1. 16 12月, 2016 11 次提交
    • M
      ovl: redirect on rename-dir · a6c60655
      Miklos Szeredi 提交于
      Current code returns EXDEV when a directory would need to be copied up to
      move.  We could copy up the directory tree in this case, but there's
      another, simpler solution: point to old lower directory from moved upper
      directory.
      
      This is achieved with a "trusted.overlay.redirect" xattr storing the path
      relative to the root of the overlay.  After such attribute has been set,
      the directory can be moved without further actions required.
      
      This is a backward incompatible feature, old kernels won't be able to
      correctly mount an overlay containing redirected directories.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      a6c60655
    • M
      ovl: lookup redirects · 02b69b28
      Miklos Szeredi 提交于
      If a directory has the "trusted.overlay.redirect" xattr, it means that the
      value of the xattr should be used to find the underlying directory on the
      next lower layer.
      
      The redirect may be relative or absolute.  Absolute redirects begin with a
      slash.
      
      A relative redirect means: instead of the current dentry's name use the
      value of the redirect to find the directory in the next lower
      layer. Relative redirects must not contain a slash.
      
      An absolute redirect means: look up the directory relative to the root of
      the overlay using the value of the redirect in the next lower layer.
      
      Redirects work on lower layers as well.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      02b69b28
    • A
      ovl: fix nested overlayfs mount · 48fab5d7
      Amir Goldstein 提交于
      When the upper overlayfs checks "trusted.overlay.*" xattr on the underlying
      overlayfs mount, it gets -EPERM, which confuses the upper overlayfs.
      
      Fix this by returning -EOPNOTSUPP instead of -EPERM from
      ovl_own_xattr_get() and ovl_own_xattr_set().  This behavior is consistent
      with the behavior of ovl_listxattr(), which filters out the private
      overlayfs xattrs.
      
      Note: nested overlays are deprecated.  But this change makes sense
      regardless: these xattrs are private to the overlay and should always be
      hidden.  Hence getting and setting them should indicate this.
      
      [SzMi: Use EOPNOTSUPP instead of ENODATA and use it for both getting and
      setting "trusted.overlay." xattrs.  This is a perfectly valid error code
      for "we don't support this prefix", which is the case here.]
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      48fab5d7
    • M
      ovl: check namelen · 6b2d5fe4
      Miklos Szeredi 提交于
      We already calculate f_namelen in statfs as the maximum of the name lengths
      provided by the filesystems taking part in the overlay.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      6b2d5fe4
    • M
      ovl: split super.c · bbb1e54d
      Miklos Szeredi 提交于
      fs/overlayfs/super.c is the biggest of the overlayfs source files and it
      contains various utility functions as well as the rather complicated lookup
      code.  Split these parts out to separate files.
      
      Before:
      
       1446 fs/overlayfs/super.c
      
      After:
      
        919 fs/overlayfs/super.c
        267 fs/overlayfs/namei.c
        235 fs/overlayfs/util.c
         51 fs/overlayfs/ovl_entry.h
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      bbb1e54d
    • M
      ovl: use d_is_dir() · 2b8c30e9
      Miklos Szeredi 提交于
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      2b8c30e9
    • M
      ovl: simplify lookup · 8ee6059c
      Miklos Szeredi 提交于
      If encountering a non-directory, then stop looking at lower layers.
      
      In this case the oe->opaque flag is not set anymore, which doesn't matter
      since existence of lower file is now checked at remove/rename time.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      8ee6059c
    • M
      ovl: get rid of PURE type · 38e813db
      Miklos Szeredi 提交于
      The remainging uses of __OVL_PATH_PURE can be replaced by
      ovl_dentry_is_opaque().
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      38e813db
    • M
      ovl: check lower existence when removing · 2aff4534
      Miklos Szeredi 提交于
      Currently ovl_lookup() checks existence of lower file even if there's a
      non-directory on upper (which is always opaque).  This is done so that
      remove can decide whether a whiteout is needed or not.
      
