1 // SPDX-License-Identifier: GPL-2.0-only
4 * Copyright (C) 2011 Novell Inc.
7 #include <uapi/linux/magic.h>
9 #include <linux/namei.h>
10 #include <linux/xattr.h>
11 #include <linux/mount.h>
12 #include <linux/parser.h>
13 #include <linux/module.h>
14 #include <linux/statfs.h>
15 #include <linux/seq_file.h>
16 #include <linux/posix_acl_xattr.h>
17 #include <linux/exportfs.h>
18 #include "overlayfs.h"
20 MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
21 MODULE_DESCRIPTION("Overlay filesystem");
22 MODULE_LICENSE("GPL");
27 #define OVL_MAX_STACK 500
29 static bool ovl_redirect_dir_def = IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_DIR);
30 module_param_named(redirect_dir, ovl_redirect_dir_def, bool, 0644);
31 MODULE_PARM_DESC(redirect_dir,
32 "Default to on or off for the redirect_dir feature");
34 static bool ovl_redirect_always_follow =
35 IS_ENABLED(CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW);
36 module_param_named(redirect_always_follow, ovl_redirect_always_follow,
38 MODULE_PARM_DESC(redirect_always_follow,
39 "Follow redirects even if redirect_dir feature is turned off");
41 static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
42 module_param_named(index, ovl_index_def, bool, 0644);
43 MODULE_PARM_DESC(index,
44 "Default to on or off for the inodes index feature");
46 static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
47 module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
48 MODULE_PARM_DESC(nfs_export,
49 "Default to on or off for the NFS export feature");
51 static bool ovl_xino_auto_def = IS_ENABLED(CONFIG_OVERLAY_FS_XINO_AUTO);
52 module_param_named(xino_auto, ovl_xino_auto_def, bool, 0644);
53 MODULE_PARM_DESC(xino_auto,
54 "Auto enable xino feature");
56 static void ovl_entry_stack_free(struct ovl_entry *oe)
60 for (i = 0; i < oe->numlower; i++)
61 dput(oe->lowerstack[i].dentry);
64 static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY);
65 module_param_named(metacopy, ovl_metacopy_def, bool, 0644);
66 MODULE_PARM_DESC(metacopy,
67 "Default to on or off for the metadata only copy up feature");
69 static void ovl_dentry_release(struct dentry *dentry)
71 struct ovl_entry *oe = dentry->d_fsdata;
74 ovl_entry_stack_free(oe);
79 static struct dentry *ovl_d_real(struct dentry *dentry,
80 const struct inode *inode)
84 /* It's an overlay file */
85 if (inode && d_inode(dentry) == inode)
88 if (!d_is_reg(dentry)) {
89 if (!inode || inode == d_inode(dentry))
94 real = ovl_dentry_upper(dentry);
95 if (real && (inode == d_inode(real)))
98 if (real && !inode && ovl_has_upperdata(d_inode(dentry)))
101 real = ovl_dentry_lowerdata(dentry);
105 /* Handle recursion */
106 real = d_real(real, inode);
108 if (!inode || inode == d_inode(real))
111 WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
112 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
116 static int ovl_revalidate_real(struct dentry *d, unsigned int flags, bool weak)
121 if (d->d_flags & DCACHE_OP_WEAK_REVALIDATE)
122 ret = d->d_op->d_weak_revalidate(d, flags);
123 } else if (d->d_flags & DCACHE_OP_REVALIDATE) {
124 ret = d->d_op->d_revalidate(d, flags);
126 if (!(flags & LOOKUP_RCU))
134 static int ovl_dentry_revalidate_common(struct dentry *dentry,
135 unsigned int flags, bool weak)
137 struct ovl_entry *oe = dentry->d_fsdata;
138 struct dentry *upper;
142 upper = ovl_dentry_upper(dentry);
144 ret = ovl_revalidate_real(upper, flags, weak);
146 for (i = 0; ret > 0 && i < oe->numlower; i++) {
147 ret = ovl_revalidate_real(oe->lowerstack[i].dentry, flags,
153 static int ovl_dentry_revalidate(struct dentry *dentry, unsigned int flags)
155 return ovl_dentry_revalidate_common(dentry, flags, false);
158 static int ovl_dentry_weak_revalidate(struct dentry *dentry, unsigned int flags)
160 return ovl_dentry_revalidate_common(dentry, flags, true);
163 static const struct dentry_operations ovl_dentry_operations = {
164 .d_release = ovl_dentry_release,
165 .d_real = ovl_d_real,
166 .d_revalidate = ovl_dentry_revalidate,
167 .d_weak_revalidate = ovl_dentry_weak_revalidate,
170 static struct kmem_cache *ovl_inode_cachep;
172 static struct inode *ovl_alloc_inode(struct super_block *sb)
174 struct ovl_inode *oi = kmem_cache_alloc(ovl_inode_cachep, GFP_KERNEL);
183 oi->__upperdentry = NULL;
185 oi->lowerdata = NULL;
186 mutex_init(&oi->lock);
188 return &oi->vfs_inode;
191 static void ovl_free_inode(struct inode *inode)
193 struct ovl_inode *oi = OVL_I(inode);
196 mutex_destroy(&oi->lock);
197 kmem_cache_free(ovl_inode_cachep, oi);
200 static void ovl_destroy_inode(struct inode *inode)
202 struct ovl_inode *oi = OVL_I(inode);
204 dput(oi->__upperdentry);
206 if (S_ISDIR(inode->i_mode))
207 ovl_dir_cache_free(inode);
212 static void ovl_free_fs(struct ovl_fs *ofs)
216 iput(ofs->workbasedir_trap);
217 iput(ofs->indexdir_trap);
218 iput(ofs->workdir_trap);
219 iput(ofs->upperdir_trap);
223 if (ofs->workdir_locked)
224 ovl_inuse_unlock(ofs->workbasedir);
225 dput(ofs->workbasedir);
226 if (ofs->upperdir_locked)
227 ovl_inuse_unlock(ovl_upper_mnt(ofs)->mnt_root);
228 mntput(ofs->upper_mnt);
229 for (i = 1; i < ofs->numlayer; i++) {
230 iput(ofs->layers[i].trap);
231 mntput(ofs->layers[i].mnt);
234 for (i = 0; i < ofs->numfs; i++)
235 free_anon_bdev(ofs->fs[i].pseudo_dev);
238 kfree(ofs->config.lowerdir);
239 kfree(ofs->config.upperdir);
240 kfree(ofs->config.workdir);
241 kfree(ofs->config.redirect_mode);
242 if (ofs->creator_cred)
243 put_cred(ofs->creator_cred);
247 static void ovl_put_super(struct super_block *sb)
249 struct ovl_fs *ofs = sb->s_fs_info;
254 /* Sync real dirty inodes in upper filesystem (if it exists) */
255 static int ovl_sync_fs(struct super_block *sb, int wait)
257 struct ovl_fs *ofs = sb->s_fs_info;
258 struct super_block *upper_sb;
261 if (!ovl_upper_mnt(ofs))
265 * Not called for sync(2) call or an emergency sync (SB_I_SKIP_SYNC).
