From patchwork Fri Jun 1 15:26:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 10443725 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E49BD604D4 for ; Fri, 1 Jun 2018 15:26:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D206C28446 for ; Fri, 1 Jun 2018 15:26:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C692028929; Fri, 1 Jun 2018 15:26:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3040328686 for ; Fri, 1 Jun 2018 15:26:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752992AbeFAP0c (ORCPT ); Fri, 1 Jun 2018 11:26:32 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:43313 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752970AbeFAP0a (ORCPT ); Fri, 1 Jun 2018 11:26:30 -0400 Received: by mail-wr0-f195.google.com with SMTP id d2-v6so21262899wrm.10 for ; Fri, 01 Jun 2018 08:26:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Qt0hNmjAsUlatBnP4nqMCHtP2qQB2MMysPBzwnlEakg=; b=Jk0fauEjBSb1LUXJ41diI5uLigWONKJMRsfFzJ4ot80br6X7RvNpkoQ2RaIHc0vRF3 3l85F68pxmB9aJq5RluolXDuOEKtWSpRgMRJ1f3bzqQdCts1u02s7b9QO8HY6tr6fr2U fCMo2D2b4NPKqwNvHEkB2I1dvvxLsIjQt88yE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=Qt0hNmjAsUlatBnP4nqMCHtP2qQB2MMysPBzwnlEakg=; b=TLI30o+TBX3eXiuNr2RSO67nIrPT38+MKRENsslG9vVny6CGbtY9b4ZXRuoHaemZKk 4E+OeO8WGIJjXo2Ox1belURpIWrGGIBjBTb2pRUKffggBfrdfCU+mvB706aZdnwv1inv 2UUlyPZ31O+VJmc6fJaGlymtnz0uQglTYZ4a1wfdtQCJ5RScUIxCsN7M/uiVXETqaPUL 76837WyjmtKKs5UbXDwGCWKHyQlvuaYJ+rJ0eabvwWjig72Gg9DSi+xsm0rqD5nlyl7v 2YazcmKHzRtmOTpSGQi4UGZLmwJM1Xg9h9kPkrpqja4u/lAyW8Al4QY/I8ysPbD9ZenO oNrQ== X-Gm-Message-State: ALKqPwfLQX8zplNNFCa4hClPG+uCS/Nh0tWGSqObX7aAFfRwntQQJs4H DN+JfK6cJV37IubKv+Qv869LWS9j X-Google-Smtp-Source: ADUXVKKLYfbLtU/FTT6bdF5Zrd2uEvKaXHyB5xDRDLlgJBZpZRF6P28jOOjhpqL1kSc0C4TT5tjZ0w== X-Received: by 2002:adf:eb52:: with SMTP id u18-v6mr8736223wrn.252.1527866789164; Fri, 01 Jun 2018 08:26:29 -0700 (PDT) Received: from veci.piliscsaba.redhat.com (catv-176-63-54-97.catv.broadband.hu. [176.63.54.97]) by smtp.gmail.com with ESMTPSA id g75-v6sm3893654wmd.15.2018.06.01.08.26.27 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 01 Jun 2018 08:26:27 -0700 (PDT) Date: Fri, 1 Jun 2018 17:26:25 +0200 From: Miklos Szeredi To: Al Viro Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: Re: [GIT PULL] overlayfs update for 4.18 Message-ID: <20180601152625.GD23785@veci.piliscsaba.redhat.com> References: <20180529132148.GC23785@veci.piliscsaba.redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20180529132148.GC23785@veci.piliscsaba.redhat.com> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Tue, May 29, 2018 at 03:21:48PM +0200, Miklos Szeredi wrote: > Hi Al, > > I'm sending this pull request to you instead of Linus, because a bigger than > usual chunk involves the VFS. > > Please pull from: > > git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git for-viro > > This update contains the following: > > - Deal with vfs_mkdir() not instantiating dentry. > > - Stack file operations. This solves the ro/rw file descriptor inconsistency, > weirdness with ioctl, as well as removing a bunch of overlay specific hacks > from the VFS. > > - Allow metadata-only copy-up when data is unchanged. > > - Various cleanups in VFS and overlayfs. Updated tree pushed to same place. Incremental patch against previous pull and posted patchset. Thanks, Miklos diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt index 0a8e3c4543d1..79be4a77ca08 100644 --- a/Documentation/filesystems/overlayfs.txt +++ b/Documentation/filesystems/overlayfs.txt @@ -280,7 +280,7 @@ parameter metacopy=on/off. Lastly, there is also a per mount option metacopy=on/off to enable/disable this feature per mount. Do not use metacopy=on with untrusted upper/lower directories. Otherwise -it is possible that an attacker can create a handcrafted file with +it is possible that an attacker can create an handcrafted file with appropriate REDIRECT and METACOPY xattrs, and gain access to file on lower pointed by REDIRECT. This should not be possible on local system as setting "trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible @@ -318,7 +318,7 @@ does not support NFS export, lower filesystem does not have a valid UUID or if the upper filesystem does not support extended attributes. For "metadata only copy up" feature there is no verification mechanism at -mount time. So if same upper is mounted with different set of lower, mount +mount time. So if same upper is mouted with different set of lower, mount probably will succeed but expect the unexpected later on. So don't do it. It is quite a common practice to copy overlay layers to a different diff --git a/fs/overlayfs/Kconfig b/fs/overlayfs/Kconfig index 