fs/overlayfs/super.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *
0004  * Copyright (C) 2011 Novell Inc.
0005  */
0006
0007 #include <uapi/linux/magic.h>
0008 #include <linux/fs.h>
0009 #include <linux/namei.h>
0010 #include <linux/xattr.h>
0011 #include <linux/mount.h>
0012 #include <linux/parser.h>
0013 #include <linux/module.h>
0014 #include <linux/statfs.h>
0015 #include <linux/seq_file.h>
0016 #include <linux/posix_acl_xattr.h>
0017 #include <linux/exportfs.h>
0018 #include "overlayfs.h"
0019
0020 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
0021 MODULE_DESCRIPTION("Overlay filesystem");
0022 MODULE_LICENSE("GPL");
0023
0024
0025 struct ovl_dir_cache;
0026
0027 #define OVL_MAX_STACK 500
0028
0029 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
0030 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
0031 MODULE_PARM_DESC(redirect_dir,
0032          "Default to on or off for the redirect_dir feature");
0033
0034 static bool ovl_redirect_always_follow =
0035     IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
0036 module_param_named(redirect_always_follow, ovl_redirect_always_follow,
0037            bool, 0644);
0038 MODULE_PARM_DESC(redirect_always_follow,
0039          "Follow redirects even if redirect_dir feature is turned off");
0040
0041 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
0042 module_param_named(index, ovl_index_def, bool, 0644);
0043 MODULE_PARM_DESC(index,
0044          "Default to on or off for the inodes index feature");
0045
0046 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
0047 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
0048 MODULE_PARM_DESC(nfs_export,
0049          "Default to on or off for the NFS export feature");
0050
0051 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
0052 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
0053 MODULE_PARM_DESC(xino_auto,
0054          "Auto enable xino feature");
0055
0056 static void ovl_entry_stack_free(struct ovl_entry *oe)
0057 {
0058     unsigned int i;
0059
0060     for (i = 0; i < oe->numlower; i++)
0061         dput(oe->lowerstack[i].dentry);
0062 }
0063
0064 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
0065 module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
0066 MODULE_PARM_DESC(metacopy,
0067          "Default to on or off for the metadata only copy up feature");
0068
0069 static void ovl_dentry_release(struct dentry *dentry)
0070 {
0071     struct ovl_entry *oe = dentry->d_fsdata;
0072
0073     if (oe) {
0074         ovl_entry_stack_free(oe);
0075         kfree_rcu(oe, rcu);
0076     }
0077 }
0078
0079 static struct dentry *ovl_d_real(struct dentry *dentry,
0080                  const struct inode *inode)
0081 {
0082     struct dentry *real = NULL, *lower;
0083
0084     /* It's an overlay file */
0085     if (inode && d_inode(dentry) == inode)
0086         return dentry;
0087
0088     if (!d_is_reg(dentry)) {
0089         if (!inode || inode == d_inode(dentry))
0090             return dentry;
0091         goto bug;
0092     }
0093
0094     real = ovl_dentry_upper(dentry);
0095     if (real && (inode == d_inode(real)))
0096         return real;
0097
0098     if (real && !inode && ovl_has_upperdata(d_inode(dentry)))
0099         return real;
0100
0101     lower = ovl_dentry_lowerdata(dentry);
0102     if (!lower)
0103         goto bug;
0104     real = lower;
0105
0106     /* Handle recursion */
0107     real = d_real(real, inode);
0108
0109     if (!inode || inode == d_inode(real))
0110         return real;
0111 bug:
0112     WARN(1, "%s(%pd4, %s:%lu): real dentry (%p/%lu) not found\n",
0113          __func__, dentry, inode ? inode->i_sb->s_id : "NULL",
0114          inode ? inode->i_ino : 0, real,
0115          real && d_inode(real) ? d_inode(real)->i_ino : 0);
0116     return dentry;
0117 }
0118
0119 static int ovl_revalidate_real(struct dentry *d, unsigned int flags, bool weak)
0120 {
0121     int ret = 1;
0122
0123     if (weak) {
0124         if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE)
0125             ret =  d->d_op->d_weak_revalidate(d, flags);
0126     } else if (d->d_flags & DCACHE_OP_REVALIDATE) {
0127         ret = d->d_op->d_revalidate(d, flags);
0128         if (!ret) {
0129             if (!(flags & LOOKUP_RCU))
0130                 d_invalidate(d);
0131             ret = -ESTALE;
0132         }
0133     }
0134     return ret;
0135 }
0136
0137 static int ovl_dentry_revalidate_common(struct dentry *dentry,
0138                     unsigned int flags, bool weak)
0139 {
0140     struct ovl_entry *oe = dentry->d_fsdata;
0141     struct dentry *upper;
0142     unsigned int i;
0143     int ret = 1;
0144
0145     upper = ovl_dentry_upper(dentry);
0146     if (upper)
0147         ret = ovl_revalidate_real(upper, flags, weak);
0148
0149     for (i = 0; ret > 0 && i < oe->numlower; i++) {
0150         ret = ovl_revalidate_real(oe->lowerstack[i].dentry, flags,
0151                       weak);
0152     }
0153     return ret;
0154 }
0155
0156 static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
0157 {
0158     return ovl_dentry_revalidate_common(dentry, flags, false);
0159 }
0160
0161 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
0162 {
0163     return ovl_dentry_revalidate_common(dentry, flags, true);
0164 }
0165
0166 static const struct dentry_operations ovl_dentry_operations = {
0167     .d_release = ovl_dentry_release,
0168     .d_real = ovl_d_real,
0169     .d_revalidate = ovl_dentry_revalidate,
0170     .d_weak_revalidate = ovl_dentry_weak_revalidate,
0171 };
0172
0173 static struct kmem_cache *ovl_inode_cachep;
0174
0175 static struct inode *ovl_alloc_inode(struct super_block *sb)
0176 {
0177     struct ovl_inode *oi = alloc_inode_sb(sb, ovl_inode_cachep, GFP_KERNEL);
0178
0179     if (!oi)
0180         return NULL;
0181
0182     oi->cache = NULL;
0183     oi->redirect = NULL;
0184     oi->version = 0;
0185     oi->flags = 0;
0186     oi->__upperdentry = NULL;
0187     oi->lowerpath.dentry = NULL;
0188     oi->lowerpath.layer = NULL;
0189     oi->lowerdata = NULL;
0190     mutex_init(&oi->lock);
0191
0192     return &oi->vfs_inode;
0193 }
0194
0195 static void ovl_free_inode(struct inode *inode)
0196 {
0197     struct ovl_inode *oi = OVL_I(inode);
0198
0199     kfree(oi->redirect);
0200     mutex_destroy(&oi->lock);
0201     kmem_cache_free(ovl_inode_cachep, oi);
0202 }
0203
0204 static void ovl_destroy_inode(struct inode *inode)
0205 {
0206     struct ovl_inode *oi = OVL_I(inode);
0207
0208     dput(oi->__upperdentry);
0209     dput(oi->lowerpath.dentry);
0210     if (S_ISDIR(inode->i_mode))
0211         ovl_dir_cache_free(inode);
0212     else
0213         iput(oi->lowerdata);
0214 }
0215
0216 static void ovl_free_fs(struct ovl_fs *ofs)
0217 {
0218     struct vfsmount **mounts;
0219     unsigned i;
0220
0221     iput(ofs->workbasedir_trap);
0222     iput(ofs->indexdir_trap);
0223     iput(ofs->workdir_trap);
0224     dput(ofs->whiteout);
0225     dput(ofs->indexdir);
0226     dput(ofs->workdir);
0227     if (ofs->workdir_locked)
0228         ovl_inuse_unlock(ofs->workbasedir);
0229     dput(ofs->workbasedir);
0230     if (ofs->upperdir_locked)
0231         ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
0232
0233     /* Hack!  Reuse ofs->layers as a vfsmount array before freeing it */
0234     mounts = (struct vfsmount **) ofs->layers;
0235     for (i = 0; i < ofs->numlayer; i++) {
0236         iput(ofs->layers[i].trap);
0237         mounts[i] = ofs->layers[i].mnt;
0238     }
0239     kern_unmount_array(mounts, ofs->numlayer);
0240     kfree(ofs->layers);
0241     for (i = 0; i < ofs->numfs; i++)
0242         free_anon_bdev(ofs->fs[i].pseudo_dev);
0243     kfree(ofs->fs);
0244
0245     kfree(ofs->config.lowerdir);
0246     kfree(ofs->config.upperdir);
0247     kfree(ofs->config.workdir);
0248     kfree(ofs->config.redirect_mode);
0249     if (ofs->creator_cred)
0250         put_cred(ofs->creator_cred);
0251     kfree(ofs);
0252 }
0253
0254 static void ovl_put_super(struct super_block *sb)
0255 {
0256     struct ovl_fs *ofs = sb->s_fs_info;
0257
0258     ovl_free_fs(ofs);
0259 }
0260
0261 /* Sync real dirty inodes in upper filesystem (if it exists) */
0262 static int ovl_sync_fs(struct super_block *sb, int wait)
0263 {
0264     struct ovl_fs *ofs = sb->s_fs_info;
0265     struct super_block *upper_sb;
0266     int ret;
0267
0268     ret = ovl_sync_status(ofs);
0269     /*
0270      * We have to always set the err, because the return value isn't
0271      * checked in syncfs, and instead indirectly return an error via
0272      * the sb's writeback errseq, which VFS inspects after this call.
0273      */
0274     if (ret < 0) {
0275         errseq_set(&sb->s_wb_err, -EIO);
0276         return -EIO;
0277     }
0278
0279     if (!ret)
0280         return ret;
0281
0282     /*
0283      * Not called for sync(2) call or an emergency sync (SB_I_SKIP_SYNC).
