Untitled

diff -ruNb a//Documentation/filesystems/Locking b//Documentation/filesystems/Locking
--- a//Documentation/filesystems/Locking    2012-10-12 21:48:25.000000000 +0100
+++ b//Documentation/filesystems/Locking    2012-10-21 15:32:26.594986267 +0100
@@ -62,6 +62,7 @@
    int (*removexattr) (struct dentry *, const char *);
    int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start, u64 len);
    void (*update_time)(struct inode *, struct timespec *, int);
+   struct file *(*open)(struct dentry *,struct file *,const struct cred *);

 locking rules:
    all may block
@@ -89,7 +90,7 @@
 removexattr:   yes
 fiemap:        no
 update_time:   no
-
+open:      no
    Additionally, ->rmdir(), ->unlink() and ->rename() have ->i_mutex on
 victim.
    cross-directory ->rename() has (per-superblock) ->s_vfs_rename_sem.
diff -ruNb a//Documentation/filesystems/overlayfs.txt b//Documentation/filesystems/overlayfs.txt
--- a//Documentation/filesystems/overlayfs.txt  1970-01-01 01:00:00.000000000 +0100
+++ b//Documentation/filesystems/overlayfs.txt  2012-10-21 15:34:04.765813939 +0100
@@ -0,0 +1,199 @@
+Written by: Neil Brown <neilb@suse.de>
+
+Overlay Filesystem
+==================
+
+This document describes a prototype for a new approach to providing
+overlay-filesystem functionality in Linux (sometimes referred to as
+union-filesystems).  An overlay-filesystem tries to present a
+filesystem which is the result over overlaying one filesystem on top
+of the other.
+
+The result will inevitably fail to look exactly like a normal
+filesystem for various technical reasons.  The expectation is that
+many use cases will be able to ignore these differences.
+
+This approach is 'hybrid' because the objects that appear in the
+filesystem do not all appear to belong to that filesystem.  In many
+cases an object accessed in the union will be indistinguishable
+from accessing the corresponding object from the original filesystem.
+This is most obvious from the 'st_dev' field returned by stat(2).
+
+While directories will report an st_dev from the overlay-filesystem,
+all non-directory objects will report an st_dev from the lower or
+upper filesystem that is providing the object.  Similarly st_ino will
+only be unique when combined with st_dev, and both of these can change
+over the lifetime of a non-directory object.  Many applications and
+tools ignore these values and will not be affected.
+
+Upper and Lower
+---------------
+
+An overlay filesystem combines two filesystems - an 'upper' filesystem
+and a 'lower' filesystem.  When a name exists in both filesystems, the
+object in the 'upper' filesystem is visible while the object in the
+'lower' filesystem is either hidden or, in the case of directories,
+merged with the 'upper' object.
+
+It would be more correct to refer to an upper and lower 'directory
+tree' rather than 'filesystem' as it is quite possible for both
+directory trees to be in the same filesystem and there is no
+requirement that the root of a filesystem be given for either upper or
+lower.
+
+The lower filesystem can be any filesystem supported by Linux and does
+not need to be writable.  The lower filesystem can even be another
+overlayfs.  The upper filesystem will normally be writable and if it
+is it must support the creation of trusted.* extended attributes, and
+must provide valid d_type in readdir responses, at least for symbolic
+links - so NFS is not suitable.
+
+A read-only overlay of two read-only filesystems may use any
+filesystem type.
+
+Directories
+-----------
+
+Overlaying mainly involved directories.  If a given name appears in both
+upper and lower filesystems and refers to a non-directory in either,
+then the lower object is hidden - the name refers only to the upper
+object.
+
+Where both upper and lower objects are directories, a merged directory
+is formed.
+
+At mount time, the two directories given as mount options are combined
+into a merged directory:
+
+  mount -t overlayfs overlayfs -olowerdir=/lower,upperdir=/upper /overlay
+
+Then whenever a lookup is requested in such a merged directory, the
+lookup is performed in each actual directory and the combined result
+is cached in the dentry belonging to the overlay filesystem.  If both
+actual lookups find directories, both are stored and a merged
+directory is created, otherwise only one is stored: the upper if it
+exists, else the lower.
+
+Only the lists of names from directories are merged.  Other content
+such as metadata and extended attributes are reported for the upper
+directory only.  These attributes of the lower directory are hidden.
+
+whiteouts and opaque directories
+--------------------------------
+
+In order to support rm and rmdir without changing the lower
+filesystem, an overlay filesystem needs to record in the upper filesystem
+that files have been removed.  This is done using whiteouts and opaque
+directories (non-directories are always opaque).
+
+The overlay filesystem uses extended attributes with a
+"trusted.overlay."  prefix to record these details.
+
+A whiteout is created as a symbolic link with target
+"(overlay-whiteout)" and with xattr "trusted.overlay.whiteout" set to "y".
+When a whiteout is found in the upper level of a merged directory, any
+matching name in the lower level is ignored, and the whiteout itself
+is also hidden.
+
+A directory is made opaque by setting the xattr "trusted.overlay.opaque"
+to "y".  Where the upper filesystem contains an opaque directory, any
+directory in the lower filesystem with the same name is ignored.
+
+readdir
+-------
+
+When a 'readdir' request is made on a merged directory, the upper and
+lower directories are each read and the name lists merged in the
+obvious way (upper is read first, then lower - entries that already
+exist are not re-added).  This merged name list is cached in the
+'struct file' and so remains as long as the file is kept open.  If the
+directory is opened and read by two processes at the same time, they
+will each have separate caches.  A seekdir to the start of the
+directory (offset 0) followed by a readdir will cause the cache to be
+discarded and rebuilt.
+
+This means that changes to the merged directory do not appear while a
+directory is being read.  This is unlikely to be noticed by many
+programs.
+
+seek offsets are assigned sequentially when the directories are read.
+Thus if
+  - read part of a directory
+  - remember an offset, and close the directory
+  - re-open the directory some time later
+  - seek to the remembered offset
+
+there may be little correlation between the old and new locations in
+the list of filenames, particularly if anything has changed in the
+directory.
+
+Readdir on directories that are not merged is simply handled by the
+underlying directory (upper or lower).
+
+
+Non-directories
+---------------
+
+Objects that are not directories (files, symlinks, device-special
+files etc.) are presented either from the upper or lower filesystem as
+appropriate.  When a file in the lower filesystem is accessed in a way
+the requires write-access, such as opening for write access, changing
+some metadata etc., the file is first copied from the lower filesystem
+to the upper filesystem (copy_up).  Note that creating a hard-link
+also requires copy_up, though of course creation of a symlink does
+not.
+
+The copy_up may turn out to be unnecessary, for example if the file is
+opened for read-write but the data is not modified.
+
+The copy_up process first makes sure that the containing directory
+exists in the upper filesystem - creating it and any parents as
+necessary.  It then creates the object with the same metadata (owner,
+mode, mtime, symlink-target etc.) and then if the object is a file, the
+data is copied from the lower to the upper filesystem.  Finally any
+extended attributes are copied up.
+
+Once the copy_up is complete, the overlay filesystem simply
+provides direct access to the newly created file in the upper
+filesystem - future operations on the file are barely noticed by the
+overlay filesystem (though an operation on the name of the file such as
+rename or unlink will of course be noticed and handled).
+
+
+Non-standard behavior
+---------------------
+
+The copy_up operation essentially creates a new, identical file and
+moves it over to the old name.  The new file may be on a different
+filesystem, so both st_dev and st_ino of the file may change.
+
+Any open files referring to this inode will access the old data and
+metadata.  Similarly any file locks obtained before copy_up will not
+apply to the copied up file.
+
+On a file is opened with O_RDONLY fchmod(2), fchown(2), futimesat(2)
+and fsetxattr(2) will fail with EROFS.
+
+If a file with multiple hard links is copied up, then this will
+"break" the link.  Changes will not be propagated to other names
+referring to the same inode.
+
+Symlinks in /proc/PID/ and /proc/PID/fd which point to a non-directory
+object in overlayfs will not contain vaid absolute paths, only
+relative paths leading up to the filesystem's root.  This will be
+fixed in the future.
+
+Some operations are not atomic, for example a crash during copy_up or
+rename will leave the filesystem in an inconsitent state.  This will
+be addressed in the future.
+
+Changes to underlying filesystems
+---------------------------------
+
+Offline changes, when the overlay is not mounted, are allowed to either
+the upper or the lower trees.
+
+Changes to the underlying filesystems while part of a mounted overlay
+filesystem are not allowed.  If the underlying filesystem is changed,
+the behavior of the overlay is undefined, though it will not result in
+a crash or deadlock.
diff -ruNb a//Documentation/filesystems/vfs.txt b//Documentation/filesystems/vfs.txt
--- a//Documentation/filesystems/vfs.txt    2012-10-12 21:48:25.000000000 +0100
+++ b//Documentation/filesystems/vfs.txt    2012-10-21 15:32:26.595986134 +0100
@@ -364,6 +364,8 @@
    ssize_t (*listxattr) (struct dentry *, char *, size_t);
    int (*removexattr) (struct dentry *, const char *);
    void (*update_time)(struct inode *, struct timespec *, int);
+   struct file *(*open) (struct dentry *, struct file *,
+                 const struct cred *);
 };

 Again, all methods are called without any locks being held, unless
@@ -476,6 +478,12 @@
    an inode.  If this is not defined the VFS will update the inode itself
    and call mark_inode_dirty_sync.

+  open: this is an alternative to f_op->open(), the difference is that this
+   method may return any open file, not necessarily originating from the
+   same filesystem as the one i_op->open() was called on.  It may be useful
+   for stacking filesystems which want to allow native I/O directly on
+   underlying files.
+
 The Address Space Object
 ========================

diff -ruNb a//fs/ecryptfs/main.c b//fs/ecryptfs/main.c
--- a//fs/ecryptfs/main.c   2012-10-12 21:48:25.000000000 +0100
+++ b//fs/ecryptfs/main.c   2012-10-21 15:34:17.524102063 +0100
@@ -544,6 +544,13 @@
    s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
    s->s_blocksize = path.dentry->d_sb->s_blocksize;
    s->s_magic = ECRYPTFS_SUPER_MAGIC;
+   s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;
+
+   rc = -EINVAL;
+   if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+       printk(KERN_ERR "eCryptfs: maximum fs stacking depth exceeded\n");
+       goto out_free;
+   }

    inode = ecryptfs_get_inode(path.dentry->d_inode, s);
    rc = PTR_ERR(inode);
diff -ruNb a//fs/Kconfig b//fs/Kconfig
--- a//fs/Kconfig   2012-10-12 21:48:25.000000000 +0100
+++ b//fs/Kconfig   2012-10-21 15:33:23.868301470 +0100
@@ -67,6 +67,7 @@

 source "fs/autofs4/Kconfig"
 source "fs/fuse/Kconfig"
+source "fs/overlayfs/Kconfig"

 config CUSE
    tristate "Character device in Userspace support"
diff -ruNb a//fs/Makefile b//fs/Makefile
--- a//fs/Makefile  2012-10-12 21:48:25.000000000 +0100
+++ b//fs/Makefile  2012-10-21 15:33:23.868301470 +0100
@@ -106,6 +106,7 @@
 obj-$(CONFIG_AUTOFS4_FS)   += autofs4/
 obj-$(CONFIG_ADFS_FS)      += adfs/
 obj-$(CONFIG_FUSE_FS)      += fuse/
+obj-$(CONFIG_OVERLAYFS_FS) += overlayfs/
 obj-$(CONFIG_UDF_FS)       += udf/
 obj-$(CONFIG_SUN_OPENPROMFS)   += openpromfs/
 obj-$(CONFIG_OMFS_FS)      += omfs/
diff -ruNb a//fs/namei.c b//fs/namei.c
--- a//fs/namei.c   2012-10-12 21:48:25.000000000 +0100
+++ b//fs/namei.c   2012-10-21 15:35:00.151382436 +0100
@@ -315,6 +315,36 @@
 }

 /**
+ * inode_only_permission  -  check access rights to a given inode only
+ * @inode: inode to check permissions on
+ * @mask:  right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC, ...)
+ *
+ * Uses to check read/write/execute permissions on an inode directly, we do
+ * not check filesystem permissions.
+ */
+int inode_only_permission(struct inode *inode, int mask)
+{
+   int retval;
+
+   /*
+    * Nobody gets write access to an immutable file.
+    */
+   if (unlikely(mask & MAY_WRITE) && IS_IMMUTABLE(inode))
+       return -EACCES;
+
+   retval = do_inode_permission(inode, mask);
+   if (retval)
+       return retval;
+
+   retval = devcgroup_inode_permission(inode, mask);
+   if (retval)
+       return retval;
+
+   return security_inode_permission(inode, mask);
+}
+EXPORT_SYMBOL(inode_only_permission);
+
+/**
  * inode_permission  -  check for access rights to a given inode
  * @inode: inode to check permission on
  * @mask:  right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC, ...)
@@ -328,8 +358,6 @@
  */
 int inode_permission(struct inode *inode, int mask)
 {
-   int retval;
-
    if (unlikely(mask & MAY_WRITE)) {
        umode_t mode = inode->i_mode;

@@ -339,23 +367,9 @@
        if (IS_RDONLY(inode) &&
            (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
            return -EROFS;
-
-       /*
-        * Nobody gets write access to an immutable file.
-        */
-       if (IS_IMMUTABLE(inode))
-           return -EACCES;
    }

-   retval = do_inode_permission(inode, mask);
-   if (retval)
-       return retval;
-
-   retval = devcgroup_inode_permission(inode, mask);
-   if (retval)
-       return retval;
-
-   return security_inode_permission(inode, mask);
+   return inode_only_permission(inode, mask);
 }

 /**
diff -ruNb a//fs/namespace.c b//fs/namespace.c
--- a//fs/namespace.c   2012-10-12 21:48:25.000000000 +0100
+++ b//fs/namespace.c   2012-10-21 15:33:09.262261274 +0100
@@ -1327,6 +1327,24 @@
    release_mounts(&umount_list);
 }

+struct vfsmount *clone_private_mount(struct path *path)
+{
+   struct mount *old_mnt = real_mount(path->mnt);
+   struct mount *new_mnt;
+
+   if (IS_MNT_UNBINDABLE(old_mnt))
+       return ERR_PTR(-EINVAL);
+
+   down_read(&namespace_sem);
+   new_mnt = clone_mnt(old_mnt, path->dentry, CL_PRIVATE);
+   up_read(&namespace_sem);
+   if (!new_mnt)
+       return ERR_PTR(-ENOMEM);
+
+   return &new_mnt->mnt;
+}
+EXPORT_SYMBOL_GPL(clone_private_mount);
+
 int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
           struct vfsmount *root)
 {
diff -ruNb a//fs/open.c b//fs/open.c
--- a//fs/open.c    2012-10-12 21:48:25.000000000 +0100
+++ b//fs/open.c    2012-10-21 15:32:26.596986001 +0100
@@ -667,8 +667,7 @@
    return 0;
 }

-static struct file *do_dentry_open(struct dentry *dentry, struct vfsmount *mnt,
-                  struct file *f,
+static struct file *do_dentry_open(struct path *path, struct file *f,
                   int (*open)(struct inode *, struct file *),
                   const struct cred *cred)
 {
@@ -676,15 +675,16 @@
    struct inode *inode;
    int error;

+   path_get(path);
    f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
                FMODE_PREAD | FMODE_PWRITE;

    if (unlikely(f->f_flags & O_PATH))
        f->f_mode = FMODE_PATH;

-   inode = dentry->d_inode;
+   inode = path->dentry->d_inode;
    if (f->f_mode & FMODE_WRITE) {
-       error = __get_file_write_access(inode, mnt);
+       error = __get_file_write_access(inode, path->mnt);
        if (error)
            goto cleanup_file;
        if (!special_file(inode->i_mode))
@@ -692,8 +692,7 @@
    }

    f->f_mapping = inode->i_mapping;
-   f->f_path.dentry = dentry;
-   f->f_path.mnt = mnt;
+   f->f_path = *path;
    f->f_pos = 0;
    file_sb_list_add(f, inode->i_sb);

@@ -740,24 +739,22 @@
             * here, so just reset the state.
             */
            file_reset_write(f);
-           mnt_drop_write(mnt);
+           mnt_drop_write(path->mnt);
        }
    }
    file_sb_list_del(f);
    f->f_path.dentry = NULL;
    f->f_path.mnt = NULL;
 cleanup_file:
-   dput(dentry);
-   mntput(mnt);
+   path_put(path);
    return ERR_PTR(error);
 }

