From: Miklos Szeredi <miklos@szeredi.hu>
To: Amir Goldstein <amir73il@gmail.com>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>,
overlayfs <linux-unionfs@vger.kernel.org>,
Vivek Goyal <vgoyal@redhat.com>
Subject: Re: overlayfs: overlapping upperdir path
Date: Thu, 1 Apr 2021 17:09:05 +0200 [thread overview]
Message-ID: <CAJfpegvRr0dy=dfLA_NM+UMYi_jqOeGf=KsS=Pjf5dn-X6nt5A@mail.gmail.com> (raw)
In-Reply-To: <CAOQ4uxgcO-Wvjwbmjme+OwVz6bZnVz4C87dgJDJQY1u55BWGjw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1231 bytes --]
On Thu, Apr 1, 2021 at 4:30 PM Amir Goldstein <amir73il@gmail.com> wrote:
>
> On Thu, Apr 1, 2021 at 4:37 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> >
> > Commit 146d62e5a586 ("ovl: detect overlapping layers") made sure we
> > don't have overapping layers, but it also broke the arguably valid use
> > case of
> >
> > mount -olowerdir=/,upperdir=/subdir,..
> >
> > where subdir also resides on the root fs.
>
> How is 'ls /merged/subdir' expected to behave in that use case?
> Error?
-ELOOP is the error returned.
>
> >
> > I also see that we check for a trap at lookup time, so the question is
> > what does the up-front layer check buy us?
> >
>
> I'm not sure. I know it bought us silence from syzbot that started
> mutating many overlapping layers repos....
> Will the lookup trap have stopped it too? maybe. We did not try.
>
> In general I think that if we can error out to user on mount time
> it is preferred, but if we need to make that use case work, I'd try
> to relax as minimum as possible from the check.
Certainly. Like lower inside upper makes zero sense, OTOH upper
inside lower does. So I think we just need to relax the
upperdir/workdir layer check in this case.
Like attached patch.
Thanks,
Miklos
[-- Attachment #2: ovl-allow-upperdir-inside-lowerdir.patch --]
[-- Type: text/x-patch, Size: 1882 bytes --]
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index fdd72f1a9c5e..8cf343335029 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1826,7 +1826,8 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
* - upper/work dir of any overlayfs instance
*/
static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs,
- struct dentry *dentry, const char *name)
+ struct dentry *dentry, const char *name,
+ bool is_lower)
{
struct dentry *next = dentry, *parent;
int err = 0;
@@ -1838,7 +1839,7 @@ static int ovl_check_layer(struct super_block *sb, struct ovl_fs *ofs,
/* Walk back ancestors to root (inclusive) looking for traps */
while (!err && parent != next) {
- if (ovl_lookup_trap_inode(sb, parent)) {
+ if (is_lower && ovl_lookup_trap_inode(sb, parent)) {
err = -ELOOP;
pr_err("overlapping %s path\n", name);
} else if (ovl_is_inuse(parent)) {
@@ -1864,7 +1865,7 @@ static int ovl_check_overlapping_layers(struct super_block *sb,
if (ovl_upper_mnt(ofs)) {
err = ovl_check_layer(sb, ofs, ovl_upper_mnt(ofs)->mnt_root,
- "upperdir");
+ "upperdir", false);
if (err)
return err;
@@ -1875,7 +1876,8 @@ static int ovl_check_overlapping_layers(struct super_block *sb,
* workbasedir. In that case, we already have their traps in
* inode cache and we will catch that case on lookup.
*/
- err = ovl_check_layer(sb, ofs, ofs->workbasedir, "workdir");
+ err = ovl_check_layer(sb, ofs, ofs->workbasedir, "workdir",
+ false);
if (err)
return err;
}
@@ -1883,7 +1885,7 @@ static int ovl_check_overlapping_layers(struct super_block *sb,
for (i = 1; i < ofs->numlayer; i++) {
err = ovl_check_layer(sb, ofs,
ofs->layers[i].mnt->mnt_root,
- "lowerdir");
+ "lowerdir", true);
if (err)
return err;
}
next prev parent reply other threads:[~2021-04-01 17:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 13:37 overlayfs: overlapping upperdir path Miklos Szeredi
2021-04-01 14:30 ` Amir Goldstein
2021-04-01 15:09 ` Miklos Szeredi [this message]
2021-04-01 15:19 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJfpegvRr0dy=dfLA_NM+UMYi_jqOeGf=KsS=Pjf5dn-X6nt5A@mail.gmail.com' \
--to=miklos@szeredi.hu \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).