From patchwork Thu Jun  1 17:01:53 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Amir Goldstein <amir73il@gmail.com>
X-Patchwork-Id: 9760555
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	6BEB660363 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu,  1 Jun 2017 17:02:04 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 453AB284C3
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu,  1 Jun 2017 17:02:04 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 39D4A284F8; Thu,  1 Jun 2017 17:02:04 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D1D55284C3
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu,  1 Jun 2017 17:02:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752000AbdFARB7 (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Thu, 1 Jun 2017 13:01:59 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:35108 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751923AbdFARB4 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 1 Jun 2017 13:01:56 -0400
Received: by mail-wm0-f66.google.com with SMTP id g15so12825814wmc.2;
	Thu, 01 Jun 2017 10:01:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=W8pzcyyafB2dGLsLCXHs2DStcDZURC2vhwaPNTxLzBA=;
	b=tJ3G6UvPbKuq07ljYXJ4Q7Qd9COfTvfE/ASu99+ZFZs119DWTEpkWcavj0mxgOBgnw
	YP1nmpBy9FAcZ7/KFwJ/tb2JMaHJg0P+NWaXnJhRvUmRYijpjYtLjLZxrqnehL2iAtaO
	6/3n7EeCtxAjWmOHqBiMaLzu7+p3e54Y0HvGTGIfBT6PmG2Cf5n4FSLredy2bGpOHP1+
	jHB+/7b86T0bWlVOvaHlAIRZJSOfWVsYwaAc8PVncLo0/+5P/UzUzvs4uElfNlkXwE5R
	+8xU5Wd7WT1prCQzY9Z/C2//INeZ1Qw/WVHp4uDlRxEGCTf9wOFMvC0fAUiYFbdiD9Mw
	+CVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=W8pzcyyafB2dGLsLCXHs2DStcDZURC2vhwaPNTxLzBA=;
	b=V4Os4fM6grjI2cv678Y8ypNrvdMwKRS3qOQhkZcMSg1lZpPpkrm3YLLq5QtLFJkz8t
	d6T/dRN2ZbFkACcrhIP7fOOccO03NW6Kznx4spCzqrcg0HLHLZ6n1LWhdGi0Cc1sU1Op
	aZ9cNdSDqFOL9/lWypZ29+7mvY+NO/9xZO5V79gwicHY0D5qX1FW46PuWwgPTkC2Mqcw
	hsQb4xOxcgb8+aXIc4+wyxYWz6MFeNG7k7MUr6Fby4+BR8BCSbscQBNir21IspXqM1SS
	NqkryspzdfZZowcE/bnHWPLXtDtRQ74tMqTrqAAQU63ELIrIL29idXSR/oWcPbNzX2DP
	4VeQ==
X-Gm-Message-State: AODbwcCDTUOEl00Ud3ZNUe/5ofgVWtoFfdxfpaxw5la6lVqP9hb8Pn6/
	czYnsJOY2zcNhG2l
X-Received: by 10.223.147.196 with SMTP id 62mr2096874wrp.107.1496336504486;
	Thu, 01 Jun 2017 10:01:44 -0700 (PDT)
Received: from amir-VirtualBox.ctera.local
	(bzq-166-168-31-246.red.bezeqint.net. [31.168.166.246])
	by smtp.gmail.com with ESMTPSA id
	v45sm25964354wrb.68.2017.06.01.10.01.43
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 01 Jun 2017 10:01:43 -0700 (PDT)
From: Amir Goldstein <amir73il@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>, linux-unionfs@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
Subject: [PATCH v2 4/5] ovl: verify lower root dir by file handle
Date: Thu,  1 Jun 2017 20:01:53 +0300
Message-Id: <1496336514-11000-5-git-send-email-amir73il@gmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1496336514-11000-1-git-send-email-amir73il@gmail.com>
References: <1496336514-11000-1-git-send-email-amir73il@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

With mount option 'verify_lower', verify that the file handle stored
in upper root dir matches the lower root dir or fail to mount.

If upper root dir has no stored file handle, encode and store the lower
root dir file handle in overlay.origin xattr.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
 fs/overlayfs/overlayfs.h |  5 ++++-
 fs/overlayfs/super.c     | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index e65910ef215b..bf7e1d95e640 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -22,13 +22,16 @@ enum ovl_path_type {
 
 enum ovl_verify_dir {
 	__OVL_VERIFY_MERGE	= (1 << 0),
+	__OVL_VERIFY_ROOT	= (1 << 1),
 };
 
 /* Verify on lookup of merge dir that lower matches origin fh stored in upper */
 #define OVL_VERIFY_MERGE(v)	((v) & __OVL_VERIFY_MERGE)
+/* Verify on mount that lower root matches origin fh stored in upper root */
+#define OVL_VERIFY_ROOT(v)	((v) & __OVL_VERIFY_ROOT)
 
 /* Verify flags for mount options 'verify_lower' */
-#define OVL_VERIFY_LOWER	(__OVL_VERIFY_MERGE)
+#define OVL_VERIFY_LOWER	(__OVL_VERIFY_MERGE | __OVL_VERIFY_ROOT)
 
 #define OVL_XATTR_PREFIX XATTR_TRUSTED_PREFIX "overlay."
 #define OVL_XATTR_OPAQUE OVL_XATTR_PREFIX "opaque"
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index b677d38bca5c..3d7b5c9bc042 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -413,6 +413,41 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config)
 	return 0;
 }
 
+/*
+ * Verify that stored file handle in dir matches origin.
+ * If dir has no stored file handle, encode and store origin file handle.
+ */
+static int ovl_verify_set_origin(struct dentry *dir, struct vfsmount *mnt,
+				 struct dentry *origin, const char *name)
+{
+	const struct ovl_fh *fh = NULL;
+	int err;
+
+	err = ovl_verify_origin(dir, mnt, origin);
+	if (!err)
+		return 0;
+
+	if (err != -ENODATA)
+		goto fail;
+
+	fh = ovl_encode_fh(origin);
+	err = PTR_ERR(fh);
+	if (IS_ERR(fh))
+		goto fail;
+	err = ovl_do_setxattr(dir, OVL_XATTR_ORIGIN, fh, fh->len, 0);
+	if (err)
+		goto fail;
+
+out:
+	kfree(fh);
+	return err;
+
+fail:
+	pr_err("overlayfs: failed to verify %s dir. (err=%i)\n",
+	       name, err);
+	goto out;
+}
+
 #define OVL_WORKDIR_NAME "work"
 
 static struct dentry *ovl_workdir_create(struct vfsmount *mnt,
@@ -996,6 +1031,14 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
 				pr_err("overlayfs: option \"verify_lower\" not supported by lower fs.\n");
 				goto out_put_lower_mnt;
 			}
+			/* Verify lower root matches origin stored in upper */
+			if (i == 0 && OVL_VERIFY_ROOT(ufs->config.verify_dir)) {
+				err = ovl_verify_set_origin(upperpath.dentry,
+							    mnt, mnt->mnt_root,
+							    "lower root");
+				if (err)
+					goto out_put_lower_mnt;
+			}
 		}
 
 	}