[Devel] [PATCH RHEL8 COMMIT] ovl: introduce new "index=nouuid" option for inodes index feature
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Sep 24 19:18:22 MSK 2020
The commit is pushed to "branch-rh8-4.18.0-193.6.3.vz8.4.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-193.6.3.vz8.4.7
------>
commit f566ffbfc5e916b1530971c1101c7622aa37a281
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Thu Sep 24 08:58:03 2020 +0300
ovl: introduce new "index=nouuid" option for inodes index feature
This relaxes uuid checks for overlay index feature. It is only possible
in case there is only one filesystem for all the work/upper/lower
directories and bare file handles from this backing filesystem are uniq.
In case we have multiple filesystems here just fall back to normal
"index=on".
This is needed when overlayfs is/was mounted in a container with
index enabled (e.g.: to be able to resolve inotify watch file handles on
it to paths in CRIU), and this container is copied and started alongside
with the original one. This way the "copy" container can't have the same
uuid on the superblock and mounting the overlayfs from it later would
fail. (see https://jira.sw.ru/browse/PSBM-11961 for more info why it is
needed)
To mainstream:
https://lkml.org/lkml/2020/9/23/565
https://jira.sw.ru/browse/PSBM-108115
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
(cherry picked from commit 32f7ce1f2c4115136170895fac9876822c843211)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
configs/kernel-4.18.0-x86_64-KVM-minimal.config | 1 +
configs/kernel-4.18.0-x86_64-debug.config | 1 +
configs/kernel-4.18.0-x86_64.config | 1 +
fs/overlayfs/Kconfig | 16 ++++++++
fs/overlayfs/export.c | 6 ++-
fs/overlayfs/namei.c | 35 +++++++++++-----
fs/overlayfs/overlayfs.h | 23 ++++++++---
fs/overlayfs/ovl_entry.h | 2 +-
fs/overlayfs/super.c | 54 ++++++++++++++++++-------
9 files changed, 105 insertions(+), 34 deletions(-)
diff --git a/configs/kernel-4.18.0-x86_64-KVM-minimal.config b/configs/kernel-4.18.0-x86_64-KVM-minimal.config
index cb2562cf64f5..7e7e9c054bbb 100644
--- a/configs/kernel-4.18.0-x86_64-KVM-minimal.config
+++ b/configs/kernel-4.18.0-x86_64-KVM-minimal.config
@@ -4030,6 +4030,7 @@ CONFIG_OVERLAY_FS=y
# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
CONFIG_OVERLAY_FS_INDEX=y
+CONFIG_OVERLAY_FS_INDEX_NOUUID=y
CONFIG_OVERLAY_FS_NFS_EXPORT=y
# CONFIG_OVERLAY_FS_XINO_AUTO is not set
# CONFIG_OVERLAY_FS_METACOPY is not set
diff --git a/configs/kernel-4.18.0-x86_64-debug.config b/configs/kernel-4.18.0-x86_64-debug.config
index 9f576da4cff7..30bb520a7a1e 100644
--- a/configs/kernel-4.18.0-x86_64-debug.config
+++ b/configs/kernel-4.18.0-x86_64-debug.config
@@ -7752,3 +7752,4 @@ CONFIG_DM_PLOOP=m
CONFIG_BLK_DEV_CBT=y
CONFIG_OVERLAY_FS_DYNAMIC_RESOLVE_PATH_OPTIONS=y
CONFIG_OVERLAY_FS_PATH_OPTIONS_MNT_ID=y
+CONFIG_OVERLAY_FS_INDEX_NOUUID=y
diff --git a/configs/kernel-4.18.0-x86_64.config b/configs/kernel-4.18.0-x86_64.config
index 504b5734aa12..1fba76ff9f17 100644
--- a/configs/kernel-4.18.0-x86_64.config
+++ b/configs/kernel-4.18.0-x86_64.config
@@ -7704,3 +7704,4 @@ CONFIG_DM_PLOOP=m
CONFIG_BLK_DEV_CBT=y
CONFIG_OVERLAY_FS_DYNAMIC_RESOLVE_PATH_OPTIONS=y
CONFIG_OVERLAY_FS_PATH_OPTIONS_MNT_ID=y
+CONFIG_OVERLAY_FS_INDEX_NOUUID=y
diff --git a/fs/overlayfs/Kconfig b/fs/overlayfs/Kconfig
index adfaf9098f45..ebd6b1b991ca 100644
--- a/fs/overlayfs/Kconfig
+++ b/fs/overlayfs/Kconfig
@@ -60,6 +60,22 @@ config OVERLAY_FS_INDEX
If unsure, say N.
