[v2,1/4] overlay: Add tests for nesting private xattrs

Message ID	20231204185859.3731975-2-amir73il@gmail.com (mailing list archive)
State	New, archived
Headers	show Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a8Wu9PJ+" From: Amir Goldstein <amir73il@gmail.com> To: Zorro Lang <zlang@redhat.com> Cc: Alexander Larsson <alexl@redhat.com>, Miklos Szeredi <miklos@szeredi.hu>, linux-unionfs@vger.kernel.org, fstests@vger.kernel.org Subject: [PATCH v2 1/4] overlay: Add tests for nesting private xattrs Date: Mon, 4 Dec 2023 20:58:56 +0200 Message-Id: <20231204185859.3731975-2-amir73il@gmail.com> In-Reply-To: <20231204185859.3731975-1-amir73il@gmail.com> References: <20231204185859.3731975-1-amir73il@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Overlayfs tests for 6.7-rc1 \| expand [v2,0/4] Overlayfs tests for 6.7-rc1 [v2,1/4] overlay: Add tests for nesting private xattrs [v2,2/4] overlay: prepare for new lowerdir+,datadir+ tests [v2,3/4] overlay: test data-only lowerdirs with datadir+ mount option [v2,4/4] overlay: test parsing of lowerdir+,datadir+ mount options

Message ID

20231204185859.3731975-2-amir73il@gmail.com (mailing list archive)

State

New, archived

Headers

From: Amir Goldstein <amir73il@gmail.com>
To: Zorro Lang <zlang@redhat.com>
Cc: Alexander Larsson <alexl@redhat.com>,
	Miklos Szeredi <miklos@szeredi.hu>,
	linux-unionfs@vger.kernel.org,
	fstests@vger.kernel.org
Subject: [PATCH v2 1/4] overlay: Add tests for nesting private xattrs
Date: Mon,  4 Dec 2023 20:58:56 +0200
Message-Id: <20231204185859.3731975-2-amir73il@gmail.com>
In-Reply-To: <20231204185859.3731975-1-amir73il@gmail.com>
References: <20231204185859.3731975-1-amir73il@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Overlayfs tests for 6.7-rc1 | expand

Commit Message

Amir Goldstein Dec. 4, 2023, 6:58 p.m. UTC

If overlayfs xattr escaping is supported, ensure:
 * We can create "overlay.*" xattrs on a file in the overlayfs
 * We can create an xwhiteout file in the overlayfs

We check for nesting support by trying to getattr an "overlay.*" xattr
in an overlayfs mount, which will return ENOSUPP in older kernels.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
 tests/overlay/084     | 169 ++++++++++++++++++++++++++++++++++++++++++
 tests/overlay/084.out |  61 +++++++++++++++
 2 files changed, 230 insertions(+)
 create mode 100755 tests/overlay/084
 create mode 100644 tests/overlay/084.out

Comments

Zorro Lang Dec. 10, 2023, 1:35 p.m. UTC | #1

On Mon, Dec 04, 2023 at 08:58:56PM +0200, Amir Goldstein wrote:
> If overlayfs xattr escaping is supported, ensure:
>  * We can create "overlay.*" xattrs on a file in the overlayfs
>  * We can create an xwhiteout file in the overlayfs
> 
> We check for nesting support by trying to getattr an "overlay.*" xattr
> in an overlayfs mount, which will return ENOSUPP in older kernels.
> 
> Signed-off-by: Alexander Larsson <alexl@redhat.com>
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> ---

Hi Amir,

This test passed with below kernel configuration at first:
  CONFIG_OVERLAY_FS=m
  # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
  CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
  # CONFIG_OVERLAY_FS_INDEX is not set
  # CONFIG_OVERLAY_FS_XINO_AUTO is not set
  # CONFIG_OVERLAY_FS_METACOPY is not set

But then I found it fails if I enabled below configurations:
  CONFIG_OVERLAY_FS_REDIRECT_DIR=y
  CONFIG_OVERLAY_FS_INDEX=y
  CONFIG_OVERLAY_FS_XINO_AUTO=y
  CONFIG_OVERLAY_FS_METACOPY=y

Without these configures, this test passed. But with them, it fails as [1].
The underlying fs is xfs (with default mkfs options), there're not specific
MOUNT_OPTIONS and MKFS_OPTIONS to use.

I'll delay merging this patchset temporarily, please check.