0284      * All the super blocks will be iterated, including upper_sb.
0285      *
0286      * If this is a syncfs(2) call, then we do need to call
0287      * sync_filesystem() on upper_sb, but enough if we do it when being
0288      * called with wait == 1.
0289      */
0290     if (!wait)
0291         return 0;
0292
0293     upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
0294
0295     down_read(&upper_sb->s_umount);
0296     ret = sync_filesystem(upper_sb);
0297     up_read(&upper_sb->s_umount);
0298
0299     return ret;
0300 }
0301
0302 /**
0303  * ovl_statfs
0304  * @dentry: The dentry to query
0305  * @buf: The struct kstatfs to fill in with stats
0306  *
0307  * Get the filesystem statistics.  As writes always target the upper layer
0308  * filesystem pass the statfs to the upper filesystem (if it exists)
0309  */
0310 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
0311 {
0312     struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
0313     struct dentry *root_dentry = dentry->d_sb->s_root;
0314     struct path path;
0315     int err;
0316
0317     ovl_path_real(root_dentry, &path);
0318
0319     err = vfs_statfs(&path, buf);
0320     if (!err) {
0321         buf->f_namelen = ofs->namelen;
0322         buf->f_type = OVERLAYFS_SUPER_MAGIC;
0323     }
0324
0325     return err;
0326 }
0327
0328 /* Will this overlay be forced to mount/remount ro? */
0329 static bool ovl_force_readonly(struct ovl_fs *ofs)
0330 {
0331     return (!ovl_upper_mnt(ofs) || !ofs->workdir);
0332 }
0333
0334 static const char *ovl_redirect_mode_def(void)
0335 {
0336     return ovl_redirect_dir_def ? "on" : "off";
0337 }
0338
0339 static const char * const ovl_xino_str[] = {
0340     "off",
0341     "auto",
0342     "on",
0343 };
0344
0345 static inline int ovl_xino_def(void)
0346 {
0347     return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
0348 }
0349
0350 /**
0351  * ovl_show_options
0352  * @m: the seq_file handle
0353  * @dentry: The dentry to query
0354  *
0355  * Prints the mount options for a given superblock.
0356  * Returns zero; does not fail.
0357  */
0358 static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
0359 {
0360     struct super_block *sb = dentry->d_sb;
0361     struct ovl_fs *ofs = sb->s_fs_info;
0362
0363     seq_show_option(m, "lowerdir", ofs->config.lowerdir);
0364     if (ofs->config.upperdir) {
0365         seq_show_option(m, "upperdir", ofs->config.upperdir);
0366         seq_show_option(m, "workdir", ofs->config.workdir);
0367     }
0368     if (ofs->config.default_permissions)
0369         seq_puts(m, ",default_permissions");
0370     if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0)
0371         seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode);
0372     if (ofs->config.index != ovl_index_def)
0373         seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
0374     if (!ofs->config.uuid)
0375         seq_puts(m, ",uuid=off");
0376     if (ofs->config.nfs_export != ovl_nfs_export_def)
0377         seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
0378                         "on" : "off");
0379     if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(sb))
0380         seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]);
0381     if (ofs->config.metacopy != ovl_metacopy_def)
0382         seq_printf(m, ",metacopy=%s",
0383                ofs->config.metacopy ? "on" : "off");
0384     if (ofs->config.ovl_volatile)
0385         seq_puts(m, ",volatile");
0386     if (ofs->config.userxattr)
0387         seq_puts(m, ",userxattr");
0388     return 0;
0389 }
0390
0391 static int ovl_remount(struct super_block *sb, int *flags, char *data)
0392 {
0393     struct ovl_fs *ofs = sb->s_fs_info;
0394     struct super_block *upper_sb;
0395     int ret = 0;
0396
0397     if (!(*flags & SB_RDONLY) && ovl_force_readonly(ofs))
0398         return -EROFS;
0399
0400     if (*flags & SB_RDONLY && !sb_rdonly(sb)) {
0401         upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
0402         if (ovl_should_sync(ofs)) {
0403             down_read(&upper_sb->s_umount);
0404             ret = sync_filesystem(upper_sb);
0405             up_read(&upper_sb->s_umount);
0406         }
0407     }
0408
0409     return ret;
0410 }
0411
0412 static const struct super_operations ovl_super_operations = {
0413     .alloc_inode    = ovl_alloc_inode,
0414     .free_inode = ovl_free_inode,
0415     .destroy_inode  = ovl_destroy_inode,
0416     .drop_inode = generic_delete_inode,
0417     .put_super  = ovl_put_super,
0418     .sync_fs    = ovl_sync_fs,
0419     .statfs     = ovl_statfs,
0420     .show_options   = ovl_show_options,
0421     .remount_fs = ovl_remount,
0422 };
0423
0424 enum {
0425     OPT_LOWERDIR,
0426     OPT_UPPERDIR,
0427     OPT_WORKDIR,
0428     OPT_DEFAULT_PERMISSIONS,
0429     OPT_REDIRECT_DIR,
0430     OPT_INDEX_ON,
0431     OPT_INDEX_OFF,
0432     OPT_UUID_ON,
0433     OPT_UUID_OFF,
0434     OPT_NFS_EXPORT_ON,
0435     OPT_USERXATTR,
0436     OPT_NFS_EXPORT_OFF,
0437     OPT_XINO_ON,
0438     OPT_XINO_OFF,
0439     OPT_XINO_AUTO,
0440     OPT_METACOPY_ON,
0441     OPT_METACOPY_OFF,
0442     OPT_VOLATILE,
0443     OPT_ERR,
0444 };
0445
0446 static const match_table_t ovl_tokens = {
0447     {OPT_LOWERDIR,          "lowerdir=%s"},
0448     {OPT_UPPERDIR,          "upperdir=%s"},
0449     {OPT_WORKDIR,           "workdir=%s"},
0450     {OPT_DEFAULT_PERMISSIONS,   "default_permissions"},
0451     {OPT_REDIRECT_DIR,      "redirect_dir=%s"},
0452     {OPT_INDEX_ON,          "index=on"},
0453     {OPT_INDEX_OFF,         "index=off"},
0454     {OPT_USERXATTR,         "userxattr"},
0455     {OPT_UUID_ON,           "uuid=on"},
0456     {OPT_UUID_OFF,          "uuid=off"},
0457     {OPT_NFS_EXPORT_ON,     "nfs_export=on"},
0458     {OPT_NFS_EXPORT_OFF,        "nfs_export=off"},
0459     {OPT_XINO_ON,           "xino=on"},
0460     {OPT_XINO_OFF,          "xino=off"},
0461     {OPT_XINO_AUTO,         "xino=auto"},
0462     {OPT_METACOPY_ON,       "metacopy=on"},
0463     {OPT_METACOPY_OFF,      "metacopy=off"},
0464     {OPT_VOLATILE,          "volatile"},
0465     {OPT_ERR,           NULL}
0466 };
0467
0468 static char *ovl_next_opt(char **s)
0469 {
0470     char *sbegin = *s;
0471     char *p;
0472
0473     if (sbegin == NULL)
0474         return NULL;
0475
0476     for (p = sbegin; *p; p++) {
0477         if (*p == '\\') {
0478             p++;
0479             if (!*p)
0480                 break;
0481         } else if (*p == ',') {
0482             *p = '\0';
0483             *s = p + 1;
0484             return sbegin;
0485         }
0486     }
0487     *s = NULL;
0488     return sbegin;
0489 }
0490
0491 static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode)
0492 {
0493     if (strcmp(mode, "on") == 0) {
0494         config->redirect_dir = true;
0495         /*
0496          * Does not make sense to have redirect creation without
0497          * redirect following.