+config OVERLAY_FS_INDEX_NOUUID
+ bool "Overlayfs: relax uuid checks of inodes index feature"
+ depends on OVERLAY_FS
+ depends on OVERLAY_FS_INDEX
+ help
+ If this config option is enabled then overlay will skip uuid checks
+ for index lower to upper inode map, this only can be done if all
+ upper and lower directories are on the same filesystem where basic
+ fhandles are uniq.
+
+ It is needed to overcome possible change of uuid on superblock of the
+ backing filesystem, e.g. when you copied the virtual disk and mount
+ both the copy of the disk and the original one at the same time.
+
+ If unsure, say N.
+
config OVERLAY_FS_NFS_EXPORT
bool "Overlayfs: turn on NFS export feature by default"
depends on OVERLAY_FS
diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c
index 8b035e7188ca..1d8c346dca68 100644
--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -686,11 +686,12 @@ static struct dentry *ovl_upper_fh_to_d(struct super_block *sb,
struct ovl_fs *ofs = sb->s_fs_info;
struct dentry *dentry;
struct dentry *upper;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
if (!ofs->upper_mnt)
return ERR_PTR(-EACCES);
- upper = ovl_decode_real_fh(fh, ofs->upper_mnt, true);
+ upper = ovl_decode_real_fh(fh, ofs->upper_mnt, true, nouuid);
if (IS_ERR_OR_NULL(upper))
return upper;
@@ -710,6 +711,7 @@ static struct dentry *ovl_lower_fh_to_d(struct super_block *sb,
struct dentry *index = NULL;
struct inode *inode;
int err;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
/* First lookup overlay inode in inode cache by origin fh */
err = ovl_check_origin_fh(ofs, fh, false, NULL, &stack);
@@ -762,7 +764,7 @@ static struct dentry *ovl_lower_fh_to_d(struct super_block *sb,
goto out_err;
}
if (index) {
- err = ovl_verify_origin(index, origin.dentry, false);
+ err = ovl_verify_origin(index, origin.dentry, false, nouuid);
if (err)
goto out_err;
}
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index efd372312ef1..e1f67860ca2e 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -151,7 +151,7 @@ static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name)
}
struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
- bool connected)
+ bool connected, bool nouuid)
{
struct dentry *real;
int bytes;
@@ -160,7 +160,7 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
* Make sure that the stored uuid matches the uuid of the lower
* layer where file handle will be decoded.
*/
- if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
+ if (!nouuid && !uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
return NULL;
bytes = (fh->len - offsetof(struct ovl_fh, fid));
@@ -319,10 +319,11 @@ int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
{
struct dentry *origin = NULL;
int i;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
for (i = 0; i < ofs->numlower; i++) {
origin = ovl_decode_real_fh(fh, ofs->lower_layers[i].mnt,
- connected);
+ connected, nouuid);
if (origin)
break;
}
@@ -387,7 +388,7 @@ static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
* Return 0 on match, -ESTALE on mismatch, < 0 on error.
