
	int fh_type;
M
Miklos Szeredi 已提交
746
	int err;
M
Miklos Szeredi 已提交
747

748
	err = ovl_mount_dir_noesc(name, path);
M
Miklos Szeredi 已提交
749 750 751
	if (err)
		goto out;

M
Miklos Szeredi 已提交
752 753
	err = ovl_check_namelen(path, ofs, name);
	if (err)
M
Miklos Szeredi 已提交
754
		goto out_put;
M
Miklos Szeredi 已提交
755

M
Miklos Szeredi 已提交
756 757
	*stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);

758 759 760
	if (ovl_dentry_remote(path->dentry))
		*remote = true;

761
	/*
762 763
	 * The inodes index feature and NFS export need to encode and decode
	 * file handles, so they require that all layers support them.
764
	 */
765
	fh_type = ovl_can_decode_fh(path->dentry->d_sb);
766
	if ((ofs->config.nfs_export ||
767
	     (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
768
		ofs->config.index = false;
769 770 771
		ofs->config.nfs_export = false;
		pr_warn("overlayfs: fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
			name);
772 773
	}

774 775 776 777
	/* Check if lower fs has 32bit inode numbers */
	if (fh_type != FILEID_INO32_GEN)
		ofs->xino_bits = 0;

M
Miklos Szeredi 已提交
778 779 780
	return 0;

out_put:
781
	path_put_init(path);
M
Miklos Szeredi 已提交
782 783 784 785
out:
	return err;
}

M
Miklos Szeredi 已提交
786 787 788 789 790 791 792 793 794 795 796 797
/* Workdir should not be subdir of upperdir and vice versa */
static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
{
	bool ok = false;

	if (workdir != upperdir) {
		ok = (lock_rename(workdir, upperdir) == NULL);
		unlock_rename(workdir, upperdir);
	}
	return ok;
}

798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817
static unsigned int ovl_split_lowerdirs(char *str)
{
	unsigned int ctr = 1;
	char *s, *d;

	for (s = d = str;; s++, d++) {
		if (*s == '\\') {
			s++;
		} else if (*s == ':') {
			*d = '\0';
			ctr++;
			continue;
		}
		*d = *s;
		if (!*s)
			break;
	}
	return ctr;
}

818 819 820 821 822
static int __maybe_unused
ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
			struct dentry *dentry, struct inode *inode,
			const char *name, void *buffer, size_t size)
{
823
	return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
824 825
}

826 827 828 829 830
static int __maybe_unused
ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
			struct dentry *dentry, struct inode *inode,
			const char *name, const void *value,
			size_t size, int flags)
M
Miklos Szeredi 已提交
831 832
{
	struct dentry *workdir = ovl_workdir(dentry);
833
	struct inode *realinode = ovl_inode_real(inode);
M
Miklos Szeredi 已提交
834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857
	struct posix_acl *acl = NULL;
	int err;

	/* Check that everything is OK before copy-up */
	if (value) {
		acl = posix_acl_from_xattr(&init_user_ns, value, size);
		if (IS_ERR(acl))
			return PTR_ERR(acl);
	}
	err = -EOPNOTSUPP;
	if (!IS_POSIXACL(d_inode(workdir)))
		goto out_acl_release;
	if (!realinode->i_op->set_acl)
		goto out_acl_release;
	if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
		err = acl ? -EACCES : 0;
		goto out_acl_release;
	}
	err = -EPERM;
	if (!inode_owner_or_capable(inode))
		goto out_acl_release;

	posix_acl_release(acl);

858 859 860 861 862 863 864 865 866 867 868 869 870 871 872
	/*
	 * Check if sgid bit needs to be cleared (actual setacl operation will
	 * be done with mounter's capabilities and so that won't do it for us).
	 */
	if (unlikely(inode->i_mode & S_ISGID) &&
	    handler->flags == ACL_TYPE_ACCESS &&
	    !in_group_p(inode->i_gid) &&
	    !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
		struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };

		err = ovl_setattr(dentry, &iattr);
		if (err)
			return err;
	}

873
	err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
874
	if (!err)
875
		ovl_copyattr(ovl_inode_real(inode), inode);
876 877

	return err;
M
Miklos Szeredi 已提交
878 879 880 881 882 883

out_acl_release:
	posix_acl_release(acl);
	return err;
}

884 885 886 887
static int ovl_own_xattr_get(const struct xattr_handler *handler,
			     struct dentry *dentry, struct inode *inode,
			     const char *name, void *buffer, size_t size)
{
A
Amir Goldstein 已提交
888
	return -EOPNOTSUPP;
889 890
}

