Received: by 10.192.165.148 with SMTP id m20csp2225893imm; Thu, 26 Apr 2018 07:45:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr7d7QzTvvP46pa0h4A+/j33UJsnlVHU55ndWVs4URZTkPWPwWIuKGLti3wgAQcivyAGZ+F X-Received: by 2002:a17:902:b60a:: with SMTP id b10-v6mr6557873pls.221.1524753926159; Thu, 26 Apr 2018 07:45:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524753926; cv=none; d=google.com; s=arc-20160816; b=Xtq95XdZyq57aJjiH1ZHhukV4GljcLl/c0tG6A3V5V9DYbt/KTY7Ci8k6M1H08Oz9C KwRtGRSEzuiDWoUaH+uKe4SZh4itWgINc9GCM+E91v4sTNbn6TvQ5KhSedbjMxUnV5Qb NNC+TSrDTcug61sTzlkIsgsAV08i72Ef8tuv2hiyyXysRuf8/n2zZ2XKMKgdMtfOR06x PXaClUnsfnPysgcHXrIKm7GIp1RjHe2ajEGIq19WgBP5Ixw9dJq3cjRrAcivyVE32DZc uys5GKr4RNWsPo/iMBcaKVipFkq1YFY1T+c2E/G/8Bbe8ScESEIfiql8ToWus5CotEKZ XQLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=SDf9M3nSAAUjmpzYoIWNp9l0zY3tXadDyPWBDEnMhwI=; b=oC4Bgd16H76r5P9VINvtw7ql8LzcmDYG7F55n1rE2XSERhM2vIBrszWSv+RbG4F4gU 1GODy9pS685kZNtWGTVH7QqnC9RsPWEc9/cK9zvTgkGgoTJO29czfKohqeXE2JlDDhzj NcHzoL7JsyF9f/z9/Us2dROFswOmuB7RUmupuPEePe8GllWRVlKjc2Y1zUi8nW8f3uAd hAogO56hLCMqDZNSl7jxWKPf/gAX1DzBd6crQfEdqg3yuDK4ghtRZ/ZP40GteSCXALg1 E/iysaDbjutNRp2Z5LAYeJ/U0WpGKPwH3uaeUupwUF9AVlXev5GKbZaoiyv6nh5dhSLd t7uA== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=AXqlLmH8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x7si16081819pge.559.2018.04.26.07.45.11; Thu, 26 Apr 2018 07:45:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=AXqlLmH8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756573AbeDZOn4 (ORCPT + 99 others); Thu, 26 Apr 2018 10:43:56 -0400 Received: from mail-ot0-f196.google.com ([74.125.82.196]:41227 "EHLO mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754528AbeDZOny (ORCPT ); Thu, 26 Apr 2018 10:43:54 -0400 Received: by mail-ot0-f196.google.com with SMTP id t1-v6so9775233oth.8 for ; Thu, 26 Apr 2018 07:43:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SDf9M3nSAAUjmpzYoIWNp9l0zY3tXadDyPWBDEnMhwI=; b=AXqlLmH8FQTnpcOkd3YDte1CPqzA1iFOsrsV9JCPZ+5FudilQDXj8Ex8YOMasZ7tnp /C/63qMjYBligGPySsymdRUuRXXem9wUgA+rC5GBWQhA+oQ/aiVWbY/wKHJw6l0pqFSR id2TnzaUrI/8Gb/WCyHMfqZZhZnFTIEIe44oU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SDf9M3nSAAUjmpzYoIWNp9l0zY3tXadDyPWBDEnMhwI=; b=piHIq102NLHmQMCPAJ0UElUghjwtjOKG1QCq3XBh6KVNMPmyx72BxFplOn8NMdl3uA 2mHoqJfbKJY+2RlcDUuYTVlKOYWQZ0XeWLbHJznq8y43RYTkVSNiX437nAGyUqQ/dGKa 3FevozLWeWopjYBYE57c2Yl7SexYDOSV8Ze73CoM017+BH/aJVhwU7LtGA1S77x41YiA YjRsoWTB4N0ACALfW/1CDpNSdB8YUZztGfpdEcgrnu4NytDXggvj4MnQxcHB+uSPzf2R LKXzoM5zteXZQLG+98mQdbG5/V+n9KddV7OHFR07lFraDjLL2xT271tp8kWWCxplaT7d 30uQ== X-Gm-Message-State: ALQs6tCdCCHbsRr1uLSwdgr9tyUpIrdhtJS1mKHKLwW1MVXEqxQ2/0n6 s4f43Hatadb/Iajvb4bte/m+0I2ufzffNtrf4oPupQ== X-Received: by 2002:a9d:4c04:: with SMTP id l4-v6mr21526939otf.242.1524753834345; Thu, 26 Apr 2018 07:43:54 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:5303:0:0:0:0:0 with HTTP; Thu, 26 Apr 2018 07:43:53 -0700 (PDT) X-Originating-IP: [176.63.54.97] In-Reply-To: <20180426141337.GA4308@redhat.com> References: <20180412150826.20988-1-mszeredi@redhat.com> <20180412150826.20988-10-mszeredi@redhat.com> <20180426141337.GA4308@redhat.com> From: Miklos Szeredi Date: Thu, 26 Apr 2018 16:43:53 +0200 Message-ID: Subject: Re: [RFC PATCH 09/35] ovl: stack file ops To: Vivek Goyal Cc: Miklos Szeredi , overlayfs , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 26, 2018 at 4:13 PM, Vivek Goyal wrote: > On Thu, Apr 12, 2018 at 05:08:00PM +0200, Miklos Szeredi wrote: > > [..] >> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c >> new file mode 100644 >> index 000000000000..a0b606885c41 >> --- /dev/null >> +++ b/fs/overlayfs/file.c >> @@ -0,0 +1,76 @@ >> +/* >> + * Copyright (C) 2017 Red Hat, Inc. >> + * >> + * This program is free software; you can redistribute it and/or modify it >> + * under the terms of the GNU General Public License version 2 as published by >> + * the Free Software Foundation. >> + */ >> + >> +#include >> +#include >> +#include >> +#include "overlayfs.h" >> + >> +static struct file *ovl_open_realfile(const struct file *file) >> +{ >> + struct inode *inode = file_inode(file); >> + struct inode *upperinode = ovl_inode_upper(inode); >> + struct inode *realinode = upperinode ?: ovl_inode_lower(inode); >> + struct file *realfile; >> + const struct cred *old_cred; >> + >> + old_cred = ovl_override_creds(inode->i_sb); >> + realfile = path_open(&file->f_path, file->f_flags | O_NOATIME, >> + realinode, current_cred(), false); >> + revert_creds(old_cred); >> + >> + pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", >> + file, file, upperinode ? 'u' : 'l', file->f_flags, >> + realfile, IS_ERR(realfile) ? 0 : realfile->f_flags); >> + >> + return realfile; >> +} >> + >> +static int ovl_open(struct inode *inode, struct file *file) >> +{ >> + struct dentry *dentry = file_dentry(file); > > Hi Miklos, > > There is one thing I can't wrap my head around, so I better ask. > > file_dentry() will call ovl_d_real() and try to find dentry based on > inode installed in f->f_inode. If ovl_d_real() can't find inode dentry > matching the passed in inode, it warns. > > Assume, I have a stacked overlay configuration. Let me call top level > overlay layer ovl1 and lower level overlay layer ovl2. Say I open a > file foo.txt. Now ovl_open() in ovl1 decides that realinode is a lower > inode and installs that inode f->f_inode of realfile. (This should be > ovl2 layer inode, let me call it ovl2_inode). Now ovl_open() of ovl2 layer > will be called and it will call file_dentry() and will look for dentry > corresponding to ovl2_inode. I am wondering what if a copy up of foo.txt > was triggered in ovl1 and by the time we called ovl_d_real(dentry, > ovl2_inode), it will start comparing with inode of ovl1_upper and never > find ovl2_inode. Okay, so we've modified ovl_d_real() to allow returning the overlay dentry itself. This is important: when we fail to match ovl1_upper with ovl2_inode, well go on to get ovl2_dentry and call d_real() recursively. That recursive call should match the inode, return it to outer ovl_d_real(), which again will match the inode and return without warning. > IOW, I am not able to figure out how do we protect agains copy up races > when ovl_open() calls file_dentry(). Racing with a copy up cannot matter, since we'll continue looking for the inode in the layers and stacks below, regardless of whether we checked the upper dentry or not. Does that make it clearer? Thanks, Miklos