Merge tag 'ovl-update-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs

+39 -5

Documentation/filesystems/overlayfs.rst

··· 231 231 Redirects are enabled. 232 232 - "redirect_dir=follow": 233 233 Redirects are not created, but followed. 234 - - "redirect_dir=off": 235 - Redirects are not created and only followed if "redirect_always_follow" 236 - feature is enabled in the kernel/module config. 237 234 - "redirect_dir=nofollow": 238 - Redirects are not created and not followed (equivalent to "redirect_dir=off" 239 - if "redirect_always_follow" feature is not enabled). 235 + Redirects are not created and not followed. 236 + - "redirect_dir=off": 237 + If "redirect_always_follow" is enabled in the kernel/module config, 238 + this "off" traslates to "follow", otherwise it translates to "nofollow". 240 239 241 240 When the NFS export feature is enabled, every copied up directory is 242 241 indexed by the file handle of the lower inode and a file handle of the ··· 369 370 370 371 [*] redirect_dir=follow only conflicts with metacopy=on if upperdir=... is 371 372 given. 373 + 374 + 375 + Data-only lower layers 376 + ---------------------- 377 + 378 + With "metacopy" feature enabled, an overlayfs regular file may be a composition 379 + of information from up to three different layers: 380 + 381 + 1) metadata from a file in the upper layer 382 + 383 + 2) st_ino and st_dev object identifier from a file in a lower layer 384 + 385 + 3) data from a file in another lower layer (further below) 386 + 387 + The "lower data" file can be on any lower layer, except from the top most 388 + lower layer. 389 + 390 + Below the top most lower layer, any number of lower most layers may be defined 391 + as "data-only" lower layers, using double colon ("::") separators. 392 + A normal lower layer is not allowed to be below a data-only layer, so single 393 + colon separators are not allowed to the right of double colon ("::") separators. 394 + 395 + 396 + For example: 397 + 398 + mount -t overlay overlay -olowerdir=/l1:/l2:/l3::/do1::/do2 /merged 399 + 400 + The paths of files in the "data-only" lower layers are not visible in the 401 + merged overlayfs directories and the metadata and st_ino/st_dev of files 402 + in the "data-only" lower layers are not visible in overlayfs inodes. 403 + 404 + Only the data of the files in the "data-only" lower layers may be visible 405 + when a "metacopy" file in one of the lower layers above it, has a "redirect" 406 + to the absolute path of the "lower data" file in the "data-only" lower layer. 407 + 372 408 373 409 Sharing and copying layers 374 410 --------------------------

+1

MAINTAINERS

··· 15937 15937 15938 15938 OVERLAY FILESYSTEM 15939 15939 M: Miklos Szeredi <miklos@szeredi.hu> 15940 + M: Amir Goldstein <amir73il@gmail.com> 15940 15941 L: linux-unionfs@vger.kernel.org 15941 15942 S: Supported 15942 15943 T: git git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git

+1 -1

fs/overlayfs/Makefile

··· 6 6 obj-$(CONFIG_OVERLAY_FS) += overlay.o 7 7 8 8 overlay-objs := super.o namei.o util.o inode.o file.o dir.o readdir.o \ 9 - copy_up.o export.o 9 + copy_up.o export.o params.o

+11

fs/overlayfs/copy_up.c

··· 575 575 /* Restore timestamps on parent (best effort) */ 576 576 ovl_set_timestamps(ofs, upperdir, &c->pstat); 577 577 ovl_dentry_set_upper_alias(c->dentry); 578 + ovl_dentry_update_reval(c->dentry, upper); 578 579 } 579 580 } 580 581 inode_unlock(udir); ··· 895 894 inode_unlock(udir); 896 895 897 896 ovl_dentry_set_upper_alias(c->dentry); 897 + ovl_dentry_update_reval(c->dentry, ovl_dentry_upper(c->dentry)); 898 898 } 899 899 900 900 out: ··· 1072 1070 */ 1073 1071 if (WARN_ON(disconnected && d_is_dir(dentry))) 1074 1072 return -EIO; 1073 + 1074 + /* 1075 + * We may not need lowerdata if we are only doing metacopy up, but it is 1076 + * not very important to optimize this case, so do lazy lowerdata lookup 1077 + * before any copy up, so we can do it before taking ovl_inode_lock(). 1078 + */ 1079 + err = ovl_maybe_lookup_lowerdata(dentry); 1080 + if (err) 1081 + return err; 1075 1082 1076 1083 old_cred = ovl_override_creds(dentry->d_sb); 1077 1084 while (!err) {

+4 -5

fs/overlayfs/dir.c

··· 83 83 ofs->whiteout = whiteout; 84 84 } 85 85 86 - if (ofs->share_whiteout) { 86 + if (!ofs->no_shared_whiteout) { 87 87 whiteout = ovl_lookup_temp(ofs, workdir); 88 88 if (IS_ERR(whiteout)) 89 89 goto out; ··· 95 95 if (err != -EMLINK) { 96 96 pr_warn("Failed to link whiteout - disabling whiteout inode sharing(nlink=%u, err=%i)\n", 97 97 ofs->whiteout->d_inode->i_nlink, err); 98 - ofs->share_whiteout = false; 98 + ofs->no_shared_whiteout = true; 99 99 } 100 100 dput(whiteout); 101 101 } ··· 269 269 270 270 ovl_dir_modified(dentry->d_parent, false); 271 271 ovl_dentry_set_upper_alias(dentry); 272 - ovl_dentry_update_reval(dentry, newdentry, 273 - DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE); 272 + ovl_dentry_init_reval(dentry, newdentry, NULL); 274 273 275 274 if (!hardlink) { 276 275 /* ··· 952 953 953 954 static bool ovl_can_move(struct dentry *dentry) 954 955 { 955 - return ovl_redirect_dir(dentry->d_sb) || 956 + return ovl_redirect_dir(OVL_FS(dentry->d_sb)) || 956 957 !d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry); 957 958 } 958 959

+21 -20

fs/overlayfs/export.c

··· 80 80 81 81 /* We can get overlay root from root of any layer */ 82 82 if (dentry == dentry->d_sb->s_root) 83 - return oe->numlower; 83 + return ovl_numlower(oe); 84 84 85 85 /* 86 86 * If it's an unindexed merge dir, then it's not connectable with any ··· 91 91 return 0; 92 92 93 93 /* We can get upper/overlay path from indexed/lower dentry */ 94 - return oe->lowerstack[0].layer->idx; 94 + return ovl_lowerstack(oe)->layer->idx; 95 95 } 96 96 97 97 /* ··· 105 105 static int ovl_connect_layer(struct dentry *dentry) 106 106 { 107 107 struct dentry *next, *parent = NULL; 108 + struct ovl_entry *oe = OVL_E(dentry); 108 109 int origin_layer; 109 110 int err = 0; 110 111 ··· 113 112 WARN_ON(!ovl_dentry_lower(dentry))) 114 113 return -EIO; 115 114 116 - origin_layer = OVL_E(dentry)->lowerstack[0].layer->idx; 115 + origin_layer = ovl_lowerstack(oe)->layer->idx; 117 116 if (ovl_dentry_test_flag(OVL_E_CONNECTED, dentry)) 118 117 return origin_layer; 119 118 ··· 286 285 struct dentry *lower = lowerpath ? lowerpath->dentry : NULL; 287 286 struct dentry *upper = upper_alias ?: index; 288 287 struct dentry *dentry; 289 - struct inode *inode; 288 + struct inode *inode = NULL; 290 289 struct ovl_entry *oe; 291 290 struct ovl_inode_params oip = { 292 - .lowerpath = lowerpath, 293 291 .index = index, 294 - .numlower = !!lower 295 292 }; 296 293 297 294 /* We get overlay directory dentries with ovl_lookup_real() */ 298 295 if (d_is_dir(upper ?: lower)) 299 296 return ERR_PTR(-EIO); 300 297 298 + oe = ovl_alloc_entry(!!lower); 299 + if (!oe) 300 + return ERR_PTR(-ENOMEM); 301 + 301 302 oip.upperdentry = dget(upper); 303 + if (lower) { 304 + ovl_lowerstack(oe)->dentry = dget(lower); 305 + ovl_lowerstack(oe)->layer = lowerpath->layer; 306 + } 307 + oip.oe = oe; 302 308 inode = ovl_get_inode(sb, &oip); 303 309 if (IS_ERR(inode)) { 310 + ovl_free_entry(oe); 304 311 dput(upper); 305 312 return ERR_CAST(inode); 306 313 } ··· 323 314 dentry = d_alloc_anon(inode->i_sb); 324 315 if (unlikely(!dentry)) 325 316 goto nomem; 326 - oe = ovl_alloc_entry(lower ? 1 : 0); 327 - if (!oe) 328 - goto nomem; 329 317 330 - if (lower) { 331 - oe->lowerstack->dentry = dget(lower); 332 - oe->lowerstack->layer = lowerpath->layer; 333 - } 334 - dentry->d_fsdata = oe; 335 318 if (upper_alias) 336 319 ovl_dentry_set_upper_alias(dentry); 337 320 338 - ovl_dentry_update_reval(dentry, upper, 339 - DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE); 321 + ovl_dentry_init_reval(dentry, upper, OVL_I_E(inode)); 340 322 341 323 return d_instantiate_anon(dentry, inode); 342 324 ··· 342 342 /* Get the upper or lower dentry in stack whose on layer @idx */ 343 343 static struct dentry *ovl_dentry_real_at(struct dentry *dentry, int idx) 344 344 { 345 - struct ovl_entry *oe = dentry->d_fsdata; 345 + struct ovl_entry *oe = OVL_E(dentry); 346 + struct ovl_path *lowerstack = ovl_lowerstack(oe); 346 347 int i; 347 348 348 349 if (!idx) 349 350 return ovl_dentry_upper(dentry); 350 351 351 - for (i = 0; i < oe->numlower; i++) { 352 - if (oe->lowerstack[i].layer->idx == idx) 353 - return oe->lowerstack[i].dentry; 352 + for (i = 0; i < ovl_numlower(oe); i++) { 353 + if (lowerstack[i].layer->idx == idx) 354 + return lowerstack[i].dentry; 354 355 } 355 356 356 357 return NULL;

+19 -2

fs/overlayfs/file.c

··· 107 107 { 108 108 struct dentry *dentry = file_dentry(file); 109 109 struct path realpath; 110 + int err; 110 111 111 112 real->flags = 0; 112 113 real->file = file->private_data; 113 114 114 - if (allow_meta) 115 + if (allow_meta) { 115 116 ovl_path_real(dentry, &realpath); 116 - else 117 + } else { 118 + /* lazy lookup of lowerdata */ 119 + err = ovl_maybe_lookup_lowerdata(dentry); 120 + if (err) 121 + return err; 122 + 117 123 ovl_path_realdata(dentry, &realpath); 124 + } 125 + if (!realpath.dentry) 126 + return -EIO; 118 127 119 128 /* Has it been copied up since we'd opened it? */ 120 129 if (unlikely(file_inode(real->file) != d_inode(realpath.dentry))) { ··· 159 150 struct path realpath; 160 151 int err; 161 152 153 + /* lazy lookup of lowerdata */ 154 + err = ovl_maybe_lookup_lowerdata(dentry); 155 + if (err) 156 + return err; 157 + 162 158 err = ovl_maybe_copy_up(dentry, file->f_flags); 163 159 if (err) 164 160 return err; ··· 172 158 file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); 173 159 174 160 ovl_path_realdata(dentry, &realpath); 161 + if (!realpath.dentry) 162 + return -EIO; 163 + 175 164 realfile = ovl_open_realfile(file, &realpath); 176 165 if (IS_ERR(realfile)) 177 166 return PTR_ERR(realfile);

+40 -33

fs/overlayfs/inode.c

··· 97 97 98 98 static void ovl_map_dev_ino(struct dentry *dentry, struct kstat *stat, int fsid) 99 99 { 100 - bool samefs = ovl_same_fs(dentry->d_sb); 101 - unsigned int xinobits = ovl_xino_bits(dentry->d_sb); 100 + struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 101 + bool samefs = ovl_same_fs(ofs); 102 + unsigned int xinobits = ovl_xino_bits(ofs); 102 103 unsigned int xinoshift = 64 - xinobits; 103 104 104 105 if (samefs) { ··· 124 123 stat->ino |= ((u64)fsid) << (xinoshift + 1); 125 124 stat->dev = dentry->d_sb->s_dev; 126 125 return; 127 - } else if (ovl_xino_warn(dentry->d_sb)) { 126 + } else if (ovl_xino_warn(ofs)) { 128 127 pr_warn_ratelimited("inode number too big (%pd2, ino=%llu, xinobits=%d)\n", 129 128 dentry, stat->ino, xinobits); 130 129 } ··· 150 149 * is unique per underlying fs, so we use the unique anonymous 151 150 * bdev assigned to the underlying fs. 152 151 */ 153 - stat->dev = OVL_FS(dentry->d_sb)->fs[fsid].pseudo_dev; 152 + stat->dev = ofs->fs[fsid].pseudo_dev; 154 153 } 155 154 } 156 155 ··· 187 186 * If lower filesystem supports NFS file handles, this also guaranties 188 187 * persistent st_ino across mount cycle. 189 188 */ 190 - if (!is_dir || ovl_same_dev(dentry->d_sb)) { 189 + if (!is_dir || ovl_same_dev(OVL_FS(dentry->d_sb))) { 191 190 if (!OVL_TYPE_UPPER(type)) { 192 191 fsid = ovl_layer_lower(dentry)->fsid; 193 192 } else if (OVL_TYPE_ORIGIN(type)) { ··· 241 240 /* 242 241 * If lower is not same as lowerdata or if there was 243 242 * no origin on upper, we can end up here. 243 + * With lazy lowerdata lookup, guess lowerdata blocks 244 + * from size to avoid lowerdata lookup on stat(2). 244 245 */ 245 246 struct kstat lowerdatastat; 246 247 u32 lowermask = STATX_BLOCKS; 247 248 248 249 ovl_path_lowerdata(dentry, &realpath); 249 - err = vfs_getattr(&realpath, &lowerdatastat, 250 - lowermask, flags); 251 - if (err) 252 - goto out; 250 + if (realpath.dentry) { 251 + err = vfs_getattr(&realpath, &lowerdatastat, 252 + lowermask, flags); 253 + if (err) 254 + goto out; 255 + } else { 256 + lowerdatastat.blocks = 257 + round_up(stat->size, stat->blksize) >> 9; 258 + } 253 259 stat->blocks = lowerdatastat.blocks; 254 260 } 255 261 } ··· 296 288 int err; 297 289 298 290 /* Careful in RCU walk mode */ 299 - ovl_i_path_real(inode, &realpath); 300 - if (!realpath.dentry) { 291 + realinode = ovl_i_path_real(inode, &realpath); 292 + if (!realinode) { 301 293 WARN_ON(!(mask & MAY_NOT_BLOCK)); 302 294 return -ECHILD; 303 295 } ··· 310 302 if (err) 311 303 return err; 312 304 313 - realinode = d_inode(realpath.dentry); 314 305 old_cred = ovl_override_creds(inode->i_sb); 315 306 if (!upperinode && 316 307 !special_file(realinode->i_mode) && mask & MAY_WRITE) { ··· 566 559 struct inode *inode, int type, 567 560 bool rcu, bool noperm) 568 561 { 569 - struct inode *realinode = ovl_inode_real(inode); 562 + struct inode *realinode; 570 563 struct posix_acl *acl; 571 564 struct path realpath; 572 565 573 - if (!IS_POSIXACL(realinode)) 574 - return NULL; 575 - 576 566 /* Careful in RCU walk mode */ 577 - ovl_i_path_real(inode, &realpath); 578 - if (!realpath.dentry) { 567 + realinode = ovl_i_path_real(inode, &realpath); 568 + if (!realinode) { 579 569 WARN_ON(!rcu); 580 570 return ERR_PTR(-ECHILD); 581 571 } 572 + 573 + if (!IS_POSIXACL(realinode)) 574 + return NULL; 582 575 583 576 if (rcu) { 584 577 /* ··· 716 709 int err; 717 710 struct inode *realinode = ovl_inode_realdata(inode); 718 711 const struct cred *old_cred; 712 + 713 + if (!realinode) 714 + return -EIO; 719 715 720 716 if (!realinode->i_op->fiemap) 721 717 return -EOPNOTSUPP; ··· 962 952 963 953 static void ovl_next_ino(struct inode *inode) 964 954 { 965 - struct ovl_fs *ofs = inode->i_sb->s_fs_info; 955 + struct ovl_fs *ofs = OVL_FS(inode->i_sb); 966 956 967 957 inode->i_ino = atomic_long_inc_return(&ofs->last_ino); 968 958 if (unlikely(!inode->i_ino)) ··· 971 961 972 962 static void ovl_map_ino(struct inode *inode, unsigned long ino, int fsid) 973 963 { 974 - int xinobits = ovl_xino_bits(inode->i_sb); 964 + struct ovl_fs *ofs = OVL_FS(inode->i_sb); 965 + int xinobits = ovl_xino_bits(ofs); 975 966 unsigned int xinoshift = 64 - xinobits; 976 967 977 968 /* ··· 983 972 * with d_ino also causes nfsd readdirplus to fail. 984 973 */ 985 974 inode->i_ino = ino; 986 - if (ovl_same_fs(inode->i_sb)) { 975 + if (ovl_same_fs(ofs)) { 987 976 return; 988 977 } else if (xinobits && likely(!(ino >> xinoshift))) { 989 978 inode->i_ino |= (unsigned long)fsid << (xinoshift + 1); ··· 1014 1003 struct inode *realinode; 1015 1004 struct ovl_inode *oi = OVL_I(inode); 1016 1005 1017 - if (oip->upperdentry) 1018 - oi->__upperdentry = oip->upperdentry; 1019 - if (oip->lowerpath && oip->lowerpath->dentry) { 1020 - oi->lowerpath.dentry = dget(oip->lowerpath->dentry); 1021 - oi->lowerpath.layer = oip->lowerpath->layer; 1022 - } 1023 - if (oip->lowerdata) 1024 - oi->lowerdata = igrab(d_inode(oip->lowerdata)); 1006 + oi->__upperdentry = oip->upperdentry; 1007 + oi->oe = oip->oe; 1008 + oi->redirect = oip->redirect; 1009 + oi->lowerdata_redirect = oip->lowerdata_redirect; 1025 1010 1026 1011 realinode = ovl_inode_real(inode); 1027 1012 ovl_copyattr(inode); ··· 1332 1325 { 1333 1326 struct ovl_fs *ofs = OVL_FS(sb); 1334 1327 struct dentry *upperdentry = oip->upperdentry; 1335 - struct ovl_path *lowerpath = oip->lowerpath; 1328 + struct ovl_path *lowerpath = ovl_lowerpath(oip->oe); 1336 1329 struct inode *realinode = upperdentry ? d_inode(upperdentry) : NULL; 1337 1330 struct inode *inode; 1338 1331 struct dentry *lowerdentry = lowerpath ? lowerpath->dentry : NULL; ··· 1376 1369 } 1377 1370 1378 1371 dput(upperdentry); 1372 + ovl_free_entry(oip->oe); 1379 1373 kfree(oip->redirect); 1374 + kfree(oip->lowerdata_redirect); 1380 1375 goto out; 1381 1376 } 1382 1377 ··· 1407 1398 if (oip->index) 1408 1399 ovl_set_flag(OVL_INDEX, inode); 1409 1400 1410 - OVL_I(inode)->redirect = oip->redirect; 1411 - 1412 1401 if (bylower) 1413 1402 ovl_set_flag(OVL_CONST_INO, inode); 1414 1403 1415 1404 /* Check for non-merge dir that may have whiteouts */ 1416 1405 if (is_dir) { 1417 - if (((upperdentry && lowerdentry) || oip->numlower > 1) || 1406 + if (((upperdentry && lowerdentry) || ovl_numlower(oip->oe) > 1) || 1418 1407 ovl_path_check_origin_xattr(ofs, &realpath)) { 1419 1408 ovl_set_flag(OVL_WHITEOUTS, inode); 1420 1409 }