Thanks,
Zorro

[1]
QA output created by 084

== Check xattr escape trusted ==
# file: SCRATCH_MNT/layer2/dir
trusted.overlay.opaque="y"
user.overlay.opaque="y"

# file: SCRATCH_DEV/mid/layer2/dir
trusted.overlay.overlay.opaque="y"
user.overlay.opaque="y"

mount: /mnt/fstests/SCRATCH_DIR/ovl-mnt: mount(2) system call failed: Stale file handle.
getfattr: /mnt/fstests/SCRATCH_DIR/ovl-mnt/layer2/dir: No such file or directory
nested xattr mount with trusted.overlay
mount: /mnt/fstests/SCRATCH_DIR/nested: special device overlayfs does not exist.
stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
umount: /mnt/fstests/SCRATCH_DIR/nested: not mounted.
nested xattr mount with user.overlay
mount: /mnt/fstests/SCRATCH_DIR/nested: special device overlayfs does not exist.
stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
umount: /mnt/fstests/SCRATCH_DIR/nested: not mounted.
copy-up of escaped xattrs
touch: cannot touch '/mnt/fstests/SCRATCH_DIR/ovl-mnt/layer2/dir/other_file': No such file or directory
getfattr: /mnt/fstests/SCRATCH_DIR/upper/layer2/dir: No such file or directory
umount: /mnt/fstests/SCRATCH_DIR/ovl-mnt: not mounted.

== Check xattr escape user ==
# file: SCRATCH_MNT/layer2/dir
trusted.overlay.opaque="y"
user.overlay.opaque="y"

# file: SCRATCH_DEV/mid/layer2/dir
trusted.overlay.opaque="y"
user.overlay.overlay.opaque="y"

mount: /mnt/fstests/SCRATCH_DIR/ovl-mnt: mount(2) system call failed: Stale file handle.
getfattr: /mnt/fstests/SCRATCH_DIR/ovl-mnt/layer2/dir: No such file or directory
nested xattr mount with trusted.overlay
mount: /mnt/fstests/SCRATCH_DIR/nested: special device overlayfs does not exist.
stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
umount: /mnt/fstests/SCRATCH_DIR/nested: not mounted.
nested xattr mount with user.overlay
mount: /mnt/fstests/SCRATCH_DIR/nested: special device overlayfs does not exist.
stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
umount: /mnt/fstests/SCRATCH_DIR/nested: not mounted.
copy-up of escaped xattrs
touch: cannot touch '/mnt/fstests/SCRATCH_DIR/ovl-mnt/layer2/dir/other_file': No such file or directory
getfattr: /mnt/fstests/SCRATCH_DIR/upper/layer2/dir: No such file or directory
umount: /mnt/fstests/SCRATCH_DIR/ovl-mnt: not mounted.

== Check xwhiteout trusted ==
regular
stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory

== Check xwhiteout user ==
regular
stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory

== Check escaped xwhiteout trusted ==
regular
stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory

== Check escaped xwhiteout user ==
regular
stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory

>  tests/overlay/084     | 169 ++++++++++++++++++++++++++++++++++++++++++
>  tests/overlay/084.out |  61 +++++++++++++++
>  2 files changed, 230 insertions(+)
>  create mode 100755 tests/overlay/084
>  create mode 100644 tests/overlay/084.out
> 
> diff --git a/tests/overlay/084 b/tests/overlay/084
> new file mode 100755
> index 00000000..ff451f38
> --- /dev/null
> +++ b/tests/overlay/084
> @@ -0,0 +1,169 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (C) 2023 Red Hat, Inc. All Rights Reserved.
> +# Copyright (C) 2023 CTERA Networks. All Rights Reserved.
> +#
> +# FS QA Test No. 084
> +#
> +# Test advanded nesting functionallity
> +#
> +. ./common/preamble
> +_begin_fstest auto quick nested
> +
> +# Override the default cleanup function.
> +_cleanup()
> +{
> +	cd /
> +	# Unmount nested mounts if things fail
> +	$UMOUNT_PROG $OVL_BASE_SCRATCH_MNT/nested  2>/dev/null
> +	rm -rf $tmp
> +}
> +
> +# Import common functions.
> +. ./common/filter
> +. ./common/attr
> +
> +# real QA test starts here
> +_supported_fs overlay
> +# We use non-default scratch underlying overlay dirs, we need to check
> +# them explicity after test.
> +_require_scratch_nocheck
> +_require_scratch_overlay_xattr_escapes
> +
> +# remove all files from previous tests
> +_scratch_mkfs
> +
> +lowerdir=$OVL_BASE_SCRATCH_MNT/lower
> +middir=$OVL_BASE_SCRATCH_MNT/mid
> +upperdir=$OVL_BASE_SCRATCH_MNT/upper
> +workdir=$OVL_BASE_SCRATCH_MNT/workdir
> +nesteddir=$OVL_BASE_SCRATCH_MNT/nested
> +
> +umount_overlay()
> +{
> +	$UMOUNT_PROG $SCRATCH_MNT
> +}
> +
> +test_escape()
> +{
> +	local prefix=$1
> +
> +	echo -e "\n== Check xattr escape $prefix =="
> +
> +	local extra_options=""
> +	if [ "$prefix" == "user" ]; then
> +            extra_options="-o userxattr"
> +	fi
> +
> +	_scratch_mkfs
> +	mkdir -p $lowerdir $middir $upperdir $workdir $nesteddir
> +
> +	_overlay_scratch_mount_dirs $lowerdir $middir $workdir $extra_options
> +
> +	mkdir -p $SCRATCH_MNT/layer1/dir/ $SCRATCH_MNT/layer2/dir
> +
> +	touch $SCRATCH_MNT/layer1/dir/file
> +
> +	# Make layer2/dir an opaque file
> +	# Only one of these will be escaped, but both should succeed
> +	setfattr -n user.overlay.opaque -v "y" $SCRATCH_MNT/layer2/dir
> +	setfattr -n trusted.overlay.opaque -v "y" $SCRATCH_MNT/layer2/dir
> +
> +	getfattr -m "overlay\\." --absolute-names -d $SCRATCH_MNT/layer2/dir | _filter_scratch
> +
> +	umount_overlay
> +
> +	getfattr -m "overlay\\." --absolute-names -d $middir/layer2/dir | _filter_scratch
> +
> +	# Remount as lower and try again
> +	_overlay_scratch_mount_dirs $middir:$lowerdir $upperdir $workdir $extra_options
> +
> +	getfattr -m "overlay\\." --absolute-names -d $SCRATCH_MNT/layer2/dir | _filter_scratch
> +
> +	# Recursively mount and ensure the opaque dir is working with both trusted and user xattrs
> +	echo "nested xattr mount with trusted.overlay"
> +	_overlay_mount_dirs $SCRATCH_MNT/layer2:$SCRATCH_MNT/layer1 - - overlayfs $nesteddir
> +	stat $nesteddir/dir/file  2>&1 | _filter_scratch
> +	$UMOUNT_PROG $nesteddir
> +
> +	echo "nested xattr mount with user.overlay"
> +	_overlay_mount_dirs $SCRATCH_MNT/layer2:$SCRATCH_MNT/layer1 - - -o userxattr overlayfs $nesteddir
> +	stat $nesteddir/dir/file  2>&1 | _filter_scratch
> +	$UMOUNT_PROG $nesteddir
> +
> +	# Also ensure propagate the escaped xattr when we copy-up layer2/dir
> +	echo "copy-up of escaped xattrs"
> +	touch $SCRATCH_MNT/layer2/dir/other_file
> +	getfattr -m "$prefix.overlay\\.overlay" --absolute-names -d $upperdir/layer2/dir | _filter_scratch
> +
> +	umount_overlay
> +}
> +
> +test_escape trusted
> +test_escape user