-static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
-               struct file *f,
+static struct file *__dentry_open(struct path *path, struct file *f,
                int (*open)(struct inode *, struct file *),
                const struct cred *cred)
 {
-   struct file *res = do_dentry_open(dentry, mnt, f, open, cred);
+   struct file *res = do_dentry_open(path, f, open, cred);
    if (!IS_ERR(res)) {
        int error = open_check_o_direct(f);
        if (error) {
@@ -792,14 +789,14 @@
 struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
        int (*open)(struct inode *, struct file *))
 {
+   struct path path = { .dentry = dentry, .mnt = nd->path.mnt };
    const struct cred *cred = current_cred();

    if (IS_ERR(nd->intent.open.file))
        goto out;
    if (IS_ERR(dentry))
        goto out_err;
-   nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
-                        nd->intent.open.file,
+   nd->intent.open.file = __dentry_open(&path, nd->intent.open.file,
                         open, cred);
 out:
    return nd->intent.open.file;
@@ -831,9 +828,7 @@
    } else {
        struct file *res;

-       path_get(&nd->path);
-       res = do_dentry_open(nd->path.dentry, nd->path.mnt,
-                    filp, NULL, cred);
+       res = vfs_open(&nd->path, filp, cred);
        if (!IS_ERR(res)) {
            int error;

@@ -860,27 +855,48 @@
 struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
             const struct cred *cred)
 {
-   int error;
    struct file *f;
+   struct file *ret;
+   struct path path = { .dentry = dentry, .mnt = mnt };

    validate_creds(cred);

    /* We must always pass in a valid mount pointer. */
    BUG_ON(!mnt);

-   error = -ENFILE;
+   ret = ERR_PTR(-ENFILE);
    f = get_empty_filp();
-   if (f == NULL) {
-       dput(dentry);
-       mntput(mnt);
-       return ERR_PTR(error);
+   if (f != NULL) {
+       f->f_flags = flags;
+       ret = vfs_open(&path, f, cred);
    }
+   path_put(&path);

-   f->f_flags = flags;
-   return __dentry_open(dentry, mnt, f, NULL, cred);
+   return ret;
 }
 EXPORT_SYMBOL(dentry_open);