+157 -44

fs/overlayfs/namei.c

··· 14 14 #include <linux/exportfs.h> 15 15 #include "overlayfs.h" 16 16 17 + #include "../internal.h" /* for vfs_path_lookup */ 18 + 17 19 struct ovl_lookup_data { 18 20 struct super_block *sb; 19 21 struct vfsmount *mnt; ··· 26 24 bool last; 27 25 char *redirect; 28 26 bool metacopy; 27 + /* Referring to last redirect xattr */ 28 + bool absolute_redirect; 29 29 }; 30 30 31 31 static int ovl_check_redirect(const struct path *path, struct ovl_lookup_data *d, ··· 37 33 char *buf; 38 34 struct ovl_fs *ofs = OVL_FS(d->sb); 39 35 36 + d->absolute_redirect = false; 40 37 buf = ovl_get_redirect_xattr(ofs, path, prelen + strlen(post)); 41 38 if (IS_ERR_OR_NULL(buf)) 42 39 return PTR_ERR(buf); 43 40 44 41 if (buf[0] == '/') { 42 + d->absolute_redirect = true; 45 43 /* 46 44 * One of the ancestor path elements in an absolute path 47 45 * lookup in ovl_lookup_layer() could have been opaque and ··· 355 349 return 0; 356 350 } 357 351 352 + static int ovl_lookup_data_layer(struct dentry *dentry, const char *redirect, 353 + const struct ovl_layer *layer, 354 + struct path *datapath) 355 + { 356 + int err; 357 + 358 + err = vfs_path_lookup(layer->mnt->mnt_root, layer->mnt, redirect, 359 + LOOKUP_BENEATH | LOOKUP_NO_SYMLINKS | LOOKUP_NO_XDEV, 360 + datapath); 361 + pr_debug("lookup lowerdata (%pd2, redirect=\"%s\", layer=%d, err=%i)\n", 362 + dentry, redirect, layer->idx, err); 363 + 364 + if (err) 365 + return err; 366 + 367 + err = -EREMOTE; 368 + if (ovl_dentry_weird(datapath->dentry)) 369 + goto out_path_put; 370 + 371 + err = -ENOENT; 372 + /* Only regular file is acceptable as lower data */ 373 + if (!d_is_reg(datapath->dentry)) 374 + goto out_path_put; 375 + 376 + return 0; 377 + 378 + out_path_put: 379 + path_put(datapath); 380 + 381 + return err; 382 + } 383 + 384 + /* Lookup in data-only layers by absolute redirect to layer root */ 385 + static int ovl_lookup_data_layers(struct dentry *dentry, const char *redirect, 386 + struct ovl_path *lowerdata) 387 + { 388 + struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 389 + const struct ovl_layer *layer; 390 + struct path datapath; 391 + int err = -ENOENT; 392 + int i; 393 + 394 + layer = &ofs->layers[ofs->numlayer - ofs->numdatalayer]; 395 + for (i = 0; i < ofs->numdatalayer; i++, layer++) { 396 + err = ovl_lookup_data_layer(dentry, redirect, layer, &datapath); 397 + if (!err) { 398 + mntput(datapath.mnt); 399 + lowerdata->dentry = datapath.dentry; 400 + lowerdata->layer = layer; 401 + return 0; 402 + } 403 + } 404 + 405 + return err; 406 + } 358 407 359 408 int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected, 360 409 struct dentry *upperdentry, struct ovl_path **stackp) ··· 417 356 struct dentry *origin = NULL; 418 357 int i; 419 358 420 - for (i = 1; i < ofs->numlayer; i++) { 359 + for (i = 1; i <= ovl_numlowerlayer(ofs); i++) { 421 360 /* 422 361 * If lower fs uuid is not unique among lower fs we cannot match 423 362 * fh->uuid to layer. ··· 851 790 */ 852 791 int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 853 792 { 854 - struct ovl_entry *oe = dentry->d_fsdata; 793 + struct ovl_entry *oe = OVL_E(dentry); 794 + struct ovl_path *lowerstack = ovl_lowerstack(oe); 855 795 856 796 BUG_ON(idx < 0); 857 797 if (idx == 0) { 858 798 ovl_path_upper(dentry, path); 859 799 if (path->dentry) 860 - return oe->numlower ? 1 : -1; 800 + return ovl_numlower(oe) ? 1 : -1; 861 801 idx++; 862 802 } 863 - BUG_ON(idx > oe->numlower); 864 - path->dentry = oe->lowerstack[idx - 1].dentry; 865 - path->mnt = oe->lowerstack[idx - 1].layer->mnt; 803 + BUG_ON(idx > ovl_numlower(oe)); 804 + path->dentry = lowerstack[idx - 1].dentry; 805 + path->mnt = lowerstack[idx - 1].layer->mnt; 866 806 867 - return (idx < oe->numlower) ? idx + 1 : -1; 807 + return (idx < ovl_numlower(oe)) ? idx + 1 : -1; 868 808 } 869 809 870 810 /* Fix missing 'origin' xattr */ ··· 889 827 return err; 890 828 } 891 829 830 + /* Lazy lookup of lowerdata */ 831 + int ovl_maybe_lookup_lowerdata(struct dentry *dentry) 832 + { 833 + struct inode *inode = d_inode(dentry); 834 + const char *redirect = ovl_lowerdata_redirect(inode); 835 + struct ovl_path datapath = {}; 836 + const struct cred *old_cred; 837 + int err; 838 + 839 + if (!redirect || ovl_dentry_lowerdata(dentry)) 840 + return 0; 841 + 842 + if (redirect[0] != '/') 843 + return -EIO; 844 + 845 + err = ovl_inode_lock_interruptible(inode); 846 + if (err) 847 + return err; 848 + 849 + err = 0; 850 + /* Someone got here before us? */ 851 + if (ovl_dentry_lowerdata(dentry)) 852 + goto out; 853 + 854 + old_cred = ovl_override_creds(dentry->d_sb); 855 + err = ovl_lookup_data_layers(dentry, redirect, &datapath); 856 + revert_creds(old_cred); 857 + if (err) 858 + goto out_err; 859 + 860 + err = ovl_dentry_set_lowerdata(dentry, &datapath); 861 + if (err) 862 + goto out_err; 863 + 864 + out: 865 + ovl_inode_unlock(inode); 866 + dput(datapath.dentry); 867 + 868 + return err; 869 + 870 + out_err: 871 + pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n", 872 + dentry, err); 873 + goto out; 874 + } 875 + 892 876 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 893 877 unsigned int flags) 894 878 { 895 - struct ovl_entry *oe; 879 + struct ovl_entry *oe = NULL; 896 880 const struct cred *old_cred; 897 881 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 898 - struct ovl_entry *poe = dentry->d_parent->d_fsdata; 899 - struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 882 + struct ovl_entry *poe = OVL_E(dentry->d_parent); 883 + struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root); 900 884 struct ovl_path *stack = NULL, *origin_path = NULL; 901 885 struct dentry *upperdir, *upperdentry = NULL; 902 886 struct dentry *origin = NULL; ··· 961 853 .is_dir = false, 962 854 .opaque = false, 963 855 .stop = false, 964 - .last = ofs->config.redirect_follow ? false : !poe->numlower, 856 + .last = ovl_redirect_follow(ofs) ? false : !ovl_numlower(poe), 965 857 .redirect = NULL, 966 858 .metacopy = false, 967 859 }; ··· 1012 904 upperopaque = d.opaque; 1013 905 } 1014 906 1015 - if (!d.stop && poe->numlower) { 907 + if (!d.stop && ovl_numlower(poe)) { 1016 908 err = -ENOMEM; 1017 - stack = kcalloc(ofs->numlayer - 1, sizeof(struct ovl_path), 1018 - GFP_KERNEL); 909 + stack = ovl_stack_alloc(ofs->numlayer - 1); 1019 910 if (!stack) 1020 911 goto out_put_upper; 1021 912 } 1022 913 1023 - for (i = 0; !d.stop && i < poe->numlower; i++) { 1024 - struct ovl_path lower = poe->lowerstack[i]; 914 + for (i = 0; !d.stop && i < ovl_numlower(poe); i++) { 915 + struct ovl_path lower = ovl_lowerstack(poe)[i]; 1025 916 1026 - if (!ofs->config.redirect_follow) 1027 - d.last = i == poe->numlower - 1; 1028 - else 1029 - d.last = lower.layer->idx == roe->numlower; 917 + if (!ovl_redirect_follow(ofs)) 918 + d.last = i == ovl_numlower(poe) - 1; 919 + else if (d.is_dir || !ofs->numdatalayer) 920 + d.last = lower.layer->idx == ovl_numlower(roe); 1030 921 1031 922 d.mnt = lower.layer->mnt; 1032 923 err = ovl_lookup_layer(lower.dentry, &d, &this, false); ··· 1102 995 * this attack vector when not necessary. 1103 996 */ 1104 997 err = -EPERM; 1105 - if (d.redirect && !ofs->config.redirect_follow) { 998 + if (d.redirect && !ovl_redirect_follow(ofs)) { 1106 999 pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", 1107 1000 dentry); 1108 1001 goto out_put; ··· 1116 1009 /* Find the current layer on the root dentry */ 1117 1010 i = lower.layer->idx - 1; 1118 1011 } 1012 + } 1013 + 1014 + /* Defer lookup of lowerdata in data-only layers to first access */ 1015 + if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) { 1016 + d.metacopy = false; 1017 + ctr++; 1119 1018 } 1120 1019 1121 1020 /* ··· 1180 1067 } 1181 1068 } 1182 1069 1183 - oe = ovl_alloc_entry(ctr); 1184 - err = -ENOMEM; 1185 - if (!oe) 1186 - goto out_put; 1070 + if (ctr) { 1071 + oe = ovl_alloc_entry(ctr); 1072 + err = -ENOMEM; 1073 + if (!oe) 1074 + goto out_put; 1187 1075 1188 - memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr); 1189 - dentry->d_fsdata = oe; 1076 + ovl_stack_cpy(ovl_lowerstack(oe), stack, ctr); 1077 + } 1190 1078 1191 1079 if (upperopaque) 1192 1080 ovl_dentry_set_opaque(dentry); ··· 1220 1106 if (upperdentry || ctr) { 1221 1107 struct ovl_inode_params oip = { 1222 1108 .upperdentry = upperdentry, 1223 - .lowerpath = stack, 1109 + .oe = oe, 1224 1110 .index = index, 1225 - .numlower = ctr, 1226 1111 .redirect = upperredirect, 1227 - .lowerdata = (ctr > 1 && !d.is_dir) ? 1228 - stack[ctr - 1].dentry : NULL, 1229 1112 }; 1230 1113 1114 + /* Store lowerdata redirect for lazy lookup */ 1115 + if (ctr > 1 && !d.is_dir && !stack[ctr - 1].dentry) { 1116 + oip.lowerdata_redirect = d.redirect; 1117 + d.redirect = NULL; 1118 + } 1231 1119 inode = ovl_get_inode(dentry->d_sb, &oip); 1232 1120 err = PTR_ERR(inode); 1233 1121 if (IS_ERR(inode)) ··· 1238 1122 ovl_set_flag(OVL_UPPERDATA, inode); 1239 1123 } 1240 1124 1241 - ovl_dentry_update_reval(dentry, upperdentry, 1242 - DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE); 1125 + ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode)); 1243 1126 1244 1127 revert_creds(old_cred); 1245 1128 if (origin_path) { ··· 1246 1131 kfree(origin_path); 1247 1132 } 1248 1133 dput(index); 1249 - kfree(stack); 1134 + ovl_stack_free(stack, ctr); 1250 1135 kfree(d.redirect); 1251 1136 return d_splice_alias(inode, dentry); 1252 1137 1253 1138 out_free_oe: 1254 - dentry->d_fsdata = NULL; 1255 - kfree(oe); 1139 + ovl_free_entry(oe); 1256 1140 out_put: 1257 1141 dput(index); 1258 - for (i = 0; i < ctr; i++) 1259 - dput(stack[i].dentry); 1260 - kfree(stack); 1142 + ovl_stack_free(stack, ctr); 1261 1143 out_put_upper: 1262 1144 if (origin_path) { 1263 1145 dput(origin_path->dentry); ··· 1270 1158 1271 1159 bool ovl_lower_positive(struct dentry *dentry) 1272 1160 { 1273 - struct ovl_entry *poe = dentry->d_parent->d_fsdata; 1161 + struct ovl_entry *poe = OVL_E(dentry->d_parent); 1274 1162 const struct qstr *name = &dentry->d_name; 1275 1163 const struct cred *old_cred; 1276 1164 unsigned int i; ··· 1290 1178 1291 1179 old_cred = ovl_override_creds(dentry->d_sb); 1292 1180 /* Positive upper -> have to look up lower to see whether it exists */ 1293 - for (i = 0; !done && !positive && i < poe->numlower; i++) { 1181 + for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) { 1294 1182 struct dentry *this; 1295 - struct dentry *lowerdir = poe->lowerstack[i].dentry; 1183 + struct ovl_path *parentpath = &ovl_lowerstack(poe)[i]; 1296 1184 1297 - this = lookup_one_positive_unlocked(mnt_idmap(poe->lowerstack[i].layer->mnt), 1298 - name->name, lowerdir, name->len); 1185 + this = lookup_one_positive_unlocked( 1186 + mnt_idmap(parentpath->layer->mnt), 1187 + name->name, parentpath->dentry, name->len); 1299 1188 if (IS_ERR(this)) { 1300 1189 switch (PTR_ERR(this)) { 1301 1190 case -ENOENT:

