Skip to content

Commit 4d925f6

Browse files
committed
Merge tag 'ovl-update-6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs
Pull overlayfs updates from Amir Goldstein: "This is a very small update with no bug fixes and no new features. The larger update of overlayfs for this cycle, the re-factoring of overlayfs code into generic backing_file helpers, was already merged via Christian. Summary: - Simplify/clarify some code No bug fixes here, just some changes following questions from Al about overlayfs code that could be a little more simple to follow. - Overlayfs documentation style fixes Mainly fixes for ReST formatting suggested by documentation developers" * tag 'ovl-update-6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs: overlayfs.rst: fix ReST formatting overlayfs.rst: use consistent feature names ovl: initialize ovl_copy_up_ctx.destname inside ovl_do_copy_up() ovl: remove redundant ofs->indexdir member
2 parents 0507d25 + d17bb46 commit 4d925f6

File tree

9 files changed

+76
-74
lines changed

9 files changed

+76
-74
lines changed

Documentation/filesystems/overlayfs.rst

Lines changed: 54 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ objects in the original filesystem.
3939
On 64bit systems, even if all overlay layers are not on the same
4040
underlying filesystem, the same compliant behavior could be achieved
4141
with the "xino" feature. The "xino" feature composes a unique object
42-
identifier from the real object st_ino and an underlying fsid index.
42+
identifier from the real object st_ino and an underlying fsid number.
4343
The "xino" feature uses the high inode number bits for fsid, because the
4444
underlying filesystems rarely use the high inode number bits. In case
4545
the underlying inode number does overflow into the high xino bits, overlay
@@ -118,7 +118,7 @@ Where both upper and lower objects are directories, a merged directory
118118
is formed.
119119

120120
At mount time, the two directories given as mount options "lowerdir" and
121-
"upperdir" are combined into a merged directory:
121+
"upperdir" are combined into a merged directory::
122122

123123
mount -t overlay overlay -olowerdir=/lower,upperdir=/upper,\
124124
workdir=/work /merged
@@ -172,12 +172,12 @@ directory is being read. This is unlikely to be noticed by many
172172
programs.
173173

174174
seek offsets are assigned sequentially when the directories are read.
175-
Thus if
175+
Thus if:
176176

177-
- read part of a directory
178-
- remember an offset, and close the directory
179-
- re-open the directory some time later
180-
- seek to the remembered offset
177+
- read part of a directory
178+
- remember an offset, and close the directory
179+
- re-open the directory some time later
180+
- seek to the remembered offset
181181

182182
there may be little correlation between the old and new locations in
183183
the list of filenames, particularly if anything has changed in the
@@ -290,9 +290,9 @@ Permission checking in the overlay filesystem follows these principles:
290290
2) task creating the overlay mount MUST NOT gain additional privileges
291291

292292
3) non-mounting task MAY gain additional privileges through the overlay,
293-
compared to direct access on underlying lower or upper filesystems
293+
compared to direct access on underlying lower or upper filesystems
294294

295-
This is achieved by performing two permission checks on each access
295+
This is achieved by performing two permission checks on each access:
296296

297297
a) check if current task is allowed access based on local DAC (owner,
298298
group, mode and posix acl), as well as MAC checks
@@ -311,11 +311,11 @@ to create setups where the consistency rule (1) does not hold; normally,
311311
however, the mounting task will have sufficient privileges to perform all
312312
operations.
313313

314-
Another way to demonstrate this model is drawing parallels between
314+
Another way to demonstrate this model is drawing parallels between::
315315

316316
mount -t overlay overlay -olowerdir=/lower,upperdir=/upper,... /merged
317317

318-
and
318+
and::
319319

320320
cp -a /lower /upper
321321
mount --bind /upper /merged
@@ -328,7 +328,7 @@ Multiple lower layers
328328
---------------------
329329

330330
Multiple lower layers can now be given using the colon (":") as a
331-
separator character between the directory names. For example:
331+
separator character between the directory names. For example::
332332

333333
mount -t overlay overlay -olowerdir=/lower1:/lower2:/lower3 /merged
334334

@@ -340,13 +340,13 @@ rightmost one and going left. In the above example lower1 will be the
340340
top, lower2 the middle and lower3 the bottom layer.
341341

342342
Note: directory names containing colons can be provided as lower layer by
343-
escaping the colons with a single backslash. For example:
343+
escaping the colons with a single backslash. For example::
344344

345345
mount -t overlay overlay -olowerdir=/a\:lower\:\:dir /merged
346346

347347
Since kernel version v6.8, directory names containing colons can also
348348
be configured as lower layer using the "lowerdir+" mount options and the
349-
fsconfig syscall from new mount api. For example:
349+
fsconfig syscall from new mount api. For example::
350350