> +
> +do_test_xwhiteout()
> +{
> +	local prefix=$1
> +	local basedir=$2
> +
> +	local extra_options=""
> +	if [ "$prefix" == "user" ]; then
> +            extra_options="-o userxattr"
> +	fi
> +
> +	mkdir -p $basedir/lower $basedir/upper $basedir/work
> +	touch $basedir/lower/regular $basedir/lower/hidden  $basedir/upper/hidden
> +	setfattr -n $prefix.overlay.whiteouts -v "y" $basedir/upper
> +	setfattr -n $prefix.overlay.whiteout -v "y" $basedir/upper/hidden
> +
> +	# Test the hidden is invisible
> +	_overlay_scratch_mount_dirs $basedir/upper:$basedir/lower - - $extra_options
> +	ls $SCRATCH_MNT
> +	stat $SCRATCH_MNT/hidden 2>&1 | _filter_scratch
> +	umount_overlay
> +}
> +
> +# Validate that xwhiteouts work like whiteouts
> +test_xwhiteout()
> +{
> +	local prefix=$1
> +
> +	echo -e "\n== Check xwhiteout $prefix =="
> +
> +	_scratch_mkfs
> +
> +	do_test_xwhiteout $prefix $OVL_BASE_SCRATCH_MNT
> +}
> +
> +test_xwhiteout trusted
> +test_xwhiteout user
> +
> +# Validate that (escaped) xwhiteouts work inside a nested overlayfs mount
> +test_escaped_xwhiteout()
> +{
> +	local prefix=$1
> +
> +	echo -e "\n== Check escaped xwhiteout $prefix =="
> +
> +	local extra_options=""
> +	if [ "$prefix" == "user" ]; then
> +            extra_options="-o userxattr"
> +	fi
> +
> +	_scratch_mkfs
> +	mkdir -p $lowerdir $upperdir $workdir $nesteddir
> +
> +	_overlay_mount_dirs $lowerdir $upperdir $workdir $extra_options overlayfs $nesteddir
> +
> +	do_test_xwhiteout $prefix $nesteddir
> +
> +	$UMOUNT_PROG $nesteddir
> +}
> +
> +test_escaped_xwhiteout trusted
> +test_escaped_xwhiteout user
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/overlay/084.out b/tests/overlay/084.out
> new file mode 100644
> index 00000000..54b890de
> --- /dev/null
> +++ b/tests/overlay/084.out
> @@ -0,0 +1,61 @@
> +QA output created by 084
> +
> +== Check xattr escape trusted ==
> +# file: SCRATCH_MNT/layer2/dir
> +trusted.overlay.opaque="y"
> +user.overlay.opaque="y"
> +
> +# file: SCRATCH_DEV/mid/layer2/dir
> +trusted.overlay.overlay.opaque="y"
> +user.overlay.opaque="y"
> +
> +# file: SCRATCH_MNT/layer2/dir
> +trusted.overlay.opaque="y"
> +user.overlay.opaque="y"
> +
> +nested xattr mount with trusted.overlay
> +stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
> +nested xattr mount with user.overlay
> +stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
> +copy-up of escaped xattrs
> +# file: SCRATCH_DEV/upper/layer2/dir
> +trusted.overlay.overlay.opaque="y"
> +
> +
> +== Check xattr escape user ==
> +# file: SCRATCH_MNT/layer2/dir
> +trusted.overlay.opaque="y"
> +user.overlay.opaque="y"
> +
> +# file: SCRATCH_DEV/mid/layer2/dir
> +trusted.overlay.opaque="y"
> +user.overlay.overlay.opaque="y"
> +
> +# file: SCRATCH_MNT/layer2/dir
> +trusted.overlay.opaque="y"
> +user.overlay.opaque="y"
> +
> +nested xattr mount with trusted.overlay
> +stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
> +nested xattr mount with user.overlay
> +stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
> +copy-up of escaped xattrs
> +# file: SCRATCH_DEV/upper/layer2/dir
> +user.overlay.overlay.opaque="y"
> +
> +
> +== Check xwhiteout trusted ==
> +regular
> +stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
> +
> +== Check xwhiteout user ==
> +regular
> +stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
> +
> +== Check escaped xwhiteout trusted ==
> +regular
> +stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
> +
> +== Check escaped xwhiteout user ==
> +regular
> +stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
> -- 
> 2.34.1
>

