1. 26 4月, 2017 1 次提交
  2. 20 4月, 2017 2 次提交
    • A
      ovl: check IS_APPEND() on real upper inode · b0990fbb
      Amir Goldstein 提交于
      For overlay file open, check IS_APPEND() on the real upper inode
      inside d_real(), because the overlay inode does not have the
      S_APPEND flag and IS_APPEND() can only be checked at open time.
      
      Note that because overlayfs does not copy up the chattr inode flags
      (i.e. S_APPEND, S_IMMUTABLE), the IS_APPEND() check is only relevant
      for upper inodes that were set with chattr +a and not to lower
      inodes that had chattr +a before copy up.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      b0990fbb
    • K
      ovl: Use designated initializers · 33006cdf
      Kees Cook 提交于
      Prepare to mark sensitive kernel structures for randomization by making
      sure they're using designated initializers. These were identified during
      allyesconfig builds of x86, arm, and arm64, with most initializer fixes
      extracted from grsecurity.
      
      For these cases, use { }, which will be zero-filled, instead of
      undesignated NULLs.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      33006cdf
  3. 08 3月, 2017 1 次提交
    • A
      ovl: lockdep annotate of nested stacked overlayfs inode lock · b1eaa950
      Amir Goldstein 提交于
      An overlayfs instance can be the lower layer of another overlayfs
      instance. This setup triggers a lockdep splat of possible recursive
      locking of sb->s_type->i_mutex_key in iterate_dir(). Trimmed snip:
      
       [ INFO: possible recursive locking detected ]
       bash/2468 is trying to acquire lock:
        &sb->s_type->i_mutex_key#14, at: iterate_dir+0x7d/0x15c
       but task is already holding lock:
        &sb->s_type->i_mutex_key#14, at: iterate_dir+0x7d/0x15c
      
      One problem observed with this splat is that ovl_new_inode()
      does not call lockdep_annotate_inode_mutex_key() to annotate
      the dir inode lock as &sb->s_type->i_mutex_dir_key like other
      fs do.
      
      The other problem is that the 2 nested levels of overlayfs inode
      lock are annotated using the same key, which is the cause of the
      false positive lockdep warning.
      
      Fix this by annotating overlayfs inode lock in ovl_fill_inode()
      according to stack level of the super block instance and use
      different key for dir vs. non-dir like other fs do.
      
      Here is an edited snip from /proc/lockdep_chains after
      iterate_dir() of nested overlayfs:
      
       [...] &ovl_i_mutex_dir_key[depth]   (stack_depth=2)
       [...] &ovl_i_mutex_dir_key[depth]#2 (stack_depth=1)
       [...] &type->i_mutex_dir_key        (stack_depth=0)
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      b1eaa950
  4. 03 3月, 2017 1 次提交
    • D
      statx: Add a system call to make enhanced file info available · a528d35e
      David Howells 提交于
      Add a system call to make extended file information available, including
      file creation and some attribute flags where available through the
      underlying filesystem.
      
      The getattr inode operation is altered to take two additional arguments: a
      u32 request_mask and an unsigned int flags that indicate the
      synchronisation mode.  This change is propagated to the vfs_getattr*()
      function.
      
      Functions like vfs_stat() are now inline wrappers around new functions
      vfs_statx() and vfs_statx_fd() to reduce stack usage.
      
      ========
      OVERVIEW
      ========
      
      The idea was initially proposed as a set of xattrs that could be retrieved
      with getxattr(), but the general preference proved to be for a new syscall
      with an extended stat structure.
      
      A number of requests were gathered for features to be included.  The
      following have been included:
      
       (1) Make the fields a consistent size on all arches and make them large.
      
       (2) Spare space, request flags and information flags are provided for
           future expansion.
      
       (3) Better support for the y2038 problem [Arnd Bergmann] (tv_sec is an
           __s64).
      
       (4) Creation time: The SMB protocol carries the creation time, which could
           be exported by Samba, which will in turn help CIFS make use of
           FS-Cache as that can be used for coherency data (stx_btime).
      
           This is also specified in NFSv4 as a recommended attribute and could
           be exported by NFSD [Steve French].
      
       (5) Lightweight stat: Ask for just those details of interest, and allow a
           netfs (such as NFS) to approximate anything not of interest, possibly
           without going to the server [Trond Myklebust, Ulrich Drepper, Andreas
           Dilger] (AT_STATX_DONT_SYNC).
      
