Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3786905imm; Tue, 29 May 2018 13:44:54 -0700 (PDT) X-Google-Smtp-Source: AB8JxZooLYcbDUu8RYlqGP1G83A0M9BXUkd6OSd5rHSzQHviB2IUiicH2M98+kvtYrsM126chEtL X-Received: by 2002:a62:c2c7:: with SMTP id w68-v6mr18667391pfk.174.1527626694654; Tue, 29 May 2018 13:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527626694; cv=none; d=google.com; s=arc-20160816; b=w+4H223LmzdNoKFhDeFpawe/JVyzR5m0fyRrX767VsTvgl55IwmBOkVq6Tqsngnl3J /p20fgSTM4ow1AdLypfuYbQSvPkibWcYnLfXvCgl67UL1ym6kqY3JKrkYlQD5qNy6zos YIyuM5UrB1PngPCjVZc3IN95K0DM3nX9kPb2caFLw/ZHotZ0AZN+NCzF9k8Soj6MkvPG 7Z/H9/k2wrlNIlTZK0mM0rLVrMlrBh6TTC+V5Kk/5g0Zn77smn1BUCbX6CUhUIQD61dv s46UZ684Fj1A3vjNRnmgFY89PnQIF9OLFJSdRtVRVkXZ8nRVfXMd/eat5mRYok9dmoPF WBCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=FRk9iV2nDHuyeyJB92C1yMd5BzaVoc7A5gOk1OD2e6M=; b=IVmq5xc567OvhhjHkqhTc/VIx1Z2My7+W8sHTQT3rRqjJ2k6qmcRRAUxD/jDRPYc9N MMR2PraXS1/f6uFSZWXC9UKk8izDwMvRwBr/fXPlwhXqG20vAwwOejMzhjDYUKdGVAfw ub3/zuJ6MofnAOYhbb8vJKStwN/XlBfiZ9j1OGWjkvICUnYTnADjO5Y8TIHGvoYgSf7a c8fPko2LXSRvO7sKj2DKRMnJRos6IngxM3C23v6bOc7IkIrw63p6h/JvaduQB9DuOvGl 9pNVoFqoUh8jq1+AuWUuTu6BKWrJta96qcUm6pkSSTjY9TFdpCwb9Q2EtrNQHO8WHquq 4DEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=dSQhura/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9-v6si25968023pgv.452.2018.05.29.13.44.40; Tue, 29 May 2018 13:44:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=dSQhura/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966847AbeE2UoJ (ORCPT + 99 others); Tue, 29 May 2018 16:44:09 -0400 Received: from merlin.infradead.org ([205.233.59.134]:58870 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966768AbeE2UoH (ORCPT ); Tue, 29 May 2018 16:44:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=FRk9iV2nDHuyeyJB92C1yMd5BzaVoc7A5gOk1OD2e6M=; b=dSQhura/e3UP5C7fIsY5xQM8EI dOuQcmA45+HABA6A/dDv5VEMOjqVH6nnduGrfRpzND+pxX+tMEpCbtkvCsbxcxZ2RGqEsdROVxZDw JjDRgHJ/zC6YaT6AD1I8fXDoyGRCoEkRrcmeVQNc24KqiBbUXWeNLdHLvCpLsZSuRLe96qZNaD6Zf aqcLhrBIyB7/8uR2j6OO+YqTnJdr41cdm99zH2szyPBR8WF7FZOe2YddT0L1f52hyWpLaQsZaR0u+ 2lGRNPoEnx6bOdjI2hkpsKyEKx2AOeX+q69upVo6/E+h/6Z0UIchrjAci1OY5IHE4NSnLQ2lAPgTC rG6lbvfA==; Received: from static-50-53-52-16.bvtn.or.frontiernet.net ([50.53.52.16] helo=midway.dunlab) by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux)) id 1fNlTR-00018D-Nx; Tue, 29 May 2018 20:44:06 +0000 Subject: Re: [PATCH 03/28] ovl: Provide a mount option metacopy=on/off for metadata copyup To: Miklos Szeredi , linux-unionfs@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20180529144612.16675-1-mszeredi@redhat.com> <20180529144612.16675-4-mszeredi@redhat.com> From: Randy Dunlap Message-ID: Date: Tue, 29 May 2018 13:44:04 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180529144612.16675-4-mszeredi@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/29/2018 07:45 AM, Miklos Szeredi wrote: > From: Vivek Goyal > > By default metadata only copy up is disabled. Provide a mount option so > that users can choose one way or other. > > Also provide a kernel config and module option to enable/disable metacopy > feature. > > metacopy feature requires redirect_dir=on when upper is present. > Otherwise, it requires redirect_dir=follow atleast. > > As of now, metacopy does not work with nfs_export=on. So if both > metacopy=on and nfs_export=on then nfs_export is disabled. > > Signed-off-by: Vivek Goyal > Reviewed-by: Amir Goldstein > Signed-off-by: Miklos Szeredi > --- > Documentation/filesystems/overlayfs.txt | 30 ++++++++++++++++++++- > fs/overlayfs/Kconfig | 19 ++++++++++++++ > fs/overlayfs/ovl_entry.h | 1 + > fs/overlayfs/super.c | 46 ++++++++++++++++++++++++++++++--- > 4 files changed, 92 insertions(+), 4 deletions(-) > > diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt > index f087bc40c6a5..79be4a77ca08 100644 > --- a/Documentation/filesystems/overlayfs.txt > +++ b/Documentation/filesystems/overlayfs.txt > @@ -262,6 +262,30 @@ rightmost one and going left. In the above example lower1 will be the > top, lower2 the middle