From: Vivek Goyal <vgoyal@redhat.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>, zhangyi <yi.zhang@huawei.com>,
overlayfs <linux-unionfs@vger.kernel.org>
Subject: Re: [PATCH v2 07/23] ovl: verify stored origin fh matches lower dir
Date: Fri, 5 Jan 2018 11:35:22 -0500 [thread overview]
Message-ID: <20180105163522.GE29480@redhat.com> (raw)
In-Reply-To: <CAOQ4uxg-DfS1iWzozN3LBhDJtO=TLkSjuXY+fe5O3Uz0hCGg-A@mail.gmail.com>
On Fri, Jan 05, 2018 at 06:26:55PM +0200, Amir Goldstein wrote:
> On Fri, Jan 5, 2018 at 6:04 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
> > On Thu, Jan 04, 2018 at 06:40:02PM +0200, Amir Goldstein wrote:
> >> When the "verify" feature is enabled, a directory inode found in lower
> >> layer by name or by redirect_dir is verified against the file handle of
> >> the copy up origin that is stored in the upper layer.
> >>
> >> This introduces a change of behavior for the case of lower layer
> >> modification while overlay is offline. A lower directory created or
> >> moved offline under an exisitng upper directory, will not be merged with
> >> that upper directory.
> >>
> >> The "verify" feature should not be used after copying layers,
> >> because the new lower directory inodes would fail verification.
> >>
> >> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> >> ---
> >> Documentation/filesystems/overlayfs.txt | 16 ++++++++++++++++
> >> fs/overlayfs/namei.c | 13 +++++++++++++
> >> 2 files changed, 29 insertions(+)
> >>
> >> diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt
> >> index e6a5f4912b6d..00e0595f3d7e 100644
> >> --- a/Documentation/filesystems/overlayfs.txt
> >> +++ b/Documentation/filesystems/overlayfs.txt
> >> @@ -299,6 +299,22 @@ filesystem are not allowed. If the underlying filesystem is changed,
> >> the behavior of the overlay is undefined, though it will not result in
> >> a crash or deadlock.
> >>
> >> +When the underlying filesystems supports NFS export, overlay mount can be
> >> +made more resilient to offline and online changes of the underlying lower
> >> +layer by enabling the "verify" feature.
> >> +
> >> +On every copy_up, an NFS file handle of the lower inode, along with the
> >> +UUID of the lower filesystem, are encoded and stored in an extended
> >> +attribute "trusted.overlay.origin" on the upper inode.
> >> +
> >> +When the "verify" feature is enabled, a lookup of a merged directory, that
> >> +found a lower directory at the lookup path or at the path pointed to by
> >> +the "trusted.overlay.redirect" extended attribute, will verify that the
> >> +found lower directory file handle and lower filesystem UUID match the
> >> +origin file handle that was stored at copy_up time. If a found lower
> >> +directory does not match the stored origin, that directory will not be
> >> +merged with the upper directory.
> >> +
> >> Testsuite
> >> ---------
> >>
> >> diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
> >> index 46a3e31b0225..56deb2785af7 100644
> >> --- a/fs/overlayfs/namei.c
> >> +++ b/fs/overlayfs/namei.c
> >> @@ -734,6 +734,19 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
> >> }
> >> }
> >>
> >> + /*
> >> + * When "verify" feature is enabled, do not merge with a lower
> >> + * dir that does not match a stored origin xattr.
> >> + */
> >> + if (upperdentry && !ctr && ovl_verify(dentry->d_sb)) {
> >> + err = ovl_verify_origin(upperdentry, this, false,
> >> + false);
> >> + if (err) {
> >> + dput(this);
> >> + break;
> >> + }
> >> + }
> >> +
> >
> > So this will verify directory origin only for top level lower dir. Rest
> > of the lowers can still be modified offline without this code noticing it?
> >
>
> Correct, from patch 6/23:
>
> + } else if (ofs->config.verify && ofs->config.upperdir && stacklen > 1) {
> + pr_warn("overlayfs: option 'verify=on' cannot verify
> redirects from middle layer dirs\n");
So for non-dir case, we check origin by default and error out if decoding
of fh fails. Why not do the same thing for directories as well. I mean
why directory origin check should be hidden behind a mount option
(verfiy=).