266 * All the super blocks will be iterated, including upper_sb.
268 * If this is a syncfs(2) call, then we do need to call
269 * sync_filesystem() on upper_sb, but enough if we do it when being
270 * called with wait == 1.
275 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
277 down_read(&upper_sb->s_umount);
278 ret = sync_filesystem(upper_sb);
279 up_read(&upper_sb->s_umount);
286 * @sb: The overlayfs super block
287 * @buf: The struct kstatfs to fill in with stats
289 * Get the filesystem statistics. As writes always target the upper layer
290 * filesystem pass the statfs to the upper filesystem (if it exists)
292 static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
294 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
295 struct dentry *root_dentry = dentry->d_sb->s_root;
299 ovl_path_real(root_dentry, &path);
301 err = vfs_statfs(&path, buf);
303 buf->f_namelen = ofs->namelen;
304 buf->f_type = OVERLAYFS_SUPER_MAGIC;
310 /* Will this overlay be forced to mount/remount ro? */
311 static bool ovl_force_readonly(struct ovl_fs *ofs)
313 return (!ovl_upper_mnt(ofs) || !ofs->workdir);
316 static const char *ovl_redirect_mode_def(void)
318 return ovl_redirect_dir_def ? "on" : "off";
321 static const char * const ovl_xino_str[] = {
327 static inline int ovl_xino_def(void)
329 return ovl_xino_auto_def ? OVL_XINO_AUTO : OVL_XINO_OFF;
335 * Prints the mount options for a given superblock.
336 * Returns zero; does not fail.
338 static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
340 struct super_block *sb = dentry->d_sb;
341 struct ovl_fs *ofs = sb->s_fs_info;
343 seq_show_option(m, "lowerdir", ofs->config.lowerdir);
344 if (ofs->config.upperdir) {
345 seq_show_option(m, "upperdir", ofs->config.upperdir);
346 seq_show_option(m, "workdir", ofs->config.workdir);
348 if (ofs->config.default_permissions)
349 seq_puts(m, ",default_permissions");
350 if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0)
351 seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode);
352 if (ofs->config.index != ovl_index_def)
353 seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
354 if (ofs->config.nfs_export != ovl_nfs_export_def)
355 seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
357 if (ofs->config.xino != ovl_xino_def() && !ovl_same_fs(sb))
358 seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]);
359 if (ofs->config.metacopy != ovl_metacopy_def)
360 seq_printf(m, ",metacopy=%s",
361 ofs->config.metacopy ? "on" : "off");
365 static int ovl_remount(struct super_block *sb, int *flags, char *data)
367 struct ovl_fs *ofs = sb->s_fs_info;
368 struct super_block *upper_sb;
371 if (!(*flags & SB_RDONLY) && ovl_force_readonly(ofs))
374 if (*flags & SB_RDONLY && !sb_rdonly(sb)) {
375 upper_sb = ovl_upper_mnt(ofs)->mnt_sb;
376 down_read(&upper_sb->s_umount);
377 ret = sync_filesystem(upper_sb);
378 up_read(&upper_sb->s_umount);
384 static const struct super_operations ovl_super_operations = {
385 .alloc_inode = ovl_alloc_inode,
386 .free_inode = ovl_free_inode,
387 .destroy_inode = ovl_destroy_inode,
388 .drop_inode = generic_delete_inode,
389 .put_super = ovl_put_super,
390 .sync_fs = ovl_sync_fs,
391 .statfs = ovl_statfs,
392 .show_options = ovl_show_options,
393 .remount_fs = ovl_remount,
400 OPT_DEFAULT_PERMISSIONS,
414 static const match_table_t ovl_tokens = {
415 {OPT_LOWERDIR, "lowerdir=%s"},
416 {OPT_UPPERDIR, "upperdir=%s"},
417 {OPT_WORKDIR, "workdir=%s"},
418 {OPT_DEFAULT_PERMISSIONS, "default_permissions"},
419 {OPT_REDIRECT_DIR, "redirect_dir=%s"},
420 {OPT_INDEX_ON, "index=on"},
421 {OPT_INDEX_OFF, "index=off"},
422 {OPT_NFS_EXPORT_ON, "nfs_export=on"},
423 {OPT_NFS_EXPORT_OFF, "nfs_export=off"},
424 {OPT_XINO_ON, "xino=on"},
425 {OPT_XINO_OFF, "xino=off"},
426 {OPT_XINO_AUTO, "xino=auto"},
427 {OPT_METACOPY_ON, "metacopy=on"},
428 {OPT_METACOPY_OFF, "metacopy=off"},
432 static char *ovl_next_opt(char **s)
440 for (p = sbegin; *p; p++) {
445 } else if (*p == ',') {
455 static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode)
457 if (strcmp(mode, "on") == 0) {
458 config->redirect_dir = true;
460 * Does not make sense to have redirect creation without
461 * redirect following.