+81 -25

fs/overlayfs/overlayfs.h

··· 58 58 }; 59 59 60 60 enum { 61 + OVL_REDIRECT_OFF, /* "off" mode is never used. In effect */ 62 + OVL_REDIRECT_FOLLOW, /* ...it translates to either "follow" */ 63 + OVL_REDIRECT_NOFOLLOW, /* ...or "nofollow". */ 64 + OVL_REDIRECT_ON, 65 + }; 66 + 67 + enum { 61 68 OVL_XINO_OFF, 62 69 OVL_XINO_AUTO, 63 70 OVL_XINO_ON, 71 + }; 72 + 73 + /* The set of options that user requested explicitly via mount options */ 74 + struct ovl_opt_set { 75 + bool metacopy; 76 + bool redirect; 77 + bool nfs_export; 78 + bool index; 64 79 }; 65 80 66 81 /* ··· 368 353 return ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)); 369 354 } 370 355 371 - static inline bool ovl_allow_offline_changes(struct ovl_fs *ofs) 372 - { 373 - /* 374 - * To avoid regressions in existing setups with overlay lower offline 375 - * changes, we allow lower changes only if none of the new features 376 - * are used. 377 - */ 378 - return (!ofs->config.index && !ofs->config.metacopy && 379 - !ofs->config.redirect_dir && ofs->config.xino != OVL_XINO_ON); 380 - } 381 356 357 + /* params.c */ 358 + #define OVL_MAX_STACK 500 359 + 360 + struct ovl_fs_context_layer { 361 + char *name; 362 + struct path path; 363 + }; 364 + 365 + struct ovl_fs_context { 366 + struct path upper; 367 + struct path work; 368 + size_t capacity; 369 + size_t nr; /* includes nr_data */ 370 + size_t nr_data; 371 + struct ovl_opt_set set; 372 + struct ovl_fs_context_layer *lower; 373 + }; 374 + 375 + int ovl_parse_param_upperdir(const char *name, struct fs_context *fc, 376 + bool workdir); 377 + int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc); 378 + void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx); 382 379 383 380 /* util.c */ 384 381 int ovl_want_write(struct dentry *dentry); ··· 401 374 struct dentry *ovl_indexdir(struct super_block *sb); 402 375 bool ovl_index_all(struct super_block *sb); 403 376 bool ovl_verify_lower(struct super_block *sb); 377 + struct ovl_path *ovl_stack_alloc(unsigned int n); 378 + void ovl_stack_cpy(struct ovl_path *dst, struct ovl_path *src, unsigned int n); 379 + void ovl_stack_put(struct ovl_path *stack, unsigned int n); 380 + void ovl_stack_free(struct ovl_path *stack, unsigned int n); 404 381 struct ovl_entry *ovl_alloc_entry(unsigned int numlower); 382 + void ovl_free_entry(struct ovl_entry *oe); 405 383 bool ovl_dentry_remote(struct dentry *dentry); 406 - void ovl_dentry_update_reval(struct dentry *dentry, struct dentry *upperdentry, 407 - unsigned int mask); 384 + void ovl_dentry_update_reval(struct dentry *dentry, struct dentry *realdentry); 385 + void ovl_dentry_init_reval(struct dentry *dentry, struct dentry *upperdentry, 386 + struct ovl_entry *oe); 387 + void ovl_dentry_init_flags(struct dentry *dentry, struct dentry *upperdentry, 388 + struct ovl_entry *oe, unsigned int mask); 408 389 bool ovl_dentry_weird(struct dentry *dentry); 409 390 enum ovl_path_type ovl_path_type(struct dentry *dentry); 410 391 void ovl_path_upper(struct dentry *dentry, struct path *path); 411 392 void ovl_path_lower(struct dentry *dentry, struct path *path); 412 393 void ovl_path_lowerdata(struct dentry *dentry, struct path *path); 413 - void ovl_i_path_real(struct inode *inode, struct path *path); 394 + struct inode *ovl_i_path_real(struct inode *inode, struct path *path); 414 395 enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path); 415 396 enum ovl_path_type ovl_path_realdata(struct dentry *dentry, struct path *path); 416 397 struct dentry *ovl_dentry_upper(struct dentry *dentry); 417 398 struct dentry *ovl_dentry_lower(struct dentry *dentry); 418 399 struct dentry *ovl_dentry_lowerdata(struct dentry *dentry); 400 + int ovl_dentry_set_lowerdata(struct dentry *dentry, struct ovl_path *datapath); 419 401 const struct ovl_layer *ovl_i_layer_lower(struct inode *inode); 420 402 const struct ovl_layer *ovl_layer_lower(struct dentry *dentry); 421 403 struct dentry *ovl_dentry_real(struct dentry *dentry); ··· 434 398 struct inode *ovl_inode_lowerdata(struct inode *inode); 435 399 struct inode *ovl_inode_real(struct inode *inode); 436 400 struct inode *ovl_inode_realdata(struct inode *inode); 401 + const char *ovl_lowerdata_redirect(struct inode *inode); 437 402 struct ovl_dir_cache *ovl_dir_cache(struct inode *inode); 438 403 void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache); 439 404 void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry); ··· 449 412 bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags); 450 413 bool ovl_has_upperdata(struct inode *inode); 451 414 void ovl_set_upperdata(struct inode *inode); 452 - bool ovl_redirect_dir(struct super_block *sb); 453 415 const char *ovl_dentry_get_redirect(struct dentry *dentry); 454 416 void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect); 455 417 void ovl_inode_update(struct inode *inode, struct dentry *upperdentry); ··· 516 480 return ovl_path_check_dir_xattr(ofs, &upperpath, OVL_XATTR_IMPURE); 517 481 } 518 482 483 + static inline bool ovl_redirect_follow(struct ovl_fs *ofs) 484 + { 485 + return ofs->config.redirect_mode != OVL_REDIRECT_NOFOLLOW; 486 + } 487 + 488 + static inline bool ovl_redirect_dir(struct ovl_fs *ofs) 489 + { 490 + return ofs->config.redirect_mode == OVL_REDIRECT_ON; 491 + } 492 + 519 493 /* 520 494 * With xino=auto, we do best effort to keep all inodes on same st_dev and 521 495 * d_ino consistent with st_ino. 522 496 * With xino=on, we do the same effort but we warn if we failed. 523 497 */ 524 - static inline bool ovl_xino_warn(struct super_block *sb) 498 + static inline bool ovl_xino_warn(struct ovl_fs *ofs) 525 499 { 526 - return OVL_FS(sb)->config.xino == OVL_XINO_ON; 500 + return ofs->config.xino == OVL_XINO_ON; 501 + } 502 + 503 + /* 504 + * To avoid regressions in existing setups with overlay lower offline changes, 505 + * we allow lower changes only if none of the new features are used. 506 + */ 507 + static inline bool ovl_allow_offline_changes(struct ovl_fs *ofs) 508 + { 509 + return (!ofs->config.index && !ofs->config.metacopy && 510 + !ovl_redirect_dir(ofs) && !ovl_xino_warn(ofs)); 527 511 } 528 512 529 513 /* All layers on same fs? */ 530 - static inline bool ovl_same_fs(struct super_block *sb) 514 + static inline bool ovl_same_fs(struct ovl_fs *ofs) 531 515 { 532 - return OVL_FS(sb)->xino_mode == 0; 516 + return ofs->xino_mode == 0; 533 517 } 534 518 535 519 /* All overlay inodes have same st_dev? */ 536 - static inline bool ovl_same_dev(struct super_block *sb) 520 + static inline bool ovl_same_dev(struct ovl_fs *ofs) 537 521 { 538 - return OVL_FS(sb)->xino_mode >= 0; 522 + return ofs->xino_mode >= 0; 539 523 } 540 524 541 - static inline unsigned int ovl_xino_bits(struct super_block *sb) 525 + static inline unsigned int ovl_xino_bits(struct ovl_fs *ofs) 542 526 { 543 - return ovl_same_dev(sb) ? OVL_FS(sb)->xino_mode : 0; 527 + return ovl_same_dev(ofs) ? ofs->xino_mode : 0; 544 528 } 545 529 546 530 static inline void ovl_inode_lock(struct inode *inode) ··· 606 550 struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper, 607 551 struct dentry *origin, bool verify); 608 552 int ovl_path_next(int idx, struct dentry *dentry, struct path *path); 553 + int ovl_maybe_lookup_lowerdata(struct dentry *dentry); 609 554 struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 610 555 unsigned int flags); 611 556 bool ovl_lower_positive(struct dentry *dentry); ··· 703 646 struct ovl_inode_params { 704 647 struct inode *newinode; 705 648 struct dentry *upperdentry; 706 - struct ovl_path *lowerpath; 649 + struct ovl_entry *oe; 707 650 bool index; 708 - unsigned int numlower; 709 651 char *redirect; 710 - struct dentry *lowerdata; 652 + char *lowerdata_redirect; 711 653 }; 712 654 void ovl_inode_init(struct inode *inode, struct ovl_inode_params *oip, 713 655 unsigned long ino, int fsid);

+71 -24

fs/overlayfs/ovl_entry.h

··· 6 6 */ 7 7 8 8 struct ovl_config { 9 - char *lowerdir; 10 9 char *upperdir; 11 10 char *workdir; 12 11 bool default_permissions; 13 - bool redirect_dir; 14 - bool redirect_follow; 15 - const char *redirect_mode; 12 + int redirect_mode; 16 13 bool index; 17 14 bool uuid; 18 15 bool nfs_export; ··· 29 32 }; 30 33 31 34 struct ovl_layer { 35 + /* ovl_free_fs() relies on @mnt being the first member! */ 32 36 struct vfsmount *mnt; 33 37 /* Trap in ovl inode cache */ 34 38 struct inode *trap; ··· 38 40 int idx; 39 41 /* One fsid per unique underlying sb (upper fsid == 0) */ 40 42 int fsid; 43 + char *name; 41 44 }; 45 + 46 + /* 47 + * ovl_free_fs() relies on @mnt being the first member when unmounting 48 + * the private mounts created for each layer. Let's check both the 49 + * offset and type. 50 + */ 51 + static_assert(offsetof(struct ovl_layer, mnt) == 0); 52 + static_assert(__same_type(typeof_member(struct ovl_layer, mnt), struct vfsmount *)); 42 53 43 54 struct ovl_path { 44 55 const struct ovl_layer *layer; 45 56 struct dentry *dentry; 57 + }; 58 + 59 + struct ovl_entry { 60 + unsigned int __numlower; 61 + struct ovl_path __lowerstack[]; 46 62 }; 47 63 48 64 /* private information held for overlayfs's superblock */ ··· 64 52 unsigned int numlayer; 65 53 /* Number of unique fs among layers including upper fs */ 66 54 unsigned int numfs; 55 + /* Number of data-only lower layers */ 56 + unsigned int numdatalayer; 67 57 const struct ovl_layer *layers; 68 58 struct ovl_sb *fs; 69 59 /* workbasedir is the path at workdir= mount option */ ··· 84 70 /* Did we take the inuse lock? */ 85 71 bool upperdir_locked; 86 72 bool workdir_locked; 87 - bool share_whiteout; 88 73 /* Traps in ovl inode cache */ 89 74 struct inode *workbasedir_trap; 90 75 struct inode *workdir_trap; ··· 92 79 int xino_mode; 93 80 /* For allocation of non-persistent inode numbers */ 94 81 atomic_long_t last_ino; 95 - /* Whiteout dentry cache */ 82 + /* Shared whiteout cache */ 96 83 struct dentry *whiteout; 84 + bool no_shared_whiteout; 97 85 /* r/o snapshot of upperdir sb's only taken on volatile mounts */ 98 86 errseq_t errseq; 99 87 }; 88 + 89 + /* Number of lower layers, not including data-only layers */ 90 + static inline unsigned int ovl_numlowerlayer(struct ovl_fs *ofs) 91 + { 92 + return ofs->numlayer - ofs->numdatalayer - 1; 93 + } 100 94 101 95 static inline struct vfsmount *ovl_upper_mnt(struct ovl_fs *ofs) 102 96 { ··· 125 105 return !ofs->config.ovl_volatile; 126 106 } 127 107 128 - /* private information held for every overlayfs dentry */ 129 - struct ovl_entry { 130 - union { 131 - struct { 132 - unsigned long flags; 133 - }; 134 - struct rcu_head rcu; 135 - }; 136 - unsigned numlower; 137 - struct ovl_path lowerstack[]; 138 - }; 139 - 140 - struct ovl_entry *ovl_alloc_entry(unsigned int numlower); 141 - 142 - static inline struct ovl_entry *OVL_E(struct dentry *dentry) 108 + static inline unsigned int ovl_numlower(struct ovl_entry *oe) 143 109 { 144 - return (struct ovl_entry *) dentry->d_fsdata; 110 + return oe ? oe->__numlower : 0; 111 + } 112 + 113 + static inline struct ovl_path *ovl_lowerstack(struct ovl_entry *oe) 114 + { 115 + return ovl_numlower(oe) ? oe->__lowerstack : NULL; 116 + } 117 + 118 + static inline struct ovl_path *ovl_lowerpath(struct ovl_entry *oe) 119 + { 120 + return ovl_lowerstack(oe); 121 + } 122 + 123 + static inline struct ovl_path *ovl_lowerdata(struct ovl_entry *oe) 124 + { 125 + struct ovl_path *lowerstack = ovl_lowerstack(oe); 126 + 127 + return lowerstack ? &lowerstack[oe->__numlower - 1] : NULL; 128 + } 129 + 130 + /* May return NULL if lazy lookup of lowerdata is needed */ 131 + static inline struct dentry *ovl_lowerdata_dentry(struct ovl_entry *oe) 132 + { 133 + struct ovl_path *lowerdata = ovl_lowerdata(oe); 134 + 135 + return lowerdata ? READ_ONCE(lowerdata->dentry) : NULL; 136 + } 137 + 138 + /* private information held for every overlayfs dentry */ 139 + static inline unsigned long *OVL_E_FLAGS(struct dentry *dentry) 140 + { 141 + return (unsigned long *) &dentry->d_fsdata; 145 142 } 146 143 147 144 struct ovl_inode { 148 145 union { 149 146 struct ovl_dir_cache *cache; /* directory */ 150 - struct inode *lowerdata; /* regular file */ 147 + const char *lowerdata_redirect; /* regular file */ 151 148 }; 152 149 const char *redirect; 153 150 u64 version; 154 151 unsigned long flags; 155 152 struct inode vfs_inode; 156 153 struct dentry *__upperdentry; 157 - struct ovl_path lowerpath; 154 + struct ovl_entry *oe; 158 155 159 156 /* synchronize copy up and more */ 160 157 struct mutex lock; ··· 180 143 static inline struct ovl_inode *OVL_I(struct inode *inode) 181 144 { 182 145 return container_of(inode, struct ovl_inode, vfs_inode); 146 + } 147 + 148 + static inline struct ovl_entry *OVL_I_E(struct inode *inode) 149 + { 150 + return inode ? OVL_I(inode)->oe : NULL; 151 + } 152 + 153 + static inline struct ovl_entry *OVL_E(struct dentry *dentry) 154 + { 155 + return OVL_I_E(d_inode(dentry)); 183 156 } 184 157 185 158 static inline struct dentry *ovl_upperdentry_dereference(struct ovl_inode *oi)