       (6) Heavyweight stat: Force a netfs to go to the server, even if it thinks
           its cached attributes are up to date [Trond Myklebust]
           (AT_STATX_FORCE_SYNC).
      
      And the following have been left out for future extension:
      
       (7) Data version number: Could be used by userspace NFS servers [Aneesh
           Kumar].
      
           Can also be used to modify fill_post_wcc() in NFSD which retrieves
           i_version directly, but has just called vfs_getattr().  It could get
           it from the kstat struct if it used vfs_xgetattr() instead.
      
           (There's disagreement on the exact semantics of a single field, since
           not all filesystems do this the same way).
      
       (8) BSD stat compatibility: Including more fields from the BSD stat such
           as creation time (st_btime) and inode generation number (st_gen)
           [Jeremy Allison, Bernd Schubert].
      
       (9) Inode generation number: Useful for FUSE and userspace NFS servers
           [Bernd Schubert].
      
           (This was asked for but later deemed unnecessary with the
           open-by-handle capability available and caused disagreement as to
           whether it's a security hole or not).
      
      (10) Extra coherency data may be useful in making backups [Andreas Dilger].
      
           (No particular data were offered, but things like last backup
           timestamp, the data version number and the DOS archive bit would come
           into this category).
      
      (11) Allow the filesystem to indicate what it can/cannot provide: A
           filesystem can now say it doesn't support a standard stat feature if
           that isn't available, so if, for instance, inode numbers or UIDs don't
           exist or are fabricated locally...
      
           (This requires a separate system call - I have an fsinfo() call idea
           for this).
      
      (12) Store a 16-byte volume ID in the superblock that can be returned in
           struct xstat [Steve French].
      
           (Deferred to fsinfo).
      
      (13) Include granularity fields in the time data to indicate the
           granularity of each of the times (NFSv4 time_delta) [Steve French].
      
           (Deferred to fsinfo).
      
      (14) FS_IOC_GETFLAGS value.  These could be translated to BSD's st_flags.
           Note that the Linux IOC flags are a mess and filesystems such as Ext4
           define flags that aren't in linux/fs.h, so translation in the kernel
           may be a necessity (or, possibly, we provide the filesystem type too).
      
           (Some attributes are made available in stx_attributes, but the general
           feeling was that the IOC flags were to ext[234]-specific and shouldn't
           be exposed through statx this way).
      
      (15) Mask of features available on file (eg: ACLs, seclabel) [Brad Boyer,
           Michael Kerrisk].
      
           (Deferred, probably to fsinfo.  Finding out if there's an ACL or
           seclabal might require extra filesystem operations).
      
      (16) Femtosecond-resolution timestamps [Dave Chinner].
      
           (A __reserved field has been left in the statx_timestamp struct for
           this - if there proves to be a need).
      
      (17) A set multiple attributes syscall to go with this.
      
      ===============
      NEW SYSTEM CALL
      ===============
      
      The new system call is:
      
      	int ret = statx(int dfd,
      			const char *filename,
      			unsigned int flags,
      			unsigned int mask,
      			struct statx *buffer);
      
      The dfd, filename and flags parameters indicate the file to query, in a
      similar way to fstatat().  There is no equivalent of lstat() as that can be
      emulated with statx() by passing AT_SYMLINK_NOFOLLOW in flags.  There is
      also no equivalent of fstat() as that can be emulated by passing a NULL
      filename to statx() with the fd of interest in dfd.
      
      Whether or not statx() synchronises the attributes with the backing store
      can be controlled by OR'ing a value into the flags argument (this typically
      only affects network filesystems):
      
       (1) AT_STATX_SYNC_AS_STAT tells statx() to behave as stat() does in this
           respect.
      
       (2) AT_STATX_FORCE_SYNC will require a network filesystem to synchronise
           its attributes with the server - which might require data writeback to
           occur to get the timestamps correct.
      
       (3) AT_STATX_DONT_SYNC will suppress synchronisation with the server in a
           network filesystem.  The resulting values should be considered
           approximate.
      
      mask is a bitmask indicating the fields in struct statx that are of
      interest to the caller.  The user should set this to STATX_BASIC_STATS to
      get the basic set returned by stat().  It should be noted that asking for
      more information may entail extra I/O operations.
      
      buffer points to the destination for the data.  This must be 256 bytes in
      size.
      