*/
static int ovl_verify_fh(struct dentry *dentry, const char *name,
- const struct ovl_fh *fh)
+ const struct ovl_fh *fh, bool nouuid)
{
struct ovl_fh *ofh = ovl_get_fh(dentry, name);
int err = 0;
@@ -398,8 +399,14 @@ static int ovl_verify_fh(struct dentry *dentry, const char *name,
if (IS_ERR(ofh))
return PTR_ERR(ofh);
- if (fh->len != ofh->len || memcmp(fh, ofh, fh->len))
+ if (fh->len != ofh->len) {
err = -ESTALE;
+ } else {
+ if (nouuid && !uuid_equal(&fh->uuid, &ofh->uuid))
+ ofh->uuid = fh->uuid;
+ if (memcmp(fh, ofh, fh->len))
+ err = -ESTALE;
+ }
kfree(ofh);
return err;
@@ -414,7 +421,8 @@ static int ovl_verify_fh(struct dentry *dentry, const char *name,
* Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
*/
int ovl_verify_set_fh(struct dentry *dentry, const char *name,
- struct dentry *real, bool is_upper, bool set)
+ struct dentry *real, bool is_upper, bool set,
+ bool nouuid)
{
struct inode *inode;
struct ovl_fh *fh;
@@ -427,7 +435,7 @@ int ovl_verify_set_fh(struct dentry *dentry, const char *name,
goto fail;
}
- err = ovl_verify_fh(dentry, name, fh);
+ err = ovl_verify_fh(dentry, name, fh, nouuid);
if (set && err == -ENODATA)
err = ovl_do_setxattr(dentry, name, fh, fh->len, 0);
if (err)
@@ -450,6 +458,7 @@ struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
{
struct ovl_fh *fh;
struct dentry *upper;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
if (!d_is_dir(index))
return dget(index);
@@ -458,7 +467,7 @@ struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
if (IS_ERR_OR_NULL(fh))
return ERR_CAST(fh);
- upper = ovl_decode_real_fh(fh, ofs->upper_mnt, true);
+ upper = ovl_decode_real_fh(fh, ofs->upper_mnt, true, nouuid);
kfree(fh);
if (IS_ERR_OR_NULL(upper))
@@ -493,6 +502,7 @@ int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
struct ovl_path *stack = &origin;
struct dentry *upper = NULL;
int err;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
if (!d_inode(index))
return 0;
@@ -558,7 +568,7 @@ int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
goto fail;
}
- err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh);
+ err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh, nouuid);
dput(upper);
if (err)
goto fail;
@@ -676,6 +686,7 @@ struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
struct qstr name;
bool is_dir = d_is_dir(origin);
int err;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
err = ovl_get_index_name(origin, &name);
if (err)
@@ -729,7 +740,7 @@ struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
}
/* Verify that dir index 'upper' xattr points to upper dir */
- err = ovl_verify_upper(index, upper, false);
+ err = ovl_verify_upper(index, upper, false, nouuid);
if (err) {
if (err == -ESTALE) {
pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
@@ -827,6 +838,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
.redirect = NULL,
.metacopy = false,
};
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
if (dentry->d_name.len > ofs->namelen)
return ERR_PTR(-ENAMETOOLONG);
@@ -923,7 +935,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
if (upperdentry && !ctr &&
((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
(!d.is_dir && ofs->config.index && origin_path))) {
- err = ovl_verify_origin(upperdentry, this, false);
+ err = ovl_verify_origin(upperdentry, this, false,
+ nouuid);
if (err) {
dput(this);
if (d.is_dir)
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index 249acf4296a1..72b102b54076 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -18,6 +18,12 @@ enum ovl_path_type {
__OVL_PATH_ORIGIN = (1 << 2),
};
+enum ovl_index_type {
+ OVL_INDEX_OFF = 0,
+ OVL_INDEX_ON,
