On Thu, May 18, 2017 at 4:15 PM, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > On Thu, May 18, 2017 at 2:08 AM, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > >> >> The other thing I wanted to ask and it doesn't require you looking at >> any code is how to handle backward compat of mount behavior when >> workdir is reused for mount with a different upperdir. >> >> The use case may seem odd, but I already ran into it with unionmount >> testsuite ./run --ov=1 and with xfstest overlay/014. >> Maybe those are the only examples in the world, but maybe not... >> >> The problem is that if workdir/index contains hardlinks to a past upper >> which has been rotated to lower, bad things can happen on copy up. >> What I did so far is to store origin fh of upper root in index dir. >> Mount forces read-only if index dir origin does not match upper root dir. >> >> So with current WIP the behavior is that ./run --ov=1 fails after >> rotating upper: >> >> overlayfs: failed to verify origin dir (ino=19025, ret=-116) - were >> layers copied? >> overlayfs: failed to create directory /upper/work/index (errno: 17); >> mounting read-only >> ./run --rename /mnt/a/no_foo104 /mnt/a/no_foo105 >> /mnt/a/no_foo104: Unexpected error: Read-only file system >> >> It's easy to fix the testsuite, but it is doing something that was legal before >> (provide the same workdir option with different upperdir options) and now >> it fails. >> >> The alternative is to blow away the index dir and recreate it when mounting >> with an unverified upperdir. This will work fine for the testsuite, but not for >> the obscure users out there using the same workdir to mount with few different >> upperdir (not at the same time) - do we care? Actually, the "at the same time" case is interesting as well. We should probably error out at mount time in that case, instead we destroy the first user's work directory. Not good. >> >> I guess the best is to blow away index dir unless user explicitly opted-in >> to not blow it away, e.g. by using mount option indexdir= in place of workdir= >> (mutually excl.). >> > > Actually, it may make sense to have -o verify_lower control this behavior. > Specifying -o verify_lower clearly states the intention of the user to mount > overlay layers that were not copied, therefore it makes sense to fail rw mount. > > OTHO, with this wider meaning, I no longer like the name 'verify_lower', > for 2 reasons: > 1. It is only used to verify directories > 2. It is now also used to verify upper root dir > > So how about 'verify_dir'/'verify_fh'/'verify_origin'? Head spins from all these separate functions (snapshot, NFS export, hard link unbreaking) and what they need. There's probably no "one size fits all" behavior. Will need to think about this a bit... Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