463 config->redirect_follow = true;
464 } else if (strcmp(mode, "follow") == 0) {
465 config->redirect_follow = true;
466 } else if (strcmp(mode, "off") == 0) {
467 if (ovl_redirect_always_follow)
468 config->redirect_follow = true;
469 } else if (strcmp(mode, "nofollow") != 0) {
470 pr_err("bad mount option \"redirect_dir=%s\"\n",
478 static int ovl_parse_opt(char *opt, struct ovl_config *config)
482 bool metacopy_opt = false, redirect_opt = false;
483 bool nfs_export_opt = false, index_opt = false;
485 config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL);
486 if (!config->redirect_mode)
489 while ((p = ovl_next_opt(&opt)) != NULL) {
491 substring_t args[MAX_OPT_ARGS];
496 token = match_token(p, ovl_tokens, args);
499 kfree(config->upperdir);
500 config->upperdir = match_strdup(&args[0]);
501 if (!config->upperdir)
506 kfree(config->lowerdir);
507 config->lowerdir = match_strdup(&args[0]);
508 if (!config->lowerdir)
513 kfree(config->workdir);
514 config->workdir = match_strdup(&args[0]);
515 if (!config->workdir)
519 case OPT_DEFAULT_PERMISSIONS:
520 config->default_permissions = true;
523 case OPT_REDIRECT_DIR:
524 kfree(config->redirect_mode);
525 config->redirect_mode = match_strdup(&args[0]);
526 if (!config->redirect_mode)
532 config->index = true;
537 config->index = false;
541 case OPT_NFS_EXPORT_ON:
542 config->nfs_export = true;
543 nfs_export_opt = true;
546 case OPT_NFS_EXPORT_OFF:
547 config->nfs_export = false;
548 nfs_export_opt = true;
552 config->xino = OVL_XINO_ON;
556 config->xino = OVL_XINO_OFF;
560 config->xino = OVL_XINO_AUTO;
563 case OPT_METACOPY_ON:
564 config->metacopy = true;
568 case OPT_METACOPY_OFF:
569 config->metacopy = false;
574 pr_err("unrecognized mount option \"%s\" or missing value\n",
580 /* Workdir is useless in non-upper mount */
581 if (!config->upperdir && config->workdir) {
582 pr_info("option \"workdir=%s\" is useless in a non-upper mount, ignore\n",
584 kfree(config->workdir);
585 config->workdir = NULL;
588 err = ovl_parse_redirect_mode(config, config->redirect_mode);
593 * This is to make the logic below simpler. It doesn't make any other
594 * difference, since config->redirect_dir is only used for upper.
596 if (!config->upperdir && config->redirect_follow)
597 config->redirect_dir = true;
599 /* Resolve metacopy -> redirect_dir dependency */
600 if (config->metacopy && !config->redirect_dir) {
601 if (metacopy_opt && redirect_opt) {
602 pr_err("conflicting options: metacopy=on,redirect_dir=%s\n",
603 config->redirect_mode);
608 * There was an explicit redirect_dir=... that resulted
611 pr_info("disabling metacopy due to redirect_dir=%s\n",
612 config->redirect_mode);
613 config->metacopy = false;
615 /* Automatically enable redirect otherwise. */
616 config->redirect_follow = config->redirect_dir = true;
620 /* Resolve nfs_export -> index dependency */
621 if (config->nfs_export && !config->index) {
622 if (nfs_export_opt && index_opt) {
623 pr_err("conflicting options: nfs_export=on,index=off\n");
628 * There was an explicit index=off that resulted
631 pr_info("disabling nfs_export due to index=off\n");
632 config->nfs_export = false;
634 /* Automatically enable index otherwise. */
635 config->index = true;
639 /* Resolve nfs_export -> !metacopy dependency */
640 if (config->nfs_export && config->metacopy) {
641 if (nfs_export_opt && metacopy_opt) {
642 pr_err("conflicting options: nfs_export=on,metacopy=on\n");
647 * There was an explicit metacopy=on that resulted
650 pr_info("disabling nfs_export due to metacopy=on\n");
651 config->nfs_export = false;
654 * There was an explicit nfs_export=on that resulted
657 pr_info("disabling metacopy due to nfs_export=on\n");
658 config->metacopy = false;
665 #define OVL_WORKDIR_NAME "work"
666 #define OVL_INDEXDIR_NAME "index"
668 static struct dentry *ovl_workdir_create(struct ovl_fs *ofs,
669 const char *name, bool persist)
671 struct inode *dir = ofs->workbasedir->d_inode;
672 struct vfsmount *mnt = ovl_upper_mnt(ofs);
675 bool retried = false;
678 inode_lock_nested(dir, I_MUTEX_PARENT);
682 work = lookup_one_len(name, ofs->workbasedir, strlen(name));
685 struct iattr attr = {
686 .ia_valid = ATTR_MODE,
687 .ia_mode = S_IFDIR | 0,
699 ovl_workdir_cleanup(dir, mnt, work, 0);
704 work = ovl_create_real(dir, work, OVL_CATTR(attr.ia_mode));
710 * Try to remove POSIX ACL xattrs from workdir. We are good if:
712 * a) success (there was a POSIX ACL xattr and was removed)
713 * b) -ENODATA (there was no POSIX ACL xattr)
714 * c) -EOPNOTSUPP (POSIX ACL xattrs are not supported)
716 * There are various other error values that could effectively
717 * mean that the xattr doesn't exist (e.g. -ERANGE is returned
718 * if the xattr name is too long), but the set of filesystems
719 * allowed as upper are limited to "normal" ones, where checking
720 * for the above two errors is sufficient.
