From: Vivek Goyal <vgoyal@redhat.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
overlayfs <linux-unionfs@vger.kernel.org>
Subject: Re: [PATCH v15 10/30] ovl: Modify ovl_lookup() and friends to lookup metacopy dentry
Date: Thu, 10 May 2018 15:42:56 -0400 [thread overview]
Message-ID: <20180510194256.GB7651@redhat.com> (raw)
In-Reply-To: <CAOQ4uxiEWEBSDChH5zq04_7r7WHOgCACvJb0R3oejRsJ=MSR_w@mail.gmail.com>
On Thu, May 10, 2018 at 05:43:10PM +0300, Amir Goldstein wrote:
> On Thu, May 10, 2018 at 4:14 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
> > On Thu, May 10, 2018 at 11:19:23AM +0200, Miklos Szeredi wrote:
> >> On Mon, May 7, 2018 at 7:40 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
> >> > This patch modifies ovl_lookup() and friends to lookup metacopy dentries.
> >> > It also allows for presence of metacopy dentries in lower layer.
> >> >
> >> > During lookup, check for presence of OVL_XATTR_METACOPY and if not present,
> >> > set OVL_UPPERDATA bit in flags.
> >> >
> >> > We don't support metacopy feature with nfs_export. So in nfs_export code,
> >> > we set OVL_UPPERDATA flag set unconditionally if upper inode exists.
> >> >
> >> > Do not follow metacopy origin if we find a metacopy only inode and metacopy
> >> > feature is not enabled for that mount. Like redirect, this can have security
> >> > implications where an attacker could hand craft upper and try to gain
> >> > access to file on lower which it should not have to begin with.
> >> >
> >> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> >> > ---
> [...]
>
> >> > @@ -925,18 +943,36 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
> >> > * When "verify_lower" feature is enabled, do not merge with a
> >> > * lower dir that does not match a stored origin xattr. In any
> >> > * case, only verified origin is used for index lookup.
> >> > + *
> >> > + * For non-dir dentry, make sure dentry found by lookup
> >> > + * matches the origin stored in upper. Otherwise its an
> >> > + * error.
> >>
> >> Umm, why we need to be so strict? This would break the case where
> >> the layers are copied with xattr intact, but the origin pointer will
> >> obviously be "wrong", which shouldn't be a problem, since that's only
> >> needed to get a unique st_ino, nothing else.
> >
> > Hmm...., right this breaks the case of copied up layer. The very reason
> > we moved to using path based lookup for metacopy data dentry.
> >
> > So if we have a origin on upper for metacopy file which does not match
> > lower dentry found using path based lookup, we can ignore the origin
> > information and don't lookup for index either. That also means that
> > inode will be reported of upper. Given we will not use index, that
> > probably will mean broken hardlinks and some strange corner cases. I will
> > make this change and run the tests on copied layers and see what breaks.
> >
> >
>
> OK, so maybe just relax below to:
>
> >>
> >> > */
> >> > - if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) {
> >> > + if (upperdentry && !ctr &&
> >> > + ((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
> >> > + (!d.is_dir && origin_path))) {
> >> > err = ovl_verify_origin(upperdentry, this, false);
> >> > if (err) {
> >> > dput(this);
> >> > - break;
> >> > + if (d.is_dir)
> >> > + break;
>
> + else if (ovl_verify_lower(dentry->d_sb))
Amir,
As I asked in other email, should we make it conditional based on
config.index instead? IOW, if indexing is enabled, we will have ORIGIN on
upper and we need to make sure it matches path based looked up lower. And
layer copying will not work in this case. Anyway, IIUC, with index=on, layer
copying does not work (Atleast lower layer can't be copied).
Layer copying will work for the cases of index=off. And in that case we
will not enforce ORIGIN verification of non-dir metacopy. Given index
is off, we don't have to worry about using this lower to lookup for
index. We can use it to report inode number of lower.
And this means we will have broken hard links with layer copy use case.
