From patchwork Fri Jun 30 11:08:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Gladkov X-Patchwork-Id: 114686 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp10281602vqr; Fri, 30 Jun 2023 04:24:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ52OO12bz4O0/YJN6/eNoSGBgyMR/5G6K7jncOIkp08UOzjr9rxXjrKKGemLyEByYTuCfjp X-Received: by 2002:a17:90a:86ca:b0:259:a7a6:26f9 with SMTP id y10-20020a17090a86ca00b00259a7a626f9mr8684567pjv.21.1688124264789; Fri, 30 Jun 2023 04:24:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688124264; cv=none; d=google.com; s=arc-20160816; b=DdB8+fjcxoYV4eQkpfcHXj2iqQqRWhdX7vSd2NDjf88gU6s4Nz6JVSACxIOg9c5v9O LjwoDMnWae20N4LYwWerE0XD+L76HQPeTdXnrYa3HgztvwXRHezgffnox1nanFMg53ki jdEs43dpI6lNKVwPUZr5F5D57AhtkFdAfM7BupELzN3iTusfvw7yhx4tdwDez6/78KDN gaOo4n2aylU+nqsGQuLqhbbqkzvlbFChfewaXIFgDVBhr04U3sqnk7KyiKGOpxqPrjlc hcTVpOp84mn75ydN9cmS7OhKUW+AOczmEjXE/lLkpEvYzrBeXexAR5NuGdiWQQ1y7eg+ GzGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=XIBqZCpBzLJtgaJ/9XIBwuSlT4WWVBuaA/7b7B0jloI=; fh=OArF2ZhbGojyOQqjX3bgmAq2CC7CD7GTko4v/7ZF9uw=; b=hovDP+nfdfxuNXgvH2ujVw6V/Sb/J7RHSiP/Yx2TWshEHee/8+g9UqQqmM6MbvNA0F ZYUbPZV+t7Do5Gp5PBIf9fvPXjZuf2gwLHC24V6AO1Fh6A4TpO83vljH2ayYvvkIQN+b ZfnAomxGdmY8C7EwHUmtvDT3P9oy67OZ8GWDdXWp3ToY7ZEMK0VsKHSFPxlb0AGeJV/+ YBUe09kMXC2PntLsFfOw90Wk4Tm0ymCDe/DP0QCWzmip/psgFK5BIwGHAsp6PkkSqwzJ eINRsn01iJKIgtxfyH5IPig3ycQu/Kf/Q9pIxSs5pLe6W3ppiBGVjQJoWOrrOgsVyadd PSGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 11-20020a630f4b000000b00553c2f85085si12569062pgp.220.2023.06.30.04.24.11; Fri, 30 Jun 2023 04:24:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232783AbjF3LM2 (ORCPT + 99 others); Fri, 30 Jun 2023 07:12:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232316AbjF3LL7 (ORCPT ); Fri, 30 Jun 2023 07:11:59 -0400 X-Greylist: delayed 67 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Fri, 30 Jun 2023 04:11:51 PDT Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4215E4206 for ; Fri, 30 Jun 2023 04:11:50 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-58-9uE2y5jYOzqoK4RnKsOZFA-1; Fri, 30 Jun 2023 07:10:42 -0400 X-MC-Unique: 9uE2y5jYOzqoK4RnKsOZFA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9289310504B0; Fri, 30 Jun 2023 11:10:41 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.45.226.211]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4E03F200A3AD; Fri, 30 Jun 2023 11:10:40 +0000 (UTC) From: Alexey Gladkov To: Alexander Viro , Alexei Starovoitov , Christian Brauner Cc: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v1] fs: Add kfuncs to handle idmapped mounts Date: Fri, 30 Jun 2023 13:08:25 +0200 Message-Id: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770126588933584884?= X-GMAIL-MSGID: =?utf-8?q?1770126588933584884?= Since the introduction of idmapped mounts, file handling has become somewhat more complicated. If the inode has been found through an idmapped mount the idmap of the vfsmount must be used to get proper i_uid / i_gid. This is important, for example, to correctly take into account idmapped files when caching, LSM or for an audit. Signed-off-by: Alexey Gladkov --- fs/mnt_idmapping.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/fs/mnt_idmapping.c b/fs/mnt_idmapping.c index 4905665c47d0..ba98ce26b883 100644 --- a/fs/mnt_idmapping.c +++ b/fs/mnt_idmapping.c @@ -6,6 +6,7 @@ #include #include #include +#include #include "internal.h" @@ -271,3 +272,71 @@ void mnt_idmap_put(struct mnt_idmap *idmap) kfree(idmap); } } + +__diag_push(); +__diag_ignore_all("-Wmissing-prototypes", + "Global functions as their definitions will be in vmlinux BTF"); + +/** + * bpf_is_idmapped_mnt - check whether a mount is idmapped + * @mnt: the mount to check + * + * Return: true if mount is mapped, false if not. + */ +__bpf_kfunc bool bpf_is_idmapped_mnt(struct vfsmount *mnt) +{ + return is_idmapped_mnt(mnt); +} + +/** + * bpf_file_mnt_idmap - get file idmapping + * @file: the file from which to get mapping + * + * Return: The idmap for the @file. + */ +__bpf_kfunc struct mnt_idmap *bpf_file_mnt_idmap(struct file *file) +{ + return file_mnt_idmap(file); +} + +/** + * bpf_inode_into_vfs_ids - map an inode's i_uid and i_gid down according to an idmapping + * @idmap: idmap of the mount the inode was found from + * @inode: inode to map + * + * The inode's i_uid and i_gid mapped down according to @idmap. If the inode's + * i_uid or i_gid has no mapping INVALID_VFSUID or INVALID_VFSGID is returned in + * the corresponding position. + * + * Return: A 64-bit integer containing the current GID and UID, and created as + * such: *gid* **<< 32 \|** *uid*. + */ +__bpf_kfunc uint64_t bpf_inode_into_vfs_ids(struct mnt_idmap *idmap, + const struct inode *inode) +{ + vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode); + vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode); + + return (u64) __vfsgid_val(vfsgid) << 32 | + __vfsuid_val(vfsuid); +} + +__diag_pop(); + +BTF_SET8_START(idmap_btf_ids) +BTF_ID_FLAGS(func, bpf_is_idmapped_mnt) +BTF_ID_FLAGS(func, bpf_file_mnt_idmap) +BTF_ID_FLAGS(func, bpf_inode_into_vfs_ids) +BTF_SET8_END(idmap_btf_ids) + +static const struct btf_kfunc_id_set idmap_kfunc_set = { + .owner = THIS_MODULE, + .set = &idmap_btf_ids, +}; + +static int __init bpf_idmap_kfunc_init(void) +{ + return register_btf_kfunc_id_set(BPF_PROG_TYPE_UNSPEC, &idmap_kfunc_set); +} + +late_initcall(bpf_idmap_kfunc_init);