From patchwork Tue Mar 25 10:46:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 14028318 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D683254AE2 for ; Tue, 25 Mar 2025 10:46:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899605; cv=none; b=e48wZ8nzTtTZgKTcHAq/AzgT2AhRCbr9tYfYNb0oi+cJhUVmG6Yds3brerpsaXQOi+v3W9147ha9KM8Hz1j48oABAynOnAOpnHErrNtREbtaqfOm0rA+Qw7z3i+Jutb0HbcdR+vsEOWYkusNtssg4KzZMrelNXjJaTp2XqqgnGE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899605; c=relaxed/simple; bh=vkbpeFmqD668MPanvRonoQwCZ0BQK81IhaRcc7RnYTo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Tx2zwailEtotQrwHyEe8My9DLLVJEzwI1sg4b7fUAvGP1GpgZ5u+1Sv+UoNanwodJG62cyLrqgv/XfeIRcE7h8vOde5u8ca0O5zipWNKnNyzk7wCYhJuiC+iENmoUZnzFMiJ+fxTXD+LP4vveVH1f6oIEEQCiPYPitaeA2CZOm0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=K2+0VCDU; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="K2+0VCDU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1742899602; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IL/6aR5DxlrxjOnL/vY3X0cqTZslpUhOi/XOXuXLhhE=; b=K2+0VCDUDeiocnZFS7ugxJwxfwK+1hquK05vv/S9dzlndPvU1ggDKcAu6q8AS3k9JetQhm sAKWdf15BptWeDC1bPo9aDTA+7fuxnHZa6lRWg2aD3MNEjwYhAQmrrwDLr+mhpHUr1E6/s xNsqNSc1XLcog0kWC96wAo5uh34gqQE= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-537-S03YhoQ4N0Shabu7sXQFcA-1; Tue, 25 Mar 2025 06:46:38 -0400 X-MC-Unique: S03YhoQ4N0Shabu7sXQFcA-1 X-Mimecast-MFC-AGG-ID: S03YhoQ4N0Shabu7sXQFcA_1742899598 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-399744f742bso1303836f8f.1 for ; Tue, 25 Mar 2025 03:46:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742899597; x=1743504397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IL/6aR5DxlrxjOnL/vY3X0cqTZslpUhOi/XOXuXLhhE=; b=pIyh9tgxmNACbv96Z9hwl6Jlg9JOvIFqXZ07MB3WA7eFwnhX3Ulsz5eayJSxkuH7am Teo2hrI3vUCPe80YrTPBT297Am15teFmRc2qkbfyrQsH9neEJs7yPTLh0/PjyHGiS14f w8XzQCA1dNO/a7KUF5GTh2l1XsJPceQmICwkEq1YOH7ZZFiG8hcgYPtw8ol3OFmS2O35 W7U3CyhxiVkzxD+9lgCFl+zOVIufIe0FIi4HfjHYPZh6/O9WHoVS9NpZ3tbwR0wnam9b R21U+r4UMC0O3h4kFLOgShwOIJ9ZCLdX5JTZatqKMUltduposPLLgXNsOR+XFXw9QcMm uPvw== X-Forwarded-Encrypted: i=1; AJvYcCWdpltikLDI+WMZrV2EypugOSKG3I2h0nf1AdWaRZfoDg8tnN5KgOvw92q34wN75srSi4nH9cpx1ZgB/vb5@vger.kernel.org X-Gm-Message-State: AOJu0YywrGFwKlQBa1iYB7UPBBktMgfcqhStiDYoZF2pZ2G/U1ICEZU8 gp/zVRmJX1063x8OndudAnsogj2P6U2xVEp3JJIjsdFQnKXP8O7n5R/kI5iC1kUq4N0Dnyhuu+A Z02qmNxQ+uweB4OIzErpjNCFKX48Oeu9vgJVqVRrHxm/+Yeuq8sTWuJX1PrBtuRDpRrRMQqk= X-Gm-Gg: ASbGncvJw/9yA9ar6yt1uRh5n2BMrnUWZygArHfZPOCUl67l9Z64UtwHqXBtPASbd0B 0n3XXMsT71b3abvwSPMCSoty7JzaaSHpkeoH7bUvOzyuWpl8db+5xBGJkn/UaiagKjP5XpuRwT5 baSG8zc4k1dCld8qXM2490wexdMG4lLGOs+c2wPSVdHU/yD+T2ZQH6ucvwnw/sMoWH0UKoMU382 FQR6IljWWjBeo8DWjx90tDqDMKPNoLpYj8kjpPmCEHKjfqMkqmLGfEPos9v6U6BR0aUNUsUOVc7 CXzv4oejPcYG4q/uboGtXfzNENKuKIW62DsMRn6oHYsim9vBIhGKUhc/UM0mN5NUVWw= X-Received: by 2002:a05:6000:2cd:b0:391:2f2f:818 with SMTP id ffacd0b85a97d-3997f8edc1dmr15905512f8f.9.1742899597445; Tue, 25 Mar 2025 03:46:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEw5sCn6O0eZPQdrxPvOONhB4Ut43Nqsv6iiLVmfKeBePtnVQmM3EmzBo2MGDhKqQ2BMNL+cw== X-Received: by 2002:a05:6000:2cd:b0:391:2f2f:818 with SMTP id ffacd0b85a97d-3997f8edc1dmr15905478f8f.9.1742899597091; Tue, 25 Mar 2025 03:46:37 -0700 (PDT) Received: from maszat.piliscsaba.szeredi.hu (87-97-53-119.pool.digikabel.hu. [87.97.53.119]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3997f9a50c1sm13572203f8f.38.2025.03.25.03.46.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Mar 2025 03:46:36 -0700 (PDT) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org, Giuseppe Scrivano , Alexander Larsson , stable@vger.kernel.org Subject: [PATCH v2 1/5] ovl: don't allow datadir only Date: Tue, 25 Mar 2025 11:46:29 +0100 Message-ID: <20250325104634.162496-2-mszeredi@redhat.