+/**
+ * vfs_open - open the file at the given path
+ * @path: path to open
+ * @filp: newly allocated file with f_flag initialized
+ * @cred: credentials to use
+ *
+ * Open the file.  If successful, the returned file will have acquired
+ * an additional reference for path.
+ */
+struct file *vfs_open(struct path *path, struct file *filp,
+             const struct cred *cred)
+{
+   struct inode *inode = path->dentry->d_inode;
+
+   if (inode->i_op->open)
+       return inode->i_op->open(path->dentry, filp, cred);
+   else
+       return __dentry_open(path, filp, NULL, cred);
+}
+EXPORT_SYMBOL(vfs_open);
+
 static void __put_unused_fd(struct files_struct *files, unsigned int fd)
 {
    struct fdtable *fdt = files_fdtable(files);
diff -ruNb a//fs/overlayfs/copy_up.c b//fs/overlayfs/copy_up.c
--- a//fs/overlayfs/copy_up.c   1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/copy_up.c   2012-10-21 15:33:23.868301470 +0100
@@ -0,0 +1,385 @@
+/*
+ *
+ * Copyright (C) 2011 Novell Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include <linux/file.h>
+#include <linux/splice.h>
+#include <linux/xattr.h>
+#include <linux/security.h>
+#include <linux/uaccess.h>
+#include <linux/sched.h>
+#include "overlayfs.h"
+
+#define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
+
+static int ovl_copy_up_xattr(struct dentry *old, struct dentry *new)
+{
+   ssize_t list_size, size;
+   char *buf, *name, *value;
+   int error;
+
+   if (!old->d_inode->i_op->getxattr ||
+       !new->d_inode->i_op->getxattr)
+       return 0;
+
+   list_size = vfs_listxattr(old, NULL, 0);
+   if (list_size <= 0) {
+       if (list_size == -EOPNOTSUPP)
+           return 0;
+       return list_size;
+   }
+
+   buf = kzalloc(list_size, GFP_KERNEL);
+   if (!buf)
+       return -ENOMEM;
+
+   error = -ENOMEM;
+   value = kmalloc(XATTR_SIZE_MAX, GFP_KERNEL);
+   if (!value)
+       goto out;
+
+   list_size = vfs_listxattr(old, buf, list_size);
+   if (list_size <= 0) {
+       error = list_size;
+       goto out_free_value;
+   }
+
+   for (name = buf; name < (buf + list_size); name += strlen(name) + 1) {
+       size = vfs_getxattr(old, name, value, XATTR_SIZE_MAX);
+       if (size <= 0) {
+           error = size;
+           goto out_free_value;
+       }
+       error = vfs_setxattr(new, name, value, size, 0);
+       if (error)
+           goto out_free_value;
+   }
+
+out_free_value:
+   kfree(value);
+out:
+   kfree(buf);
+   return error;
+}
+
+static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
+{
+   struct file *old_file;
+   struct file *new_file;
+   int error = 0;
+
+   if (len == 0)
+       return 0;
+
+   old_file = ovl_path_open(old, O_RDONLY);
+   if (IS_ERR(old_file))
+       return PTR_ERR(old_file);
+
+   new_file = ovl_path_open(new, O_WRONLY);
+   if (IS_ERR(new_file)) {
+       error = PTR_ERR(new_file);
+       goto out_fput;
+   }
+
+   /* FIXME: copy up sparse files efficiently */
+   while (len) {
+       loff_t offset = new_file->f_pos;
+       size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
+       long bytes;
+
+       if (len < this_len)
+           this_len = len;
+
+       if (signal_pending_state(TASK_KILLABLE, current)) {
+           error = -EINTR;
+           break;
+       }
+
+       bytes = do_splice_direct(old_file, &offset, new_file, this_len,
+                SPLICE_F_MOVE);
+       if (bytes <= 0) {
+           error = bytes;
+           break;
+       }
+
+       len -= bytes;
+   }
+
+   fput(new_file);
+out_fput:
+   fput(old_file);
+   return error;
+}
+
+static char *ovl_read_symlink(struct dentry *realdentry)
+{
+   int res;
+   char *buf;
+   struct inode *inode = realdentry->d_inode;
+   mm_segment_t old_fs;
+
+   res = -EINVAL;
+   if (!inode->i_op->readlink)
+       goto err;
+
+   res = -ENOMEM;
+   buf = (char *) __get_free_page(GFP_KERNEL);
+   if (!buf)
+       goto err;
+
+   old_fs = get_fs();
+   set_fs(get_ds());
+   /* The cast to a user pointer is valid due to the set_fs() */
+   res = inode->i_op->readlink(realdentry,
+                   (char __user *)buf, PAGE_SIZE - 1);
+   set_fs(old_fs);
+   if (res < 0) {
+       free_page((unsigned long) buf);
+       goto err;
+   }
+   buf[res] = '\0';
+
+   return buf;
+
+err:
+   return ERR_PTR(res);
+}
+
+static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
+{
+   struct iattr attr = {
+       .ia_valid =
+            ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
+       .ia_atime = stat->atime,
+       .ia_mtime = stat->mtime,
+   };
+
+   return notify_change(upperdentry, &attr);
+}
+
+static int ovl_set_mode(struct dentry *upperdentry, umode_t mode)
+{
+   struct iattr attr = {
+       .ia_valid = ATTR_MODE,
+       .ia_mode = mode,
+   };
+
+   return notify_change(upperdentry, &attr);
+}
+
+static int ovl_copy_up_locked(struct dentry *upperdir, struct dentry *dentry,
+                 struct path *lowerpath, struct kstat *stat,
+                 const char *link)
+{
+   int err;
+   struct path newpath;
+   umode_t mode = stat->mode;
+
+   /* Can't properly set mode on creation because of the umask */
+   stat->mode &= S_IFMT;
+
+   ovl_path_upper(dentry, &newpath);
+   WARN_ON(newpath.dentry);
+   newpath.dentry = ovl_upper_create(upperdir, dentry, stat, link);
+   if (IS_ERR(newpath.dentry))
+       return PTR_ERR(newpath.dentry);
+
+   if (S_ISREG(stat->mode)) {
+       err = ovl_copy_up_data(lowerpath, &newpath, stat->size);
+       if (err)
+           goto err_remove;
+   }
+
+   err = ovl_copy_up_xattr(lowerpath->dentry, newpath.dentry);
+   if (err)
+       goto err_remove;
+
+   mutex_lock(&newpath.dentry->d_inode->i_mutex);
+   if (!S_ISLNK(stat->mode))
+       err = ovl_set_mode(newpath.dentry, mode);
+   if (!err)
+       err = ovl_set_timestamps(newpath.dentry, stat);
+   mutex_unlock(&newpath.dentry->d_inode->i_mutex);
+   if (err)
+       goto err_remove;
+
+   ovl_dentry_update(dentry, newpath.dentry);
+
+   /*
+    * Easiest way to get rid of the lower dentry reference is to
+    * drop this dentry.  This is neither needed nor possible for
+    * directories.
+    */
+   if (!S_ISDIR(stat->mode))
+       d_drop(dentry);
+
+   return 0;
+
+err_remove:
+   if (S_ISDIR(stat->mode))
+       vfs_rmdir(upperdir->d_inode, newpath.dentry);
+   else
+       vfs_unlink(upperdir->d_inode, newpath.dentry);
+
+   dput(newpath.dentry);
+
+   return err;
+}
+
+/*
+ * Copy up a single dentry
+ *
+ * Directory renames only allowed on "pure upper" (already created on
+ * upper filesystem, never copied up).  Directories which are on lower or
+ * are merged may not be renamed.  For these -EXDEV is returned and
+ * userspace has to deal with it.  This means, when copying up a
+ * directory we can rely on it and ancestors being stable.
+ *
+ * Non-directory renames start with copy up of source if necessary.  The
+ * actual rename will only proceed once the copy up was successful.  Copy
+ * up uses upper parent i_mutex for exclusion.  Since rename can change
+ * d_parent it is possible that the copy up will lock the old parent.  At
+ * that point the file will have already been copied up anyway.
+ */
+static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
+              struct path *lowerpath, struct kstat *stat)
+{
+   int err;
+   struct kstat pstat;
+   struct path parentpath;
+   struct dentry *upperdir;
+   const struct cred *old_cred;
+   struct cred *override_cred;
+   char *link = NULL;
+
+   ovl_path_upper(parent, &parentpath);
+   upperdir = parentpath.dentry;
+
+   err = vfs_getattr(parentpath.mnt, parentpath.dentry, &pstat);
+   if (err)
+       return err;
+
+   if (S_ISLNK(stat->mode)) {
+       link = ovl_read_symlink(lowerpath->dentry);
+       if (IS_ERR(link))
+           return PTR_ERR(link);
+   }
+
+   err = -ENOMEM;
+   override_cred = prepare_creds();
+   if (!override_cred)
+       goto out_free_link;
+
+   override_cred->fsuid = stat->uid;
+   override_cred->fsgid = stat->gid;
+   /*
+    * CAP_SYS_ADMIN for copying up extended attributes
+    * CAP_DAC_OVERRIDE for create
+    * CAP_FOWNER for chmod, timestamp update
+    * CAP_FSETID for chmod
+    * CAP_MKNOD for mknod
+    */
+   cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+   cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
+   cap_raise(override_cred->cap_effective, CAP_FOWNER);
+   cap_raise(override_cred->cap_effective, CAP_FSETID);
+   cap_raise(override_cred->cap_effective, CAP_MKNOD);
+   old_cred = override_creds(override_cred);
+
+   mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
+   if (ovl_path_type(dentry) != OVL_PATH_LOWER) {
+       err = 0;
+   } else {
+       err = ovl_copy_up_locked(upperdir, dentry, lowerpath,
+                    stat, link);
+       if (!err) {
+           /* Restore timestamps on parent (best effort) */
+           ovl_set_timestamps(upperdir, &pstat);
+       }
+   }
+
+   mutex_unlock(&upperdir->d_inode->i_mutex);
+
+   revert_creds(old_cred);
+   put_cred(override_cred);
+
+out_free_link:
+   if (link)
+       free_page((unsigned long) link);
+
+   return err;
+}
+
+int ovl_copy_up(struct dentry *dentry)
+{
+   int err;
+
+   err = 0;
+   while (!err) {
+       struct dentry *next;
+       struct dentry *parent;
+       struct path lowerpath;
+       struct kstat stat;
+       enum ovl_path_type type = ovl_path_type(dentry);
+
+       if (type != OVL_PATH_LOWER)
+           break;
+
+       next = dget(dentry);
+       /* find the topmost dentry not yet copied up */
+       for (;;) {
+           parent = dget_parent(next);
+
+           type = ovl_path_type(parent);
+           if (type != OVL_PATH_LOWER)
+               break;
+
+           dput(next);
+           next = parent;
+       }
+
+       ovl_path_lower(next, &lowerpath);
+       err = vfs_getattr(lowerpath.mnt, lowerpath.dentry, &stat);
+       if (!err)
+           err = ovl_copy_up_one(parent, next, &lowerpath, &stat);
+
+       dput(parent);
+       dput(next);
+   }
+
+   return err;
+}
+
+/* Optimize by not copying up the file first and truncating later */
+int ovl_copy_up_truncate(struct dentry *dentry, loff_t size)
+{
+   int err;
+   struct kstat stat;
+   struct path lowerpath;
+   struct dentry *parent = dget_parent(dentry);
+
+   err = ovl_copy_up(parent);
+   if (err)
+       goto out_dput_parent;
+
+   ovl_path_lower(dentry, &lowerpath);
+   err = vfs_getattr(lowerpath.mnt, lowerpath.dentry, &stat);
+   if (err)
+       goto out_dput_parent;
+
+   if (size < stat.size)
+       stat.size = size;
+
+   err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat);
+
+out_dput_parent:
+   dput(parent);
+   return err;
+}
diff -ruNb a//fs/overlayfs/dir.c b//fs/overlayfs/dir.c
--- a//fs/overlayfs/dir.c   1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/dir.c   2012-10-21 15:35:40.472972180 +0100
@@ -0,0 +1,604 @@
+/*
+ *
+ * Copyright (C) 2011 Novell Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <linux/fs.h>
+#include <linux/namei.h>
+#include <linux/xattr.h>
+#include <linux/security.h>
+#include <linux/cred.h>
+#include "overlayfs.h"
+
+static const char *ovl_whiteout_symlink = "(overlay-whiteout)";
+
+static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry)
+{
+   int err;
+   struct dentry *newdentry;
+   const struct cred *old_cred;
+   struct cred *override_cred;
+
+   /* FIXME: recheck lower dentry to see if whiteout is really needed */
+
+   err = -ENOMEM;
+   override_cred = prepare_creds();
+   if (!override_cred)
+       goto out;
+
+   /*
+    * CAP_SYS_ADMIN for setxattr
+    * CAP_DAC_OVERRIDE for symlink creation
+    * CAP_FOWNER for unlink in sticky directory
+    */
+   cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+   cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
+   cap_raise(override_cred->cap_effective, CAP_FOWNER);
+   override_cred->fsuid = 0;
+   override_cred->fsgid = 0;
+   old_cred = override_creds(override_cred);
+
+   newdentry = lookup_one_len(dentry->d_name.name, upperdir,
+                  dentry->d_name.len);
+   err = PTR_ERR(newdentry);
+   if (IS_ERR(newdentry))
+       goto out_put_cred;
+
+   /* Just been removed within the same locked region */
+   WARN_ON(newdentry->d_inode);
+
+   err = vfs_symlink(upperdir->d_inode, newdentry, ovl_whiteout_symlink);
+   if (err)
+       goto out_dput;
+
+   ovl_dentry_version_inc(dentry->d_parent);
+
+   err = vfs_setxattr(newdentry, ovl_whiteout_xattr, "y", 1, 0);
+   if (err)
+       vfs_unlink(upperdir->d_inode, newdentry);
+
+out_dput:
+   dput(newdentry);
+out_put_cred:
+   revert_creds(old_cred);
+   put_cred(override_cred);
+out:
+   if (err) {
+       /*
+        * There's no way to recover from failure to whiteout.
+        * What should we do?  Log a big fat error and... ?
+        */
+       printk(KERN_ERR "overlayfs: ERROR - failed to whiteout '%s'\n",
+              dentry->d_name.name);
+   }
+
+   return err;
+}
+
+static struct dentry *ovl_lookup_create(struct dentry *upperdir,
+                   struct dentry *template)
+{
+   int err;
+   struct dentry *newdentry;
+   struct qstr *name = &template->d_name;
+
+   newdentry = lookup_one_len(name->name, upperdir, name->len);
+   if (IS_ERR(newdentry))
+       return newdentry;
+
+   if (newdentry->d_inode) {
+       const struct cred *old_cred;
+       struct cred *override_cred;
+
+       /* No need to check whiteout if lower parent is non-existent */
+       err = -EEXIST;
+       if (!ovl_dentry_lower(template->d_parent))
+           goto out_dput;
+
+       if (!S_ISLNK(newdentry->d_inode->i_mode))
+           goto out_dput;
+
+       err = -ENOMEM;
+       override_cred = prepare_creds();
+       if (!override_cred)
+           goto out_dput;
+
+       /*
+        * CAP_SYS_ADMIN for getxattr
+        * CAP_FOWNER for unlink in sticky directory
+        */
+       cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+       cap_raise(override_cred->cap_effective, CAP_FOWNER);
+       old_cred = override_creds(override_cred);
+
+       err = -EEXIST;
+       if (ovl_is_whiteout(newdentry))
+           err = vfs_unlink(upperdir->d_inode, newdentry);
+
+       revert_creds(old_cred);
+       put_cred(override_cred);
+       if (err)
+           goto out_dput;
+
+       dput(newdentry);
+       newdentry = lookup_one_len(name->name, upperdir, name->len);
+       if (IS_ERR(newdentry)) {
+           ovl_whiteout(upperdir, template);
+           return newdentry;
+       }
+
+       /*
+        * Whiteout just been successfully removed, parent
+        * i_mutex is still held, there's no way the lookup
+        * could return positive.
+        */
+       WARN_ON(newdentry->d_inode);
+   }
+
+   return newdentry;
+
+out_dput:
+   dput(newdentry);
+   return ERR_PTR(err);
+}
+
+struct dentry *ovl_upper_create(struct dentry *upperdir, struct dentry *dentry,
+               struct kstat *stat, const char *link)
+{
+   int err;
+   struct dentry *newdentry;
+   struct inode *dir = upperdir->d_inode;
+
+   newdentry = ovl_lookup_create(upperdir, dentry);
+   if (IS_ERR(newdentry))
+       goto out;
+
+   switch (stat->mode & S_IFMT) {
+   case S_IFREG:
+       err = vfs_create(dir, newdentry, stat->mode, NULL);
+       break;
+
+   case S_IFDIR:
+       err = vfs_mkdir(dir, newdentry, stat->mode);
+       break;
+
+   case S_IFCHR:
+   case S_IFBLK:
+   case S_IFIFO:
+   case S_IFSOCK:
+       err = vfs_mknod(dir, newdentry, stat->mode, stat->rdev);
+       break;
+
+   case S_IFLNK:
+       err = vfs_symlink(dir, newdentry, link);
+       break;
+
+   default:
+       err = -EPERM;
+   }
+   if (err) {
+       if (ovl_dentry_is_opaque(dentry))
+           ovl_whiteout(upperdir, dentry);
+       dput(newdentry);
+       newdentry = ERR_PTR(err);
+   } else if (WARN_ON(!newdentry->d_inode)) {
+       /*
+        * Not quite sure if non-instantiated dentry is legal or not.
+        * VFS doesn't seem to care so check and warn here.
+        */
+       dput(newdentry);
+       newdentry = ERR_PTR(-ENOENT);
+   }
+
+out:
+   return newdentry;
+
+}
+
+static int ovl_set_opaque(struct dentry *upperdentry)
+{
+   int err;
+   const struct cred *old_cred;
+   struct cred *override_cred;
+
+   override_cred = prepare_creds();
+   if (!override_cred)
+       return -ENOMEM;
+
+   /* CAP_SYS_ADMIN for setxattr of "trusted" namespace */
+   cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+   old_cred = override_creds(override_cred);
+   err = vfs_setxattr(upperdentry, ovl_opaque_xattr, "y", 1, 0);
+   revert_creds(old_cred);
+   put_cred(override_cred);
+
+   return err;
+}
+
+static int ovl_remove_opaque(struct dentry *upperdentry)
+{
+   int err;
+   const struct cred *old_cred;
+   struct cred *override_cred;
+
+   override_cred = prepare_creds();
+   if (!override_cred)
+       return -ENOMEM;
+
+   /* CAP_SYS_ADMIN for removexattr of "trusted" namespace */
+   cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+   old_cred = override_creds(override_cred);
+   err = vfs_removexattr(upperdentry, ovl_opaque_xattr);
+   revert_creds(old_cred);
+   put_cred(override_cred);
+
+   return err;
+}
+
+static int ovl_dir_getattr(struct vfsmount *mnt, struct dentry *dentry,
+            struct kstat *stat)
+{
+   int err;
+   enum ovl_path_type type;
+   struct path realpath;
+
+   type = ovl_path_real(dentry, &realpath);
+   err = vfs_getattr(realpath.mnt, realpath.dentry, stat);
+   if (err)
+       return err;
+
+   stat->dev = dentry->d_sb->s_dev;
+   stat->ino = dentry->d_inode->i_ino;
+
+   /*
+    * It's probably not worth it to count subdirs to get the
+    * correct link count.  nlink=1 seems to pacify 'find' and