      ======================
      MAIN ATTRIBUTES RECORD
      ======================
      
      The following structures are defined in which to return the main attribute
      set:
      
      	struct statx_timestamp {
      		__s64	tv_sec;
      		__s32	tv_nsec;
      		__s32	__reserved;
      	};
      
      	struct statx {
      		__u32	stx_mask;
      		__u32	stx_blksize;
      		__u64	stx_attributes;
      		__u32	stx_nlink;
      		__u32	stx_uid;
      		__u32	stx_gid;
      		__u16	stx_mode;
      		__u16	__spare0[1];
      		__u64	stx_ino;
      		__u64	stx_size;
      		__u64	stx_blocks;
      		__u64	__spare1[1];
      		struct statx_timestamp	stx_atime;
      		struct statx_timestamp	stx_btime;
      		struct statx_timestamp	stx_ctime;
      		struct statx_timestamp	stx_mtime;
      		__u32	stx_rdev_major;
      		__u32	stx_rdev_minor;
      		__u32	stx_dev_major;
      		__u32	stx_dev_minor;
      		__u64	__spare2[14];
      	};
      
      The defined bits in request_mask and stx_mask are:
      
      	STATX_TYPE		Want/got stx_mode & S_IFMT
      	STATX_MODE		Want/got stx_mode & ~S_IFMT
      	STATX_NLINK		Want/got stx_nlink
      	STATX_UID		Want/got stx_uid
      	STATX_GID		Want/got stx_gid
      	STATX_ATIME		Want/got stx_atime{,_ns}
      	STATX_MTIME		Want/got stx_mtime{,_ns}
      	STATX_CTIME		Want/got stx_ctime{,_ns}
      	STATX_INO		Want/got stx_ino
      	STATX_SIZE		Want/got stx_size
      	STATX_BLOCKS		Want/got stx_blocks
      	STATX_BASIC_STATS	[The stuff in the normal stat struct]
      	STATX_BTIME		Want/got stx_btime{,_ns}
      	STATX_ALL		[All currently available stuff]
      
      stx_btime is the file creation time, stx_mask is a bitmask indicating the
      data provided and __spares*[] are where as-yet undefined fields can be
      placed.
      
      Time fields are structures with separate seconds and nanoseconds fields
      plus a reserved field in case we want to add even finer resolution.  Note
      that times will be negative if before 1970; in such a case, the nanosecond
      fields will also be negative if not zero.
      
      The bits defined in the stx_attributes field convey information about a
      file, how it is accessed, where it is and what it does.  The following
      attributes map to FS_*_FL flags and are the same numerical value:
      
      	STATX_ATTR_COMPRESSED		File is compressed by the fs
      	STATX_ATTR_IMMUTABLE		File is marked immutable
      	STATX_ATTR_APPEND		File is append-only
      	STATX_ATTR_NODUMP		File is not to be dumped
      	STATX_ATTR_ENCRYPTED		File requires key to decrypt in fs
      
      Within the kernel, the supported flags are listed by:
      
      	KSTAT_ATTR_FS_IOC_FLAGS
      
      [Are any other IOC flags of sufficient general interest to be exposed
      through this interface?]
      
      New flags include:
      
      	STATX_ATTR_AUTOMOUNT		Object is an automount trigger
      
      These are for the use of GUI tools that might want to mark files specially,
      depending on what they are.
      
      Fields in struct statx come in a number of classes:
      
       (0) stx_dev_*, stx_blksize.
      
           These are local system information and are always available.
      
       (1) stx_mode, stx_nlinks, stx_uid, stx_gid, stx_[amc]time, stx_ino,
           stx_size, stx_blocks.
      
           These will be returned whether the caller asks for them or not.  The
           corresponding bits in stx_mask will be set to indicate whether they
           actually have valid values.
      
           If the caller didn't ask for them, then they may be approximated.  For
           example, NFS won't waste any time updating them from the server,
           unless as a byproduct of updating something requested.
      
           If the values don't actually exist for the underlying object (such as
           UID or GID on a DOS file), then the bit won't be set in the stx_mask,
           even if the caller asked for the value.  In such a case, the returned
           value will be a fabrication.
      
           Note that there are instances where the type might not be valid, for
           instance Windows reparse points.
      
       (2) stx_rdev_*.
      
           This will be set only if stx_mode indicates we're looking at a
           blockdev or a chardev, otherwise will be 0.
      
       (3) stx_btime.
      
           Similar to (1), except this will be set to 0 if it doesn't exist.
      
      =======
      TESTING
      =======
      
      The following test program can be used to test the statx system call:
      
      	samples/statx/test-statx.c
      
      Just compile and run, passing it paths to the files you want to examine.
      The file is built automatically if CONFIG_SAMPLES is enabled.
      
