From: Valerie Aurora <vaurora@redhat.com>
To: Jan Blunck <jblunck@suse.de>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
Andy Whitcroft <apw@canonical.com>,
Scott James Remnant <scott@canonica
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 37/41] union-mount: Check read-only/read-write status of layers
Date: Wed, 21 Oct 2009 12:19:35 -0700 [thread overview]
Message-ID: <1256152779-10054-38-git-send-email-vaurora@redhat.com> (raw)
In-Reply-To: <1256152779-10054-37-git-send-email-vaurora@redhat.com>
The top layer of a union mount must be writable (in order to support
readdir-triggered copyups) and the bottom layer must be read-only (to
avoid nasty races).
Thanks to Felix Fietkau <nbd@openwrt.org> for a bug fix.
XXX - Add requirement that top layer is mounted only once
Signed-off-by: Valerie Aurora <vaurora@redhat.com>
---
fs/namespace.c | 73 +++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 59 insertions(+), 14 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 505974a..9b71743 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1462,6 +1462,61 @@ static int do_change_type(struct path *path, int flag)
}
/*
+ * Mount-time check of upper and lower layer file systems to see if we
+ * can union mount one on the other.
+ *
+ * Union mounts must follow these rules:
+ *
+ * - The lower layer must be read-only. This avoids lots of nasty
+ * unsolvable races where file system structures disappear suddenly.
+ * XXX - Checking the vfsmnt for read-only is a temporary hack; the
+ * file system could be mounted read-write elsewhere. We need to
+ * enforce read-only at the superblock level (patches coming).
+ *
+ * - The upper layer must be writable. This isn't an absolute
+ * requirement; right now we need it to make readdir() work since we
+ * copy up directory entries to the top level. A possible
+ * workaround is to mount a tmpfs file system transparently over the
+ * top.
+ *
+ * - The upper layer must support whiteouts and fallthrus (if it is
+ * writeable).
+ *
+ * - The lower layer must not also be a union mount. This is just to
+ * make life simpler for now, there is no inherent limitation on the
+ * number of layers.
+ *
+ * XXX - Check other mount flags for incompatibilities - I'm sure
+ * there are some.
+ */
+
+static int
+check_union_mnt(struct path *mntpnt, struct vfsmount *top_mnt, int mnt_flags)
+{
+ struct vfsmount *lower_mnt = mntpnt->mnt;
+
+ /* Is this even a union mount? */
+ if (!(mnt_flags & MNT_UNION))
+ return 0;
+
+ /* Lower layer must be read-only and not a union mount */
+ if (!(lower_mnt->mnt_sb->s_flags & MS_RDONLY) ||
+ (lower_mnt->mnt_flags & MNT_UNION))
+ return -EBUSY;
+
+ /* Upper layer must be writable */
+ if (mnt_flags & MNT_READONLY)
+ return -EROFS;
+
+ /* Upper layer must support whiteouts and fallthrus */
+ if (!(top_mnt->mnt_sb->s_flags & MS_WHITEOUT))
+ return -EINVAL;
+
+ /* All good! */
+ return 0;
+}
+
+/*
* do loopback mount.