0498          */
0499         config->redirect_follow = true;
0500     } else if (strcmp(mode, "follow") == 0) {
0501         config->redirect_follow = true;
0502     } else if (strcmp(mode, "off") == 0) {
0503         if (ovl_redirect_always_follow)
0504             config->redirect_follow = true;
0505     } else if (strcmp(mode, "nofollow") != 0) {
0506         pr_err("bad mount option \"redirect_dir=%s\"\n",
0507                mode);
0508         return -EINVAL;
0509     }
0510
0511     return 0;
0512 }
0513
0514 static int ovl_parse_opt(char *opt, struct ovl_config *config)
0515 {
0516     char *p;
0517     int err;
0518     bool metacopy_opt = false, redirect_opt = false;
0519     bool nfs_export_opt = false, index_opt = false;
0520
0521     config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL);
0522     if (!config->redirect_mode)
0523         return -ENOMEM;
0524
0525     while ((p = ovl_next_opt(&opt)) != NULL) {
0526         int token;
0527         substring_t args[MAX_OPT_ARGS];
0528
0529         if (!*p)
0530             continue;
0531
0532         token = match_token(p, ovl_tokens, args);
0533         switch (token) {
0534         case OPT_UPPERDIR:
0535             kfree(config->upperdir);
0536             config->upperdir = match_strdup(&args[0]);
0537             if (!config->upperdir)
0538                 return -ENOMEM;
0539             break;
0540
0541         case OPT_LOWERDIR:
0542             kfree(config->lowerdir);
0543             config->lowerdir = match_strdup(&args[0]);
0544             if (!config->lowerdir)
0545                 return -ENOMEM;
0546             break;
0547
0548         case OPT_WORKDIR:
0549             kfree(config->workdir);
0550             config->workdir = match_strdup(&args[0]);
0551             if (!config->workdir)
0552                 return -ENOMEM;
0553             break;
0554
0555         case OPT_DEFAULT_PERMISSIONS:
0556             config->default_permissions = true;
0557             break;
0558
0559         case OPT_REDIRECT_DIR:
0560             kfree(config->redirect_mode);
0561             config->redirect_mode = match_strdup(&args[0]);
0562             if (!config->redirect_mode)
0563                 return -ENOMEM;
0564             redirect_opt = true;
0565             break;
0566
0567         case OPT_INDEX_ON:
0568             config->index = true;
0569             index_opt = true;
0570             break;
0571
0572         case OPT_INDEX_OFF:
0573             config->index = false;
0574             index_opt = true;
0575             break;
0576
0577         case OPT_UUID_ON:
0578             config->uuid = true;
0579             break;
0580
0581         case OPT_UUID_OFF:
0582             config->uuid = false;
0583             break;
0584
0585         case OPT_NFS_EXPORT_ON:
0586             config->nfs_export = true;
0587             nfs_export_opt = true;
0588             break;
0589
0590         case OPT_NFS_EXPORT_OFF:
0591             config->nfs_export = false;
0592             nfs_export_opt = true;
0593             break;
0594
0595         case OPT_XINO_ON:
0596             config->xino = OVL_XINO_ON;
0597             break;
0598
0599         case OPT_XINO_OFF:
0600             config->xino = OVL_XINO_OFF;
0601             break;
0602
0603         case OPT_XINO_AUTO:
0604             config->xino = OVL_XINO_AUTO;
0605             break;
0606
0607         case OPT_METACOPY_ON:
0608             config->metacopy = true;
0609             metacopy_opt = true;
0610             break;
0611
0612         case OPT_METACOPY_OFF:
0613             config->metacopy = false;
0614             metacopy_opt = true;
0615             break;
0616
0617         case OPT_VOLATILE:
0618             config->ovl_volatile = true;
0619             break;
0620
0621         case OPT_USERXATTR:
0622             config->userxattr = true;
0623             break;
0624
0625         default:
0626             pr_err("unrecognized mount option \"%s\" or missing value\n",
0627                     p);
0628             return -EINVAL;
0629         }
0630     }
0631
0632     /* Workdir/index are useless in non-upper mount */
0633     if (!config->upperdir) {
0634         if (config->workdir) {
0635             pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
0636                 config->workdir);
0637             kfree(config->workdir);
0638             config->workdir = NULL;
0639         }
0640         if (config->index && index_opt) {
0641             pr_info("option \"index=on\" is useless in a non-upper mount, ignore\n");
0642             index_opt = false;
0643         }
0644         config->index = false;
0645     }
0646
0647     if (!config->upperdir && config->ovl_volatile) {
0648         pr_info("option \"volatile\" is meaningless in a non-upper mount, ignoring it.\n");
0649         config->ovl_volatile = false;
0650     }
0651
0652     err = ovl_parse_redirect_mode(config, config->redirect_mode);
0653     if (err)
0654         return err;
0655
0656     /*
0657      * This is to make the logic below simpler.  It doesn't make any other
0658      * difference, since config->redirect_dir is only used for upper.
0659      */
0660     if (!config->upperdir && config->redirect_follow)
0661         config->redirect_dir = true;
0662
0663     /* Resolve metacopy -> redirect_dir dependency */
0664     if (config->metacopy && !config->redirect_dir) {
0665         if (metacopy_opt && redirect_opt) {
0666             pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
0667                    config->redirect_mode);
0668             return -EINVAL;
0669         }
0670         if (redirect_opt) {
0671             /*
0672              * There was an explicit redirect_dir=... that resulted
0673              * in this conflict.
0674              */
0675             pr_info("disabling metacopy due to redirect_dir=%s\n",
0676                 config->redirect_mode);
0677             config->metacopy = false;
0678         } else {
0679             /* Automatically enable redirect otherwise. */
0680             config->redirect_follow = config->redirect_dir = true;
0681         }
0682     }
0683
0684     /* Resolve nfs_export -> index dependency */
0685     if (config->nfs_export && !config->index) {
0686         if (!config->upperdir && config->redirect_follow) {
0687             pr_info("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
0688             config->nfs_export = false;
0689         } else if (nfs_export_opt && index_opt) {
0690             pr_err("conflicting options: nfs_export=on,index=off\n");
0691             return -EINVAL;
0692         } else if (index_opt) {
0693             /*
0694              * There was an explicit index=off that resulted
0695              * in this conflict.
0696              */
0697             pr_info("disabling nfs_export due to index=off\n");
0698             config->nfs_export = false;
0699         } else {
0700             /* Automatically enable index otherwise. */
0701             config->index = true;
0702         }
0703     }
0704
0705     /* Resolve nfs_export -> !metacopy dependency */
0706     if (config->nfs_export && config->metacopy) {
0707         if (nfs_export_opt && metacopy_opt) {
0708             pr_err("conflicting options: nfs_export=on,metacopy=on\n");
0709             return -EINVAL;
0710         }
0711         if (metacopy_opt) {
0712             /*
0713              * There was an explicit metacopy=on that resulted
0714              * in this conflict.
0715              */
0716             pr_info("disabling nfs_export due to metacopy=on\n");
0717             config->nfs_export = false;
0718         } else {
0719             /*
0720              * There was an explicit nfs_export=on that resulted
0721              * in this conflict.
0722              */
0723             pr_info("disabling metacopy due to nfs_export=on\n");
0724             config->metacopy = false;
0725         }
0726     }
0727
0728
0729     /* Resolve userxattr -> !redirect && !metacopy dependency */
0730     if (config->userxattr) {
0731         if (config->redirect_follow && redirect_opt) {
0732             pr_err("conflicting options: userxattr,redirect_dir=%s\n",
0733                    config->redirect_mode);
0734             return -EINVAL;
0735         }
0736         if (config->metacopy && metacopy_opt) {
0737             pr_err("conflicting options: userxattr,metacopy=on\n");
0738             return -EINVAL;
0739         }
0740         /*
0741          * Silently disable default setting of redirect and metacopy.
0742          * This shall be the default in the future as well: these
0743          * options must be explicitly enabled if used together with
0744          * userxattr.
0745          */
0746         config->redirect_dir = config->redirect_follow = false;
0747         config->metacopy = false;
0748     }
0749
0750     return 0;
0751 }
0752
0753 #define OVL_WORKDIR_NAME "work"
0754 #define OVL_INDEXDIR_NAME "index"
0755
0756 static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
0757                      const char *name, bool persist)
0758 {
0759     struct inode *dir =  ofs->workbasedir->d_inode;
0760     struct vfsmount *mnt = ovl_upper_mnt(ofs);
0761     struct dentry *work;
0762     int err;
0763     bool retried = false;
0764
0765     inode_lock_nested(dir, I_MUTEX_PARENT);
0766 retry:
0767     work = ovl_lookup_upper(ofs, name, ofs->workbasedir, strlen(name));
0768
0769     if (!IS_ERR(work)) {
0770         struct iattr attr = {
0771             .ia_valid = ATTR_MODE,
0772             .ia_mode = S_IFDIR | 0,
0773         };
0774
0775         if (work->d_inode) {
0776             err = -EEXIST;
0777             if (retried)
0778                 goto out_dput;
0779
0780             if (persist)
0781                 goto out_unlock;
0782
0783             retried = true;
0784             err = ovl_workdir_cleanup(ofs, dir, mnt, work, 0);
0785             dput(work);
0786             if (err == -EINVAL) {
0787                 work = ERR_PTR(err);
0788                 goto out_unlock;
0789             }
0790             goto retry;
0791         }
0792
0793         err = ovl_mkdir_real(ofs, dir, &work, attr.ia_mode);
0794         if (err)
0795             goto out_dput;
0796
0797         /* Weird filesystem returning with hashed negative (kernfs)? */
0798         err = -EINVAL;
0799         if (d_really_is_negative(work))
0800             goto out_dput;
0801
0802         /*
0803          * Try to remove POSIX ACL xattrs from workdir.  We are good if:
0804          *
0805          * a) success (there was a POSIX ACL xattr and was removed)
0806          * b) -ENODATA (there was no POSIX ACL xattr)
0807          * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
0808          *
0809          * There are various other error values that could effectively
0810          * mean that the xattr doesn't exist (e.g. -ERANGE is returned
0811          * if the xattr name is too long), but the set of filesystems
0812          * allowed as upper are limited to "normal" ones, where checking
0813          * for the above two errors is sufficient.
