When the "verify" feature is enabled, a directory inode found in lower
layer by name or by redirect_dir is verified against the file handle of
the copy up origin that is stored in the upper layer.
This introduces a change of behavior for the case of lower layer
modification while overlay is offline. A lower directory created or
moved offline under an exisitng upper directory, will not be merged with
that upper directory.
The "verify" feature should not be used after copying layers,
because the new lower directory inodes would fail verification.
Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
---
Documentation/filesystems/overlayfs.txt | 16 ++++++++++++++++
fs/overlayfs/namei.c | 13 +++++++++++++
2 files changed, 29 insertions(+)
diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt
index e6a5f4912b6d..00e0595f3d7e 100644
--- a/Documentation/filesystems/overlayfs.txt
+++ b/Documentation/filesystems/overlayfs.txt
@@ -299,6 +299,22 @@ filesystem are not allowed. If the underlying filesystem is changed,
the behavior of the overlay is undefined, though it will not result in
a crash or deadlock.
+When the underlying filesystems supports NFS export, overlay mount can be
+made more resilient to offline and online changes of the underlying lower
+layer by enabling the "verify" feature.
+
+On every copy_up, an NFS file handle of the lower inode, along with the
+UUID of the lower filesystem, are encoded and stored in an extended
+attribute "trusted.overlay.origin" on the upper inode.
+
+When the "verify" feature is enabled, a lookup of a merged directory, that
+found a lower directory at the lookup path or at the path pointed to by
+the "trusted.overlay.redirect" extended attribute, will verify that the
+found lower directory file handle and lower filesystem UUID match the
+origin file handle that was stored at copy_up time. If a found lower
+directory does not match the stored origin, that directory will not be
+merged with the upper directory.
+
Testsuite
---------
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 46a3e31b0225..56deb2785af7 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -734,6 +734,19 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
}
}
+ /*
+ * When "verify" feature is enabled, do not merge with a lower
+ * dir that does not match a stored origin xattr.
+ */
+ if (upperdentry && !ctr && ovl_verify(dentry->d_sb)) {
+ err = ovl_verify_origin(upperdentry, this, false,
+ false);
+ if (err) {
+ dput(this);
+ break;
+ }
+ }
+
stack[ctr].dentry = this;
stack[ctr].layer = lower.layer;
ctr++;
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
