From patchwork Mon Feb 10 19:45:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13968542 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B5B624C686 for ; Mon, 10 Feb 2025 19:45:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216719; cv=none; b=nUIjhAkB1Ptx32xHisACJxRxNbflzoOlnDATIl+NsXGD4BSYzz/mh9uGv+pyiOHTW/QTUBU2MHeLDzG2timG675tTHj1pva3X1itjP85+VtmNk8Y1qz4qDUqS5MqUPmCO/nvi9sdyefPJHgrheBDxvV342PaX2zD6V40Sts1cQs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216719; c=relaxed/simple; bh=dz7LxZV1nfgCzmAuep2NZbFxKl1hjyf7lLkOJCVdldw=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=CG/SP0Rit9Af3gxVJAM0WBfiivJEOyioWP/3tevQD5CV/xy+yGn6eL5bkyEPdbONS3ZOA0DIQm/msTmQIYDrLaDGTruMN4ysAcGaFrAnR+jANtIOYtQhwqfTxhX13pjipdTqNHa266kyB0ORsfvCCNHTn+dYokxxq3VleXY98Sg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XY1IkaGU; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XY1IkaGU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739216717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=QqCXjtSE10Zs+4B0p2/DvM2wnpUl444vokiGOL6h4dA=; b=XY1IkaGUj6rIW+axO+K4aT5D4X2FJayNGMOw3lJkJvY7+IwuhJsM3F3hQSU+K0o4Z9oVF0 HIPjUl1EHEbtZy0PGm2EvQT97ZY7r9aqopKLPq4nBp+wtyLs6wDySy6UQyMDRm6cS5irFj /wRIKUC6I7ZY6CNTyl+CW8Vi0VEtSWs= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-600-Wwh006gXPWqzFRjuOtKjXg-1; Mon, 10 Feb 2025 14:45:15 -0500 X-MC-Unique: Wwh006gXPWqzFRjuOtKjXg-1 X-Mimecast-MFC-AGG-ID: Wwh006gXPWqzFRjuOtKjXg Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-ab78f2aa826so240507966b.1 for ; Mon, 10 Feb 2025 11:45:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739216714; x=1739821514; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QqCXjtSE10Zs+4B0p2/DvM2wnpUl444vokiGOL6h4dA=; b=optaNheL2ZI48Gmch6HgYgRKEnsl4YHIv1cXP5bdcHOfkFJqCVNH+8XYOWlwGEAq9g 4x37naKutYDyCLMUHNadAeOJNxFgzEkq4r9Rs5ZRhUocbSefTr/bnRwpcFbdmwdFCgIU WN33FQnCYvaRTut794wkQt3+zLExVE1fQ8BjTwTV8Ok1+b542wE367A8rtFV2BO/d4t8 iXW0ZuoTtt62XmojYZwxjSw3stQhG908TkOCk02uNsgRZZhlN/pIkbdcyrvzWfk0Fs9E RyjA0me5HcN29rqwmPyuAsBhthDnYydLgAooAYyUCZEEo6sGuQkbqdSqTCDvhU19HlQo Erag== X-Forwarded-Encrypted: i=1; AJvYcCXLxg/j41HAhvJRlIXadqdF/DMX/2BKqzQwJbNrEqZ0dniS4PHaEyBLjkF5l1OtoaWaiK4srVrD7K1orvT5@vger.kernel.org X-Gm-Message-State: AOJu0YyiZEAq4C8k/RPhzOJcUDIW/i16P3C2gLaA2DjHm2ua0Zj+yj99 ROJrNHtX+H3yALHztoQZ0GvamGNdyDKoM4QNa2S+suPDGQhhAVK7/vNBk0TQQBssLCu1gF72iHb O8CQesYkaAJ5YvAPUyxU2kGLIG51HnxuwZitwWCaNE1/R0o/IRYbsDImMd71wd6g= X-Gm-Gg: ASbGncsXyOL+OT3XwJXbEFDUpfNw1KTD7Abu/UKS5L4EeW87wBwChky3A4Fv32hngyf 0t48T4OL1vEV2SMkcaAwCvgSjntmHHkt0lRZWjeIxQ0/bWhfsLUueuI5UB6yH48RzaiXNH6SyCa tE83WxuTCDm9dtO+FZU8CQK8XW7Ja61aK96awMd+xUoivEuXm0aUKFSWMrOI7Ca4S+WQRPhjmGp 10wWcTG2UeXeNHbtMH1eKYqGws81nxOs6Rfyy7ml46hXST8W8AclEyumyk9ZbL5b7Vp7qjYntgR s/3ZJDn07fxDU9v3LZu9PgcqwzY1pF5ceCIXoha4EDqs4U3U6g4cWg== X-Received: by 2002:a05:6402:5386:b0:5dc:74fd:abf1 with SMTP id 4fb4d7f45d1cf-5de45017b76mr39887438a12.15.1739216714186; Mon, 10 Feb 2025 11:45:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IFkVngYg1NEXt/C5/FojOQgVIut41Geeor5s6D+qJmWdODol38eHGIfsFnlwT7mUxGvmQgf7g== X-Received: by 2002:a05:6402:5386:b0:5dc:74fd:abf1 with SMTP id 4fb4d7f45d1cf-5de45017b76mr39887397a12.15.1739216713837; Mon, 10 Feb 2025 11:45:13 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (84-236-3-29.pool.digikabel.hu. [84.236.3.29]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab7922efbb7sm702006666b.2.2025.02.10.11.45.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Feb 2025 11:45:13 -0800 (PST) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org, Giuseppe Scrivano , stable@vger.kernel.org Subject: [PATCH 1/5] ovl: don't allow datadir only Date: Mon, 10 Feb 2025 20:45:05 +0100 Message-ID: <20250210194512.417339-1-mszeredi@redhat.com> X-Mailer: git-send-email 2.48.1 Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feture, but without actually handling this case, resuting in an Oops. Fix by disallowing datadir without lowerdir. Reported-by: Giuseppe Scrivano Fixes: 24e16e385f22 ("ovl: add support for appending lowerdirs one by one") Cc: # v6.7 Signed-off-by: Miklos Szeredi Reviewed-by: Amir Goldstein --- fs/overlayfs/super.