+389

fs/overlayfs/params.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + 3 + #include <linux/fs.h> 4 + #include <linux/namei.h> 5 + #include <linux/fs_context.h> 6 + #include <linux/fs_parser.h> 7 + #include <linux/posix_acl_xattr.h> 8 + #include <linux/xattr.h> 9 + #include "overlayfs.h" 10 + 11 + static ssize_t ovl_parse_param_split_lowerdirs(char *str) 12 + { 13 + ssize_t nr_layers = 1, nr_colons = 0; 14 + char *s, *d; 15 + 16 + for (s = d = str;; s++, d++) { 17 + if (*s == '\\') { 18 + s++; 19 + } else if (*s == ':') { 20 + bool next_colon = (*(s + 1) == ':'); 21 + 22 + nr_colons++; 23 + if (nr_colons == 2 && next_colon) { 24 + pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n"); 25 + return -EINVAL; 26 + } 27 + /* count layers, not colons */ 28 + if (!next_colon) 29 + nr_layers++; 30 + 31 + *d = '\0'; 32 + continue; 33 + } 34 + 35 + *d = *s; 36 + if (!*s) { 37 + /* trailing colons */ 38 + if (nr_colons) { 39 + pr_err("unescaped trailing colons in lowerdir mount option.\n"); 40 + return -EINVAL; 41 + } 42 + break; 43 + } 44 + nr_colons = 0; 45 + } 46 + 47 + return nr_layers; 48 + } 49 + 50 + static int ovl_mount_dir_noesc(const char *name, struct path *path) 51 + { 52 + int err = -EINVAL; 53 + 54 + if (!*name) { 55 + pr_err("empty lowerdir\n"); 56 + goto out; 57 + } 58 + err = kern_path(name, LOOKUP_FOLLOW, path); 59 + if (err) { 60 + pr_err("failed to resolve '%s': %i\n", name, err); 61 + goto out; 62 + } 63 + err = -EINVAL; 64 + if (ovl_dentry_weird(path->dentry)) { 65 + pr_err("filesystem on '%s' not supported\n", name); 66 + goto out_put; 67 + } 68 + if (!d_is_dir(path->dentry)) { 69 + pr_err("'%s' not a directory\n", name); 70 + goto out_put; 71 + } 72 + return 0; 73 + 74 + out_put: 75 + path_put_init(path); 76 + out: 77 + return err; 78 + } 79 + 80 + static void ovl_unescape(char *s) 81 + { 82 + char *d = s; 83 + 84 + for (;; s++, d++) { 85 + if (*s == '\\') 86 + s++; 87 + *d = *s; 88 + if (!*s) 89 + break; 90 + } 91 + } 92 + 93 + static int ovl_mount_dir(const char *name, struct path *path) 94 + { 95 + int err = -ENOMEM; 96 + char *tmp = kstrdup(name, GFP_KERNEL); 97 + 98 + if (tmp) { 99 + ovl_unescape(tmp); 100 + err = ovl_mount_dir_noesc(tmp, path); 101 + 102 + if (!err && path->dentry->d_flags & DCACHE_OP_REAL) { 103 + pr_err("filesystem on '%s' not supported as upperdir\n", 104 + tmp); 105 + path_put_init(path); 106 + err = -EINVAL; 107 + } 108 + kfree(tmp); 109 + } 110 + return err; 111 + } 112 + 113 + int ovl_parse_param_upperdir(const char *name, struct fs_context *fc, 114 + bool workdir) 115 + { 116 + int err; 117 + struct ovl_fs *ofs = fc->s_fs_info; 118 + struct ovl_config *config = &ofs->config; 119 + struct ovl_fs_context *ctx = fc->fs_private; 120 + struct path path; 121 + char *dup; 122 + 123 + err = ovl_mount_dir(name, &path); 124 + if (err) 125 + return err; 126 + 127 + /* 128 + * Check whether upper path is read-only here to report failures 129 + * early. Don't forget to recheck when the superblock is created 130 + * as the mount attributes could change. 131 + */ 132 + if (__mnt_is_readonly(path.mnt)) { 133 + path_put(&path); 134 + return -EINVAL; 135 + } 136 + 137 + dup = kstrdup(name, GFP_KERNEL); 138 + if (!dup) { 139 + path_put(&path); 140 + return -ENOMEM; 141 + } 142 + 143 + if (workdir) { 144 + kfree(config->workdir); 145 + config->workdir = dup; 146 + path_put(&ctx->work); 147 + ctx->work = path; 148 + } else { 149 + kfree(config->upperdir); 150 + config->upperdir = dup; 151 + path_put(&ctx->upper); 152 + ctx->upper = path; 153 + } 154 + return 0; 155 + } 156 + 157 + void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx) 158 + { 159 + for (size_t nr = 0; nr < ctx->nr; nr++) { 160 + path_put(&ctx->lower[nr].path); 161 + kfree(ctx->lower[nr].name); 162 + ctx->lower[nr].name = NULL; 163 + } 164 + ctx->nr = 0; 165 + ctx->nr_data = 0; 166 + } 167 + 168 + /* 169 + * Parse lowerdir= mount option: 170 + * 171 + * (1) lowerdir=/lower1:/lower2:/lower3::/data1::/data2 172 + * Set "/lower1", "/lower2", and "/lower3" as lower layers and 173 + * "/data1" and "/data2" as data lower layers. Any existing lower 174 + * layers are replaced. 175 + * (2) lowerdir=:/lower4 176 + * Append "/lower4" to current stack of lower layers. This requires 177 + * that there already is at least one lower layer configured. 178 + * (3) lowerdir=::/lower5 179 + * Append data "/lower5" as data lower layer. This requires that 180 + * there's at least one regular lower layer present. 181 + */ 182 + int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) 183 + { 184 + int err; 185 + struct ovl_fs_context *ctx = fc->fs_private; 186 + struct ovl_fs_context_layer *l; 187 + char *dup = NULL, *dup_iter; 188 + ssize_t nr_lower = 0, nr = 0, nr_data = 0; 189 + bool append = false, data_layer = false; 190 + 191 + /* 192 + * Ensure we're backwards compatible with mount(2) 193 + * by allowing relative paths. 194 + */ 195 + 196 + /* drop all existing lower layers */ 197 + if (!*name) { 198 + ovl_parse_param_drop_lowerdir(ctx); 199 + return 0; 200 + } 201 + 202 + if (strncmp(name, "::", 2) == 0) { 203 + /* 204 + * This is a data layer. 205 + * There must be at least one regular lower layer 206 + * specified. 207 + */ 208 + if (ctx->nr == 0) { 209 + pr_err("data lower layers without regular lower layers not allowed"); 210 + return -EINVAL; 211 + } 212 + 213 + /* Skip the leading "::". */ 214 + name += 2; 215 + data_layer = true; 216 + /* 217 + * A data layer is automatically an append as there 218 + * must've been at least one regular lower layer. 219 + */ 220 + append = true; 221 + } else if (*name == ':') { 222 + /* 223 + * This is a regular lower layer. 224 + * If users want to append a layer enforce that they 225 + * have already specified a first layer before. It's 226 + * better to be strict. 227 + */ 228 + if (ctx->nr == 0) { 229 + pr_err("cannot append layer if no previous layer has been specified"); 230 + return -EINVAL; 231 + } 232 + 233 + /* 234 + * Once a sequence of data layers has started regular 235 + * lower layers are forbidden. 236 + */ 237 + if (ctx->nr_data > 0) { 238 + pr_err("regular lower layers cannot follow data lower layers"); 239 + return -EINVAL; 240 + } 241 + 242 + /* Skip the leading ":". */ 243 + name++; 244 + append = true; 245 + } 246 + 247 + dup = kstrdup(name, GFP_KERNEL); 248 + if (!dup) 249 + return -ENOMEM; 250 + 251 + err = -EINVAL; 252 + nr_lower = ovl_parse_param_split_lowerdirs(dup); 253 + if (nr_lower < 0) 254 + goto out_err; 255 + 256 + if ((nr_lower > OVL_MAX_STACK) || 257 + (append && (size_add(ctx->nr, nr_lower) > OVL_MAX_STACK))) { 258 + pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK); 259 + goto out_err; 260 + } 261 + 262 + if (!append) 263 + ovl_parse_param_drop_lowerdir(ctx); 264 + 265 + /* 266 + * (1) append 267 + * 268 + * We want nr <= nr_lower <= capacity We know nr > 0 and nr <= 269 + * capacity. If nr == 0 this wouldn't be append. If nr + 270 + * nr_lower is <= capacity then nr <= nr_lower <= capacity 271 + * already holds. If nr + nr_lower exceeds capacity, we realloc. 272 + * 273 + * (2) replace 274 + * 275 + * Ensure we're backwards compatible with mount(2) which allows 276 + * "lowerdir=/a:/b:/c,lowerdir=/d:/e:/f" causing the last 277 + * specified lowerdir mount option to win. 278 + * 279 + * We want nr <= nr_lower <= capacity We know either (i) nr == 0 280 + * or (ii) nr > 0. We also know nr_lower > 0. The capacity 281 + * could've been changed multiple times already so we only know 282 + * nr <= capacity. If nr + nr_lower > capacity we realloc, 283 + * otherwise nr <= nr_lower <= capacity holds already. 284 + */ 285 + nr_lower += ctx->nr; 286 + if (nr_lower > ctx->capacity) { 287 + err = -ENOMEM; 288 + l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower), 289 + GFP_KERNEL_ACCOUNT); 290 + if (!l) 291 + goto out_err; 292 + 293 + ctx->lower = l; 294 + ctx->capacity = nr_lower; 295 + } 296 + 297 + /* 298 + * (3) By (1) and (2) we know nr <= nr_lower <= capacity. 299 + * (4) If ctx->nr == 0 => replace 300 + * We have verified above that the lowerdir mount option 301 + * isn't an append, i.e., the lowerdir mount option 302 + * doesn't start with ":" or "::". 303 + * (4.1) The lowerdir mount options only contains regular lower 304 + * layers ":". 305 + * => Nothing to verify. 306 + * (4.2) The lowerdir mount options contains regular ":" and 307 + * data "::" layers. 308 + * => We need to verify that data lower layers "::" aren't 309 + * followed by regular ":" lower layers 310 + * (5) If ctx->nr > 0 => append 311 + * We know that there's at least one regular layer 312 + * otherwise we would've failed when parsing the previous 313 + * lowerdir mount option. 314 + * (5.1) The lowerdir mount option is a regular layer ":" append 315 + * => We need to verify that no data layers have been 316 + * specified before. 317 + * (5.2) The lowerdir mount option is a data layer "::" append 318 + * We know that there's at least one regular layer or 319 + * other data layers. => There's nothing to verify. 320 + */ 321 + dup_iter = dup; 322 + for (nr = ctx->nr; nr < nr_lower; nr++) { 323 + l = &ctx->lower[nr]; 324 + memset(l, 0, sizeof(*l)); 325 + 326 + err = ovl_mount_dir_noesc(dup_iter, &l->path); 327 + if (err) 328 + goto out_put; 329 + 330 + err = -ENOMEM; 331 + l->name = kstrdup(dup_iter, GFP_KERNEL_ACCOUNT); 332 + if (!l->name) 333 + goto out_put; 334 + 335 + if (data_layer) 336 + nr_data++; 337 + 338 + /* Calling strchr() again would overrun. */ 339 + if ((nr + 1) == nr_lower) 340 + break; 341 + 342 + err = -EINVAL; 343 + dup_iter = strchr(dup_iter, '\0') + 1; 344 + if (*dup_iter) { 345 + /* 346 + * This is a regular layer so we require that 347 + * there are no data layers. 348 + */ 349 + if ((ctx->nr_data + nr_data) > 0) { 350 + pr_err("regular lower layers cannot follow data lower layers"); 351 + goto out_put; 352 + } 353 + 354 + data_layer = false; 355 + continue; 356 + } 357 + 358 + /* This is a data lower layer. */ 359 + data_layer = true; 360 + dup_iter++; 361 + } 362 + ctx->nr = nr_lower; 363 + ctx->nr_data += nr_data; 364 + kfree(dup); 365 + return 0; 366 + 367 + out_put: 368 + /* 369 + * We know nr >= ctx->nr < nr_lower. If we failed somewhere 370 + * we want to undo until nr == ctx->nr. This is correct for 371 + * both ctx->nr == 0 and ctx->nr > 0. 372 + */ 373 + for (; nr >= ctx->nr; nr--) { 374 + l = &ctx->lower[nr]; 375 + kfree(l->name); 376 + l->name = NULL; 377 + path_put(&l->path); 378 + 379 + /* don't overflow */ 380 + if (nr == 0) 381 + break; 382 + } 383 + 384 + out_err: 385 + kfree(dup); 386 + 387 + /* Intentionally don't realloc to a smaller size. */ 388 + return err; 389 + }

+11 -8

fs/overlayfs/readdir.c

··· 118 118 return false; 119 119 120 120 /* Always recalc d_ino when remapping lower inode numbers */ 121 - if (ovl_xino_bits(rdd->dentry->d_sb)) 121 + if (ovl_xino_bits(OVL_FS(rdd->dentry->d_sb))) 122 122 return true; 123 123 124 124 /* Always recalc d_ino for parent */ ··· 460 460 461 461 { 462 462 struct dentry *dir = path->dentry; 463 + struct ovl_fs *ofs = OVL_FS(dir->d_sb); 463 464 struct dentry *this = NULL; 464 465 enum ovl_path_type type; 465 466 u64 ino = p->real_ino; 466 - int xinobits = ovl_xino_bits(dir->d_sb); 467 + int xinobits = ovl_xino_bits(ofs); 467 468 int err = 0; 468 469 469 - if (!ovl_same_dev(dir->d_sb)) 470 + if (!ovl_same_dev(ofs)) 470 471 goto out; 471 472 472 473 if (p->name[0] == '.') { ··· 516 515 ino = ovl_remap_lower_ino(ino, xinobits, 517 516 ovl_layer_lower(this)->fsid, 518 517 p->name, p->len, 519 - ovl_xino_warn(dir->d_sb)); 518 + ovl_xino_warn(ofs)); 520 519 } 521 520 522 521 out: ··· 695 694 int err; 696 695 struct ovl_dir_file *od = file->private_data; 697 696 struct dentry *dir = file->f_path.dentry; 697 + struct ovl_fs *ofs = OVL_FS(dir->d_sb); 698 698 const struct ovl_layer *lower_layer = ovl_layer_lower(dir); 699 699 struct ovl_readdir_translate rdt = { 700 700 .ctx.actor = ovl_fill_real, 701 701 .orig_ctx = ctx, 702 - .xinobits = ovl_xino_bits(dir->d_sb), 703 - .xinowarn = ovl_xino_warn(dir->d_sb), 702 + .xinobits = ovl_xino_bits(ofs), 703 + .xinowarn = ovl_xino_warn(ofs), 704 704 }; 705 705 706 706 if (rdt.xinobits && lower_layer) ··· 737 735 { 738 736 struct ovl_dir_file *od = file->private_data; 739 737 struct dentry *dentry = file->f_path.dentry; 738 + struct ovl_fs *ofs = OVL_FS(dentry->d_sb); 740 739 struct ovl_cache_entry *p; 741 740 const struct cred *old_cred; 742 741 int err; ··· 752 749 * dir is impure then need to adjust d_ino for copied up 753 750 * entries. 754 751 */ 755 - if (ovl_xino_bits(dentry->d_sb) || 756 - (ovl_same_fs(dentry->d_sb) && 752 + if (ovl_xino_bits(ofs) || 753 + (ovl_same_fs(ofs) && 757 754 (ovl_is_impure_dir(file) || 758 755 OVL_TYPE_MERGE(ovl_path_type(dentry->d_parent))))) { 759 756 err = ovl_iterate_real(file, ctx);

