| Message ID | 20240208-mnt-idmap-inval-v2-1-58ef26d194e0@me.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-57406-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id
ma11csp2653175dyb;
Wed, 7 Feb 2024 19:03:24 -0800 (PST)
X-Forwarded-Encrypted: i=3;
AJvYcCUgqqEZgEwFu2tB3U2jPGEJFYVt/hqYuvkythpnxNRfkwQcz2Qw7Y/WJJ2IVRSXU7mq8QymFzSvh2bPuDSzobdy63l7Jw==
X-Google-Smtp-Source:
AGHT+IEFErRLyIpHLNf49SO171Va13NEMxvmoXwNDvuJ9jHCPQ6qTt99L+HD4cmZOSk8+7hLxODN
X-Received: by 2002:a17:906:2001:b0:a38:41e8:14eb with SMTP id
1-20020a170906200100b00a3841e814ebmr3263187ejo.26.1707361403949;
Wed, 07 Feb 2024 19:03:23 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707361403; cv=pass;
d=google.com; s=arc-20160816;
b=bAoYB5QExXUppxfewtk89IncjJyzRtbXaF7niiBcDMsIXoKUHYGwrObazJlvY2IQnQ
EbsPkzTTz3O5BebDBwPjw7nz9XCd9ORJF79fz1E/A3pjEaB+RI4kkjTgUsqHiOhePqf6
iWIvWih5GNfmSDRZjjhkIJ0HcWm0w1wv3ef37ZSRrGFBsRi9M9jKQa0b+TdQqMv7DomY
av46OZVXDBH1VdNSiDU1cHcwfHJXg6ZZPw5wJoUAnjInu3O4ro2LQpODGu0OK4fgYwo4
TWaC7kcKpwyVrhlQoyW76NL8fEZF5O6NNifrpD/eGXVa4rV9pUXq0DcjspaNhDszLhVo
fJSA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=reply-to:cc:to:message-id:content-transfer-encoding:mime-version
:list-unsubscribe:list-subscribe:list-id:precedence:subject:date
:from:dkim-signature;
bh=aCQeWLpvGE+3w+Kh31hQPV/EivqwLmJvmFmLUA3hLKw=;
fh=gqzMybH6WZYnQd/PU6ImpMRtwldplCav0Q10DkY/ycE=;
b=FmGCRvBLUhlvyzSCG6FFdmoIWW4KYDbA1ea3YITVqxkfHdT+I4Y8bLwiQJkeAwXWF6
NXvxnYDjo335F9Of+6EQObj8F6XTZ5erbbAWlXQt04fk0b8Btwe2P8dat/+ZJguO068m
eIdB4/Vz9/OTT8R0aXdpd81E+6YO7xU18mEafBuCWRZddvi0Sg8W5IvgcDeIgBTcXqcs
tsccqOZsaJXCOt3kqpZpX47+vKWd6mNjMTf3KNtCZJ6qHC8Bclbtyrfx0XQFFYj0D3uD
vvYwHZtyk6CVJPH8hAEUSYUJbs+PsqMhS6wc8VNfLRvZO8yRsP6UA/6O6dIdV1auG4bQ
j62g==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b="aG/2miJD";
arc=pass (i=1 dkim=pass dkdomain=kernel.org);
spf=pass (google.com: domain of
linux-kernel+bounces-57406-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-57406-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
X-Forwarded-Encrypted: i=2;
AJvYcCUe7gQQwsHwyKmdZWVb22VTOQ5akXmAKyQxHdFaneaIlweoPQ1t/MUcPIqDvgOGYIeGE0p190EG8YTs6j4TTyTaX0gklQ==
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
by mx.google.com with ESMTPS id
h18-20020a170906261200b00a37adf0582esi1687634ejc.603.2024.02.07.19.03.23
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 07 Feb 2024 19:03:23 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-57406-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b="aG/2miJD";
arc=pass (i=1 dkim=pass dkdomain=kernel.org);
spf=pass (google.com: domain of
linux-kernel+bounces-57406-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-57406-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by am.mirrors.kernel.org (Postfix) with ESMTPS id 7A8091F22F1F
for <ouuuleilei@gmail.com>; Thu, 8 Feb 2024 03:03:23 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id BFDD31DA3D;
Thu, 8 Feb 2024 03:03:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