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com> References: <20250325104634.162496-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feature, but without actually handling this case, resulting in an Oops. Fix by disallowing datadir without lowerdir. Reported-by: Giuseppe Scrivano Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by one") Cc: # v6.7 Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi Reviewed-by: Alexander Larsson Reviewed-by: Christian Brauner --- fs/overlayfs/super.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 86ae6f6da36b..b11094acdd8f 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1137,6 +1137,11 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, return ERR_PTR(-EINVAL); } + if (ctx->nr == ctx->nr_data) { + pr_err("at least one non-data lowerdir is required\n"); + return ERR_PTR(-EINVAL); + } + err = -EINVAL; for (i = 0; i < ctx->nr; i++) { l = &ctx->lower[i]; From patchwork Tue Mar 25 10:46:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 14028317 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 32BF91EFF83 for ; Tue, 25 Mar 2025 10:46:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899604; cv=none; b=BirPeSUe/oAZ8wF8w/+JW3agq+yKOpc4aOTn0DnLl/cudRxV2mjEu10LCpKbvYyU8Cz6FKy1KAWiwwC1tLJplhh0rce3FTUggMAZmLiViw9CJ2eVjySkCipdJJ9uxTKnn7qqGTbRjBPaviyIH0tuj8/TtkPelxEn8y7G1ikNGdc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899604; c=relaxed/simple; bh=A2MAB2OVxVruIya4DNf3xEcT8dkPUjuHu37dCQmkK/I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=a9q9Q1hZRbezP0BI6KLZ2PgysRcsPSRgcXjkKUlRqUD8BOx+qdtOHrxpeoZZuxxzxb1SlN8q8UWrhDR9SlORdbrVha3b6snv2H/USsb/ELaMrvUIG9qxdfurf8MLnvCVlkL4rbV+0OZ3zn0j04yqWJvjo7uPWU1V70BKkohLLsg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hDcJombd; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hDcJombd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1742899601; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SmfiCZHWD0A3bKyst7i0VZyUuheFYdh0T7DksOUWd2k=; b=hDcJombdP50+89/PPJ4ksO3e/Dbj2qrgCdadCZgT2W1T6TnD4tvBOVIQWOfLBvjP65ozI3 nnCxjABCgeBs/qPjQCaifpoM7SmPOtagWqV4Y75diA+Y7eO7h1eHDg4ijYXdhspKV+Pq8E cmvF3Sct/y3yEe970iL4HkRxrt+HmsU= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-142-rO1S0YeeOwuqChYGK91WBg-1; Tue, 25 Mar 2025 06:46:39 -0400 X-MC-Unique: rO1S0YeeOwuqChYGK91WBg-1 X-Mimecast-MFC-AGG-ID: rO1S0YeeOwuqChYGK91WBg_1742899599 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-3978ef9a284so2081142f8f.3 for ; Tue, 25 Mar 2025 03:46:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742899598; x=1743504398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SmfiCZHWD0A3bKyst7i0VZyUuheFYdh0T7DksOUWd2k=; b=OFx5p2ze6QUQAc1CNoaRqYNEPGb3dR1Dq2dtlwe6wiwk/MHA1AGiuUyb73gxQsCOT7 fXIazEzPGZWh8Oia03Rw8cigTFJnF5CNShloNvybaycT1oz3YllnEr0CCGNk0tKOxIDg SFzGE2Va/GfRDG7u7+TWA2terwdn/0CUi1eFyP5OwvlQI0sVp8zzt/iC3rNxs/XnOi6V zsgLhrJP4WI+Qoksujr3DDOtRcdfR0Hvh5h5pMHMBCSScQ9nL3dbneox/+HOR9huUAIf UO65G+zR3OEWGe3koY60gris/DAHfmaGv8yU/B0EowitpPPT71YzZEBFo5zlBSltpy25 R9iQ== X-Forwarded-Encrypted: i=1; AJvYcCWrcuB8LIY3F/SwEzSAc4VXBix001ygQAtQ3o5wN/vsF1VIzfxzQbrjpp9maTIcGghCKrOzAGgTxbFYZlMy@vger.kernel.org X-Gm-Message-State: AOJu0YzSH2gBxGqTuWUhPVwkpd+VXVzeu6v1Hn/RMdq2/VKQB5ZYOMwW opkz8rHaMvbnPP780Qcttht5AzLNgCT7jjqzDm0rFd16RLN2ZpffcJe9HN6ntIX03JZnfAAL2FV H82AHV5ucW9yGJM+niGdyvUwLgBcrB/Xm0JbPD2W3VKlEJnoLgOBreBSvnIyCLd0= X-Gm-Gg: ASbGnctfTInxUXvd0ZtMvMD8WDx9Hq4TIsnF5Zty8zlQ2TnACvGVDKxzMdI84/jwRAr Yw/nRmfcoCqPf/mnxPc8CVOcjC3O5TgCLBqbo6Rv3LoM1SRrajkc9rzQsaFJp6GG9o6/d3vy82i fivWN9Z71ZUmOvPtOWXZUS03y4tgLGSGeVFn1nRcK9uGelqLFF+D6HhhbqTFhMW5inKct8kGdCT d+bMJewUtp0LBXC8SI0vI+MMTQQN0vhagoSOlbNBfRtWUSFrOI6sC3Q7mFPYfwB/8+pAKJEaebL 5s5fIDfzXTbKlkfCKBCxJuoweD7UYoDo/MOZ0vtFJrbmzDxIzMXSXeJ6YLAu3zZsi4Q= X-Received: by 2002:a05:6000:1faf:b0:391:2f2f:836 with SMTP id ffacd0b85a97d-3997f8fa7f6mr13206186f8f.17.1742899598581; Tue, 25 Mar 2025 03:46:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGIEw0CctFzZmufeUGJGyZuFijGYL4BzledWUp12aifF3ZxDHZPmWLvGl/HUY9yjW5VnNO+Rw== X-Received: by 2002:a05:6000:1faf:b0:391:2f2f:836 with SMTP id ffacd0b85a97d-3997f8fa7f6mr13206161f8f.17.1742899598259; Tue, 25 Mar 2025 03:46:38 -0700 (PDT) Received: from maszat.piliscsaba.szeredi.hu (87-97-53-119.pool.digikabel.hu. [87.97.53.119]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3997f9a50c1sm13572203f8f.38.2025.03.25.03.46.