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 86ae6f6da36b..b11094acdd8f 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1137,6 +1137,11 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, return ERR_PTR(-EINVAL); } + if (ctx->nr == ctx->nr_data) { + pr_err("at least one non-data lowerdir is required\n"); + return ERR_PTR(-EINVAL); + } + err = -EINVAL; for (i = 0; i < ctx->nr; i++) { l = &ctx->lower[i]; From patchwork Mon Feb 10 19:45:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13968543 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3399524C67E for ; Mon, 10 Feb 2025 19:45:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216720; cv=none; b=rnFMIMnKLTXK4MZ1kSKZC3Tb+RUD3pc/zsBO7DarZA8KB6kWuD2ZuBdxRguX3lenAkJC0IPoTU8N3cdSLw8SW9K84iy6wAbZRsYG44r3cA/LXD1iz1zZ1UubmLQgV+LOMZJ2/2WacMMnTjLwm6rgPUute02Xo7s0IQkcFgcis4g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216720; c=relaxed/simple; bh=uRat+cUyQajKEyuB4dBz6csHrUX7Fiqv34ihZIzWhBk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Q6nFuJVujC2JR6qsRQ+ujhNxCGWoz8tg8jF1NM7kRR0RkfNB0K6n9gojodTZkpvaouC6iptMDFiJFhGfG8EOjWBC3cMzuAVKnRhwDIT55VNtZEf+wW00oA4vyamT7G/n/OBKPfSWQX6RM+zSrz9+q2wsWElKE3Nr6rb1yk7gGf8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=exTWMI3J; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="exTWMI3J" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739216718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4UE9EuMWS8G/WY3PW4PUElfvLYYRRN8pOZXqxaL6Pog=; b=exTWMI3JfYNtDV3DNOpF3nsIlyjUI2Du9tv55ZzqRUTq/LF4fKRYnS7fbm7E+RIF3HgWHl UOHZGMVAJ12uO5Kf7jNELA2Ib1X1DRZy3xHqT5/TTm+h611z8ZQPxy7MDw3Uqy5JYVCkhL Cyzv170H3dri44G217cIu/SN6LaXYZQ= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-651-XglucPsPNjKKw2Pl2jMW_Q-1; Mon, 10 Feb 2025 14:45:16 -0500 X-MC-Unique: XglucPsPNjKKw2Pl2jMW_Q-1 X-Mimecast-MFC-AGG-ID: XglucPsPNjKKw2Pl2jMW_Q Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-ab7cae13359so153392966b.1 for ; Mon, 10 Feb 2025 11:45:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739216715; x=1739821515; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4UE9EuMWS8G/WY3PW4PUElfvLYYRRN8pOZXqxaL6Pog=; b=GQY2bWaKZkpBQYDLMsJ0L8Tko4PeYYpGIgT5pN3eyxAUY4tRQpkyHzbT+Z/s91UR6W z8Vpi6lbXt4t5QHBO4+8RtMYtj04+P/cspv3ZWVDYKMR9YTEFhXyhAA/s2fzj1ctH1Rh CuiJfdm28JS0rCCVwNlAR+eeP4uRABV8NYrrm2q8VLsVc2tR/iHPV8016moF+4Qwt6hp qPclyd+Fvx1hhaa4w4p+qn+BUMZMW6QPKzt3H/RfdhQo2HaM2KbZepfikBtwVbAdKb3A F993NDsaXSK85T6VdvTkNIKqtpVaXWqs2sCzCbwi8p8KlpQ2aaVkDIzrE+4HAhJ/L/ey ctNw== X-Forwarded-Encrypted: i=1; AJvYcCVIm9s1WiDWuckzs260pB/r1xFHuY49r+XDMGDqdL5AbB4c/qGpL30MBoxYc0ZcMM1F4z95AGKt5QMldE0h@vger.kernel.org X-Gm-Message-State: AOJu0Yy5sA2v7Wxc3fiVenqpPRztcU1zLaaIihGfHDHAf5S9LgMtvYKI uI4hmNnf35CB/AM/JZVG5eFCkoQEWSg7OPCn012C5e6Cuji5ehnYFFi+wL2m1kVg25GWbHwBEVy /Xo3Y84L0g1yFB4LVxZO/kWTeoGsZkrJFCK6HPGN6aU2rD+EaU+U53J1Tdd8l/QU= X-Gm-Gg: ASbGnct41KMjC1dS5sfhd5+3dd0IkNca+LxIZRQHmBqwZ5qhm/0xD1j8PbCFyDLbSbt BvKdAZCmkrLPlK9RsZy354oe5LnYiWZ0kOgJT4dQs6NUw5pT9oc9JpFA/SdL04rw92oyDeUqX7v 7buY098EWJ3bv37Ze5j47kbW8AcP2XI5XPmTFIyyzXzOO088jSIRRz+kuF0lG/uvu/yyN/HxKj/ L/QQlAckFNhpDECyxuNQW3Y4dtbvQz0a8MG5R7G2606ML0cuFQKBva7a4CA6o+ISCGd1pHspa1C 1cW71kGvtQpaSmx6p/EOHHR2+ExSaYCpj3kkFCAMKXzE34ngJhomOg== X-Received: by 2002:a17:907:3f09:b0:ab2:f6e5:3f1 with SMTP id a640c23a62f3a-ab7daf31198mr53789466b.8.1739216715458; Mon, 10 Feb 2025 11:45:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IFrs+omVoA5InHSI5b+I9wMwwSULuAuTHHS9tgGKk5Q3H8nhwHvO0O/ryPvBgmiLaperNlrlQ== X-Received: by 2002:a17:907:3f09:b0:ab2:f6e5:3f1 with SMTP id a640c23a62f3a-ab7daf31198mr53787766b.8.1739216715077; Mon, 10 Feb 2025 11:45:15 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (84-236-3-29.pool.digikabel.hu. [84.236.3.29]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab7922efbb7sm702006666b.2.2025.02.10.11.45.