722 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
723 if (err && err != -ENODATA && err != -EOPNOTSUPP)
726 err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
727 if (err && err != -ENODATA && err != -EOPNOTSUPP)
730 /* Clear any inherited mode bits */
731 inode_lock(work->d_inode);
732 err = notify_change(work, &attr, NULL);
733 inode_unlock(work->d_inode);
749 pr_warn("failed to create directory %s/%s (errno: %i); mounting read-only\n",
750 ofs->config.workdir, name, -err);
755 static void ovl_unescape(char *s)
768 static int ovl_mount_dir_noesc(const char *name, struct path *path)
773 pr_err("empty lowerdir\n");
776 err = kern_path(name, LOOKUP_FOLLOW, path);
778 pr_err("failed to resolve '%s': %i\n", name, err);
782 if (ovl_dentry_weird(path->dentry)) {
783 pr_err("filesystem on '%s' not supported\n", name);
786 if (!d_is_dir(path->dentry)) {
787 pr_err("'%s' not a directory\n", name);
798 static int ovl_mount_dir(const char *name, struct path *path)
801 char *tmp = kstrdup(name, GFP_KERNEL);
805 err = ovl_mount_dir_noesc(tmp, path);
807 if (!err && path->dentry->d_flags & DCACHE_OP_REAL) {
808 pr_err("filesystem on '%s' not supported as upperdir\n",
818 static int ovl_check_namelen(struct path *path, struct ovl_fs *ofs,
821 struct kstatfs statfs;
822 int err = vfs_statfs(path, &statfs);
825 pr_err("statfs failed on '%s'\n", name);
827 ofs->namelen = max(ofs->namelen, statfs.f_namelen);
832 static int ovl_lower_dir(const char *name, struct path *path,
833 struct ovl_fs *ofs, int *stack_depth)
838 err = ovl_mount_dir_noesc(name, path);
842 err = ovl_check_namelen(path, ofs, name);
846 *stack_depth = max(*stack_depth, path->mnt->mnt_sb->s_stack_depth);
849 * The inodes index feature and NFS export need to encode and decode
850 * file handles, so they require that all layers support them.
852 fh_type = ovl_can_decode_fh(path->dentry->d_sb);
853 if ((ofs->config.nfs_export ||
854 (ofs->config.index && ofs->config.upperdir)) && !fh_type) {
855 ofs->config.index = false;
856 ofs->config.nfs_export = false;
857 pr_warn("fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
861 /* Check if lower fs has 32bit inode numbers */
862 if (fh_type != FILEID_INO32_GEN)
873 /* Workdir should not be subdir of upperdir and vice versa */
874 static bool ovl_workdir_ok(struct dentry *workdir, struct dentry *upperdir)
878 if (workdir != upperdir) {
879 ok = (lock_rename(workdir, upperdir) == NULL);
880 unlock_rename(workdir, upperdir);
885 static unsigned int ovl_split_lowerdirs(char *str)
887 unsigned int ctr = 1;
890 for (s = d = str;; s++, d++) {
893 } else if (*s == ':') {
905 static int __maybe_unused
906 ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
907 struct dentry *dentry, struct inode *inode,
908 const char *name, void *buffer, size_t size)
910 return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
913 static int __maybe_unused
914 ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
915 struct dentry *dentry, struct inode *inode,
916 const char *name, const void *value,
917 size_t size, int flags)
919 struct dentry *workdir = ovl_workdir(dentry);
920 struct inode *realinode = ovl_inode_real(inode);
921 struct posix_acl *acl = NULL;
924 /* Check that everything is OK before copy-up */
926 acl = posix_acl_from_xattr(&init_user_ns, value, size);
931 if (!IS_POSIXACL(d_inode(workdir)))
932 goto out_acl_release;
933 if (!realinode->i_op->set_acl)
934 goto out_acl_release;
935 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) {
936 err = acl ? -EACCES : 0;
937 goto out_acl_release;
940 if (!inode_owner_or_capable(inode))
941 goto out_acl_release;
943 posix_acl_release(acl);
946 * Check if sgid bit needs to be cleared (actual setacl operation will
947 * be done with mounter's capabilities and so that won't do it for us).
949 if (unlikely(inode->i_mode & S_ISGID) &&
950 handler->flags == ACL_TYPE_ACCESS &&
951 !in_group_p(inode->i_gid) &&
952 !capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
953 struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
955 err = ovl_setattr(dentry, &iattr);
960 err = ovl_xattr_set(dentry, inode, handler->name, value, size, flags);
962 ovl_copyattr(ovl_inode_real(inode), inode);
967 posix_acl_release(acl);
971 static int ovl_own_xattr_get(const struct xattr_handler *handler,
972 struct dentry *dentry, struct inode *inode,
973 const char *name, void *buffer, size_t size)
978 static int ovl_own_xattr_set(const struct xattr_handler *handler,
979 struct dentry *dentry, struct inode *inode,
980 const char *name, const void *value,
981 size_t size, int flags)
986 static int ovl_other_xattr_get(const struct xattr_handler *handler,
987 struct dentry *dentry, struct inode *inode,
988 const char *name, void *buffer, size_t size)
990 return ovl_xattr_get(dentry, inode, name, buffer, size);
993 static int ovl_other_xattr_set(const struct xattr_handler *handler,
994 struct dentry *dentry, struct inode *inode,
995 const char *name, const void *value,
996 size_t size, int flags)
998 return ovl_xattr_set(dentry, inode, name, value, size, flags);
1001 static const struct xattr_handler __maybe_unused
1002 ovl_posix_acl_access_xattr_handler = {
1003 .name = XATTR_NAME_POSIX_ACL_ACCESS,
1004 .flags = ACL_TYPE_ACCESS,
1005 .get = ovl_posix_acl_xattr_get,
1006 .set = ovl_posix_acl_xattr_set,
1009 static const struct xattr_handler __maybe_unused
1010 ovl_posix_acl_default_xattr_handler = {
1011 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
1012 .flags = ACL_TYPE_DEFAULT,
1013 .get = ovl_posix_acl_xattr_get,
1014 .set = ovl_posix_acl_xattr_set,
1017 static const struct xattr_handler ovl_own_xattr_handler = {
1018 .prefix = OVL_XATTR_PREFIX,
1019 .get = ovl_own_xattr_get,
1020 .set = ovl_own_xattr_set,
1023 static const struct xattr_handler ovl_other_xattr_handler = {
1024 .prefix = "", /* catch all */
1025 .get = ovl_other_xattr_get,
1026 .set = ovl_other_xattr_set,
1029 static const struct xattr_handler *ovl_xattr_handlers[] = {
1030 #ifdef CONFIG_FS_POSIX_ACL
1031 &ovl_posix_acl_access_xattr_handler,
1032 &ovl_posix_acl_default_xattr_handler,
1034 &ovl_own_xattr_handler,
1035 &ovl_other_xattr_handler,
1039 static int ovl_setup_trap(struct super_block *sb, struct dentry *dir,
1040 struct inode **ptrap, const char *name)
1045 trap = ovl_get_trap_inode(sb, dir);
1046 err = PTR_ERR_OR_ZERO(trap);
1049 pr_err("conflicting %s path\n", name);
1058 * Determine how we treat concurrent use of upperdir/workdir based on the
1059 * index feature. This is papering over mount leaks of container runtimes,
1060 * for example, an old overlay mount is leaked and now its upperdir is
1061 * attempted to be used as a lower layer in a new overlay mount.