+ OVL_INDEX_NOUUID,
+};
+
#define OVL_TYPE_UPPER(type) ((type) & __OVL_PATH_UPPER)
#define OVL_TYPE_MERGE(type) ((type) & __OVL_PATH_MERGE)
#define OVL_TYPE_ORIGIN(type) ((type) & __OVL_PATH_ORIGIN)
@@ -304,11 +310,12 @@ static inline unsigned int ovl_xino_bits(struct super_block *sb)
/* namei.c */
int ovl_check_fh_len(struct ovl_fh *fh, int fh_len);
struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
- bool connected);
+ bool connected, bool nouuid);
int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
struct dentry *upperdentry, struct ovl_path **stackp);
int ovl_verify_set_fh(struct dentry *dentry, const char *name,
- struct dentry *real, bool is_upper, bool set);
+ struct dentry *real, bool is_upper, bool set,
+ bool nouuid);
struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index);
int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index);
int ovl_get_index_name(struct dentry *origin, struct qstr *name);
@@ -321,15 +328,19 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
bool ovl_lower_positive(struct dentry *dentry);
static inline int ovl_verify_origin(struct dentry *upper,
- struct dentry *origin, bool set)
+ struct dentry *origin, bool set,
+ bool nouuid)
{
- return ovl_verify_set_fh(upper, OVL_XATTR_ORIGIN, origin, false, set);
+ return ovl_verify_set_fh(upper, OVL_XATTR_ORIGIN, origin, false, set,
+ nouuid);
}
static inline int ovl_verify_upper(struct dentry *index,
- struct dentry *upper, bool set)
+ struct dentry *upper, bool set,
+ bool nouuid)
{
- return ovl_verify_set_fh(index, OVL_XATTR_UPPER, upper, true, set);
+ return ovl_verify_set_fh(index, OVL_XATTR_UPPER, upper, true, set,
+ nouuid);
}
/* readdir.c */
diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h
index a5b89cd8c2bd..8a940855d393 100644
--- a/fs/overlayfs/ovl_entry.h
+++ b/fs/overlayfs/ovl_entry.h
@@ -16,7 +16,7 @@ struct ovl_config {
bool redirect_dir;
bool redirect_follow;
const char *redirect_mode;
- bool index;
+ int index;
bool nfs_export;
int xino;
bool metacopy;
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index db3b5308172b..36936ee9ac0d 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -41,10 +41,12 @@ module_param_named(redirect_always_follow, ovl_redirect_always_follow,
MODULE_PARM_DESC(ovl_redirect_always_follow,
"Follow redirects even if redirect_dir feature is turned off");
-static bool ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
-module_param_named(index, ovl_index_def, bool, 0644);
+static int ovl_index_def = IS_ENABLED(CONFIG_OVERLAY_FS_INDEX_NOUUID) ?
+ OVL_INDEX_NOUUID :
+ IS_ENABLED(CONFIG_OVERLAY_FS_INDEX);
+module_param_named(index, ovl_index_def, int, 0644);
MODULE_PARM_DESC(ovl_index_def,
- "Default to on or off for the inodes index feature");
+ "Default to on, off or nouuid for the inodes index feature");
static bool ovl_nfs_export_def = IS_ENABLED(CONFIG_OVERLAY_FS_NFS_EXPORT);
module_param_named(nfs_export, ovl_nfs_export_def, bool, 0644);
@@ -389,8 +391,18 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry)
seq_puts(m, ",default_permissions");
if (strcmp(ofs->config.redirect_mode, ovl_redirect_mode_def()) != 0)
seq_printf(m, ",redirect_dir=%s", ofs->config.redirect_mode);
- if (ofs->config.index != ovl_index_def)
- seq_printf(m, ",index=%s", ofs->config.index ? "on" : "off");
+ if (ofs->config.index != ovl_index_def) {
+ switch (ofs->config.index) {
+ case OVL_INDEX_OFF:
+ seq_puts(m, ",index=off");
+ break;
+ case OVL_INDEX_NOUUID:
+ seq_puts(m, ",index=nouuid");
+ break;
+ default:
+ seq_puts(m, ",index=on");
+ }
+ }
if (ofs->config.nfs_export != ovl_nfs_export_def)
seq_printf(m, ",nfs_export=%s", ofs->config.nfs_export ?
