1 // SPDX-License-Identifier: GPL-2.0-only
4 #include <linux/namei.h>
5 #include <linux/fs_context.h>
6 #include <linux/fs_parser.h>
7 #include <linux/posix_acl_xattr.h>
8 #include <linux/xattr.h>
11 static ssize_t ovl_parse_param_split_lowerdirs(char *str)
13 ssize_t nr_layers = 1, nr_colons = 0;
16 for (s = d = str;; s++, d++) {
19 } else if (*s == ':') {
20 bool next_colon = (*(s + 1) == ':');
23 if (nr_colons == 2 && next_colon) {
24 pr_err("only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.\n");
27 /* count layers, not colons */
39 pr_err("unescaped trailing colons in lowerdir mount option.\n");
50 static int ovl_mount_dir_noesc(const char *name, struct path *path)
55 pr_err("empty lowerdir\n");
58 err = kern_path(name, LOOKUP_FOLLOW, path);
60 pr_err("failed to resolve '%s': %i\n", name, err);
64 if (ovl_dentry_weird(path->dentry)) {
65 pr_err("filesystem on '%s' not supported\n", name);
68 if (!d_is_dir(path->dentry)) {
69 pr_err("'%s' not a directory\n", name);
80 static void ovl_unescape(char *s)
93 static int ovl_mount_dir(const char *name, struct path *path)
96 char *tmp = kstrdup(name, GFP_KERNEL);
100 err = ovl_mount_dir_noesc(tmp, path);
102 if (!err && path->dentry->d_flags & DCACHE_OP_REAL) {
103 pr_err("filesystem on '%s' not supported as upperdir\n",
113 int ovl_parse_param_upperdir(const char *name, struct fs_context *fc,
117 struct ovl_fs *ofs = fc->s_fs_info;
118 struct ovl_config *config = &ofs->config;
119 struct ovl_fs_context *ctx = fc->fs_private;
123 err = ovl_mount_dir(name, &path);
128 * Check whether upper path is read-only here to report failures
129 * early. Don't forget to recheck when the superblock is created
130 * as the mount attributes could change.
132 if (__mnt_is_readonly(path.mnt)) {
137 dup = kstrdup(name, GFP_KERNEL);
144 kfree(config->workdir);
145 config->workdir = dup;
146 path_put(&ctx->work);
149 kfree(config->upperdir);
150 config->upperdir = dup;
151 path_put(&ctx->upper);
157 void ovl_parse_param_drop_lowerdir(struct ovl_fs_context *ctx)
159 for (size_t nr = 0; nr < ctx->nr; nr++) {
160 path_put(&ctx->lower[nr].path);
161 kfree(ctx->lower[nr].name);
162 ctx->lower[nr].name = NULL;
169 * Parse lowerdir= mount option:
171 * (1) lowerdir=/lower1:/lower2:/lower3::/data1::/data2
172 * Set "/lower1", "/lower2", and "/lower3" as lower layers and
173 * "/data1" and "/data2" as data lower layers. Any existing lower
174 * layers are replaced.
175 * (2) lowerdir=:/lower4
176 * Append "/lower4" to current stack of lower layers. This requires
177 * that there already is at least one lower layer configured.
178 * (3) lowerdir=::/lower5
179 * Append data "/lower5" as data lower layer. This requires that
180 * there's at least one regular lower layer present.
182 int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc)
185 struct ovl_fs_context *ctx = fc->fs_private;
186 struct ovl_fs_context_layer *l;
187 char *dup = NULL, *dup_iter;
188 ssize_t nr_lower = 0, nr = 0, nr_data = 0;
189 bool append = false, data_layer = false;
192 * Ensure we're backwards compatible with mount(2)
193 * by allowing relative paths.
196 /* drop all existing lower layers */
198 ovl_parse_param_drop_lowerdir(ctx);
202 if (strncmp(name, "::", 2) == 0) {
204 * This is a data layer.
205 * There must be at least one regular lower layer
209 pr_err("data lower layers without regular lower layers not allowed");
213 /* Skip the leading "::". */
217 * A data layer is automatically an append as there
218 * must've been at least one regular lower layer.