0814          */
0815         err = ovl_do_removexattr(ofs, work,
0816                      XATTR_NAME_POSIX_ACL_DEFAULT);
0817         if (err && err != -ENODATA && err != -EOPNOTSUPP)
0818             goto out_dput;
0819
0820         err = ovl_do_removexattr(ofs, work,
0821                      XATTR_NAME_POSIX_ACL_ACCESS);
0822         if (err && err != -ENODATA && err != -EOPNOTSUPP)
0823             goto out_dput;
0824
0825         /* Clear any inherited mode bits */
0826         inode_lock(work->d_inode);
0827         err = ovl_do_notify_change(ofs, work, &attr);
0828         inode_unlock(work->d_inode);
0829         if (err)
0830             goto out_dput;
0831     } else {
0832         err = PTR_ERR(work);
0833         goto out_err;
0834     }
0835 out_unlock:
0836     inode_unlock(dir);
0837     return work;
0838
0839 out_dput:
0840     dput(work);
0841 out_err:
0842     pr_warn("failed to create directory %s/%s (errno: %i); mounting read-only\n",
0843         ofs->config.workdir, name, -err);
0844     work = NULL;
0845     goto out_unlock;
0846 }
0847
0848 static void ovl_unescape(char *s)
0849 {
0850     char *d = s;
0851
0852     for (;; s++, d++) {
0853         if (*s == '\\')
0854             s++;
0855         *d = *s;
0856         if (!*s)
0857             break;
0858     }
0859 }
0860
0861 static int ovl_mount_dir_noesc(const char *name, struct path *path)
0862 {
0863     int err = -EINVAL;
0864
0865     if (!*name) {
0866         pr_err("empty lowerdir\n");
0867         goto out;
0868     }
0869     err = kern_path(name, LOOKUP_FOLLOW, path);
0870     if (err) {
0871         pr_err("failed to resolve '%s': %i\n", name, err);
0872         goto out;
0873     }
0874     err = -EINVAL;
0875     if (ovl_dentry_weird(path->dentry)) {
0876         pr_err("filesystem on '%s' not supported\n", name);
0877         goto out_put;
0878     }
0879     if (!d_is_dir(path->dentry)) {
0880         pr_err("'%s' not a directory\n", name);
0881         goto out_put;
0882     }
0883     return 0;
0884
0885 out_put:
0886     path_put_init(path);
0887 out:
0888     return err;
0889 }
0890
0891 static int ovl_mount_dir(const char *name, struct path *path)
0892 {
0893     int err = -ENOMEM;
0894     char *tmp = kstrdup(name, GFP_KERNEL);
0895
0896     if (tmp) {
0897         ovl_unescape(tmp);
0898         err = ovl_mount_dir_noesc(tmp, path);
0899
0900         if (!err && path->dentry->d_flags & DCACHE_OP_REAL) {
0901             pr_err("filesystem on '%s' not supported as upperdir\n",
0902                    tmp);
0903             path_put_init(path);
0904             err = -EINVAL;
0905         }
0906         kfree(tmp);
0907     }
0908     return err;
0909 }
0910
0911 static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
0912                  const char *name)
0913 {
0914     struct kstatfs statfs;
0915     int err = vfs_statfs(path, &statfs);
0916
0917     if (err)
0918         pr_err("statfs failed on '%s'\n", name);
0919     else
0920         ofs->namelen = max(ofs->namelen, statfs.f_namelen);
0921
0922     return err;
0923 }
0924
0925 static int ovl_lower_dir(const char *name, struct path *path,
0926              struct ovl_fs *ofs, int *stack_depth)
0927 {
0928     int fh_type;
0929     int err;
0930
0931     err = ovl_mount_dir_noesc(name, path);
0932     if (err)
0933         return err;
0934
0935     err = ovl_check_namelen(path, ofs, name);
0936     if (err)
0937         return err;
0938
0939     *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
0940
0941     /*
0942      * The inodes index feature and NFS export need to encode and decode
0943      * file handles, so they require that all layers support them.
0944      */
0945     fh_type = ovl_can_decode_fh(path->dentry->d_sb);
0946     if ((ofs->config.nfs_export ||
0947          (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
0948         ofs->config.index = false;
0949         ofs->config.nfs_export = false;
0950         pr_warn("fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
0951             name);
0952     }
0953     /*
0954      * Decoding origin file handle is required for persistent st_ino.
0955      * Without persistent st_ino, xino=auto falls back to xino=off.
0956      */
0957     if (ofs->config.xino == OVL_XINO_AUTO &&
0958         ofs->config.upperdir && !fh_type) {
0959         ofs->config.xino = OVL_XINO_OFF;
0960         pr_warn("fs on '%s' does not support file handles, falling back to xino=off.\n",
0961             name);
0962     }
0963
0964     /* Check if lower fs has 32bit inode numbers */
0965     if (fh_type != FILEID_INO32_GEN)
0966         ofs->xino_mode = -1;
0967
0968     return 0;
0969 }
0970
0971 /* Workdir should not be subdir of upperdir and vice versa */
0972 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
0973 {
0974     bool ok = false;
0975
0976     if (workdir != upperdir) {
0977         ok = (lock_rename(workdir, upperdir) == NULL);
0978         unlock_rename(workdir, upperdir);
0979     }
0980     return ok;
0981 }
0982
0983 static unsigned int ovl_split_lowerdirs(char *str)
0984 {
0985     unsigned int ctr = 1;
0986     char *s, *d;
0987
0988     for (s = d = str;; s++, d++) {
0989         if (*s == '\\') {
0990             s++;
0991         } else if (*s == ':') {
0992             *d = '\0';
0993             ctr++;
0994             continue;
0995         }
0996         *d = *s;
0997         if (!*s)
0998             break;
0999     }
1000     return ctr;
1001 }
1002
1003 static int __maybe_unused
1004 ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
1005             struct dentry *dentry, struct inode *inode,
1006             const char *name, void *buffer, size_t size)
1007 {
1008     return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
1009 }
1010
1011 static int __maybe_unused
1012 ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
1013             struct user_namespace *mnt_userns,
1014             struct dentry *dentry, struct inode *inode,
1015             const char *name, const void *value,
1016             size_t size, int flags)
1017 {
1018     struct dentry *workdir = ovl_workdir(dentry);
1019     struct inode *realinode = ovl_inode_real(inode);
1020     struct posix_acl *acl = NULL;
1021     int err;
1022
1023     /* Check that everything is OK before copy-up */
1024     if (value) {
1025         acl = posix_acl_from_xattr(&init_user_ns, value, size);
1026         if (IS_ERR(acl))
1027             return PTR_ERR(acl);
1028     }
1029     err = -EOPNOTSUPP;
1030     if (!IS_POSIXACL(d_inode(workdir)))
1031         goto out_acl_release;
1032     if (!realinode->i_op->set_acl)
1033         goto out_acl_release;
1034     if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
1035         err = acl ? -EACCES : 0;
1036         goto out_acl_release;
1037     }
1038     err = -EPERM;
1039     if (!inode_owner_or_capable(&init_user_ns, inode))
1040         goto out_acl_release;
1041
1042     posix_acl_release(acl);
1043
1044     /*
1045      * Check if sgid bit needs to be cleared (actual setacl operation will
1046      * be done with mounter's capabilities and so that won't do it for us).
1047      */
1048     if (unlikely(inode->i_mode & S_ISGID) &&
1049         handler->flags == ACL_TYPE_ACCESS &&
1050         !in_group_p(inode->i_gid) &&
1051         !capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID)) {
1052         struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
1053
1054         err = ovl_setattr(&init_user_ns, dentry, &iattr);
1055         if (err)
1056             return err;
1057     }
1058
1059     err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
1060     return err;
1061
1062 out_acl_release:
1063     posix_acl_release(acl);
1064     return err;
1065 }
1066
1067 static int ovl_own_xattr_get(const struct xattr_handler *handler,
1068                  struct dentry *dentry, struct inode *inode,
1069                  const char *name, void *buffer, size_t size)
1070 {
1071     return -EOPNOTSUPP;
1072 }
1073
1074 static int ovl_own_xattr_set(const struct xattr_handler *handler,
1075                  struct user_namespace *mnt_userns,
1076                  struct dentry *dentry, struct inode *inode,
1077                  const char *name, const void *value,
1078                  size_t size, int flags)
1079 {
1080     return -EOPNOTSUPP;
1081 }
1082
1083 static int ovl_other_xattr_get(const struct xattr_handler *handler,
1084                    struct dentry *dentry, struct inode *inode,
1085                    const char *name, void *buffer, size_t size)
1086 {
1087     return ovl_xattr_get(dentry, inode, name, buffer, size);
1088 }
1089
1090 static int ovl_other_xattr_set(const struct xattr_handler *handler,
1091                    struct user_namespace *mnt_userns,
1092                    struct dentry *dentry, struct inode *inode,
1093                    const char *name, const void *value,
1094                    size_t size, int flags)
1095 {
1096     return ovl_xattr_set(dentry, inode, name, value, size, flags);
1097 }
1098
1099 static const struct xattr_handler __maybe_unused
1100 ovl_posix_acl_access_xattr_handler = {
1101     .name = XATTR_NAME_POSIX_ACL_ACCESS,
1102     .flags = ACL_TYPE_ACCESS,
1103     .get = ovl_posix_acl_xattr_get,
1104     .set = ovl_posix_acl_xattr_set,
1105 };
1106
1107 static const struct xattr_handler __maybe_unused
1108 ovl_posix_acl_default_xattr_handler = {
1109     .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1110     .flags = ACL_TYPE_DEFAULT,
1111     .get = ovl_posix_acl_xattr_get,
1112     .set = ovl_posix_acl_xattr_set,
1113 };
1114
1115 static const struct xattr_handler ovl_own_trusted_xattr_handler = {
1116     .prefix = OVL_XATTR_TRUSTED_PREFIX,
1117     .get = ovl_own_xattr_get,
1118     .set = ovl_own_xattr_set,
1119 };
1120
1121 static const struct xattr_handler ovl_own_user_xattr_handler = {
1122     .prefix = OVL_XATTR_USER_PREFIX,
1123     .get = ovl_own_xattr_get,
1124     .set = ovl_own_xattr_set,
1125 };
1126
1127 static const struct xattr_handler ovl_other_xattr_handler = {
1128     .prefix = "", /* catch all */
1129     .get = ovl_other_xattr_get,
1130     .set = ovl_other_xattr_set,
1131 };
1132
1133 static const struct xattr_handler *ovl_trusted_xattr_handlers[] = {
1134 #ifdef CONFIG_FS_POSIX_ACL
1135     &ovl_posix_acl_access_xattr_handler,
1136     &ovl_posix_acl_default_xattr_handler,
1137 #endif
1138     &ovl_own_trusted_xattr_handler,
1139     &ovl_other_xattr_handler,
1140     NULL
1141 };
1142
1143 static const struct xattr_handler *ovl_user_xattr_handlers[] = {
1144 #ifdef CONFIG_FS_POSIX_ACL
1145     &ovl_posix_acl_access_xattr_handler,
1146     &ovl_posix_acl_default_xattr_handler,
1147 #endif
1148     &ovl_own_user_xattr_handler,
1149     &ovl_other_xattr_handler,
1150     NULL
1151 };
1152
1153 static int ovl_setup_trap(struct super_block *sb, struct dentry *dir,
1154               struct inode **ptrap, const char *name)
1155 {
1156     struct inode *trap;
1157     int err;
1158
1159     trap = ovl_get_trap_inode(sb, dir);
1160     err = PTR_ERR_OR_ZERO(trap);
1161     if (err) {
1162         if (err == -ELOOP)
1163             pr_err("conflicting %s path\n", name);
1164         return err;
1165     }
1166
1167     *ptrap = trap;
1168     return 0;
1169 }
1170
1171 /*
1172  * Determine how we treat concurrent use of upperdir/workdir based on the
1173  * index feature. This is papering over mount leaks of container runtimes,
1174  * for example, an old overlay mount is leaked and now its upperdir is
1175  * attempted to be used as a lower layer in a new overlay mount.