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Mar 2025 03:46:37 -0700 (PDT) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Giuseppe Scrivano , Amir Goldstein , linux-fsdevel@vger.kernel.org, Alexander Larsson Subject: [PATCH v2 2/5] ovl: remove unused forward declaration Date: Tue, 25 Mar 2025 11:46:30 +0100 Message-ID: <20250325104634.162496-3-mszeredi@redhat.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com> References: <20250325104634.162496-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Giuseppe Scrivano The ovl_get_verity_xattr() function was never added, only its declaration. Signed-off-by: Giuseppe Scrivano Fixes: 184996e92e86 ("ovl: Validate verity xattr when resolving lowerdata") Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi Reviewed-by: Alexander Larsson Reviewed-by: Christian Brauner --- fs/overlayfs/overlayfs.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 0021e2025020..be86d2ed71d6 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -540,8 +540,6 @@ int ovl_set_metacopy_xattr(struct ovl_fs *ofs, struct dentry *d, bool ovl_is_metacopy_dentry(struct dentry *dentry); char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding); int ovl_ensure_verity_loaded(struct path *path); -int ovl_get_verity_xattr(struct ovl_fs *ofs, const struct path *path, - u8 *digest_buf, int *buf_length); int ovl_validate_verity(struct ovl_fs *ofs, struct path *metapath, struct path *datapath); From patchwork Tue Mar 25 10:46:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 14028319 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D6E3254AED for ; Tue, 25 Mar 2025 10:46:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899605; cv=none; b=WmfjTGg/zo0UUZHe9IsQDB/70pPoubeiqj448EXj+MnIXuoy6I1ByPQd8A429emX8Kzun0IXtWh4gDMdzMq0KpfebrThBwLhr3h1w6Xn0zEK+wELztxY3XBcrtVlJhmTdHft3iY5xPADAI0gHx1oBP2QXJ068RL4iwvH+2dyvxc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899605; c=relaxed/simple; bh=dAcXi5fAdxGzgjq/JG7eFreFDNKrZcOkDEPNAgtXUSI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W218mFoC0o+Ua2sh3vHGGcd6rgDvaZTpK2PbmNeF0Sx4B+t0o9fDTkeA0fyoOQKujcVwOkfm0UpJiJ9ONOn6ymCTg2kUn/PjelMOhw9qdf/IwCRSR9XAYzYOxd/LfDwK141u0QUCpcG0A0ZiQYbmqqY6ekPt5CoBD2N8oPUO6dw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=SNQi8nAA; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="SNQi8nAA" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1742899602; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HtuxOK/+soZt5CGwob3MZFUYvqt0G5t0rerQy2j1XuI=; b=SNQi8nAArpF5ZPT5wEeOnyhZwje4/7+W3oHgqML3zNquSTRcgGn65hwJ0/9omkrupldXRX nVV0u0tdZ12dAxktT/LDvkuDXy7PxI8ptMFiY3to/dzdJ+z7MmxjgfTWXbuuZ0IXEvwkvN MCXenmPwHGhiAFMKqMKuHkiCij9T2Y0= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-587-xVCd2NFZOAeaROz4l0Lm1A-1; Tue, 25 Mar 2025 06:46:40 -0400 X-MC-Unique: xVCd2NFZOAeaROz4l0Lm1A-1 X-Mimecast-MFC-AGG-ID: xVCd2NFZOAeaROz4l0Lm1A_1742899600 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-39142ce2151so2184672f8f.1 for ; Tue, 25 Mar 2025 03:46:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742899600; x=1743504400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HtuxOK/+soZt5CGwob3MZFUYvqt0G5t0rerQy2j1XuI=; b=Jk65abQPOeKErJHDSJzWIj66NcoS1zevxrR8dV351IYTo3mLN9EAJNhzBwUkf7w5+Y oAO+Ii4W+aVyrMiYjwDktO9NVKTbmD/uOHCoxhfg2QWAWf41MyBFFtRTySkObzOYGNu1 FQbm4vaXWMO22ZFmizXrWqk1mOY0swN4VYuwu7zJ4Ah1zb6HbUcV3lFeUXbqY0oWkiKB kPIHtsVxvwylbZ4M2RlimaCbEe/P/ZEKlK12hccJvJAh21iL9DrlMXOtAtfGGKYp4BaR M0+Qg94RAgfvpDQ1wpFAhuZIZ+CM2Re2Mqp3rxK0J0fcvD987rRn7Mnp7kLyJN/Ya3mv