github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/pkg/sentry/fs/mount_overlay.go (about) 1 // Copyright 2018 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package fs 16 17 import ( 18 "github.com/SagerNet/gvisor/pkg/context" 19 ) 20 21 // overlayMountSourceOperations implements MountSourceOperations for an overlay 22 // mount point. The upper filesystem determines the caching behavior of the 23 // overlay. 24 // 25 // +stateify savable 26 type overlayMountSourceOperations struct { 27 upper *MountSource 28 lower *MountSource 29 } 30 31 func newOverlayMountSource(ctx context.Context, upper, lower *MountSource, flags MountSourceFlags) *MountSource { 32 upper.IncRef() 33 lower.IncRef() 34 msrc := NewMountSource(ctx, &overlayMountSourceOperations{ 35 upper: upper, 36 lower: lower, 37 }, &overlayFilesystem{}, flags) 38 39 // Use the minimum number to keep resource usage under limits. 40 size := lower.fscache.maxSize 41 if size > upper.fscache.maxSize { 42 size = upper.fscache.maxSize 43 } 44 msrc.fscache.setMaxSize(size) 45 46 return msrc 47 } 48 49 // Revalidate implements MountSourceOperations.Revalidate for an overlay by 50 // delegating to the upper filesystem's Revalidate method. We cannot reload 51 // files from the lower filesystem, so we panic if the lower filesystem's 52 // Revalidate method returns true. 53 func (o *overlayMountSourceOperations) Revalidate(ctx context.Context, name string, parent, child *Inode) bool { 54 if child.overlay == nil { 55 panic("overlay cannot revalidate inode that is not an overlay") 56 } 57 58 // Revalidate is never called on a mount point, so parent and child 59 // must be from the same mount, and thus must both be overlay inodes. 60 if parent.overlay == nil { 61 panic("trying to revalidate an overlay inode but the parent is not an overlay") 62 } 63 64 // We can't revalidate from the lower filesystem. 65 if child.overlay.lower != nil && o.lower.Revalidate(ctx, name, parent.overlay.lower, child.overlay.lower) { 66 panic("an overlay cannot revalidate file objects from the lower fs") 67 } 68 69 var revalidate bool 70 child.overlay.copyMu.RLock() 71 if child.overlay.upper != nil { 72 // Does the upper require revalidation? 73 revalidate = o.upper.Revalidate(ctx, name, parent.overlay.upper, child.overlay.upper) 74 } else { 75 // Nothing to revalidate. 76 revalidate = false 77 } 78 child.overlay.copyMu.RUnlock() 79 return revalidate 80 } 81 82 // Keep implements MountSourceOperations by delegating to the upper 83 // filesystem's Keep method. 84 func (o *overlayMountSourceOperations) Keep(dirent *Dirent) bool { 85 return o.upper.Keep(dirent) 86 } 87 88 // CacheReaddir implements MountSourceOperations.CacheReaddir for an overlay by 89 // performing the logical AND of the upper and lower filesystems' CacheReaddir 90 // methods. 91 // 92 // N.B. This is fs-global instead of inode-specific because it must always 93 // return the same value. If it was inode-specific, we couldn't guarantee that 94 // property across copy up. 95 func (o *overlayMountSourceOperations) CacheReaddir() bool { 96 return o.lower.CacheReaddir() && o.upper.CacheReaddir() 97 } 98 99 // ResetInodeMappings propagates the call to both upper and lower MountSource. 100 func (o *overlayMountSourceOperations) ResetInodeMappings() { 101 o.upper.ResetInodeMappings() 102 o.lower.ResetInodeMappings() 103 } 104 105 // SaveInodeMapping propagates the call to both upper and lower MountSource. 106 func (o *overlayMountSourceOperations) SaveInodeMapping(inode *Inode, path string) { 107 inode.overlay.copyMu.RLock() 108 defer inode.overlay.copyMu.RUnlock() 109 if inode.overlay.upper != nil { 110 o.upper.SaveInodeMapping(inode.overlay.upper, path) 111 } 112 if inode.overlay.lower != nil { 113 o.lower.SaveInodeMapping(inode.overlay.lower, path) 114 } 115 } 116 117 // Destroy drops references on the upper and lower MountSource. 118 func (o *overlayMountSourceOperations) Destroy(ctx context.Context) { 119 o.upper.DecRef(ctx) 120 o.lower.DecRef(ctx) 121 } 122 123 // type overlayFilesystem is the filesystem for overlay mounts. 124 // 125 // +stateify savable 126 type overlayFilesystem struct{} 127 128 // Name implements Filesystem.Name. 129 func (ofs *overlayFilesystem) Name() string { 130 return "overlayfs" 131 } 132 133 // Flags implements Filesystem.Flags. 134 func (ofs *overlayFilesystem) Flags() FilesystemFlags { 135 return 0 136 } 137 138 // AllowUserMount implements Filesystem.AllowUserMount. 139 func (ofs *overlayFilesystem) AllowUserMount() bool { 140 return false 141 } 142 143 // AllowUserList implements Filesystem.AllowUserList. 144 func (*overlayFilesystem) AllowUserList() bool { 145 return true 146 } 147 148 // Mount implements Filesystem.Mount. 149 func (ofs *overlayFilesystem) Mount(ctx context.Context, device string, flags MountSourceFlags, data string, _ interface{}) (*Inode, error) { 150 panic("overlayFilesystem.Mount should not be called!") 151 }