351351
fsconfig(fs_fd, FSCONFIG_SET_STRING, "lowerdir+", "/a:lower::dir", 0);
352352

@@ -356,7 +356,7 @@ as an octal characters (\072) when displayed in /proc/self/mountinfo.
356356
Metadata only copy up
357357
---------------------
358358

359-
When metadata only copy up feature is enabled, overlayfs will only copy
359+
When the "metacopy" feature is enabled, overlayfs will only copy
360360
up metadata (as opposed to whole file), when a metadata specific operation
361361
like chown/chmod is performed. Full file will be copied up later when
362362
file is opened for WRITE operation.
@@ -405,7 +405,7 @@ A normal lower layer is not allowed to be below a data-only layer, so single
405405
colon separators are not allowed to the right of double colon ("::") separators.
406406

407407

408-
For example:
408+
For example::
409409

410410
mount -t overlay overlay -olowerdir=/l1:/l2:/l3::/do1::/do2 /merged
411411

@@ -419,7 +419,7 @@ to the absolute path of the "lower data" file in the "data-only" lower layer.
419419

420420
Since kernel version v6.8, "data-only" lower layers can also be added using
421421
the "datadir+" mount options and the fsconfig syscall from new mount api.
422-
For example:
422+
For example::
423423

424424
fsconfig(fs_fd, FSCONFIG_SET_STRING, "lowerdir+", "/l1", 0);
425425
fsconfig(fs_fd, FSCONFIG_SET_STRING, "lowerdir+", "/l2", 0);
@@ -429,7 +429,7 @@ For example:
429429

430430

431431
fs-verity support
432-
----------------------
432+
-----------------
433433

434434
During metadata copy up of a lower file, if the source file has
435435
fs-verity enabled and overlay verity support is enabled, then the
@@ -492,27 +492,27 @@ though it will not result in a crash or deadlock.
492492

493493
Mounting an overlay using an upper layer path, where the upper layer path
494494
was previously used by another mounted overlay in combination with a
495-
different lower layer path, is allowed, unless the "inodes index" feature
496-
or "metadata only copy up" feature is enabled.
495+
different lower layer path, is allowed, unless the "index" or "metacopy"
496+
features are enabled.
497497

498-
With the "inodes index" feature, on the first time mount, an NFS file
498+
With the "index" feature, on the first time mount, an NFS file
499499
handle of the lower layer root directory, along with the UUID of the lower
500500
filesystem, are encoded and stored in the "trusted.overlay.origin" extended
501501
attribute on the upper layer root directory. On subsequent mount attempts,
502502
the lower root directory file handle and lower filesystem UUID are compared
503503
to the stored origin in upper root directory. On failure to verify the
504504
lower root origin, mount will fail with ESTALE. An overlayfs mount with
505-
"inodes index" enabled will fail with EOPNOTSUPP if the lower filesystem
505+
"index" enabled will fail with EOPNOTSUPP if the lower filesystem
506506
does not support NFS export, lower filesystem does not have a valid UUID or
507507
if the upper filesystem does not support extended attributes.
508508

509-
For "metadata only copy up" feature there is no verification mechanism at
509+
For the "metacopy" feature, there is no verification mechanism at
510510
mount time. So if same upper is mounted with different set of lower, mount
511511
probably will succeed but expect the unexpected later on. So don't do it.
512512

513513
It is quite a common practice to copy overlay layers to a different
514514
directory tree on the same or different underlying filesystem, and even
515-
to a different machine. With the "inodes index" feature, trying to mount
515+
to a different machine. With the "index" feature, trying to mount
516516
the copied layers will fail the verification of the lower root file handle.
517517

518518
Nesting overlayfs mounts
@@ -547,28 +547,30 @@ filesystem.
547547

548548
This is the list of cases that overlayfs doesn't currently handle:
549549

550-
a) POSIX mandates updating st_atime for reads. This is currently not
551-
done in the case when the file resides on a lower layer.
550+
a) POSIX mandates updating st_atime for reads. This is currently not
551+
done in the case when the file resides on a lower layer.
552552

553-
b) If a file residing on a lower layer is opened for read-only and then
554-
memory mapped with MAP_SHARED, then subsequent changes to the file are not
555-
reflected in the memory mapping.
553+
b) If a file residing on a lower layer is opened for read-only and then
554+
memory mapped with MAP_SHARED, then subsequent changes to the file are not
555+
reflected in the memory mapping.
556556

557-
c) If a file residing on a lower layer is being executed, then opening that
558-
file for write or truncating the file will not be denied with ETXTBSY.
557+
c) If a file residing on a lower layer is being executed, then opening that
558+
file for write or truncating the file will not be denied with ETXTBSY.
559559

560560
The following options allow overlayfs to act more like a standards
561561
compliant filesystem:
562562

563-
1) "redirect_dir"
563+
redirect_dir
564+
````````````
564565

565566
Enabled with the mount option or module option: "redirect_dir=on" or with
566567
the kernel config option CONFIG_OVERLAY_FS_REDIRECT_DIR=y.
567568

568569
If this feature is disabled, then rename(2) on a lower or merged directory
569570
will fail with EXDEV ("Invalid cross-device link").
570571

571-
2) "inode index"
572+
index
573+
`````
572574

573575
Enabled with the mount option or module option "index=on" or with the
574576
kernel config option CONFIG_OVERLAY_FS_INDEX=y.
@@ -577,7 +579,8 @@ If this feature is disabled and a file with multiple hard links is copied
577579
up, then this will "break" the link. Changes will not be propagated to
578580
other names referring to the same inode.
579581

580-
3) "xino"
582+
xino
583+
````
581584

582585
Enabled with the mount option "xino=auto" or "xino=on", with the module
583586
option "xino_auto=on" or with the kernel config option
@@ -604,7 +607,7 @@ a crash or deadlock.
604607

605608
Offline changes, when the overlay is not mounted, are allowed to the
606609
upper tree. Offline changes to the lower tree are only allowed if the
607-
"metadata only copy up", "inode index", "xino" and "redirect_dir" features
610+
"metacopy", "index", "xino" and "redirect_dir" features
608611
have not been used. If the lower tree is modified and any of these
609612
features has been used, the behavior of the overlay is undefined,
610613
though it will not result in a crash or deadlock.
@@ -644,12 +647,13 @@ directory inode.
644647
When encoding a file handle from an overlay filesystem object, the
645648
following rules apply:
646649

647-
1. For a non-upper object, encode a lower file handle from lower inode
648-
2. For an indexed object, encode a lower file handle from copy_up origin
649-
3. For a pure-upper object and for an existing non-indexed upper object,
650-
encode an upper file handle from upper inode
650+
1. For a non-upper object, encode a lower file handle from lower inode
651+
2. For an indexed object, encode a lower file handle from copy_up origin
652+
3. For a pure-upper object and for an existing non-indexed upper object,
653+
encode an upper file handle from upper inode
651654

652655
The encoded overlay file handle includes:
656+
653657
- Header including path type information (e.g. lower/upper)
654658
- UUID of the underlying filesystem
655659
- Underlying filesystem encoding of underlying inode
@@ -659,15 +663,15 @@ are stored in extended attribute "trusted.overlay.origin".
659663

660664
When decoding an overlay file handle, the following steps are followed:
661665

662-
1. Find underlying layer by UUID and path type information.
663-
2. Decode the underlying filesystem file handle to underlying dentry.
664-
3. For a lower file handle, lookup the handle in index directory by name.
665-
4. If a whiteout is found in index, return ESTALE. This represents an
666-
overlay object that was deleted after its file handle was encoded.
667-
5. For a non-directory, instantiate a disconnected overlay dentry from the
668-
decoded underlying dentry, the path type and index inode, if found.
669-
6. For a directory, use the connected underlying decoded dentry, path type
670-
and index, to lookup a connected overlay dentry.
666+
1. Find underlying layer by UUID and path type information.
667+
2. Decode the underlying filesystem file handle to underlying dentry.
668+
3. For a lower file handle, lookup the handle in index directory by name.
669+
4. If a whiteout is found in index, return ESTALE. This represents an
670+
overlay object that was deleted after its file handle was encoded.
671+
5. For a non-directory, instantiate a disconnected overlay dentry from the
672+
decoded underlying dentry, the path type and index inode, if found.
673+
6. For a directory, use the connected underlying decoded dentry, path type
674+
and index, to lookup a connected overlay dentry.
671675

672676
Decoding a non-directory file handle may return a disconnected dentry.
673677
copy_up of that disconnected dentry will create an upper index entry with
@@ -770,9 +774,9 @@ Testsuite
770774
There's a testsuite originally developed by David Howells and currently
771775
maintained by Amir Goldstein at:
772776

773-
https://github.com/amir73il/unionmount-testsuite.git
777+
https://github.com/amir73il/unionmount-testsuite.git
774778

775-
Run as root:
779+
Run as root::