221 } else if (*name == ':') {
223 * This is a regular lower layer.
224 * If users want to append a layer enforce that they
225 * have already specified a first layer before. It's
226 * better to be strict.
229 pr_err("cannot append layer if no previous layer has been specified");
234 * Once a sequence of data layers has started regular
235 * lower layers are forbidden.
237 if (ctx->nr_data > 0) {
238 pr_err("regular lower layers cannot follow data lower layers");
242 /* Skip the leading ":". */
247 dup = kstrdup(name, GFP_KERNEL);
252 nr_lower = ovl_parse_param_split_lowerdirs(dup);
256 if ((nr_lower > OVL_MAX_STACK) ||
257 (append && (size_add(ctx->nr, nr_lower) > OVL_MAX_STACK))) {
258 pr_err("too many lower directories, limit is %d\n", OVL_MAX_STACK);
263 ovl_parse_param_drop_lowerdir(ctx);
268 * We want nr <= nr_lower <= capacity We know nr > 0 and nr <=
269 * capacity. If nr == 0 this wouldn't be append. If nr +
270 * nr_lower is <= capacity then nr <= nr_lower <= capacity
271 * already holds. If nr + nr_lower exceeds capacity, we realloc.
275 * Ensure we're backwards compatible with mount(2) which allows
276 * "lowerdir=/a:/b:/c,lowerdir=/d:/e:/f" causing the last
277 * specified lowerdir mount option to win.
279 * We want nr <= nr_lower <= capacity We know either (i) nr == 0
280 * or (ii) nr > 0. We also know nr_lower > 0. The capacity
281 * could've been changed multiple times already so we only know
282 * nr <= capacity. If nr + nr_lower > capacity we realloc,
283 * otherwise nr <= nr_lower <= capacity holds already.
286 if (nr_lower > ctx->capacity) {
288 l = krealloc_array(ctx->lower, nr_lower, sizeof(*ctx->lower),
294 ctx->capacity = nr_lower;
298 * (3) By (1) and (2) we know nr <= nr_lower <= capacity.
299 * (4) If ctx->nr == 0 => replace
300 * We have verified above that the lowerdir mount option
301 * isn't an append, i.e., the lowerdir mount option
302 * doesn't start with ":" or "::".
303 * (4.1) The lowerdir mount options only contains regular lower
305 * => Nothing to verify.
306 * (4.2) The lowerdir mount options contains regular ":" and
308 * => We need to verify that data lower layers "::" aren't
309 * followed by regular ":" lower layers
310 * (5) If ctx->nr > 0 => append
311 * We know that there's at least one regular layer
312 * otherwise we would've failed when parsing the previous
313 * lowerdir mount option.
314 * (5.1) The lowerdir mount option is a regular layer ":" append
315 * => We need to verify that no data layers have been
317 * (5.2) The lowerdir mount option is a data layer "::" append
318 * We know that there's at least one regular layer or
319 * other data layers. => There's nothing to verify.
322 for (nr = ctx->nr; nr < nr_lower; nr++) {
324 memset(l, 0, sizeof(*l));
326 err = ovl_mount_dir_noesc(dup_iter, &l->path);
331 l->name = kstrdup(dup_iter, GFP_KERNEL_ACCOUNT);
338 /* Calling strchr() again would overrun. */
339 if ((nr + 1) == nr_lower)
343 dup_iter = strchr(dup_iter, '\0') + 1;
346 * This is a regular layer so we require that
347 * there are no data layers.
349 if ((ctx->nr_data + nr_data) > 0) {
350 pr_err("regular lower layers cannot follow data lower layers");
358 /* This is a data lower layer. */
363 ctx->nr_data += nr_data;
369 * We know nr >= ctx->nr < nr_lower. If we failed somewhere
370 * we want to undo until nr == ctx->nr. This is correct for
371 * both ctx->nr == 0 and ctx->nr > 0.
373 for (; nr >= ctx->nr; nr--) {
387 /* Intentionally don't realloc to a smaller size. */