+415 -492

fs/overlayfs/super.c

··· 16 16 #include <linux/posix_acl_xattr.h> 17 17 #include <linux/exportfs.h> 18 18 #include <linux/file.h> 19 + #include <linux/fs_context.h> 20 + #include <linux/fs_parser.h> 19 21 #include "overlayfs.h" 20 22 21 23 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>"); ··· 26 24 27 25 28 26 struct ovl_dir_cache; 29 - 30 - #define OVL_MAX_STACK 500 31 27 32 28 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR); 33 29 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644); ··· 54 54 MODULE_PARM_DESC(xino_auto, 55 55 "Auto enable xino feature"); 56 56 57 - static void ovl_entry_stack_free(struct ovl_entry *oe) 58 - { 59 - unsigned int i; 60 - 61 - for (i = 0; i < oe->numlower; i++) 62 - dput(oe->lowerstack[i].dentry); 63 - } 64 - 65 57 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); 66 58 module_param_named(metacopy, ovl_metacopy_def, bool, 0644); 67 59 MODULE_PARM_DESC(metacopy, 68 60 "Default to on or off for the metadata only copy up feature"); 69 - 70 - static void ovl_dentry_release(struct dentry *dentry) 71 - { 72 - struct ovl_entry *oe = dentry->d_fsdata; 73 - 74 - if (oe) { 75 - ovl_entry_stack_free(oe); 76 - kfree_rcu(oe, rcu); 77 - } 78 - } 79 61 80 62 static struct dentry *ovl_d_real(struct dentry *dentry, 81 63 const struct inode *inode) ··· 81 99 if (real && !inode && ovl_has_upperdata(d_inode(dentry))) 82 100 return real; 83 101 102 + /* 103 + * Best effort lazy lookup of lowerdata for !inode case to return 104 + * the real lowerdata dentry. The only current caller of d_real() with 105 + * NULL inode is d_real_inode() from trace_uprobe and this caller is 106 + * likely going to be followed reading from the file, before placing 107 + * uprobes on offset within the file, so lowerdata should be available 108 + * when setting the uprobe. 109 + */ 110 + ovl_maybe_lookup_lowerdata(dentry); 84 111 lower = ovl_dentry_lowerdata(dentry); 85 112 if (!lower) 86 113 goto bug; ··· 112 121 { 113 122 int ret = 1; 114 123 124 + if (!d) 125 + return 1; 126 + 115 127 if (weak) { 116 128 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE) 117 129 ret = d->d_op->d_weak_revalidate(d, flags); ··· 132 138 static int ovl_dentry_revalidate_common(struct dentry *dentry, 133 139 unsigned int flags, bool weak) 134 140 { 135 - struct ovl_entry *oe = dentry->d_fsdata; 141 + struct ovl_entry *oe = OVL_E(dentry); 142 + struct ovl_path *lowerstack = ovl_lowerstack(oe); 136 143 struct inode *inode = d_inode_rcu(dentry); 137 144 struct dentry *upper; 138 145 unsigned int i; ··· 147 152 if (upper) 148 153 ret = ovl_revalidate_real(upper, flags, weak); 149 154 150 - for (i = 0; ret > 0 && i < oe->numlower; i++) { 151 - ret = ovl_revalidate_real(oe->lowerstack[i].dentry, flags, 152 - weak); 153 - } 155 + for (i = 0; ret > 0 && i < ovl_numlower(oe); i++) 156 + ret = ovl_revalidate_real(lowerstack[i].dentry, flags, weak); 157 + 154 158 return ret; 155 159 } 156 160 ··· 164 170 } 165 171 166 172 static const struct dentry_operations ovl_dentry_operations = { 167 - .d_release = ovl_dentry_release, 168 173 .d_real = ovl_d_real, 169 174 .d_revalidate = ovl_dentry_revalidate, 170 175 .d_weak_revalidate = ovl_dentry_weak_revalidate, ··· 183 190 oi->version = 0; 184 191 oi->flags = 0; 185 192 oi->__upperdentry = NULL; 186 - oi->lowerpath.dentry = NULL; 187 - oi->lowerpath.layer = NULL; 188 - oi->lowerdata = NULL; 193 + oi->lowerdata_redirect = NULL; 194 + oi->oe = NULL; 189 195 mutex_init(&oi->lock); 190 196 191 197 return &oi->vfs_inode; ··· 204 212 struct ovl_inode *oi = OVL_I(inode); 205 213 206 214 dput(oi->__upperdentry); 207 - dput(oi->lowerpath.dentry); 215 + ovl_free_entry(oi->oe); 208 216 if (S_ISDIR(inode->i_mode)) 209 217 ovl_dir_cache_free(inode); 210 218 else 211 - iput(oi->lowerdata); 219 + kfree(oi->lowerdata_redirect); 212 220 } 213 221 214 222 static void ovl_free_fs(struct ovl_fs *ofs) ··· 233 241 for (i = 0; i < ofs->numlayer; i++) { 234 242 iput(ofs->layers[i].trap); 235 243 mounts[i] = ofs->layers[i].mnt; 244 + kfree(ofs->layers[i].name); 236 245 } 237 246 kern_unmount_array(mounts, ofs->numlayer); 238 247 kfree(ofs->layers); ··· 241 248 free_anon_bdev(ofs->fs[i].pseudo_dev); 242 249 kfree(ofs->fs); 243 250 244 - kfree(ofs->config.lowerdir); 245 251 kfree(ofs->config.upperdir); 246 252 kfree(ofs->config.workdir); 247 - kfree(ofs->config.redirect_mode); 248 253 if (ofs->creator_cred) 249 254 put_cred(ofs->creator_cred); 250 255 kfree(ofs); ··· 252 261 { 253 262 struct ovl_fs *ofs = sb->s_fs_info; 254 263 255 - ovl_free_fs(ofs); 264 + if (ofs) 265 + ovl_free_fs(ofs); 256 266 } 257 267 258 268 /* Sync real dirty inodes in upper filesystem (if it exists) */ ··· 329 337 return (!ovl_upper_mnt(ofs) || !ofs->workdir); 330 338 } 331 339 332 - static const char *ovl_redirect_mode_def(void) 340 + static const struct constant_table ovl_parameter_redirect_dir[] = { 341 + { "off", OVL_REDIRECT_OFF }, 342 + { "follow", OVL_REDIRECT_FOLLOW }, 343 + { "nofollow", OVL_REDIRECT_NOFOLLOW }, 344 + { "on", OVL_REDIRECT_ON }, 345 + {} 346 + }; 347 + 348 + static const char *ovl_redirect_mode(struct ovl_config *config) 333 349 { 334 - return ovl_redirect_dir_def ? "on" : "off"; 350 + return ovl_parameter_redirect_dir[config->redirect_mode].name; 335 351 } 336 352 337 - static const char * const ovl_xino_str[] = { 338 - "off", 339 - "auto", 340 - "on", 353 + static int ovl_redirect_mode_def(void) 354 + { 355 + return ovl_redirect_dir_def ? OVL_REDIRECT_ON : 356 + ovl_redirect_always_follow ? OVL_REDIRECT_FOLLOW : 357 + OVL_REDIRECT_NOFOLLOW; 358 + } 359 + 360 + static const struct constant_table ovl_parameter_xino[] = { 361 + { "off", OVL_XINO_OFF }, 362 + { "auto", OVL_XINO_AUTO }, 363 + { "on", OVL_XINO_ON }, 364 + {} 341 365 }; 366 + 367 + static const char *ovl_xino_mode(struct ovl_config *config) 368 + { 369 + return ovl_parameter_xino[config->xino].name; 370 + } 342 371 343 372 static inline int ovl_xino_def(void) 344 373 { ··· 378 365 { 379 366 struct super_block *sb = dentry->d_sb; 380 367 struct ovl_fs *ofs = sb->s_fs_info; 368 + size_t nr, nr_merged_lower = ofs->numlayer - ofs->numdatalayer; 369 + const struct ovl_layer *data_layers = &ofs->layers[nr_merged_lower]; 381 370 382 - seq_show_option(m, "lowerdir", ofs->config.lowerdir); 371 + /* ofs->layers[0] is the upper layer */ 372 + seq_printf(m, ",lowerdir=%s", ofs->layers[1].name); 373 + /* dump regular lower layers */ 374 + for (nr = 2; nr < nr_merged_lower; nr++) 375 + seq_printf(m, ":%s", ofs->layers[nr].name); 376 + /* dump data lower layers */ 377 + for (nr = 0; nr < ofs->numdatalayer; nr++) 378 + seq_printf(m, "::%s", data_layers[nr].name); 383 379 if (ofs->config.upperdir) { 384 380 seq_show_option(m, "upperdir", ofs->config.upperdir); 385 381 seq_show_option(m, "workdir", ofs->config.workdir); 386 382 } 387 383 if (ofs->config.default_permissions) 388 384 seq_puts(m, ",default_permissions"); 389 - if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0) 390 - seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode); 385 + if (ofs->config.redirect_mode != ovl_redirect_mode_def()) 386 + seq_printf(m, ",redirect_dir=%s", 387 + ovl_redirect_mode(&ofs->config)); 391 388 if (ofs->config.index != ovl_index_def) 392 389 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off"); 393 390 if (!ofs->config.uuid) ··· 405 382 if (ofs->config.nfs_export != ovl_nfs_export_def) 406 383 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ? 407 384 "on" : "off"); 408 - if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(sb)) 409 - seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]); 385 + if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(ofs)) 386 + seq_printf(m, ",xino=%s", ovl_xino_mode(&ofs->config)); 410 387 if (ofs->config.metacopy != ovl_metacopy_def) 411 388 seq_printf(m, ",metacopy=%s", 412 389 ofs->config.metacopy ? "on" : "off"); ··· 417 394 return 0; 418 395 } 419 396 420 - static int ovl_remount(struct super_block *sb, int *flags, char *data) 397 + static int ovl_reconfigure(struct fs_context *fc) 421 398 { 399 + struct super_block *sb = fc->root->d_sb; 422 400 struct ovl_fs *ofs = sb->s_fs_info; 423 401 struct super_block *upper_sb; 424 402 int ret = 0; 425 403 426 - if (!(*flags & SB_RDONLY) && ovl_force_readonly(ofs)) 404 + if (!(fc->sb_flags & SB_RDONLY) && ovl_force_readonly(ofs)) 427 405 return -EROFS; 428 406 429 - if (*flags & SB_RDONLY && !sb_rdonly(sb)) { 407 + if (fc->sb_flags & SB_RDONLY && !sb_rdonly(sb)) { 430 408 upper_sb = ovl_upper_mnt(ofs)->mnt_sb; 431 409 if (ovl_should_sync(ofs)) { 432 410 down_read(&upper_sb->s_umount); ··· 448 424 .sync_fs = ovl_sync_fs, 449 425 .statfs = ovl_statfs, 450 426 .show_options = ovl_show_options, 451 - .remount_fs = ovl_remount, 452 427 }; 453 428 454 429 enum { 455 - OPT_LOWERDIR, 456 - OPT_UPPERDIR, 457 - OPT_WORKDIR, 458 - OPT_DEFAULT_PERMISSIONS, 459 - OPT_REDIRECT_DIR, 460 - OPT_INDEX_ON, 461 - OPT_INDEX_OFF, 462 - OPT_UUID_ON, 463 - OPT_UUID_OFF, 464 - OPT_NFS_EXPORT_ON, 465 - OPT_USERXATTR, 466 - OPT_NFS_EXPORT_OFF, 467 - OPT_XINO_ON, 468 - OPT_XINO_OFF, 469 - OPT_XINO_AUTO, 470 - OPT_METACOPY_ON, 471 - OPT_METACOPY_OFF, 472 - OPT_VOLATILE, 473 - OPT_ERR, 430 + Opt_lowerdir, 431 + Opt_upperdir, 432 + Opt_workdir, 433 + Opt_default_permissions, 434 + Opt_redirect_dir, 435 + Opt_index, 436 + Opt_uuid, 437 + Opt_nfs_export, 438 + Opt_userxattr, 439 + Opt_xino, 440 + Opt_metacopy, 441 + Opt_volatile, 474 442 }; 475 443 476 - static const match_table_t ovl_tokens = { 477 - {OPT_LOWERDIR, "lowerdir=%s"}, 478 - {OPT_UPPERDIR, "upperdir=%s"}, 479 - {OPT_WORKDIR, "workdir=%s"}, 480 - {OPT_DEFAULT_PERMISSIONS, "default_permissions"}, 481 - {OPT_REDIRECT_DIR, "redirect_dir=%s"}, 482 - {OPT_INDEX_ON, "index=on"}, 483 - {OPT_INDEX_OFF, "index=off"}, 484 - {OPT_USERXATTR, "userxattr"}, 485 - {OPT_UUID_ON, "uuid=on"}, 486 - {OPT_UUID_OFF, "uuid=off"}, 487 - {OPT_NFS_EXPORT_ON, "nfs_export=on"}, 488 - {OPT_NFS_EXPORT_OFF, "nfs_export=off"}, 489 - {OPT_XINO_ON, "xino=on"}, 490 - {OPT_XINO_OFF, "xino=off"}, 491 - {OPT_XINO_AUTO, "xino=auto"}, 492 - {OPT_METACOPY_ON, "metacopy=on"}, 493 - {OPT_METACOPY_OFF, "metacopy=off"}, 494 - {OPT_VOLATILE, "volatile"}, 495 - {OPT_ERR, NULL} 444 + static const struct constant_table ovl_parameter_bool[] = { 445 + { "on", true }, 446 + { "off", false }, 447 + {} 496 448 }; 497 449 498 - static char *ovl_next_opt(char **s) 450 + #define fsparam_string_empty(NAME, OPT) \ 451 + __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) 452 + 453 + static const struct fs_parameter_spec ovl_parameter_spec[] = { 454 + fsparam_string_empty("lowerdir", Opt_lowerdir), 455 + fsparam_string("upperdir", Opt_upperdir), 456 + fsparam_string("workdir", Opt_workdir), 457 + fsparam_flag("default_permissions", Opt_default_permissions), 458 + fsparam_enum("redirect_dir", Opt_redirect_dir, ovl_parameter_redirect_dir), 459 + fsparam_enum("index", Opt_index, ovl_parameter_bool), 460 + fsparam_enum("uuid", Opt_uuid, ovl_parameter_bool), 461 + fsparam_enum("nfs_export", Opt_nfs_export, ovl_parameter_bool), 462 + fsparam_flag("userxattr", Opt_userxattr), 463 + fsparam_enum("xino", Opt_xino, ovl_parameter_xino), 464 + fsparam_enum("metacopy", Opt_metacopy, ovl_parameter_bool), 465 + fsparam_flag("volatile", Opt_volatile), 466 + {} 467 + }; 468 + 469 + static int ovl_parse_param(struct fs_context *fc, struct fs_parameter *param) 499 470 { 500 - char *sbegin = *s; 501 - char *p; 471 + int err = 0; 472 + struct fs_parse_result result; 473 + struct ovl_fs *ofs = fc->s_fs_info; 474 + struct ovl_config *config = &ofs->config; 475 + struct ovl_fs_context *ctx = fc->fs_private; 476 + int opt; 502 477 503 - if (sbegin == NULL) 504 - return NULL; 505 - 506 - for (p = sbegin; *p; p++) { 507 - if (*p == '\\') { 508 - p++; 509 - if (!*p) 510 - break; 511 - } else if (*p == ',') { 512 - *p = '\0'; 513 - *s = p + 1; 514 - return sbegin; 515 - } 516 - } 517 - *s = NULL; 518 - return sbegin; 519 - } 520 - 521 - static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode) 522 - { 523 - if (strcmp(mode, "on") == 0) { 524 - config->redirect_dir = true; 478 + if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) { 525 479 /* 526 - * Does not make sense to have redirect creation without 527 - * redirect following. 480 + * On remount overlayfs has always ignored all mount 481 + * options no matter if malformed or not so for 482 + * backwards compatibility we do the same here. 528 483 */ 529 - config->redirect_follow = true; 530 - } else if (strcmp(mode, "follow") == 0) { 531 - config->redirect_follow = true; 532 - } else if (strcmp(mode, "off") == 0) { 533 - if (ovl_redirect_always_follow) 534 - config->redirect_follow = true; 535 - } else if (strcmp(mode, "nofollow") != 0) { 536 - pr_err("bad mount option \"redirect_dir=%s\"\n", 537 - mode); 484 + if (fc->oldapi) 485 + return 0; 486 + 487 + /* 488 + * Give us the freedom to allow changing mount options 489 + * with the new mount api in the future. So instead of 490 + * silently ignoring everything we report a proper 491 + * error. This is only visible for users of the new 492 + * mount api. 493 + */ 494 + return invalfc(fc, "No changes allowed in reconfigure"); 495 + } 496 + 497 + opt = fs_parse(fc, ovl_parameter_spec, param, &result); 498 + if (opt < 0) 499 + return opt; 500 + 501 + switch (opt) { 502 + case Opt_lowerdir: 503 + err = ovl_parse_param_lowerdir(param->string, fc); 504 + break; 505 + case Opt_upperdir: 506 + fallthrough; 507 + case Opt_workdir: 508 + err = ovl_parse_param_upperdir(param->string, fc, 509 + (Opt_workdir == opt)); 510 + break; 511 + case Opt_default_permissions: 512 + config->default_permissions = true; 513 + break; 514 + case Opt_redirect_dir: 515 + config->redirect_mode = result.uint_32; 516 + if (config->redirect_mode == OVL_REDIRECT_OFF) { 517 + config->redirect_mode = ovl_redirect_always_follow ? 