header.b="aG/2miJD"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
[10.30.226.201])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14E271D527;
Thu, 8 Feb 2024 03:03:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1707361381; cv=none;
b=DTTZsKJ1GLrbBnZsAMkMhqphB1Cmxm1xWvR3FFW+P9sFO1NcCsikgFnyDLptx9dMo7hcNuk7Kzqi2590sdxHC46/28gxjIDIzD1uwdpj5KQsiW89tQy4hynb6syWoD2XJC1YS/2a50JupqfidwP3Wd6F1iJWGizLZEvyxlkr4Io=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1707361381; c=relaxed/simple;
bh=gCp4+3KXtXmU2pDbRIv0pZycO02wlcy/xdhCfLUsbSQ=;
h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc;
b=JP4WZYOY/yOAiqEL3d41YIbIod81yOAivyokWbAsilVViRRrT3MtkIa5diEslNC9UHEMDi+ch7JCXnrEyz3glzbI+mCjFWZOyTm5yJzfAhlMwi3TWFs3MGgzmi4R0lRGFt32V9y/r8coTnWTOq71SbYxHptl2KVTL9QQ2w1Ajn8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
header.b=aG/2miJD; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPS id 911AEC433F1;
Thu, 8 Feb 2024 03:03:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1707361380;
bh=gCp4+3KXtXmU2pDbRIv0pZycO02wlcy/xdhCfLUsbSQ=;
h=From:Date:Subject:To:Cc:Reply-To:From;
b=aG/2miJDoPXVvUO7JbdKTqvdl5RJCB+kwfWB5Ykx0BRuVddp9A69wm5c19K59Eo3f
/RUBz/W9EWlk0jRzZ3KfuHtfuGaTneQo8oATrYtGV4eGRod6OvXVWpECXGUiI53wZK
b4SxC5Yl2mnhe6yzD58gk5zJzEZ4m+1MWedAyBCb7TYBf2e0HscTS/6WH8VfkStOWD
sFFL0Xhuvpb/2qlnWGx7fSkEkDZjsENr/Wad4geQkmjKjFfaQaW/sAoKMjyhanTNgU
Ejk7TYgysXEBEWB/FS2x7diDnszknX1fo0jHfSTA2f5dlCNwv+/kv9TaUdmVymlzFy
MFcie9BGRFtAA==
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
(localhost.localdomain [127.0.0.1])
by smtp.lore.kernel.org (Postfix) with ESMTP id 6BF26C4828F;
Thu, 8 Feb 2024 03:03:00 +0000 (UTC)
From: Taylor Jackson via B4 Relay <devnull+taylor.a.jackson.me.com@kernel.org>
Date: Thu, 08 Feb 2024 03:02:54 +0000
Subject: [PATCH v2] fs/mnt_idmapping.c: Return -EINVAL when no map is
written
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-Id: <20240208-mnt-idmap-inval-v2-1-58ef26d194e0@me.com>
X-B4-Tracking: v=1; b=H4sIAF5ExGUC/3WNyw7CIBQFf6W5azE8bMWu/A/TBRSwNxFooCGah
n8Xu3c5k5w5O2Sb0GYYux2SLZgxhgb81MG8qPC0BE1j4JRfKKcD8WFryquVYCjqRZg0QoneSeE
MtNWarMP3UXxMjRfMW0yf46Cwn/3fKowwMkjtlNa3ay/E3dvzHD1MtdYvwx1MZKsAAAA=
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Seth Forshee <sforshee@kernel.org>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Taylor Jackson <taylor.a.jackson@me.com>
X-Mailer: b4 0.12.4
X-Developer-Signature: v=1; a=ed25519-sha256; t=1707361379; l=1297;
i=taylor.a.jackson@me.com; s=20240206; h=from:subject:message-id;
bh=y6gRCATQD4BQ+HtUr3Y6tmpmjhF1EH0eWIIzJbmFHZw=;
b=xgJWSv9ONnVT6GLyCRj6fBt71hj75Q+dupY5rzp8TyN5h3llr5WNNsvfSWm0VOyXJP1K/yq6o
323miYF4kyXCKxCPSsqNNvQBBGURN9XwnlJuC4SIqzgv2/LTWvpqcjR
X-Developer-Key: i=taylor.a.jackson@me.com; a=ed25519;
pk=NO7ntQpjIG1IGTO7F8OnLJDKSHUakhrhAli+PL72OLA=
X-Endpoint-Received:
by B4 Relay for taylor.a.jackson@me.com/20240206 with auth_id=127
X-Original-From: Taylor Jackson <taylor.a.jackson@me.com>
