Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp776022imm;
        Fri, 1 Jun 2018 09:18:48 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKKrVUMjzBpOnVJ7Q45sAMS4eVjSj7/731whyN4z8j0om6w4CfeNNYdZtK4Oz+9Ehh1GvGbm
X-Received: by 2002:a65:5c09:: with SMTP id u9-v6mr9488998pgr.304.1527869928614;
        Fri, 01 Jun 2018 09:18:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527869928; cv=none;
        d=google.com; s=arc-20160816;
        b=xd0op966gd++L69Wn8jli0S0VNcjl8w9IJQbS1F2Do2SKPJxVB10M+UG3Q+4S4WZ72
         8+1qbZ444F5YVG8TwjNYuLtJ++OQCnJkgJgbv8sT7195iZXZaQoeB6VsJEC1U0oxRvtJ
         haNcjpEXkp7hUftGBSwu4Qb1slRQdL/v4yjfXWVvIgD8MthpDGGA3EKcgedDTYDQ+qQi
         GLhtn0jDrEWC10T95q9SWIJLQijTbtM8ZRvJlZ9Q68MMj/L07iyyqBDGbZIp+AQNnzNP
         F55WdhVO4cOHlEHZnBhcQx+b2w8I9CPYhx8vUnqFnJt3nPBcKNRYjRtTL9IzLaHM6Nfz
         pa+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=kEbSj1KOS8HW2deEhZL0RgQ66EhlRILltdjyvLyI0Qw=;
        b=TrulATVaU0BrPfWFWXcgsBHRrucghMaU/RyvTQigi1uBcX0GuSrvivl55NvNxktlSi
         +s49JdJhYLaAX3O7ILw2ezUCuzjxYvxsNp6qsn1A8Ii/UhspR7nP4CGzNqcIeTpPjeHU
         bCLoktuLgRFRvChj13QvOFrhanER9zgkyBuYEGnFstjY6Hs4+BexkYzTSD5CAk4Y2mCJ
         vuTl+FVhluD+n+2HomjMya6fRfBufiWvgShkBkdllnSMFNAq9ozDN5ENhmUFmpCGP+49
         K2SFbuTZlQ0adRCbQjrcw1JC9dp2+uIptWggXX3hOePmrea28SybFlanDvb+NmdOZdi+
         r5YQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=rqQpOdDb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 89-v6si11712812plf.224.2018.06.01.09.18.34;
        Fri, 01 Jun 2018 09:18:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=rqQpOdDb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752776AbeFAQSJ (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Fri, 1 Jun 2018 12:18:09 -0400
Received: from merlin.infradead.org ([205.233.59.134]:40072 "EHLO
        merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751932AbeFAQSI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 Jun 2018 12:18:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:Content-Type:
        In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender
        :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
        Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
        List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
        bh=kEbSj1KOS8HW2deEhZL0RgQ66EhlRILltdjyvLyI0Qw=; b=rqQpOdDbtRJM/ImHSb/0CTaf6U
        dsv0s5mjHjgOnPrQdi8lc0kDKnvEbKNNq0f+awqqI0g+Os7u7hreuhZBt8JJIkfDjHIjHvwagXfQC
        v1QMgd6FU9pIkHbSsafeemCudYCEGO6AYbQscqet1Vz8Nqapkhs/NsjqNUZEZET8W1fgKRsNI2WlI
        hNoxFnLSMUhyzfMExuYZZ0QHl6OLMEM4fi27LxMWoGuDd7wCiYrQcHTsJ7lRjq7CepXaAFLbD6C+G
        lHtxL4XNLoWfPCnhsuytLEVslfi0mewfyvy6kzexn7LUPHcfheOCVa7oXnSw5lvF6yR+HX7QWlpPI
        H2kkU46Q==;
Received: from static-50-53-52-16.bvtn.or.frontiernet.net ([50.53.52.16] helo=midway.dunlab)
        by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux))
        id 1fOmkg-0006km-6Y; Fri, 01 Jun 2018 16:18:06 +0000
Subject: Re: [GIT PULL] overlayfs update for 4.18
To:     Miklos Szeredi <miklos@szeredi.hu>,
        Al Viro <viro@zeniv.linux.org.uk>
Cc:     linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-unionfs@vger.kernel.org
References: <20180529132148.GC23785@veci.piliscsaba.redhat.com>
 <20180601152625.GD23785@veci.piliscsaba.redhat.com>
From:   Randy Dunlap <rdunlap@infradead.org>
Message-ID: <1d1b5ffb-4786-6b7a-fbf3-84b79080ccff@infradead.org>
Date:   Fri, 1 Jun 2018 09:18:02 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <20180601152625.GD23785@veci.piliscsaba.redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 06/01/2018 08:26 AM, Miklos Szeredi wrote:
> On Tue, May 29, 2018 at 03:21:48PM +0200, Miklos Szeredi wrote:
>> Hi Al,
>>
>> I'm sending this pull request to you instead of Linus, because a bigger than
>> usual chunk involves the VFS.
>>
>> Please pull from:
>>
>>   git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git for-viro
>>
>> This update contains the following:


