summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorAmir Goldstein <amir73il@gmail.com>2018-01-10 21:29:38 +0100
committerMiklos Szeredi <mszeredi@redhat.com>2018-01-24 11:25:51 +0100
commit37b12916c0f802d956c767db984801d3100c6524 (patch)
treeded15d15eab41c31b428e8a19fee9111de0ca4d5 /fs
parentovl: add support for "nfs_export" configuration (diff)
downloadlinux-37b12916c0f802d956c767db984801d3100c6524.tar.xz
linux-37b12916c0f802d956c767db984801d3100c6524.zip
ovl: verify stored origin fh matches lower dir
When the NFS export feature is enabled, overlayfs implicitly enables the feature "verify_lower". When the "verify_lower" feature is enabled, a directory inode found in lower layer by name or by redirect_dir is verified against the file handle of the copy up origin that is stored in the upper layer. This introduces a change of behavior for the case of lower layer modification while overlay is offline. A lower directory created or moved offline under an exisitng upper directory, will not be merged with that upper directory. The NFS export feature should not be used after copying layers, because the new lower directory inodes would fail verification and won't be merged with upper directories. Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/overlayfs/namei.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 11e164cb2593..69ca8eb07519 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -737,6 +737,18 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
}
}
+ /*
+ * When "verify_lower" feature is enabled, do not merge with a
+ * lower dir that does not match a stored origin xattr.
+ */
+ if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) {
+ err = ovl_verify_origin(upperdentry, this, false);
+ if (err) {
+ dput(this);
+ break;
+ }
+ }
+
stack[ctr].dentry = this;
stack[ctr].layer = lower.layer;
ctr++;