+    * other utilities.
+    */
+   if (type == OVL_PATH_MERGE)
+       stat->nlink = 1;
+
+   return 0;
+}
+
+static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
+                const char *link)
+{
+   int err;
+   struct dentry *newdentry;
+   struct dentry *upperdir;
+   struct inode *inode;
+   struct kstat stat = {
+       .mode = mode,
+       .rdev = rdev,
+   };
+
+   err = -ENOMEM;
+   inode = ovl_new_inode(dentry->d_sb, mode, dentry->d_fsdata);
+   if (!inode)
+       goto out;
+
+   err = ovl_copy_up(dentry->d_parent);
+   if (err)
+       goto out_iput;
+
+   upperdir = ovl_dentry_upper(dentry->d_parent);
+   mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
+
+   newdentry = ovl_upper_create(upperdir, dentry, &stat, link);
+   err = PTR_ERR(newdentry);
+   if (IS_ERR(newdentry))
+       goto out_unlock;
+
+   ovl_dentry_version_inc(dentry->d_parent);
+   if (ovl_dentry_is_opaque(dentry) && S_ISDIR(mode)) {
+       err = ovl_set_opaque(newdentry);
+       if (err) {
+           vfs_rmdir(upperdir->d_inode, newdentry);
+           ovl_whiteout(upperdir, dentry);
+           goto out_dput;
+       }
+   }
+   ovl_dentry_update(dentry, newdentry);
+   ovl_copyattr(newdentry->d_inode, inode);
+   d_instantiate(dentry, inode);
+   inode = NULL;
+   newdentry = NULL;
+   err = 0;
+
+out_dput:
+   dput(newdentry);
+out_unlock:
+   mutex_unlock(&upperdir->d_inode->i_mutex);
+out_iput:
+   iput(inode);
+out:
+   return err;
+}
+
+static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode,
+           struct nameidata *nd)
+{
+   return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
+}
+
+static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
+{
+   return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
+}
+
+static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
+            dev_t rdev)
+{
+   return ovl_create_object(dentry, mode, rdev, NULL);
+}
+
+static int ovl_symlink(struct inode *dir, struct dentry *dentry,
+            const char *link)
+{
+   return ovl_create_object(dentry, S_IFLNK, 0, link);
+}
+
+static int ovl_do_remove(struct dentry *dentry, bool is_dir)
+{
+   int err;
+   enum ovl_path_type type;
+   struct path realpath;
+   struct dentry *upperdir;
+
+   err = ovl_copy_up(dentry->d_parent);
+   if (err)
+       return err;
+
+   upperdir = ovl_dentry_upper(dentry->d_parent);
+   mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
+   type = ovl_path_real(dentry, &realpath);
+   if (type != OVL_PATH_LOWER) {
+       err = -ESTALE;
+       if (realpath.dentry->d_parent != upperdir)
+           goto out_d_drop;
+
+       /* FIXME: create whiteout up front and rename to target */
+
+       if (is_dir)
+           err = vfs_rmdir(upperdir->d_inode, realpath.dentry);
+       else
+           err = vfs_unlink(upperdir->d_inode, realpath.dentry);
+       if (err)
+           goto out_d_drop;
+
+       ovl_dentry_version_inc(dentry->d_parent);
+   }
+
+   if (type != OVL_PATH_UPPER || ovl_dentry_is_opaque(dentry))
+       err = ovl_whiteout(upperdir, dentry);
+
+   /*
+    * Keeping this dentry hashed would mean having to release
+    * upperpath/lowerpath, which could only be done if we are the
+    * sole user of this dentry.  Too tricky...  Just unhash for
+    * now.
+    */
+out_d_drop:
+   d_drop(dentry);
+   mutex_unlock(&upperdir->d_inode->i_mutex);
+
+   return err;
+}
+
+static int ovl_unlink(struct inode *dir, struct dentry *dentry)
+{
+   return ovl_do_remove(dentry, false);
+}
+
+
+static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
+{
+   int err;
+   enum ovl_path_type type;
+
+   type = ovl_path_type(dentry);
+   if (type != OVL_PATH_UPPER) {
+       err = ovl_check_empty_and_clear(dentry, type);
+       if (err)
+           return err;
+   }
+
+   return ovl_do_remove(dentry, true);
+}
+
+static int ovl_link(struct dentry *old, struct inode *newdir,
+           struct dentry *new)
+{
+   int err;
+   struct dentry *olddentry;
+   struct dentry *newdentry;
+   struct dentry *upperdir;
+   struct inode *newinode;
+
+   err = ovl_copy_up(old);
+   if (err)
+       goto out;
+
+   err = ovl_copy_up(new->d_parent);
+   if (err)
+       goto out;
+
+   upperdir = ovl_dentry_upper(new->d_parent);
+   mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
+   newdentry = ovl_lookup_create(upperdir, new);
+   err = PTR_ERR(newdentry);
+   if (IS_ERR(newdentry))
+       goto out_unlock;
+
+   olddentry = ovl_dentry_upper(old);
+   err = vfs_link(olddentry, upperdir->d_inode, newdentry);
+   if (!err) {
+       if (WARN_ON(!newdentry->d_inode)) {
+           dput(newdentry);
+           err = -ENOENT;
+           goto out_unlock;
+       }
+       newinode = ovl_new_inode(old->d_sb, newdentry->d_inode->i_mode,
+               new->d_fsdata);
+       if (!newinode)
+           goto link_fail;
+       ovl_copyattr(upperdir->d_inode, newinode);
+
+       ovl_dentry_version_inc(new->d_parent);
+       ovl_dentry_update(new, newdentry);
+
+       d_instantiate(new, newinode);
+   } else {
+link_fail:
+       if (ovl_dentry_is_opaque(new))
+           ovl_whiteout(upperdir, new);
+       dput(newdentry);
+   }
+out_unlock:
+   mutex_unlock(&upperdir->d_inode->i_mutex);
+out:
+   return err;
+
+}
+
+static int ovl_rename(struct inode *olddir, struct dentry *old,
+           struct inode *newdir, struct dentry *new)
+{
+   int err;
+   enum ovl_path_type old_type;
+   enum ovl_path_type new_type;
+   struct dentry *old_upperdir;
+   struct dentry *new_upperdir;
+   struct dentry *olddentry;
+   struct dentry *newdentry;
+   struct dentry *trap;
+   bool old_opaque;
+   bool new_opaque;
+   bool new_create = false;
+   bool is_dir = S_ISDIR(old->d_inode->i_mode);
+
+   /* Don't copy up directory trees */
+   old_type = ovl_path_type(old);
+   if (old_type != OVL_PATH_UPPER && is_dir)
+       return -EXDEV;
+
+   if (new->d_inode) {
+       new_type = ovl_path_type(new);
+
+       if (new_type == OVL_PATH_LOWER && old_type == OVL_PATH_LOWER) {
+           if (ovl_dentry_lower(old)->d_inode ==
+               ovl_dentry_lower(new)->d_inode)
+               return 0;
+       }
+       if (new_type != OVL_PATH_LOWER && old_type != OVL_PATH_LOWER) {
+           if (ovl_dentry_upper(old)->d_inode ==
+               ovl_dentry_upper(new)->d_inode)
+               return 0;
+       }
+
+       if (new_type != OVL_PATH_UPPER &&
+           S_ISDIR(new->d_inode->i_mode)) {
+           err = ovl_check_empty_and_clear(new, new_type);
+           if (err)
+               return err;
+       }
+   } else {
+       new_type = OVL_PATH_UPPER;
+   }
+
+   err = ovl_copy_up(old);
+   if (err)
+       return err;
+
+   err = ovl_copy_up(new->d_parent);
+   if (err)
+       return err;
+
+   old_upperdir = ovl_dentry_upper(old->d_parent);
+   new_upperdir = ovl_dentry_upper(new->d_parent);
+
+   trap = lock_rename(new_upperdir, old_upperdir);
+
+   olddentry = ovl_dentry_upper(old);
+   newdentry = ovl_dentry_upper(new);
+   if (newdentry) {
+       dget(newdentry);
+   } else {
+       new_create = true;
+       newdentry = ovl_lookup_create(new_upperdir, new);
+       err = PTR_ERR(newdentry);
+       if (IS_ERR(newdentry))
+           goto out_unlock;
+   }
+
+   err = -ESTALE;
+   if (olddentry->d_parent != old_upperdir)
+       goto out_dput;
+   if (newdentry->d_parent != new_upperdir)
+       goto out_dput;
+   if (olddentry == trap)
+       goto out_dput;
+   if (newdentry == trap)
+       goto out_dput;
+
+   old_opaque = ovl_dentry_is_opaque(old);
+   new_opaque = ovl_dentry_is_opaque(new) || new_type != OVL_PATH_UPPER;
+
+   if (is_dir && !old_opaque && new_opaque) {
+       err = ovl_set_opaque(olddentry);
+       if (err)
+           goto out_dput;
+   }
+
+   err = vfs_rename(old_upperdir->d_inode, olddentry,
+            new_upperdir->d_inode, newdentry);
+
+   if (err) {
+       if (new_create && ovl_dentry_is_opaque(new))
+           ovl_whiteout(new_upperdir, new);
+       if (is_dir && !old_opaque && new_opaque)
+           ovl_remove_opaque(olddentry);
+       goto out_dput;
+   }
+
+   if (old_type != OVL_PATH_UPPER || old_opaque)
+       err = ovl_whiteout(old_upperdir, old);
+   if (is_dir && old_opaque && !new_opaque)
+       ovl_remove_opaque(olddentry);
+
+   if (old_opaque != new_opaque)
+       ovl_dentry_set_opaque(old, new_opaque);
+
+   ovl_dentry_version_inc(old->d_parent);
+   ovl_dentry_version_inc(new->d_parent);
+
+out_dput:
+   dput(newdentry);
+out_unlock:
+   unlock_rename(new_upperdir, old_upperdir);
+   return err;
+}
+
+const struct inode_operations ovl_dir_inode_operations = {
+   .lookup     = ovl_lookup,
+   .mkdir      = ovl_mkdir,
+   .symlink    = ovl_symlink,
+   .unlink     = ovl_unlink,
+   .rmdir      = ovl_rmdir,
+   .rename     = ovl_rename,
+   .link       = ovl_link,
+   .setattr    = ovl_setattr,
+   .create     = ovl_create,
+   .mknod      = ovl_mknod,
+   .permission = ovl_permission,
+   .getattr    = ovl_dir_getattr,
+   .setxattr   = ovl_setxattr,
+   .getxattr   = ovl_getxattr,
+   .listxattr  = ovl_listxattr,
+   .removexattr    = ovl_removexattr,
+};
diff -ruNb a//fs/overlayfs/inode.c b//fs/overlayfs/inode.c
--- a//fs/overlayfs/inode.c 1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/inode.c 2012-10-21 15:35:10.213032386 +0100
@@ -0,0 +1,375 @@
+/*
+ *
+ * Copyright (C) 2011 Novell Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include <linux/xattr.h>
+#include "overlayfs.h"
+
+int ovl_setattr(struct dentry *dentry, struct iattr *attr)
+{
+   struct dentry *upperdentry;
+   int err;
+
+   if ((attr->ia_valid & ATTR_SIZE) && !ovl_dentry_upper(dentry))
+       err = ovl_copy_up_truncate(dentry, attr->ia_size);
+   else
+       err = ovl_copy_up(dentry);
+   if (err)
+       return err;
+
+   upperdentry = ovl_dentry_upper(dentry);
+
+   if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
+       attr->ia_valid &= ~ATTR_MODE;
+
+   mutex_lock(&upperdentry->d_inode->i_mutex);
+   err = notify_change(upperdentry, attr);
+   mutex_unlock(&upperdentry->d_inode->i_mutex);
+
+   return err;
+}
+
+static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry,
+            struct kstat *stat)
+{
+   struct path realpath;
+
+   ovl_path_real(dentry, &realpath);
+   return vfs_getattr(realpath.mnt, realpath.dentry, stat);
+}
+
+int ovl_permission(struct inode *inode, int mask)
+{
+   struct ovl_entry *oe;
+   struct dentry *alias = NULL;
+   struct inode *realinode;
+   struct dentry *realdentry;
+   bool is_upper;
+   int err;
+
+   if (S_ISDIR(inode->i_mode)) {
+       oe = inode->i_private;
+   } else if (mask & MAY_NOT_BLOCK) {
+       return -ECHILD;
+   } else {
+       /*
+        * For non-directories find an alias and get the info
+        * from there.
+        */
+       spin_lock(&inode->i_lock);
+       if (WARN_ON(list_empty(&inode->i_dentry))) {
+           spin_unlock(&inode->i_lock);
+           return -ENOENT;
+       }
+       alias = list_entry(inode->i_dentry.next,
+                  struct dentry, d_alias);
+       dget(alias);
+       spin_unlock(&inode->i_lock);
+       oe = alias->d_fsdata;
+   }
+
+   realdentry = ovl_entry_real(oe, &is_upper);
+
+   /* Careful in RCU walk mode */
+   realinode = ACCESS_ONCE(realdentry->d_inode);
+   if (!realinode) {
+       WARN_ON(!(mask & MAY_NOT_BLOCK));
+       err = -ENOENT;
+       goto out_dput;
+   }
+
+   if (mask & MAY_WRITE) {
+       umode_t mode = realinode->i_mode;
+
+       /*
+        * Writes will always be redirected to upper layer, so
+        * ignore lower layer being read-only.
+        *
+        * If the overlay itself is read-only then proceed
+        * with the permission check, don't return EROFS.
+        * This will only happen if this is the lower layer of
+        * another overlayfs.
+        *
+        * If upper fs becomes read-only after the overlay was
+        * constructed return EROFS to prevent modification of
+        * upper layer.
+        */
+       err = -EROFS;
+       if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
+           (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
+           goto out_dput;
+   }
+
+   err = inode_only_permission(realinode, mask);
+out_dput:
+   dput(alias);
+   return err;
+}
+
+
+struct ovl_link_data {
+   struct dentry *realdentry;
+   void *cookie;
+};
+
+static void *ovl_follow_link(struct dentry *dentry, struct nameidata *nd)
+{
+   void *ret;
+   struct dentry *realdentry;
+   struct inode *realinode;
+
+   realdentry = ovl_dentry_real(dentry);
+   realinode = realdentry->d_inode;
+
+   if (WARN_ON(!realinode->i_op->follow_link))
+       return ERR_PTR(-EPERM);
+
+   ret = realinode->i_op->follow_link(realdentry, nd);
+   if (IS_ERR(ret))
+       return ret;
+
+   if (realinode->i_op->put_link) {
+       struct ovl_link_data *data;
+
+       data = kmalloc(sizeof(struct ovl_link_data), GFP_KERNEL);
+       if (!data) {
+           realinode->i_op->put_link(realdentry, nd, ret);
+           return ERR_PTR(-ENOMEM);
+       }
+       data->realdentry = realdentry;
+       data->cookie = ret;
+
+       return data;
+   } else {
+       return NULL;
+   }
+}
+
+static void ovl_put_link(struct dentry *dentry, struct nameidata *nd, void *c)
+{
+   struct inode *realinode;
+   struct ovl_link_data *data = c;
+
+   if (!data)
+       return;
+
+   realinode = data->realdentry->d_inode;
+   realinode->i_op->put_link(data->realdentry, nd, data->cookie);
+   kfree(data);
+}
+
+static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
+{
+   struct path realpath;
+   struct inode *realinode;
+
+   ovl_path_real(dentry, &realpath);
+   realinode = realpath.dentry->d_inode;
+
+   if (!realinode->i_op->readlink)
+       return -EINVAL;
+
+   touch_atime(&realpath);
+
+   return realinode->i_op->readlink(realpath.dentry, buf, bufsiz);
+}
+
+
+static bool ovl_is_private_xattr(const char *name)
+{
+   return strncmp(name, "trusted.overlay.", 14) == 0;
+}
+
+int ovl_setxattr(struct dentry *dentry, const char *name,
+        const void *value, size_t size, int flags)
+{
+   int err;
+   struct dentry *upperdentry;
+
+   if (ovl_is_private_xattr(name))
+       return -EPERM;
+
+   err = ovl_copy_up(dentry);
+   if (err)
+       return err;
+
+   upperdentry = ovl_dentry_upper(dentry);
+   return  vfs_setxattr(upperdentry, name, value, size, flags);
+}
+
+ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
+            void *value, size_t size)
+{
+   if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
+       ovl_is_private_xattr(name))
+       return -ENODATA;
+
+   return vfs_getxattr(ovl_dentry_real(dentry), name, value, size);
+}
+
+ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
+{
+   ssize_t res;
+   int off;
+
+   res = vfs_listxattr(ovl_dentry_real(dentry), list, size);
+   if (res <= 0 || size == 0)
+       return res;
+
+   if (ovl_path_type(dentry->d_parent) != OVL_PATH_MERGE)
+       return res;
+
+   /* filter out private xattrs */
+   for (off = 0; off < res;) {
+       char *s = list + off;
+       size_t slen = strlen(s) + 1;
+
+       BUG_ON(off + slen > res);
+
+       if (ovl_is_private_xattr(s)) {
+           res -= slen;
+           memmove(s, s + slen, res - off);
+       } else {
+           off += slen;
+       }
+   }
+
+   return res;
+}
+
+int ovl_removexattr(struct dentry *dentry, const char *name)
+{
+   int err;
+   struct path realpath;
+   enum ovl_path_type type;
+
+   if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
+       ovl_is_private_xattr(name))
+       return -ENODATA;
+
+   type = ovl_path_real(dentry, &realpath);
+   if (type == OVL_PATH_LOWER) {
+       err = vfs_getxattr(realpath.dentry, name, NULL, 0);
+       if (err < 0)
+           return err;
+
+       err = ovl_copy_up(dentry);
+       if (err)
+           return err;
+
+       ovl_path_upper(dentry, &realpath);
+   }
+
+   return vfs_removexattr(realpath.dentry, name);
+}
+
+static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
+                 struct dentry *realdentry)
+{
+   if (type != OVL_PATH_LOWER)
+       return false;
+
+   if (special_file(realdentry->d_inode->i_mode))
+       return false;
+
+   if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
+       return false;
+
+   return true;
+}
+
+static struct file *ovl_open(struct dentry *dentry, struct file *file,
+                const struct cred *cred)
+{
+   int err;
+   struct path realpath;
+   enum ovl_path_type type;
+
+   type = ovl_path_real(dentry, &realpath);
+   if (ovl_open_need_copy_up(file->f_flags, type, realpath.dentry)) {
+       if (file->f_flags & O_TRUNC)
+           err = ovl_copy_up_truncate(dentry, 0);
+       else
+           err = ovl_copy_up(dentry);
+       if (err)
+           return ERR_PTR(err);
+
+       ovl_path_upper(dentry, &realpath);
+   }
+
+   return vfs_open(&realpath, file, cred);
+}
+
+static const struct inode_operations ovl_file_inode_operations = {
+   .setattr    = ovl_setattr,
+   .permission = ovl_permission,
+   .getattr    = ovl_getattr,
+   .setxattr   = ovl_setxattr,
+   .getxattr   = ovl_getxattr,
+   .listxattr  = ovl_listxattr,
+   .removexattr    = ovl_removexattr,
+   .open       = ovl_open,
+};
+
+static const struct inode_operations ovl_symlink_inode_operations = {
+   .setattr    = ovl_setattr,
+   .follow_link    = ovl_follow_link,
+   .put_link   = ovl_put_link,
+   .readlink   = ovl_readlink,
+   .getattr    = ovl_getattr,
+   .setxattr   = ovl_setxattr,
+   .getxattr   = ovl_getxattr,
+   .listxattr  = ovl_listxattr,
+   .removexattr    = ovl_removexattr,
+};
+
+struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
+               struct ovl_entry *oe)
+{
+   struct inode *inode;
+
+   inode = new_inode(sb);
+   if (!inode)
+       return NULL;
+
+   mode &= S_IFMT;
+
+   inode->i_ino = get_next_ino();
+   inode->i_mode = mode;
+   inode->i_flags |= S_NOATIME | S_NOCMTIME;
+
+   switch (mode) {
+   case S_IFDIR:
+       inode->i_private = oe;
+       inode->i_op = &ovl_dir_inode_operations;
+       inode->i_fop = &ovl_dir_operations;
+       break;
+
+   case S_IFLNK:
+       inode->i_op = &ovl_symlink_inode_operations;
+       break;
+
+   case S_IFREG:
+   case S_IFSOCK:
+   case S_IFBLK:
+   case S_IFCHR:
+   case S_IFIFO:
+       inode->i_op = &ovl_file_inode_operations;
+       break;
+
+   default:
+       WARN(1, "illegal file type: %i\n", mode);
+       iput(inode);
+       inode = NULL;
+   }
+
+   return inode;
+
+}
diff -ruNb a//fs/overlayfs/Kconfig b//fs/overlayfs/Kconfig
--- a//fs/overlayfs/Kconfig 1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/Kconfig 2012-10-21 15:33:23.868301470 +0100
@@ -0,0 +1,4 @@
+config OVERLAYFS_FS
+   tristate "Overlay filesystem support"
+   help
+     Add support for overlay filesystem.
diff -ruNb a//fs/overlayfs/Makefile b//fs/overlayfs/Makefile
--- a//fs/overlayfs/Makefile    1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/Makefile    2012-10-21 15:33:23.868301470 +0100
@@ -0,0 +1,7 @@
+#
+# Makefile for the overlay filesystem.
+#
+
+obj-$(CONFIG_OVERLAYFS_FS) += overlayfs.o
+
+overlayfs-objs := super.o inode.o dir.o readdir.o copy_up.o
diff -ruNb a//fs/overlayfs/overlayfs.h b//fs/overlayfs/overlayfs.h
--- a//fs/overlayfs/overlayfs.h 1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/overlayfs.h 2012-10-21 15:35:40.472972180 +0100
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright (C) 2011 Novell Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+struct ovl_entry;
+
+enum ovl_path_type {
+   OVL_PATH_UPPER,
+   OVL_PATH_MERGE,
+   OVL_PATH_LOWER,
+};
+
+extern const char *ovl_opaque_xattr;
+extern const char *ovl_whiteout_xattr;
+extern const struct dentry_operations ovl_dentry_operations;
+
+enum ovl_path_type ovl_path_type(struct dentry *dentry);
+u64 ovl_dentry_version_get(struct dentry *dentry);
+void ovl_dentry_version_inc(struct dentry *dentry);
+void ovl_path_upper(struct dentry *dentry, struct path *path);
+void ovl_path_lower(struct dentry *dentry, struct path *path);
+enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path);
+struct dentry *ovl_dentry_upper(struct dentry *dentry);
+struct dentry *ovl_dentry_lower(struct dentry *dentry);
+struct dentry *ovl_dentry_real(struct dentry *dentry);
+struct dentry *ovl_entry_real(struct ovl_entry *oe, bool *is_upper);
+bool ovl_dentry_is_opaque(struct dentry *dentry);
+void ovl_dentry_set_opaque(struct dentry *dentry, bool opaque);
+bool ovl_is_whiteout(struct dentry *dentry);
+void ovl_dentry_update(struct dentry *dentry, struct dentry *upperdentry);
+struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
+             struct nameidata *nd);
+struct file *ovl_path_open(struct path *path, int flags);
+
+struct dentry *ovl_upper_create(struct dentry *upperdir, struct dentry *dentry,
+               struct kstat *stat, const char *link);
+
+/* readdir.c */
+extern const struct file_operations ovl_dir_operations;
+int ovl_check_empty_and_clear(struct dentry *dentry, enum ovl_path_type type);
+
+/* inode.c */
+int ovl_setattr(struct dentry *dentry, struct iattr *attr);
+int ovl_permission(struct inode *inode, int mask);
+int ovl_setxattr(struct dentry *dentry, const char *name,
+        const void *value, size_t size, int flags);
+ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
+            void *value, size_t size);
+ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size);
+int ovl_removexattr(struct dentry *dentry, const char *name);
+
+struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
+               struct ovl_entry *oe);
+static inline void ovl_copyattr(struct inode *from, struct inode *to)
+{
+   to->i_uid = from->i_uid;
+   to->i_gid = from->i_gid;
+}
+
+/* dir.c */
+extern const struct inode_operations ovl_dir_inode_operations;
+
+/* copy_up.c */
+int ovl_copy_up(struct dentry *dentry);
+int ovl_copy_up_truncate(struct dentry *dentry, loff_t size);
diff -ruNb a//fs/overlayfs/readdir.c b//fs/overlayfs/readdir.c
--- a//fs/overlayfs/readdir.c   1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/readdir.c   2012-10-21 15:33:23.870301202 +0100
@@ -0,0 +1,566 @@
+/*
+ *
+ * Copyright (C) 2011 Novell Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include <linux/namei.h>
+#include <linux/file.h>
+#include <linux/xattr.h>
+#include <linux/rbtree.h>
+#include <linux/security.h>
+#include <linux/cred.h>
+#include "overlayfs.h"
+
+struct ovl_cache_entry {
+   const char *name;
+   unsigned int len;
+   unsigned int type;
+   u64 ino;
+   bool is_whiteout;
+   struct list_head l_node;
+   struct rb_node node;
+};
+
+struct ovl_readdir_data {
+   struct rb_root *root;
+   struct list_head *list;
+   struct list_head *middle;
+   struct dentry *dir;
+   int count;
+   int err;
+};
+
+struct ovl_dir_file {
+   bool is_real;
+   bool is_cached;
+   struct list_head cursor;
+   u64 cache_version;
+   struct list_head cache;
+   struct file *realfile;
+};
+
+static struct ovl_cache_entry *ovl_cache_entry_from_node(struct rb_node *n)
+{
+   return container_of(n, struct ovl_cache_entry, node);
+}
+
+static struct ovl_cache_entry *ovl_cache_entry_find(struct rb_root *root,
+                           const char *name, int len)
+{
+   struct rb_node *node = root->rb_node;
+   int cmp;
+
+   while (node) {
+       struct ovl_cache_entry *p = ovl_cache_entry_from_node(node);
+
+       cmp = strncmp(name, p->name, len);
+       if (cmp > 0)
+           node = p->node.rb_right;
+       else if (cmp < 0 || len < p->len)
+           node = p->node.rb_left;
+       else
+           return p;
+   }
+
+   return NULL;
+}
+
+static struct ovl_cache_entry *ovl_cache_entry_new(const char *name, int len,
+                          u64 ino, unsigned int d_type)
+{
+   struct ovl_cache_entry *p;
+
+   p = kmalloc(sizeof(*p) + len + 1, GFP_KERNEL);
+   if (p) {
+       char *name_copy = (char *) (p + 1);
+       memcpy(name_copy, name, len);
+       name_copy[len] = '\0';
+       p->name = name_copy;
+       p->len = len;
+       p->type = d_type;
+       p->ino = ino;
+       p->is_whiteout = false;
+   }
+
+   return p;
+}
+
+static int ovl_cache_entry_add_rb(struct ovl_readdir_data *rdd,
+                 const char *name, int len, u64 ino,
+                 unsigned int d_type)
+{
+   struct rb_node **newp = &rdd->root->rb_node;
+   struct rb_node *parent = NULL;
+   struct ovl_cache_entry *p;
+
+   while (*newp) {
+       int cmp;
+       struct ovl_cache_entry *tmp;
+
+       parent = *newp;
+       tmp = ovl_cache_entry_from_node(*newp);
+       cmp = strncmp(name, tmp->name, len);
+       if (cmp > 0)
+           newp = &tmp->node.rb_right;
+       else if (cmp < 0 || len < tmp->len)
+           newp = &tmp->node.rb_left;
+       else
+           return 0;
+   }
+
+   p = ovl_cache_entry_new(name, len, ino, d_type);
+   if (p == NULL)
+       return -ENOMEM;
+
+   list_add_tail(&p->l_node, rdd->list);
+   rb_link_node(&p->node, parent, newp);
+   rb_insert_color(&p->node, rdd->root);
+
+   return 0;
+}
+
+static int ovl_fill_lower(void *buf, const char *name, int namelen,
+               loff_t offset, u64 ino, unsigned int d_type)
+{
+   struct ovl_readdir_data *rdd = buf;
+   struct ovl_cache_entry *p;
+
+   rdd->count++;
+   p = ovl_cache_entry_find(rdd->root, name, namelen);
+   if (p) {
+       list_move_tail(&p->l_node, rdd->middle);
+   } else {
+       p = ovl_cache_entry_new(name, namelen, ino, d_type);
+       if (p == NULL)
+           rdd->err = -ENOMEM;
+       else
+           list_add_tail(&p->l_node, rdd->middle);
+   }
+
+   return rdd->err;
+}
+
+static void ovl_cache_free(struct list_head *list)
+{
+   struct ovl_cache_entry *p;
+   struct ovl_cache_entry *n;
+
+   list_for_each_entry_safe(p, n, list, l_node)
+       kfree(p);
+
+   INIT_LIST_HEAD(list);
+}
+
+static int ovl_fill_upper(void *buf, const char *name, int namelen,
+             loff_t offset, u64 ino, unsigned int d_type)
+{
+   struct ovl_readdir_data *rdd = buf;
+
+   rdd->count++;
+   return ovl_cache_entry_add_rb(rdd, name, namelen, ino, d_type);
+}
+
+static inline int ovl_dir_read(struct path *realpath,
+                  struct ovl_readdir_data *rdd, filldir_t filler)
+{
+   struct file *realfile;
+   int err;
+
+   realfile = ovl_path_open(realpath, O_RDONLY | O_DIRECTORY);
+   if (IS_ERR(realfile))
+       return PTR_ERR(realfile);
+
+   do {
+       rdd->count = 0;
+       rdd->err = 0;
+       err = vfs_readdir(realfile, filler, rdd);
+       if (err >= 0)
+           err = rdd->err;
+   } while (!err && rdd->count);
+   fput(realfile);
+
+   return 0;
+}
+
+static void ovl_dir_reset(struct file *file)
+{
+   struct ovl_dir_file *od = file->private_data;
+   enum ovl_path_type type = ovl_path_type(file->f_path.dentry);
+
+   if (ovl_dentry_version_get(file->f_path.dentry) != od->cache_version) {
+       list_del_init(&od->cursor);
+       ovl_cache_free(&od->cache);
+       od->is_cached = false;
+   }
+   WARN_ON(!od->is_real && type != OVL_PATH_MERGE);
+   if (od->is_real && type == OVL_PATH_MERGE) {
+       fput(od->realfile);
+       od->realfile = NULL;
+       od->is_real = false;
+   }
+}
+
+static int ovl_dir_mark_whiteouts(struct ovl_readdir_data *rdd)
+{
+   struct ovl_cache_entry *p;
+   struct dentry *dentry;
+   const struct cred *old_cred;
+   struct cred *override_cred;
+
+   override_cred = prepare_creds();
+   if (!override_cred) {
+       ovl_cache_free(rdd->list);
+       return -ENOMEM;
+   }
+
+   /*
+    * CAP_SYS_ADMIN for getxattr
+    * CAP_DAC_OVERRIDE for lookup
+    */
+   cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+   cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
+   old_cred = override_creds(override_cred);
+
+   mutex_lock(&rdd->dir->d_inode->i_mutex);
+   list_for_each_entry(p, rdd->list, l_node) {
+       if (p->type != DT_LNK)
+           continue;
+
+       dentry = lookup_one_len(p->name, rdd->dir, p->len);
+       if (IS_ERR(dentry))
+           continue;
+
+       p->is_whiteout = ovl_is_whiteout(dentry);
+       dput(dentry);
+   }
+   mutex_unlock(&rdd->dir->d_inode->i_mutex);
+
+   revert_creds(old_cred);
+   put_cred(override_cred);
+
+   return 0;
+}
+
+static inline int ovl_dir_read_merged(struct path *upperpath,
+                     struct path *lowerpath,
+                     struct ovl_readdir_data *rdd)
+{
+   int err;
+   struct rb_root root = RB_ROOT;
+   struct list_head middle;
+
+   rdd->root = &root;
+   if (upperpath->dentry) {
+       rdd->dir = upperpath->dentry;
+       err = ovl_dir_read(upperpath, rdd, ovl_fill_upper);
+       if (err)
+           goto out;
+
+       err = ovl_dir_mark_whiteouts(rdd);
+       if (err)
+           goto out;
+   }
+   /*
+    * Insert lowerpath entries before upperpath ones, this allows
+    * offsets to be reasonably constant
+    */
+   list_add(&middle, rdd->list);
+   rdd->middle = &middle;
+   err = ovl_dir_read(lowerpath, rdd, ovl_fill_lower);
+   list_del(&middle);
+out:
+   rdd->root = NULL;
+
+   return err;
+}
+
+static void ovl_seek_cursor(struct ovl_dir_file *od, loff_t pos)
+{
+   struct list_head *l;
+   loff_t off;
+
+   l = od->cache.next;
+   for (off = 0; off < pos; off++) {
+       if (l == &od->cache)
+           break;
+       l = l->next;
+   }
+   list_move_tail(&od->cursor, l);
+}
+
+static int ovl_readdir(struct file *file, void *buf, filldir_t filler)
+{
+   struct ovl_dir_file *od = file->private_data;
+   int res;
+
+   if (!file->f_pos)
+       ovl_dir_reset(file);
+
+   if (od->is_real) {
+       res = vfs_readdir(od->realfile, filler, buf);
+       file->f_pos = od->realfile->f_pos;
+
+       return res;
+   }
+
+   if (!od->is_cached) {
+       struct path lowerpath;
+       struct path upperpath;
+       struct ovl_readdir_data rdd = { .list = &od->cache };
+
+       ovl_path_lower(file->f_path.dentry, &lowerpath);
+       ovl_path_upper(file->f_path.dentry, &upperpath);
+
+       res = ovl_dir_read_merged(&upperpath, &lowerpath, &rdd);
+       if (res) {
+           ovl_cache_free(rdd.list);
+           return res;
+       }
+
+       od->cache_version = ovl_dentry_version_get(file->f_path.dentry);
+       od->is_cached = true;
+
+       ovl_seek_cursor(od, file->f_pos);
+   }
+
+   while (od->cursor.next != &od->cache) {
+       int over;
+       loff_t off;
+       struct ovl_cache_entry *p;
+
+       p = list_entry(od->cursor.next, struct ovl_cache_entry, l_node);
+       off = file->f_pos;
+       if (!p->is_whiteout) {
+           over = filler(buf, p->name, p->len, off, p->ino,
+                     p->type);
+           if (over)
+               break;
+       }
+       file->f_pos++;
+       list_move(&od->cursor, &p->l_node);
+   }
+
+   return 0;
+}
+
+static loff_t ovl_dir_llseek(struct file *file, loff_t offset, int origin)
+{
+   loff_t res;
+   struct ovl_dir_file *od = file->private_data;
+
+   mutex_lock(&file->f_dentry->d_inode->i_mutex);
+   if (!file->f_pos)
+       ovl_dir_reset(file);
+
+   if (od->is_real) {
+       res = vfs_llseek(od->realfile, offset, origin);
+       file->f_pos = od->realfile->f_pos;
+   } else {
+       res = -EINVAL;
+
+       switch (origin) {
+       case SEEK_CUR:
+           offset += file->f_pos;
+           break;
+       case SEEK_SET:
+           break;
+       default:
+           goto out_unlock;
+       }
+       if (offset < 0)
+           goto out_unlock;
+
+       if (offset != file->f_pos) {
+           file->f_pos = offset;
+           if (od->is_cached)
+               ovl_seek_cursor(od, offset);
+       }
+       res = offset;
+   }
+out_unlock:
+   mutex_unlock(&file->f_dentry->d_inode->i_mutex);
+
+   return res;
+}
+
+static int ovl_dir_fsync(struct file *file, loff_t start, loff_t end,
+            int datasync)
+{
+   struct ovl_dir_file *od = file->private_data;
+
+   /* May need to reopen directory if it got copied up */
+   if (!od->realfile) {
+       struct path upperpath;
+
+       ovl_path_upper(file->f_path.dentry, &upperpath);
+       od->realfile = ovl_path_open(&upperpath, O_RDONLY);
+       if (IS_ERR(od->realfile))
+           return PTR_ERR(od->realfile);
+   }
+
+   return vfs_fsync_range(od->realfile, start, end, datasync);
+}
+
+static int ovl_dir_release(struct inode *inode, struct file *file)
+{
+   struct ovl_dir_file *od = file->private_data;
+
+   list_del(&od->cursor);
+   ovl_cache_free(&od->cache);
+   if (od->realfile)
+       fput(od->realfile);
+   kfree(od);
+
+   return 0;
+}
+
+static int ovl_dir_open(struct inode *inode, struct file *file)
+{
+   struct path realpath;
+   struct file *realfile;
+   struct ovl_dir_file *od;
+   enum ovl_path_type type;
+
+   od = kzalloc(sizeof(struct ovl_dir_file), GFP_KERNEL);
+   if (!od)
+       return -ENOMEM;
+
+   type = ovl_path_real(file->f_path.dentry, &realpath);
+   realfile = ovl_path_open(&realpath, file->f_flags);
+   if (IS_ERR(realfile)) {
+       kfree(od);
+       return PTR_ERR(realfile);
+   }
+   INIT_LIST_HEAD(&od->cache);
+   INIT_LIST_HEAD(&od->cursor);
+   od->is_cached = false;
+   od->realfile = realfile;
+   od->is_real = (type != OVL_PATH_MERGE);
+   file->private_data = od;
+
+   return 0;
+}
+
+const struct file_operations ovl_dir_operations = {
+   .read       = generic_read_dir,
+   .open       = ovl_dir_open,
+   .readdir    = ovl_readdir,
+   .llseek     = ovl_dir_llseek,
+   .fsync      = ovl_dir_fsync,
+   .release    = ovl_dir_release,
+};
+
+static int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list)
+{
+   int err;
+   struct path lowerpath;
+   struct path upperpath;
+   struct ovl_cache_entry *p;
+   struct ovl_readdir_data rdd = { .list = list };
+
+   ovl_path_upper(dentry, &upperpath);
+   ovl_path_lower(dentry, &lowerpath);
+
+   err = ovl_dir_read_merged(&upperpath, &lowerpath, &rdd);
+   if (err)
+       return err;
+
+   err = 0;
+
+   list_for_each_entry(p, list, l_node) {
+       if (p->is_whiteout)
+           continue;
+
+       if (p->name[0] == '.') {
+           if (p->len == 1)
+               continue;
+           if (p->len == 2 && p->name[1] == '.')
+               continue;
+       }
+       err = -ENOTEMPTY;
+       break;
+   }
+
+   return err;
+}
+
+static int ovl_remove_whiteouts(struct dentry *dir, struct list_head *list)
+{
+   struct path upperpath;
+   struct dentry *upperdir;
+   struct ovl_cache_entry *p;
+   const struct cred *old_cred;
+   struct cred *override_cred;
+   int err;
+
+   ovl_path_upper(dir, &upperpath);
+   upperdir = upperpath.dentry;
+
+   override_cred = prepare_creds();
+   if (!override_cred)
+       return -ENOMEM;
+
+   /*
+    * CAP_DAC_OVERRIDE for lookup and unlink
+    * CAP_SYS_ADMIN for setxattr of "trusted" namespace
+    * CAP_FOWNER for unlink in sticky directory
+    */
+   cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
+   cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+   cap_raise(override_cred->cap_effective, CAP_FOWNER);
+   old_cred = override_creds(override_cred);
+
+   err = vfs_setxattr(upperdir, ovl_opaque_xattr, "y", 1, 0);
+   if (err)
+       goto out_revert_creds;
+
+   mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
+   list_for_each_entry(p, list, l_node) {
+       struct dentry *dentry;
+       int ret;
+
+       if (!p->is_whiteout)
