From patchwork Tue Oct 25 07:34:45 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miklos Szeredi <mszeredi@redhat.com>
X-Patchwork-Id: 9394127
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BDFE560231 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 25 Oct 2016 07:35:54 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1A96293C6
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 25 Oct 2016 07:35:54 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A43D3293D8; Tue, 25 Oct 2016 07:35:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.4 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3F940293C6
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 25 Oct 2016 07:35:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753226AbcJYHfe (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 25 Oct 2016 03:35:34 -0400
Received: from mail-wm0-f51.google.com ([74.125.82.51]:37823 "EHLO
	mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754076AbcJYHew (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 25 Oct 2016 03:34:52 -0400
Received: by mail-wm0-f51.google.com with SMTP id c78so7178624wme.0
	for <linux-fsdevel@vger.kernel.org>;
	Tue, 25 Oct 2016 00:34:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=BFFIMiiHmZRD9Xv0WGs6OAJHoE0uSble2U8Klf9llSI=;
	b=QV+oU95CbCeWlIIuiwp4aRCAHmRn3/4W+b9u5aru438P25tc2vweDSRtP4Vn0EkpJ6
	zaRHzz9bFWoOilt/uRe7QjGBoMQ8SKtelIiO2iMgYUdqabV521C0FQPTnxMS7RmAxx/n
	ufmvKCp4LCpC4OdNmO26ooklx7XZRhjul85nEj3LhUXbrEBjdMuCBA7ZsuACJYm4puIZ
	GGS6GgWDftUYagDP2ZudxVcugjg3XNmPMWeo/CJO2kwtIDAXVfP1EdsTO/Qj166naH12
	GWrV7gyGsHERDEu9Y/Fc8eRIbk1XBxwMjg33GBDetAb/Ytjgm/tgKMLMdryStTxnysGQ
	VZDQ==
X-Gm-Message-State: 
 ABUngvcULuNPVdb0Ohj+NAtThdYq5WayF9mTdBcQEIR7+yZbXUuQ7R2u4YYABzYCiHCvd8/H
X-Received: by 10.28.191.3 with SMTP id p3mr1832089wmf.112.1477380891151;
	Tue, 25 Oct 2016 00:34:51 -0700 (PDT)
Received: from veci.piliscsaba.szeredi.hu (pool-dsl-2c-0018.externet.hu.
	[217.173.44.24]) by smtp.gmail.com with ESMTPSA id
	jq10sm21340722wjb.46.2016.10.25.00.34.50
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 25 Oct 2016 00:34:50 -0700 (PDT)
From: Miklos Szeredi <mszeredi@redhat.com>
To: linux-unionfs@vger.kernel.org
Cc: Guillem Jover <guillem@debian.org>, Raphael Hertzog <hertzog@debian.org>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	<stable@vger.kernel.org>
Subject: [PATCH 1/3] ovl: check fs features
Date: Tue, 25 Oct 2016 09:34:45 +0200
Message-Id: <1477380887-21333-2-git-send-email-mszeredi@redhat.com>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1477380887-21333-1-git-send-email-mszeredi@redhat.com>
References: <1477380887-21333-1-git-send-email-mszeredi@redhat.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

To allow adding new, backward incompatible features to overlayfs, we need a
way to store the list of features in the overlay.  This is done via
"trusted.overlay.features" xattr on the root of the upper layer (or one of
the lower layers, that previously acted as an upper layer).  It's a comma
separated list of case sensitive strings.

If an overlay has an unknown feature, mount shall return an error.  So
mechanism should only be used for backward incompatible features.

This patch doesn't add any features.  If the "trusted.overlay.features"
xattr contains a non-empty list, then return EINVAL error for the mount.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>
---
 Documentation/filesystems/overlayfs.txt | 12 ++++++++++
 fs/overlayfs/overlayfs.h                |  1 +
 fs/overlayfs/super.c                    | 41 +++++++++++++++++++++++++++++++++
 3 files changed, 54 insertions(+)

diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt
index 7aeb8e8d80cf..5108425157ac 100644
--- a/Documentation/filesystems/overlayfs.txt
+++ b/Documentation/filesystems/overlayfs.txt
@@ -175,6 +175,18 @@ The specified lower directories will be stacked beginning from the
 rightmost one and going left.  In the above example lower1 will be the
 top, lower2 the middle and lower3 the bottom layer.
 
+Filesystem features
+-------------------
+
+Features are enabled via "trusted.overlay.features" xattr on the root of the
+upper layer.  E.g. the following command can be used to enable features "foo"
+and "bar" on the overlay:
+
+  setfattr -n "trusted.overlay.features" -v "foo,bar" /upper
+  mount -t overlay overlay -olowerdir=/lower,upperdir=/upper,\
+workdir=/work /merged
+
+If an overlay has an unknown feature, mount shall return an error.
 
 Non-standard behavior
 ---------------------
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index f6e4d3539a25..d61d5b9d0d91 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -19,6 +19,7 @@ enum ovl_path_type {
 
 #define OVL_XATTR_PREFIX XATTR_TRUSTED_PREFIX "overlay."
 #define OVL_XATTR_OPAQUE OVL_XATTR_PREFIX "opaque"
+#define OVL_XATTR_FEATURES OVL_XATTR_PREFIX "features"
 
 #define OVL_ISUPPER_MASK 1UL
 
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 30263a541fd5..d6dc8d905d00 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -397,6 +397,39 @@ static struct dentry *ovl_workdir_create(struct vfsmount *mnt,
 	goto out_unlock;
 }
 
+static int ovl_check_features(struct dentry *root)
+{
+	int res;
+	char *buf, *tmp, *p;
+
+	res = vfs_getxattr(root, OVL_XATTR_FEATURES, NULL, 0);
+	if (res <= 0) {
+		if (res == -EOPNOTSUPP || res == -ENODATA)
+			res = 0;
+		return res;
+	}
+
+	buf = kmalloc(res + 1, GFP_TEMPORARY);
+	if (!buf)
+		return -ENOMEM;
+
+	res = vfs_getxattr(root, OVL_XATTR_FEATURES, buf, res);
+	if (res <= 0)
+		goto out_free;
+
+	buf[res] = '\0';
+	res = 0;
+	tmp = buf;
+	while ((p = strsep(&tmp, ",")) != NULL) {
+		res = -EINVAL;
+		pr_err("overlayfs: feature '%s' not supported\n", p);
+	}
+out_free:
+	kfree(buf);
+
+	return res;
+}
+
 static void ovl_unescape(char *s)
 {
 	char *d = s;
@@ -471,6 +504,10 @@ static int ovl_lower_dir(const char *name, struct path *path, long *namelen,
 	if (err)
 		goto out;
 
+	err = ovl_check_features(path->dentry);
+	if (err)
+		goto out_put;
+
 	err = vfs_statfs(path, &statfs);
 	if (err) {
 		pr_err("overlayfs: statfs failed on '%s'\n", name);
@@ -693,6 +730,10 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
 			goto out_put_upperpath;
 		}
 
+		err = ovl_check_features(upperpath.dentry);
+		if (err)
+			goto out_put_upperpath;
+
 		err = ovl_mount_dir(ufs->config.workdir, &workpath);
 		if (err)
 			goto out_put_upperpath;