From a8307b9f3972c97a48e6a451eefec346307bf3ab Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Wed, 23 Jan 2019 10:19:23 +0100 Subject: [PATCH 1/3] nixos/overlayfs: add test --- nixos/tests/all-tests.nix | 1 + nixos/tests/overlayfs.nix | 57 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 nixos/tests/overlayfs.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2ddb54bcc3d..79405fe5de7 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -172,6 +172,7 @@ in osquery = handleTest ./osquery.nix {}; osrm-backend = handleTest ./osrm-backend.nix {}; ostree = handleTest ./ostree.nix {}; + overlayfs = handleTest ./overlayfs.nix {}; pam-oath-login = handleTest ./pam-oath-login.nix {}; pam-u2f = handleTest ./pam-u2f.nix {}; pantheon = handleTest ./pantheon.nix {}; diff --git a/nixos/tests/overlayfs.nix b/nixos/tests/overlayfs.nix new file mode 100644 index 00000000000..99bb6b0f553 --- /dev/null +++ b/nixos/tests/overlayfs.nix @@ -0,0 +1,57 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "overlayfs"; + meta.maintainers = with pkgs.stdenv.lib.maintainers; [ bachp ]; + + machine = { pkgs, ... }: { + virtualisation.emptyDiskImages = [ 512 ]; + networking.hostId = "deadbeef"; + environment.systemPackages = with pkgs; [ parted ]; + }; + + testScript = '' + $machine->succeed("ls /dev"); + + $machine->succeed("mkdir -p /tmp/mnt"); + + # Test ext4 + overlayfs + $machine->succeed( + + "mkfs.ext4 -F -L overlay-ext4 /dev/vdb", + "mount -t ext4 /dev/vdb /tmp/mnt", + + "mkdir -p /tmp/mnt/upper /tmp/mnt/lower /tmp/mnt/work /tmp/mnt/merged", + + # Setup some existing files + "echo 'Replace' > /tmp/mnt/lower/replace.txt", + "echo 'Append' > /tmp/mnt/lower/append.txt", + "echo 'Overwrite' > /tmp/mnt/lower/overwrite.txt", + + "mount -t overlay overlay -o lowerdir=/tmp/mnt/lower,upperdir=/tmp/mnt/upper,workdir=/tmp/mnt/work /tmp/mnt/merged", + + # Test new + "echo 'New' > /tmp/mnt/merged/new.txt", + "[[ \"\$(cat /tmp/mnt/merged/new.txt)\" == \"New\" ]]", + + # Test replace + "[[ \"\$(cat /tmp/mnt/merged/replace.txt)\" == \"Replace\" ]]", + "echo 'Replaced' > /tmp/mnt/merged/replace-tmp.txt", + "mv /tmp/mnt/merged/replace-tmp.txt /tmp/mnt/merged/replace.txt", + "[[ \"\$(cat /tmp/mnt/merged/replace.txt)\" == \"Replaced\" ]]", + + # Overwrite + "[[ \"\$(cat /tmp/mnt/merged/overwrite.txt)\" == \"Overwrite\" ]]", + "echo 'Overwritten' > /tmp/mnt/merged/overwrite.txt", + "[[ \"\$(cat /tmp/mnt/merged/overwrite.txt)\" == \"Overwritten\" ]]", + + # Test append + "[[ \"\$(cat /tmp/mnt/merged/append.txt)\" == \"Append\" ]]", + "echo 'ed' >> /tmp/mnt/merged/append.txt", + #"cat /tmp/mnt/merged/append.txt && exit 1", + "[[ \"\$(cat /tmp/mnt/merged/append.txt)\" == \"Append\ned\" ]]", + + "umount /tmp/mnt/merged", + "umount /tmp/mnt", + "udevadm settle" + ); + ''; +}) From 4c1ddb3a57a5e3f37f3234b9dcab3d3098c1f50e Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 14 Mar 2019 14:56:55 +0100 Subject: [PATCH 2/3] qemu: Apply interim fix for overlayfs + O_NOATIME Our VM tests and everything related to our virtualisation infrastructure is currently broken if used with kernel 4.19 or later. The reason for this is that since 4.19, overlayfs uses the O_NOATIME flag when opening files in lowerdir and this doesn't play nice with the way we pass the Nix store to our QEMU guests. On a NixOS system, paths in the Nix store are typically owned by root but the QEMU process is usually run by an ordinary user. Using O_NOATIME on a file where you're not the owner (or superuser) will return with EPERM (Operation not permitted). This is exactly what happens in our VM tests, because we're using overlayfs in the guests to allow writes to the store. Another implication of this is that the default kernel version for NixOS 19.03 has been reverted to Linux 4.14. Work on getting this upstream is still ongoing and the patch I