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Feb 2025 11:45:14 -0800 (PST) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Giuseppe Scrivano , Amir Goldstein , linux-fsdevel@vger.kernel.org Subject: [PATCH 2/5] ovl: remove unused forward declaration Date: Mon, 10 Feb 2025 20:45:06 +0100 Message-ID: <20250210194512.417339-2-mszeredi@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250210194512.417339-1-mszeredi@redhat.com> References: <20250210194512.417339-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Giuseppe Scrivano The ovl_get_verity_xattr() function was never added only its declaration. Signed-off-by: Giuseppe Scrivano Fixes: 184996e92e86 ("ovl: Validate verity xattr when resolving lowerdata") Signed-off-by: Miklos Szeredi Reviewed-by: Amir Goldstein --- fs/overlayfs/overlayfs.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 0021e2025020..be86d2ed71d6 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -540,8 +540,6 @@ int ovl_set_metacopy_xattr(struct ovl_fs *ofs, struct dentry *d, bool ovl_is_metacopy_dentry(struct dentry *dentry); char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding); int ovl_ensure_verity_loaded(struct path *path); -int ovl_get_verity_xattr(struct ovl_fs *ofs, const struct path *path, - u8 *digest_buf, int *buf_length); int ovl_validate_verity(struct ovl_fs *ofs, struct path *metapath, struct path *datapath); From patchwork Mon Feb 10 19:45:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13968544 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AD9424C673 for ; Mon, 10 Feb 2025 19:45:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216722; cv=none; b=JSBFt31VU94pbLp05yqPgry/4BC+Dr8+VS0W8c7DOLgzFlAFqZLY9sjMvLseCCZcIhM4QsHYdxiXOD6MAEKYBrb8f1+io6JynfY2BkjtKzVVozk4WT+uJyaLYzTkDUWDZsvkGnlIAwGselIJEB0tVLlDdl8SLPxMt+riNtceHzI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216722; c=relaxed/simple; bh=6I3nvrty6mIsXbdzuMVgchvm2WTK3+v1V3YGpFXZSsU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tuPr/yeeYnPD9ytou3jD0WHgIz/TiKf+EWBDFfG5X8FAoTq9/PrrkpHq2Lj7ma38h4+hfcs6yHxD439HXaQyiV6HlMBX8pMNm6JtQvSHMC2iuQGMeKNjoq3r1rinZtOSPQRmTpLpwbtaU30NeYRFKEr+x6iovGPl0fFm33dqN/Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=AnoQv4LO; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="AnoQv4LO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739216719; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0OxMWC3XA5FgD49oXcSz1TwT0Kbb0QMAHeVEoh+RJ7k=; b=AnoQv4LOQ5cMWCZ8Ms9IfZN1uLhX++dM5GMM8eBJDVVP+ZVPfChyVBFQloWyOni7eIgAaa cUhfSZR5gWDmRU4W3Wrzx5qUOlxjpjeJRk7sn2aA+8ULig2BXu6cb/bU2XCPdzzPgXXSHz sGafhDVxQTlWxf1bgocrciFvjO/Qmeg= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-618-iCUPVHWhO6mDXKPPBRprRw-1; Mon, 10 Feb 2025 14:45:18 -0500 X-MC-Unique: iCUPVHWhO6mDXKPPBRprRw-1 X-Mimecast-MFC-AGG-ID: iCUPVHWhO6mDXKPPBRprRw Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-ab79e8c2ee0so201350766b.2 for ; Mon, 10 Feb 2025 11:45:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739216717; x=1739821517; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0OxMWC3XA5FgD49oXcSz1TwT0Kbb0QMAHeVEoh+RJ7k=; b=WGmWHzZpwbgt4GhAInZpOEPK7oHqdvVZX0tb0lJ9a4sfFIXaI2IHntlZPBW9O7A5ct P6d/ikCAJfU1MNTLNbVOB2xrR5GdfEhCe4nM9d9QSoBQoWmNjsKP7o9VE7ykhYJwDbHL FtOIWS4PmPTSlwtZHTXlBrvsorn429PXrl8DMUqJjxHezxEkNEa7JYBOwrgNk413EqD6 w7jliIgxpG1ZCH4BwYVBG6f8g1ZgLOUZj50IhaH5MP5HXTbBV6kQrlEHL5kJQsLIFEOn g28JoEMhXzHILDWJT8/rDFkYhYGRVhMiTRGvqk+pW13UQ4tn4jZd8jlrb/UglF5buFZj YPrA== X-Forwarded-Encrypted: i=1; AJvYcCULdJ9wjEx7nGm0Vu3AdFd4mY8UFLEf6zZnX9k74lxpUZGcq7A0rrFh/rCAUNZa9bbc48KhajFuOjrkmrvX@vger.kernel.org