Amir Goldstein Dec. 10, 2023, 3:28 p.m. UTC | #2

On Sun, Dec 10, 2023 at 3:35 PM Zorro Lang <zlang@redhat.com> wrote:
>
> On Mon, Dec 04, 2023 at 08:58:56PM +0200, Amir Goldstein wrote:
> > If overlayfs xattr escaping is supported, ensure:
> >  * We can create "overlay.*" xattrs on a file in the overlayfs
> >  * We can create an xwhiteout file in the overlayfs
> >
> > We check for nesting support by trying to getattr an "overlay.*" xattr
> > in an overlayfs mount, which will return ENOSUPP in older kernels.
> >
> > Signed-off-by: Alexander Larsson <alexl@redhat.com>
> > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > ---
>
> Hi Amir,
>
> This test passed with below kernel configuration at first:
>   CONFIG_OVERLAY_FS=m
>   # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
>   CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
>   # CONFIG_OVERLAY_FS_INDEX is not set
>   # CONFIG_OVERLAY_FS_XINO_AUTO is not set
>   # CONFIG_OVERLAY_FS_METACOPY is not set
>
> But then I found it fails if I enabled below configurations:
>   CONFIG_OVERLAY_FS_REDIRECT_DIR=y
>   CONFIG_OVERLAY_FS_INDEX=y
>   CONFIG_OVERLAY_FS_XINO_AUTO=y
>   CONFIG_OVERLAY_FS_METACOPY=y
>
> Without these configures, this test passed. But with them, it fails as [1].
> The underlying fs is xfs (with default mkfs options), there're not specific
> MOUNT_OPTIONS and MKFS_OPTIONS to use.
>
> I'll delay merging this patchset temporarily, please check.
>

good spotting!

Here is a fix if you want to fix and test it in your tree:

diff --git a/tests/overlay/084 b/tests/overlay/084
index ff451f38..8465caeb 100755
--- a/tests/overlay/084
+++ b/tests/overlay/084
@@ -50,9 +50,10 @@ test_escape()

        echo -e "\n== Check xattr escape $prefix =="

-       local extra_options=""
+       # index feature would require nfs_export on $nesteddir mount
+       local extra_options="-o index=off"
        if [ "$prefix" == "user" ]; then
-            extra_options="-o userxattr"
+            extra_options+=",userxattr"
        fi

        _scratch_mkfs
@@ -146,9 +147,10 @@ test_escaped_xwhiteout()

        echo -e "\n== Check escaped xwhiteout $prefix =="

-       local extra_options=""
+       # index feature would require nfs_export on $nesteddir mount
+       local extra_options="-o index=off"
        if [ "$prefix" == "user" ]; then
-            extra_options="-o userxattr"
+            extra_options+=",userxattr"
        fi

        _scratch_mkfs


Thanks,
Amir.

Zorro Lang Dec. 10, 2023, 8:45 p.m. UTC | #3

On Sun, Dec 10, 2023 at 05:28:34PM +0200, Amir Goldstein wrote:
> On Sun, Dec 10, 2023 at 3:35 PM Zorro Lang <zlang@redhat.com> wrote:
> >
> > On Mon, Dec 04, 2023 at 08:58:56PM +0200, Amir Goldstein wrote:
> > > If overlayfs xattr escaping is supported, ensure:
> > >  * We can create "overlay.*" xattrs on a file in the overlayfs
> > >  * We can create an xwhiteout file in the overlayfs
> > >
> > > We check for nesting support by trying to getattr an "overlay.*" xattr
> > > in an overlayfs mount, which will return ENOSUPP in older kernels.
> > >
> > > Signed-off-by: Alexander Larsson <alexl@redhat.com>
> > > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > > ---
> >
> > Hi Amir,
> >
> > This test passed with below kernel configuration at first:
> >   CONFIG_OVERLAY_FS=m
> >   # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
> >   CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
> >   # CONFIG_OVERLAY_FS_INDEX is not set
> >   # CONFIG_OVERLAY_FS_XINO_AUTO is not set
> >   # CONFIG_OVERLAY_FS_METACOPY is not set
> >
> > But then I found it fails if I enabled below configurations:
> >   CONFIG_OVERLAY_FS_REDIRECT_DIR=y
> >   CONFIG_OVERLAY_FS_INDEX=y
> >   CONFIG_OVERLAY_FS_XINO_AUTO=y
> >   CONFIG_OVERLAY_FS_METACOPY=y
> >
> > Without these configures, this test passed. But with them, it fails as [1].
> > The underlying fs is xfs (with default mkfs options), there're not specific
> > MOUNT_OPTIONS and MKFS_OPTIONS to use.
> >
> > I'll delay merging this patchset temporarily, please check.
> >
> 
> good spotting!
> 
> Here is a fix if you want to fix and test it in your tree:
> 
> diff --git a/tests/overlay/084 b/tests/overlay/084
> index ff451f38..8465caeb 100755
> --- a/tests/overlay/084
> +++ b/tests/overlay/084
> @@ -50,9 +50,10 @@ test_escape()
> 
>         echo -e "\n== Check xattr escape $prefix =="
> 
> -       local extra_options=""
> +       # index feature would require nfs_export on $nesteddir mount
> +       local extra_options="-o index=off"
>         if [ "$prefix" == "user" ]; then
> -            extra_options="-o userxattr"
> +            extra_options+=",userxattr"
>         fi
> 
>         _scratch_mkfs
> @@ -146,9 +147,10 @@ test_escaped_xwhiteout()
> 
>         echo -e "\n== Check escaped xwhiteout $prefix =="
> 
> -       local extra_options=""
> +       # index feature would require nfs_export on $nesteddir mount
> +       local extra_options="-o index=off"
>         if [ "$prefix" == "user" ]; then
> -            extra_options="-o userxattr"
> +            extra_options+=",userxattr"

It works, so it's about the CONFIG_OVERLAY_FS_INDEX=y. I've releated fstests
v2023.12.10 version, this patchset will be in next release. Will send a new
version with this change?

Thanks,
Zorro

>         fi
> 
>         _scratch_mkfs
> 
> 
> Thanks,
> Amir.
>

Amir Goldstein Dec. 11, 2023, 6:47 a.m. UTC | #4

On Sun, Dec 10, 2023 at 10:45 PM Zorro Lang <zlang@redhat.com> wrote:
>
> On Sun, Dec 10, 2023 at 05:28:34PM +0200, Amir Goldstein wrote:
> > On Sun, Dec 10, 2023 at 3:35 PM Zorro Lang <zlang@redhat.com> wrote:
> > >
> > > On Mon, Dec 04, 2023 at 08:58:56PM +0200, Amir Goldstein wrote:
> > > > If overlayfs xattr escaping is supported, ensure:
> > > >  * We can create "overlay.*" xattrs on a file in the overlayfs
> > > >  * We can create an xwhiteout file in the overlayfs
> > > >
> > > > We check for nesting support by trying to getattr an "overlay.*" xattr
> > > > in an overlayfs mount, which will return ENOSUPP in older kernels.
> > > >
> > > > Signed-off-by: Alexander Larsson <alexl@redhat.com>
> > > > Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> > > > ---
> > >
> > > Hi Amir,
> > >
> > > This test passed with below kernel configuration at first:
> > >   CONFIG_OVERLAY_FS=m
> > >   # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
> > >   CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
> > >   # CONFIG_OVERLAY_FS_INDEX is not set
> > >   # CONFIG_OVERLAY_FS_XINO_AUTO is not set
> > >   # CONFIG_OVERLAY_FS_METACOPY is not set
> > >
> > > But then I found it fails if I enabled below configurations:
> > >   CONFIG_OVERLAY_FS_REDIRECT_DIR=y
> > >   CONFIG_OVERLAY_FS_INDEX=y
> > >   CONFIG_OVERLAY_FS_XINO_AUTO=y
> > >   CONFIG_OVERLAY_FS_METACOPY=y
> > >
> > > Without these configures, this test passed. But with them, it fails as [1].
> > > The underlying fs is xfs (with default mkfs options), there're not specific
> > > MOUNT_OPTIONS and MKFS_OPTIONS to use.
> > >
> > > I'll delay merging this patchset temporarily, please check.
> > >
> >
> > good spotting!
> >
> > Here is a fix if you want to fix and test it in your tree:
> >
> > diff --git a/tests/overlay/084 b/tests/overlay/084
> > index ff451f38..8465caeb 100755
> > --- a/tests/overlay/084
> > +++ b/tests/overlay/084
> > @@ -50,9 +50,10 @@ test_escape()
> >
> >         echo -e "\n== Check xattr escape $prefix =="
> >
> > -       local extra_options=""
> > +       # index feature would require nfs_export on $nesteddir mount
> > +       local extra_options="-o index=off"
> >         if [ "$prefix" == "user" ]; then
> > -            extra_options="-o userxattr"
> > +            extra_options+=",userxattr"
> >         fi
> >
> >         _scratch_mkfs
> > @@ -146,9 +147,10 @@ test_escaped_xwhiteout()
> >
> >         echo -e "\n== Check escaped xwhiteout $prefix =="
> >
> > -       local extra_options=""
> > +       # index feature would require nfs_export on $nesteddir mount
> > +       local extra_options="-o index=off"
> >         if [ "$prefix" == "user" ]; then
> > -            extra_options="-o userxattr"
> > +            extra_options+=",userxattr"
>
> It works, so it's about the CONFIG_OVERLAY_FS_INDEX=y.

Yes.

the nested overlayfs setup requires that either the inner
overlayfs has nfs_export enabled, as is done in tests
overlay/068,069,070,071
or that the outer overlayfs has index disabled.
The latter is easier for this test, because there is no need
for the index feature in these test cases.

> I've released fstests
> v2023.12.10 version, this patchset will be in next release. Will send a new
> version with this change?
>

Ok, I will send a new version of test 084.

Thanks,
Amir.

diff --git a/tests/overlay/084 b/tests/overlay/084
new file mode 100755
index 00000000..ff451f38
--- /dev/null
+++ b/tests/overlay/084
@@ -0,0 +1,169 @@ 
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (C) 2023 Red Hat, Inc. All Rights Reserved.
+# Copyright (C) 2023 CTERA Networks. All Rights Reserved.
+#
+# FS QA Test No. 084
+#
+# Test advanded nesting functionallity
+#
+. ./common/preamble
+_begin_fstest auto quick nested
+
+# Override the default cleanup function.
+_cleanup()
+{
+	cd /
+	# Unmount nested mounts if things fail
+	$UMOUNT_PROG $OVL_BASE_SCRATCH_MNT/nested  2>/dev/null
+	rm -rf $tmp
+}
+
+# Import common functions.
+. ./common/filter
+. ./common/attr
+
+# real QA test starts here
+_supported_fs overlay
+# We use non-default scratch underlying overlay dirs, we need to check
+# them explicity after test.
+_require_scratch_nocheck
+_require_scratch_overlay_xattr_escapes
+
+# remove all files from previous tests
+_scratch_mkfs
+
+lowerdir=$OVL_BASE_SCRATCH_MNT/lower
+middir=$OVL_BASE_SCRATCH_MNT/mid
+upperdir=$OVL_BASE_SCRATCH_MNT/upper
+workdir=$OVL_BASE_SCRATCH_MNT/workdir
+nesteddir=$OVL_BASE_SCRATCH_MNT/nested
+
+umount_overlay()
+{
+	$UMOUNT_PROG $SCRATCH_MNT
+}
+
+test_escape()
+{
+	local prefix=$1
+
+	echo -e "\n== Check xattr escape $prefix =="
+
+	local extra_options=""
+	if [ "$prefix" == "user" ]; then
+            extra_options="-o userxattr"
+	fi
+
+	_scratch_mkfs
+	mkdir -p $lowerdir $middir $upperdir $workdir $nesteddir
+
+	_overlay_scratch_mount_dirs $lowerdir $middir $workdir $extra_options
+
+	mkdir -p $SCRATCH_MNT/layer1/dir/ $SCRATCH_MNT/layer2/dir
+
+	touch $SCRATCH_MNT/layer1/dir/file
+
+	# Make layer2/dir an opaque file
+	# Only one of these will be escaped, but both should succeed
+	setfattr -n user.overlay.opaque -v "y" $SCRATCH_MNT/layer2/dir
+	setfattr -n trusted.overlay.opaque -v "y" $SCRATCH_MNT/layer2/dir
+
+	getfattr -m "overlay\\." --absolute-names -d $SCRATCH_MNT/layer2/dir | _filter_scratch
+
+	umount_overlay
+
+	getfattr -m "overlay\\." --absolute-names -d $middir/layer2/dir | _filter_scratch
+
+	# Remount as lower and try again
+	_overlay_scratch_mount_dirs $middir:$lowerdir $upperdir $workdir $extra_options
+
+	getfattr -m "overlay\\." --absolute-names -d $SCRATCH_MNT/layer2/dir | _filter_scratch
+
+	# Recursively mount and ensure the opaque dir is working with both trusted and user xattrs
+	echo "nested xattr mount with trusted.overlay"
+	_overlay_mount_dirs $SCRATCH_MNT/layer2:$SCRATCH_MNT/layer1 - - overlayfs $nesteddir
+	stat $nesteddir/dir/file  2>&1 | _filter_scratch
+	$UMOUNT_PROG $nesteddir
+
+	echo "nested xattr mount with user.overlay"
+	_overlay_mount_dirs $SCRATCH_MNT/layer2:$SCRATCH_MNT/layer1 - - -o userxattr overlayfs $nesteddir
+	stat $nesteddir/dir/file  2>&1 | _filter_scratch
+	$UMOUNT_PROG $nesteddir
+
+	# Also ensure propagate the escaped xattr when we copy-up layer2/dir
+	echo "copy-up of escaped xattrs"
+	touch $SCRATCH_MNT/layer2/dir/other_file
+	getfattr -m "$prefix.overlay\\.overlay" --absolute-names -d $upperdir/layer2/dir | _filter_scratch
+
+	umount_overlay
+}
+
+test_escape trusted
+test_escape user
+
+do_test_xwhiteout()
+{
+	local prefix=$1
+	local basedir=$2
+
+	local extra_options=""
+	if [ "$prefix" == "user" ]; then
+            extra_options="-o userxattr"
+	fi
+
+	mkdir -p $basedir/lower $basedir/upper $basedir/work
+	touch $basedir/lower/regular $basedir/lower/hidden  $basedir/upper/hidden
+	setfattr -n $prefix.overlay.whiteouts -v "y" $basedir/upper
+	setfattr -n $prefix.overlay.whiteout -v "y" $basedir/upper/hidden
+
+	# Test the hidden is invisible
+	_overlay_scratch_mount_dirs $basedir/upper:$basedir/lower - - $extra_options
+	ls $SCRATCH_MNT
+	stat $SCRATCH_MNT/hidden 2>&1 | _filter_scratch
+	umount_overlay
+}
+
+# Validate that xwhiteouts work like whiteouts
+test_xwhiteout()
+{
+	local prefix=$1
+
+	echo -e "\n== Check xwhiteout $prefix =="
+
+	_scratch_mkfs
+
+	do_test_xwhiteout $prefix $OVL_BASE_SCRATCH_MNT
+}
+
+test_xwhiteout trusted
+test_xwhiteout user
+
+# Validate that (escaped) xwhiteouts work inside a nested overlayfs mount
+test_escaped_xwhiteout()
+{
+	local prefix=$1
+
+	echo -e "\n== Check escaped xwhiteout $prefix =="
+
+	local extra_options=""
+	if [ "$prefix" == "user" ]; then
+            extra_options="-o userxattr"
+	fi
+
+	_scratch_mkfs
+	mkdir -p $lowerdir $upperdir $workdir $nesteddir
+
+	_overlay_mount_dirs $lowerdir $upperdir $workdir $extra_options overlayfs $nesteddir
+
+	do_test_xwhiteout $prefix $nesteddir
+
+	$UMOUNT_PROG $nesteddir
+}
+
+test_escaped_xwhiteout trusted
+test_escaped_xwhiteout user
+
+# success, all done
+status=0
+exit
diff --git a/tests/overlay/084.out b/tests/overlay/084.out
new file mode 100644
index 00000000..54b890de
--- /dev/null
+++ b/tests/overlay/084.out
@@ -0,0 +1,61 @@ 
+QA output created by 084
+
+== Check xattr escape trusted ==
+# file: SCRATCH_MNT/layer2/dir
+trusted.overlay.opaque="y"
+user.overlay.opaque="y"
+
+# file: SCRATCH_DEV/mid/layer2/dir
+trusted.overlay.overlay.opaque="y"
+user.overlay.opaque="y"
+
+# file: SCRATCH_MNT/layer2/dir
+trusted.overlay.opaque="y"
+user.overlay.opaque="y"
+
+nested xattr mount with trusted.overlay
+stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
+nested xattr mount with user.overlay
+stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
+copy-up of escaped xattrs
+# file: SCRATCH_DEV/upper/layer2/dir
+trusted.overlay.overlay.opaque="y"
+
+
+== Check xattr escape user ==
+# file: SCRATCH_MNT/layer2/dir
+trusted.overlay.opaque="y"
+user.overlay.opaque="y"
+
+# file: SCRATCH_DEV/mid/layer2/dir
+trusted.overlay.opaque="y"
+user.overlay.overlay.opaque="y"
+
+# file: SCRATCH_MNT/layer2/dir
+trusted.overlay.opaque="y"
+user.overlay.opaque="y"
+
+nested xattr mount with trusted.overlay
+stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
+nested xattr mount with user.overlay
+stat: cannot statx 'SCRATCH_DEV/nested/dir/file': No such file or directory
+copy-up of escaped xattrs
+# file: SCRATCH_DEV/upper/layer2/dir
+user.overlay.overlay.opaque="y"
+
+
+== Check xwhiteout trusted ==
+regular
+stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
+
+== Check xwhiteout user ==
+regular
+stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
+
+== Check escaped xwhiteout trusted ==
+regular
+stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory
+
+== Check escaped xwhiteout user ==
+regular
+stat: cannot statx 'SCRATCH_MNT/hidden': No such file or directory

[v2,1/4] overlay: Add tests for nesting private xattrs

Commit Message

Comments

Patch