518 + OVL_REDIRECT_FOLLOW : 519 + OVL_REDIRECT_NOFOLLOW; 520 + } 521 + ctx->set.redirect = true; 522 + break; 523 + case Opt_index: 524 + config->index = result.uint_32; 525 + ctx->set.index = true; 526 + break; 527 + case Opt_uuid: 528 + config->uuid = result.uint_32; 529 + break; 530 + case Opt_nfs_export: 531 + config->nfs_export = result.uint_32; 532 + ctx->set.nfs_export = true; 533 + break; 534 + case Opt_xino: 535 + config->xino = result.uint_32; 536 + break; 537 + case Opt_metacopy: 538 + config->metacopy = result.uint_32; 539 + ctx->set.metacopy = true; 540 + break; 541 + case Opt_volatile: 542 + config->ovl_volatile = true; 543 + break; 544 + case Opt_userxattr: 545 + config->userxattr = true; 546 + break; 547 + default: 548 + pr_err("unrecognized mount option \"%s\" or missing value\n", 549 + param->key); 538 550 return -EINVAL; 539 551 } 540 552 541 - return 0; 553 + return err; 542 554 } 543 555 544 - static int ovl_parse_opt(char *opt, struct ovl_config *config) 556 + static int ovl_fs_params_verify(const struct ovl_fs_context *ctx, 557 + struct ovl_config *config) 545 558 { 546 - char *p; 547 - int err; 548 - bool metacopy_opt = false, redirect_opt = false; 549 - bool nfs_export_opt = false, index_opt = false; 559 + struct ovl_opt_set set = ctx->set; 550 560 551 - config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL); 552 - if (!config->redirect_mode) 553 - return -ENOMEM; 554 - 555 - while ((p = ovl_next_opt(&opt)) != NULL) { 556 - int token; 557 - substring_t args[MAX_OPT_ARGS]; 558 - 559 - if (!*p) 560 - continue; 561 - 562 - token = match_token(p, ovl_tokens, args); 563 - switch (token) { 564 - case OPT_UPPERDIR: 565 - kfree(config->upperdir); 566 - config->upperdir = match_strdup(&args[0]); 567 - if (!config->upperdir) 568 - return -ENOMEM; 569 - break; 570 - 571 - case OPT_LOWERDIR: 572 - kfree(config->lowerdir); 573 - config->lowerdir = match_strdup(&args[0]); 574 - if (!config->lowerdir) 575 - return -ENOMEM; 576 - break; 577 - 578 - case OPT_WORKDIR: 579 - kfree(config->workdir); 580 - config->workdir = match_strdup(&args[0]); 581 - if (!config->workdir) 582 - return -ENOMEM; 583 - break; 584 - 585 - case OPT_DEFAULT_PERMISSIONS: 586 - config->default_permissions = true; 587 - break; 588 - 589 - case OPT_REDIRECT_DIR: 590 - kfree(config->redirect_mode); 591 - config->redirect_mode = match_strdup(&args[0]); 592 - if (!config->redirect_mode) 593 - return -ENOMEM; 594 - redirect_opt = true; 595 - break; 596 - 597 - case OPT_INDEX_ON: 598 - config->index = true; 599 - index_opt = true; 600 - break; 601 - 602 - case OPT_INDEX_OFF: 603 - config->index = false; 604 - index_opt = true; 605 - break; 606 - 607 - case OPT_UUID_ON: 608 - config->uuid = true; 609 - break; 610 - 611 - case OPT_UUID_OFF: 612 - config->uuid = false; 613 - break; 614 - 615 - case OPT_NFS_EXPORT_ON: 616 - config->nfs_export = true; 617 - nfs_export_opt = true; 618 - break; 619 - 620 - case OPT_NFS_EXPORT_OFF: 621 - config->nfs_export = false; 622 - nfs_export_opt = true; 623 - break; 624 - 625 - case OPT_XINO_ON: 626 - config->xino = OVL_XINO_ON; 627 - break; 628 - 629 - case OPT_XINO_OFF: 630 - config->xino = OVL_XINO_OFF; 631 - break; 632 - 633 - case OPT_XINO_AUTO: 634 - config->xino = OVL_XINO_AUTO; 635 - break; 636 - 637 - case OPT_METACOPY_ON: 638 - config->metacopy = true; 639 - metacopy_opt = true; 640 - break; 641 - 642 - case OPT_METACOPY_OFF: 643 - config->metacopy = false; 644 - metacopy_opt = true; 645 - break; 646 - 647 - case OPT_VOLATILE: 648 - config->ovl_volatile = true; 649 - break; 650 - 651 - case OPT_USERXATTR: 652 - config->userxattr = true; 653 - break; 654 - 655 - default: 656 - pr_err("unrecognized mount option \"%s\" or missing value\n", 657 - p); 658 - return -EINVAL; 659 - } 561 + if (ctx->nr_data > 0 && !config->metacopy) { 562 + pr_err("lower data-only dirs require metacopy support.\n"); 563 + return -EINVAL; 660 564 } 661 565 662 566 /* Workdir/index are useless in non-upper mount */ ··· 595 643 kfree(config->workdir); 596 644 config->workdir = NULL; 597 645 } 598 - if (config->index && index_opt) { 646 + if (config->index && set.index) { 599 647 pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n"); 600 - index_opt = false; 648 + set.index = false; 601 649 } 602 650 config->index = false; 603 651 } ··· 607 655 config->ovl_volatile = false; 608 656 } 609 657 610 - err = ovl_parse_redirect_mode(config, config->redirect_mode); 611 - if (err) 612 - return err; 613 - 614 658 /* 615 659 * This is to make the logic below simpler. It doesn't make any other 616 - * difference, since config->redirect_dir is only used for upper. 660 + * difference, since redirect_dir=on is only used for upper. 617 661 */ 618 - if (!config->upperdir && config->redirect_follow) 619 - config->redirect_dir = true; 662 + if (!config->upperdir && config->redirect_mode == OVL_REDIRECT_FOLLOW) 663 + config->redirect_mode = OVL_REDIRECT_ON; 620 664 621 665 /* Resolve metacopy -> redirect_dir dependency */ 622 - if (config->metacopy && !config->redirect_dir) { 623 - if (metacopy_opt && redirect_opt) { 666 + if (config->metacopy && config->redirect_mode != OVL_REDIRECT_ON) { 667 + if (set.metacopy && set.redirect) { 624 668 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n", 625 - config->redirect_mode); 669 + ovl_redirect_mode(config)); 626 670 return -EINVAL; 627 671 } 628 - if (redirect_opt) { 672 + if (set.redirect) { 629 673 /* 630 674 * There was an explicit redirect_dir=... that resulted 631 675 * in this conflict. 632 676 */ 633 677 pr_info("disabling metacopy due to redirect_dir=%s\n", 634 - config->redirect_mode); 678 + ovl_redirect_mode(config)); 635 679 config->metacopy = false; 636 680 } else { 637 681 /* Automatically enable redirect otherwise. */ 638 - config->redirect_follow = config->redirect_dir = true; 682 + config->redirect_mode = OVL_REDIRECT_ON; 639 683 } 640 684 } 641 685 642 686 /* Resolve nfs_export -> index dependency */ 643 687 if (config->nfs_export && !config->index) { 644 - if (!config->upperdir && config->redirect_follow) { 688 + if (!config->upperdir && 689 + config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 645 690 pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); 646 691 config->nfs_export = false; 647 - } else if (nfs_export_opt && index_opt) { 692 + } else if (set.nfs_export && set.index) { 648 693 pr_err("conflicting options: nfs_export=on,index=off\n"); 649 694 return -EINVAL; 650 - } else if (index_opt) { 695 + } else if (set.index) { 651 696 /* 652 697 * There was an explicit index=off that resulted 653 698 * in this conflict. ··· 659 710 660 711 /* Resolve nfs_export -> !metacopy dependency */ 661 712 if (config->nfs_export && config->metacopy) { 662 - if (nfs_export_opt && metacopy_opt) { 713 + if (set.nfs_export && set.metacopy) { 663 714 pr_err("conflicting options: nfs_export=on,metacopy=on\n"); 664 715 return -EINVAL; 665 716 } 666 - if (metacopy_opt) { 717 + if (set.metacopy) { 667 718 /* 668 719 * There was an explicit metacopy=on that resulted 669 720 * in this conflict. ··· 683 734 684 735 /* Resolve userxattr -> !redirect && !metacopy dependency */ 685 736 if (config->userxattr) { 686 - if (config->redirect_follow && redirect_opt) { 737 + if (set.redirect && 738 + config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { 687 739 pr_err("conflicting options: userxattr,redirect_dir=%s\n", 688 - config->redirect_mode); 740 + ovl_redirect_mode(config)); 689 741 return -EINVAL; 690 742 } 691 - if (config->metacopy && metacopy_opt) { 743 + if (config->metacopy && set.metacopy) { 692 744 pr_err("conflicting options: userxattr,metacopy=on\n"); 693 745 return -EINVAL; 694 746 } ··· 699 749 * options must be explicitly enabled if used together with 700 750 * userxattr. 701 751 */ 702 - config->redirect_dir = config->redirect_follow = false; 752 + config->redirect_mode = OVL_REDIRECT_NOFOLLOW; 703 753 config->metacopy = false; 704 754 } 705 755 ··· 799 849 goto out_unlock; 800 850 } 801 851 802 - static void ovl_unescape(char *s) 803 - { 804 - char *d = s; 805 - 806 - for (;; s++, d++) { 807 - if (*s == '\\') 808 - s++; 809 - *d = *s; 810 - if (!*s) 811 - break; 812 - } 813 - } 814 - 815 - static int ovl_mount_dir_noesc(const char *name, struct path *path) 816 - { 817 - int err = -EINVAL; 818 - 819 - if (!*name) { 820 - pr_err("empty lowerdir\n"); 821 - goto out; 822 - } 823 - err = kern_path(name, LOOKUP_FOLLOW, path); 824 - if (err) { 825 - pr_err("failed to resolve '%s': %i\n", name, err); 826 - goto out; 827 - } 828 - err = -EINVAL; 829 - if (ovl_dentry_weird(path->dentry)) { 830 - pr_err("filesystem on '%s' not supported\n", name); 831 - goto out_put; 832 - } 833 - if (!d_is_dir(path->dentry)) { 834 - pr_err("'%s' not a directory\n", name); 835 - goto out_put; 836 - } 837 - return 0; 838 - 839 - out_put: 840 - path_put_init(path); 841 - out: 842 - return err; 843 - } 844 - 845 - static int ovl_mount_dir(const char *name, struct path *path) 846 - { 847 - int err = -ENOMEM; 848 - char *tmp = kstrdup(name, GFP_KERNEL); 849 - 850 - if (tmp) { 851 - ovl_unescape(tmp); 852 - err = ovl_mount_dir_noesc(tmp, path); 853 - 854 - if (!err && path->dentry->d_flags & DCACHE_OP_REAL) { 855 - pr_err("filesystem on '%s' not supported as upperdir\n", 856 - tmp); 857 - path_put_init(path); 858 - err = -EINVAL; 859 - } 860 - kfree(tmp); 861 - } 862 - return err; 863 - } 864 - 865 852 static int ovl_check_namelen(const struct path *path, struct ovl_fs *ofs, 866 853 const char *name) 867 854 { ··· 818 931 { 819 932 int fh_type; 820 933 int err; 821 - 822 - err = ovl_mount_dir_noesc(name, path); 823 - if (err) 824 - return err; 825 934 826 935 err = ovl_check_namelen(path, ofs, name); 827 936 if (err) ··· 865 982 unlock_rename(workdir, upperdir); 866 983 } 867 984 return ok; 868 - } 869 - 870 - static unsigned int ovl_split_lowerdirs(char *str) 871 - { 872 - unsigned int ctr = 1; 873 - char *s, *d; 874 - 875 - for (s = d = str;; s++, d++) { 876 - if (*s == '\\') { 877 - s++; 878 - } else if (*s == ':') { 879 - *d = '\0'; 880 - ctr++; 881 - continue; 882 - } 883 - *d = *s; 884 - if (!*s) 885 - break; 886 - } 887 - return ctr; 888 985 } 889 986 890 987 static int ovl_own_xattr_get(const struct xattr_handler *handler, ··· 967 1104 } 968 1105 969 1106 static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs, 970 - struct ovl_layer *upper_layer, struct path *upperpath) 1107 + struct ovl_layer *upper_layer, 1108 + const struct path *upperpath) 971 1109 { 972 1110 struct vfsmount *upper_mnt; 973 1111 int err; 974 - 975 - err = ovl_mount_dir(ofs->config.upperdir, upperpath); 976 - if (err) 977 - goto out; 978 1112 979 1113 /* Upperdir path should not be r/o */ 980 1114 if (__mnt_is_readonly(upperpath->mnt)) { ··· 1001 1141 upper_layer->mnt = upper_mnt; 1002 1142 upper_layer->idx = 0; 1003 1143 upper_layer->fsid = 0; 1144 + 1145 + err = -ENOMEM; 1146 + upper_layer->name = kstrdup(ofs->config.upperdir, GFP_KERNEL); 1147 + if (!upper_layer->name) 1148 + goto out; 1004 1149 1005 1150 /* 1006 1151 * Inherit SB_NOSEC flag from upperdir. ··· 1198 1333 if (err) { 1199 1334 pr_warn("failed to set xattr on upper\n"); 1200 1335 ofs->noxattr = true; 1201 - if (ofs->config.index || ofs->config.metacopy) { 1202 - ofs->config.index = false; 1336 + if (ovl_redirect_follow(ofs)) { 1337 + ofs->config.redirect_mode = OVL_REDIRECT_NOFOLLOW; 1338 + pr_warn("...falling back to redirect_dir=nofollow.\n"); 1339 + } 1340 + if (ofs->config.metacopy) { 1203 1341 ofs->config.metacopy = false; 1204 - pr_warn("...falling back to index=off,metacopy=off.\n"); 1342 + pr_warn("...falling back to metacopy=off.\n"); 1343 + } 1344 + if (ofs->config.index) { 1345 + ofs->config.index = false; 1346 + pr_warn("...falling back to index=off.\n"); 1205 1347 } 1206 1348 /* 1207 1349 * xattr support is required for persistent st_ino. ··· 1271 1399 } 1272 1400 1273 1401 static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs, 1274 - const struct path *upperpath) 1402 + const struct path *upperpath, 1403 + const struct path *workpath) 1275 1404 { 1276 1405 int err; 1277 - struct path workpath = { }; 1278 - 1279 - err = ovl_mount_dir(ofs->config.workdir, &workpath); 1280 - if (err) 1281 - goto out; 1282 1406 1283 1407 err = -EINVAL; 1284 - if (upperpath->mnt != workpath.mnt) { 1408 + if (upperpath->mnt != workpath->mnt) { 1285 1409 pr_err("workdir and upperdir must reside under the same mount\n"); 1286 - goto out; 1410 + return err; 1287 1411 } 1288 - if (!ovl_workdir_ok(workpath.dentry, upperpath->dentry)) { 1412 + if (!ovl_workdir_ok(workpath->dentry, upperpath->dentry)) { 1289 1413 pr_err("workdir and upperdir must be separate subtrees\n"); 1290 - goto out; 1414 + return err; 1291 1415 } 1292 1416 1293 - ofs->workbasedir = dget(workpath.dentry); 1417 + ofs->workbasedir = dget(workpath->dentry); 1294 1418 1295 1419 if (ovl_inuse_trylock(ofs->workbasedir)) { 1296 1420 ofs->workdir_locked = true; 1297 1421 } else { 1298 1422 err = ovl_report_in_use(ofs, "workdir"); 1299 1423 if (err) 1300 - goto out; 1424 + return err; 1301 1425 } 1302 1426 1303 1427 err = ovl_setup_trap(sb, ofs->workbasedir, &ofs->workbasedir_trap, 1304 1428 "workdir"); 1305 1429 if (err) 1306 - goto out; 1430 + return err; 1307 1431 1308 - err = ovl_make_workdir(sb, ofs, &workpath); 1309 - 1310 - out: 1311 - path_put(&workpath); 1312 - 1313 - return err; 1432 + return ovl_make_workdir(sb, ofs, workpath); 1314 1433 } 1315 1434 1316 1435 static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs, ··· 1317 1454 1318 1455 /* Verify lower root is upper root origin */ 1319 1456 err = ovl_verify_origin(ofs, upperpath->dentry, 1320 - oe->lowerstack[0].dentry, true); 1457 + ovl_lowerstack(oe)->dentry, true); 1321 1458 if (err) { 1322 1459 pr_err("failed to verify upper root origin\n"); 1323 1460 goto out; ··· 1437 1574 pr_warn("%s uuid detected in lower fs '%pd2', falling back to xino=%s,index=off,nfs_export=off.\n", 1438 1575 uuid_is_null(&sb->s_uuid) ? "null" : 1439 1576 "conflicting", 1440 - path->dentry, ovl_xino_str[ofs->config.xino]); 1577 + path->dentry, ovl_xino_mode(&ofs->config)); 1441 1578 } 1442 1579 } 1443 1580 ··· 1454 1591 return ofs->numfs++; 1455 1592 } 1456 1593 1594 + /* 1595 + * The fsid after the last lower fsid is used for the data layers. 