*/
static int do_loopback(struct path *path, char *old_name, int recurse,
@@ -1495,13 +1550,8 @@ static int do_loopback(struct path *path, char *old_name, int recurse,
if (!mnt)
goto out;
- /*
- * Unions couldn't be writable if the filesystem doesn't know about
- * whiteouts
- */
- err = -ENOTSUPP;
- if ((mnt_flags & MNT_UNION) &&
- !(mnt->mnt_sb->s_flags & (MS_WHITEOUT|MS_RDONLY)))
+ err = check_union_mnt(path, mnt, mnt_flags);
+ if (err)
goto out;
if (mnt_flags & MNT_UNION)
@@ -1726,13 +1776,8 @@ int do_add_mount(struct vfsmount *newmnt, struct path *path,
if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
goto unlock;
- /*
- * Unions couldn't be writable if the filesystem doesn't know about
- * whiteouts
- */
- err = -ENOTSUPP;
- if ((mnt_flags & MNT_UNION) &&
- !(newmnt->mnt_sb->s_flags & (MS_WHITEOUT|MS_RDONLY)))
+ err = check_union_mnt(path, newmnt, mnt_flags);
+ if (err)
goto unlock;
newmnt->mnt_flags = mnt_flags;
--
1.6.3.3
next prev parent reply other threads:[~2009-10-21 19:21 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-21 19:18 [RFC PATCH 00/40] Writable overlays (union mounts) Valerie Aurora
2009-10-21 19:18 ` [PATCH 01/41] VFS: BUG() if somebody tries to rehash an already hashed dentry Valerie Aurora
2009-10-21 19:19 ` [PATCH 02/41] VFS: propagate mnt_flags into do_loopback Valerie Aurora
2009-10-21 19:19 ` [PATCH 03/41] VFS: Make lookup_hash() return a struct path Valerie Aurora
2009-10-21 19:19 ` [PATCH 04/41] VFS: Remove unnecessary micro-optimization in cached_lookup() Valerie Aurora
2009-10-21 19:19 ` [PATCH 05/41] VFS: Make real_lookup() return a struct path Valerie Aurora
2009-10-21 19:19 ` [PATCH 06/41] VFS: Introduce dput() variant that maintains a kill-list Valerie Aurora
2009-10-21 19:19 ` [PATCH 07/41] VFS: Add read-only users count to superblock Valerie Aurora
2009-10-21 19:19 ` [PATCH 08/41] Don't replace nameidata path when following links Valerie Aurora
2009-10-21 19:19 ` [PATCH 09/41] whiteout: Don't return information about whiteouts to userspace Valerie Aurora
2009-10-21 19:19 ` [PATCH 10/41] whiteout: Add vfs_whiteout() and whiteout inode operation Valerie Aurora
2009-10-21 19:19 ` [PATCH 11/41] whiteout: Set S_OPAQUE inode flag when creating directories Valerie Aurora
2009-10-21 19:19 ` [PATCH 12/41] union-mount: Allow removal of a directory Valerie Aurora
2009-10-21 19:19 ` [PATCH 13/41] whiteout: tmpfs whiteout support Valerie Aurora
2009-10-21 19:19 ` [PATCH 14/41] whiteout: Split of ext2_append_link() from ext2_add_link() Valerie Aurora
2009-10-21 19:19 ` [PATCH 15/41] whiteout: ext2 whiteout support Valerie Aurora
2009-10-21 19:19 ` [PATCH 16/41] whiteout: jffs2 " Valerie Aurora
2009-10-21 19:19 ` [PATCH 17/41] whiteout: Add path_whiteout() helper Valerie Aurora
2009-10-21 19:19 ` [PATCH 18/41] union-mount: Documentation Valerie Aurora
2009-10-21 19:19 ` [PATCH 19/41] union-mount: Introduce MNT_UNION and MS_UNION flags Valerie Aurora
2009-10-21 19:19 ` [PATCH 20/41] union-mount: Introduce union_mount structure Valerie Aurora
2009-10-21 19:19 ` [PATCH 21/41] union-mount: Drive the union cache via dcache Valerie Aurora
2009-10-21 19:19 ` [PATCH 22/41] union-mount: Some checks during namespace changes Valerie Aurora
2009-10-21 19:19 ` [PATCH 23/41] union-mount: Changes to the namespace handling Valerie Aurora
2009-10-21 19:19 ` [PATCH 24/41] union-mount: Make lookup work for union-mounted file systems Valerie Aurora
2009-10-21 19:19 ` [PATCH 25/41] union-mount: stop lookup when directory has S_OPAQUE flag set Valerie Aurora
2009-10-21 19:19 ` [PATCH 26/41] union-mount: stop lookup when finding a whiteout Valerie Aurora
2009-10-21 19:19 ` [PATCH 27/41] union-mount: in-kernel file copy between union mounted filesystems Valerie Aurora
2009-10-21 19:19 ` [PATCH 28/41] union-mount: call do_whiteout() on unlink and rmdir Valerie Aurora
2009-10-21 19:19 ` [PATCH 29/41] union-mount: Always create topmost directory on open Valerie Aurora
2009-10-21 19:19 ` [PATCH 30/41] fallthru: Basic fallthru definitions Valerie Aurora
2009-10-21 19:19 ` [PATCH 31/41] fallthru: Support for fallthru entries in union mount lookup Valerie Aurora
2009-10-21 19:19 ` [PATCH 32/41] fallthru: ext2 fallthru support Valerie Aurora
2009-10-21 19:19 ` [PATCH 33/41] fallthru: jffs2 " Valerie Aurora
2009-10-21 19:19 ` [PATCH 34/41] fallthru: tmpfs " Valerie Aurora
2009-10-21 19:19 ` [PATCH 35/41] union-mount: Copy up directory entries on first readdir() Valerie Aurora
2009-10-21 19:19 ` [PATCH 36/41] union-mount: Increment read-only users count for read-only layer Valerie Aurora
2009-10-21 19:19 ` Valerie Aurora [this message]
2009-10-21 19:19 ` [PATCH 38/41] union-mount: Make pivot_root work with union mounts Valerie Aurora
2009-10-21 19:19 ` [PATCH 39/41] union-mount: Ignore read-only file system in permission checks Valerie Aurora
2009-10-21 19:19 ` [PATCH 40/41] union-mount: Make truncate work in all its glorious UNIX variations Valerie Aurora
2009-10-21 19:19 ` [PATCH 41/41] union-mount: Add support for rename by __union_copyup() Valerie Aurora
2009-12-01 4:57 ` Erez Zadok
2009-12-01 4:50 ` [PATCH 40/41] union-mount: Make truncate work in all its glorious UNIX variations Erez Zadok
2009-12-01 4:34 ` [PATCH 39/41] union-mount: Ignore read-only file system in permission checks Erez Zadok
2009-12-01 4:26 ` [PATCH 38/41] union-mount: Make pivot_root work with union mounts Erez Zadok
2009-12-01 4:18 ` [PATCH 35/41] union-mount: Copy up directory entries on first readdir() Erez Zadok
2009-12-01 4:17 ` [PATCH 34/41] fallthru: tmpfs fallthru support Erez Zadok
2009-12-01 4:17 ` [PATCH 33/41] fallthru: jffs2 " Erez Zadok
2009-12-01 4:17 ` [PATCH 32/41] fallthru: ext2 " Erez Zadok
2009-12-01 4:15 ` [PATCH 31/41] fallthru: Support for fallthru entries in union mount lookup Erez Zadok
2009-12-01 4:14 ` [PATCH 30/41] fallthru: Basic fallthru definitions Erez Zadok
2009-12-01 4:14 ` [PATCH 29/41] union-mount: Always create topmost directory on open Erez Zadok
2009-12-01 4:13 ` [PATCH 27/41] union-mount: in-kernel file copy between union mounted filesystems Erez Zadok
2009-12-01 4:11 ` [PATCH 26/41] union-mount: stop lookup when finding a whiteout Erez Zadok
2009-12-01 4:10 ` [PATCH 25/41] union-mount: stop lookup when directory has S_OPAQUE flag set Erez Zadok