1176  */
1177 static int ovl_report_in_use(struct ovl_fs *ofs, const char *name)
1178 {
1179     if (ofs->config.index) {
1180         pr_err("%s is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.\n",
1181                name);
1182         return -EBUSY;
1183     } else {
1184         pr_warn("%s is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.\n",
1185             name);
1186         return 0;
1187     }
1188 }
1189
1190 static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs,
1191              struct ovl_layer *upper_layer, struct path *upperpath)
1192 {
1193     struct vfsmount *upper_mnt;
1194     int err;
1195
1196     err = ovl_mount_dir(ofs->config.upperdir, upperpath);
1197     if (err)
1198         goto out;
1199
1200     /* Upperdir path should not be r/o */
1201     if (__mnt_is_readonly(upperpath->mnt)) {
1202         pr_err("upper fs is r/o, try multi-lower layers mount\n");
1203         err = -EINVAL;
1204         goto out;
1205     }
1206
1207     err = ovl_check_namelen(upperpath, ofs, ofs->config.upperdir);
1208     if (err)
1209         goto out;
1210
1211     err = ovl_setup_trap(sb, upperpath->dentry, &upper_layer->trap,
1212                  "upperdir");
1213     if (err)
1214         goto out;
1215
1216     upper_mnt = clone_private_mount(upperpath);
1217     err = PTR_ERR(upper_mnt);
1218     if (IS_ERR(upper_mnt)) {
1219         pr_err("failed to clone upperpath\n");
1220         goto out;
1221     }
1222
1223     /* Don't inherit atime flags */
1224     upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
1225     upper_layer->mnt = upper_mnt;
1226     upper_layer->idx = 0;
1227     upper_layer->fsid = 0;
1228
1229     /*
1230      * Inherit SB_NOSEC flag from upperdir.
1231      *
1232      * This optimization changes behavior when a security related attribute
1233      * (suid/sgid/security.*) is changed on an underlying layer.  This is
1234      * okay because we don't yet have guarantees in that case, but it will
1235      * need careful treatment once we want to honour changes to underlying
1236      * filesystems.
1237      */
1238     if (upper_mnt->mnt_sb->s_flags & SB_NOSEC)
1239         sb->s_flags |= SB_NOSEC;
1240
1241     if (ovl_inuse_trylock(ovl_upper_mnt(ofs)->mnt_root)) {
1242         ofs->upperdir_locked = true;
1243     } else {
1244         err = ovl_report_in_use(ofs, "upperdir");
1245         if (err)
1246             goto out;
1247     }
1248
1249     err = 0;
1250 out:
1251     return err;
1252 }
1253
1254 /*
1255  * Returns 1 if RENAME_WHITEOUT is supported, 0 if not supported and
1256  * negative values if error is encountered.
1257  */
1258 static int ovl_check_rename_whiteout(struct ovl_fs *ofs)
1259 {
1260     struct dentry *workdir = ofs->workdir;
1261     struct inode *dir = d_inode(workdir);
1262     struct dentry *temp;
1263     struct dentry *dest;
1264     struct dentry *whiteout;
1265     struct name_snapshot name;
1266     int err;
1267
1268     inode_lock_nested(dir, I_MUTEX_PARENT);
1269
1270     temp = ovl_create_temp(ofs, workdir, OVL_CATTR(S_IFREG | 0));
1271     err = PTR_ERR(temp);
1272     if (IS_ERR(temp))
1273         goto out_unlock;
1274
1275     dest = ovl_lookup_temp(ofs, workdir);
1276     err = PTR_ERR(dest);
1277     if (IS_ERR(dest)) {
1278         dput(temp);
1279         goto out_unlock;
1280     }
1281
1282     /* Name is inline and stable - using snapshot as a copy helper */
1283     take_dentry_name_snapshot(&name, temp);
1284     err = ovl_do_rename(ofs, dir, temp, dir, dest, RENAME_WHITEOUT);
1285     if (err) {
1286         if (err == -EINVAL)
1287             err = 0;
1288         goto cleanup_temp;
1289     }
1290
1291     whiteout = ovl_lookup_upper(ofs, name.name.name, workdir, name.name.len);
1292     err = PTR_ERR(whiteout);
1293     if (IS_ERR(whiteout))
1294         goto cleanup_temp;
1295
1296     err = ovl_is_whiteout(whiteout);
1297
1298     /* Best effort cleanup of whiteout and temp file */
1299     if (err)
1300         ovl_cleanup(ofs, dir, whiteout);
1301     dput(whiteout);
1302
1303 cleanup_temp:
1304     ovl_cleanup(ofs, dir, temp);
1305     release_dentry_name_snapshot(&name);
1306     dput(temp);
1307     dput(dest);
1308
1309 out_unlock:
1310     inode_unlock(dir);
1311
1312     return err;
1313 }
1314
1315 static struct dentry *ovl_lookup_or_create(struct ovl_fs *ofs,
1316                        struct dentry *parent,
1317                        const char *name, umode_t mode)
1318 {
1319     size_t len = strlen(name);
1320     struct dentry *child;
1321
1322     inode_lock_nested(parent->d_inode, I_MUTEX_PARENT);
1323     child = ovl_lookup_upper(ofs, name, parent, len);
1324     if (!IS_ERR(child) && !child->d_inode)
1325         child = ovl_create_real(ofs, parent->d_inode, child,
1326                     OVL_CATTR(mode));
1327     inode_unlock(parent->d_inode);
1328     dput(parent);
1329
1330     return child;
1331 }
1332
1333 /*
1334  * Creates $workdir/work/incompat/volatile/dirty file if it is not already
1335  * present.
1336  */
1337 static int ovl_create_volatile_dirty(struct ovl_fs *ofs)
1338 {
1339     unsigned int ctr;
1340     struct dentry *d = dget(ofs->workbasedir);
1341     static const char *const volatile_path[] = {
1342         OVL_WORKDIR_NAME, "incompat", "volatile", "dirty"
1343     };
1344     const char *const *name = volatile_path;
1345
1346     for (ctr = ARRAY_SIZE(volatile_path); ctr; ctr--, name++) {
1347         d = ovl_lookup_or_create(ofs, d, *name, ctr > 1 ? S_IFDIR : S_IFREG);
1348         if (IS_ERR(d))
1349             return PTR_ERR(d);
1350     }
1351     dput(d);
1352     return 0;
1353 }
1354
1355 static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
1356                 struct path *workpath)
1357 {
1358     struct vfsmount *mnt = ovl_upper_mnt(ofs);
1359     struct dentry *temp, *workdir;
1360     bool rename_whiteout;
1361     bool d_type;
1362     int fh_type;
1363     int err;
1364
1365     err = mnt_want_write(mnt);
1366     if (err)
1367         return err;
1368
1369     workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, false);
1370     err = PTR_ERR(workdir);
1371     if (IS_ERR_OR_NULL(workdir))
1372         goto out;
1373
1374     ofs->workdir = workdir;
1375
1376     err = ovl_setup_trap(sb, ofs->workdir, &ofs->workdir_trap, "workdir");
1377     if (err)
1378         goto out;
1379
1380     /*
1381      * Upper should support d_type, else whiteouts are visible.  Given
1382      * workdir and upper are on same fs, we can do iterate_dir() on
1383      * workdir. This check requires successful creation of workdir in
1384      * previous step.
1385      */
1386     err = ovl_check_d_type_supported(workpath);
1387     if (err < 0)
1388         goto out;
1389
1390     d_type = err;
1391     if (!d_type)
1392         pr_warn("upper fs needs to support d_type.\n");
1393
1394     /* Check if upper/work fs supports O_TMPFILE */
1395     temp = ovl_do_tmpfile(ofs, ofs->workdir, S_IFREG | 0);
1396     ofs->tmpfile = !IS_ERR(temp);
1397     if (ofs->tmpfile)
1398         dput(temp);
1399     else
1400         pr_warn("upper fs does not support tmpfile.\n");
1401
1402
1403     /* Check if upper/work fs supports RENAME_WHITEOUT */
1404     err = ovl_check_rename_whiteout(ofs);
1405     if (err < 0)
1406         goto out;
1407
1408     rename_whiteout = err;
1409     if (!rename_whiteout)
1410         pr_warn("upper fs does not support RENAME_WHITEOUT.\n");
1411
1412     /*
1413      * Check if upper/work fs supports (trusted|user).overlay.* xattr
1414      */
1415     err = ovl_setxattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE, "0", 1);
1416     if (err) {
1417         pr_warn("failed to set xattr on upper\n");
1418         ofs->noxattr = true;
1419         if (ofs->config.index || ofs->config.metacopy) {
1420             ofs->config.index = false;
1421             ofs->config.metacopy = false;
1422             pr_warn("...falling back to index=off,metacopy=off.\n");
1423         }
1424         /*
1425          * xattr support is required for persistent st_ino.