"on" : "off");
@@ -431,6 +443,7 @@ enum {
OPT_REDIRECT_DIR,
OPT_INDEX_ON,
OPT_INDEX_OFF,
+ OPT_INDEX_NOUUID,
OPT_NFS_EXPORT_ON,
OPT_NFS_EXPORT_OFF,
OPT_XINO_ON,
@@ -449,6 +462,7 @@ static const match_table_t ovl_tokens = {
{OPT_REDIRECT_DIR, "redirect_dir=%s"},
{OPT_INDEX_ON, "index=on"},
{OPT_INDEX_OFF, "index=off"},
+ {OPT_INDEX_NOUUID, "index=nouuid"},
{OPT_NFS_EXPORT_ON, "nfs_export=on"},
{OPT_NFS_EXPORT_OFF, "nfs_export=off"},
{OPT_XINO_ON, "xino=on"},
@@ -558,11 +572,15 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config)
break;
case OPT_INDEX_ON:
- config->index = true;
+ config->index = OVL_INDEX_ON;
break;
case OPT_INDEX_OFF:
- config->index = false;
+ config->index = OVL_INDEX_OFF;
+ break;
+
+ case OPT_INDEX_NOUUID:
+ config->index = OVL_INDEX_NOUUID;
break;
case OPT_NFS_EXPORT_ON:
@@ -837,7 +855,7 @@ static int ovl_lower_dir(const char *name, struct path *path,
fh_type = ovl_can_decode_fh(path->dentry->d_sb);
if ((ofs->config.nfs_export ||
(ofs->config.index && ofs->config.upperdir)) && !fh_type) {
- ofs->config.index = false;
+ ofs->config.index = OVL_INDEX_OFF;
ofs->config.nfs_export = false;
pr_warn("overlayfs: fs on '%s' does not support file handles, falling back to index=off,nfs_export=off.\n",
name);
@@ -1113,7 +1131,7 @@ static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workbasepath)
err = ovl_do_setxattr(ofs->workdir, OVL_XATTR_OPAQUE, "0", 1, 0);
if (err) {
ofs->noxattr = true;
- ofs->config.index = false;
+ ofs->config.index = OVL_INDEX_OFF;
ofs->config.metacopy = false;
pr_warn("overlayfs: upper fs does not support xattr, falling back to index=off and metacopy=off.\n");
err = 0;
@@ -1124,7 +1142,7 @@ static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workbasepath)
/* Check if upper/work fs supports file handles */
fh_type = ovl_can_decode_fh(ofs->workdir->d_sb);
if (ofs->config.index && !fh_type) {
- ofs->config.index = false;
+ ofs->config.index = OVL_INDEX_OFF;
pr_warn("overlayfs: upper fs does not support file handles, falling back to index=off.\n");
}
@@ -1184,6 +1202,7 @@ static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
{
struct vfsmount *mnt = ofs->upper_mnt;
int err;
+ bool nouuid = ofs->config.index == OVL_INDEX_NOUUID;
err = mnt_want_write(mnt);
if (err)
@@ -1191,7 +1210,7 @@ static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
/* Verify lower root is upper root origin */
err = ovl_verify_origin(upperpath->dentry, oe->lowerstack[0].dentry,
- true);
+ true, nouuid);
if (err) {
pr_err("overlayfs: failed to verify upper root origin\n");
goto out;
@@ -1209,11 +1228,13 @@ static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
*/
if (ovl_check_origin_xattr(ofs->indexdir)) {
err = ovl_verify_set_fh(ofs->indexdir, OVL_XATTR_ORIGIN,
- upperpath->dentry, true, false);
+ upperpath->dentry, true, false,
+ nouuid);
if (err)
pr_err("overlayfs: failed to verify index dir 'origin' xattr\n");
}
- err = ovl_verify_upper(ofs->indexdir, upperpath->dentry, true);
+ err = ovl_verify_upper(ofs->indexdir, upperpath->dentry, true,
+ nouuid);
if (err)
pr_err("overlayfs: failed to verify index dir 'upper' xattr\n");
@@ -1504,9 +1525,14 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
}
+ if (ofs->config.index == OVL_INDEX_NOUUID && ofs->numlowerfs) {
+ pr_warn("overlayfs: index=nouuid requires an single fs for lower and upper, falling back to index=on.\n");
+ ofs->config.index = OVL_INDEX_ON;
+ }
+
/* Show index=off in /proc/mounts for forced r/o mount */
if (!ofs->indexdir) {
- ofs->config.index = false;
+ ofs->config.index = OVL_INDEX_OFF;
if (ofs->upper_mnt && ofs->config.nfs_export) {
pr_warn("overlayfs: NFS export requires an index dir, falling back to nfs_export=off.\n");
ofs->config.nfs_export = false;
More information about the Devel
mailing list