Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp5097039imm;
        Tue, 12 Jun 2018 02:26:27 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLAOfVjcGgUXvW+bOg8abXtAzqFUKG5d5l2JkUlrYkz8z1juyAxXQ1CYzEbQl+LrWSKm7lS
X-Received: by 2002:a17:902:329:: with SMTP id 38-v6mr3247775pld.328.1528795587216;
        Tue, 12 Jun 2018 02:26:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528795587; cv=none;
        d=google.com; s=arc-20160816;
        b=w2hnbv7/uA0zg4qgJjaeNDcQm+qcAHVIUIiEkgde4CPb30X+qEceJUAWtMcYgbK4l+
         tewoRxksJ/sLD/g8pFEmoJ73xx+0m+X2QC42Wsx1h/s2EfocB8KH8O57qq5Txw8Rccck
         Xq5CwvbeHlyV2BCGmRbIGDSCM5i3UWWPsfAYoOq9sjVtQIZyvpt9aokQSBchyKzrbUW1
         BOqElH4HXP2kfHvraWYgaZFfb99uPkxSFwiOY3Y25Xe4ftATqw+43q+FDG4KQcUSVFiJ
         jRi7XliGl42EmscYZk/LOaLV0U7iJLl10teMpUsd6DaRmMAlcxps2wEifSxH0AYXngcL
         Zkfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=fT4LvBQno4KmzP+ejnRwvqGk4h7hneauCpysJiUHZmI=;
        b=G95loqHUXZzn5aAlq6AuboSLo0PPHMbp1xfBa7a8ygc+jtkOzGhEB7JCbALS+4FTBQ
         +6Z0BssbqAQDEEJBEMKEXtHdfvSDY1A6Te78nQOMP1H8uyRbgG5f1/y8z1TP7OfyBB0G
         uzVCLE1YKyCakxHvbP0Kz8zHEsR6IZ/68sXUUbfqMiaEqdKvrciq1A+zS3Z1HN2a5NYO
         HgDMLoFxWlNn0QZj8UNbA5FzvU51ZcXCa7tsJ7AeektmoxfyUiLJ5jghh/nio9xN2DYD
         0exQSqM/FYVTkO4yjH6QoNyxjCVnGET05gdOO7czW0sEJvgUinVV0FT4SW6AEVLfW6d+
         fYGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=ADby6NGC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q18-v6si392927pfq.307.2018.06.12.02.26.12;
        Tue, 12 Jun 2018 02:26:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=ADby6NGC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933546AbeFLJYn (ORCPT <rfc822;fygvjjghggcfgvhhgsgrguf@gmail.com>
        + 99 others); Tue, 12 Jun 2018 05:24:43 -0400
Received: from mail-oi0-f67.google.com ([209.85.218.67]:33567 "EHLO
        mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932711AbeFLJYk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Jun 2018 05:24:40 -0400
Received: by mail-oi0-f67.google.com with SMTP id c6-v6so19352214oiy.0
        for <linux-kernel@vger.kernel.org>; Tue, 12 Jun 2018 02:24:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=fT4LvBQno4KmzP+ejnRwvqGk4h7hneauCpysJiUHZmI=;
        b=ADby6NGCnyo7yJiCjmWw3/PNbdP1LR12zUHCoKoWvh8Ama3Mkw+aRjh7QTlx00OGBW
         9gL9hQvu1VTRjgMX5WQAmAvztNi7nR61/tPJLr5DrVN4qBAVeAAO1Sna/lFuzAHUX4MN
         r97ghB0e+FP/FgcvV+vKU7un651ekWm6l/chA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=fT4LvBQno4KmzP+ejnRwvqGk4h7hneauCpysJiUHZmI=;
        b=JrNsQOFJzN9HwQUeJl/5j0+5Dx+pj0DNaKmoA+xvX6ioXr9uGHDuSoxaSW+o5fmhN0
         zTuE7ZGSWtBJRmKPIBWjr+87mqT953bt9OYyHAy5EPUma+sf7kNH6slRCuhb99xgrb3L
         fYpukYNkpP2XVcoePFz+kN3hXizAwftkOKyN427EEiU8zK3q68kWcR4WMAVDKIc97HSK
         68NOjAMvtT66+AqVZYtZwweVa0CE9QMyERbvcI4Xy6FCxTEj+yvj7jJwM/R0Tmlkx7dL
         oWv2UJX83fGvoVpdKn1ATCfd2AaU24qGHIuRxiZtzN6/8kUTPwf8/AONso3WBBktqzYE
         v3FQ==
X-Gm-Message-State: APt69E1M4QQXIjZgArF15cb7TCoVLBRcV2JmNKUGH/AmqYtGXEUbVV/V
        WQAzoMQrQE6/eZOHj3sCu+qbcoJznt/AX0hWrVDxwg==
X-Received: by 2002:aca:a646:: with SMTP id p67-v6mr1395545oie.149.1528795480393;
 Tue, 12 Jun 2018 02:24:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:1123:0:0:0:0:0 with HTTP; Tue, 12 Jun 2018 02:24:39
 -0700 (PDT)
X-Originating-IP: [176.63.54.97]
In-Reply-To: <20180612024029.GZ30522@ZenIV.linux.org.uk>
References: <20180529144339.16538-1-mszeredi@redhat.com> <20180529144339.16538-15-mszeredi@redhat.com>
 <20180610041243.GJ30522@ZenIV.linux.org.uk> <CAJfpegtEGuBqmJ+6Kzd0456o0xyebe3LBk66xWQcuzsenqKVeg@mail.gmail.com>
 <20180612022926.GY30522@ZenIV.linux.org.uk> <20180612024029.GZ30522@ZenIV.linux.org.uk>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Tue, 12 Jun 2018 11:24:39 +0200
Message-ID: <CAJfpegvUkcUw0GXxFesT6V2f27EXW7jkvBpvnG4XB49BPdvjjA@mail.gmail.com>
Subject: Re: [PATCH 14/39] ovl: stack file ops
To:     Al Viro <viro@zeniv.linux.org.uk>
Cc:     Miklos Szeredi <mszeredi@redhat.com>,
        overlayfs <linux-unionfs@vger.kernel.org>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        Linus Torvalds <torvalds@linux-foundation.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jun 12, 2018 at 4:40 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> On Tue, Jun 12, 2018 at 03:29:26AM +0100, Al Viro wrote:
>
>> It might (or might not) work for the filesystems you'd been testing
>> on, but it's a lot of trouble waiting to happen.  Hell, try and use
>> ecryptfs as lower layer, see how fast it'll blow up.  Sure, it's
>> a dumb testcase, but I don't see how to check if something more
>> realistic is trouble-free.

