On Tue, Jun 12, 2018 at 4:40 AM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > On Tue, Jun 12, 2018 at 03:29:26AM +0100, Al Viro wrote: > >> It might (or might not) work for the filesystems you'd been testing >> on, but it's a lot of trouble waiting to happen. Hell, try and use >> ecryptfs as lower layer, see how fast it'll blow up. Sure, it's >> a dumb testcase, but I don't see how to check if something more >> realistic is trouble-free. That's funny, because when dhowells added the patch to make f_path point to the overlay, I was fighting tooth and claw against that change on the grounds of being unsafe, but it went through regardless (and was in fact one of the biggest headaches in overlay/vfs interaction). So you might be right that there are bugs in the handling of ecryptfs, etc, however the patchset is guaranteed not to cause regressions in this area. And yes, it would be best to get rid of that kludge once and for all. >> >> I'd been trying to come up with some way to salvage that kludge of yours, >> but I don't see any solutions. We don't have good proxies for "this >> filesystem might be unsafe as lower layer" ;-/ > > Note that anything that uses file_dentry() anywhere near ->open(), > ->read_iter() or ->write_iter() is an instant trouble with your scheme. > Such as > int nfs_open(struct inode *inode, struct file *filp) > { > struct nfs_open_context *ctx; > > ctx = alloc_nfs_open_context(file_dentry(filp), filp->f_mode, filp); > if (IS_ERR(ctx)) > return PTR_ERR(ctx); > nfs_file_set_open_context(filp, ctx); > put_nfs_open_context(ctx); > nfs_fscache_open_file(inode, filp); > return 0; > } > > You do want to support NFS for lower layers, right? There's no change regarding how file_dentry() works. We've just pushed these weird files (f_path points to overlay, f_inode points to underlay) down into the guts of overlayfs and are not directly referenced from the file table anymore. That shouldn't make *any* difference from the lower fs's pov. The only difference is that now the real file has creds inherited from mounter task. If lower filesystem's a_ops did some permission checking based on that, then that might make a difference in behavior. But I guess that difference would be in the positive direction, making behavior more consistent. Thanks, Miklos