1063 static int ovl_report_in_use(struct ovl_fs *ofs, const char *name)
1065 if (ofs->config.index) {
1066 pr_err("%s is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.\n",
1070 pr_warn("%s is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.\n",
1076 static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs,
1077 struct path *upperpath)
1079 struct vfsmount *upper_mnt;
1082 err = ovl_mount_dir(ofs->config.upperdir, upperpath);
1086 /* Upper fs should not be r/o */
1087 if (sb_rdonly(upperpath->mnt->mnt_sb)) {
1088 pr_err("upper fs is r/o, try multi-lower layers mount\n");
1093 err = ovl_check_namelen(upperpath, ofs, ofs->config.upperdir);
1097 err = ovl_setup_trap(sb, upperpath->dentry, &ofs->upperdir_trap,
1102 upper_mnt = clone_private_mount(upperpath);
1103 err = PTR_ERR(upper_mnt);
1104 if (IS_ERR(upper_mnt)) {
1105 pr_err("failed to clone upperpath\n");
1109 /* Don't inherit atime flags */
1110 upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME);
1111 ofs->upper_mnt = upper_mnt;
1114 * Inherit SB_NOSEC flag from upperdir.
1116 * This optimization changes behavior when a security related attribute
1117 * (suid/sgid/security.*) is changed on an underlying layer. This is
1118 * okay because we don't yet have guarantees in that case, but it will
1119 * need careful treatment once we want to honour changes to underlying
1122 if (upper_mnt->mnt_sb->s_flags & SB_NOSEC)
1123 sb->s_flags |= SB_NOSEC;
1125 if (ovl_inuse_trylock(ovl_upper_mnt(ofs)->mnt_root)) {
1126 ofs->upperdir_locked = true;
1128 err = ovl_report_in_use(ofs, "upperdir");
1139 * Returns 1 if RENAME_WHITEOUT is supported, 0 if not supported and
1140 * negative values if error is encountered.
1142 static int ovl_check_rename_whiteout(struct dentry *workdir)
1144 struct inode *dir = d_inode(workdir);
1145 struct dentry *temp;
1146 struct dentry *dest;
1147 struct dentry *whiteout;
1148 struct name_snapshot name;
1151 inode_lock_nested(dir, I_MUTEX_PARENT);
1153 temp = ovl_create_temp(workdir, OVL_CATTR(S_IFREG | 0));
1154 err = PTR_ERR(temp);
1158 dest = ovl_lookup_temp(workdir);
1159 err = PTR_ERR(dest);
1165 /* Name is inline and stable - using snapshot as a copy helper */
1166 take_dentry_name_snapshot(&name, temp);
1167 err = ovl_do_rename(dir, temp, dir, dest, RENAME_WHITEOUT);
1174 whiteout = lookup_one_len(name.name.name, workdir, name.name.len);
1175 err = PTR_ERR(whiteout);
1176 if (IS_ERR(whiteout))
1179 err = ovl_is_whiteout(whiteout);
1181 /* Best effort cleanup of whiteout and temp file */
1183 ovl_cleanup(dir, whiteout);
1187 ovl_cleanup(dir, temp);
1188 release_dentry_name_snapshot(&name);
1198 static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
1199 struct path *workpath)
1201 struct vfsmount *mnt = ovl_upper_mnt(ofs);
1202 struct dentry *temp;
1203 bool rename_whiteout;
1208 err = mnt_want_write(mnt);
1212 ofs->workdir = ovl_workdir_create(ofs, OVL_WORKDIR_NAME, false);
1216 err = ovl_setup_trap(sb, ofs->workdir, &ofs->workdir_trap, "workdir");
1221 * Upper should support d_type, else whiteouts are visible. Given
1222 * workdir and upper are on same fs, we can do iterate_dir() on
1223 * workdir. This check requires successful creation of workdir in
1226 err = ovl_check_d_type_supported(workpath);
1232 pr_warn("upper fs needs to support d_type.\n");
1234 /* Check if upper/work fs supports O_TMPFILE */
1235 temp = ovl_do_tmpfile(ofs->workdir, S_IFREG | 0);
1236 ofs->tmpfile = !IS_ERR(temp);
1240 pr_warn("upper fs does not support tmpfile.\n");
1243 /* Check if upper/work fs supports RENAME_WHITEOUT */
1244 err = ovl_check_rename_whiteout(ofs->workdir);
1248 rename_whiteout = err;
1249 if (!rename_whiteout)
1250 pr_warn("upper fs does not support RENAME_WHITEOUT.\n");
1253 * Check if upper/work fs supports trusted.overlay.* xattr
1255 err = ovl_do_setxattr(ofs->workdir, OVL_XATTR_OPAQUE, "0", 1, 0);
1257 ofs->noxattr = true;
1258 ofs->config.index = false;
1259 ofs->config.metacopy = false;
1260 pr_warn("upper fs does not support xattr, falling back to index=off and metacopy=off.\n");
1263 vfs_removexattr(ofs->workdir, OVL_XATTR_OPAQUE);
1267 * We allowed sub-optimal upper fs configuration and don't want to break
1268 * users over kernel upgrade, but we never allowed remote upper fs, so
1269 * we can enforce strict requirements for remote upper fs.