X-Gm-Message-State: AOJu0YzOXyOeVbMsgd0fRoSwrKsA1m6SkMmPLc076cypaaVS+9MLmQwe jv8JyRcoHnNwC6gPdTWtQeGhRmiglu/UPsfZ/2e6mUX4tlpWiCpNgzJFz8lMTu3LPRN+cDRYWgx sLdL/7xow349s4GkTlXh+7q47TjH0gyxCHxvFAt2w11nUB0D8mI45yYMiIiH3oTqW5NqUvrnwew == X-Gm-Gg: ASbGncvCS9GeO/aty/rT1XVWZ13s/nBU729TaEBRqrsICIsmIZw0nvxdhiT7jyHfQ5m /rjzYn3O/NBfDz0MGlX6utk/RfwLxcUpet20xgN9o664vtez8Zts+kkNSnbmgjSanmFzV8Q2JV7 IKFK665HkorKuJH/wkJiJSVCEW4u45NfvAG9NzzsLm66owtxZNFci9du8M50Fyk/2sFKsyB5RTB sEMWls39jc5l7ox6yCXHktWvzhgXmkGM0t0uOTMJMMGkUBjFAva7i4zfb5oQJmxcQjsjIZQt+Uv 0bH26260Zy/s90XLPHBKfCMsKCYo3ueJoDS9V34/+Fj3VzKErBvYSg== X-Received: by 2002:a17:907:3f27:b0:ab6:f06b:4a26 with SMTP id a640c23a62f3a-ab789aef91amr1549089366b.34.1739216716730; Mon, 10 Feb 2025 11:45:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IGj+bPdauKCbaejXpaZDhdSfocK61NbRSKwlc7SJwI6g7ThhBURLvAXfYEoXrNhskWnPyPIqw== X-Received: by 2002:a17:907:3f27:b0:ab6:f06b:4a26 with SMTP id a640c23a62f3a-ab789aef91amr1549086866b.34.1739216716303; Mon, 10 Feb 2025 11:45:16 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (84-236-3-29.pool.digikabel.hu. [84.236.3.29]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab7922efbb7sm702006666b.2.2025.02.10.11.45.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Feb 2025 11:45:15 -0800 (PST) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org Subject: [PATCH 3/5] ovl: make redirect/metacopy rejection consistent Date: Mon, 10 Feb 2025 20:45:07 +0100 Message-ID: <20250210194512.417339-3-mszeredi@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250210194512.417339-1-mszeredi@redhat.com> References: <20250210194512.417339-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When overlayfs finds a file with metacopy and/or redirect attributes and the metacopy and/or redirect features are not enabled, then it refuses to act on those attributes while also issuing a warning. There was a slight inconsistency of only warning on an upper metacopy if it found the next file on the lower layer, while always warning for metacopy found on a lower layer. Fix this inconsistency and make the logic more straightforward, pavig the way for following patches to change when dataredirects are allowed. Signed-off-by: Miklos Szeredi --- fs/overlayfs/namei.c | 67 +++++++++++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 23 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index be5c65d6f848..da322e9768d1 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -1040,6 +1040,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, struct inode *inode = NULL; bool upperopaque = false; char *upperredirect = NULL; + bool nextredirect = false; + bool nextmetacopy = false; struct dentry *this; unsigned int i; int err; @@ -1087,8 +1089,10 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (err) goto out_put_upper; - if (d.metacopy) + if (d.metacopy) { uppermetacopy = true; + nextmetacopy = true; + } metacopy_size = d.metacopy; } @@ -1099,6 +1103,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, goto out_put_upper; if (d.redirect[0] == '/') poe = roe; + nextredirect = true; } upperopaque = d.opaque; } @@ -1113,6 +1118,29 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, for (i = 0; !d.stop && i < ovl_numlower(poe); i++) { struct ovl_path lower = ovl_lowerstack(poe)[i]; + /* + * Following redirects/metacopy can have security consequences: + * it's like a symlink into the lower layer without the + * permission checks. + * + * This is only a problem if the upper layer is untrusted (e.g + * comes from an USB drive). This can allow a non-readable file + * or directory to become readable. + * + * Only following redirects when redirects are enabled disables + * this attack vector when not necessary. + */ + if (nextmetacopy && !ofs->config.metacopy) { + pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (nextredirect && !ovl_redirect_follow(ofs)) { + pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (!ovl_redirect_follow(ofs)) d.last = i == ovl_numlower(poe) - 1; else if (d.is_dir || !ofs->numdatalayer) @@ -1126,12 +1154,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (!this) continue; - if ((uppermetacopy || d.metacopy) && !ofs->config.metacopy) { - dput(this); - err = -EPERM; - pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); - goto out_put; - } + if (d.metacopy) + nextmetacopy = true; /* * If no origin fh is stored in upper of a merge dir, store fh @@ -1185,22 +1209,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ctr++; } - /* - * Following redirects can have security consequences: it's like - * a symlink into the lower layer without the permission checks. - * This is only a problem if the upper layer is untrusted (e.g - * comes from an USB drive). This can allow a non-readable file - * or directory to become readable. - * - * Only following redirects when redirects are enabled disables - * this attack vector when not necessary. - */ - err = -EPERM; - if (d.redirect && !ovl_redirect_follow(ofs)) { - pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", - dentry); - goto out_put; - } + if (d.redirect) + nextredirect = true; if (d.stop) break; @@ -1218,6 +1228,17 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ctr++; } + if (nextmetacopy && !ofs->config.metacopy) { + pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (nextredirect && !ovl_redirect_follow(ofs)) { + pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + /* * For regular non-metacopy upper dentries, there is no lower * path based lookup, hence ctr will be zero. If a dentry is found From patchwork Mon Feb 10 19:45:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13968545 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E55A24E4A3 for ; Mon, 10 Feb 2025 19:45:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216724; cv=none; b=OtaXtFNROj1fQYj8rGHbW8XsG5ynLVsdDKCqWmuxgCKKsRRiAUW+FFJCsgK1urnGSAaiQO/mTDf7h5Gg2RElwExldv7j0mt+b9y3o9nKyZ3TZHUr7jMRy2mN2N+o39eq5moSsov1eWBb+qCiMLCa1Y03USFTiWdFli9v/LNON68= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216724; c=relaxed/simple; bh=Ies27slIx7y5bS+79REFQuLISv5S8LEGT4gTm7hMPok=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=N5X6QAc2KocJC7ewmHvuuV+vU27j4RwVGNGvBpBsECi1nfqtP+q2LhQ23ro1ykK8T2TTFS+5K7EjSe8zsjJV9WOw2XZNXsjQZmUO1+uNFjPvb/7S28/mQfTBWNpEYYexLwArZCgoLTOk/MPoSO28t4ZasTuH4GyAY0Xy6ErqrI8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XjBXQSbA; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XjBXQSbA" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739216721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lbxSyQKCwGb3XWtxBoCXOpxbOFNoI50Hl3Y8KXWUH0A=; b=XjBXQSbAXv8j68c0MXiftaDHfaxYgonNb9lZFTfFCY20AYwFcayEk7xQyEmi+NxsRssG6g atPO8VZZyNVkmBVBprSdq61wdp/sGkTIjxkFnr6xVksYwkymH/I1hHqsgkohE8XanB5Ug5 14/MyhKb9XH5UpAva4O7XuvuV1JqTYs= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-227-URZO_Cd0Nxu6rw8mG8_Urw-1; Mon, 10 Feb 2025 14:45:19 -0500 X-MC-Unique: URZO_Cd0Nxu6rw8mG8_Urw-1 X-Mimecast-MFC-AGG-ID: URZO_Cd0Nxu6rw8mG8_Urw Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-ab79bb57279so225236866b.1 for ; Mon, 10 Feb 2025 11:45:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739216718; x=1739821518; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lbxSyQKCwGb3XWtxBoCXOpxbOFNoI50Hl3Y8KXWUH0A=; b=WTgxBWljA0ihwa6jlyph8Wc1Z/6IbIpezy0Dq9WlhxRzFbuTCnr0cmCCnErfCEYhm4 xEb2+kb8+lgeTS5NpyS59xRdW7DKV3FyfvShhXbZkB1PFOitBWkc+nE2uSs/i6qxPrym h4HNJQ/hCTVOr28/D7+jnKMy/OrSPtkKxfUyBqlej9kIY8w8pD2rX/h/oDFavPZFdEld YiIgj9+x/ydhOKbIIlc1KHXcqsS/S2FDj78mjjifdBlstvNlZg0MJzoNLwYSuQ3ONut/ hvRrlpU6lNm+4g61AqcOlLWpvDEY1x7KNnWAotptwuqazwrSP4Jr4mLMUKg+bZRApgCu cEuw== X-Forwarded-Encrypted: i=1; AJvYcCVMv+XGSc2QcW3YjrwgKEwczqKErHB4TiGf7q+ANEWSd0RBiuKSV5qxl/BAiKH0gN9yaLHYixQLvqBHM3x7@vger.kernel.org X-Gm-Message-State: AOJu0YyARrvKo7FBW1kQ0HEPrjQAkshC2aJO99vSnki3Bh7CZd/o3YPe Y0OfUWmNhSd42biEY/LxA1phVJIP/BGswimAn7Zl+r8I0h2BjYx4/000zZiie8dd8tkrey3Ov9I /ndq7521WWOaQ7j+pYzAYOGy90StbCaiv0iMEMGz37k/9fpyTEgceQrCes6EGnf0= X-Gm-Gg: ASbGnct+kWrtuJnngDS+7GerNidgn8nYCM0tNsyZ5u57iquyb1+ef3c8MlHqdJX5ax4 SKVSnw5QXkGqqKE2acVkfCYfj4t1VcXvKEPioE+afxZRbiy4m5qCz3CkMSkFc0nNyF1DfigwyfU LMX8RXN8sl/Gsk5BbFthbNulIelTjgqQToVWSBOIKZM1AbE4OE8NyFBd+K/Jo+E5MOU9kEnHs2o ttlmLc9nCqrW0mDKFn9ct8Z+H6nvB29E0iBfM2YcALPeRal1f13T0nQLo/9S8lXYh/kUFRK93jt 5smuQMaTXafwdwiK26rHX4cq6zHNal6hH3xteZWw0b/jLS8NplpcpQ== X-Received: by 2002:a17:906:ba85:b0:ab7:5a5c:93f6 with SMTP id a640c23a62f3a-ab7da3a2454mr56535766b.32.1739216718489; Mon, 10 Feb 2025 11:45:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IFCBnxz+7o+tbwuhbZ8LviiIfX4+7f0WxuabH4upSUITZu0Vxc+nXqR+bHtd2Lw/e7hgTGg5g== X-Received: by 2002:a17:906:ba85:b0:ab7:5a5c:93f6 with SMTP id a640c23a62f3a-ab7da3a2454mr56533866b.32.1739216718092; Mon, 10 Feb 2025 11:45:18 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (84-236-3-29.pool.digikabel.hu. [84.236.3.29]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab7922efbb7sm702006666b.2.2025.02.10.11.45.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Feb 2025 11:45:16 -0800 (PST) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org Subject: [PATCH 4/5] ovl: don't require metacopy=on for lower -> data redirect Date: Mon, 10 Feb 2025 20:45:08 +0100 Message-ID: <20250210194512.417339-4-mszeredi@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250210194512.417339-1-mszeredi@redhat.com> References: <20250210194512.417339-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow the special case of a redirect from a lower layer to a data layer without having to turn on metacopy. This makes the feature work with userxattr, which in turn allows data layers to be usable in user namespaces. Minimize the risk by only enabling redirect from a single lower layer to a data layer iff a data layer is specified. The only way to access a data layer is to enable this, so there's really no reason no to enable this. This can be used safely if the lower layer is read-only and the user.overlay.redirect xattr cannot be modified. Signed-off-by: Miklos Szeredi --- Documentation/filesystems/overlayfs.rst | 7 ++++++ fs/overlayfs/namei.c | 32 ++++++++++++++----------- fs/overlayfs/params.c | 5 ---- 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems/overlayfs.rst index 6245b67ae9e0..5d277d79cf2f 100644 --- a/Documentation/filesystems/overlayfs.rst +++ b/Documentation/filesystems/overlayfs.rst @@ -429,6 +429,13 @@ Only the data of the files in the "data-only" lower layers may be visible when a "metacopy" file in one of the lower layers above it, has a "redirect" to the absolute path of the "lower data" file in the "data-only" lower layer. +Instead of explicitly enabling "metacopy=on" it is sufficient to specify at +least one data-only layer to enable redirection of data to a data-only layer. +In this case other forms of metacopy are rejected. Note: this way data-only +layers may be used toghether with "userxattr", in which case careful attention +must be given to privileges needed to change the "user.overlay.redirect" xattr +to prevent misuse. + Since kernel version v6.8, "data-only" lower layers can also be added using the "datadir+" mount options and the fsconfig syscall from new mount api. For example:: diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index da322e9768d1..f9dc71b70beb 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -1042,6 +1042,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, char *upperredirect = NULL; bool nextredirect = false; bool nextmetacopy = false; + bool check_redirect = (ovl_redirect_follow(ofs) || ofs->numdatalayer); struct