Vivek
>
> Amir.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-01-05 16:35 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-04 16:39 [PATCH v2 00/23] Overlayfs consistency verification with full index Amir Goldstein
2018-01-04 16:39 ` [PATCH v2 01/23] ovl: disable index when no xattr support Amir Goldstein
2018-01-04 16:39 ` [PATCH v2 02/23] ovl: ignore index mount option when no upper layer Amir Goldstein
2018-01-04 18:42 ` Vivek Goyal
2018-01-04 19:39 ` Amir Goldstein
2018-01-04 20:05 ` Vivek Goyal
2018-01-04 16:39 ` [PATCH v2 03/23] ovl: store layer index in ovl_layer Amir Goldstein
2018-01-04 21:00 ` Vivek Goyal
2018-01-05 5:05 ` Amir Goldstein
2018-01-05 11:22 ` Amir Goldstein
2018-01-05 15:00 ` Vivek Goyal
2018-01-05 17:51 ` Amir Goldstein
2018-01-09 8:36 ` Miklos Szeredi
2018-01-05 14:57 ` Vivek Goyal
2018-01-04 16:39 ` [PATCH v2 04/23] ovl: factor out ovl_check_origin_fh() Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 05/23] ovl: pass ovl_layer array to ovl_check_origin_fh() Amir Goldstein
2018-01-04 22:35 ` Vivek Goyal
2018-01-05 5:26 ` Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 06/23] ovl: add support for "verify" feature Amir Goldstein
2018-01-05 15:43 ` Vivek Goyal
2018-01-05 15:47 ` Amir Goldstein
2018-01-05 15:48 ` Amir Goldstein
2018-01-05 16:39 ` Vivek Goyal
2018-01-05 17:07 ` Amir Goldstein
2018-01-05 19:07 ` Vivek Goyal
2018-01-05 20:20 ` Amir Goldstein
2018-01-05 20:37 ` Amir Goldstein
2018-01-09 9:16 ` Miklos Szeredi
2018-01-09 9:54 ` Amir Goldstein
2018-01-09 10:07 ` Miklos Szeredi
2018-01-09 10:44 ` Amir Goldstein
2018-01-09 10:50 ` Miklos Szeredi
2018-01-04 16:40 ` [PATCH v2 07/23] ovl: verify stored origin fh matches lower dir Amir Goldstein
2018-01-05 16:04 ` Vivek Goyal
2018-01-05 16:26 ` Amir Goldstein
2018-01-05 16:35 ` Vivek Goyal [this message]
2018-01-05 16:42 ` Amir Goldstein
2018-01-05 18:33 ` Vivek Goyal
2018-01-05 19:00 ` Amir Goldstein
2018-01-09 9:52 ` Miklos Szeredi
2018-01-09 10:04 ` Amir Goldstein
2018-01-09 10:17 ` Miklos Szeredi
2018-01-04 16:40 ` [PATCH v2 08/23] ovl: unbless lower st_ino of files under unverified redirected dir Amir Goldstein
2018-01-09 13:31 ` Miklos Szeredi
2018-01-09 14:24 ` Amir Goldstein
2018-01-09 14:28 ` Miklos Szeredi
2018-01-04 16:40 ` [PATCH v2 09/23] ovl: lookup index for directories Amir Goldstein
2018-01-09 14:49 ` Miklos Szeredi
2018-01-09 16:07 ` Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 10/23] ovl: verify whiteout index entries on mount Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 11/23] ovl: verify directory " Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 12/23] ovl: cleanup temp index entries Amir Goldstein
2018-01-09 15:25 ` Miklos Szeredi
2018-01-09 16:08 ` Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 13/23] ovl: create ovl_need_index() helper Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 14/23] ovl: index all files on copy up with 'verify=on' Amir Goldstein
2018-01-09 16:45 ` Vivek Goyal
2018-01-09 16:50 ` Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 15/23] ovl: index directories " Amir Goldstein
2018-01-09 16:08 ` Miklos Szeredi
2018-01-09 16:31 ` Amir Goldstein
2018-01-09 16:35 ` Miklos Szeredi
2018-01-09 16:48 ` Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 16/23] ovl: cleanup dir index when dir nlink drops to zero Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 17/23] ovl: whiteout index when union " Amir Goldstein
2018-01-09 16:28 ` Miklos Szeredi
2018-01-09 16:41 ` Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 18/23] ovl: whiteout orphan index entries on mount Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 19/23] ovl: factor out ovl_get_index_fh() helper Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 20/23] ovl: do not pass overlay dentry to ovl_get_inode() Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 21/23] ovl: grab i_count reference of lower inode Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 22/23] ovl: use d_splice_alias() in place of d_add() in lookup Amir Goldstein
2018-01-04 16:40 ` [PATCH v2 23/23] ovl: copy up of disconnected dentries Amir Goldstein
2018-01-11 14:47 ` Miklos Szeredi
2018-01-11 15:28 ` Amir Goldstein
2018-01-11 16:55 ` [PATCH v2 00/23] Overlayfs consistency verification with full index Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180105163522.GE29480@redhat.com \
--to=vgoyal@redhat.com \
--cc=amir73il@gmail.com \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.