1271 if (ovl_dentry_remote(ofs->workdir) &&
1272 (!d_type || !rename_whiteout || ofs->noxattr)) {
1273 pr_err("upper fs missing required features.\n");
1278 /* Check if upper/work fs supports file handles */
1279 fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
1280 if (ofs->config.index && !fh_type) {
1281 ofs->config.index = false;
1282 pr_warn("upper fs does not support file handles, falling back to index=off.\n");
1285 /* Check if upper fs has 32bit inode numbers */
1286 if (fh_type != FILEID_INO32_GEN)
1287 ofs->xino_mode = -1;
1289 /* NFS export of r/w mount depends on index */
1290 if (ofs->config.nfs_export && !ofs->config.index) {
1291 pr_warn("NFS export requires \"index=on\", falling back to nfs_export=off.\n");
1292 ofs->config.nfs_export = false;
1295 mnt_drop_write(mnt);
1299 static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs,
1300 struct path *upperpath)
1303 struct path workpath = { };
1305 err = ovl_mount_dir(ofs->config.workdir, &workpath);
1310 if (upperpath->mnt != workpath.mnt) {
1311 pr_err("workdir and upperdir must reside under the same mount\n");
1314 if (!ovl_workdir_ok(workpath.dentry, upperpath->dentry)) {
1315 pr_err("workdir and upperdir must be separate subtrees\n");
1319 ofs->workbasedir = dget(workpath.dentry);
1321 if (ovl_inuse_trylock(ofs->workbasedir)) {
1322 ofs->workdir_locked = true;
1324 err = ovl_report_in_use(ofs, "workdir");
1329 err = ovl_setup_trap(sb, ofs->workbasedir, &ofs->workbasedir_trap,
1334 err = ovl_make_workdir(sb, ofs, &workpath);
1337 path_put(&workpath);
1342 static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs,
1343 struct ovl_entry *oe, struct path *upperpath)
1345 struct vfsmount *mnt = ovl_upper_mnt(ofs);
1348 err = mnt_want_write(mnt);
1352 /* Verify lower root is upper root origin */
1353 err = ovl_verify_origin(upperpath->dentry, oe->lowerstack[0].dentry,
1356 pr_err("failed to verify upper root origin\n");
1360 ofs->indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
1361 if (ofs->indexdir) {
1362 err = ovl_setup_trap(sb, ofs->indexdir, &ofs->indexdir_trap,
1368 * Verify upper root is exclusively associated with index dir.
1369 * Older kernels stored upper fh in "trusted.overlay.origin"
1370 * xattr. If that xattr exists, verify that it is a match to
1371 * upper dir file handle. In any case, verify or set xattr
1372 * "trusted.overlay.upper" to indicate that index may have
1373 * directory entries.
1375 if (ovl_check_origin_xattr(ofs->indexdir)) {
1376 err = ovl_verify_set_fh(ofs->indexdir, OVL_XATTR_ORIGIN,
1377 upperpath->dentry, true, false);
1379 pr_err("failed to verify index dir 'origin' xattr\n");
1381 err = ovl_verify_upper(ofs->indexdir, upperpath->dentry, true);
1383 pr_err("failed to verify index dir 'upper' xattr\n");
1385 /* Cleanup bad/stale/orphan index entries */
1387 err = ovl_indexdir_cleanup(ofs);
1389 if (err || !ofs->indexdir)
1390 pr_warn("try deleting index dir or mounting with '-o index=off' to disable inodes index.\n");
1393 mnt_drop_write(mnt);
1397 static bool ovl_lower_uuid_ok(struct ovl_fs *ofs, const uuid_t *uuid)
1401 if (!ofs->config.nfs_export && !ovl_upper_mnt(ofs))
1404 for (i = 0; i < ofs->numfs; i++) {
1406 * We use uuid to associate an overlay lower file handle with a
1407 * lower layer, so we can accept lower fs with null uuid as long
1408 * as all lower layers with null uuid are on the same fs.
1409 * if we detect multiple lower fs with the same uuid, we
1410 * disable lower file handle decoding on all of them.
1412 if (ofs->fs[i].is_lower &&
1413 uuid_equal(&ofs->fs[i].sb->s_uuid, uuid)) {
1414 ofs->fs[i].bad_uuid = true;
1421 /* Get a unique fsid for the layer */
1422 static int ovl_get_fsid(struct ovl_fs *ofs, const struct path *path)
1424 struct super_block *sb = path->mnt->mnt_sb;
1428 bool bad_uuid = false;
1430 for (i = 0; i < ofs->numfs; i++) {
1431 if (ofs->fs[i].sb == sb)
1435 if (!ovl_lower_uuid_ok(ofs, &sb->s_uuid)) {
1437 if (ofs->config.index || ofs->config.nfs_export) {
1438 ofs->config.index = false;
1439 ofs->config.nfs_export = false;
1440 pr_warn("%s uuid detected in lower fs '%pd2', falling back to index=off,nfs_export=off.\n",
1441 uuid_is_null(&sb->s_uuid) ? "null" :
1447 err = get_anon_bdev(&dev);
1449 pr_err("failed to get anonymous bdev for lowerpath\n");
1453 ofs->fs[ofs->numfs].sb = sb;
1454 ofs->fs[ofs->numfs].pseudo_dev = dev;
1455 ofs->fs[ofs->numfs].bad_uuid = bad_uuid;
1457 return ofs->numfs++;
1460 static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs,
1461 struct path *stack, unsigned int numlower)
1465 struct ovl_layer *layers;
1468 layers = kcalloc(numlower + 1, sizeof(struct ovl_layer), GFP_KERNEL);
1471 ofs->layers = layers;
1473 ofs->fs = kcalloc(numlower + 1, sizeof(struct ovl_sb), GFP_KERNEL);
1474 if (ofs->fs == NULL)
1477 /* idx/fsid 0 are reserved for upper fs even with lower only overlay */
1480 layers[0].mnt = ovl_upper_mnt(ofs);
1486 * All lower layers that share the same fs as upper layer, use the same
1487 * pseudo_dev as upper layer. Allocate fs[0].pseudo_dev even for lower
1488 * only overlay to simplify ovl_fs_free().
1489 * is_lower will be set if upper fs is shared with a lower layer.
1491 err = get_anon_bdev(&ofs->fs[0].pseudo_dev);
1493 pr_err("failed to get anonymous bdev for upper fs\n");
1497 if (ovl_upper_mnt(ofs)) {
1498 ofs->fs[0].sb = ovl_upper_mnt(ofs)->mnt_sb;
1499 ofs->fs[0].is_lower = false;
1502 for (i = 0; i < numlower; i++) {
1503 struct vfsmount *mnt;
1507 err = fsid = ovl_get_fsid(ofs, &stack[i]);
1511 err = ovl_setup_trap(sb, stack[i].dentry, &trap, "lowerdir");
1515 if (ovl_is_inuse(stack[i].dentry)) {
1516 err = ovl_report_in_use(ofs, "lowerdir");
1521 mnt = clone_private_mount(&stack[i]);
1524 pr_err("failed to clone lowerpath\n");
1530 * Make lower layers R/O. That way fchmod/fchown on lower file
1531 * will fail instead of modifying lower fs.