      It would be better to defer this check to unlink, since most of the time
      the gathered information about opaqueness will be unused.
      
      This adds a helper ovl_lower_positive() that checks if there's anything on
      the lower layer(s).
      
      The following patches also introduce changes to how the "opaque" attribute
      is updated on directories: this attribute is added when the directory is
      creted or moved over a whiteout or object covering something on the lower
      layer.  However following changes will allow the attribute to remain on the
      directory after being moved, even if the new location doesn't cover
      anything.  Because of this, we need to check lower layers even for opaque
      directories, so that whiteout is only created when necessary.
      
      This function will later be also used to decide about marking a directory
      opaque, so deal with negative dentries as well.  When dealing with
      negative, it's enough to check for being a whiteout
      
      If the dentry is positive but not upper then it also obviously needs
      whiteout/opaque.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      2aff4534
    • M
      ovl: add ovl_dentry_is_whiteout() · c412ce49
      Miklos Szeredi 提交于
      And use it instead of ovl_dentry_is_opaque() where appropriate.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      c412ce49
    • M
      ovl: treat special files like a regular fs · ca4c8a3a
      Miklos Szeredi 提交于
      No sense in opening special files on the underlying layers, they work just
      as well if opened on the overlay.
      
      Side effect is that it's no longer possible to connect one side of a pipe
      opened on overlayfs with the other side opened on the underlying layer.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      ca4c8a3a
  2. 29 11月, 2016 1 次提交
    • M
      ovl: fix d_real() for stacked fs · c4fcfc16
      Miklos Szeredi 提交于
      Handling of recursion in d_real() is completely broken.  Recursion is only
      done in the 'inode != NULL' case.  But when opening the file we have
      'inode == NULL' hence d_real() will return an overlay dentry.  This won't
      work since overlayfs doesn't define its own file operations, so all file
      ops will fail.
      
      Fix by doing the recursion first and the check against the inode second.
      
      Bash script to reproduce the issue written by Quentin:
      
       - 8< - - - - - 8< - - - - - 8< - - - - - 8< - - - -
      tmpdir=$(mktemp -d)
      pushd ${tmpdir}
      
      mkdir -p {upper,lower,work}
      echo -n 'rocks' > lower/ksplice
      mount -t overlay level_zero upper -o lowerdir=lower,upperdir=upper,workdir=work
      cat upper/ksplice
      
      tmpdir2=$(mktemp -d)
      pushd ${tmpdir2}
      
      mkdir -p {upper,work}
      mount -t overlay level_one upper -o lowerdir=${tmpdir}/upper,upperdir=upper,workdir=work
      ls -l upper/ksplice
      cat upper/ksplice
       - 8< - - - - - 8< - - - - - 8< - - - - - 8< - - - - 
      Reported-by: NQuentin Casasnovas <quentin.casasnovas@oracle.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      Fixes: 2d902671 ("vfs: merge .d_select_inode() into .d_real()")
      Cc: <stable@vger.kernel.org> # v4.8+
      c4fcfc16
  3. 31 10月, 2016 1 次提交
  4. 15 10月, 2016 1 次提交
  5. 14 10月, 2016 1 次提交
  6. 08 10月, 2016 1 次提交
  7. 16 9月, 2016 2 次提交
    • M
      ovl: lookup: do getxattr with mounter's permission · 2b6bc7f4
      Miklos Szeredi 提交于
      The getxattr() in ovl_is_opaquedir() was missed when converting all
      operations on underlying fs to be done under mounter's permission.
      
      This patch fixes this by moving the ovl_override_creds()/revert_creds() out
      from ovl_lookup_real() to ovl_lookup().
      
      Also convert to using vfs_getxattr() instead of directly calling
      i_op->getxattr().
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      2b6bc7f4
    • M
      locks: fix file locking on overlayfs · c568d683
      Miklos Szeredi 提交于
      This patch allows flock, posix locks, ofd locks and leases to work
      correctly on overlayfs.
      