dentry *this; unsigned int i; int err; @@ -1053,7 +1054,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, .is_dir = false, .opaque = false, .stop = false, - .last = ovl_redirect_follow(ofs) ? false : !ovl_numlower(poe), + .last = check_redirect ? false : !ovl_numlower(poe), .redirect = NULL, .metacopy = 0, }; @@ -1141,7 +1142,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, goto out_put; } - if (!ovl_redirect_follow(ofs)) + if (!check_redirect) d.last = i == ovl_numlower(poe) - 1; else if (d.is_dir || !ofs->numdatalayer) d.last = lower.layer->idx == ovl_numlower(roe); @@ -1222,21 +1223,24 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, } } - /* Defer lookup of lowerdata in data-only layers to first access */ + /* + * Defer lookup of lowerdata in data-only layers to first access. + * Don't require redirect=follow and metacopy=on in this case. + */ if (d.metacopy && ctr && ofs->numdatalayer && d.absolute_redirect) { d.metacopy = 0; ctr++; - } - - if (nextmetacopy && !ofs->config.metacopy) { - pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); - err = -EPERM; - goto out_put; - } - if (nextredirect && !ovl_redirect_follow(ofs)) { - pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); - err = -EPERM; - goto out_put; + } else { + if (nextmetacopy && !ofs->config.metacopy) { + pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } + if (nextredirect && !ovl_redirect_follow(ofs)) { + pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n", dentry); + err = -EPERM; + goto out_put; + } } /* diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index 1115c22deca0..54468b2b0fba 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -1000,11 +1000,6 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, */ } - if (ctx->nr_data > 0 && !config->metacopy) { - pr_err("lower data-only dirs require metacopy support.\n"); - return -EINVAL; - } - return 0; } From patchwork Mon Feb 10 19:45:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 13968546 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E30A24E4A6 for ; Mon, 10 Feb 2025 19:45:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216724; cv=none; b=FXomI2LgRjyanEL4s106f2I26PeuM2m1nmPI0NEKOka29GxIdBBvYZi0Czr9C2ZA0cWZvWoGlqn/AtYDIjpYWFmAz9B/V2zkqc9aTxT4sJ1hQo7ABJLibh2/C6klQjcD3rXVhHvvNmtkBUC9dbfCrQMzxh3/lphptuF82wGlq+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739216724; c=relaxed/simple; bh=YmxZVquIfuzN0yi8pIPoqE/kuWCEjwQIrkVF8kUQOhU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gs1d8YLinume8awFz3daTp6rm4+y6VHeB7xGVjmXTTrzI9tZLpTsoqTRRHrjGAj+oEBF2ptL7Z/h/t8kMfsOx+5OUwyKQ2qLUWEzHYXDRayE5hZv8UxjGy1mps0XPk71O1qkZBOSF24WVYW58VD/EaGWFekhqcEh0sv7yXmCflk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=YFSjluhs; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="YFSjluhs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739216722; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=syWQXAn3cOmG6FhmrbnuZsvrrh5ERmXR+dINB6h2IWY=; b=YFSjluhs7fnFDqdzVdL79k9lFBEDmZwoKHNDyLPORVB6LYhKUQrQrf4SeMTK6fVQA4A6ti y48xOVkPRR8K3IfKBafQg6TgWGuq2VC2Vuv2SO7qUZCGSfP7I37F6J1jCk48Vot9WV9LGB 7Ybw419ib9bZipGfOv8rtDr1saEJ3Uc= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-315-MTz3TJE4NQ6WYoTjABNTMQ-1; Mon, 10 Feb 2025 14:45:20 -0500 X-MC-Unique: MTz3TJE4NQ6WYoTjABNTMQ-1 X-Mimecast-MFC-AGG-ID: MTz3TJE4NQ6WYoTjABNTMQ Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-5de623ada8cso1503794a12.2 for ; Mon, 10 Feb 2025 11:45:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739216719; x=1739821519; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=syWQXAn3cOmG6FhmrbnuZsvrrh5ERmXR+dINB6h2IWY=; b=R4j0M8VbRC1VliHeXlYJnDg+m2B5++TZ3Z9oai8nJ+NfgXIiaeimCDekor3DPJxg2g XEJ5n0JnOhW87jYkdqXkMeeTKqcX7HK9iB/NpBvwYP8z5+zO2phVCYEf0ZXlbJbvGtj5 eCBIJS1w/7IqchTcEYnULDMQIp29AbEgXiU5bRqoGgv51jZF77L8P/AOX5swTITYfF7r 