> ---
> 
> diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt
> index 0a8e3c4543d1..79be4a77ca08 100644
> --- a/Documentation/filesystems/overlayfs.txt
> +++ b/Documentation/filesystems/overlayfs.txt
> @@ -280,7 +280,7 @@ parameter metacopy=on/off. Lastly, there is also a per mount option
>  metacopy=on/off to enable/disable this feature per mount.
>  
>  Do not use metacopy=on with untrusted upper/lower directories. Otherwise
> -it is possible that an attacker can create a handcrafted file with
> +it is possible that an attacker can create an handcrafted file with

bad change:
                                       create a handcrafted

Wait. Is this patch -R (reversed)?

>  appropriate REDIRECT and METACOPY xattrs, and gain access to file on lower
>  pointed by REDIRECT. This should not be possible on local system as setting
>  "trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible
> @@ -318,7 +318,7 @@ does not support NFS export, lower filesystem does not have a valid UUID or
>  if the upper filesystem does not support extended attributes.
>  
>  For "metadata only copy up" feature there is no verification mechanism at
> -mount time. So if same upper is mounted with different set of lower, mount
> +mount time. So if same upper is mouted with different set of lower, mount

                                   mounted

>  probably will succeed but expect the unexpected later on. So don't do it.
>  
>  It is quite a common practice to copy overlay layers to a different
> diff --git a/fs/overlayfs/Kconfig b/fs/overlayfs/Kconfig
> index 08b04d9fd6e6..e0a090eca65e 100644
> --- a/fs/overlayfs/Kconfig
> +++ b/fs/overlayfs/Kconfig
> @@ -11,7 +11,7 @@ config OVERLAY_FS
>  	  For more information see Documentation/filesystems/overlayfs.txt
>  
>  config OVERLAY_FS_REDIRECT_DIR
> -	bool "Overlayfs: turn on redirect directory feature by default"
> +	bool "Overlayfs: turn on redirect dir feature by default"

nope.

>  	depends on OVERLAY_FS
>  	help
>  	  If this config option is enabled then overlay filesystems will use
> @@ -46,7 +46,7 @@ config OVERLAY_FS_INDEX
>  	depends on OVERLAY_FS
>  	help
>  	  If this config option is enabled then overlay filesystems will use
> -	  the index directory to map lower inodes to upper inodes by default.
> +	  the inodes index dir to map lower inodes to upper inodes by default.
>  	  In this case it is still possible to turn off index globally with the
>  	  "index=off" module option or on a filesystem instance basis with the
>  	  "index=off" mount option.
> @@ -67,7 +67,7 @@ config OVERLAY_FS_NFS_EXPORT
>  	depends on !OVERLAY_FS_METACOPY
>  	help
>  	  If this config option is enabled then overlay filesystems will use
> -	  the index directory to decode overlay NFS file handles by default.
> +	  the inodes index dir to decode overlay NFS file handles by default.
>  	  In this case, it is still possible to turn off NFS export support
>  	  globally with the "nfs_export=off" module option or on a filesystem
>  	  instance basis with the "nfs_export=off" mount option.
> @@ -133,7 +133,7 @@ config OVERLAY_FS_METACOPY
>  	help
>  	  If this config option is enabled then overlay filesystems will
>  	  copy up only metadata where appropriate and data copy up will
> -	  happen when a file is opened for WRITE operation. It is still
> +	  happen when a file is opended for WRITE operation. It is still

nope.

>  	  possible to turn off this feature globally with the "metacopy=off"
>  	  module option or on a filesystem instance basis with the
>  	  "metacopy=off" mount option.


-- 
~Randy