Thanks
Vivek
next prev parent reply other threads:[~2018-05-10 19:42 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-07 17:40 [PATCH v15 00/30] overlayfs: Delayed copy up of data Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 01/30] ovl: Pass argument to ovl_get_inode() in a structure Vivek Goyal
2018-05-07 19:26 ` Amir Goldstein
2018-05-07 20:37 ` Vivek Goyal
2018-05-08 4:45 ` Amir Goldstein
2018-05-08 13:45 ` Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 02/30] ovl: Initialize ovl_inode->redirect in ovl_get_inode() Vivek Goyal
2018-05-08 13:56 ` Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 03/30] ovl: Move the copy up helpers to copy_up.c Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 04/30] ovl: Provide a mount option metacopy=on/off for metadata copyup Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 05/30] ovl: During copy up, first copy up metadata and then data Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 06/30] ovl: Copy up only metadata during copy up where it makes sense Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 07/30] ovl: Add helper ovl_already_copied_up() Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 08/30] ovl: A new xattr OVL_XATTR_METACOPY for file on upper Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 09/30] ovl: Use out_err instead of out_nomem Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 10/30] ovl: Modify ovl_lookup() and friends to lookup metacopy dentry Vivek Goyal
2018-05-07 19:14 ` Amir Goldstein
2018-05-10 9:19 ` Miklos Szeredi
2018-05-10 9:36 ` Miklos Szeredi
2018-05-10 9:52 ` Miklos Szeredi
2018-05-10 13:17 ` Vivek Goyal
2018-05-10 15:32 ` Vivek Goyal
2018-05-10 20:21 ` Miklos Szeredi
2018-05-10 13:14 ` Vivek Goyal
2018-05-10 14:43 ` Amir Goldstein
2018-05-10 19:42 ` Vivek Goyal [this message]
2018-05-10 19:39 ` Vivek Goyal
2018-05-10 20:13 ` Miklos Szeredi
2018-05-11 7:29 ` Miklos Szeredi
2018-05-11 7:52 ` Amir Goldstein
2018-05-11 8:13 ` Miklos Szeredi
2018-05-11 12:28 ` Vivek Goyal
2018-05-11 14:30 ` Vivek Goyal
2018-05-11 15:05 ` Amir Goldstein
2018-05-11 15:14 ` Vivek Goyal
2018-05-11 15:52 ` Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 11/30] ovl: Copy up meta inode data from lowest data inode Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 12/30] ovl: Add helper ovl_dentry_lowerdata() to get lower data dentry Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 13/30] ovl: Add an helper to get real " Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 14/30] ovl: Fix ovl_getattr() to get number of blocks from lower Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 15/30] ovl: Store lower data inode in ovl_inode Vivek Goyal
2018-05-07 18:59 ` Amir Goldstein
2018-05-08 13:47 ` Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 16/30] ovl: Add helper ovl_inode_real_data() Vivek Goyal
2018-05-07 18:18 ` Amir Goldstein
2018-05-07 17:40 ` [PATCH v15 17/30] ovl: Open file with data except for the case of fsync Vivek Goyal
2018-05-07 19:47 ` Amir Goldstein
2018-05-07 20:59 ` Vivek Goyal
2018-05-08 5:26 ` Amir Goldstein
2018-05-08 12:50 ` Vivek Goyal
2018-05-08 14:14 ` Amir Goldstein
2018-05-08 14:26 ` Vivek Goyal
2018-05-08 15:04 ` Amir Goldstein
2018-05-07 17:40 ` [PATCH v15 18/30] ovl: Do not expose metacopy only dentry from d_real() Vivek Goyal
2018-05-07 19:39 ` Amir Goldstein
2018-05-07 17:40 ` [PATCH v15 19/30] ovl: Move some dir related ovl_lookup_single() code in else block Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 20/30] ovl: Check redirects for metacopy files Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 21/30] ovl: Treat metacopy dentries as type OVL_PATH_MERGE Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 22/30] ovl: Add an inode flag OVL_CONST_INO Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 23/30] ovl: Do not set dentry type ORIGIN for broken hardlinks Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 24/30] ovl: Set redirect on metacopy files upon rename Vivek Goyal
2018-05-07 18:21 ` Amir Goldstein
2018-05-07 17:40 ` [PATCH v15 25/30] ovl: Set redirect on upper inode when it is linked Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 26/30] ovl: Check redirect on index as well Vivek Goyal
2018-05-07 18:43 ` Amir Goldstein
2018-05-08 12:58 ` Vivek Goyal
2018-05-07 17:40 ` [PATCH v15 27/30] ovl: Disbale metacopy for MAP_SHARED mmap() Vivek Goyal
2018-05-07 17:41 ` [PATCH v15 28/30] ovl: Do not do metadata only copy-up for truncate operation Vivek Goyal
2018-05-07 17:41 ` [PATCH v15 29/30] ovl: Do not do metacopy only for ioctl modifying file attr Vivek Goyal
2018-05-07 17:41 ` [PATCH v15 30/30] ovl: Enable metadata only feature Vivek Goyal
2018-05-07 18:10 ` [PATCH v15 00/30] overlayfs: Delayed copy up of data Amir Goldstein
2018-05-07 18:24 ` Vivek Goyal
2018-05-07 18:33 ` Amir Goldstein
2018-05-07 19:14 ` Vivek Goyal
2018-05-08 13:42 ` Vivek Goyal
2018-05-08 14:16 ` Amir Goldstein
2018-05-23 20:00 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180510194256.GB7651@redhat.com \
--to=vgoyal@redhat.com \
--cc=amir73il@gmail.com \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox