linux-unionfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miklos Szeredi <miklos@szeredi.hu>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Chengguang Xu <cgxu519@mykernel.net>,
	overlayfs <linux-unionfs@vger.kernel.org>
Subject: Re: [PATCH v3 3/4] ovl: copy up sync/noatime fileattr flags
Date: Wed, 14 Jul 2021 10:47:21 +0200	[thread overview]
Message-ID: <CAJfpegvpk-4SPPi2NM6ZnuDZNxcPK=4+JapxtLf_oYiCvuScrw@mail.gmail.com> (raw)
In-Reply-To: <CAOQ4uxgQuhPck2psKsROoVUprPw62kV46MFv_4SHWU+s11xH3w@mail.gmail.com>

On Mon, 12 Jul 2021 at 17:52, Amir Goldstein <amir73il@gmail.com> wrote:
>
> On Mon, Jul 12, 2021 at 6:51 PM Amir Goldstein <amir73il@gmail.com> wrote:
> >
> > On Mon, Jul 12, 2021 at 5:20 PM Miklos Szeredi <miklos@szeredi.hu> wrote:
> > >
> > > On Sat, 19 Jun 2021 at 11:26, Amir Goldstein <amir73il@gmail.com> wrote:
> > > >
> > > > When a lower file has sync/noatime fileattr flags, the behavior of
> > > > overlayfs post copy up is inconsistent.
> > > >
> > > > Immediattely after copy up, ovl inode still has the S_SYNC/S_NOATIME
> > > > inode flags copied from lower inode, so vfs code still treats the ovl
> > > > inode as sync/noatime.  After ovl inode evict or mount cycle,
> > > > the ovl inode does not have these inode flags anymore.
> > > >
> > > > To fix this inconsitency, try to copy the fileattr flags on copy up
> > > > if the upper fs supports the fileattr_set() method.
> > > >
> > > > This gives consistent behavior post copy up regardless of inode eviction
> > > > from cache.
> > > >
> > > > We cannot copy up the immutable/append-only inode flags in a similar
> > > > manner, because immutable/append-only inodes cannot be linked and because
> > > > overlayfs will not be able to set overlay.* xattr on the upper inodes.
> > > >
> > > > Those flags will be addressed by a followup patch.
> > > >
> > > > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > > > ---
> > > >  fs/overlayfs/copy_up.c   | 49 ++++++++++++++++++++++++++++++++++------
> > > >  fs/overlayfs/inode.c     | 36 ++++++++++++++++++-----------
> > > >  fs/overlayfs/overlayfs.h | 14 +++++++++++-
> > > >  3 files changed, 78 insertions(+), 21 deletions(-)
> > > >
> > > > diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> > > > index 3fa68a5cc16e..a06b423ca5d1 100644
> > > > --- a/fs/overlayfs/copy_up.c
> > > > +++ b/fs/overlayfs/copy_up.c
> > > > @@ -8,6 +8,7 @@
> > > >  #include <linux/fs.h>
> > > >  #include <linux/slab.h>
> > > >  #include <linux/file.h>
> > > > +#include <linux/fileattr.h>
> > > >  #include <linux/splice.h>
> > > >  #include <linux/xattr.h>
> > > >  #include <linux/security.h>
> > > > @@ -130,6 +131,31 @@ int ovl_copy_xattr(struct super_block *sb, struct dentry *old,
> > > >         return error;
> > > >  }
> > > >
> > > > +static int ovl_copy_fileattr(struct path *old, struct path *new)
> > > > +{
> > > > +       struct fileattr oldfa = { .flags_valid = true };
> > > > +       struct fileattr newfa = { .flags_valid = true };
> > > > +       int err;
> > > > +
> > > > +       err = ovl_real_fileattr(old, &oldfa, false);
> > > > +       if (err)
> > > > +               return err;
> > > > +
> > > > +       err = ovl_real_fileattr(new, &newfa, false);
> > > > +       if (err)
> > > > +               return err;
> > > > +
> > > > +       BUILD_BUG_ON(OVL_COPY_FS_FLAGS_MASK & ~FS_COMMON_FL);
> > > > +       newfa.flags &= ~OVL_COPY_FS_FLAGS_MASK;
> > > > +       newfa.flags |= (oldfa.flags & OVL_COPY_FS_FLAGS_MASK);
> > > > +
> > > > +       BUILD_BUG_ON(OVL_COPY_FSX_FLAGS_MASK & ~FS_XFLAG_COMMON);
> > > > +       newfa.fsx_xflags &= ~OVL_COPY_FSX_FLAGS_MASK;
> > > > +       newfa.fsx_xflags |= (oldfa.fsx_xflags & OVL_COPY_FSX_FLAGS_MASK);
> > > > +
> > > > +       return ovl_real_fileattr(new, &newfa, true);
> > > > +}
> > > > +
> > > >  static int ovl_copy_up_data(struct ovl_fs *ofs, struct path *old,
> > > >                             struct path *new, loff_t len)
> > > >  {
> > > > @@ -493,20 +519,21 @@ static int ovl_link_up(struct ovl_copy_up_ctx *c)
> > > >  static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
> > > >  {
> > > >         struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
> > > > +       struct inode *inode = d_inode(c->dentry);
> > > > +       struct path upperpath, datapath;
> > > >         int err;
> > > >
> > > > +       ovl_path_upper(c->dentry, &upperpath);
> > > > +       if (WARN_ON(upperpath.dentry != NULL))
> > > > +               return -EIO;
> > > > +
> > > > +       upperpath.dentry = temp;
> > > > +
> > > >         /*
> > > >          * Copy up data first and then xattrs. Writing data after
> > > >          * xattrs will remove security.capability xattr automatically.
> > > >          */
> > > >         if (S_ISREG(c->stat.mode) && !c->metacopy) {
> > > > -               struct path upperpath, datapath;
> > > > -
> > > > -               ovl_path_upper(c->dentry, &upperpath);
> > > > -               if (WARN_ON(upperpath.dentry != NULL))
> > > > -                       return -EIO;
> > > > -               upperpath.dentry = temp;
> > > > -
> > > >                 ovl_path_lowerdata(c->dentry, &datapath);
> > > >                 err = ovl_copy_up_data(ofs, &datapath, &upperpath,
> > > >                                        c->stat.size);
> > > > @@ -518,6 +545,14 @@ static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
> > > >         if (err)
> > > >                 return err;
> > > >
> > > > +       if (inode->i_flags & OVL_COPY_I_FLAGS_MASK) {
> > > > +               /*
> > > > +                * Copy the fileattr inode flags that are the source of already
> > > > +                * copied i_flags (best effort).
> > > > +                */
> > > > +               ovl_copy_fileattr(&c->lowerpath, &upperpath);
> > >
> > > I'm not sure this should be ignoring errors.  Was this done to prevent
> > > regressing cases where the upper fs cannot store the flags?
> >
> > Yes.
> >
> > > Do you have a concrete example?
> >
> > Unpriv userns mount??
> >
>
> Upperfs that does not support fileattr (FUSE?)

