On Tue, Feb 11, 2025 at 12:46 PM Miklos Szeredi <miklos@xxxxxxxxxx> wrote: > > On Tue, 11 Feb 2025 at 12:13, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > What do you say about moving this comment outside the loop and leaving here > > only: > > > > /* Should redirects/metacopy to lower layers be followed? */ > > if ((nextmetacopy && !ofs->config.metacopy) || > > (nextredirect && !ovl_redirect_follow(ofs))) > > break; > > Nice idea, except it would break the next patch. Really? I looked at the next patch before suggesting this I did not see the breakage. Can you point it out? BTW, this patch is adding consistency to following upperredirect but the case of upperredirect and uppermetacopy read from index still does not check metacopy/redirect config. Looking closer at ovl_maybe_validate_verity(), it's actually worse - if you create an upper without metacopy above a lower with metacopy, ovl_validate_verity() will only check the metacopy xattr on metapath, which is the uppermost and find no md5digest, so create an upper above a metacopy lower is a way to avert verity check. So I think lookup code needs to disallow finding metacopy in middle layer and need to enforce that also when upper is found via index. Thanks, Amir.