1596 + * It is a "null fs" with a null sb, null uuid, and no pseudo dev. 1597 + */ 1598 + static int ovl_get_data_fsid(struct ovl_fs *ofs) 1599 + { 1600 + return ofs->numfs; 1601 + } 1602 + 1603 + 1457 1604 static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs, 1458 - struct path *stack, unsigned int numlower, 1459 - struct ovl_layer *layers) 1605 + struct ovl_fs_context *ctx, struct ovl_layer *layers) 1460 1606 { 1461 1607 int err; 1462 1608 unsigned int i; 1609 + size_t nr_merged_lower; 1463 1610 1464 - err = -ENOMEM; 1465 - ofs->fs = kcalloc(numlower + 1, sizeof(struct ovl_sb), GFP_KERNEL); 1611 + ofs->fs = kcalloc(ctx->nr + 2, sizeof(struct ovl_sb), GFP_KERNEL); 1466 1612 if (ofs->fs == NULL) 1467 - goto out; 1613 + return -ENOMEM; 1468 1614 1469 - /* idx/fsid 0 are reserved for upper fs even with lower only overlay */ 1615 + /* 1616 + * idx/fsid 0 are reserved for upper fs even with lower only overlay 1617 + * and the last fsid is reserved for "null fs" of the data layers. 1618 + */ 1470 1619 ofs->numfs++; 1471 1620 1472 1621 /* ··· 1490 1615 err = get_anon_bdev(&ofs->fs[0].pseudo_dev); 1491 1616 if (err) { 1492 1617 pr_err("failed to get anonymous bdev for upper fs\n"); 1493 - goto out; 1618 + return err; 1494 1619 } 1495 1620 1496 1621 if (ovl_upper_mnt(ofs)) { ··· 1498 1623 ofs->fs[0].is_lower = false; 1499 1624 } 1500 1625 1501 - for (i = 0; i < numlower; i++) { 1626 + nr_merged_lower = ctx->nr - ctx->nr_data; 1627 + for (i = 0; i < ctx->nr; i++) { 1628 + struct ovl_fs_context_layer *l = &ctx->lower[i]; 1502 1629 struct vfsmount *mnt; 1503 1630 struct inode *trap; 1504 1631 int fsid; 1505 1632 1506 - err = fsid = ovl_get_fsid(ofs, &stack[i]); 1507 - if (err < 0) 1508 - goto out; 1633 + if (i < nr_merged_lower) 1634 + fsid = ovl_get_fsid(ofs, &l->path); 1635 + else 1636 + fsid = ovl_get_data_fsid(ofs); 1637 + if (fsid < 0) 1638 + return fsid; 1509 1639 1510 1640 /* 1511 1641 * Check if lower root conflicts with this overlay layers before ··· 1519 1639 * the upperdir/workdir is in fact in-use by our 1520 1640 * upperdir/workdir. 1521 1641 */ 1522 - err = ovl_setup_trap(sb, stack[i].dentry, &trap, "lowerdir"); 1642 + err = ovl_setup_trap(sb, l->path.dentry, &trap, "lowerdir"); 1523 1643 if (err) 1524 - goto out; 1644 + return err; 1525 1645 1526 - if (ovl_is_inuse(stack[i].dentry)) { 1646 + if (ovl_is_inuse(l->path.dentry)) { 1527 1647 err = ovl_report_in_use(ofs, "lowerdir"); 1528 1648 if (err) { 1529 1649 iput(trap); 1530 - goto out; 1650 + return err; 1531 1651 } 1532 1652 } 1533 1653 1534 - mnt = clone_private_mount(&stack[i]); 1654 + mnt = clone_private_mount(&l->path); 1535 1655 err = PTR_ERR(mnt); 1536 1656 if (IS_ERR(mnt)) { 1537 1657 pr_err("failed to clone lowerpath\n"); 1538 1658 iput(trap); 1539 - goto out; 1659 + return err; 1540 1660 } 1541 1661 1542 1662 /* ··· 1550 1670 layers[ofs->numlayer].idx = ofs->numlayer; 1551 1671 layers[ofs->numlayer].fsid = fsid; 1552 1672 layers[ofs->numlayer].fs = &ofs->fs[fsid]; 1673 + layers[ofs->numlayer].name = l->name; 1674 + l->name = NULL; 1553 1675 ofs->numlayer++; 1554 1676 ofs->fs[fsid].is_lower = true; 1555 1677 } ··· 1588 1706 ofs->xino_mode); 1589 1707 } 1590 1708 1591 - err = 0; 1592 - out: 1593 - return err; 1709 + return 0; 1594 1710 } 1595 1711 1596 1712 static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, 1597 - const char *lower, unsigned int numlower, 1598 - struct ovl_fs *ofs, struct ovl_layer *layers) 1713 + struct ovl_fs_context *ctx, 1714 + struct ovl_fs *ofs, 1715 + struct ovl_layer *layers) 1599 1716 { 1600 1717 int err; 1601 - struct path *stack = NULL; 1602 1718 unsigned int i; 1719 + size_t nr_merged_lower; 1603 1720 struct ovl_entry *oe; 1721 + struct ovl_path *lowerstack; 1604 1722 1605 - if (!ofs->config.upperdir && numlower == 1) { 1723 + struct ovl_fs_context_layer *l; 1724 + 1725 + if (!ofs->config.upperdir && ctx->nr == 1) { 1606 1726 pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n"); 1607 1727 return ERR_PTR(-EINVAL); 1608 1728 } 1609 1729 1610 - stack = kcalloc(numlower, sizeof(struct path), GFP_KERNEL); 1611 - if (!stack) 1612 - return ERR_PTR(-ENOMEM); 1613 - 1614 1730 err = -EINVAL; 1615 - for (i = 0; i < numlower; i++) { 1616 - err = ovl_lower_dir(lower, &stack[i], ofs, &sb->s_stack_depth); 1617 - if (err) 1618 - goto out_err; 1731 + for (i = 0; i < ctx->nr; i++) { 1732 + l = &ctx->lower[i]; 1619 1733 1620 - lower = strchr(lower, '\0') + 1; 1734 + err = ovl_lower_dir(l->name, &l->path, ofs, &sb->s_stack_depth); 1735 + if (err) 1736 + return ERR_PTR(err); 1621 1737 } 1622 1738 1623 1739 err = -EINVAL; 1624 1740 sb->s_stack_depth++; 1625 1741 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) { 1626 1742 pr_err("maximum fs stacking depth exceeded\n"); 1627 - goto out_err; 1743 + return ERR_PTR(err); 1628 1744 } 1629 1745 1630 - err = ovl_get_layers(sb, ofs, stack, numlower, layers); 1746 + err = ovl_get_layers(sb, ofs, ctx, layers); 1631 1747 if (err) 1632 - goto out_err; 1748 + return ERR_PTR(err); 1633 1749 1634 1750 err = -ENOMEM; 1635 - oe = ovl_alloc_entry(numlower); 1751 + /* Data-only layers are not merged in root directory */ 1752 + nr_merged_lower = ctx->nr - ctx->nr_data; 1753 + oe = ovl_alloc_entry(nr_merged_lower); 1636 1754 if (!oe) 1637 - goto out_err; 1755 + return ERR_PTR(err); 1638 1756 1639 - for (i = 0; i < numlower; i++) { 1640 - oe->lowerstack[i].dentry = dget(stack[i].dentry); 1641 - oe->lowerstack[i].layer = &ofs->layers[i+1]; 1757 + lowerstack = ovl_lowerstack(oe); 1758 + for (i = 0; i < nr_merged_lower; i++) { 1759 + l = &ctx->lower[i]; 1760 + lowerstack[i].dentry = dget(l->path.dentry); 1761 + lowerstack[i].layer = &ofs->layers[i + 1]; 1642 1762 } 1643 - 1644 - out: 1645 - for (i = 0; i < numlower; i++) 1646 - path_put(&stack[i]); 1647 - kfree(stack); 1763 + ofs->numdatalayer = ctx->nr_data; 1648 1764 1649 1765 return oe; 1650 - 1651 - out_err: 1652 - oe = ERR_PTR(err); 1653 - goto out; 1654 1766 } 1655 1767 1656 1768 /* ··· 1725 1849 struct ovl_entry *oe) 1726 1850 { 1727 1851 struct dentry *root; 1728 - struct ovl_path *lowerpath = &oe->lowerstack[0]; 1852 + struct ovl_path *lowerpath = ovl_lowerstack(oe); 1729 1853 unsigned long ino = d_inode(lowerpath->dentry)->i_ino; 1730 1854 int fsid = lowerpath->layer->fsid; 1731 1855 struct ovl_inode_params oip = { 1732 1856 .upperdentry = upperdentry, 1733 - .lowerpath = lowerpath, 1857 + .oe = oe, 1734 1858 }; 1735 1859 1736 1860 root = d_make_root(ovl_new_inode(sb, S_IFDIR, 0)); 1737 1861 if (!root) 1738 1862 return NULL; 1739 - 1740 - root->d_fsdata = oe; 1741 1863 1742 1864 if (upperdentry) { 1743 1865 /* Root inode uses upper st_ino/i_ino */ ··· 1751 1877 ovl_dentry_set_flag(OVL_E_CONNECTED, root); 1752 1878 ovl_set_upperdata(d_inode(root)); 1753 1879 ovl_inode_init(d_inode(root), &oip, ino, fsid); 1754 - ovl_dentry_update_reval(root, upperdentry, DCACHE_OP_WEAK_REVALIDATE); 1880 + ovl_dentry_init_flags(root, upperdentry, oe, DCACHE_OP_WEAK_REVALIDATE); 1881 + /* root keeps a reference of upperdentry */ 1882 + dget(upperdentry); 1755 1883 1756 1884 return root; 1757 1885 } 1758 1886 1759 - static int ovl_fill_super(struct super_block *sb, void *data, int silent) 1887 + static int ovl_fill_super(struct super_block *sb, struct fs_context *fc) 1760 1888 { 1761 - struct path upperpath = { }; 1889 + struct ovl_fs *ofs = sb->s_fs_info; 1890 + struct ovl_fs_context *ctx = fc->fs_private; 1762 1891 struct dentry *root_dentry; 1763 1892 struct ovl_entry *oe; 1764 - struct ovl_fs *ofs; 1765 1893 struct ovl_layer *layers; 1766 1894 struct cred *cred; 1767 - char *splitlower = NULL; 1768 - unsigned int numlower; 1769 1895 int err; 1770 1896 1771 1897 err = -EIO; 1772 - if (WARN_ON(sb->s_user_ns != current_user_ns())) 1773 - goto out; 1898 + if (WARN_ON(fc->user_ns != current_user_ns())) 1899 + goto out_err; 1774 1900 1775 1901 sb->s_d_op = &ovl_dentry_operations; 1776 - 1777 - err = -ENOMEM; 1778 - ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 1779 - if (!ofs) 1780 - goto out; 1781 1902 1782 1903 err = -ENOMEM; 1783 1904 ofs->creator_cred = cred = prepare_creds(); 1784 1905 if (!cred) 1785 1906 goto out_err; 1786 1907 1787 - /* Is there a reason anyone would want not to share whiteouts? */ 1788 - ofs->share_whiteout = true; 1789 - 1790 - ofs->config.index = ovl_index_def; 1791 - ofs->config.uuid = true; 1792 - ofs->config.nfs_export = ovl_nfs_export_def; 1793 - ofs->config.xino = ovl_xino_def(); 1794 - ofs->config.metacopy = ovl_metacopy_def; 1795 - err = ovl_parse_opt((char *) data, &ofs->config); 1908 + err = ovl_fs_params_verify(ctx, &ofs->config); 1796 1909 if (err) 1797 1910 goto out_err; 1798 1911 1799 1912 err = -EINVAL; 1800 - if (!ofs->config.lowerdir) { 1801 - if (!silent) 1913 + if (ctx->nr == 0) { 1914 + if (!(fc->sb_flags & SB_SILENT)) 1802 1915 pr_err("missing 'lowerdir'\n"); 1803 1916 goto out_err; 1804 1917 } 1805 1918 1806 1919 err = -ENOMEM; 1807 - splitlower = kstrdup(ofs->config.lowerdir, GFP_KERNEL); 1808 - if (!splitlower) 1809 - goto out_err; 1810 - 1811 - err = -EINVAL; 1812 - numlower = ovl_split_lowerdirs(splitlower); 1813 - if (numlower > OVL_MAX_STACK) { 1814 - pr_err("too many lower directories, limit is %d\n", 1815 - OVL_MAX_STACK); 1816 - goto out_err; 1817 - } 1818 - 1819 - err = -ENOMEM; 1820 - layers = kcalloc(numlower + 1, sizeof(struct ovl_layer), GFP_KERNEL); 1920 + layers = kcalloc(ctx->nr + 1, sizeof(struct ovl_layer), GFP_KERNEL); 1821 1921 if (!layers) 1822 1922 goto out_err; 1823 1923 ··· 1823 1975 goto out_err; 1824 1976 } 1825 1977 1826 - err = ovl_get_upper(sb, ofs, &layers[0], &upperpath); 1978 + err = ovl_get_upper(sb, ofs, &layers[0], &ctx->upper); 1827 1979 if (err) 1828 1980 goto out_err; 1829 1981 ··· 1837 1989 } 1838 1990 } 1839 1991 1840 - err = ovl_get_workdir(sb, ofs, &upperpath); 1992 + err = ovl_get_workdir(sb, ofs, &ctx->upper, &ctx->work); 1841 1993 if (err) 1842 1994 goto out_err; 1843 1995 ··· 1847 1999 sb->s_stack_depth = upper_sb->s_stack_depth; 1848 2000 sb->s_time_gran = upper_sb->s_time_gran; 1849 2001 } 1850 - oe = ovl_get_lowerstack(sb, splitlower, numlower, ofs, layers); 2002 + oe = ovl_get_lowerstack(sb, ctx, ofs, layers); 1851 2003 err = PTR_ERR(oe); 1852 2004 if (IS_ERR(oe)) 1853 2005 goto out_err; ··· 1862 2014 } 1863 2015 1864 2016 if (!ovl_force_readonly(ofs) && ofs->config.index) { 1865 - err = ovl_get_indexdir(sb, ofs, oe, &upperpath); 2017 + err = ovl_get_indexdir(sb, ofs, oe, &ctx->upper); 1866 2018 if (err) 1867 2019 goto out_free_oe; 1868 2020 ··· 1903 2055 sb->s_iflags |= SB_I_SKIP_SYNC; 1904 2056 1905 2057 err = -ENOMEM; 1906 - root_dentry = ovl_get_root(sb, upperpath.dentry, oe); 2058 + root_dentry = ovl_get_root(sb, ctx->upper.dentry, oe); 1907 2059 if (!root_dentry) 1908 2060 goto out_free_oe; 1909 - 1910 - mntput(upperpath.mnt); 1911 - kfree(splitlower); 1912 2061 1913 2062 sb->s_root = root_dentry; 1914 2063 1915 2064 return 0; 1916 2065 1917 2066 out_free_oe: 1918 - ovl_entry_stack_free(oe); 1919 - kfree(oe); 2067 + ovl_free_entry(oe); 1920 2068 out_err: 1921 - kfree(splitlower); 1922 - path_put(&upperpath); 1923 2069 ovl_free_fs(ofs); 1924 - out: 2070 + sb->s_fs_info = NULL; 1925 2071 return err; 1926 2072 } 1927 2073 1928 - static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags, 1929 - const char *dev_name, void *raw_data) 2074 + static int ovl_get_tree(struct fs_context *fc) 1930 2075 { 1931 - return mount_nodev(fs_type, flags, raw_data, ovl_fill_super); 2076 + return get_tree_nodev(fc, ovl_fill_super); 2077 + } 2078 + 2079 + static inline void ovl_fs_context_free(struct ovl_fs_context *ctx) 2080 + { 2081 + ovl_parse_param_drop_lowerdir(ctx); 2082 + path_put(&ctx->upper); 2083 + path_put(&ctx->work); 2084 + kfree(ctx->lower); 2085 + kfree(ctx); 2086 + } 2087 + 2088 + static void ovl_free(struct fs_context *fc) 2089 + { 2090 + struct ovl_fs *ofs = fc->s_fs_info; 2091 + struct ovl_fs_context *ctx = fc->fs_private; 2092 + 2093 + /* 2094 + * ofs is stored in the fs_context when it is initialized. 2095 + * ofs is transferred to the superblock on a successful mount, 2096 + * but if an error occurs before the transfer we have to free 2097 + * it here. 2098 + */ 2099 + if (ofs) 2100 + ovl_free_fs(ofs); 2101 + 2102 + if (ctx) 2103 + ovl_fs_context_free(ctx); 2104 + } 2105 + 2106 + static const struct fs_context_operations ovl_context_ops = { 2107 + .parse_param = ovl_parse_param, 2108 + .get_tree = ovl_get_tree, 2109 + .reconfigure = ovl_reconfigure, 2110 + .free = ovl_free, 2111 + }; 2112 + 2113 + /* 2114 + * This is called during fsopen() and will record the user namespace of 2115 + * the caller in fc->user_ns since we've raised FS_USERNS_MOUNT. We'll 2116 + * need it when we actually create the superblock to verify that the 2117 + * process creating the superblock is in the same user namespace as 2118 + * process that called fsopen(). 2119 + */ 2120 + static int ovl_init_fs_context(struct fs_context *fc) 2121 + { 2122 + struct ovl_fs_context *ctx; 2123 + struct ovl_fs *ofs; 2124 + 2125 + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); 2126 + if (!ctx) 2127 + return -ENOMEM; 2128 + 2129 + /* 2130 + * By default we allocate for three lower layers. It's likely 2131 + * that it'll cover most users. 2132 + */ 2133 + ctx->lower = kmalloc_array(3, sizeof(*ctx->lower), GFP_KERNEL_ACCOUNT); 2134 + if (!ctx->lower) 2135 + goto out_err; 2136 + ctx->capacity = 3; 2137 + 2138 + ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL); 2139 + if (!ofs) 2140 + goto out_err; 2141 + 2142 + ofs->config.redirect_mode = ovl_redirect_mode_def(); 2143 + ofs->config.index = ovl_index_def; 2144 + ofs->config.uuid = true; 2145 + ofs->config.nfs_export = ovl_nfs_export_def; 2146 + ofs->config.xino = ovl_xino_def(); 2147 + ofs->config.metacopy = ovl_metacopy_def; 2148 + 2149 + fc->s_fs_info = ofs; 2150 + fc->fs_private = ctx; 2151 + fc->ops = &ovl_context_ops; 2152 + return 0; 2153 + 2154 + out_err: 2155 + ovl_fs_context_free(ctx); 2156 + return -ENOMEM; 2157 + 1932 2158 } 1933 2159 1934 2160 static struct file_system_type ovl_fs_type = { 1935 - .owner = THIS_MODULE, 1936 - .name = "overlay", 1937 - .fs_flags = FS_USERNS_MOUNT, 1938 - .mount = ovl_mount, 1939 - .kill_sb = kill_anon_super, 2161 + .owner = THIS_MODULE, 2162 + .name = "overlay", 2163 + .init_fs_context = ovl_init_fs_context, 2164 + .parameters = ovl_parameter_spec, 2165 + .fs_flags = FS_USERNS_MOUNT, 2166 + .kill_sb = kill_anon_super, 1940 2167 }; 1941 2168 MODULE_ALIAS_FS("overlay"); 1942 2169