1533 mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
1535 layers[ofs->numlayer].trap = trap;
1536 layers[ofs->numlayer].mnt = mnt;
1537 layers[ofs->numlayer].idx = ofs->numlayer;
1538 layers[ofs->numlayer].fsid = fsid;
1539 layers[ofs->numlayer].fs = &ofs->fs[fsid];
1541 ofs->fs[fsid].is_lower = true;
1545 * When all layers on same fs, overlay can use real inode numbers.
1546 * With mount option "xino=<on|auto>", mounter declares that there are
1547 * enough free high bits in underlying fs to hold the unique fsid.
1548 * If overlayfs does encounter underlying inodes using the high xino
1549 * bits reserved for fsid, it emits a warning and uses the original
1550 * inode number or a non persistent inode number allocated from a
1553 if (ofs->numfs - !ovl_upper_mnt(ofs) == 1) {
1554 if (ofs->config.xino == OVL_XINO_ON)
1555 pr_info("\"xino=on\" is useless with all layers on same fs, ignore.\n");
1557 } else if (ofs->config.xino == OVL_XINO_OFF) {
1558 ofs->xino_mode = -1;
1559 } else if (ofs->xino_mode < 0) {
1561 * This is a roundup of number of bits needed for encoding
1562 * fsid, where fsid 0 is reserved for upper fs (even with
1563 * lower only overlay) +1 extra bit is reserved for the non
1564 * persistent inode number range that is used for resolving
1565 * xino lower bits overflow.
1567 BUILD_BUG_ON(ilog2(OVL_MAX_STACK) > 30);
1568 ofs->xino_mode = ilog2(ofs->numfs - 1) + 2;
1571 if (ofs->xino_mode > 0) {
1572 pr_info("\"xino\" feature enabled using %d upper inode bits.\n",
1581 static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
1585 char *lowertmp, *lower;
1586 struct path *stack = NULL;
1587 unsigned int stacklen, numlower = 0, i;
1588 struct ovl_entry *oe;
1591 lowertmp = kstrdup(ofs->config.lowerdir, GFP_KERNEL);
1596 stacklen = ovl_split_lowerdirs(lowertmp);
1597 if (stacklen > OVL_MAX_STACK) {
1598 pr_err("too many lower directories, limit is %d\n",
1601 } else if (!ofs->config.upperdir && stacklen == 1) {
1602 pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n");
1604 } else if (!ofs->config.upperdir && ofs->config.nfs_export &&
1605 ofs->config.redirect_follow) {
1606 pr_warn("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n");
1607 ofs->config.nfs_export = false;
1611 stack = kcalloc(stacklen, sizeof(struct path), GFP_KERNEL);
1617 for (numlower = 0; numlower < stacklen; numlower++) {
1618 err = ovl_lower_dir(lower, &stack[numlower], ofs,
1619 &sb->s_stack_depth);
1623 lower = strchr(lower, '\0') + 1;
1627 sb->s_stack_depth++;
1628 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1629 pr_err("maximum fs stacking depth exceeded\n");
1633 err = ovl_get_layers(sb, ofs, stack, numlower);
1638 oe = ovl_alloc_entry(numlower);
1642 for (i = 0; i < numlower; i++) {
1643 oe->lowerstack[i].dentry = dget(stack[i].dentry);
1644 oe->lowerstack[i].layer = &ofs->layers[i+1];
1648 for (i = 0; i < numlower; i++)
1649 path_put(&stack[i]);
1661 * Check if this layer root is a descendant of:
1662 * - another layer of this overlayfs instance
1663 * - upper/work dir of any overlayfs instance
1665 static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs,
1666 struct dentry *dentry, const char *name)
1668 struct dentry *next = dentry, *parent;
1674 parent = dget_parent(next);
1676 /* Walk back ancestors to root (inclusive) looking for traps */
1677 while (!err && parent != next) {
1678 if (ovl_lookup_trap_inode(sb, parent)) {
1680 pr_err("overlapping %s path\n", name);
1681 } else if (ovl_is_inuse(parent)) {
1682 err = ovl_report_in_use(ofs, name);
1685 parent = dget_parent(next);
1695 * Check if any of the layers or work dirs overlap.
1697 static int ovl_check_overlapping_layers(struct super_block *sb,
1702 if (ovl_upper_mnt(ofs)) {
1703 err = ovl_check_layer(sb, ofs, ovl_upper_mnt(ofs)->mnt_root,
1709 * Checking workbasedir avoids hitting ovl_is_inuse(parent) of
1710 * this instance and covers overlapping work and index dirs,
1711 * unless work or index dir have been moved since created inside
1712 * workbasedir. In that case, we already have their traps in
1713 * inode cache and we will catch that case on lookup.