      Here's some example output.  Firstly, an NFS directory that crosses to
      another FSID.  Note that the AUTOMOUNT attribute is set because transiting
      this directory will cause d_automount to be invoked by the VFS.
      
      	[root@andromeda ~]# /tmp/test-statx -A /warthog/data
      	statx(/warthog/data) = 0
      	results=7ff
      	  Size: 4096            Blocks: 8          IO Block: 1048576  directory
      	Device: 00:26           Inode: 1703937     Links: 125
      	Access: (3777/drwxrwxrwx)  Uid:     0   Gid:  4041
      	Access: 2016-11-24 09:02:12.219699527+0000
      	Modify: 2016-11-17 10:44:36.225653653+0000
      	Change: 2016-11-17 10:44:36.225653653+0000
      	Attributes: 0000000000001000 (-------- -------- -------- -------- -------- -------- ---m---- --------)
      
      Secondly, the result of automounting on that directory.
      
      	[root@andromeda ~]# /tmp/test-statx /warthog/data
      	statx(/warthog/data) = 0
      	results=7ff
      	  Size: 4096            Blocks: 8          IO Block: 1048576  directory
      	Device: 00:27           Inode: 2           Links: 125
      	Access: (3777/drwxrwxrwx)  Uid:     0   Gid:  4041
      	Access: 2016-11-24 09:02:12.219699527+0000
      	Modify: 2016-11-17 10:44:36.225653653+0000
      	Change: 2016-11-17 10:44:36.225653653+0000
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a528d35e
  5. 02 3月, 2017 2 次提交
  6. 07 2月, 2017 7 次提交
  7. 18 1月, 2017 1 次提交
    • A
      ovl: fix possible use after free on redirect dir lookup · 4c7d0c9c
      Amir Goldstein 提交于
      ovl_lookup_layer() iterates on path elements of d->name.name
      but also frees and allocates a new pointer for d->name.name.
      
      For the case of lookup in upper layer, the initial d->name.name
      pointer is stable (dentry->d_name), but for lower layers, the
      initial d->name.name can be d->redirect, which can be freed during
      iteration.
      
      [SzM]
      Keep the count of remaining characters in the redirect path and calculate
      the current position from that.  This works becuase only the prefix is
      modified, the ending always stays the same.
      
      Fixes: 02b69b28 ("ovl: lookup redirects")
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      4c7d0c9c
  8. 16 12月, 2016 25 次提交
    • G
      ovl: fix return value of ovl_fill_super · 313684c4
      Geliang Tang 提交于
      If kcalloc() failed, the return value of ovl_fill_super() is -EINVAL,
      not -ENOMEM. So this patch sets this value to -ENOMEM before calling
      kcalloc(), and sets it back to -EINVAL after calling kcalloc().
      Signed-off-by: NGeliang Tang <geliangtang@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      313684c4
    • A
      ovl: clean up kstat usage · 32a3d848
      Al Viro 提交于
      FWIW, there's a bit of abuse of struct kstat in overlayfs object
      creation paths - for one thing, it ends up with a very small subset
      of struct kstat (mode + rdev), for another it also needs link in
      case of symlinks and ends up passing it separately.
      
      IMO it would be better to introduce a separate object for that.
      
      In principle, we might even lift that thing into general API and switch
       ->mkdir()/->mknod()/->symlink() to identical calling conventions.  Hell
      knows, perhaps ->create() as well...
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      32a3d848
    • A
      ovl: fold ovl_copy_up_truncate() into ovl_copy_up() · 9aba6521
      Amir Goldstein 提交于
      This removes code duplication.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      9aba6521
    • A
      ovl: create directories inside merged parent opaque · 97c684cc
      Amir Goldstein 提交于
      The benefit of making directories opaque on creation is that lookups can
      stop short when they reach the original created directory, instead of
      continue lookup the entire depth of parent directory stack.
      
      The best case is overlay with N layers, performing lookup for first level
      directory, which exists only in upper.  In that case, there will be only
      one lookup instead of N.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      97c684cc
    • M
      ovl: opaque cleanup · 5cf5b477
      Miklos Szeredi 提交于
      oe->opaque is set for
      
       a) whiteouts
       b) directories having the "trusted.overlay.opaque" xattr
      
      Case b can be simplified, since setting the xattr always implies setting
      oe->opaque.  Also once set, the opaque flag is never cleared.
      