2009-12-01 4:10 ` [PATCH 24/41] union-mount: Make lookup work for union-mounted file systems Erez Zadok
2009-11-30 9:15 ` [PATCH 23/41] union-mount: Changes to the namespace handling Erez Zadok
2009-11-30 9:04 ` [PATCH 22/41] union-mount: Some checks during namespace changes Erez Zadok
2009-11-30 8:57 ` [PATCH 21/41] union-mount: Drive the union cache via dcache Erez Zadok
2009-11-30 8:46 ` [PATCH 20/41] union-mount: Introduce union_mount structure Erez Zadok
2010-01-26 22:38 ` Valerie Aurora
2009-11-30 8:02 ` [PATCH 19/41] union-mount: Introduce MNT_UNION and MS_UNION flags Erez Zadok
2010-01-26 20:03 ` Valerie Aurora
2009-12-01 5:37 ` [PATCH 18/41] union-mount: Documentation Erez Zadok
2009-11-30 7:57 ` [PATCH 17/41] whiteout: Add path_whiteout() helper Erez Zadok
2010-01-26 20:02 ` Valerie Aurora
2009-10-21 22:50 ` [PATCH 16/41] whiteout: jffs2 whiteout support David Woodhouse
2009-10-27 2:21 ` Valerie Aurora
2009-11-30 7:51 ` Erez Zadok
2010-01-26 19:52 ` Valerie Aurora
2009-10-21 21:17 ` [PATCH 15/41] whiteout: ext2 " Andreas Dilger
2009-10-27 2:14 ` Valerie Aurora
2009-11-30 7:45 ` Erez Zadok
2009-11-30 6:32 ` [PATCH 14/41] whiteout: Split of ext2_append_link() from ext2_add_link() Erez Zadok
2009-11-30 6:26 ` [PATCH 13/41] whiteout: tmpfs whiteout support Erez Zadok
2010-01-21 2:02 ` Valerie Aurora
2009-11-30 6:13 ` [PATCH 12/41] union-mount: Allow removal of a directory Erez Zadok
2010-01-21 0:52 ` Valerie Aurora
2009-10-27 14:36 ` [PATCH 10/41] whiteout: Add vfs_whiteout() and whiteout inode operation Eric Paris
2009-10-27 21:22 ` Valerie Aurora
2009-11-30 3:04 ` Erez Zadok
2010-01-21 0:35 ` Valerie Aurora
2009-11-30 2:53 ` [PATCH 09/41] whiteout: Don't return information about whiteouts to userspace Erez Zadok
2010-01-21 0:19 ` Valerie Aurora
2009-11-30 2:44 ` [PATCH 08/41] Don't replace nameidata path when following links Erez Zadok
2009-11-30 2:33 ` [PATCH 07/41] VFS: Add read-only users count to superblock Erez Zadok
2009-11-30 2:28 ` [PATCH 06/41] VFS: Introduce dput() variant that maintains a kill-list Erez Zadok
2010-01-20 23:31 ` Valerie Aurora
2009-11-30 2:11 ` [PATCH 05/41] VFS: Make real_lookup() return a struct path Erez Zadok
2009-11-30 2:07 ` [PATCH 04/41] VFS: Remove unnecessary micro-optimization in cached_lookup() Erez Zadok
2009-12-10 21:25 ` Valerie Aurora
2009-11-30 2:02 ` [PATCH 03/41] VFS: Make lookup_hash() return a struct path Erez Zadok
2009-12-10 21:23 ` Valerie Aurora
2009-11-30 6:04 ` Erez Zadok
2009-12-10 21:24 ` Valerie Aurora
2009-11-30 1:43 ` [PATCH 01/41] VFS: BUG() if somebody tries to rehash an already hashed dentry Erez Zadok
2009-12-10 20:20 ` Valerie Aurora
2009-10-22 2:44 ` [RFC PATCH 00/40] Writable overlays (union mounts) hooanon05
2009-10-27 2:23 ` Valerie Aurora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1256152779-10054-38-git-send-email-vaurora@redhat.com \
--to=vaurora@redhat.com \
--cc=apw@canonical.com \
--cc=hch@infradead.org \
--cc=jblunck@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=scott@canonica \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).