5Tky/TP20t3z/QHgZBd4ZVTsKIw2k1NSVYEYUpwHhppUeBmEK/se4JFtcIexMTXu5g3U wlgg4V3OeOqbgpchPcasfyHF1HUL3wNRFi2xH6EAIohkNJ7ePTI94PeyrhX3crG8G90R X3SQ== X-Forwarded-Encrypted: i=1; AJvYcCXh5CnwGDv4c7NUjvr0kUCeBT7RPI4PBZoshdxD+Eek0vDXhxTXAcn/rFDF5Y13RuuQtboEasUbzCrZ8etO@vger.kernel.org X-Gm-Message-State: AOJu0Yxz4bHf03j5qsiYHiH36slm2uEC0yCgoF/8t2t/IiDyyw6HriYE KJYOMbiRGs066fzZfxp3RrMFEYINYcBIa75tz0FjbYcA5MM0xxqviKdLOmCgqRxZWtPrpUMkfmV WKXJirzCPLL/g96TfqJLk/dyvsUJ61CpisqneV0sptHFmwHMCyRhtc7rwmG5H8+LsNvQKYWpC+g == X-Gm-Gg: ASbGncuJpBQmL6/skTKGcxNadXweGP5ZAz15IQ73Qsv4FoXqJsfhg6p5MNhW2oXe3Dx l4OKlEXlyEcaYUvsqPoTelAYszPWKz6wmthTmid64hwV2RQECcfSEL2yVfFz+Wdf8nZV21vvLIG C3/5Lh9UoVOsP3Lb3Lpe+e7qfTphvjJJfZVlzeLnaYRNUht6Lvp6o7BWHEkB29dY/1BlP81LhWP ByFpc3RL4g9qztCiTzaNTRqB5BH4joOWd7uBxa1GiOmpbPCyzqj6Q29vFJ6NlVR4ubTh4Q+XjOH Z8K301Vl0d27A4GiHRh/2iXPjaSTsl0awVW2JWorE3N+fAWLLI/seA== X-Received: by 2002:a17:907:94d5:b0:ab7:6c50:5f19 with SMTP id a640c23a62f3a-ab789aed850mr1685234766b.31.1739216719223; Mon, 10 Feb 2025 11:45:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IFTh1rYRjxqc9Hckzii4MFPMys+FRZP22pUg+8f92LmqHsvmatwOVrUh70dujPwDuo2gFVTqw== X-Received: by 2002:a17:907:94d5:b0:ab7:6c50:5f19 with SMTP id a640c23a62f3a-ab789aed850mr1685233166b.31.1739216718890; Mon, 10 Feb 2025 11:45:18 -0800 (PST) Received: from maszat.piliscsaba.szeredi.hu (84-236-3-29.pool.digikabel.hu. [84.236.3.29]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab7922efbb7sm702006666b.2.2025.02.10.11.45.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Feb 2025 11:45:18 -0800 (PST) From: Miklos Szeredi To: linux-unionfs@vger.kernel.org Cc: Amir Goldstein , linux-fsdevel@vger.kernel.org Subject: [PATCH 5/5] ovl: don't require "metacopy=on" for "verity" Date: Mon, 10 Feb 2025 20:45:09 +0100 Message-ID: <20250210194512.417339-5-mszeredi@redhat.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250210194512.417339-1-mszeredi@redhat.com> References: <20250210194512.417339-1-mszeredi@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow the "verity" mount option to be used with "userxattr" data-only layer(s). Signed-off-by: Miklos Szeredi --- fs/overlayfs/params.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index 54468b2b0fba..7300ed904e6d 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -846,8 +846,8 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, config->uuid = OVL_UUID_NULL; } - /* Resolve verity -> metacopy dependency */ - if (config->verity_mode && !config->metacopy) { + /* Resolve verity -> metacopy dependency (unless used with userxattr) */ + if (config->verity_mode && !config->metacopy && !config->userxattr) { /* Don't allow explicit specified conflicting combinations */ if (set.metacopy) { pr_err("conflicting options: metacopy=off,verity=%s\n", @@ -945,7 +945,7 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, } - /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ + /* Resolve userxattr -> !redirect && !metacopy dependency */ if (config->userxattr) { if (set.redirect && config->redirect_mode != OVL_REDIRECT_NOFOLLOW) { @@ -957,11 +957,6 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, pr_err("conflicting options: userxattr,metacopy=on\n"); return -EINVAL; } - if (config->verity_mode) { - pr_err("conflicting options: userxattr,verity=%s\n", - ovl_verity_mode(config)); - return -EINVAL; - } /* * Silently disable default setting of redirect and metacopy. * This shall be the default in the future as well: these @@ -986,10 +981,6 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx, pr_err("metacopy requires permission to access trusted xattrs\n"); return -EPERM; } - if (config->verity_mode) { - pr_err("verity requires permission to access trusted xattrs\n"); - return -EPERM; - } if (ctx->nr_data > 0) { pr_err("lower data-only dirs require permission to access trusted xattrs\n"); return -EPERM;