That's funny, because when dhowells added the patch to make f_path
point to the overlay, I was fighting tooth and claw against that
change on the grounds of being unsafe, but it went through regardless
(and was in fact one of the biggest headaches in overlay/vfs
interaction).

So you might be right that there are bugs in the handling of ecryptfs,
etc, however the patchset is guaranteed not to cause regressions in
this area.

And yes, it would be best to get rid of that kludge once and for all.

>>
>> I'd been trying to come up with some way to salvage that kludge of yours,
>> but I don't see any solutions.  We don't have good proxies for "this
>> filesystem might be unsafe as lower layer" ;-/
>
> Note that anything that uses file_dentry() anywhere near ->open(),
> ->read_iter() or ->write_iter() is an instant trouble with your scheme.
> Such as
> int nfs_open(struct inode *inode, struct file *filp)
> {
>         struct nfs_open_context *ctx;
>
>         ctx = alloc_nfs_open_context(file_dentry(filp), filp->f_mode, filp);
>         if (IS_ERR(ctx))
>                 return PTR_ERR(ctx);
>         nfs_file_set_open_context(filp, ctx);
>         put_nfs_open_context(ctx);
>         nfs_fscache_open_file(inode, filp);
>         return 0;
> }
>
> You do want to support NFS for lower layers, right?

There's no change regarding how file_dentry() works.  We've just
pushed these weird files (f_path points to overlay, f_inode points to
underlay) down into the guts of overlayfs and are not directly
referenced from the file table anymore.  That shouldn't make *any*
difference from the lower fs's pov.

The only difference is that now the real file has creds inherited from
mounter task.  If lower filesystem's a_ops did some permission
checking based on that, then that might make a difference in behavior.
But I guess that difference would be in the positive direction, making
behavior more consistent.

Thanks,
Miklos