Reply-To: <taylor.a.jackson@me.com>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1790298191763775390
X-GMAIL-MSGID: 1790298191763775390
|
| Series |
[v2] fs/mnt_idmapping.c: Return -EINVAL when no map is written
|
|
Commit Message
Taylor Jackson via B4 Relay
Feb. 8, 2024, 3:02 a.m. UTC
From: Taylor Jackson <taylor.a.jackson@me.com> Currently, it is possible to create an idmapped mount using a user namespace without any mappings. However, this yields an idmapped mount that doesn't actually map the ids. With the following change, it will no longer be possible to create an idmapped mount when using a user namespace with no mappings, and will instead return EINVAL, an “invalid argument” error code. Reviewed-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Taylor Jackson <taylor.a.jackson@me.com> --- Changes in v2: - Updated commit message based on feedback - Link to v1: https://lore.kernel.org/r/20240206-mnt-idmap-inval-v1-1-68bfabb97533@me.com --- fs/mnt_idmapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: 54be6c6c5ae8e0d93a6c4641cb7528eb0b6ba478 change-id: 20240206-mnt-idmap-inval-18d3a35f83fd Best regards,
Comments
On Thu, 08 Feb 2024 03:02:54 +0000, Taylor Jackson wrote: > Currently, it is possible to create an idmapped mount using a user > namespace without any mappings. However, this yields an idmapped > mount that doesn't actually map the ids. With the following change, > it will no longer be possible to create an idmapped mount when using > a user namespace with no mappings, and will instead return EINVAL, > an “invalid argument” error code. > > [...] Thanks for the fix! In case you're interested, it would be worth expanding tool/testing/selftests/mount_setattr to verify that it's now impossible to use an empty idmapping. But note, that currently tool/testing/selftests/mount_setattr/ is broken because the tests assume that tmpfs cannot be idmapped which hasn't been true for a long time. --- Applied to the vfs.misc branch of the vfs/vfs.git tree. Patches in the vfs.misc branch should appear in linux-next soon. Please report any outstanding bugs that were missed during review in a new review to the original patch series allowing us to drop it. It's encouraged to provide Acked-bys and Reviewed-bys even though the patch has now been applied. If possible patch trailers will be updated. Note that commit hashes shown below are subject to change due to rebase, trailer updates or similar. If in doubt, please check the listed branch. tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git branch: vfs.misc [1/1] fs/mnt_idmapping.c: Return -EINVAL when no map is written https://git.kernel.org/vfs/vfs/c/b4291c7fd9e5
diff --git a/fs/mnt_idmapping.c b/fs/mnt_idmapping.c index 64c5205e2b5e..3c60f1eaca61 100644 --- a/fs/mnt_idmapping.c +++ b/fs/mnt_idmapping.c @@ -214,7 +214,7 @@ static int copy_mnt_idmap(struct uid_gid_map *map_from, * anything at all. */ if (nr_extents == 0) - return 0; + return -EINVAL; /* * Here we know that nr_extents is greater than zero which means