      Instead of using the underlying inode for storing lock context use the
      overlay inode.  This allows locks to be persistent across copy-up.
      
      This is done by introducing locks_inode() helper and using it instead of
      file_inode() to get the inode in locking code.  For non-overlayfs the two
      are equivalent, except for an extra pointer dereference in locks_inode().
      
      Since lock operations are in "struct file_operations" we must also make
      sure not to call underlying filesystem's lock operations.  Introcude a
      super block flag MS_NOREMOTELOCK to this effect.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      Acked-by: NJeff Layton <jlayton@poochiereds.net>
      Cc: "J. Bruce Fields" <bfields@fieldses.org>
      c568d683
  8. 05 9月, 2016 1 次提交
  9. 01 9月, 2016 7 次提交
  10. 29 7月, 2016 12 次提交
    • A
      qstr: constify instances in overlayfs · 29c42e80
      Al Viro 提交于
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      29c42e80
    • M
      ovl: disallow overlayfs as upperdir · 76bc8e28
      Miklos Szeredi 提交于
      This does not work and does not make sense.  So instead of fixing it
      (probably not hard) just disallow.
      Reported-by: NAndrei Vagin <avagin@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      Cc: <stable@vger.kernel.org>
      76bc8e28
    • M
      ovl: fix warning · 656189d2
      Miklos Szeredi 提交于
      There's a superfluous newline in the warning message in ovl_d_real().
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      656189d2
    • W
      ovl: remove duplicated include from super.c · 5f215013
      Wei Yongjun 提交于
      Remove duplicated include.
      Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      5f215013
    • M
      ovl: fix POSIX ACL setting · d837a49b
      Miklos Szeredi 提交于
      Setting POSIX ACL needs special handling:
      
      1) Some permission checks are done by ->setxattr() which now uses mounter's
      creds ("ovl: do operations on underlying file system in mounter's
      context").  These permission checks need to be done with current cred as
      well.
      
      2) Setting ACL can fail for various reasons.  We do not need to copy up in
      these cases.
      
      In the mean time switch to using generic_setxattr.
      
      [Arnd Bergmann] Fix link error without POSIX ACL. posix_acl_from_xattr()
      doesn't have a 'static inline' implementation when CONFIG_FS_POSIX_ACL is
      disabled, and I could not come up with an obvious way to do it.
      
      This instead avoids the link error by defining two sets of ACL operations
      and letting the compiler drop one of the two at compile time depending
      on CONFIG_FS_POSIX_ACL. This avoids all references to the ACL code,
      also leading to smaller code.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      d837a49b
    • M
      ovl: share inode for hard link · 51f7e52d
      Miklos Szeredi 提交于
      Inode attributes are copied up to overlay inode (uid, gid, mode, atime,
      mtime, ctime) so generic code using these fields works correcty.  If a hard
      link is created in overlayfs separate inodes are allocated for each link.
      If chmod/chown/etc. is performed on one of the links then the inode
      belonging to the other ones won't be updated.
      
      This patch attempts to fix this by sharing inodes for hard links.
      
      Use inode hash (with real inode pointer as a key) to make sure overlay
      inodes are shared for hard links on upper.  Hard links on lower are still
      split (which is not user observable until the copy-up happens, see
      Documentation/filesystems/overlayfs.txt under "Non-standard behavior").
      
      The inode is only inserted in the hash if it is non-directoy and upper.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      51f7e52d
    • M
      ovl: store real inode pointer in ->i_private · 39b681f8
      Miklos Szeredi 提交于
      To get from overlay inode to real inode we currently use 'struct
      ovl_entry', which has lifetime connected to overlay dentry.  This is okay,
      since each overlay dentry had a new overlay inode allocated.
      
      Following patch will break that assumption, so need to leave out ovl_entry.
      This patch stores the real inode directly in i_private, with the lowest bit
      used to indicate whether the inode is upper or lower.
      