776780

777781
# cd unionmount-testsuite
778782
# ./run --ov --verify

fs/overlayfs/copy_up.c

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -952,6 +952,13 @@ static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
952952
err = -EIO;
953953
goto out_free_fh;
954954
} else {
955+
/*
956+
* c->dentry->d_name is stabilzed by ovl_copy_up_start(),
957+
* because if we got here, it means that c->dentry has no upper
958+
* alias and changing ->d_name means going through ovl_rename()
959+
* that will call ovl_copy_up() on source and target dentry.
960+
*/
961+
c->destname = c->dentry->d_name;
955962
/*
956963
* Mark parent "impure" because it may now contain non-pure
957964
* upper
@@ -1132,7 +1139,6 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
11321139
if (parent) {
11331140
ovl_path_upper(parent, &parentpath);
11341141
ctx.destdir = parentpath.dentry;
1135-
ctx.destname = dentry->d_name;
11361142

11371143
err = vfs_getattr(&parentpath, &ctx.pstat,
11381144
STATX_ATIME | STATX_MTIME,

fs/overlayfs/export.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -460,7 +460,7 @@ static struct dentry *ovl_lookup_real_inode(struct super_block *sb,
460460
* For decoded lower dir file handle, lookup index by origin to check
461461
* if lower dir was copied up and and/or removed.
462462
*/
463-
if (!this && layer->idx && ofs->indexdir && !WARN_ON(!d_is_dir(real))) {
463+
if (!this && layer->idx && ovl_indexdir(sb) && !WARN_ON(!d_is_dir(real))) {
464464
index = ovl_lookup_index(ofs, NULL, real, false);
465465
if (IS_ERR(index))
466466
return index;
@@ -733,7 +733,7 @@ static struct dentry *ovl_lower_fh_to_d(struct super_block *sb,
733733
}
734734

735735
/* Then lookup indexed upper/whiteout by origin fh */
736-
if (ofs->indexdir) {
736+
if (ovl_indexdir(sb)) {
737737
index = ovl_get_index_fh(ofs, fh);
738738
err = PTR_ERR(index);
739739
if (IS_ERR(index)) {

fs/overlayfs/namei.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -754,7 +754,7 @@ struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
754754
if (err)
755755
return ERR_PTR(err);
756756

757-
index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
757+
index = lookup_positive_unlocked(name.name, ofs->workdir, name.len);
758758
kfree(name.name);
759759
if (IS_ERR(index)) {
760760
if (PTR_ERR(index) == -ENOENT)
@@ -787,7 +787,7 @@ struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
787787
return ERR_PTR(err);
788788

789789
index = lookup_one_positive_unlocked(ovl_upper_mnt_idmap(ofs), name.name,
790-
ofs->indexdir, name.len);
790+
ofs->workdir, name.len);
791791
if (IS_ERR(index)) {
792792
err = PTR_ERR(index);
793793
if (err == -ENOENT) {

fs/overlayfs/ovl_entry.h

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,10 +63,8 @@ struct ovl_fs {
6363
struct ovl_sb *fs;
6464
/* workbasedir is the path at workdir= mount option */
6565
struct dentry *workbasedir;
66-
/* workdir is the 'work' directory under workbasedir */
66+
/* workdir is the 'work' or 'index' directory under workbasedir */
6767
struct dentry *workdir;
68-
/* index directory listing overlay inodes by origin file handle */
69-
struct dentry *indexdir;
7068
long namelen;
7169
/* pathnames of lower and upper dirs, for show_options */
7270
struct ovl_config config;
@@ -81,7 +79,6 @@ struct ovl_fs {
8179
/* Traps in ovl inode cache */
8280
struct inode *workbasedir_trap;
8381
struct inode *workdir_trap;
84-
struct inode *indexdir_trap;
8582
/* -1: disabled, 0: same fs, 1..32: number of unused ino bits */
8683
int xino_mode;
8784
/* For allocation of non-persistent inode numbers */

fs/overlayfs/params.c

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -743,10 +743,8 @@ void ovl_free_fs(struct ovl_fs *ofs)
743743
unsigned i;
744744

745745
iput(ofs->workbasedir_trap);
746-
iput(ofs->indexdir_trap);
747746
iput(ofs->workdir_trap);
748747
dput(ofs->whiteout);
749-
dput(ofs->indexdir);
750748
dput(ofs->workdir);
751749
if (ofs->workdir_locked)
752750
ovl_inuse_unlock(ofs->workbasedir);

fs/overlayfs/readdir.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1169,7 +1169,7 @@ int ovl_workdir_cleanup(struct ovl_fs *ofs, struct inode *dir,
11691169
int ovl_indexdir_cleanup(struct ovl_fs *ofs)
11701170
{
11711171
int err;
1172-
struct dentry *indexdir = ofs->indexdir;
1172+
struct dentry *indexdir = ofs->workdir;
11731173
struct dentry *index = NULL;
11741174
struct inode *dir = indexdir->d_inode;
11751175
struct path path = { .mnt = ovl_upper_mnt(ofs), .dentry = indexdir };

0 commit comments

Comments
 (0)