+           continue;
+
+       dentry = lookup_one_len(p->name, upperdir, p->len);
+       if (IS_ERR(dentry)) {
+           printk(KERN_WARNING
+               "overlayfs: failed to lookup whiteout %.*s: %li\n",
+               p->len, p->name, PTR_ERR(dentry));
+           continue;
+       }
+       ret = vfs_unlink(upperdir->d_inode, dentry);
+       dput(dentry);
+       if (ret)
+           printk(KERN_WARNING
+               "overlayfs: failed to unlink whiteout %.*s: %i\n",
+               p->len, p->name, ret);
+   }
+   mutex_unlock(&upperdir->d_inode->i_mutex);
+
+out_revert_creds:
+   revert_creds(old_cred);
+   put_cred(override_cred);
+
+   return err;
+}
+
+int ovl_check_empty_and_clear(struct dentry *dentry, enum ovl_path_type type)
+{
+   int err;
+   LIST_HEAD(list);
+
+   err = ovl_check_empty_dir(dentry, &list);
+   if (!err && type == OVL_PATH_MERGE)
+       err = ovl_remove_whiteouts(dentry, &list);
+
+   ovl_cache_free(&list);
+
+   return err;
+}
diff -ruNb a//fs/overlayfs/super.c b//fs/overlayfs/super.c
--- a//fs/overlayfs/super.c 1970-01-01 01:00:00.000000000 +0100
+++ b//fs/overlayfs/super.c 2012-10-21 15:35:40.473972046 +0100
@@ -0,0 +1,665 @@
+/*
+ *
+ * Copyright (C) 2011 Novell Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published by
+ * the Free Software Foundation.
+ */
+
+#include <linux/fs.h>
+#include <linux/namei.h>
+#include <linux/xattr.h>
+#include <linux/security.h>
+#include <linux/mount.h>
+#include <linux/slab.h>
+#include <linux/parser.h>
+#include <linux/module.h>
+#include <linux/cred.h>
+#include <linux/sched.h>
+#include <linux/seq_file.h>
+#include "overlayfs.h"
+
+MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
+MODULE_DESCRIPTION("Overlay filesystem");
+MODULE_LICENSE("GPL");
+
+struct ovl_config {
+   char *lowerdir;
+   char *upperdir;
+};
+
+/* private information held for overlayfs's superblock */
+struct ovl_fs {
+   struct vfsmount *upper_mnt;
+   struct vfsmount *lower_mnt;
+   /* pathnames of lower and upper dirs, for show_options */
+   struct ovl_config config;
+};
+
+/* private information held for every overlayfs dentry */
+struct ovl_entry {
+   /*
+    * Keep "double reference" on upper dentries, so that
+    * d_delete() doesn't think it's OK to reset d_inode to NULL.
+    */
+   struct dentry *__upperdentry;
+   struct dentry *lowerdentry;
+   union {
+       struct {
+           u64 version;
+           bool opaque;
+       };
+       struct rcu_head rcu;
+   };
+};
+
+const char *ovl_whiteout_xattr = "trusted.overlay.whiteout";
+const char *ovl_opaque_xattr = "trusted.overlay.opaque";
+
+
+enum ovl_path_type ovl_path_type(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   if (oe->__upperdentry) {
+       if (oe->lowerdentry && S_ISDIR(dentry->d_inode->i_mode))
+           return OVL_PATH_MERGE;
+       else
+           return OVL_PATH_UPPER;
+   } else {
+       return OVL_PATH_LOWER;
+   }
+}
+
+static struct dentry *ovl_upperdentry_dereference(struct ovl_entry *oe)
+{
+   struct dentry *upperdentry = ACCESS_ONCE(oe->__upperdentry);
+   smp_read_barrier_depends();
+   return upperdentry;
+}
+
+void ovl_path_upper(struct dentry *dentry, struct path *path)
+{
+   struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   path->mnt = ofs->upper_mnt;
+   path->dentry = ovl_upperdentry_dereference(oe);
+}
+
+void ovl_path_lower(struct dentry *dentry, struct path *path)
+{
+   struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   path->mnt = ofs->lower_mnt;
+   path->dentry = oe->lowerdentry;
+}
+
+enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path)
+{
+
+   enum ovl_path_type type = ovl_path_type(dentry);
+
+   if (type == OVL_PATH_LOWER)
+       ovl_path_lower(dentry, path);
+   else
+       ovl_path_upper(dentry, path);
+
+   return type;
+}
+
+struct dentry *ovl_dentry_upper(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   return ovl_upperdentry_dereference(oe);
+}
+
+struct dentry *ovl_dentry_lower(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   return oe->lowerdentry;
+}
+
+struct dentry *ovl_dentry_real(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+   struct dentry *realdentry;
+
+   realdentry = ovl_upperdentry_dereference(oe);
+   if (!realdentry)
+       realdentry = oe->lowerdentry;
+
+   return realdentry;
+}
+
+struct dentry *ovl_entry_real(struct ovl_entry *oe, bool *is_upper)
+{
+   struct dentry *realdentry;
+
+   realdentry = ovl_upperdentry_dereference(oe);
+   if (realdentry) {
+       *is_upper = true;
+   } else {
+       realdentry = oe->lowerdentry;
+       *is_upper = false;
+   }
+   return realdentry;
+}
+
+bool ovl_dentry_is_opaque(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+   return oe->opaque;
+}
+
+void ovl_dentry_set_opaque(struct dentry *dentry, bool opaque)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+   oe->opaque = opaque;
+}
+
+void ovl_dentry_update(struct dentry *dentry, struct dentry *upperdentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   WARN_ON(!mutex_is_locked(&upperdentry->d_parent->d_inode->i_mutex));
+   WARN_ON(oe->__upperdentry);
+   BUG_ON(!upperdentry->d_inode);
+   smp_wmb();
+   oe->__upperdentry = dget(upperdentry);
+}
+
+void ovl_dentry_version_inc(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   WARN_ON(!mutex_is_locked(&dentry->d_inode->i_mutex));
+   oe->version++;
+}
+
+u64 ovl_dentry_version_get(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   WARN_ON(!mutex_is_locked(&dentry->d_inode->i_mutex));
+   return oe->version;
+}
+
+bool ovl_is_whiteout(struct dentry *dentry)
+{
+   int res;
+   char val;
+
+   if (!dentry)
+       return false;
+   if (!dentry->d_inode)
+       return false;
+   if (!S_ISLNK(dentry->d_inode->i_mode))
+       return false;
+
+   res = vfs_getxattr(dentry, ovl_whiteout_xattr, &val, 1);
+   if (res == 1 && val == 'y')
+       return true;
+
+   return false;
+}
+
+static bool ovl_is_opaquedir(struct dentry *dentry)
+{
+   int res;
+   char val;
+
+   if (!S_ISDIR(dentry->d_inode->i_mode))
+       return false;
+
+   res = vfs_getxattr(dentry, ovl_opaque_xattr, &val, 1);
+   if (res == 1 && val == 'y')
+       return true;
+
+   return false;
+}
+
+static void ovl_entry_free(struct rcu_head *head)
+{
+   struct ovl_entry *oe = container_of(head, struct ovl_entry, rcu);
+   kfree(oe);
+}
+
+static void ovl_dentry_release(struct dentry *dentry)
+{
+   struct ovl_entry *oe = dentry->d_fsdata;
+
+   if (oe) {
+       dput(oe->__upperdentry);
+       dput(oe->__upperdentry);
+       dput(oe->lowerdentry);
+       call_rcu(&oe->rcu, ovl_entry_free);
+   }
+}
+
+const struct dentry_operations ovl_dentry_operations = {
+   .d_release = ovl_dentry_release,
+};
+
+static struct ovl_entry *ovl_alloc_entry(void)
+{
+   return kzalloc(sizeof(struct ovl_entry), GFP_KERNEL);
+}
+
+static inline struct dentry *ovl_lookup_real(struct dentry *dir,
+                        struct qstr *name)
+{
+   struct dentry *dentry;
+
+   mutex_lock(&dir->d_inode->i_mutex);
+   dentry = lookup_one_len(name->name, dir, name->len);
+   mutex_unlock(&dir->d_inode->i_mutex);
+
+   if (IS_ERR(dentry)) {
+       if (PTR_ERR(dentry) == -ENOENT)
+           dentry = NULL;
+   } else if (!dentry->d_inode) {
+       dput(dentry);
+       dentry = NULL;
+   }
+   return dentry;
+}
+
+static int ovl_do_lookup(struct dentry *dentry)
+{
+   struct ovl_entry *oe;
+   struct dentry *upperdir;
+   struct dentry *lowerdir;
+   struct dentry *upperdentry = NULL;
+   struct dentry *lowerdentry = NULL;
+   struct inode *inode = NULL;
+   int err;
+
+   err = -ENOMEM;
+   oe = ovl_alloc_entry();
+   if (!oe)
+       goto out;
+
+   upperdir = ovl_dentry_upper(dentry->d_parent);
+   lowerdir = ovl_dentry_lower(dentry->d_parent);
+
+   if (upperdir) {
+       upperdentry = ovl_lookup_real(upperdir, &dentry->d_name);
+       err = PTR_ERR(upperdentry);
+       if (IS_ERR(upperdentry))
+           goto out_put_dir;
+
+       if (lowerdir && upperdentry &&
+           (S_ISLNK(upperdentry->d_inode->i_mode) ||
+            S_ISDIR(upperdentry->d_inode->i_mode))) {
+           const struct cred *old_cred;
+           struct cred *override_cred;
+
+           err = -ENOMEM;
+           override_cred = prepare_creds();
+           if (!override_cred)
+               goto out_dput_upper;
+
+           /* CAP_SYS_ADMIN needed for getxattr */
+           cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
+           old_cred = override_creds(override_cred);
+
+           if (ovl_is_opaquedir(upperdentry)) {
+               oe->opaque = true;
+           } else if (ovl_is_whiteout(upperdentry)) {
+               dput(upperdentry);
+               upperdentry = NULL;
+               oe->opaque = true;
+           }
+           revert_creds(old_cred);
+           put_cred(override_cred);
+       }
+   }
+   if (lowerdir && !oe->opaque) {
+       lowerdentry = ovl_lookup_real(lowerdir, &dentry->d_name);
+       err = PTR_ERR(lowerdentry);
+       if (IS_ERR(lowerdentry))
+           goto out_dput_upper;
+   }
+
+   if (lowerdentry && upperdentry &&
+       (!S_ISDIR(upperdentry->d_inode->i_mode) ||
+        !S_ISDIR(lowerdentry->d_inode->i_mode))) {
+       dput(lowerdentry);
+       lowerdentry = NULL;
+       oe->opaque = true;
+   }
+
+   if (lowerdentry || upperdentry) {
+       struct dentry *realdentry;
+
+       realdentry = upperdentry ? upperdentry : lowerdentry;
+       err = -ENOMEM;
+       inode = ovl_new_inode(dentry->d_sb, realdentry->d_inode->i_mode,
+                     oe);
+       if (!inode)
+           goto out_dput;
+       ovl_copyattr(realdentry->d_inode, inode);
+   }
+
+   if (upperdentry)
+       oe->__upperdentry = dget(upperdentry);
+
+   if (lowerdentry)
+       oe->lowerdentry = lowerdentry;
+
+   dentry->d_fsdata = oe;
+   dentry->d_op = &ovl_dentry_operations;
+   d_add(dentry, inode);
+
+   return 0;
+
+out_dput:
+   dput(lowerdentry);
+out_dput_upper:
+   dput(upperdentry);
+out_put_dir:
+   kfree(oe);
+out:
+   return err;
+}
+
+struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
+             struct nameidata *nd)
+{
+   int err = ovl_do_lookup(dentry);
+
+   if (err)
+       return ERR_PTR(err);
+
+   return NULL;
+}
+
+struct file *ovl_path_open(struct path *path, int flags)
+{
+   path_get(path);
+   return dentry_open(path->dentry, path->mnt, flags, current_cred());
+}
+
+static void ovl_put_super(struct super_block *sb)
+{
+   struct ovl_fs *ufs = sb->s_fs_info;
+
+   if (!(sb->s_flags & MS_RDONLY))
+       mnt_drop_write(ufs->upper_mnt);
+
+   mntput(ufs->upper_mnt);
+   mntput(ufs->lower_mnt);
+
+   kfree(ufs->config.lowerdir);
+   kfree(ufs->config.upperdir);
+   kfree(ufs);
+}
+
+static int ovl_remount_fs(struct super_block *sb, int *flagsp, char *data)
+{
+   int flags = *flagsp;
+   struct ovl_fs *ufs = sb->s_fs_info;
+
+   /* When remounting rw or ro, we need to adjust the write access to the
+    * upper fs.
+    */
+   if (((flags ^ sb->s_flags) & MS_RDONLY) == 0)
+       /* No change to readonly status */
+       return 0;
+
+   if (flags & MS_RDONLY) {
+       mnt_drop_write(ufs->upper_mnt);
+       return 0;
+   } else
+       return mnt_want_write(ufs->upper_mnt);
+}
+
+/**
+ * ovl_statfs
+ * @sb: The overlayfs super block
+ * @buf: The struct kstatfs to fill in with stats
+ *
+ * Get the filesystem statistics.  As writes always target the upper layer
+ * filesystem pass the statfs to the same filesystem.
+ */
+static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
+{
+   struct dentry *root_dentry = dentry->d_sb->s_root;
+   struct path path;
+   ovl_path_upper(root_dentry, &path);
+
+   if (!path.dentry->d_sb->s_op->statfs)
+       return -ENOSYS;
+   return path.dentry->d_sb->s_op->statfs(path.dentry, buf);
+}
+
+/**
+ * ovl_show_options
+ *
+ * Prints the mount options for a given superblock.
+ * Returns zero; does not fail.
+ */
+static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
+{
+   struct super_block *sb = dentry->d_sb;
+   struct ovl_fs *ufs = sb->s_fs_info;
+
+   seq_printf(m, ",lowerdir=%s", ufs->config.lowerdir);
+   seq_printf(m, ",upperdir=%s", ufs->config.upperdir);
+   return 0;
+}
+
+static const struct super_operations ovl_super_operations = {
+   .put_super  = ovl_put_super,
+   .remount_fs = ovl_remount_fs,
+   .statfs     = ovl_statfs,
+   .show_options   = ovl_show_options,
+};
+
+enum {
+   Opt_lowerdir,
+   Opt_upperdir,
+   Opt_err,
+};
+
+static const match_table_t ovl_tokens = {
+   {Opt_lowerdir,          "lowerdir=%s"},
+   {Opt_upperdir,          "upperdir=%s"},
+   {Opt_err,           NULL}
+};
+
+static int ovl_parse_opt(char *opt, struct ovl_config *config)
+{
+   char *p;
+
+   config->upperdir = NULL;
+   config->lowerdir = NULL;
+
+   while ((p = strsep(&opt, ",")) != NULL) {
+       int token;
+       substring_t args[MAX_OPT_ARGS];
+
+       if (!*p)
+           continue;
+
+       token = match_token(p, ovl_tokens, args);
+       switch (token) {
+       case Opt_upperdir:
+           kfree(config->upperdir);
+           config->upperdir = match_strdup(&args[0]);
+           if (!config->upperdir)
+               return -ENOMEM;
+           break;
+
+       case Opt_lowerdir:
+           kfree(config->lowerdir);
+           config->lowerdir = match_strdup(&args[0]);
+           if (!config->lowerdir)
+               return -ENOMEM;
+           break;
+
+       default:
+           return -EINVAL;
+       }
+   }
+   return 0;
+}
+
+static int ovl_fill_super(struct super_block *sb, void *data, int silent)
+{
+   struct path lowerpath;
+   struct path upperpath;
+   struct inode *root_inode;
+   struct dentry *root_dentry;
+   struct ovl_entry *oe;
+   struct ovl_fs *ufs;
+   int err;
+
+   err = -ENOMEM;
+   ufs = kmalloc(sizeof(struct ovl_fs), GFP_KERNEL);
+   if (!ufs)
+       goto out;
+
+   err = ovl_parse_opt((char *) data, &ufs->config);
+   if (err)
+       goto out_free_ufs;
+
+   err = -EINVAL;
+   if (!ufs->config.upperdir || !ufs->config.lowerdir) {
+       printk(KERN_ERR "overlayfs: missing upperdir or lowerdir\n");
+       goto out_free_config;
+   }
+
+   oe = ovl_alloc_entry();
+   if (oe == NULL)
+       goto out_free_config;
+
+   err = kern_path(ufs->config.upperdir, LOOKUP_FOLLOW, &upperpath);
+   if (err)
+       goto out_free_oe;
+
+   err = kern_path(ufs->config.lowerdir, LOOKUP_FOLLOW, &lowerpath);
+   if (err)
+       goto out_put_upperpath;
+
+   err = -ENOTDIR;
+   if (!S_ISDIR(upperpath.dentry->d_inode->i_mode) ||
+       !S_ISDIR(lowerpath.dentry->d_inode->i_mode))
+       goto out_put_lowerpath;
+
+   sb->s_stack_depth = max(upperpath.mnt->mnt_sb->s_stack_depth,
+               lowerpath.mnt->mnt_sb->s_stack_depth) + 1;
+
+   err = -EINVAL;
+   if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+       printk(KERN_ERR "overlayfs: maximum fs stacking depth exceeded\n");
+       goto out_put_lowerpath;
+   }
+
+
+   ufs->upper_mnt = clone_private_mount(&upperpath);
+   err = PTR_ERR(ufs->upper_mnt);
+   if (IS_ERR(ufs->upper_mnt)) {
+       printk(KERN_ERR "overlayfs: failed to clone upperpath\n");
+       goto out_put_lowerpath;
+   }
+
+   ufs->lower_mnt = clone_private_mount(&lowerpath);
+   err = PTR_ERR(ufs->lower_mnt);
+   if (IS_ERR(ufs->lower_mnt)) {
+       printk(KERN_ERR "overlayfs: failed to clone lowerpath\n");
+       goto out_put_upper_mnt;
+   }
+
+   /*
+    * Make lower_mnt R/O.  That way fchmod/fchown on lower file
+    * will fail instead of modifying lower fs.
+    */
+   ufs->lower_mnt->mnt_flags |= MNT_READONLY;
+
+   /* If the upper fs is r/o, we mark overlayfs r/o too */
+   if (ufs->upper_mnt->mnt_sb->s_flags & MS_RDONLY)
+       sb->s_flags |= MS_RDONLY;
+
+   if (!(sb->s_flags & MS_RDONLY)) {
+       err = mnt_want_write(ufs->upper_mnt);
+       if (err)
+           goto out_put_lower_mnt;
+   }
+
+   err = -ENOMEM;
+   root_inode = ovl_new_inode(sb, S_IFDIR, oe);
+   if (!root_inode)
+       goto out_drop_write;
+
+   root_dentry = d_make_root(root_inode);
+   if (!root_dentry)
+       goto out_drop_write;
+
+   mntput(upperpath.mnt);
+   mntput(lowerpath.mnt);
+
+   oe->__upperdentry = dget(upperpath.dentry);
+   oe->lowerdentry = lowerpath.dentry;
+
+   root_dentry->d_fsdata = oe;
+   root_dentry->d_op = &ovl_dentry_operations;
+
+   sb->s_op = &ovl_super_operations;
+   sb->s_root = root_dentry;
+   sb->s_fs_info = ufs;
+
+   return 0;
+
+out_drop_write:
+   if (!(sb->s_flags & MS_RDONLY))
+       mnt_drop_write(ufs->upper_mnt);
+out_put_lower_mnt:
+   mntput(ufs->lower_mnt);
+out_put_upper_mnt:
+   mntput(ufs->upper_mnt);
+out_put_lowerpath:
+   path_put(&lowerpath);
+out_put_upperpath:
+   path_put(&upperpath);
+out_free_oe:
+   kfree(oe);
+out_free_config:
+   kfree(ufs->config.lowerdir);
+   kfree(ufs->config.upperdir);
+out_free_ufs:
+   kfree(ufs);
+out:
+   return err;
+}
+
+static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
+               const char *dev_name, void *raw_data)
+{
+   return mount_nodev(fs_type, flags, raw_data, ovl_fill_super);
+}
+
+static struct file_system_type ovl_fs_type = {
+   .owner      = THIS_MODULE,
+   .name       = "overlayfs",
+   .mount      = ovl_mount,
+   .kill_sb    = kill_anon_super,
+};
+
+static int __init ovl_init(void)
+{
+   return register_filesystem(&ovl_fs_type);
+}
+
+static void __exit ovl_exit(void)
+{
+   unregister_filesystem(&ovl_fs_type);
+}
+
+module_init(ovl_init);
+module_exit(ovl_exit);
diff -ruNb a//fs/splice.c b//fs/splice.c
--- a//fs/splice.c  2012-10-12 21:48:25.000000000 +0100
+++ b//fs/splice.c  2012-10-21 15:32:47.265212787 +0100
@@ -1305,6 +1305,7 @@