08b04d9fd6e6..e0a090eca65e 100644 --- a/fs/overlayfs/Kconfig +++ b/fs/overlayfs/Kconfig @@ -11,7 +11,7 @@ config OVERLAY_FS For more information see Documentation/filesystems/overlayfs.txt config OVERLAY_FS_REDIRECT_DIR - bool "Overlayfs: turn on redirect directory feature by default" + bool "Overlayfs: turn on redirect dir feature by default" depends on OVERLAY_FS help If this config option is enabled then overlay filesystems will use @@ -46,7 +46,7 @@ config OVERLAY_FS_INDEX depends on OVERLAY_FS help If this config option is enabled then overlay filesystems will use - the index directory to map lower inodes to upper inodes by default. + the inodes index dir to map lower inodes to upper inodes by default. In this case it is still possible to turn off index globally with the "index=off" module option or on a filesystem instance basis with the "index=off" mount option. @@ -67,7 +67,7 @@ config OVERLAY_FS_NFS_EXPORT depends on !OVERLAY_FS_METACOPY help If this config option is enabled then overlay filesystems will use - the index directory to decode overlay NFS file handles by default. + the inodes index dir to decode overlay NFS file handles by default. In this case, it is still possible to turn off NFS export support globally with the "nfs_export=off" module option or on a filesystem instance basis with the "nfs_export=off" mount option. @@ -133,7 +133,7 @@ config OVERLAY_FS_METACOPY help If this config option is enabled then overlay filesystems will copy up only metadata where appropriate and data copy up will - happen when a file is opened for WRITE operation. It is still + happen when a file is opended for WRITE operation. It is still possible to turn off this feature globally with the "metacopy=off" module option or on a filesystem instance basis with the "metacopy=off" mount option. diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 296037afecdb..bdadedf73e51 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -27,7 +27,7 @@ static int ovl_ccup_set(const char *buf, const struct kernel_param *param) { - pr_warn("overlayfs: \"check_copy_up\" module option is obsolete\n"); + WARN(1, "overlayfs: \"check_copy_up\" module option is obsolete\n"); return 0; } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index ec350d4d921c..7063e0f588cc 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -116,35 +116,35 @@ int ovl_cleanup_and_whiteout(struct dentry *workdir, struct inode *dir, goto out; } -static int ovl_mkdir_real(struct inode *dir, struct dentry **newdentry, - umode_t mode) +static struct dentry *ovl_mkdir_real(struct inode *dir, struct dentry *dentry, + umode_t mode) { int err; - struct dentry *d, *dentry = *newdentry; err = ovl_do_mkdir(dir, dentry, mode); - if (err) - return err; - - if (likely(!d_unhashed(dentry))) - return 0; + if (err) { + dput(dentry); + return ERR_PTR(err); + } /* * vfs_mkdir() may succeed and leave the dentry passed * to it unhashed and negative. If that happens, try to * lookup a new hashed and positive dentry. */ - d = lookup_one_len(dentry->d_name.name, dentry->d_parent, - dentry->d_name.len); - if (IS_ERR(d)) { - pr_warn("overlayfs: failed lookup after mkdir (%pd2, err=%i).\n", - dentry, err); - return PTR_ERR(d); + if (unlikely(d_unhashed(dentry))) { + struct dentry *d; + + d = lookup_one_len(dentry->d_name.name, dentry->d_parent, + dentry->d_name.len); + if (IS_ERR(d)) { + pr_warn("overlayfs: failed lookup after mkdir (%pd2, err=%i).\n", + dentry, err); + } + dput(dentry); + dentry = d; } - dput(dentry); - *newdentry = d; - - return 0; + return dentry; } struct dentry *ovl_create_real(struct inode *dir, struct dentry *newdentry, @@ -169,8 +169,7 @@ struct dentry *ovl_create_real(struct inode *dir, struct dentry *newdentry, case S_IFDIR: /* mkdir is special... */ - err = ovl_mkdir_real(dir, &newdentry, attr->mode); - break; + return ovl_mkdir_real(dir, newdentry, attr->mode); case S_IFCHR: case S_IFBLK: @@ -193,7 +192,7 @@ struct dentry *ovl_create_real(struct inode *dir, struct dentry *newdentry, * Not quite sure if non-instantiated dentry is legal or not. * VFS doesn't seem to care so check and warn here. */ - err = -EIO; + err = -ENOENT; } out: if (err) { diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index ca7c3461e424..31f32fc1004b 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -128,7 +128,7 @@ static int ovl_open(struct inode *inode, struct file *file) /* No longer need these flags, so don't pass them on to underlying fs */ file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); - realfile = ovl_open_realfile(file, ovl_inode_realdata(inode)); + realfile = ovl_open_realfile(file, ovl_inode_real(file_inode(file))); if (IS_ERR(realfile)) return PTR_ERR(realfile);