      Don't need to set opaque flag for non-directories.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      5cf5b477
    • A
      ovl: show redirect_dir mount option · c5bef3a7
      Amir Goldstein 提交于
      Show the value of redirect_dir in /proc/mounts.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      c5bef3a7
    • M
      ovl: allow setting max size of redirect · 3ea22a71
      Miklos Szeredi 提交于
      Add a module option to allow tuning the max size of absolute redirects.
      Default is 256.
      
      Size of relative redirects is naturally limited by the the underlying
      filesystem's max filename length (usually 255).
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      3ea22a71
    • M
      ovl: allow redirect_dir to default to "on" · 688ea0e5
      Miklos Szeredi 提交于
      This patch introduces a kernel config option and a module param.  Both can
      be used independently to turn the default value of redirect_dir on or off.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      688ea0e5
    • A
      ovl: check for emptiness of redirect dir · d1595119
      Amir Goldstein 提交于
      Before introducing redirect_dir feature, the condition
      !ovl_lower_positive(dentry) for a directory, implied that it is a pure
      upper directory, which may be removed if empty.
      
      Now that directory can be redirect, it is possible that upper does not
      cover any lower (i.e. !ovl_lower_positive(dentry)), but the directory is a
      merge (with redirected path) and maybe non empty.
      
      Check for this case in ovl_remove_upper().
      
      This change fixes the following test case from rename-pop-dir.py
      of unionmount-testsuite:
      
          """Remove dir and rename old name"""
          d = ctx.non_empty_dir()
          d2 = ctx.no_dir()
      
          ctx.rmdir(d, err=ENOTEMPTY)
          ctx.rename(d, d2)
          ctx.rmdir(d, err=ENOENT)
          ctx.rmdir(d2, err=ENOTEMPTY)
      
      ./run --ov rename-pop-dir
      /mnt/a/no_dir103: Expected error (Directory not empty) was not produced
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      d1595119
    • M
      ovl: redirect on rename-dir · a6c60655
      Miklos Szeredi 提交于
      Current code returns EXDEV when a directory would need to be copied up to
      move.  We could copy up the directory tree in this case, but there's
      another, simpler solution: point to old lower directory from moved upper
      directory.
      
      This is achieved with a "trusted.overlay.redirect" xattr storing the path
      relative to the root of the overlay.  After such attribute has been set,
      the directory can be moved without further actions required.
      
      This is a backward incompatible feature, old kernels won't be able to
      correctly mount an overlay containing redirected directories.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      a6c60655
    • M
      ovl: lookup redirects · 02b69b28
      Miklos Szeredi 提交于
      If a directory has the "trusted.overlay.redirect" xattr, it means that the
      value of the xattr should be used to find the underlying directory on the
      next lower layer.
      
      The redirect may be relative or absolute.  Absolute redirects begin with a
      slash.
      
      A relative redirect means: instead of the current dentry's name use the
      value of the redirect to find the directory in the next lower
      layer. Relative redirects must not contain a slash.
      
      An absolute redirect means: look up the directory relative to the root of
      the overlay using the value of the redirect in the next lower layer.
      
      Redirects work on lower layers as well.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      02b69b28
    • M
      ovl: consolidate lookup for underlying layers · e28edc46
      Miklos Szeredi 提交于
      Use a common helper for lookup of upper and lower layers.  This paves the
      way for looking up directory redirects.
      
      No functional change.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      e28edc46
    • A
      ovl: fix nested overlayfs mount · 48fab5d7
      Amir Goldstein 提交于
      When the upper overlayfs checks "trusted.overlay.*" xattr on the underlying
      overlayfs mount, it gets -EPERM, which confuses the upper overlayfs.
      
      Fix this by returning -EOPNOTSUPP instead of -EPERM from
      ovl_own_xattr_get() and ovl_own_xattr_set().  This behavior is consistent
      with the behavior of ovl_listxattr(), which filters out the private
      overlayfs xattrs.
      
      Note: nested overlays are deprecated.  But this change makes sense
      regardless: these xattrs are private to the overlay and should always be
      hidden.  Hence getting and setting them should indicate this.
      