PbLw== X-Forwarded-Encrypted: i=1; AJvYcCWo0yNpyPJaISGBPQi1QYOzPAnrc9LVb8ce0Y+Ek9ubYOJHyp/7pdWWjrvvNi63l2RUPiP/WaJ8gx1iuDM1@vger.kernel.org X-Gm-Message-State: AOJu0YyNHlpB/9cmRTxTyEUgnSdq1lESDolkjUeokugUtBgrlZ+h7TCV jlDQjW5xA1upSzIpOZ0br6HEIapXVOAtGjS6xjgNJHaEZupxWW/qUwcaQuAGm+Kqk1X5dYZoG1/ xPEzIOSLySJZZFtxQZjpLwfjatbPxzpVKlRXOPoFahvMoctV5wvS+hY6ymZHkMag= X-Gm-Gg: ASbGnctYPFEsPiDxqhgRj+JVRa6Vmhmvoixk8I586Yhx8VANpTVtlwOLMjZUhw3i2mk 0ty3DFrNfVgqBTlYSIj68LwNg50wKHYKEb8DL6N5XbY5/Ocy8+/Xe+6zpF8IwoFGX+8ioWbikfp J0P4Xt/8zCsM4Z/YkJY7TENSJ30KxWxkY5M7GdFuAjf7gWrdZGYQ1TyfTT/8cT2f5lpsW4U/9OI pgdHsiSUXkt9qXaRhBw6TvEw8pLacggZZyMFwyXhQvgh/zaHGkM/MOLgItHV9WP/FhV4Ba/t/H6 LEcuQ+tSctFIVfDM+9XNuXaE3qbrDnuT4b6JI8KygfQZ2XY4FkFpsg4deKsx/woZa8U= X-Received: by 2002:a5d:64e4:0:b0:38f:3b9b:6f91 with SMTP id ffacd0b85a97d-3997f8fa8f5mr14887691f8f.12.1742899599689; Tue, 25 Mar 2025 03:46:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHbKZ4B8bhTCOofTlxaf+tlZNeeNYajiCDudd7iSXdtr0NxTTXTB04kEWPjz7bTK9e4I/Ac9w== X-Received: by 2002:a5d:64e4:0:b0:38f:3b9b:6f91 with SMTP id ffacd0b85a97d-3997f8fa8f5mr14887665f8f.12.1742899599327; Tue, 25 Mar 2025 03:46:39 -0700 (PDT) Received: from maszat.piliscsaba.szeredi.hu (87-97-53-119.pool.digikabel.hu. [87.97.53.119]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3997f9a50c1sm13572203f8f.38.2025.03.25.03.46.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Mar 2025 03:46:38 -0700 (PDT) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org, Giuseppe Scrivano , Alexander Larsson Subject: [PATCH v2 3/5] ovl: make redirect/metacopy rejection consistent Date: Tue, 25 Mar 2025 11:46:31 +0100 Message-ID: <20250325104634.162496-4-mszeredi@redhat.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com> References: <20250325104634.162496-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When overlayfs finds a file with metacopy and/or redirect attributes and the metacopy and/or redirect features are not enabled, then it refuses to act on those attributes while also issuing a warning. There was a slight inconsistency of only warning on an upper metacopy if it found the next file on the lower layer, while always warning for metacopy found on a lower layer. Fix this inconsistency and make the logic more straightforward, paving the way for following patches to change when dataredirects are allowed. Signed-off-by: Miklos Szeredi Reviewed-by: Amir Goldstein Reviewed-by: Alexander Larsson --- fs/overlayfs/namei.c | 67 +++++++++++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 23 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index be5c65d6f848..da322e9768d1 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -1040,6 +1040,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, struct inode *inode = NULL; bool upperopaque = false; char *upperredirect = NULL; + bool nextredirect = false; + bool nextmetacopy = false; struct dentry *this; unsigned int i; int err; @@ -1087,8 +1089,10 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (err) goto out_put_upper; - if (d.metacopy) + if (d.metacopy) { uppermetacopy = true; + nextmetacopy = true; + } metacopy_size = d.metacopy; } @@ -1099,6 +1103,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, goto out_put_upper; if (d.redirect[0] == '/') poe = roe; + nextredirect = true; } upperopaque = d.opaque; } @@ -1113,6 +1118,29 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, for (i = 0; !d.stop && i < ovl_numlower(poe); i++) { struct ovl_path lower = ovl_lowerstack(poe)[i]; + /* + * Following redirects/metacopy can have security consequences: + * it's like a symlink into the lower layer without the + * permission checks. + * + * This is only a problem if the upper layer is untrusted (e.g + * comes from an USB drive). This can allow a non-readable file + * or directory to become readable. + * + * Only following redirects when redirects are enabled