From: Amir Goldstein <amir73il@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: [PATCH v2 0/5] overlayfs upperdir/workdir verifications
Date: Thu, 1 Jun 2017 20:01:49 +0300 [thread overview]
Message-ID: <1496336514-11000-1-git-send-email-amir73il@gmail.com> (raw)
Miklos,
This patch set is a prelude to the index dir feature, which
requires origin verification w.r.t. upperdir. I will follow
up with the posting of index dir feature soon.
This work prevents:
1. Concurrent overlay mounts with same upperdir/workdir
2. Reuse of upperdir with different lowerdir
3. Merge lower dir that doesn't match upper dir origin
For backward compat with existing setups that copy layers, the
checks 2-3 above depend on a new mount option (-o verify_lower).
The same mount option is going to determine whether an index dir
that doesn't match upper dir is blown away or fails the mount.
I have another dir verification patch that decodes origin dir on
failure to verify lower dir, which I am using for snapshots and
is going to be needed for NFS export. Because those features are
not proposed for v4.13 I left out the patch from this posting.
The verify_lower mount option can be tested with my unionmount-testsuite
development branch [1]. I had to fix the mount cycling test (run --ov=N)
not to reuse the same workdir with new rotated upperdir, because reusing
workdir with different upperdir breaks the origin verification for the
persistent index dir.
[1] https://github.com/amir73il/unionmount-testsuite/commits/overlayfs-devel
Amir Goldstein (5):
vfs: introduce inode 'inuse' lock
ovl: get exclusive ownership on upper/work dirs
ovl: add support for verify_lower mount option
ovl: verify lower root dir by file handle
ovl: document the 'verify_lower' feature
Documentation/filesystems/overlayfs.txt | 48 +++++++++++++
fs/inode.c | 50 ++++++++++++++
fs/overlayfs/copy_up.c | 16 +++--
fs/overlayfs/namei.c | 95 ++++++++++++++++++++++---
fs/overlayfs/overlayfs.h | 18 +++++
fs/overlayfs/ovl_entry.h | 4 ++
fs/overlayfs/super.c | 118 +++++++++++++++++++++++++++++++-
fs/overlayfs/util.c | 7 ++
include/linux/fs.h | 15 ++++
9 files changed, 351 insertions(+), 20 deletions(-)
--
2.7.4
next reply other threads:[~2017-06-01 17:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-01 17:01 Amir Goldstein [this message]
2017-06-01 17:01 ` [PATCH v2 1/5] vfs: introduce inode 'inuse' lock Amir Goldstein
2017-06-01 17:01 ` [PATCH v2 2/5] ovl: get exclusive ownership on upper/work dirs Amir Goldstein
2017-06-01 17:01 ` [PATCH v2 3/5] ovl: add support for verify_lower mount option Amir Goldstein
2017-06-01 17:01 ` [PATCH v2 4/5] ovl: verify lower root dir by file handle Amir Goldstein
2017-06-01 17:01 ` [PATCH v2 5/5] ovl: document the 'verify_lower' feature Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1496336514-11000-1-git-send-email-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.