M
Miklos Szeredi 已提交
891 892 893 894 895
static int ovl_own_xattr_set(const struct xattr_handler *handler,
			     struct dentry *dentry, struct inode *inode,
			     const char *name, const void *value,
			     size_t size, int flags)
{
A
Amir Goldstein 已提交
896
	return -EOPNOTSUPP;
M
Miklos Szeredi 已提交
897 898
}

899 900 901 902
static int ovl_other_xattr_get(const struct xattr_handler *handler,
			       struct dentry *dentry, struct inode *inode,
			       const char *name, void *buffer, size_t size)
{
903
	return ovl_xattr_get(dentry, inode, name, buffer, size);
904 905
}

906 907 908 909 910
static int ovl_other_xattr_set(const struct xattr_handler *handler,
			       struct dentry *dentry, struct inode *inode,
			       const char *name, const void *value,
			       size_t size, int flags)
{
911
	return ovl_xattr_set(dentry, inode, name, value, size, flags);
912 913
}

914 915
static const struct xattr_handler __maybe_unused
ovl_posix_acl_access_xattr_handler = {
M
Miklos Szeredi 已提交
916 917
	.name = XATTR_NAME_POSIX_ACL_ACCESS,
	.flags = ACL_TYPE_ACCESS,
918
	.get = ovl_posix_acl_xattr_get,
M
Miklos Szeredi 已提交
919 920 921
	.set = ovl_posix_acl_xattr_set,
};

922 923
static const struct xattr_handler __maybe_unused
ovl_posix_acl_default_xattr_handler = {
M
Miklos Szeredi 已提交
924 925
	.name = XATTR_NAME_POSIX_ACL_DEFAULT,
	.flags = ACL_TYPE_DEFAULT,
926
	.get = ovl_posix_acl_xattr_get,
M
Miklos Szeredi 已提交
927 928 929 930 931
	.set = ovl_posix_acl_xattr_set,
};

static const struct xattr_handler ovl_own_xattr_handler = {
	.prefix	= OVL_XATTR_PREFIX,
932
	.get = ovl_own_xattr_get,
M
Miklos Szeredi 已提交
933 934 935 936 937
	.set = ovl_own_xattr_set,
};

static const struct xattr_handler ovl_other_xattr_handler = {
	.prefix	= "", /* catch all */
938
	.get = ovl_other_xattr_get,
M
Miklos Szeredi 已提交
939 940 941 942
	.set = ovl_other_xattr_set,
};

static const struct xattr_handler *ovl_xattr_handlers[] = {
943
#ifdef CONFIG_FS_POSIX_ACL
M
Miklos Szeredi 已提交
944 945
	&ovl_posix_acl_access_xattr_handler,
	&ovl_posix_acl_default_xattr_handler,
946
#endif
M
Miklos Szeredi 已提交
947 948 949 950 951
	&ovl_own_xattr_handler,
	&ovl_other_xattr_handler,
	NULL
};

M
Miklos Szeredi 已提交
952
static int ovl_get_upper(struct ovl_fs *ofs, struct path *upperpath)
953
{
M
Miklos Szeredi 已提交
954
	struct vfsmount *upper_mnt;
955 956
	int err;

M
Miklos Szeredi 已提交
957
	err = ovl_mount_dir(ofs->config.upperdir, upperpath);
958 959 960 961 962 963 964 965 966 967
	if (err)
		goto out;

	/* Upper fs should not be r/o */
	if (sb_rdonly(upperpath->mnt->mnt_sb)) {
		pr_err("overlayfs: upper fs is r/o, try multi-lower layers mount\n");
		err = -EINVAL;
		goto out;
	}