1426          * Without persistent st_ino, xino=auto falls back to xino=off.
1427          */
1428         if (ofs->config.xino == OVL_XINO_AUTO) {
1429             ofs->config.xino = OVL_XINO_OFF;
1430             pr_warn("...falling back to xino=off.\n");
1431         }
1432         if (err == -EPERM && !ofs->config.userxattr)
1433             pr_info("try mounting with 'userxattr' option\n");
1434         err = 0;
1435     } else {
1436         ovl_removexattr(ofs, ofs->workdir, OVL_XATTR_OPAQUE);
1437     }
1438
1439     /*
1440      * We allowed sub-optimal upper fs configuration and don't want to break
1441      * users over kernel upgrade, but we never allowed remote upper fs, so
1442      * we can enforce strict requirements for remote upper fs.
1443      */
1444     if (ovl_dentry_remote(ofs->workdir) &&
1445         (!d_type || !rename_whiteout || ofs->noxattr)) {
1446         pr_err("upper fs missing required features.\n");
1447         err = -EINVAL;
1448         goto out;
1449     }
1450
1451     /*
1452      * For volatile mount, create a incompat/volatile/dirty file to keep
1453      * track of it.
1454      */
1455     if (ofs->config.ovl_volatile) {
1456         err = ovl_create_volatile_dirty(ofs);
1457         if (err < 0) {
1458             pr_err("Failed to create volatile/dirty file.\n");
1459             goto out;
1460         }
1461     }
1462
1463     /* Check if upper/work fs supports file handles */
1464     fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
1465     if (ofs->config.index && !fh_type) {
1466         ofs->config.index = false;
1467         pr_warn("upper fs does not support file handles, falling back to index=off.\n");
1468     }
1469
1470     /* Check if upper fs has 32bit inode numbers */
1471     if (fh_type != FILEID_INO32_GEN)
1472         ofs->xino_mode = -1;
1473
1474     /* NFS export of r/w mount depends on index */
1475     if (ofs->config.nfs_export && !ofs->config.index) {
1476         pr_warn("NFS export requires \"index=on\", falling back to nfs_export=off.\n");
1477         ofs->config.nfs_export = false;
1478     }
1479 out:
1480     mnt_drop_write(mnt);
1481     return err;
1482 }
1483
1484 static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs,
1485                struct path *upperpath)
1486 {
1487     int err;
1488     struct path workpath = { };
1489
1490     err = ovl_mount_dir(ofs->config.workdir, &workpath);
1491     if (err)
1492         goto out;
1493
1494     err = -EINVAL;
1495     if (upperpath->mnt != workpath.mnt) {
1496         pr_err("workdir and upperdir must reside under the same mount\n");
1497         goto out;
1498     }
1499     if (!ovl_workdir_ok(workpath.dentry, upperpath->dentry)) {
1500         pr_err("workdir and upperdir must be separate subtrees\n");
1501         goto out;
1502     }
1503
1504     ofs->workbasedir = dget(workpath.dentry);
1505
1506     if (ovl_inuse_trylock(ofs->workbasedir)) {
1507         ofs->workdir_locked = true;
1508     } else {
1509         err = ovl_report_in_use(ofs, "workdir");
1510         if (err)
1511             goto out;
1512     }
1513
1514     err = ovl_setup_trap(sb, ofs->workbasedir, &ofs->workbasedir_trap,
1515                  "workdir");
1516     if (err)
1517         goto out;
1518
1519     err = ovl_make_workdir(sb, ofs, &workpath);
1520
1521 out:
1522     path_put(&workpath);
1523
1524     return err;
1525 }
1526
1527 static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs,
1528                 struct ovl_entry *oe, struct path *upperpath)
1529 {
1530     struct vfsmount *mnt = ovl_upper_mnt(ofs);
1531     struct dentry *indexdir;
1532     int err;
1533
1534     err = mnt_want_write(mnt);
1535     if (err)
1536         return err;
1537
1538     /* Verify lower root is upper root origin */
1539     err = ovl_verify_origin(ofs, upperpath->dentry,
1540                 oe->lowerstack[0].dentry, true);
1541     if (err) {
1542         pr_err("failed to verify upper root origin\n");
1543         goto out;
1544     }
1545
1546     /* index dir will act also as workdir */
1547     iput(ofs->workdir_trap);
1548     ofs->workdir_trap = NULL;
1549     dput(ofs->workdir);
1550     ofs->workdir = NULL;
1551     indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
1552     if (IS_ERR(indexdir)) {
1553         err = PTR_ERR(indexdir);
1554     } else if (indexdir) {
1555         ofs->indexdir = indexdir;
1556         ofs->workdir = dget(indexdir);
1557
1558         err = ovl_setup_trap(sb, ofs->indexdir, &ofs->indexdir_trap,
1559                      "indexdir");
1560         if (err)
1561             goto out;
1562
1563         /*
1564          * Verify upper root is exclusively associated with index dir.
1565          * Older kernels stored upper fh in ".overlay.origin"
1566          * xattr. If that xattr exists, verify that it is a match to
1567          * upper dir file handle. In any case, verify or set xattr
1568          * ".overlay.upper" to indicate that index may have
1569          * directory entries.
1570          */
1571         if (ovl_check_origin_xattr(ofs, ofs->indexdir)) {
1572             err = ovl_verify_set_fh(ofs, ofs->indexdir,
1573                         OVL_XATTR_ORIGIN,
1574                         upperpath->dentry, true, false);
1575             if (err)
1576                 pr_err("failed to verify index dir 'origin' xattr\n");
1577         }
1578         err = ovl_verify_upper(ofs, ofs->indexdir, upperpath->dentry,
1579                        true);
1580         if (err)
1581             pr_err("failed to verify index dir 'upper' xattr\n");
1582
1583         /* Cleanup bad/stale/orphan index entries */
1584         if (!err)
1585             err = ovl_indexdir_cleanup(ofs);
1586     }
1587     if (err || !ofs->indexdir)
1588         pr_warn("try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");
1589
1590 out:
1591     mnt_drop_write(mnt);
1592     return err;
1593 }
1594
1595 static bool ovl_lower_uuid_ok(struct ovl_fs *ofs, const uuid_t *uuid)
1596 {
1597     unsigned int i;
1598
1599     if (!ofs->config.nfs_export && !ovl_upper_mnt(ofs))
1600         return true;
1601
1602     /*
1603      * We allow using single lower with null uuid for index and nfs_export
1604      * for example to support those features with single lower squashfs.
1605      * To avoid regressions in setups of overlay with re-formatted lower
1606      * squashfs, do not allow decoding origin with lower null uuid unless
1607      * user opted-in to one of the new features that require following the
1608      * lower inode of non-dir upper.
1609      */
1610     if (ovl_allow_offline_changes(ofs) && uuid_is_null(uuid))
1611         return false;
1612
1613     for (i = 0; i < ofs->numfs; i++) {
1614         /*
1615          * We use uuid to associate an overlay lower file handle with a
1616          * lower layer, so we can accept lower fs with null uuid as long
1617          * as all lower layers with null uuid are on the same fs.
1618          * if we detect multiple lower fs with the same uuid, we
1619          * disable lower file handle decoding on all of them.
1620          */
1621         if (ofs->fs[i].is_lower &&
1622             uuid_equal(&ofs->fs[i].sb->s_uuid, uuid)) {
1623             ofs->fs[i].bad_uuid = true;
1624             return false;
1625         }
1626     }
1627     return true;
1628 }
1629
1630 /* Get a unique fsid for the layer */
1631 static int ovl_get_fsid(struct ovl_fs *ofs, const struct path *path)
1632 {
1633     struct super_block *sb = path->mnt->mnt_sb;
1634     unsigned int i;
1635     dev_t dev;
1636     int err;
1637     bool bad_uuid = false;
1638     bool warn = false;
1639
1640     for (i = 0; i < ofs->numfs; i++) {
1641         if (ofs->fs[i].sb == sb)
1642             return i;
1643     }
1644
1645     if (!ovl_lower_uuid_ok(ofs, &sb->s_uuid)) {
1646         bad_uuid = true;
1647         if (ofs->config.xino == OVL_XINO_AUTO) {
1648             ofs->config.xino = OVL_XINO_OFF;
1649             warn = true;
1650         }
1651         if (ofs->config.index || ofs->config.nfs_export) {
1652             ofs->config.index = false;
1653             ofs->config.nfs_export = false;
1654             warn = true;
1655         }
1656         if (warn) {
1657             pr_warn("%s uuid detected in lower fs '%pd2', falling back to xino=%s,index=off,nfs_export=off.\n",
1658                 uuid_is_null(&sb->s_uuid) ? "null" :
1659                                 "conflicting",
1660                 path->dentry, ovl_xino_str[ofs->config.xino]);
1661         }
1662     }
1663
1664     err = get_anon_bdev(&dev);
1665     if (err) {
1666         pr_err("failed to get anonymous bdev for lowerpath\n");
1667         return err;
1668     }
1669
1670     ofs->fs[ofs->numfs].sb = sb;
1671     ofs->fs[ofs->numfs].pseudo_dev = dev;
1672     ofs->fs[ofs->numfs].bad_uuid = bad_uuid;
1673
1674     return ofs->numfs++;
1675 }
1676
1677 static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs,
1678               struct path *stack, unsigned int numlower,
1679               struct ovl_layer *layers)
1680 {
1681     int err;
1682     unsigned int i;
1683
1684     err = -ENOMEM;
1685     ofs->fs = kcalloc(numlower + 1, sizeof(struct ovl_sb), GFP_KERNEL);
1686     if (ofs->fs == NULL)
1687         goto out;
1688
1689     /* idx/fsid 0 are reserved for upper fs even with lower only overlay */
1690     ofs->numfs++;
1691
1692     /*
1693      * All lower layers that share the same fs as upper layer, use the same
1694      * pseudo_dev as upper layer.  Allocate fs[0].pseudo_dev even for lower
1695      * only overlay to simplify ovl_fs_free().