    return ret;
 }
+EXPORT_SYMBOL(do_splice_direct);

 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
                   struct pipe_inode_info *opipe,
diff -ruNb a//include/linux/fs.h b//include/linux/fs.h
--- a//include/linux/fs.h   2012-10-12 21:48:25.000000000 +0100
+++ b//include/linux/fs.h   2012-10-21 15:35:00.152382302 +0100
@@ -499,6 +499,12 @@
  */
 #include <linux/quota.h>

+/*
+ * Maximum number of layers of fs stack.  Needs to be limited to
+ * prevent kernel stack overflow
+ */
+#define FILESYSTEM_MAX_STACK_DEPTH 2
+
 /**
  * enum positive_aop_returns - aop return codes with specific semantics
  *
@@ -1542,6 +1548,11 @@

    /* Being remounted read-only */
    int s_readonly_remount;
+
+   /*
+    * Indicates how deep in a filesystem stack this SB is
+    */
+   int s_stack_depth;
 };

 /* superblock cache pruning functions */
@@ -1693,6 +1704,8 @@
    int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start,
              u64 len);
    int (*update_time)(struct inode *, struct timespec *, int);
+   struct file *(*open) (struct dentry *, struct file *,
+                 const struct cred *);
 } ____cacheline_aligned;

 struct seq_file;
@@ -2057,6 +2070,7 @@
 extern struct file *filp_open(const char *, int, umode_t);
 extern struct file *file_open_root(struct dentry *, struct vfsmount *,
                   const char *, int);
+extern struct file *vfs_open(struct path *, struct file *, const struct cred *);
 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int,
                 const struct cred *);
 extern int filp_close(struct file *, fl_owner_t id);
@@ -2249,6 +2263,7 @@
 #endif
 extern int notify_change(struct dentry *, struct iattr *);
 extern int inode_permission(struct inode *, int);
+extern int inode_only_permission(struct inode *, int);
 extern int generic_permission(struct inode *, int);

 static inline bool execute_ok(struct inode *inode)
diff -ruNb a//include/linux/mount.h b//include/linux/mount.h
--- a//include/linux/mount.h    2012-10-12 21:48:25.000000000 +0100
+++ b//include/linux/mount.h    2012-10-21 15:33:09.262261274 +0100
@@ -66,6 +66,9 @@
 extern void mnt_unpin(struct vfsmount *mnt);
 extern int __mnt_is_readonly(struct vfsmount *mnt);

+struct path;
+extern struct vfsmount *clone_private_mount(struct path *path);
+
 struct file_system_type;
 extern struct vfsmount *vfs_kern_mount(struct file_system_type *type,
                      int flags, const char *name,
diff -ruNb a//MAINTAINERS b//MAINTAINERS
--- a//MAINTAINERS  2012-10-12 21:48:25.000000000 +0100
+++ b//MAINTAINERS  2012-10-21 15:34:04.767813670 +0100
@@ -5066,6 +5066,13 @@
 F: include/scsi/osd_*
 F: fs/exofs/

+OVERLAYFS FILESYSTEM
+M: Miklos Szeredi <miklos@szeredi.hu>
+L: linux-fsdevel@vger.kernel.org
+S: Supported
+F: fs/overlayfs/*
+F: Documentation/filesystems/overlayfs.txt
+
 P54 WIRELESS DRIVER
 M: Christian Lamparter <chunkeey@googlemail.com>
 L: linux-wireless@vger.kernel.org
diff -ruNb a//security/apparmor/apparmorfs.c b//security/apparmor/apparmorfs.c
--- a//security/apparmor/apparmorfs.c   2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/apparmorfs.c   2012-10-21 15:35:27.442720548 +0100
@@ -198,9 +198,22 @@
    { }
 };

+static struct aa_fs_entry aa_fs_entry_mount[] = {
+   AA_FS_FILE_STRING("mask", "mount umount"),
+   { }
+};
+
+static struct aa_fs_entry aa_fs_entry_namespaces[] = {
+   AA_FS_FILE_BOOLEAN("profile",       1),
+   AA_FS_FILE_BOOLEAN("pivot_root",    1),
+   { }
+};
+
 static struct aa_fs_entry aa_fs_entry_features[] = {
    AA_FS_DIR("domain",         aa_fs_entry_domain),
    AA_FS_DIR("file",           aa_fs_entry_file),
+   AA_FS_DIR("mount",          aa_fs_entry_mount),
+   AA_FS_DIR("namespaces",         aa_fs_entry_namespaces),
    AA_FS_FILE_U64("capability",        VFS_CAP_FLAGS_MASK),
    AA_FS_DIR("rlimit",         aa_fs_entry_rlimit),
    { }
diff -ruNb a//security/apparmor/audit.c b//security/apparmor/audit.c
--- a//security/apparmor/audit.c    2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/audit.c    2012-10-21 15:35:27.442720548 +0100
@@ -44,6 +44,10 @@
    "file_mmap",
    "file_mprotect",

+   "pivotroot",
+   "mount",
+   "umount",
+
    "create",
    "post_create",
    "bind",
diff -ruNb a//security/apparmor/domain.c b//security/apparmor/domain.c
--- a//security/apparmor/domain.c   2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/domain.c   2012-10-21 15:35:27.443720414 +0100
@@ -242,7 +242,7 @@
  *
  * Returns: refcounted profile, or NULL on failure (MAYBE NULL)
  */
-static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
+struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
 {
    struct aa_profile *new_profile = NULL;
    struct aa_namespace *ns = profile->ns;
diff -ruNb a//security/apparmor/include/apparmor.h b//security/apparmor/include/apparmor.h
--- a//security/apparmor/include/apparmor.h 2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/include/apparmor.h 2012-10-21 15:35:27.443720414 +0100
@@ -29,8 +29,9 @@
 #define AA_CLASS_NET       4
 #define AA_CLASS_RLIMITS   5
 #define AA_CLASS_DOMAIN        6
+#define AA_CLASS_MOUNT     7

-#define AA_CLASS_LAST      AA_CLASS_DOMAIN
+#define AA_CLASS_LAST      AA_CLASS_MOUNT

 /* Control parameters settable through module/boot flags */
 extern enum audit_mode aa_g_audit;
diff -ruNb a//security/apparmor/include/audit.h b//security/apparmor/include/audit.h
--- a//security/apparmor/include/audit.h    2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/include/audit.h    2012-10-21 15:35:27.443720414 +0100
@@ -73,6 +73,10 @@
    OP_FMMAP,
    OP_FMPROT,

+   OP_PIVOTROOT,
+   OP_MOUNT,
+   OP_UMOUNT,
+
    OP_CREATE,
    OP_POST_CREATE,
    OP_BIND,
@@ -122,6 +126,13 @@
            unsigned long max;
        } rlim;
        struct {
+           const char *src_name;
+           const char *type;
+           const char *trans;
+           const char *data;
+           unsigned long flags;
+       } mnt;
+       struct {
            const char *target;
            u32 request;
            u32 denied;
diff -ruNb a//security/apparmor/include/domain.h b//security/apparmor/include/domain.h
--- a//security/apparmor/include/domain.h   2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/include/domain.h   2012-10-21 15:35:27.443720414 +0100
@@ -23,6 +23,8 @@
    char **table;
 };

+struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex);
+
 int apparmor_bprm_set_creds(struct linux_binprm *bprm);
 int apparmor_bprm_secureexec(struct linux_binprm *bprm);
 void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
diff -ruNb a//security/apparmor/include/mount.h b//security/apparmor/include/mount.h
--- a//security/apparmor/include/mount.h    1970-01-01 01:00:00.000000000 +0100
+++ b//security/apparmor/include/mount.h    2012-10-21 15:35:27.443720414 +0100
@@ -0,0 +1,54 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor file mediation function definitions.
+ *
+ * Copyright 2012 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_MOUNT_H
+#define __AA_MOUNT_H
+
+#include <linux/fs.h>
+#include <linux/path.h>
+
+#include "domain.h"
+#include "policy.h"
+
+/* mount perms */
+#define AA_MAY_PIVOTROOT   0x01
+#define AA_MAY_MOUNT       0x02
+#define AA_MAY_UMOUNT      0x04
+#define AA_AUDIT_DATA      0x40
+#define AA_CONT_MATCH      0x40
+
+#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
+
+int aa_remount(struct aa_profile *profile, struct path *path,
+          unsigned long flags, void *data);
+
+int aa_bind_mount(struct aa_profile *profile, struct path *path,
+         const char *old_name, unsigned long flags);
+
+
+int aa_mount_change_type(struct aa_profile *profile, struct path *path,
+            unsigned long flags);
+
+int aa_move_mount(struct aa_profile *profile, struct path *path,
+         const char *old_name);
+
+int aa_new_mount(struct aa_profile *profile, const char *dev_name,
+        struct path *path, const char *type, unsigned long flags,
+        void *data);
+
+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags);
+
+int aa_pivotroot(struct aa_profile *profile, struct path *old_path,
+         struct path *new_path);
+
+#endif /* __AA_MOUNT_H */
diff -ruNb a//security/apparmor/lsm.c b//security/apparmor/lsm.c
--- a//security/apparmor/lsm.c  2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/lsm.c  2012-10-21 15:35:27.444720280 +0100
@@ -35,6 +35,7 @@
 #include "include/path.h"
 #include "include/policy.h"
 #include "include/procattr.h"
+#include "include/mount.h"

 /* Flag indicating whether initialization completed */
 int apparmor_initialized __initdata;
@@ -503,6 +504,60 @@
               !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
 }

+static int apparmor_sb_mount(char *dev_name, struct path *path, char *type,
+                unsigned long flags, void *data)
+{
+   struct aa_profile *profile;
+   int error = 0;
+
+   /* Discard magic */
+   if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
+       flags &= ~MS_MGC_MSK;
+
+   flags &= ~AA_MS_IGNORE_MASK;
+
+   profile = __aa_current_profile();
+   if (!unconfined(profile)) {
+       if (flags & MS_REMOUNT)
+           error = aa_remount(profile, path, flags, data);
+       else if (flags & MS_BIND)
+           error = aa_bind_mount(profile, path, dev_name, flags);
+       else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE |
+                 MS_UNBINDABLE))
+           error = aa_mount_change_type(profile, path, flags);
+       else if (flags & MS_MOVE)
+           error = aa_move_mount(profile, path, dev_name);
+       else
+           error = aa_new_mount(profile, dev_name, path, type,
+                        flags, data);
+   }
+   return error;
+}
+
+static int apparmor_sb_umount(struct vfsmount *mnt, int flags)
+{
+   struct aa_profile *profile;
+   int error = 0;
+
+   profile = __aa_current_profile();
+   if (!unconfined(profile))
+       error = aa_umount(profile, mnt, flags);
+
+   return error;
+}
+
+static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path)
+{
+   struct aa_profile *profile;
+   int error = 0;
+
+   profile = __aa_current_profile();
+   if (!unconfined(profile))
+       error = aa_pivotroot(profile, old_path, new_path);
+
+   return error;
+}
+
 static int apparmor_getprocattr(struct task_struct *task, char *name,
                char **value)
 {
@@ -622,6 +677,10 @@
    .capget =           apparmor_capget,
    .capable =          apparmor_capable,

+   .sb_mount =         apparmor_sb_mount,
+   .sb_umount =            apparmor_sb_umount,
+   .sb_pivotroot =         apparmor_sb_pivotroot,
+
    .path_link =            apparmor_path_link,
    .path_unlink =          apparmor_path_unlink,
    .path_symlink =         apparmor_path_symlink,
diff -ruNb a//security/apparmor/Makefile b//security/apparmor/Makefile
--- a//security/apparmor/Makefile   2012-10-12 21:48:25.000000000 +0100
+++ b//security/apparmor/Makefile   2012-10-21 15:35:27.442720548 +0100
@@ -4,11 +4,10 @@

 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
               path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
-              resource.o sid.o file.o
+              resource.o sid.o file.o mount.o