      Lifetime rules remain, using ovl_inode_real() must only be done while
      caller holds ref on overlay dentry (and hence on real dentry), or within
      RCU protected regions.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      39b681f8
    • M
      ovl: update atime on upper · d719e8f2
      Miklos Szeredi 提交于
      Fix atime update logic in overlayfs.
      
      This patch adds an i_op->update_time() handler to overlayfs inodes.  This
      forwards atime updates to the upper layer only.  No atime updates are done
      on lower layers.
      
      Remove implicit atime updates to underlying files and directories with
      O_NOATIME.  Remove explicit atime update in ovl_readlink().
      
      Clear atime related mnt flags from cloned upper mount.  This means atime
      updates are controlled purely by overlayfs mount options.
      
      Reported-by: Konstantin Khlebnikov <koct9i@gmail.com> 
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      d719e8f2
    • M
      ovl: simplify permission checking · 9c630ebe
      Miklos Szeredi 提交于
      The fact that we always do permission checking on the overlay inode and
      clear MAY_WRITE for checking access to the lower inode allows cruft to be
      removed from ovl_permission().
      
      1) "default_permissions" option effectively did generic_permission() on the
      overlay inode with i_mode, i_uid and i_gid updated from underlying
      filesystem.  This is what we do by default now.  It did the update using
      vfs_getattr() but that's only needed if the underlying filesystem can
      change (which is not allowed).  We may later introduce a "paranoia_mode"
      that verifies that mode/uid/gid are not changed.
      
      2) splitting out the IS_RDONLY() check from inode_permission() also becomes
      unnecessary once we remove the MAY_WRITE from the lower inode check.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      9c630ebe
    • V
      ovl: define ->get_acl() for overlay inodes · 39a25b2b
      Vivek Goyal 提交于
      Now we are planning to do DAC permission checks on overlay inode
      itself. And to make it work, we will need to make sure we can get acls from
      underlying inode. So define ->get_acl() for overlay inodes and this in turn
      calls into underlying filesystem to get acls, if any.
      Signed-off-by: NVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      39a25b2b
    • M
      ovl: use generic_delete_inode · eead4f2d
      Miklos Szeredi 提交于
      No point in keeping overlay inodes around since they will never be reused.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      eead4f2d
    • M
      ovl: check mounter creds on underlying lookup · c1b2cc1a
      Miklos Szeredi 提交于
      The hash salting changes meant that we can no longer reuse the hash in the
      overlay dentry to look up the underlying dentry.
      
      Instead of lookup_hash(), use lookup_one_len_unlocked() and swith to
      mounter's creds (like we do for all other operations later in the series).
      
      Now the lookup_hash() export introduced in 4.6 by 3c9fe8cd ("vfs: add
      lookup_hash() helper") is unused and can possibly be removed; its
      usefulness negated by the hash salting and the idea that mounter's creds
      should be used on operations on underlying filesystems.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      Fixes: 8387ff25 ("vfs: make the string hashes salt the hash")
      c1b2cc1a
  11. 03 7月, 2016 1 次提交
  12. 30 6月, 2016 1 次提交
    • M
      vfs: merge .d_select_inode() into .d_real() · 2d902671
      Miklos Szeredi 提交于
      The two methods essentially do the same: find the real dentry/inode
      belonging to an overlay dentry.  The difference is in the usage:
      
      vfs_open() uses ->d_select_inode() and expects the function to perform
      copy-up if necessary based on the open flags argument.
      
      file_dentry() uses ->d_real() passing in the overlay dentry as well as the
      underlying inode.
      
      vfs_rename() uses ->d_select_inode() but passes zero flags.  ->d_real()
      with a zero inode would have worked just as well here.
      
      This patch merges the functionality of ->d_select_inode() into ->d_real()
      by adding an 'open_flags' argument to the latter.
      
      [Al Viro] Make the signature of d_real() match that of ->d_real() again.
      And constify the inode argument, while we are at it.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      2d902671