M
Miklos Szeredi 已提交
968
	err = ovl_check_namelen(upperpath, ofs, ofs->config.upperdir);
969 970 971 972 973
	if (err)
		goto out;

	err = -EBUSY;
	if (ovl_inuse_trylock(upperpath->dentry)) {
M
Miklos Szeredi 已提交
974 975
		ofs->upperdir_locked = true;
	} else if (ofs->config.index) {
976 977 978 979 980
		pr_err("overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection.\n");
		goto out;
	} else {
		pr_warn("overlayfs: upperdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
	}
M
Miklos Szeredi 已提交
981 982 983 984 985 986 987 988 989 990

	upper_mnt = clone_private_mount(upperpath);
	err = PTR_ERR(upper_mnt);
	if (IS_ERR(upper_mnt)) {
		pr_err("overlayfs: failed to clone upperpath\n");
		goto out;
	}

	/* Don't inherit atime flags */
	upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
M
Miklos Szeredi 已提交
991
	ofs->upper_mnt = upper_mnt;
992 993 994 995 996
	err = 0;
out:
	return err;
}

M
Miklos Szeredi 已提交
997
static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath)
998
{
999
	struct vfsmount *mnt = ofs->upper_mnt;
1000
	struct dentry *temp;
1001
	int fh_type;
1002 1003
	int err;

1004 1005 1006 1007
	err = mnt_want_write(mnt);
	if (err)
		return err;

M
Miklos Szeredi 已提交
1008 1009
	ofs->workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, false);
	if (!ofs->workdir)
1010
		goto out;
1011 1012 1013 1014 1015 1016 1017 1018 1019

	/*
	 * Upper should support d_type, else whiteouts are visible.  Given
	 * workdir and upper are on same fs, we can do iterate_dir() on
	 * workdir. This check requires successful creation of workdir in
	 * previous step.
	 */
	err = ovl_check_d_type_supported(workpath);
	if (err < 0)
1020
		goto out;
1021 1022 1023 1024 1025 1026 1027 1028 1029

	/*
	 * We allowed this configuration and don't want to break users over
	 * kernel upgrade. So warn instead of erroring out.
	 */
	if (!err)
		pr_warn("overlayfs: upper fs needs to support d_type.\n");

	/* Check if upper/work fs supports O_TMPFILE */
M
Miklos Szeredi 已提交
1030 1031 1032
	temp = ovl_do_tmpfile(ofs->workdir, S_IFREG | 0);
	ofs->tmpfile = !IS_ERR(temp);
	if (ofs->tmpfile)
1033 1034 1035 1036 1037 1038 1039
		dput(temp);
	else
		pr_warn("overlayfs: upper fs does not support tmpfile.\n");

	/*
	 * Check if upper/work fs supports trusted.overlay.* xattr
	 */
M
Miklos Szeredi 已提交
1040
	err = ovl_do_setxattr(ofs->workdir, OVL_XATTR_OPAQUE, "0", 1, 0);
1041
	if (err) {
M
Miklos Szeredi 已提交
1042
		ofs->noxattr = true;
1043 1044
		ofs->config.index = false;
		pr_warn("overlayfs: upper fs does not support xattr, falling back to index=off.\n");
1045
		err = 0;
1046
	} else {
M
Miklos Szeredi 已提交
1047
		vfs_removexattr(ofs->workdir, OVL_XATTR_OPAQUE);
1048 1049 1050
	}

	/* Check if upper/work fs supports file handles */
1051 1052
	fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
	if (ofs->config.index && !fh_type) {
M
Miklos Szeredi 已提交
1053
		ofs->config.index = false;
1054 1055 1056
		pr_warn("overlayfs: upper fs does not support file handles, falling back to index=off.\n");
	}

1057 1058 1059 1060
	/* Check if upper fs has 32bit inode numbers */
	if (fh_type != FILEID_INO32_GEN)
		ofs->xino_bits = 0;

1061 1062 1063 1064 1065 1066
	/* NFS export of r/w mount depends on index */
	if (ofs->config.nfs_export && !ofs->config.index) {
		pr_warn("overlayfs: NFS export requires \"index=on\", falling back to nfs_export=off.\n");
		ofs->config.nfs_export = false;
	}

