On Fri, Nov 27, 2020 at 9:41 PM Alessio Balsini <balsini@xxxxxxxxxxx> wrote:
>
> Hi Peng,
>
> Thanks for the heads up!
>
> On Thu, Nov 26, 2020 at 09:33:34PM +0800, Peng Tao wrote:
> > On Tue, Oct 27, 2020 at 12:19 AM Alessio Balsini <balsini@xxxxxxxxxxx> wrote:
> > > [...]
> > > int fuse_passthrough_setup(struct fuse_conn *fc, struct fuse_file *ff,
> > > struct fuse_open_out *openarg)
> > > {
> > > - return -EINVAL;
> > > + struct inode *passthrough_inode;
> > > + struct super_block *passthrough_sb;
> > > + struct fuse_passthrough *passthrough;
> > > + int passthrough_fh = openarg->passthrough_fh;
> > > +
> > > + if (!fc->passthrough)
> > > + return -EPERM;
> > > +
> > > + /* Default case, passthrough is not requested */
> > > + if (passthrough_fh <= 0)
> > > + return -EINVAL;
> > > +
> > > + spin_lock(&fc->passthrough_req_lock);
> > > + passthrough = idr_remove(&fc->passthrough_req, passthrough_fh);
> > > + spin_unlock(&fc->passthrough_req_lock);
> > > +
> > > + if (!passthrough)
> > > + return -EINVAL;
> > > +
> > > + passthrough_inode = file_inode(passthrough->filp);
> > > + passthrough_sb = passthrough_inode->i_sb;
> > > + if (passthrough_sb->s_stack_depth >= FILESYSTEM_MAX_STACK_DEPTH) {
> > Hi Alessio,
> >
> > passthrough_sb is the underlying filesystem superblock, right? It
> > seems to prevent fuse passthrough fs from stacking on another fully
> > stacked file system, instead of preventing other file systems from
> > stacking on this fuse passthrough file system. Am I misunderstanding
> > it?
>
> Correct, this checks the stacking depth on the lower filesystem.
> This is an intended behavior to avoid the stacking of multiple FUSE
> passthrough filesystems, and works because when a FUSE connection has
> the passthrough feature activated, the file system updates its
> s_stack_depth to FILESYSTEM_MAX_STACK_DEPTH in process_init_reply()
> (PATCH 1/5), avoiding further stacking.
>
> Do you see issues with that?
I'm considering a use case where a fuse passthrough file system is
stacked on top of an overlayfs and/or an ecryptfs. The underlying
s_stack_depth FILESYSTEM_MAX_STACK_DEPTH is rejected here so it is
possible to have an overlayfs or an ecryptfs underneath but not both
(with current FILESYSTEM_MAX_STACK_DEPTH being 2). How about changing
passthrough fuse sb s_stack_depth to FILESYSTEM_MAX_STACK_DEPTH + 1 in
PATCH 1/5, and allow passthrough_sb->s_stack_depth to be
FILESYSTEM_MAX_STACK_DEPTH here? So that existing kernel stacking file
system setups can all work as the underlying file system, while the
stacking of multiple FUSE passthrough filesystems is still blocked.
>
> What I'm now thinking is that fuse_passthrough_open would probably be a
> better place for this check, so that the ioctl() would fail and the user
> space daemon may decide to skip passthrough and use legacy FUSE access
> for that file (or, at least, be aware that something went wrong).
>
+1, fuse_passthrough_open seems to be a better place for the check.
> A more aggressive approach would be instead to move the stacking depth
> check to fuse_fill_super_common, where we can update s_stack_depth to
> lower-fs depth+1 and fail if passthrough is active and s_stack_depth is
> greater than FILESYSTEM_MAX_STACK_DEPTH.
>
The lower layer files/directories might actually spread on different
file systems. I'm not sure if s_stack_depth check is still possible at
mount time. Even if we can calculate the substree s_stack_depth, it is
still more flexible to determine on a per inode basis, right?
Cheers,
Tao
--
Into Sth. Rich & Strange