1715 err = ovl_check_layer(sb, ofs, ofs->workbasedir, "workdir");
1720 for (i = 1; i < ofs->numlayer; i++) {
1721 err = ovl_check_layer(sb, ofs,
1722 ofs->layers[i].mnt->mnt_root,
1731 static struct dentry *ovl_get_root(struct super_block *sb,
1732 struct dentry *upperdentry,
1733 struct ovl_entry *oe)
1735 struct dentry *root;
1736 struct ovl_path *lowerpath = &oe->lowerstack[0];
1737 unsigned long ino = d_inode(lowerpath->dentry)->i_ino;
1738 int fsid = lowerpath->layer->fsid;
1739 struct ovl_inode_params oip = {
1740 .upperdentry = upperdentry,
1741 .lowerpath = lowerpath,
1744 root = d_make_root(ovl_new_inode(sb, S_IFDIR, 0));
1748 root->d_fsdata = oe;
1751 /* Root inode uses upper st_ino/i_ino */
1752 ino = d_inode(upperdentry)->i_ino;
1754 ovl_dentry_set_upper_alias(root);
1755 if (ovl_is_impuredir(upperdentry))
1756 ovl_set_flag(OVL_IMPURE, d_inode(root));
1759 /* Root is always merge -> can have whiteouts */
1760 ovl_set_flag(OVL_WHITEOUTS, d_inode(root));
1761 ovl_dentry_set_flag(OVL_E_CONNECTED, root);
1762 ovl_set_upperdata(d_inode(root));
1763 ovl_inode_init(d_inode(root), &oip, ino, fsid);
1764 ovl_dentry_update_reval(root, upperdentry, DCACHE_OP_WEAK_REVALIDATE);
1769 static int ovl_fill_super(struct super_block *sb, void *data, int silent)
1771 struct path upperpath = { };
1772 struct dentry *root_dentry;
1773 struct ovl_entry *oe;
1778 sb->s_d_op = &ovl_dentry_operations;
1781 ofs = kzalloc(sizeof(struct ovl_fs), GFP_KERNEL);
1785 ofs->creator_cred = cred = prepare_creds();
1789 /* Is there a reason anyone would want not to share whiteouts? */
1790 ofs->share_whiteout = true;
1792 ofs->config.index = ovl_index_def;
1793 ofs->config.nfs_export = ovl_nfs_export_def;
1794 ofs->config.xino = ovl_xino_def();
1795 ofs->config.metacopy = ovl_metacopy_def;
1796 err = ovl_parse_opt((char *) data, &ofs->config);
1801 if (!ofs->config.lowerdir) {
1803 pr_err("missing 'lowerdir'\n");
1807 sb->s_stack_depth = 0;
1808 sb->s_maxbytes = MAX_LFS_FILESIZE;
1809 atomic_long_set(&ofs->last_ino, 1);
1810 /* Assume underlaying fs uses 32bit inodes unless proven otherwise */
1811 if (ofs->config.xino != OVL_XINO_OFF) {
1812 ofs->xino_mode = BITS_PER_LONG - 32;
1813 if (!ofs->xino_mode) {
1814 pr_warn("xino not supported on 32bit kernel, falling back to xino=off.\n");
1815 ofs->config.xino = OVL_XINO_OFF;
1819 /* alloc/destroy_inode needed for setting up traps in inode cache */
1820 sb->s_op = &ovl_super_operations;
1822 if (ofs->config.upperdir) {
1823 if (!ofs->config.workdir) {
1824 pr_err("missing 'workdir'\n");
1828 err = ovl_get_upper(sb, ofs, &upperpath);
1832 err = ovl_get_workdir(sb, ofs, &upperpath);
1837 sb->s_flags |= SB_RDONLY;
1839 sb->s_stack_depth = ovl_upper_mnt(ofs)->mnt_sb->s_stack_depth;
1840 sb->s_time_gran = ovl_upper_mnt(ofs)->mnt_sb->s_time_gran;
1843 oe = ovl_get_lowerstack(sb, ofs);
1848 /* If the upper fs is nonexistent, we mark overlayfs r/o too */
1849 if (!ovl_upper_mnt(ofs))
1850 sb->s_flags |= SB_RDONLY;
1852 if (!(ovl_force_readonly(ofs)) && ofs->config.index) {
1853 /* index dir will act also as workdir */
1855 ofs->workdir = NULL;
1856 iput(ofs->workdir_trap);
1857 ofs->workdir_trap = NULL;
1859 err = ovl_get_indexdir(sb, ofs, oe, &upperpath);
1863 /* Force r/o mount with no index dir */
1865 ofs->workdir = dget(ofs->indexdir);
1867 sb->s_flags |= SB_RDONLY;
1870 err = ovl_check_overlapping_layers(sb, ofs);
1874 /* Show index=off in /proc/mounts for forced r/o mount */
1875 if (!ofs->indexdir) {
1876 ofs->config.index = false;
1877 if (ovl_upper_mnt(ofs) && ofs->config.nfs_export) {
1878 pr_warn("NFS export requires an index dir, falling back to nfs_export=off.\n");
1879 ofs->config.nfs_export = false;
1883 if (ofs->config.metacopy && ofs->config.nfs_export) {
1884 pr_warn("NFS export is not supported with metadata only copy up, falling back to nfs_export=off.\n");
1885 ofs->config.nfs_export = false;
1888 if (ofs->config.nfs_export)
1889 sb->s_export_op = &ovl_export_operations;
1891 /* Never override disk quota limits or use reserved space */
1892 cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
1894 sb->s_magic = OVERLAYFS_SUPER_MAGIC;
1895 sb->s_xattr = ovl_xattr_handlers;
1896 sb->s_fs_info = ofs;
1897 sb->s_flags |= SB_POSIXACL;
1898 sb->s_iflags |= SB_I_SKIP_SYNC;
1901 root_dentry = ovl_get_root(sb, upperpath.dentry, oe);
1905 mntput(upperpath.mnt);
1907 sb->s_root = root_dentry;
1912 ovl_entry_stack_free(oe);
1915 path_put(&upperpath);
1921 static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
1922 const char *dev_name, void *raw_data)
1924 return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
1927 static struct file_system_type ovl_fs_type = {
1928 .owner = THIS_MODULE,
1931 .kill_sb = kill_anon_super,
1933 MODULE_ALIAS_FS("overlay");
1935 static void ovl_inode_init_once(void *foo)
1937 struct ovl_inode *oi = foo;
1939 inode_init_once(&oi->vfs_inode);
1942 static int __init ovl_init(void)
1946 ovl_inode_cachep = kmem_cache_create("ovl_inode",
1947 sizeof(struct ovl_inode), 0,
1948 (SLAB_RECLAIM_ACCOUNT|
1949 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
1950 ovl_inode_init_once);
1951 if (ovl_inode_cachep == NULL)
1954 err = ovl_aio_request_cache_init();
1956 err = register_filesystem(&ovl_fs_type);
1960 ovl_aio_request_cache_destroy();
1962 kmem_cache_destroy(ovl_inode_cachep);
1967 static void __exit ovl_exit(void)
1969 unregister_filesystem(&ovl_fs_type);
1972 * Make sure all delayed rcu free inodes are flushed before we
1976 kmem_cache_destroy(ovl_inode_cachep);
1977 ovl_aio_request_cache_destroy();
1980 module_init(ovl_init);
1981 module_exit(ovl_exit);