1067 1068 1069
out:
	mnt_drop_write(mnt);
	return err;
1070 1071
}

M
Miklos Szeredi 已提交
1072
static int ovl_get_workdir(struct ovl_fs *ofs, struct path *upperpath)
1073 1074
{
	int err;
M
Miklos Szeredi 已提交
1075
	struct path workpath = { };
1076

M
Miklos Szeredi 已提交
1077
	err = ovl_mount_dir(ofs->config.workdir, &workpath);
1078 1079 1080 1081
	if (err)
		goto out;

	err = -EINVAL;
M
Miklos Szeredi 已提交
1082
	if (upperpath->mnt != workpath.mnt) {
1083 1084 1085
		pr_err("overlayfs: workdir and upperdir must reside under the same mount\n");
		goto out;
	}
M
Miklos Szeredi 已提交
1086
	if (!ovl_workdir_ok(workpath.dentry, upperpath->dentry)) {
1087 1088 1089 1090 1091
		pr_err("overlayfs: workdir and upperdir must be separate subtrees\n");
		goto out;
	}

	err = -EBUSY;
M
Miklos Szeredi 已提交
1092
	if (ovl_inuse_trylock(workpath.dentry)) {
M
Miklos Szeredi 已提交
1093 1094
		ofs->workdir_locked = true;
	} else if (ofs->config.index) {
1095 1096 1097 1098 1099 1100
		pr_err("overlayfs: workdir is in-use by another mount, mount with '-o index=off' to override exclusive workdir protection.\n");
		goto out;
	} else {
		pr_warn("overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
	}

M
Miklos Szeredi 已提交
1101 1102
	ofs->workbasedir = dget(workpath.dentry);
	err = ovl_make_workdir(ofs, &workpath);
M
Miklos Szeredi 已提交
1103 1104 1105
	if (err)
		goto out;

1106 1107
	err = 0;
out:
M
Miklos Szeredi 已提交
1108 1109
	path_put(&workpath);

1110 1111 1112
	return err;
}

M
Miklos Szeredi 已提交
1113
static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
1114
			    struct path *upperpath)
1115
{
1116
	struct vfsmount *mnt = ofs->upper_mnt;
1117 1118
	int err;

1119 1120 1121 1122
	err = mnt_want_write(mnt);
	if (err)
		return err;

1123
	/* Verify lower root is upper root origin */
1124
	err = ovl_verify_origin(upperpath->dentry, oe->lowerstack[0].dentry,
1125
				true);
1126 1127 1128 1129 1130
	if (err) {
		pr_err("overlayfs: failed to verify upper root origin\n");
		goto out;
	}

M
Miklos Szeredi 已提交
1131 1132
	ofs->indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
	if (ofs->indexdir) {
1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147
		/*
		 * Verify upper root is exclusively associated with index dir.
		 * Older kernels stored upper fh in "trusted.overlay.origin"
		 * xattr. If that xattr exists, verify that it is a match to
		 * upper dir file handle. In any case, verify or set xattr
		 * "trusted.overlay.upper" to indicate that index may have
		 * directory entries.
		 */
		if (ovl_check_origin_xattr(ofs->indexdir)) {
			err = ovl_verify_set_fh(ofs->indexdir, OVL_XATTR_ORIGIN,
						upperpath->dentry, true, false);
			if (err)
				pr_err("overlayfs: failed to verify index dir 'origin' xattr\n");
		}
		err = ovl_verify_upper(ofs->indexdir, upperpath->dentry, true);
1148
		if (err)
1149
			pr_err("overlayfs: failed to verify index dir 'upper' xattr\n");
1150 1151 1152

		/* Cleanup bad/stale/orphan index entries */
		if (!err)
1153
			err = ovl_indexdir_cleanup(ofs);
1154
	}
M
Miklos Szeredi 已提交
1155
	if (err || !ofs->indexdir)
1156 1157 1158
		pr_warn("overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");

out:
1159
	mnt_drop_write(mnt);
1160 1161 1162
	return err;
}

1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191
/* Get a unique fsid for the layer */
static int ovl_get_fsid(struct ovl_fs *ofs, struct super_block *sb)
{
	unsigned int i;
	dev_t dev;
	int err;

