lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Jun 2019 02:18:25 +0300
From:   Amir Goldstein <amir73il@...il.com>
To:     "Theodore Ts'o" <tytso@....edu>
Cc:     Marco Nelissen <marco.nelissen@...il.com>,
        overlayfs <linux-unionfs@...r.kernel.org>,
        Ext4 <linux-ext4@...r.kernel.org>,
        Gabriel Krisman Bertazi <krisman@...labora.com>,
        Eric Biggers <ebiggers@...gle.com>
Subject: Re: which lower filesystems are actually supported?

On Sun, Jun 2, 2019 at 9:01 PM Theodore Ts'o <tytso@....edu> wrote:
>
> On Sun, Jun 02, 2019 at 09:42:54AM +0300, Amir Goldstein wrote:
> > [+cc ext4] Heads up on bug reports "Overlayfs fails to mount with ext4"
> >
> > On Sat, Jun 1, 2019 at 11:02 PM Marco Nelissen <marco.nelissen@...il.com> wrote:
> > >
> > > According to the documentation, "The lower filesystem can be any filesystem
> > > supported by Linux", however this appears to not actually be the case, since
> > > using a vfat filesystem results in the mount command printing "mount:
> > > wrong fs type, bad option, bad superblock on overlay, missing codepage or
> > > helper program, or other error", with dmesg saying "overlayfs: filesystem on
> > > '/boot' not supported".
> > > (that's from ovl_mount_dir_noesc(), when ovl_dentry_weird() returns nonzero)
> >
> > Specifically for vfat it is weird because of
> > dentry->d_flags & (DCACHE_OP_HASH | DCACHE_OP_COMPARE)
> > because it is case insensitive.
>
[...]
> >
> > I am guessing when people start using case insensitive enabled ext4,
> > this problem
> > is going to surface, because the same ext4 (e.g. root fs) could be
> > used for samba
> > export (case insensitive) and docker storage (overlayfs).
>
[...]
>
> We *might* be able to only set the dentry functions on directory
> entries belonging to directories which have the casefold flag set,
> instead of simply setting it on all ext4 dentry entries.  But still
> won't change the fact that overlayfs is going to have case
> insensitivity support if we want the combination of overlayfs &&
> casefold to be supported.
>

My intention was not that overlayfs should support casefold, just that
an isolated casefold subdir in an ext4 fs shouldn't make the entire fs
not usable with overlayfs.

Incidentally, we already ran into a similar issue with ext4 encryption.
Issue was reported by OpenWRT developers and fixed by:
d456a33f041a fscrypt: only set dentry_operations on ciphertext dentries

I recon casefold is taking a similar direction to the fs/crypto library, so
solution should be similar as well.

BTW, is casefold feature mutually exclusive with encryption feature?
Because if it isn't, d_set_d_op() in __fscrypt_prepare_lookup() is
going to WARN_ON dentry already has ext4_dentry_ops.

Thanks,
Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