 clean-files := capability_names.h rlim_names.h

-
 # Build a lower case string table of capability names
 # Transforms lines from
 #    #define CAP_DAC_OVERRIDE     1
diff -ruNb a//security/apparmor/mount.c b//security/apparmor/mount.c
--- a//security/apparmor/mount.c    1970-01-01 01:00:00.000000000 +0100
+++ b//security/apparmor/mount.c    2012-10-21 15:35:27.444720280 +0100
@@ -0,0 +1,620 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor mediation of files
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2012 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/namei.h>
+
+#include "include/apparmor.h"
+#include "include/audit.h"
+#include "include/context.h"
+#include "include/domain.h"
+#include "include/file.h"
+#include "include/match.h"
+#include "include/mount.h"
+#include "include/path.h"
+#include "include/policy.h"
+
+
+static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags)
+{
+   if (flags & MS_RDONLY)
+       audit_log_format(ab, "ro");
+   else
+       audit_log_format(ab, "rw");
+   if (flags & MS_NOSUID)
+       audit_log_format(ab, ", nosuid");
+   if (flags & MS_NODEV)
+       audit_log_format(ab, ", nodev");
+   if (flags & MS_NOEXEC)
+       audit_log_format(ab, ", noexec");
+   if (flags & MS_SYNCHRONOUS)
+       audit_log_format(ab, ", sync");
+   if (flags & MS_REMOUNT)
+       audit_log_format(ab, ", remount");
+   if (flags & MS_MANDLOCK)
+       audit_log_format(ab, ", mand");
+   if (flags & MS_DIRSYNC)
+       audit_log_format(ab, ", dirsync");
+   if (flags & MS_NOATIME)
+       audit_log_format(ab, ", noatime");
+   if (flags & MS_NODIRATIME)
+       audit_log_format(ab, ", nodiratime");
+   if (flags & MS_BIND)
+       audit_log_format(ab, flags & MS_REC ? ", rbind" : ", bind");
+   if (flags & MS_MOVE)
+       audit_log_format(ab, ", move");
+   if (flags & MS_SILENT)
+       audit_log_format(ab, ", silent");
+   if (flags & MS_POSIXACL)
+       audit_log_format(ab, ", acl");
+   if (flags & MS_UNBINDABLE)
+       audit_log_format(ab, flags & MS_REC ? ", runbindable" :
+                ", unbindable");
+   if (flags & MS_PRIVATE)
+       audit_log_format(ab, flags & MS_REC ? ", rprivate" :
+                ", private");
+   if (flags & MS_SLAVE)
+       audit_log_format(ab, flags & MS_REC ? ", rslave" :
+                ", slave");
+   if (flags & MS_SHARED)
+       audit_log_format(ab, flags & MS_REC ? ", rshared" :
+                ", shared");
+   if (flags & MS_RELATIME)
+       audit_log_format(ab, ", relatime");
+   if (flags & MS_I_VERSION)
+       audit_log_format(ab, ", iversion");
+   if (flags & MS_STRICTATIME)
+       audit_log_format(ab, ", strictatime");
+   if (flags & MS_NOUSER)
+       audit_log_format(ab, ", nouser");
+}
+
+/**
+ * audit_cb - call back for mount specific audit fields
+ * @ab: audit_buffer  (NOT NULL)
+ * @va: audit struct to audit values of  (NOT NULL)
+ */
+static void audit_cb(struct audit_buffer *ab, void *va)
+{
+   struct common_audit_data *sa = va;
+
+   if (sa->aad->mnt.type) {
+       audit_log_format(ab, " fstype=");
+       audit_log_untrustedstring(ab, sa->aad->mnt.type);
+   }
+   if (sa->aad->mnt.src_name) {
+       audit_log_format(ab, " srcname=");
+       audit_log_untrustedstring(ab, sa->aad->mnt.src_name);
+   }
+   if (sa->aad->mnt.trans) {
+       audit_log_format(ab, " trans=");
+       audit_log_untrustedstring(ab, sa->aad->mnt.trans);
+   }
+   if (sa->aad->mnt.flags || sa->aad->op == OP_MOUNT) {
+       audit_log_format(ab, " flags=\"");
+       audit_mnt_flags(ab, sa->aad->mnt.flags);
+       audit_log_format(ab, "\"");
+   }
+   if (sa->aad->mnt.data) {
+       audit_log_format(ab, " options=");
+       audit_log_untrustedstring(ab, sa->aad->mnt.data);
+   }
+}
+
+/**
+ * audit_mount - handle the auditing of mount operations
+ * @profile: the profile being enforced  (NOT NULL)
+ * @gfp: allocation flags
+ * @op: operation being mediated (NOT NULL)
+ * @name: name of object being mediated (MAYBE NULL)
+ * @src_name: src_name of object being mediated (MAYBE_NULL)
+ * @type: type of filesystem (MAYBE_NULL)
+ * @trans: name of trans (MAYBE NULL)
+ * @flags: filesystem idependent mount flags
+ * @data: filesystem mount flags
+ * @request: permissions requested
+ * @perms: the permissions computed for the request (NOT NULL)
+ * @info: extra information message (MAYBE NULL)
+ * @error: 0 if operation allowed else failure error code
+ *
+ * Returns: %0 or error on failure
+ */
+static int audit_mount(struct aa_profile *profile, gfp_t gfp, int op,
+              const char *name, const char *src_name,
+              const char *type, const char *trans,
+              unsigned long flags, const void *data, u32 request,
+              struct file_perms *perms, const char *info, int error)
+{
+   int audit_type = AUDIT_APPARMOR_AUTO;
+   struct common_audit_data sa;
+   struct apparmor_audit_data aad = { };
+
+   if (likely(!error)) {
+       u32 mask = perms->audit;
+
+       if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
+           mask = 0xffff;
+
+       /* mask off perms that are not being force audited */
+       request &= mask;
+
+       if (likely(!request))
+           return 0;
+       audit_type = AUDIT_APPARMOR_AUDIT;
+   } else {
+       /* only report permissions that were denied */
+       request = request & ~perms->allow;
+
+       if (request & perms->kill)
+           audit_type = AUDIT_APPARMOR_KILL;
+
+       /* quiet known rejects, assumes quiet and kill do not overlap */
+       if ((request & perms->quiet) &&
+           AUDIT_MODE(profile) != AUDIT_NOQUIET &&
+           AUDIT_MODE(profile) != AUDIT_ALL)
+           request &= ~perms->quiet;
+
+       if (!request)
+           return COMPLAIN_MODE(profile) ?
+               complain_error(error) : error;
+   }
+
+   sa.type = LSM_AUDIT_DATA_NONE;
+   sa.aad = &aad;
+   sa.aad->op = op;
+   sa.aad->name = name;
+   sa.aad->mnt.src_name = src_name;
+   sa.aad->mnt.type = type;
+   sa.aad->mnt.trans = trans;
+   sa.aad->mnt.flags = flags;
+   if (data && (perms->audit & AA_AUDIT_DATA))
+       sa.aad->mnt.data = data;
+   sa.aad->info = info;
+   sa.aad->error = error;
+
+   return aa_audit(audit_type, profile, gfp, &sa, audit_cb);
+}
+
+/**
+ * match_mnt_flags - Do an ordered match on mount flags
+ * @dfa: dfa to match against
+ * @state: state to start in
+ * @flags: mount flags to match against
+ *
+ * Mount flags are encoded as an ordered match. This is done instead of
+ * checking against a simple bitmask, to allow for logical operations
+ * on the flags.
+ *
+ * Returns: next state after flags match
+ */
+static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state,
+                   unsigned long flags)
+{
+   unsigned int i;
+
+   for (i = 0; i <= 31 ; ++i) {
+       if ((1 << i) & flags)
+           state = aa_dfa_next(dfa, state, i + 1);
+   }
+
+   return state;
+}
+
+/**
+ * compute_mnt_perms - compute mount permission associated with @state
+ * @dfa: dfa to match against (NOT NULL)
+ * @state: state match finished in
+ *
+ * Returns: mount permissions
+ */
+static struct file_perms compute_mnt_perms(struct aa_dfa *dfa,
+                      unsigned int state)
+{
+   struct file_perms perms;
+
+   perms.kill = 0;
+   perms.allow = dfa_user_allow(dfa, state);
+   perms.audit = dfa_user_audit(dfa, state);
+   perms.quiet = dfa_user_quiet(dfa, state);
+   perms.xindex = dfa_user_xindex(dfa, state);
+
+   return perms;
+}
+
+static const char const *mnt_info_table[] = {
+   "match succeeded",
+   "failed mntpnt match",
+   "failed srcname match",
+   "failed type match",
+   "failed flags match",
+   "failed data match"
+};
+
+/*
+ * Returns 0 on success else element that match failed in, this is the
+ * index into the mnt_info_table above
+ */
+static int do_match_mnt(struct aa_dfa *dfa, unsigned int start,
+           const char *mntpnt, const char *devname,
+           const char *type, unsigned long flags,
+           void *data, bool binary, struct file_perms *perms)
+{
+   unsigned int state;
+
+   state = aa_dfa_match(dfa, start, mntpnt);
+   state = aa_dfa_null_transition(dfa, state);
+   if (!state)
+       return 1;
+
+   if (devname)
+       state = aa_dfa_match(dfa, state, devname);
+   state = aa_dfa_null_transition(dfa, state);
+   if (!state)
+       return 2;
+
+   if (type)
+       state = aa_dfa_match(dfa, state, type);
+   state = aa_dfa_null_transition(dfa, state);
+   if (!state)
+       return 3;
+
+   state = match_mnt_flags(dfa, state, flags);
+   if (!state)
+       return 4;
+   *perms = compute_mnt_perms(dfa, state);
+   if (perms->allow & AA_MAY_MOUNT)
+       return 0;
+
+   /* only match data if not binary and the DFA flags data is expected */
+   if (data && !binary && (perms->allow & AA_CONT_MATCH)) {
+       state = aa_dfa_null_transition(dfa, state);
+       if (!state)
+           return 4;
+
+       state = aa_dfa_match(dfa, state, data);
+       if (!state)
+           return 5;
+       *perms = compute_mnt_perms(dfa, state);
+       if (perms->allow & AA_MAY_MOUNT)
+           return 0;
+   }
+
+   /* failed at end of flags match */
+   return 4;
+}
+
+/**
+ * match_mnt - handle path matching for mount
+ * @profile: the confining profile
+ * @mntpnt: string for the mntpnt (NOT NULL)
+ * @devname: string for the devname/src_name (MAYBE NULL)
+ * @type: string for the dev type (MAYBE NULL)
+ * @flags: mount flags to match
+ * @data: fs mount data (MAYBE NULL)
+ * @binary: whether @data is binary
+ * @perms: Returns: permission found by the match
+ * @info: Returns: infomation string about the match for logging
+ *
+ * Returns: 0 on success else error
+ */
+static int match_mnt(struct aa_profile *profile, const char *mntpnt,
+            const char *devname, const char *type,
+            unsigned long flags, void *data, bool binary,
+            struct file_perms *perms, const char **info)
+{
+   int pos;
+
+   if (!profile->policy.dfa)
+       return -EACCES;
+
+   pos = do_match_mnt(profile->policy.dfa,
+              profile->policy.start[AA_CLASS_MOUNT],
+              mntpnt, devname, type, flags, data, binary, perms);
+   if (pos) {
+       *info = mnt_info_table[pos];
+       return -EACCES;
+   }
+
+   return 0;
+}
+
+static int path_flags(struct aa_profile *profile, struct path *path)
+{
+   return profile->path_flags |
+       S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0;
+}
+
+int aa_remount(struct aa_profile *profile, struct path *path,
+          unsigned long flags, void *data)
+{
+   struct file_perms perms = { };
+   const char *name, *info = NULL;
+   char *buffer = NULL;
+   int binary, error;
+
+   binary = path->dentry->d_sb->s_type->fs_flags & FS_BINARY_MOUNTDATA;
+
+   error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+                &info);
+   if (error)
+       goto audit;
+
+   error = match_mnt(profile, name, NULL, NULL, flags, data, binary,
+             &perms, &info);
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL,
+               NULL, flags, data, AA_MAY_MOUNT, &perms, info,
+               error);
+   kfree(buffer);
+
+   return error;
+}
+
+int aa_bind_mount(struct aa_profile *profile, struct path *path,
+         const char *dev_name, unsigned long flags)
+{
+   struct file_perms perms = { };
+   char *buffer = NULL, *old_buffer = NULL;
+   const char *name, *old_name = NULL, *info = NULL;
+   struct path old_path;
+   int error;
+
+   if (!dev_name || !*dev_name)
+       return -EINVAL;
+
+   flags &= MS_REC | MS_BIND;
+
+   error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+                &info);
+   if (error)
+       goto audit;
+
+   error = kern_path(dev_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
+   if (error)
+       goto audit;
+
+   error = aa_path_name(&old_path, path_flags(profile, &old_path),
+                &old_buffer, &old_name, &info);
+   path_put(&old_path);
+   if (error)
+       goto audit;
+
+   error = match_mnt(profile, name, old_name, NULL, flags, NULL, 0,
+             &perms, &info);
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name,
+               NULL, NULL, flags, NULL, AA_MAY_MOUNT, &perms,
+               info, error);
+   kfree(buffer);
+   kfree(old_buffer);
+
+   return error;
+}
+
+int aa_mount_change_type(struct aa_profile *profile, struct path *path,
+            unsigned long flags)
+{
+   struct file_perms perms = { };
+   char *buffer = NULL;
+   const char *name, *info = NULL;
+   int error;
+
+   /* These are the flags allowed by do_change_type() */
+   flags &= (MS_REC | MS_SILENT | MS_SHARED | MS_PRIVATE | MS_SLAVE |
+         MS_UNBINDABLE);
+
+   error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+                &info);
+   if (error)
+       goto audit;
+
+   error = match_mnt(profile, name, NULL, NULL, flags, NULL, 0, &perms,
+             &info);
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL,
+               NULL, flags, NULL, AA_MAY_MOUNT, &perms, info,
+               error);
+   kfree(buffer);
+
+   return error;
+}
+
+int aa_move_mount(struct aa_profile *profile, struct path *path,
+         const char *orig_name)
+{
+   struct file_perms perms = { };
+   char *buffer = NULL, *old_buffer = NULL;
+   const char *name, *old_name = NULL, *info = NULL;
+   struct path old_path;
+   int error;
+
+   if (!orig_name || !*orig_name)
+       return -EINVAL;
+
+   error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+                &info);
+   if (error)
+       goto audit;
+
+   error = kern_path(orig_name, LOOKUP_FOLLOW, &old_path);
+   if (error)
+       goto audit;
+
+   error = aa_path_name(&old_path, path_flags(profile, &old_path),
+                &old_buffer, &old_name, &info);
+   path_put(&old_path);
+   if (error)
+       goto audit;
+
+   error = match_mnt(profile, name, old_name, NULL, MS_MOVE, NULL, 0,
+             &perms, &info);
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name,
+               NULL, NULL, MS_MOVE, NULL, AA_MAY_MOUNT, &perms,
+               info, error);
+   kfree(buffer);
+   kfree(old_buffer);
+
+   return error;
+}
+
+int aa_new_mount(struct aa_profile *profile, const char *orig_dev_name,
+        struct path *path, const char *type, unsigned long flags,
+        void *data)
+{
+   struct file_perms perms = { };
+   char *buffer = NULL, *dev_buffer = NULL;
+   const char *name = NULL, *dev_name = NULL, *info = NULL;
+   int binary = 1;
+   int error;
+
+   dev_name = orig_dev_name;
+   if (type) {
+       int requires_dev;
+       struct file_system_type *fstype = get_fs_type(type);
+       if (!fstype)
+           return -ENODEV;
+
+       binary = fstype->fs_flags & FS_BINARY_MOUNTDATA;
+       requires_dev = fstype->fs_flags & FS_REQUIRES_DEV;
+       put_filesystem(fstype);
+
+       if (requires_dev) {
+           struct path dev_path;
+
+           if (!dev_name || !*dev_name) {
+               error = -ENOENT;
+               goto out;
+           }
+
+           error = kern_path(dev_name, LOOKUP_FOLLOW, &dev_path);
+           if (error)
+               goto audit;
+
+           error = aa_path_name(&dev_path,
+                        path_flags(profile, &dev_path),
+                        &dev_buffer, &dev_name, &info);
+           path_put(&dev_path);
+           if (error)
+               goto audit;
+       }
+   }
+
+   error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+                &info);
+   if (error)
+       goto audit;
+
+   error = match_mnt(profile, name, dev_name, type, flags, data, binary,
+             &perms, &info);
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name,  dev_name,
+               type, NULL, flags, data, AA_MAY_MOUNT, &perms, info,
+               error);
+   kfree(buffer);
+   kfree(dev_buffer);
+
+out:
+   return error;
+
+}
+
+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags)
+{
+   struct file_perms perms = { };
+   char *buffer = NULL;
+   const char *name, *info = NULL;
+   int error;
+
+   struct path path = { mnt, mnt->mnt_root };
+   error = aa_path_name(&path, path_flags(profile, &path), &buffer, &name,
+                &info);
+   if (error)
+       goto audit;
+
+   if (!error && profile->policy.dfa) {
+       unsigned int state;
+       state = aa_dfa_match(profile->policy.dfa,
+                    profile->policy.start[AA_CLASS_MOUNT],
+                    name);
+       perms = compute_mnt_perms(profile->policy.dfa, state);
+   }
+
+   if (AA_MAY_UMOUNT & ~perms.allow)
+       error = -EACCES;
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_UMOUNT, name, NULL, NULL,
+               NULL, 0, NULL, AA_MAY_UMOUNT, &perms, info, error);
+   kfree(buffer);
+
+   return error;
+}
+
+int aa_pivotroot(struct aa_profile *profile, struct path *old_path,
+         struct path *new_path)
+{
+   struct file_perms perms = { };
+   struct aa_profile *target = NULL;
+   char *old_buffer = NULL, *new_buffer = NULL;
+   const char *old_name, *new_name = NULL, *info = NULL;
+   int error;
+
+   error = aa_path_name(old_path, path_flags(profile, old_path),
+                &old_buffer, &old_name, &info);
+   if (error)
+       goto audit;
+
+   error = aa_path_name(new_path, path_flags(profile, new_path),
+                &new_buffer, &new_name, &info);
+   if (error)
+       goto audit;
+
+   if (profile->policy.dfa) {
+       unsigned int state;
+       state = aa_dfa_match(profile->policy.dfa,
+                    profile->policy.start[AA_CLASS_MOUNT],
+                    new_name);
+       state = aa_dfa_null_transition(profile->policy.dfa, state);
+       state = aa_dfa_match(profile->policy.dfa, state, old_name);
+       perms = compute_mnt_perms(profile->policy.dfa, state);
+   }
+
+   if (AA_MAY_PIVOTROOT & perms.allow) {
+       if ((perms.xindex & AA_X_TYPE_MASK) == AA_X_TABLE) {
+           target = x_table_lookup(profile, perms.xindex);
+           if (!target)
+               error = -ENOENT;
+           else
+               error = aa_replace_current_profile(target);
+       }
+   } else
+       error = -EACCES;
+
+audit:
+   error = audit_mount(profile, GFP_KERNEL, OP_PIVOTROOT, new_name,
+               old_name, NULL, target ? target->base.name : NULL,
+               0, NULL,  AA_MAY_PIVOTROOT, &perms, info, error);
+   aa_put_profile(target);
+   kfree(old_buffer);
+   kfree(new_buffer);
+
+   return error;
+}