      [SzMi: Use EOPNOTSUPP instead of ENODATA and use it for both getting and
      setting "trusted.overlay." xattrs.  This is a perfectly valid error code
      for "we don't support this prefix", which is the case here.]
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      48fab5d7
    • M
      ovl: check namelen · 6b2d5fe4
      Miklos Szeredi 提交于
      We already calculate f_namelen in statfs as the maximum of the name lengths
      provided by the filesystems taking part in the overlay.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      6b2d5fe4
    • M
      ovl: split super.c · bbb1e54d
      Miklos Szeredi 提交于
      fs/overlayfs/super.c is the biggest of the overlayfs source files and it
      contains various utility functions as well as the rather complicated lookup
      code.  Split these parts out to separate files.
      
      Before:
      
       1446 fs/overlayfs/super.c
      
      After:
      
        919 fs/overlayfs/super.c
        267 fs/overlayfs/namei.c
        235 fs/overlayfs/util.c
         51 fs/overlayfs/ovl_entry.h
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      bbb1e54d
    • M
      ovl: use d_is_dir() · 2b8c30e9
      Miklos Szeredi 提交于
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      2b8c30e9
    • M
      ovl: simplify lookup · 8ee6059c
      Miklos Szeredi 提交于
      If encountering a non-directory, then stop looking at lower layers.
      
      In this case the oe->opaque flag is not set anymore, which doesn't matter
      since existence of lower file is now checked at remove/rename time.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      8ee6059c
    • M
      ovl: check lower existence of rename target · 3ee23ff1
      Miklos Szeredi 提交于
      Check if something exists on the lower layer(s) under the target or rename
      to decide if directory needs to be marked "opaque".
      
      Marking opaque is done before the rename, and on failure the marking was
      undone.  Also the opaque xattr was removed if the target didn't cover
      anything.
      
      This patch changes behavior so that removal of "opaque" is not done in
      either of the above cases.  This means that directory may have the opaque
      flag even if it doesn't cover anything.  However this shouldn't affect the
      performance or semantics of the overalay, while simplifying the code.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      3ee23ff1
    • M
      ovl: rename: simplify handling of lower/merged directory · 370e55ac
      Miklos Szeredi 提交于
      d_is_dir() is safe to call on a negative dentry.  Use this fact to simplify
      handling of the lower or merged directories.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      370e55ac
    • M
      ovl: get rid of PURE type · 38e813db
      Miklos Szeredi 提交于
      The remainging uses of __OVL_PATH_PURE can be replaced by
      ovl_dentry_is_opaque().
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      38e813db
    • M
      ovl: check lower existence when removing · 2aff4534
      Miklos Szeredi 提交于
      Currently ovl_lookup() checks existence of lower file even if there's a
      non-directory on upper (which is always opaque).  This is done so that
      remove can decide whether a whiteout is needed or not.
      
      It would be better to defer this check to unlink, since most of the time
      the gathered information about opaqueness will be unused.
      
      This adds a helper ovl_lower_positive() that checks if there's anything on
      the lower layer(s).
      
      The following patches also introduce changes to how the "opaque" attribute
      is updated on directories: this attribute is added when the directory is
      creted or moved over a whiteout or object covering something on the lower
      layer.  However following changes will allow the attribute to remain on the
      directory after being moved, even if the new location doesn't cover
      anything.  Because of this, we need to check lower layers even for opaque
      directories, so that whiteout is only created when necessary.
      
      This function will later be also used to decide about marking a directory
      opaque, so deal with negative dentries as well.  When dealing with
      negative, it's enough to check for being a whiteout
      
      If the dentry is positive but not upper then it also obviously needs
      whiteout/opaque.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      2aff4534
    • M
      ovl: add ovl_dentry_is_whiteout() · c412ce49
      Miklos Szeredi 提交于
      And use it instead of ovl_dentry_is_opaque() where appropriate.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      c412ce49
    • M
      ovl: don't check sticky · 99f5d08e
      Miklos Szeredi 提交于
      Since commit 07a2daab ("ovl: Copy up underlying inode's ->i_mode to
      overlay inode") sticky checking on overlay inode is performed by the vfs,
      so checking against sticky on underlying inode is not needed.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      99f5d08e
    • M
      ovl: don't check rename to self · 804032fa
      Miklos Szeredi 提交于
      This is redundant, the vfs already performed this check (and was broken,
      see commit 9409e22a ("vfs: rename: check backing inode being equal")).
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      804032fa
    • M
      ovl: treat special files like a regular fs · ca4c8a3a
      Miklos Szeredi 提交于
      No sense in opening special files on the underlying layers, they work just
      as well if opened on the overlay.
      
      Side effect is that it's no longer possible to connect one side of a pipe
      opened on overlayfs with the other side opened on the underlying layer.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      ca4c8a3a