1696      * is_lower will be set if upper fs is shared with a lower layer.
1697      */
1698     err = get_anon_bdev(&ofs->fs[0].pseudo_dev);
1699     if (err) {
1700         pr_err("failed to get anonymous bdev for upper fs\n");
1701         goto out;
1702     }
1703
1704     if (ovl_upper_mnt(ofs)) {
1705         ofs->fs[0].sb = ovl_upper_mnt(ofs)->mnt_sb;
1706         ofs->fs[0].is_lower = false;
1707     }
1708
1709     for (i = 0; i < numlower; i++) {
1710         struct vfsmount *mnt;
1711         struct inode *trap;
1712         int fsid;
1713
1714         err = fsid = ovl_get_fsid(ofs, &stack[i]);
1715         if (err < 0)
1716             goto out;
1717
1718         /*
1719          * Check if lower root conflicts with this overlay layers before
1720          * checking if it is in-use as upperdir/workdir of "another"
1721          * mount, because we do not bother to check in ovl_is_inuse() if
1722          * the upperdir/workdir is in fact in-use by our
1723          * upperdir/workdir.
1724          */
1725         err = ovl_setup_trap(sb, stack[i].dentry, &trap, "lowerdir");
1726         if (err)
1727             goto out;
1728
1729         if (ovl_is_inuse(stack[i].dentry)) {
1730             err = ovl_report_in_use(ofs, "lowerdir");
1731             if (err) {
1732                 iput(trap);
1733                 goto out;
1734             }
1735         }
1736
1737         mnt = clone_private_mount(&stack[i]);
1738         err = PTR_ERR(mnt);
1739         if (IS_ERR(mnt)) {
1740             pr_err("failed to clone lowerpath\n");
1741             iput(trap);
1742             goto out;
1743         }
1744
1745         /*
1746          * Make lower layers R/O.  That way fchmod/fchown on lower file
1747          * will fail instead of modifying lower fs.
1748          */
1749         mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
1750
1751         layers[ofs->numlayer].trap = trap;
1752         layers[ofs->numlayer].mnt = mnt;
1753         layers[ofs->numlayer].idx = ofs->numlayer;
1754         layers[ofs->numlayer].fsid = fsid;
1755         layers[ofs->numlayer].fs = &ofs->fs[fsid];
1756         ofs->numlayer++;
1757         ofs->fs[fsid].is_lower = true;
1758     }
1759
1760     /*
1761      * When all layers on same fs, overlay can use real inode numbers.
1762      * With mount option "xino=<on|auto>", mounter declares that there are
1763      * enough free high bits in underlying fs to hold the unique fsid.
1764      * If overlayfs does encounter underlying inodes using the high xino
1765      * bits reserved for fsid, it emits a warning and uses the original
1766      * inode number or a non persistent inode number allocated from a
1767      * dedicated range.
1768      */
1769     if (ofs->numfs - !ovl_upper_mnt(ofs) == 1) {
1770         if (ofs->config.xino == OVL_XINO_ON)
1771             pr_info("\"xino=on\" is useless with all layers on same fs, ignore.\n");
1772         ofs->xino_mode = 0;
1773     } else if (ofs->config.xino == OVL_XINO_OFF) {
1774         ofs->xino_mode = -1;
1775     } else if (ofs->xino_mode < 0) {
1776         /*
1777          * This is a roundup of number of bits needed for encoding
1778          * fsid, where fsid 0 is reserved for upper fs (even with
1779          * lower only overlay) +1 extra bit is reserved for the non
1780          * persistent inode number range that is used for resolving
1781          * xino lower bits overflow.
1782          */
1783         BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 30);
1784         ofs->xino_mode = ilog2(ofs->numfs - 1) + 2;
1785     }
1786
1787     if (ofs->xino_mode > 0) {
1788         pr_info("\"xino\" feature enabled using %d upper inode bits.\n",
1789             ofs->xino_mode);
1790     }
1791
1792     err = 0;
1793 out:
1794     return err;
1795 }
1796
1797 static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
1798                 const char *lower, unsigned int numlower,
1799                 struct ovl_fs *ofs, struct ovl_layer *layers)
1800 {
1801     int err;
1802     struct path *stack = NULL;
1803     unsigned int i;
1804     struct ovl_entry *oe;
1805
1806     if (!ofs->config.upperdir && numlower == 1) {
1807         pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n");
1808         return ERR_PTR(-EINVAL);
1809     }
1810
1811     stack = kcalloc(numlower, sizeof(struct path), GFP_KERNEL);
1812     if (!stack)
1813         return ERR_PTR(-ENOMEM);
1814
1815     err = -EINVAL;
1816     for (i = 0; i < numlower; i++) {
1817         err = ovl_lower_dir(lower, &stack[i], ofs, &sb->s_stack_depth);
1818         if (err)
1819             goto out_err;
1820
1821         lower = strchr(lower, '\0') + 1;
1822     }
1823
1824     err = -EINVAL;
1825     sb->s_stack_depth++;
1826     if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1827         pr_err("maximum fs stacking depth exceeded\n");
1828         goto out_err;
1829     }
1830
1831     err = ovl_get_layers(sb, ofs, stack, numlower, layers);
1832     if (err)
1833         goto out_err;
1834
1835     err = -ENOMEM;
1836     oe = ovl_alloc_entry(numlower);
1837     if (!oe)
1838         goto out_err;
1839
1840     for (i = 0; i < numlower; i++) {
1841         oe->lowerstack[i].dentry = dget(stack[i].dentry);
1842         oe->lowerstack[i].layer = &ofs->layers[i+1];
1843     }
1844
1845 out:
1846     for (i = 0; i < numlower; i++)
1847         path_put(&stack[i]);
1848     kfree(stack);
1849
1850     return oe;
1851
1852 out_err:
1853     oe = ERR_PTR(err);
1854     goto out;
1855 }
1856
1857 /*
1858  * Check if this layer root is a descendant of:
1859  * - another layer of this overlayfs instance
1860  * - upper/work dir of any overlayfs instance
1861  */
1862 static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs,
1863                struct dentry *dentry, const char *name,
1864                bool is_lower)
1865 {
1866     struct dentry *next = dentry, *parent;
1867     int err = 0;
1868
1869     if (!dentry)
1870         return 0;
1871
1872     parent = dget_parent(next);
1873
1874     /* Walk back ancestors to root (inclusive) looking for traps */
1875     while (!err && parent != next) {
1876         if (is_lower && ovl_lookup_trap_inode(sb, parent)) {
1877             err = -ELOOP;
1878             pr_err("overlapping %s path\n", name);
1879         } else if (ovl_is_inuse(parent)) {
1880             err = ovl_report_in_use(ofs, name);
1881         }
1882         next = parent;
1883         parent = dget_parent(next);
1884         dput(next);
1885     }
1886
1887     dput(parent);
1888
1889     return err;
1890 }
1891
1892 /*
1893  * Check if any of the layers or work dirs overlap.
1894  */
1895 static int ovl_check_overlapping_layers(struct super_block *sb,
1896                     struct ovl_fs *ofs)
1897 {
1898     int i, err;
1899
1900     if (ovl_upper_mnt(ofs)) {
1901         err = ovl_check_layer(sb, ofs, ovl_upper_mnt(ofs)->mnt_root,
1902                       "upperdir", false);
1903         if (err)
1904             return err;
1905
1906         /*
1907          * Checking workbasedir avoids hitting ovl_is_inuse(parent) of
1908          * this instance and covers overlapping work and index dirs,
1909          * unless work or index dir have been moved since created inside
1910          * workbasedir.  In that case, we already have their traps in
1911          * inode cache and we will catch that case on lookup.
1912          */
1913         err = ovl_check_layer(sb, ofs, ofs->workbasedir, "workdir",
1914                       false);
1915         if (err)
1916             return err;
1917     }
1918
1919     for (i = 1; i < ofs->numlayer; i++) {
1920         err = ovl_check_layer(sb, ofs,
1921                       ofs->layers[i].mnt->mnt_root,
1922                       "lowerdir", true);
1923         if (err)
1924             return err;
1925     }
1926
1927     return 0;
1928 }
1929
1930 static struct dentry *ovl_get_root(struct super_block *sb,
1931                    struct dentry *upperdentry,
1932                    struct ovl_entry *oe)
1933 {
1934     struct dentry *root;
1935     struct ovl_path *lowerpath = &oe->lowerstack[0];
1936     unsigned long ino = d_inode(lowerpath->dentry)->i_ino;
1937     int fsid = lowerpath->layer->fsid;
1938     struct ovl_inode_params oip = {
1939         .upperdentry = upperdentry,
1940         .lowerpath = lowerpath,
1941     };
1942
1943     root = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
1944     if (!root)
1945         return NULL;
1946
1947     root->d_fsdata = oe;
1948
1949     if (upperdentry) {
1950         /* Root inode uses upper st_ino/i_ino */
1951         ino = d_inode(upperdentry)->i_ino;
1952         fsid = 0;
1953         ovl_dentry_set_upper_alias(root);
1954         if (ovl_is_impuredir(sb, upperdentry))
1955             ovl_set_flag(OVL_IMPURE, d_inode(root));
1956     }
1957
1958     /* Root is always merge -> can have whiteouts */
1959     ovl_set_flag(OVL_WHITEOUTS, d_inode(root));
1960     ovl_dentry_set_flag(OVL_E_CONNECTED, root);
1961     ovl_set_upperdata(d_inode(root));
1962     ovl_inode_init(d_inode(root), &oip, ino, fsid);
1963     ovl_dentry_update_reval(root, upperdentry, DCACHE_OP_WEAK_REVALIDATE);
1964
1965     return root;
1966 }
1967
1968 static int ovl_fill_super(struct super_block *sb, void *data, int silent)
1969 {
1970     struct path upperpath = { };
1971     struct dentry *root_dentry;
1972     struct ovl_entry *oe;
1973     struct ovl_fs *ofs;
1974     struct ovl_layer *layers;
1975     struct cred *cred;
1976     char *splitlower = NULL;
1977     unsigned int numlower;
1978     int err;
1979
1980     err = -EIO;
1981     if (WARN_ON(sb->s_user_ns != current_user_ns()))
1982         goto out;
1983
1984     sb->s_d_op = &ovl_dentry_operations;
1985
1986     err = -ENOMEM;
1987     ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
1988     if (!ofs)
1989         goto out;
1990
1991     err = -ENOMEM;
1992     ofs->creator_cred = cred = prepare_creds();
1993     if (!cred)
1994         goto out_err;
1995
1996     /* Is there a reason anyone would want not to share whiteouts? */
1997     ofs->share_whiteout = true;
1998
1999     ofs->config.index = ovl_index_def;
2000     ofs->config.uuid = true;
2001     ofs->config.nfs_export = ovl_nfs_export_def;
2002     ofs->config.xino = ovl_xino_def();
2003     ofs->config.metacopy = ovl_metacopy_def;
2004     err = ovl_parse_opt((char *) data, &ofs->config);
2005     if (err)
2006         goto out_err;
2007
2008     err = -EINVAL;
2009     if (!ofs->config.lowerdir) {
2010         if (!silent)
2011             pr_err("missing 'lowerdir'\n");
2012         goto out_err;
2013     }
2014
2015     err = -ENOMEM;
2016     splitlower = kstrdup(ofs->config.lowerdir, GFP_KERNEL);
2017     if (!splitlower)
2018         goto out_err;
2019
2020     err = -EINVAL;
2021     numlower = ovl_split_lowerdirs(splitlower);
2022     if (numlower > OVL_MAX_STACK) {
2023         pr_err("too many lower directories, limit is %d\n",
2024                OVL_MAX_STACK);
2025         goto out_err;
2026     }
2027
2028     err = -ENOMEM;
2029     layers = kcalloc(numlower + 1, sizeof(struct ovl_layer), GFP_KERNEL);
2030     if (!layers)
2031         goto out_err;
2032
2033     ofs->layers = layers;
2034     /* Layer 0 is reserved for upper even if there's no upper */
2035     ofs->numlayer = 1;
2036
2037     sb->s_stack_depth = 0;
2038     sb->s_maxbytes = MAX_LFS_FILESIZE;
2039     atomic_long_set(&ofs->last_ino, 1);
2040     /* Assume underlying fs uses 32bit inodes unless proven otherwise */
2041     if (ofs->config.xino != OVL_XINO_OFF) {
2042         ofs->xino_mode = BITS_PER_LONG - 32;
2043         if (!ofs->xino_mode) {
2044             pr_warn("xino not supported on 32bit kernel, falling back to xino=off.\n");
2045             ofs->config.xino = OVL_XINO_OFF;
2046         }
2047     }
2048
2049     /* alloc/destroy_inode needed for setting up traps in inode cache */
2050     sb->s_op = &ovl_super_operations;
2051
2052     if (ofs->config.upperdir) {
2053         struct super_block *upper_sb;
2054
2055         err = -EINVAL;
2056         if (!ofs->config.workdir) {
2057             pr_err("missing 'workdir'\n");
2058             goto out_err;
2059         }
2060
2061         err = ovl_get_upper(sb, ofs, &layers[0], &upperpath);
2062         if (err)
2063             goto out_err;
2064
2065         upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
2066         if (!ovl_should_sync(ofs)) {
2067             ofs->errseq = errseq_sample(&upper_sb->s_wb_err);
2068             if (errseq_check(&upper_sb->s_wb_err, ofs->errseq)) {
2069                 err = -EIO;
2070                 pr_err("Cannot mount volatile when upperdir has an unseen error. Sync upperdir fs to clear state.\n");
2071                 goto out_err;
2072             }
2073         }
2074
2075         err = ovl_get_workdir(sb, ofs, &upperpath);
2076         if (err)
2077             goto out_err;
2078
2079         if (!ofs->workdir)
2080             sb->s_flags |= SB_RDONLY;
2081
2082         sb->s_stack_depth = upper_sb->s_stack_depth;
2083         sb->s_time_gran = upper_sb->s_time_gran;
2084     }
2085     oe = ovl_get_lowerstack(sb, splitlower, numlower, ofs, layers);
2086     err = PTR_ERR(oe);
2087     if (IS_ERR(oe))
2088         goto out_err;
2089
2090     /* If the upper fs is nonexistent, we mark overlayfs r/o too */
2091     if (!ovl_upper_mnt(ofs))
2092         sb->s_flags |= SB_RDONLY;
2093
2094     if (!ofs->config.uuid && ofs->numfs > 1) {
2095         pr_warn("The uuid=off requires a single fs for lower and upper, falling back to uuid=on.\n");
2096         ofs->config.uuid = true;
2097     }
2098
2099     if (!ovl_force_readonly(ofs) && ofs->config.index) {
2100         err = ovl_get_indexdir(sb, ofs, oe, &upperpath);
2101         if (err)
2102             goto out_free_oe;
2103
2104         /* Force r/o mount with no index dir */
2105         if (!ofs->indexdir)
2106             sb->s_flags |= SB_RDONLY;
2107     }
2108
2109     err = ovl_check_overlapping_layers(sb, ofs);
2110     if (err)
2111         goto out_free_oe;
2112
2113     /* Show index=off in /proc/mounts for forced r/o mount */
2114     if (!ofs->indexdir) {
2115         ofs->config.index = false;
2116         if (ovl_upper_mnt(ofs) && ofs->config.nfs_export) {
2117             pr_warn("NFS export requires an index dir, falling back to nfs_export=off.\n");
2118             ofs->config.nfs_export = false;
2119         }
2120     }
2121
2122     if (ofs->config.metacopy && ofs->config.nfs_export) {
2123         pr_warn("NFS export is not supported with metadata only copy up, falling back to nfs_export=off.\n");
2124         ofs->config.nfs_export = false;
2125     }
2126
2127     if (ofs->config.nfs_export)
2128         sb->s_export_op = &ovl_export_operations;
2129
2130     /* Never override disk quota limits or use reserved space */
2131     cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
2132
2133     sb->s_magic = OVERLAYFS_SUPER_MAGIC;
2134     sb->s_xattr = ofs->config.userxattr ? ovl_user_xattr_handlers :
2135         ovl_trusted_xattr_handlers;
2136     sb->s_fs_info = ofs;
2137     sb->s_flags |= SB_POSIXACL;
2138     sb->s_iflags |= SB_I_SKIP_SYNC;
2139
2140     err = -ENOMEM;
2141     root_dentry = ovl_get_root(sb, upperpath.dentry, oe);
2142     if (!root_dentry)
2143         goto out_free_oe;
2144
2145     mntput(upperpath.mnt);
2146     kfree(splitlower);
2147
2148     sb->s_root = root_dentry;
2149
2150     return 0;
2151
2152 out_free_oe:
2153     ovl_entry_stack_free(oe);
2154     kfree(oe);
2155 out_err:
2156     kfree(splitlower);
2157     path_put(&upperpath);
2158     ovl_free_fs(ofs);
2159 out:
2160     return err;
2161 }
2162
2163 static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
2164                 const char *dev_name, void *raw_data)
2165 {
2166     return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
2167 }
2168
2169 static struct file_system_type ovl_fs_type = {
2170     .owner      = THIS_MODULE,
2171     .name       = "overlay",
2172     .fs_flags   = FS_USERNS_MOUNT,
2173     .mount      = ovl_mount,
2174     .kill_sb    = kill_anon_super,
2175 };
2176 MODULE_ALIAS_FS("overlay");
2177
2178 static void ovl_inode_init_once(void *foo)
2179 {
2180     struct ovl_inode *oi = foo;
2181
2182     inode_init_once(&oi->vfs_inode);
2183 }
2184
2185 static int __init ovl_init(void)
2186 {
2187     int err;
2188
2189     ovl_inode_cachep = kmem_cache_create("ovl_inode",
2190                          sizeof(struct ovl_inode), 0,
2191                          (SLAB_RECLAIM_ACCOUNT|
2192                           SLAB_MEM_SPREAD|SLAB_ACCOUNT),
2193                          ovl_inode_init_once);
2194     if (ovl_inode_cachep == NULL)
2195         return -ENOMEM;
2196
2197     err = ovl_aio_request_cache_init();
2198     if (!err) {
2199         err = register_filesystem(&ovl_fs_type);
2200         if (!err)
2201             return 0;
2202
2203         ovl_aio_request_cache_destroy();
2204     }
2205     kmem_cache_destroy(ovl_inode_cachep);
2206
2207     return err;
2208 }
2209
2210 static void __exit ovl_exit(void)
2211 {
2212     unregister_filesystem(&ovl_fs_type);
2213
2214     /*
2215      * Make sure all delayed rcu free inodes are flushed before we
2216      * destroy cache.
2217      */
2218     rcu_barrier();
2219     kmem_cache_destroy(ovl_inode_cachep);
2220     ovl_aio_request_cache_destroy();
2221 }
2222
2223 module_init(ovl_init);
2224 module_exit(ovl_exit);