+133 -48

fs/overlayfs/util.c

··· 83 83 return ofs->config.nfs_export && ofs->config.index; 84 84 } 85 85 86 + struct ovl_path *ovl_stack_alloc(unsigned int n) 87 + { 88 + return kcalloc(n, sizeof(struct ovl_path), GFP_KERNEL); 89 + } 90 + 91 + void ovl_stack_cpy(struct ovl_path *dst, struct ovl_path *src, unsigned int n) 92 + { 93 + unsigned int i; 94 + 95 + memcpy(dst, src, sizeof(struct ovl_path) * n); 96 + for (i = 0; i < n; i++) 97 + dget(src[i].dentry); 98 + } 99 + 100 + void ovl_stack_put(struct ovl_path *stack, unsigned int n) 101 + { 102 + unsigned int i; 103 + 104 + for (i = 0; stack && i < n; i++) 105 + dput(stack[i].dentry); 106 + } 107 + 108 + void ovl_stack_free(struct ovl_path *stack, unsigned int n) 109 + { 110 + ovl_stack_put(stack, n); 111 + kfree(stack); 112 + } 113 + 86 114 struct ovl_entry *ovl_alloc_entry(unsigned int numlower) 87 115 { 88 - size_t size = offsetof(struct ovl_entry, lowerstack[numlower]); 116 + size_t size = offsetof(struct ovl_entry, __lowerstack[numlower]); 89 117 struct ovl_entry *oe = kzalloc(size, GFP_KERNEL); 90 118 91 119 if (oe) 92 - oe->numlower = numlower; 120 + oe->__numlower = numlower; 93 121 94 122 return oe; 95 123 } 96 124 97 - bool ovl_dentry_remote(struct dentry *dentry) 125 + void ovl_free_entry(struct ovl_entry *oe) 98 126 { 99 - return dentry->d_flags & 100 - (DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE); 127 + ovl_stack_put(ovl_lowerstack(oe), ovl_numlower(oe)); 128 + kfree(oe); 101 129 } 102 130 103 - void ovl_dentry_update_reval(struct dentry *dentry, struct dentry *upperdentry, 104 - unsigned int mask) 131 + #define OVL_D_REVALIDATE (DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE) 132 + 133 + bool ovl_dentry_remote(struct dentry *dentry) 105 134 { 106 - struct ovl_entry *oe = OVL_E(dentry); 135 + return dentry->d_flags & OVL_D_REVALIDATE; 136 + } 137 + 138 + void ovl_dentry_update_reval(struct dentry *dentry, struct dentry *realdentry) 139 + { 140 + if (!ovl_dentry_remote(realdentry)) 141 + return; 142 + 143 + spin_lock(&dentry->d_lock); 144 + dentry->d_flags |= realdentry->d_flags & OVL_D_REVALIDATE; 145 + spin_unlock(&dentry->d_lock); 146 + } 147 + 148 + void ovl_dentry_init_reval(struct dentry *dentry, struct dentry *upperdentry, 149 + struct ovl_entry *oe) 150 + { 151 + return ovl_dentry_init_flags(dentry, upperdentry, oe, OVL_D_REVALIDATE); 152 + } 153 + 154 + void ovl_dentry_init_flags(struct dentry *dentry, struct dentry *upperdentry, 155 + struct ovl_entry *oe, unsigned int mask) 156 + { 157 + struct ovl_path *lowerstack = ovl_lowerstack(oe); 107 158 unsigned int i, flags = 0; 108 159 109 160 if (upperdentry) 110 161 flags |= upperdentry->d_flags; 111 - for (i = 0; i < oe->numlower; i++) 112 - flags |= oe->lowerstack[i].dentry->d_flags; 162 + for (i = 0; i < ovl_numlower(oe) && lowerstack[i].dentry; i++) 163 + flags |= lowerstack[i].dentry->d_flags; 113 164 114 165 spin_lock(&dentry->d_lock); 115 166 dentry->d_flags &= ~mask; ··· 178 127 179 128 enum ovl_path_type ovl_path_type(struct dentry *dentry) 180 129 { 181 - struct ovl_entry *oe = dentry->d_fsdata; 130 + struct ovl_entry *oe = OVL_E(dentry); 182 131 enum ovl_path_type type = 0; 183 132 184 133 if (ovl_dentry_upper(dentry)) { ··· 187 136 /* 188 137 * Non-dir dentry can hold lower dentry of its copy up origin. 189 138 */ 190 - if (oe->numlower) { 139 + if (ovl_numlower(oe)) { 191 140 if (ovl_test_flag(OVL_CONST_INO, d_inode(dentry))) 192 141 type |= __OVL_PATH_ORIGIN; 193 142 if (d_is_dir(dentry) || ··· 195 144 type |= __OVL_PATH_MERGE; 196 145 } 197 146 } else { 198 - if (oe->numlower > 1) 147 + if (ovl_numlower(oe) > 1) 199 148 type |= __OVL_PATH_MERGE; 200 149 } 201 150 return type; ··· 211 160 212 161 void ovl_path_lower(struct dentry *dentry, struct path *path) 213 162 { 214 - struct ovl_entry *oe = dentry->d_fsdata; 163 + struct ovl_entry *oe = OVL_E(dentry); 164 + struct ovl_path *lowerpath = ovl_lowerstack(oe); 215 165 216 - if (oe->numlower) { 217 - path->mnt = oe->lowerstack[0].layer->mnt; 218 - path->dentry = oe->lowerstack[0].dentry; 166 + if (ovl_numlower(oe)) { 167 + path->mnt = lowerpath->layer->mnt; 168 + path->dentry = lowerpath->dentry; 219 169 } else { 220 170 *path = (struct path) { }; 221 171 } ··· 224 172 225 173 void ovl_path_lowerdata(struct dentry *dentry, struct path *path) 226 174 { 227 - struct ovl_entry *oe = dentry->d_fsdata; 175 + struct ovl_entry *oe = OVL_E(dentry); 176 + struct ovl_path *lowerdata = ovl_lowerdata(oe); 177 + struct dentry *lowerdata_dentry = ovl_lowerdata_dentry(oe); 228 178 229 - if (oe->numlower) { 230 - path->mnt = oe->lowerstack[oe->numlower - 1].layer->mnt; 231 - path->dentry = oe->lowerstack[oe->numlower - 1].dentry; 179 + if (lowerdata_dentry) { 180 + path->dentry = lowerdata_dentry; 181 + /* 182 + * Pairs with smp_wmb() in ovl_dentry_set_lowerdata(). 183 + * Make sure that if lowerdata->dentry is visible, then 184 + * datapath->layer is visible as well. 185 + */ 186 + smp_rmb(); 187 + path->mnt = READ_ONCE(lowerdata->layer)->mnt; 232 188 } else { 233 189 *path = (struct path) { }; 234 190 } ··· 275 215 276 216 struct dentry *ovl_dentry_lower(struct dentry *dentry) 277 217 { 278 - struct ovl_entry *oe = dentry->d_fsdata; 218 + struct ovl_entry *oe = OVL_E(dentry); 279 219 280 - return oe->numlower ? oe->lowerstack[0].dentry : NULL; 220 + return ovl_numlower(oe) ? ovl_lowerstack(oe)->dentry : NULL; 281 221 } 282 222 283 223 const struct ovl_layer *ovl_layer_lower(struct dentry *dentry) 284 224 { 285 - struct ovl_entry *oe = dentry->d_fsdata; 225 + struct ovl_entry *oe = OVL_E(dentry); 286 226 287 - return oe->numlower ? oe->lowerstack[0].layer : NULL; 227 + return ovl_numlower(oe) ? ovl_lowerstack(oe)->layer : NULL; 288 228 } 289 229 290 230 /* ··· 295 235 */ 296 236 struct dentry *ovl_dentry_lowerdata(struct dentry *dentry) 297 237 { 298 - struct ovl_entry *oe = dentry->d_fsdata; 238 + return ovl_lowerdata_dentry(OVL_E(dentry)); 239 + } 299 240 300 - return oe->numlower ? oe->lowerstack[oe->numlower - 1].dentry : NULL; 241 + int ovl_dentry_set_lowerdata(struct dentry *dentry, struct ovl_path *datapath) 242 + { 243 + struct ovl_entry *oe = OVL_E(dentry); 244 + struct ovl_path *lowerdata = ovl_lowerdata(oe); 245 + struct dentry *datadentry = datapath->dentry; 246 + 247 + if (WARN_ON_ONCE(ovl_numlower(oe) <= 1)) 248 + return -EIO; 249 + 250 + WRITE_ONCE(lowerdata->layer, datapath->layer); 251 + /* 252 + * Pairs with smp_rmb() in ovl_path_lowerdata(). 253 + * Make sure that if lowerdata->dentry is visible, then 254 + * lowerdata->layer is visible as well. 255 + */ 256 + smp_wmb(); 257 + WRITE_ONCE(lowerdata->dentry, dget(datadentry)); 258 + 259 + ovl_dentry_update_reval(dentry, datadentry); 260 + 261 + return 0; 301 262 } 302 263 303 264 struct dentry *ovl_dentry_real(struct dentry *dentry) ··· 331 250 return ovl_upperdentry_dereference(OVL_I(inode)); 332 251 } 333 252 334 - void ovl_i_path_real(struct inode *inode, struct path *path) 253 + struct inode *ovl_i_path_real(struct inode *inode, struct path *path) 335 254 { 255 + struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode)); 256 + 336 257 path->dentry = ovl_i_dentry_upper(inode); 337 258 if (!path->dentry) { 338 - path->dentry = OVL_I(inode)->lowerpath.dentry; 339 - path->mnt = OVL_I(inode)->lowerpath.layer->mnt; 259 + path->dentry = lowerpath->dentry; 260 + path->mnt = lowerpath->layer->mnt; 340 261 } else { 341 262 path->mnt = ovl_upper_mnt(OVL_FS(inode->i_sb)); 342 263 } 264 + 265 + return path->dentry ? d_inode_rcu(path->dentry) : NULL; 343 266 } 344 267 345 268 struct inode *ovl_inode_upper(struct inode *inode) ··· 355 270 356 271 struct inode *ovl_inode_lower(struct inode *inode) 357 272 { 358 - struct dentry *lowerdentry = OVL_I(inode)->lowerpath.dentry; 273 + struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode)); 359 274 360 - return lowerdentry ? d_inode(lowerdentry) : NULL; 275 + return lowerpath ? d_inode(lowerpath->dentry) : NULL; 361 276 } 362 277 363 278 struct inode *ovl_inode_real(struct inode *inode) ··· 368 283 /* Return inode which contains lower data. Do not return metacopy */ 369 284 struct inode *ovl_inode_lowerdata(struct inode *inode) 370 285 { 286 + struct dentry *lowerdata = ovl_lowerdata_dentry(OVL_I_E(inode)); 287 + 371 288 if (WARN_ON(!S_ISREG(inode->i_mode))) 372 289 return NULL; 373 290 374 - return OVL_I(inode)->lowerdata ?: ovl_inode_lower(inode); 291 + return lowerdata ? d_inode(lowerdata) : NULL; 375 292 } 376 293 377 294 /* Return real inode which contains data. Does not return metacopy inode */ ··· 388 301 return ovl_inode_lowerdata(inode); 389 302 } 390 303 304 + const char *ovl_lowerdata_redirect(struct inode *inode) 305 + { 306 + return inode && S_ISREG(inode->i_mode) ? 307 + OVL_I(inode)->lowerdata_redirect : NULL; 308 + } 309 + 391 310 struct ovl_dir_cache *ovl_dir_cache(struct inode *inode) 392 311 { 393 - return OVL_I(inode)->cache; 312 + return inode && S_ISDIR(inode->i_mode) ? OVL_I(inode)->cache : NULL; 394 313 } 395 314 396 315 void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache) ··· 406 313 407 314 void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry) 408 315 { 409 - set_bit(flag, &OVL_E(dentry)->flags); 316 + set_bit(flag, OVL_E_FLAGS(dentry)); 410 317 } 411 318 412 319 void ovl_dentry_clear_flag(unsigned long flag, struct dentry *dentry) 413 320 { 414 - clear_bit(flag, &OVL_E(dentry)->flags); 321 + clear_bit(flag, OVL_E_FLAGS(dentry)); 415 322 } 416 323 417 324 bool ovl_dentry_test_flag(unsigned long flag, struct dentry *dentry) 418 325 { 419 - return test_bit(flag, &OVL_E(dentry)->flags); 326 + return test_bit(flag, OVL_E_FLAGS(dentry)); 420 327 } 421 328 422 329 bool ovl_dentry_is_opaque(struct dentry *dentry) ··· 504 411 return false; 505 412 506 413 return !ovl_has_upperdata(d_inode(dentry)); 507 - } 508 - 509 - bool ovl_redirect_dir(struct super_block *sb) 510 - { 511 - struct ovl_fs *ofs = sb->s_fs_info; 512 - 513 - return ofs->config.redirect_dir && !ofs->noxattr; 514 414 } 515 415 516 416 const char *ovl_dentry_get_redirect(struct dentry *dentry) ··· 1085 999 1086 1000 bool ovl_is_metacopy_dentry(struct dentry *dentry) 1087 1001 { 1088 - struct ovl_entry *oe = dentry->d_fsdata; 1002 + struct ovl_entry *oe = OVL_E(dentry); 1089 1003 1090 1004 if (!d_is_reg(dentry)) 1091 1005 return false; ··· 1096 1010 return false; 1097 1011 } 1098 1012 1099 - return (oe->numlower > 1); 1013 + return (ovl_numlower(oe) > 1); 1100 1014 } 1101 1015 1102 1016 char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding) ··· 1191 1105 vfsuid_t vfsuid; 1192 1106 vfsgid_t vfsgid; 1193 1107 1194 - ovl_i_path_real(inode, &realpath); 1195 - realinode = d_inode(realpath.dentry); 1108 + realinode = ovl_i_path_real(inode, &realpath); 1196 1109 real_idmap = mnt_idmap(realpath.mnt); 1197 1110 1198 1111 vfsuid = i_uid_into_vfsuid(real_idmap, realinode);