Received: by 10.192.165.156 with SMTP id m28csp980786imm; Wed, 18 Apr 2018 01:42:41 -0700 (PDT) X-Google-Smtp-Source: AIpwx48L+RD6/dnOA7d/saYRXeVYISfgsynsqWGDPwDh73GkF9ClU94cqGFhxQQcKc2MHX8eOM68 X-Received: by 2002:a17:902:6b87:: with SMTP id p7-v6mr1235432plk.101.1524040961015; Wed, 18 Apr 2018 01:42:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524040960; cv=none; d=google.com; s=arc-20160816; b=KD5MeU2MY/ltsKdhTeE78YlrckJpBqqhkprAGor7oZz1nsPygSH8jROzRJcGoIM7Ub zUMqkMV99qKb/2R7Vhh2YEqiaHMtHoKdOVUjoBUWvhqh8cWW7I/4J2a/bpCnK6KrkK5l Mnw2PjgStqTci1D88nsVxz5HkH2qCAwA2Bbpqd27In58pp4OAOk8QZHKuxpOmDU9Snb7 DxCBqe2QLPCY82fgFfrwz1E3YybD39Uu5/JWyYb858xKGcFul6nqrzFLyIH7u0fN4OVD +k9/eKgiWSIbmLMlHIRypJo8J46pJTICC/XXKb0uWhOwK5cOat5ubAhHL2YLbXJPTO0l hpvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=ksbmhUByrttHaPapo6LctzrzIw+BenaLCpNT6cMoIss=; b=N8KcmPf+PgdrM8kyGeQG66U3plpeltvOPTlcUxkO0Fa+Y7/QLKYFxdl1vhqi5+BhZU ovWAL0MKeL4nN4j6TDkrNIEx2F1+ifuQAg1CMPZ3wiaG9+JkUOqlDvsfNw5Db7Gwufr7 h/qKxrGVug/+CXn9dUKnXT63xnlsMHSFnk3xVGcFMvBdeGQbCOfB6czSpqEDWFUuNqTx GOgQzbBmaRUQIGB+IxLIjWxy72rsCNSaJxNN2+4kVhi85t0R3WJf9O9T8W64SgIE79yM cWDHjbAJwTUTkZtEsf6Pb2RhkDNU3d1+1rPQQKnKzNJlP5zOkt2OoYr+kUSbF6xI3kGj Kp7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eGxuQWYG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a15-v6si760327pll.21.2018.04.18.01.42.27; Wed, 18 Apr 2018 01:42:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eGxuQWYG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753526AbeDRIku (ORCPT + 99 others); Wed, 18 Apr 2018 04:40:50 -0400 Received: from mail-yb0-f194.google.com ([209.85.213.194]:39685 "EHLO mail-yb0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752699AbeDRIj7 (ORCPT ); Wed, 18 Apr 2018 04:39:59 -0400 Received: by mail-yb0-f194.google.com with SMTP id q74-v6so312507ybg.6; Wed, 18 Apr 2018 01:39:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ksbmhUByrttHaPapo6LctzrzIw+BenaLCpNT6cMoIss=; b=eGxuQWYGipJnE3zVYSKPEla+alWVbkQ7eAPAF04Mw6orS79J5vOShQ24R/KCTvs9Js oTB39Y9tOZ7XdnYGpQnawacG6iEKkPBYEgEFoFUGsNuN4oq6+kT8z6OqX7Qtu2Ewd3rw QdvWSOpGoKDaAWomh+sNWlBvvU/UkvogC/driMneTz8sNoh5dFKhADSQpyfAntmIePhT t4jF4Lmuz3UYjblWAVQGdOYmIwDajqx4h775SrlzhR7Po5edngtNdjHW7wnkSoOx29m8 RGmp5rjDM8t0hVkxEIfJHRQgl5lV/Bih0V1AJy28WxEA20zCmOnhKIpNMhEuhq/Y8JMl yz2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ksbmhUByrttHaPapo6LctzrzIw+BenaLCpNT6cMoIss=; b=OxNIyR3ZmeenP5AbG+JvwDJBuAdiqFUgZRGPgEr9iKbrrnT67hbVGiBoOco1Sts0Mg 2AAepmQXHXPrOTXIM45ad09ohNBIvN+50s7WX6WkJcpRdNzYzKuS38gFT1J0zRWGRDA5 VXYwkw57aW4BTHBuHbnbkkMYLLTrXjSmuoPuROagxBzuNHgI8+fbyAT/nc3KZDj5bpLF 1SEqEIv2r3oVtHuwRalop2NBvxyzB5EpcoiZLiWADN7lgg/1BPpdPkbYTUjYYii6OqZB U9k8z0yVaen6mJnXJKB/w5mP6C5u9XzSBuWvRuRwxA4WzK9KLThFOmlNUZhEyJVbABIF t8ew== X-Gm-Message-State: ALQs6tAZuONqrJMsBj1vnvnVMlm6OUrktja/CdMXD2SinyBrC6Gqr/aZ KMgzBxntO+slnm9q37L71klN9wJm/k9lTmZYaMGq+w== X-Received: by 2002:a25:8312:: with SMTP id s18-v6mr533885ybk.444.1524040798555; Wed, 18 Apr 2018 