Okay, so two subcases:

  - no xattr on upper
  - no fileattr on upper

FUSE is considered "remote" and overlayfs enforces xattr support, but
not fileattr support.  So yeah, it seems theoretically these are
possible.

But I think it might be the best to risk it and return the error,
hoping that this is such a rare corner case that there's no existing
use.  If a regression is reported, than we need to go for a more
complex solution where this case is detected on startup and handled
accordingly.

Thanks,
Miklos

  reply	other threads:[~2021-07-14  8:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-19  9:26 [PATCH v3 0/4] Overlayfs fileattr related fixes Amir Goldstein
2021-06-19  9:26 ` [PATCH v3 1/4] fs: add generic helper for filling statx attribute flags Amir Goldstein
2021-06-19  9:31   ` Amir Goldstein
2021-06-19  9:26 ` [PATCH v3 2/4] ovl: pass ovl_fs to ovl_check_setxattr() Amir Goldstein
2021-06-19  9:26 ` [PATCH v3 3/4] ovl: copy up sync/noatime fileattr flags Amir Goldstein
2021-07-12 14:20   ` Miklos Szeredi
2021-07-12 15:51     ` Amir Goldstein
2021-07-12 15:52       ` Amir Goldstein
2021-07-14  8:47         ` Miklos Szeredi [this message]
2021-07-14 10:38           ` Amir Goldstein
2021-06-19  9:26 ` [PATCH v3 4/4] ovl: consistent behavior for immutable/append-only inodes Amir Goldstein
2021-07-12 12:21   ` Miklos Szeredi
2021-07-12 13:43     ` Amir Goldstein
2021-07-19 14:28 ` [PATCH v3 0/4] Overlayfs fileattr related fixes Miklos Szeredi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJfpegvpk-4SPPi2NM6ZnuDZNxcPK=4+JapxtLf_oYiCvuScrw@mail.gmail.com' \
    --to=miklos@szeredi.hu \
    --cc=amir73il@gmail.com \
    --cc=cgxu519@mykernel.net \
    --cc=linux-unionfs@vger.kernel.org \
    --subject='Re: [PATCH v3 3/4] ovl: copy up sync/noatime fileattr flags' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).