disables + * this attack vector when not necessary. + */ + if (nextmetacopy && !ofs->config.metacopy) { + pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (nextredirect && !ovl_redirect_follow(ofs)) { + pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (!ovl_redirect_follow(ofs)) d.last = i == ovl_numlower(poe) - 1; else if (d.is_dir || !ofs->numdatalayer) @@ -1126,12 +1154,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (!this) continue; - if ((uppermetacopy || d.metacopy) && !ofs->config.metacopy) { - dput(this); - err = -EPERM; - pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); - goto out_put; - } + if (d.metacopy) + nextmetacopy = true; /* * If no origin fh is stored in upper of a merge dir, store fh @@ -1185,22 +1209,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ctr++; } - /* - * Following redirects can have security consequences: it's like - * a symlink into the lower layer without the permission checks. - * This is only a problem if the upper layer is untrusted (e.g - * comes from an USB drive). This can allow a non-readable file - * or directory to become readable. - * - * Only following redirects when redirects are enabled disables - * this attack vector when not necessary. - */ - err = -EPERM; - if (d.redirect && !ovl_redirect_follow(ofs)) { - pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", - dentry); - goto out_put; - } + if (d.redirect) + nextredirect = true; if (d.stop) break; @@ -1218,6 +1228,17 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ctr++; } + if (nextmetacopy && !ofs->config.metacopy) { + pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (nextredirect && !ovl_redirect_follow(ofs)) { + pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + /* * For regular non-metacopy upper dentries, there is no lower * path based lookup, hence ctr will be zero. If a dentry is found From patchwork Tue Mar 25 10:46:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 14028320 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75F83254B12 for ; Tue, 25 Mar 2025 10:46:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899606; cv=none; b=gMop+NAwf6InsDkLlaO+OtfFJxkYkapCDpw9+Tz+RHaxvcGR15uSAE339iHRmdhGRloe5hbUdCjvlikQN2MLFrRjWgCH4jgaBgQg5Sicw7yVJ4NDV2WP5CC0KpeKcXDgc7TPILg5zfpZbP+qMWzSUiwa22mqCzsgN9cnNF7Fhuo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899606; c=relaxed/simple; bh=XcE6aF16Cf8zqM2D+v98BhQci6j4B47yoqgwzT6aiuw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=An4xwa5XsQn8jqZfc51kGSBNkSHw8T7fdOhBVtG1Ds9xOf4/cFZdHUJ413yEHpsiYK2R+rY2f9pl36y6sQ/3pTqjzaGwsa7Nafjqg26o5BO4xSJXeDTb1vFmouxjF3BCcRNf5p7ci2T+Mk+0/QfWMmw9iO3aE6lRvU1OrDrqDaA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=F6W5P+rz; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="F6W5P+rz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1742899603; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qhA5kDM5+jcYSJvVRkt3ekAgbNB07vU7STrO48YEDRA=; b=F6W5P+rzR6XurlGR8v5JbCLeZ5obctbTX/2wiB+HtIDM26ZsCCBV9FoyQTIGErcDBEyNQE IqSh+3jel8ji4yS8zlgyaGlfmoQiutGBAE3DM799btlWOa2G4aRZsyHgh/NMSo6m7OSvWz cFRDToHXqx4dLPWT/xo84GoJYo4ybxs= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-622-u32TufyUOzuNFujWlMtCFw-1; Tue, 25 Mar 2025 06:46:42 -0400 X-MC-Unique: u32TufyUOzuNFujWlMtCFw-1 X-Mimecast-MFC-AGG-ID: u32TufyUOzuNFujWlMtCFw_1742899601 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-43d51bd9b41so35192645e9.3 for ; Tue, 25 Mar 2025 03:46:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742899600; x=1743504400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qhA5kDM5+jcYSJvVRkt3ekAgbNB07vU7STrO48YEDRA=; b=hfqYhA7Gn6UmHnYVrlkjLkS6YSJw1bLzF/YLvHXNaoVEoWOqNBrRtTiBG7InEdM19g WTnXb9as+3OJNo1nWFb8XfcSjiNScqnDImP1uTlz6n69d+Q5MVHrDHVybiW1JvwLz0ZG IIJqfAEUhcCxT2xpnF+zB37AYiKQZ6DVMCtSS9La+abzhOVpesczK0hMWpXCUnuJ5jgr uRUMilbKonKg0mQEvN8a/dDEaQMGzdYGVDjndYbnkzBZnpO5wxhhko4z5X7qJmPyqBjX CbmdUBrEVR5nyeed8ymOf60MecqNQR/i9vRw+R6QBd6mOg3NakhtmjnT4kePQFGDjR/D Fetw== X-Forwarded-Encrypted: i=1; AJvYcCUnWKr4HxLc1oaSyEUwo9I3VwssNcjljEKFqcdN1W0klN8Ua3Mhb2n50Zezhw5rsc64+xL5rrIOWEw5kFdZ@vger.kernel.org X-Gm-Message-State: AOJu0YwzMzkkxPzki0tMM+tE+WgwjjeqLoj00NFU9352YMQLzh3hmNVB DCUKYSp5stljsVN93MIk8Y6NiRlo/vMBzQGExH6g6MDySwvDXWISZVQE2Z9KsXd6Ze7aAMpwAyJ BbPpiNX750LtcPhF9O//xqWNZmwvpWoMr3YNthR4WcXwqHiCiWzniSai+V0RobxhC5f6YOxU= X-Gm-Gg: ASbGncvH/BQtTkKvSf7ZU7/em/mFyM+D5l9mFIgnyPJeBT7GNbNwEUANOLKOqg6k7ZB qnqMm0ArJI+kvhQfZZ6Px9jWiLa+D/aiZOKUBOq4RNk26UyWPhDjSyv4jWOxmusOHFsQlzk4eTa 8fU6nuli3ezlbqbsAXgLcmU5zQA4B8DdGtKocriaTt0j15I4vyDzSzVsjndzu+XvEWVSX3oNFHQ P2+y0Am6ZdIvLfIxxlGt8jv4VH/KclJfsC/M3Lt6zCqYuBI9uZ1u4v5EPQn1FK328kwNJ1KxluA XRYFUZWQK6pUQd2lrfWY/tWz3F/VgIuPGJgJVMCG7HeTw6WGaiGTjQUTFizlA5vRY5I= X-Received: by 2002:a05:6000:178c:b0:391:47f2:8d90 with SMTP id ffacd0b85a97d-3997f9017e3mr13343746f8f.20.1742899600596; Tue, 25 Mar 2025 03:46:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFbPPs/nAg4mKC7AwHAR8W+zGH69t5hR9rjVp3HeotKO+cWygs7AM9z/RQvxH00uZ1CSBaciw== X-Received: by 2002:a05:6000:178c:b0:391:47f2:8d90 with SMTP id ffacd0b85a97d-3997f9017e3mr13343720f8f.20.1742899600111; Tue, 25 Mar 2025 03:46:40 -0700 (PDT) Received: from maszat.piliscsaba.szeredi.hu (87-97-53-119.pool.digikabel.hu. [87.97.53.119]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3997f9a50c1sm13572203f8f.38.2025.03.25.03.46.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Mar 2025 03:46:39 -0700 (PDT) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org, Giuseppe Scrivano , Alexander Larsson Subject: [PATCH v2 4/5] ovl: relax redirect/metacopy requirements for lower -> data redirect Date: Tue, 25 Mar 2025 11:46:32 +0100 Message-ID: <20250325104634.162496-5-mszeredi@redhat.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com> References: <20250325104634.162496-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow the special case of a redirect from a lower layer to a data layer without having to turn on metacopy. This makes the feature work with userxattr, which in turn allows data layers to be usable in user namespaces. Minimize the risk by only enabling redirect from a single lower layer to a data layer iff a data layer is specified. The only way to access a data layer is to enable this, so there's really no reason no to enable this. This can be used safely if the lower layer is read-only and the user.overlay.redirect xattr cannot be modified. Signed-off-by: Miklos Szeredi Reviewed-by: Amir Goldstein Reviewed-by: Alexander Larsson --- Documentation/filesystems/overlayfs.rst | 7 ++++++ fs/overlayfs/namei.c | 32 ++++++++++++++----------- fs/overlayfs/params.c | 5 ---- 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems/overlayfs.rst index 6245b67ae9e0..5d277d79cf2f 100644 --- a/Documentation/filesystems/overlayfs.rst +++ b/Documentation/filesystems/overlayfs.rst @@ -429,6 +429,13 @@ Only the data of the files in the "data-only" lower layers may be visible when a "metacopy" file in one of the lower layers above it, has a "redirect" to the absolute path of the "lower data" file in the "data-only" lower layer. +Instead of explicitly enabling "metacopy=on" it is sufficient to specify at +least one data-only layer to enable redirection of data to a data-only layer. +In this case other forms of metacopy are rejected. Note: this way data-only +layers may be used toghether with "userxattr", in which case careful attention +must be given to privileges needed to change the "user.overlay.redirect" xattr +to prevent misuse. + Since kernel version v6.8, "data-only" lower layers can also be added using the "datadir+" mount options and the fsconfig syscall from new mount api. For example:: diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index da322e9768d1..f9dc71b70beb 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -1042,6 +1042,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, char *upperredirect = NULL; bool nextredirect = false; bool nextmetacopy = false; + bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer); struct dentry *this; unsigned int i; int err; @@ -1053,7 +1054,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, .is_dir = false, .opaque = false, .stop = false, - .last = ovl_redirect_follow(ofs) ? false : !ovl_numlower(poe), + .last = check_redirect ? false : !ovl_numlower(poe), .redirect = NULL, .metacopy = 0, }; @@ -1141,7 +1142,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, goto out_put; } - if (!ovl_redirect_follow(ofs)) + if (!check_redirect) d.last = i == ovl_numlower(poe) - 1; else if (d.is_dir || !ofs->numdatalayer) d.last = lower.layer->idx == ovl_numlower(roe); @@ -1222,21 +1223,24 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, } } - /* Defer lookup of lowerdata in data-only layers to first access */ + /* + * Defer lookup of lowerdata in data-only layers to first access. + * Don't require redirect=follow and metacopy=on in this case. + */ if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) { d.metacopy = 0; ctr++; - } - - if (nextmetacopy && !ofs->config.metacopy) { - pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); - err = -EPERM; - goto out_put; - } - if (nextredirect && !ovl_redirect_follow(ofs)) { - pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); - err = -EPERM; - goto out_put; + } else { + if (nextmetacopy && !ofs->config.metacopy) { + pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (nextredirect && !ovl_redirect_follow(ofs)) { + pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } } /* diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index 1115c22deca0..54468b2b0fba 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -1000,11 +1000,6 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, */ } - if (ctx->nr_data > 0 && !config->metacopy) { - pr_err("lower data-only dirs require metacopy support.\n"); - return -EINVAL; - } - return 0; } From patchwork Tue Mar 25 10:46:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 14028321 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB617254AF8 for ; Tue, 25 Mar 2025 10:46:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899607; cv=none; b=Z+oCptuuJ88Pv+QpooQ3PF8Tg8bj0qayR9vb4wOS7cBIq+cc7HwgFdo7gxchkg80yNBh1pXRCh3FV2Hap7FvRncKUI7EXFDIMawDWlm55X4CrJPFUSqoxKCIGXVex53G+00wq9Qya8g+5ww2MdP4op62mRYV3JR6n6TRT2uyWbA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742899607; c=relaxed/simple; bh=BkHIWKTP9JRXYjCX+MS6IytA1TJGjHbxJmx3B3dQ84k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kFEz7ae0m1nP7AqCqznyQqExYQxIFFUV/YUFq9AhYOImEXgByaai8opksj8ajNEqM8Exu+i1d7o5NBXS3kuibkrq7YyuBvM8jbNEmx1br6CocfeJlkF9Nkk6oYvH4LAeDReS+DrYZF+IXiceXSwtYOyNvcmxQO8U3T2sFkrLit4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Lfu6v6mh; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Lfu6v6mh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1742899603; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WidvnqpHK1LBXH72ChmjyjnYZOjoCQtbOYDynNLa4zo=; b=Lfu6v6mh7bv/nx8/0JhAFaddosJ8BQzZi8qRHZcm2/vPzwK7F3Rk5yvhc3Aa8byaKnopvi LQ6FD3PFaWEDl0H0HzXl9UqsSJ6l3E/alr0WsqL2kNlY3unXnmGJq7hsfbOuNFL8o1vTv2 OXfghcmXP8Hm+Es921HxTGXDyBk8k40= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-613-upThAIW4OVmOHxqjqPgvTA-1; Tue, 25 Mar 2025 06:46:42 -0400 X-MC-Unique: upThAIW4OVmOHxqjqPgvTA-1 X-Mimecast-MFC-AGG-ID: upThAIW4OVmOHxqjqPgvTA_1742899601 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-391315098b2so2132521f8f.2 for ; Tue, 25 Mar 2025 03:46:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742899601; x=1743504401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WidvnqpHK1LBXH72ChmjyjnYZOjoCQtbOYDynNLa4zo=; b=QC2iUYd0886nT6zeezX3SCboIoZMi4UBj0TgtDy0qQoaEgETCNfylF0vPLQiWkUAmw 2lKkyS2k8r4t/erfFHpJLh7V1jIGLVQUFZpl6z8zrg+0gX2xfy0sst8uIBWa8g0UatvM