posted previously was incomplete, needs rework and also some more review from upstream maintainers - in summary: This will take a while. So instead of rushing in a kernel patch to nixpkgs, which will affect all users of overlayfs, not just NixOS VM tests, I opted to patch QEMU for now to ignore the O_NOATIME flag in 9p. I think this is also the least impacting change, because even if you care about whether access times are written or not, you get the same behaviour as with Linux 4.19 in conjunction with QEMU. Signed-off-by: aszlig Fixes: https://github.com/NixOS/nixpkgs/issues/54509 --- .../qemu/9p-ignore-noatime.patch | 44 +++++++++++++++++++ .../virtualization/qemu/default.nix | 1 + 2 files changed, 45 insertions(+) create mode 100644 pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch diff --git a/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch b/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch new file mode 100644 index 00000000000..03e47a57863 --- /dev/null +++ b/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch @@ -0,0 +1,44 @@ +commit cdc3e7eeafa9f683214d2c15d52ef384c3de6611 +Author: aszlig +Date: Mon Mar 18 13:21:01 2019 +0100 + + 9pfs: Ignore O_NOATIME open flag + + Since Linux 4.19, overlayfs uses the O_NOATIME flag on its lowerdir, + which in turn causes errors when the Nix store is mounted in the guest + because the file owner of the store paths typically don't match the + owner of the QEMU process. + + After submitting a patch to the overlayfs mailing list[1], it turns out + that my patch was incomplete[2] and needs a bit more rework. + + So instead of using an incomplete kernel patch in nixpkgs, which affects + *all* users of overlayfs, not just NixOS VM tests, I decided that for + now it's better to patch QEMU instead. + + The change here really only ignores the O_NOATIME flag so that the + behaviour is similar to what NFS does. From open(2): + + This flag may not be effective on all filesystems. One example is NFS, + where the server maintains the access time. + + This change is therefore only temporary until the final fix lands in the + stable kernel releases. + + [1]: https://www.spinics.net/lists/linux-unionfs/msg06755.html + [2]: https://www.spinics.net/lists/linux-unionfs/msg06756.html + + Signed-off-by: aszlig + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 55821343e5..0b8425fe18 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -127,7 +127,6 @@ static int dotl_to_open_flags(int flags) + { P9_DOTL_LARGEFILE, O_LARGEFILE }, + { P9_DOTL_DIRECTORY, O_DIRECTORY }, + { P9_DOTL_NOFOLLOW, O_NOFOLLOW }, +- { P9_DOTL_NOATIME, O_NOATIME }, + { P9_DOTL_SYNC, O_SYNC }, + }; + diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 67a863b6fb7..91a6a4e6706 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -76,6 +76,7 @@ stdenv.mkDerivation rec { patches = [ ./no-etc-install.patch ./fix-qemu-ga.patch + ./9p-ignore-noatime.patch ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optional pulseSupport ./fix-hda-recording.patch ++ optionals stdenv.hostPlatform.isMusl [ From 9a395a45aa43df701550a5319a3a2c0b6aac580f Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 14 Mar 2019 15:05:18 +0100 Subject: [PATCH 3/3] linuxPackages: 4.14 -> 4.19 This reverts commit 048c36ccaa0add5e5de387e9de0d3775d3fdd10d. With the patch applied for fixing the overlayfs bug in QEMU, there really shouldn't stand anything in our way to use 4.19 as the default kernel. Signed-off-by: aszlig --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7fe8f295a48..16ce943d45e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14891,7 +14891,7 @@ in }); # The current default kernel / kernel modules. - linuxPackages = linuxPackages_4_14; + linuxPackages = linuxPackages_4_19; linux = linuxPackages.kernel; # Update this when adding the newest kernel major version!