1. 24 1月, 2018 3 次提交
    • A
      ovl: store 'has_upper' and 'opaque' as bit flags · c62520a8
      Amir Goldstein 提交于
      We need to make some room in struct ovl_entry to store information
      about redirected ancestors for NFS export, so cram two booleans as
      bit flags.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      c62520a8
    • A
      ovl: add support for "nfs_export" configuration · f168f109
      Amir Goldstein 提交于
      Introduce the "nfs_export" config, module and mount options.
      
      The NFS export feature depends on the "index" feature and enables two
      implicit overlayfs features: "index_all" and "verify_lower".
      The "index_all" feature creates an index on copy up of every file and
      directory. The "verify_lower" feature uses the full index to detect
      overlay filesystems inconsistencies on lookup, like redirect from
      multiple upper dirs to the same lower dir.
      
      NFS export can be enabled for non-upper mount with no index. However,
      because lower layer redirects cannot be verified with the index, enabling
      NFS export support on an overlay with no upper layer requires turning off
      redirect follow (e.g. "redirect_dir=nofollow").
      
      The full index may incur some overhead on mount time, especially when
      verifying that lower directory file handles are not stale.
      
      NFS export support, full index and consistency verification will be
      implemented by following patches.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      f168f109
    • A
      ovl: store layer index in ovl_layer · d583ed7d
      Amir Goldstein 提交于
      Store the fs root layer index inside ovl_layer struct, so we can
      get the root fs layer index from merge dir lower layer instead of
      find it with ovl_find_layer() helper.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      d583ed7d
  2. 17 12月, 2017 1 次提交
  3. 11 12月, 2017 1 次提交
    • M
      ovl: don't follow redirects if redirect_dir=off · 438c84c2
      Miklos Szeredi 提交于
      Overlayfs is following redirects even when redirects are disabled. If this
      is unintentional (probably the majority of cases) then this can be a
      problem.  E.g. upper layer comes from untrusted USB drive, and attacker
      crafts a redirect to enable read access to otherwise unreadable
      directories.
      
      If "redirect_dir=off", then turn off following as well as creation of
      redirects.  If "redirect_dir=follow", then turn on following, but turn off
      creation of redirects (which is what "redirect_dir=off" does now).
      
      This is a backward incompatible change, so make it dependent on a config
      option.
      Reported-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      438c84c2
  4. 09 11月, 2017 2 次提交
  5. 24 10月, 2017 1 次提交
  6. 05 10月, 2017 1 次提交
    • A
      ovl: fix regression caused by exclusive upper/work dir protection · 85fdee1e
      Amir Goldstein 提交于
      Enforcing exclusive ownership on upper/work dirs caused a docker
      regression: https://github.com/moby/moby/issues/34672.
      
      Euan spotted the regression and pointed to the offending commit.
      Vivek has brought the regression to my attention and provided this
      reproducer:
      
      Terminal 1:
      
        mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
              merged/
      
      Terminal 2:
      
        unshare -m
      
      Terminal 1:
      
        umount merged
        mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
              merged/
        mount: /root/overlay-testing/merged: none already mounted or mount point
               busy
      
      To fix the regression, I replaced the error with an alarming warning.
      With index feature enabled, mount does fail, but logs a suggestion to
      override exclusive dir protection by disabling index.
      Note that index=off mount does take the inuse locks, so a concurrent
      index=off will issue the warning and a concurrent index=on mount will fail.
      
      Documentation was updated to reflect this change.
      
      Fixes: 2cac0c00 ("ovl: get exclusive ownership on upper/work dirs")
      Cc: <stable@vger.kernel.org> # v4.13
      Reported-by: NEuan Kemp <euank@euank.com>
      Reported-by: NVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      85fdee1e
  7. 05 7月, 2017 10 次提交
  8. 19 5月, 2017 1 次提交
    • A
      ovl: mark upper dir with type origin entries "impure" · ee1d6d37
      Amir Goldstein 提交于
      When moving a merge dir or non-dir with copy up origin into a non-merge
      upper dir (a.k.a pure upper dir), we are marking the target parent dir
      "impure". ovl_iterate() iterates pure upper dirs directly, because there is
      no need to filter out whiteouts and merge dir content with lower dir. But
      for the case of an "impure" upper dir, ovl_iterate() will not be able to
      iterate the real upper dir directly, because it will need to lookup the
      origin inode and use it to fill d_ino.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      ee1d6d37
  9. 18 5月, 2017 1 次提交
  10. 05 5月, 2017 1 次提交
  11. 07 2月, 2017 2 次提交
  12. 16 12月, 2016 4 次提交
    • M
      ovl: redirect on rename-dir · a6c60655
      Miklos Szeredi 提交于
      Current code returns EXDEV when a directory would need to be copied up to
      move.  We could copy up the directory tree in this case, but there's
      another, simpler solution: point to old lower directory from moved upper
      directory.
      
      This is achieved with a "trusted.overlay.redirect" xattr storing the path
      relative to the root of the overlay.  After such attribute has been set,
      the directory can be moved without further actions required.
      
      This is a backward incompatible feature, old kernels won't be able to
      correctly mount an overlay containing redirected directories.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      a6c60655
    • M
      ovl: lookup redirects · 02b69b28
      Miklos Szeredi 提交于
      If a directory has the "trusted.overlay.redirect" xattr, it means that the
      value of the xattr should be used to find the underlying directory on the
      next lower layer.
      
      The redirect may be relative or absolute.  Absolute redirects begin with a
      slash.
      
      A relative redirect means: instead of the current dentry's name use the
      value of the redirect to find the directory in the next lower
      layer. Relative redirects must not contain a slash.
      
      An absolute redirect means: look up the directory relative to the root of
      the overlay using the value of the redirect in the next lower layer.
      
      Redirects work on lower layers as well.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      02b69b28
    • M
      ovl: check namelen · 6b2d5fe4
      Miklos Szeredi 提交于
      We already calculate f_namelen in statfs as the maximum of the name lengths
      provided by the filesystems taking part in the overlay.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      6b2d5fe4
    • M
      ovl: split super.c · bbb1e54d
      Miklos Szeredi 提交于
      fs/overlayfs/super.c is the biggest of the overlayfs source files and it
      contains various utility functions as well as the rather complicated lookup
      code.  Split these parts out to separate files.
      
      Before:
      
       1446 fs/overlayfs/super.c
      
      After:
      
        919 fs/overlayfs/super.c
        267 fs/overlayfs/namei.c
        235 fs/overlayfs/util.c
         51 fs/overlayfs/ovl_entry.h
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      bbb1e54d