sGIcETc96HeDsCrHPR5oX4LCGQwURAsJzmpDnL4835Uf+gSKY3ELr9b1OhRoHSErWrXK 6bDMxNXRmP6KdJZ77dpdARqj1KP/nhiFFS9CbRY9d3uOQ/MXc0cgitcJ1VsYC5ugDJgc 61o+mzUrTrhfsxt9zzhsby1Il3MNsczuWrTmLh4bNfZvQFJFU23pi6PP2b4TIVVzyux4 /iPQ== X-Forwarded-Encrypted: i=1; AJvYcCXu6luz490C5YwVKAcN2Z2F2C8JmXPZXvdQQ8PBc5HsfPYSRI4P3FNcb6T+GYmK1oeiQLyKNIRoxGVKwrVp@vger.kernel.org X-Gm-Message-State: AOJu0YxZ1PJLLAm1qg/+yMLzBGGSs2Rezezq5C17btqJY5TKIWRQq18e kHW+jzJsgfBh32PcNwrts5QFEZeK7fIJhw/bsh0IjK7/5mQ/gUIlCA3vP64XIOl8sZ/TYGFyRcT o5bHm1CmUW0momhNILedyDcyoHPSJkPa4LLpivj/noyBEg5UE/UeH1berPW2CCKo= X-Gm-Gg: ASbGncvIp+nQRBimshgy1z1jLtQ3X8Y7BPvBYxOSjRaOdl5fp3dZgzA0dtrr5F/fOO/ HHa1zuZqjicrJhvSt6B0ja4YKqjUp0xOjNahBEnwZ9XFhY5z6nl0QO1guGpL0bTeuCZ04NBHPUv JqAjYmFJhb2WiDw9QNxdC7HftBUm5MvmBX7i7WqTbDxpelVMIxOoKaIqvsW+HbfusctQ1faKLbp 8XH4iNW/1KOoJ7Xx6sV+9jyRjXWBdkUFc/r4y0BEQzOBG+OUGjBFqu8tRXmKtZPjcke558R7rJd cMeui2PiZohw2YISPYd0gB/hwHKrLxFJYkW4GkrhfiJEDyEE7uYOwcm7E1h23GO+8tw= X-Received: by 2002:a5d:588e:0:b0:38f:5057:5810 with SMTP id ffacd0b85a97d-3997f908f1fmr15015019f8f.25.1742899601424; Tue, 25 Mar 2025 03:46:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEOqzs/UB9hDXfXqPQHH68eV/UQBGIP2lwnTzM8ArMxc4vQh3QnISBv6xLSA0bOPMzdEOH4ug== X-Received: by 2002:a5d:588e:0:b0:38f:5057:5810 with SMTP id ffacd0b85a97d-3997f908f1fmr15014989f8f.25.1742899601049; Tue, 25 Mar 2025 03:46:41 -0700 (PDT) Received: from maszat.piliscsaba.szeredi.hu (87-97-53-119.pool.digikabel.hu. [87.97.53.119]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3997f9a50c1sm13572203f8f.38.2025.03.25.03.46.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Mar 2025 03:46:40 -0700 (PDT) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org, Giuseppe Scrivano , Alexander Larsson Subject: [PATCH v2 5/5] ovl: don't require "metacopy=on" for "verity" Date: Tue, 25 Mar 2025 11:46:33 +0100 Message-ID: <20250325104634.162496-6-mszeredi@redhat.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250325104634.162496-1-mszeredi@redhat.com> References: <20250325104634.162496-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow the "verity" mount option to be used with "userxattr" data-only layer(s). Previous patches made sure that with "userxattr" metacopy only works in the lower -> data scenario. In this scenario the lower (metadata) layer must be secured against tampering, in which case the verity checksums contained in this layer can ensure integrity of data even in the case of an untrusted data layer. Signed-off-by: Miklos Szeredi Reviewed-by: Alexander Larsson --- fs/overlayfs/params.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index 54468b2b0fba..8ac0997dca13 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -846,8 +846,8 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, config->uuid = OVL_UUID_NULL; } - /* Resolve verity -> metacopy dependency */ - if (config->verity_mode && !config->metacopy) { + /* Resolve verity -> metacopy dependency (unless used with userxattr) */ + if (config->verity_mode && !config->metacopy && !config->userxattr) { /* Don't allow explicit specified conflicting combinations */ if (set.metacopy) { pr_err("conflicting options: metacopy=off,verity=%s\n", @@ -945,7 +945,7 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, } - /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ + /* Resolve userxattr -> !redirect && !metacopy dependency */ if (config->userxattr) { if (set.redirect && config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { @@ -957,11 +957,6 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, pr_err("conflicting options: userxattr,metacopy=on\n"); return -EINVAL; } - if (config->verity_mode) { - pr_err("conflicting options: userxattr,verity=%s\n", - ovl_verity_mode(config)); - return -EINVAL; - } /* * Silently disable default setting of redirect and metacopy. * This shall be the default in the future as well: these