	/* fsid 0 is reserved for upper fs even with non upper overlay */
	if (ofs->upper_mnt && ofs->upper_mnt->mnt_sb == sb)
		return 0;

	for (i = 0; i < ofs->numlowerfs; i++) {
		if (ofs->lower_fs[i].sb == sb)
			return i + 1;
	}

	err = get_anon_bdev(&dev);
	if (err) {
		pr_err("overlayfs: failed to get anonymous bdev for lowerpath\n");
		return err;
	}

	ofs->lower_fs[ofs->numlowerfs].sb = sb;
	ofs->lower_fs[ofs->numlowerfs].pseudo_dev = dev;
	ofs->numlowerfs++;

	return ofs->numlowerfs;
}

M
Miklos Szeredi 已提交
1192
static int ovl_get_lower_layers(struct ovl_fs *ofs, struct path *stack,
1193 1194 1195 1196 1197 1198
				unsigned int numlower)
{
	int err;
	unsigned int i;

	err = -ENOMEM;
M
Miklos Szeredi 已提交
1199
	ofs->lower_layers = kcalloc(numlower, sizeof(struct ovl_layer),
1200
				    GFP_KERNEL);
M
Miklos Szeredi 已提交
1201
	if (ofs->lower_layers == NULL)
1202
		goto out;
1203 1204 1205 1206 1207 1208

	ofs->lower_fs = kcalloc(numlower, sizeof(struct ovl_sb),
				GFP_KERNEL);
	if (ofs->lower_fs == NULL)
		goto out;

1209 1210
	for (i = 0; i < numlower; i++) {
		struct vfsmount *mnt;
1211
		int fsid;
1212

1213 1214
		err = fsid = ovl_get_fsid(ofs, stack[i].mnt->mnt_sb);
		if (err < 0)
1215 1216 1217 1218 1219 1220 1221 1222
			goto out;

		mnt = clone_private_mount(&stack[i]);
		err = PTR_ERR(mnt);
		if (IS_ERR(mnt)) {
			pr_err("overlayfs: failed to clone lowerpath\n");
			goto out;
		}
1223

1224 1225 1226 1227 1228 1229
		/*
		 * Make lower layers R/O.  That way fchmod/fchown on lower file
		 * will fail instead of modifying lower fs.
		 */
		mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;

M
Miklos Szeredi 已提交
1230
		ofs->lower_layers[ofs->numlower].mnt = mnt;
1231
		ofs->lower_layers[ofs->numlower].idx = i + 1;
1232 1233 1234 1235 1236
		ofs->lower_layers[ofs->numlower].fsid = fsid;
		if (fsid) {
			ofs->lower_layers[ofs->numlower].fs =
				&ofs->lower_fs[fsid - 1];
		}
M
Miklos Szeredi 已提交
1237
		ofs->numlower++;
1238
	}
1239

1240 1241 1242 1243 1244 1245 1246 1247 1248
	/*
	 * When all layers on same fs, overlay can use real inode numbers.
	 * With mount option "xino=on", mounter declares that there are enough
	 * free high bits in underlying fs to hold the unique fsid.
	 * If overlayfs does encounter underlying inodes using the high xino
	 * bits reserved for fsid, it emits a warning and uses the original
	 * inode number.
	 */
	if (!ofs->numlowerfs || (ofs->numlowerfs == 1 && !ofs->upper_mnt)) {
1249
		ofs->xino_bits = 0;
1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264
		ofs->config.xino = OVL_XINO_OFF;
	} else if (ofs->config.xino == OVL_XINO_ON && !ofs->xino_bits) {
		/*
		 * This is a roundup of number of bits needed for numlowerfs+1
		 * (i.e. ilog2(numlowerfs+1 - 1) + 1). fsid 0 is reserved for
		 * upper fs even with non upper overlay.
		 */
		BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 31);
		ofs->xino_bits = ilog2(ofs->numlowerfs) + 1;
	}

	if (ofs->xino_bits) {
		pr_info("overlayfs: \"xino\" feature enabled using %d upper inode bits.\n",
			ofs->xino_bits);
	}
1265

1266 1267 1268 1269 1270
	err = 0;
out:
	return err;
}

1271
static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
M
Miklos Szeredi 已提交
1272
					    struct ovl_fs *ofs)
1273 1274 1275
{
	int err;
	char *lowertmp, *lower;
1276 1277
	struct path *stack = NULL;
	unsigned int stacklen, numlower = 0, i;
1278
	bool remote = false;
1279
	struct ovl_entry *oe;
1280 1281

	err = -ENOMEM;
M
Miklos Szeredi 已提交
1282
	lowertmp = kstrdup(ofs->config.lowerdir, GFP_KERNEL);
1283
	if (!lowertmp)
1284
		goto out_err;
1285 1286 1287 1288 1289 1290

	err = -EINVAL;
	stacklen = ovl_split_lowerdirs(lowertmp);
	if (stacklen > OVL_MAX_STACK) {
		pr_err("overlayfs: too many lower directories, limit is %d\n",
		       OVL_MAX_STACK);
1291
		goto out_err;
M
Miklos Szeredi 已提交
1292
	} else if (!ofs->config.upperdir && stacklen == 1) {
1293
		pr_err("overlayfs: at least 2 lowerdir are needed while upperdir nonexistent\n");
1294
		goto out_err;
1295 1296 1297 1298
	} else if (!ofs->config.upperdir && ofs->config.nfs_export &&
		   ofs->config.redirect_follow) {
		pr_warn("overlayfs: NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
		ofs->config.nfs_export = false;
1299 1300 1301 1302 1303
	}

	err = -ENOMEM;
	stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL);
	if (!stack)
1304
		goto out_err;
1305 1306 1307 1308

	err = -EINVAL;
	lower = lowertmp;
	for (numlower = 0; numlower < stacklen; numlower++) {
M
Miklos Szeredi 已提交
1309
		err = ovl_lower_dir(lower, &stack[numlower], ofs,
1310 1311
				    &sb->s_stack_depth, &remote);
		if (err)
1312
			goto out_err;
1313 1314 1315 1316 1317 1318 1319 1320

		lower = strchr(lower, '\0') + 1;
	}

	err = -EINVAL;
	sb->s_stack_depth++;
	if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
		pr_err("overlayfs: maximum fs stacking depth exceeded\n");
1321
		goto out_err;
1322 1323
	}

M
Miklos Szeredi 已提交
1324
	err = ovl_get_lower_layers(ofs, stack, numlower);
1325 1326 1327 1328 1329 1330 1331 1332 1333 1334
	if (err)
		goto out_err;

	err = -ENOMEM;
	oe = ovl_alloc_entry(numlower);
	if (!oe)
		goto out_err;

	for (i = 0; i < numlower; i++) {
		oe->lowerstack[i].dentry = dget(stack[i].dentry);
M
Miklos Szeredi 已提交
1335
		oe->lowerstack[i].layer = &ofs->lower_layers[i];
1336
	}
1337 1338 1339 1340 1341 1342 1343 1344 1345 1346

	if (remote)
		sb->s_d_op = &ovl_reval_dentry_operations;
	else
		sb->s_d_op = &ovl_dentry_operations;

out:
	for (i = 0; i < numlower; i++)
		path_put(&stack[i]);
	kfree(stack);
1347 1348 1349 1350 1351 1352
	kfree(lowertmp);

	return oe;

out_err:
	oe = ERR_PTR(err);
1353 1354 1355
	goto out;
}

M
Miklos Szeredi 已提交
1356 1357
static int ovl_fill_super(struct super_block *sb, void *data, int silent)
{
K
Kees Cook 已提交
1358
	struct path upperpath = { };
M
Miklos Szeredi 已提交
1359
	struct dentry *root_dentry;
1360
	struct ovl_entry *oe;
M
Miklos Szeredi 已提交
1361
	struct ovl_fs *ofs;
1362
	struct cred *cred;
M
Miklos Szeredi 已提交
1363 1364
	int err;

E
Erez Zadok 已提交
1365
	err = -ENOMEM;
M
Miklos Szeredi 已提交
1366 1367
	ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
	if (!ofs)
M
Miklos Szeredi 已提交
1368 1369
		goto out;

M
Miklos Szeredi 已提交
1370
	ofs->creator_cred = cred = prepare_creds();
1371 1372 1373
	if (!cred)
		goto out_err;

M
Miklos Szeredi 已提交
1374
	ofs->config.index = ovl_index_def;
1375
	ofs->config.nfs_export = ovl_nfs_export_def;
1376
	ofs->config.xino = ovl_xino_def();
M
Miklos Szeredi 已提交
1377
	err = ovl_parse_opt((char *) data, &ofs->config);
E
Erez Zadok 已提交
1378
	if (err)
1379
		goto out_err;
E
Erez Zadok 已提交
1380

M
Miklos Szeredi 已提交
1381
	err = -EINVAL;
M
Miklos Szeredi 已提交
1382
	if (!ofs->config.lowerdir) {
1383 1384
		if (!silent)
			pr_err("overlayfs: missing 'lowerdir'\n");
1385
		goto out_err;
M
Miklos Szeredi 已提交
1386 1387
	}

M
Miklos Szeredi 已提交
1388
	sb->s_stack_depth = 0;
1389
	sb->s_maxbytes = MAX_LFS_FILESIZE;
1390
	/* Assume underlaying fs uses 32bit inodes unless proven otherwise */
1391 1392 1393
	if (ofs->config.xino != OVL_XINO_OFF)
		ofs->xino_bits = BITS_PER_LONG - 32;

M
Miklos Szeredi 已提交
1394 1395
	if (ofs->config.upperdir) {
		if (!ofs->config.workdir) {
M
Miklos Szeredi 已提交
1396
			pr_err("overlayfs: missing 'workdir'\n");
1397
			goto out_err;
M
Miklos Szeredi 已提交
1398
		}
M
Miklos Szeredi 已提交
1399

M
Miklos Szeredi 已提交
1400
		err = ovl_get_upper(ofs, &upperpath);
M
Miklos Szeredi 已提交
1401
		if (err)
1402
			goto out_err;
1403

M
Miklos Szeredi 已提交
1404
		err = ovl_get_workdir(ofs, &upperpath);
1405
		if (err)
1406
			goto out_err;
1407

M
Miklos Szeredi 已提交
1408
		if (!ofs->workdir)
1409
			sb->s_flags |= SB_RDONLY;
1410

M
Miklos Szeredi 已提交
1411 1412
		sb->s_stack_depth = ofs->upper_mnt->mnt_sb->s_stack_depth;
		sb->s_time_gran = ofs->upper_mnt->mnt_sb->s_time_gran;
1413

M
Miklos Szeredi 已提交
1414
	}
M
Miklos Szeredi 已提交
1415
	oe = ovl_get_lowerstack(sb, ofs);
1416 1417
	err = PTR_ERR(oe);
	if (IS_ERR(oe))
1418
		goto out_err;
M
Miklos Szeredi 已提交
1419

H
hujianyang 已提交
1420
	/* If the upper fs is nonexistent, we mark overlayfs r/o too */
M
Miklos Szeredi 已提交
1421
	if (!ofs->upper_mnt)
1422
		sb->s_flags |= SB_RDONLY;
M
Miklos Szeredi 已提交
1423

M
Miklos Szeredi 已提交
1424 1425
	if (!(ovl_force_readonly(ofs)) && ofs->config.index) {
		err = ovl_get_indexdir(ofs, oe, &upperpath);
1426
		if (err)
1427
			goto out_free_oe;
1428

1429 1430 1431 1432
		/* Force r/o mount with no index dir */
		if (!ofs->indexdir) {
			dput(ofs->workdir);
			ofs->workdir = NULL;
1433
			sb->s_flags |= SB_RDONLY;
1434 1435
		}

1436 1437
	}

1438
	/* Show index=off in /proc/mounts for forced r/o mount */
1439
	if (!ofs->indexdir) {
M
Miklos Szeredi 已提交
1440
		ofs->config.index = false;
1441 1442 1443 1444 1445
		if (ofs->upper_mnt && ofs->config.nfs_export) {
			pr_warn("overlayfs: NFS export requires an index dir, falling back to nfs_export=off.\n");
			ofs->config.nfs_export = false;
		}
	}
1446