and lower3 the bottom layer. > > > +Metadata only copy up > +-------------------- > + > +When metadata only copy up feature is enabled, overlayfs will only copy > +up metadata (as opposed to whole file), when a metadata specific operation > +like chown/chmod is performed. Full file will be copied up later when > +file is opened for WRITE operation. > + > +In other words, this is delayed data copy up operation and data is copied > +up when there is a need to actually modify data. > + > +There are multiple ways to enable/disable this feature. A config option > +CONFIG_OVERLAY_FS_METACOPY can be set/unset to enable/disable this feature > +by default. Or one can enable/disable it at module load time with module > +parameter metacopy=on/off. Lastly, there is also a per mount option > +metacopy=on/off to enable/disable this feature per mount. > + > +Do not use metacopy=on with untrusted upper/lower directories. Otherwise > +it is possible that an attacker can create an handcrafted file with a handcrafted > +appropriate REDIRECT and METACOPY xattrs, and gain access to file on lower > +pointed by REDIRECT. This should not be possible on local system as setting > +"trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible > +for untrusted layers like from a pen drive. > + > Sharing and copying layers > -------------------------- > > @@ -280,7 +304,7 @@ though it will not result in a crash or deadlock. > Mounting an overlay using an upper layer path, where the upper layer path > was previously used by another mounted overlay in combination with a > different lower layer path, is allowed, unless the "inodes index" feature > -is enabled. > +or "metadata only copy up" feature is enabled. > > With the "inodes index" feature, on the first time mount, an NFS file > handle of the lower layer root directory, along with the UUID of the lower > @@ -293,6 +317,10 @@ lower root origin, mount will fail with ESTALE. An overlayfs mount with > does not support NFS export, lower filesystem does not have a valid UUID or > if the upper filesystem does not support extended attributes. > > +For "metadata only copy up" feature there is no verification mechanism at > +mount time. So if same upper is mouted with different set of lower, mount mounted > +probably will succeed but expect the unexpected later on. So don't do it. > + > It is quite a common practice to copy overlay layers to a different > directory tree on the same or different underlying filesystem, and even > to a different machine. With the "inodes index" feature, trying to mount > diff --git a/fs/overlayfs/Kconfig b/fs/overlayfs/Kconfig > index 5d1d40d745c5..e0a090eca65e 100644 > --- a/fs/overlayfs/Kconfig > +++ b/fs/overlayfs/Kconfig > @@ -64,6 +64,7 @@ config OVERLAY_FS_NFS_EXPORT > bool "Overlayfs: turn on NFS export feature by default" > depends on OVERLAY_FS > depends on OVERLAY_FS_INDEX > + depends on !OVERLAY_FS_METACOPY > help > If this config option is enabled then overlay filesystems will use > the inodes index dir to decode overlay NFS file handles by default. Is that ... dir ^^^ == directory ? Please spell it out. > @@ -124,3 +125,21 @@ config OVERLAY_FS_COPY_UP_SHARED > To get a maximally backward compatible kernel, disable this option. > > If unsure, say N. > + > +config OVERLAY_FS_METACOPY > + bool "Overlayfs: turn on metadata only copy up feature by default" > + depends on OVERLAY_FS > + select OVERLAY_FS_REDIRECT_DIR > + help > + If this config option is enabled then overlay filesystems will > + copy up only metadata where appropriate and data copy up will > + happen when a file is opended for WRITE operation. It is still opened > + possible to turn off this feature globally with the "metacopy=off" > + module option or on a filesystem instance basis with the > + "metacopy=off" mount option. > + > + Note, that this feature is not backward compatible. That is, > + mounting an overlay which has metacopy only inodes on a kernel > + that doesn't support this feature will have unexpected results. > + > + If unsure, say N. -- ~Randy