01:39:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.129.183.12 with HTTP; Wed, 18 Apr 2018 01:39:57 -0700 (PDT) In-Reply-To: References: <20180412150826.20988-1-mszeredi@redhat.com> <20180412150826.20988-20-mszeredi@redhat.com> From: Amir Goldstein Date: Wed, 18 Apr 2018 11:39:57 +0300 Message-ID: Subject: Re: [RFC PATCH 19/35] ovl: readd reflink/copyfile/dedup support To: Miklos Szeredi Cc: overlayfs , linux-fsdevel , linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 17, 2018 at 11:31 PM, Amir Goldstein wrote: > On Thu, Apr 12, 2018 at 6:08 PM, Miklos Szeredi wrote: >> Since set of arguments are so similar, handle in a common helper. >> >> Signed-off-by: Miklos Szeredi >> --- >> fs/overlayfs/file.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 79 insertions(+) >> >> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c >> index 9670e160967e..39b1b73334ad 100644 >> --- a/fs/overlayfs/file.c >> +++ b/fs/overlayfs/file.c >> @@ -352,6 +352,81 @@ long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) >> return ret; >> } >> >> +enum ovl_copyop { >> + OVL_COPY, >> + OVL_CLONE, >> + OVL_DEDUPE, >> +}; >> + >> +static ssize_t ovl_copyfile(struct file *file_in, loff_t pos_in, >> + struct file *file_out, loff_t pos_out, >> + u64 len, unsigned int flags, enum ovl_copyop op) >> +{ >> + struct inode *inode_out = file_inode(file_out); >> + struct fd real_in, real_out; >> + const struct cred *old_cred; >> + int ret; >> + >> + ret = ovl_real_file(file_out, &real_out); >> + if (ret) >> + return ret; >> + >> + ret = ovl_real_file(file_in, &real_in); >> + if (ret) { >> + fdput(real_out); >> + return ret; >> + } >> + >> + old_cred = ovl_override_creds(file_inode(file_out)->i_sb); >> + switch (op) { >> + case OVL_COPY: >> + ret = vfs_copy_file_range(real_in.file, pos_in, >> + real_out.file, pos_out, len, flags); > > Problem: > vfs_copy_file_range(ovl_lower_file, ovl_upper_file) on non samefs > will get -EXDEV from ovl_copy_file_range(), so will not fall back > to do_splice_direct(). > We may be better off checking in_sb != out_sb and returning > -EOPNOTSUPP? not sure. > > >> + break; >> + >> + case OVL_CLONE: >> + ret = vfs_clone_file_range(real_in.file, pos_in, >> + real_out.file, pos_out, len); >> + break; >> + >> + case OVL_DEDUPE: >> + ret = vfs_dedupe_file_range_one(real_in.file, pos_in, len, >> + real_out.file, pos_out); > > Problem: > real_out can be a readonly fd (for is_admin), so we will be deduping > the lower file. > I guess this problem is mitigated in current code by may_write_real(). > > How can we deal with that sort of "write leak" without patching > mnt_want_write_file()? > Possible solution: Add interface file_oprations->permission(). At least in rw_verify_area() and clone_verify_area() it is clear how this would be used. Instead if calling security_file_permission() call it via a helper file_permission() like with inode_permission. My understanding in the VFS permission checks model is too limited to say if this makes sense. Thanks, Amir.