1447 1448 1449
	if (ofs->config.nfs_export)
		sb->s_export_op = &ovl_export_operations;

1450 1451 1452
	/* Never override disk quota limits or use reserved space */
	cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);

1453 1454 1455
	sb->s_magic = OVERLAYFS_SUPER_MAGIC;
	sb->s_op = &ovl_super_operations;
	sb->s_xattr = ovl_xattr_handlers;
M
Miklos Szeredi 已提交
1456
	sb->s_fs_info = ofs;
1457
	sb->s_flags |= SB_POSIXACL | SB_NOREMOTELOCK;
1458

1459
	err = -ENOMEM;
1460
	root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
M
Miklos Szeredi 已提交
1461
	if (!root_dentry)
1462
		goto out_free_oe;
M
Miklos Szeredi 已提交
1463

1464 1465
	root_dentry->d_fsdata = oe;

M
Miklos Szeredi 已提交
1466
	mntput(upperpath.mnt);
1467
	if (upperpath.dentry) {
1468
		ovl_dentry_set_upper_alias(root_dentry);
M
Miklos Szeredi 已提交
1469 1470
		if (ovl_is_impuredir(upperpath.dentry))
			ovl_set_flag(OVL_IMPURE, d_inode(root_dentry));
1471
	}
M
Miklos Szeredi 已提交
1472

1473 1474
	/* Root is always merge -> can have whiteouts */
	ovl_set_flag(OVL_WHITEOUTS, d_inode(root_dentry));
1475
	ovl_dentry_set_flag(OVL_E_CONNECTED, root_dentry);
1476 1477
	ovl_inode_init(d_inode(root_dentry), upperpath.dentry,
		       ovl_dentry_lower(root_dentry));
M
Miklos Szeredi 已提交
1478

M
Miklos Szeredi 已提交
1479 1480 1481 1482
	sb->s_root = root_dentry;

	return 0;

1483 1484
out_free_oe:
	ovl_entry_stack_free(oe);
1485
	kfree(oe);
1486
out_err:
M
Miklos Szeredi 已提交
1487
	path_put(&upperpath);
M
Miklos Szeredi 已提交
1488
	ovl_free_fs(ofs);
M
Miklos Szeredi 已提交
1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500
out:
	return err;
}

static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
				const char *dev_name, void *raw_data)
{
	return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
}

static struct file_system_type ovl_fs_type = {
	.owner		= THIS_MODULE,
1501
	.name		= "overlay",
M
Miklos Szeredi 已提交
1502 1503 1504
	.mount		= ovl_mount,
	.kill_sb	= kill_anon_super,
};
1505
MODULE_ALIAS_FS("overlay");
M
Miklos Szeredi 已提交
1506

1507 1508 1509 1510 1511 1512 1513
static void ovl_inode_init_once(void *foo)
{
	struct ovl_inode *oi = foo;

	inode_init_once(&oi->vfs_inode);
}

M
Miklos Szeredi 已提交
1514 1515
static int __init ovl_init(void)
{
1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530
	int err;

	ovl_inode_cachep = kmem_cache_create("ovl_inode",
					     sizeof(struct ovl_inode), 0,
					     (SLAB_RECLAIM_ACCOUNT|
					      SLAB_MEM_SPREAD|SLAB_ACCOUNT),
					     ovl_inode_init_once);
	if (ovl_inode_cachep == NULL)
		return -ENOMEM;

	err = register_filesystem(&ovl_fs_type);
	if (err)
		kmem_cache_destroy(ovl_inode_cachep);

	return err;
M
Miklos Szeredi 已提交
1531 1532 1533 1534 1535
}

static void __exit ovl_exit(void)
{
	unregister_filesystem(&ovl_fs_type);
1536 1537 1538 1539 1540 1541 1542 1543

	/*
	 * Make sure all delayed rcu free inodes are flushed before we
	 * destroy cache.
	 */
	rcu_barrier();
	kmem_cache_destroy(ovl_inode_cachep);

M
Miklos Szeredi 已提交
1544 1545 1546 1547
}

module_init(ovl_init);
module_exit(ovl_exit);