From patchwork Mon Jan 8 12:08:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185932 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp974642dyq; Mon, 8 Jan 2024 04:10:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IHeL7UYMHea8x19LUyL3Bhu1CP0AI0J697aWHmQrJrPMycTKtboDmJucDopFwlP+Py4BhGz X-Received: by 2002:a05:6a20:840d:b0:199:5201:241b with SMTP id c13-20020a056a20840d00b001995201241bmr1046238pzd.41.1704715836033; Mon, 08 Jan 2024 04:10:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715836; cv=none; d=google.com; s=arc-20160816; b=Z41W5eiHftcCdJKdJAhjtSg1sLyloJ4ggI6Qe69prksjA1OKUnSSiomkycRXDLqI/7 OM3SJaEE5VIH9r2rOq88i/S/488ITtc/9kmJlIRVm/Z5UaQgdvQGW+ofi51lSVu/XV/f z91iL/wpoVVWTKRTiGGhbE3L0kthiDlQ0KB4EpMM9fIe4ij2RkyRLFlv5WYyZ6oI/OS4 HD7c16WLJsnmPquT/m7BBnINCfMXaKRZqS0thELqkIsZVc0zzEBfaKCHomIG62yIBjfd X3NzGWL51NtBTQPUdsFtlsln6OPna6E4wGgQwMGCdIsS+zc3k+nmM+QNsYfVV1D/idi4 cZLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=GtdhYLDKs9o20JRSF0JGIkdiKLo4c8K8/G8DvoYAW44=; fh=8E5U/GA6pNBgXza3P+qieAQAribgE3wivZRN7rxqpbw=; b=q62OwNXuNMzLMDoI9vcUWQRGxiq3x1KPdDORe34MRK3TtxxWeSxdek5W/Rcarqgjfe W2ARhzU5CJgm8p/RTNOwK+cvOloB5iBcJLMLnLCpCeb9BRBRsjx2c8RVnHasmaYde44r K5UGM1mc0uoFWcBm70XWV5GfPGvCXCK72XEse5GG0TEnQuMYqGAl1bNVTuwWDzQqJ8Sy sNfpE239B73W/uxbffVj/j4kN2cjPe4IYhe1eKG80AMq38C3NhMLCIEjxjQETbBiBCeV bo5gEwJMDcOmxESqV0URKirAgBUzjSf44KL4OXu7AnDVV8TxHEEt/lZJR6nAQ4On1cQB 1ToA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=jy6tpFZh; spf=pass (google.com: domain of linux-kernel+bounces-19472-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19472-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id z129-20020a626587000000b006d9a170f053si5954542pfb.201.2024.01.08.04.10.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19472-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=jy6tpFZh; spf=pass (google.com: domain of linux-kernel+bounces-19472-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19472-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id CD5F82836D4 for ; Mon, 8 Jan 2024 12:10:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BC5E3405D6; Mon, 8 Jan 2024 12:10:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="jy6tpFZh" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88D243FE44 for ; Mon, 8 Jan 2024 12:10:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id A2AF63F745 for ; Mon, 8 Jan 2024 12:09:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715799; bh=GtdhYLDKs9o20JRSF0JGIkdiKLo4c8K8/G8DvoYAW44=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jy6tpFZhfYdMKPc2T1yw/AlsYk6up/wkEUIJGDNovxV5t6t5jdqH99sS/u2QstfSR XRWa6kEVslGqkz6HSenY6qhAQwB9IcvOsozqhqZBYKjdYqO1I5is1AT20cLWGcc0FR 94v1aUoxtjwlszZabirRWKWCYdZX0bhFYi6WlLjpDQm2WBR/bFAUFfSWbtfClfn//O HYp+zsuN3z6K9SWM59S7F6zwSeryFxcrUhRz9R4xH9DnBWmhChaqvMIQhjTWBVWyTj EERJcFeZ0B5GBr3iY+ZhC5k4HLCm7Q6D8+ZlQf2QDVC/oM6ycmcp6tQub6dRFPTXk0 G114XajQD8jqA== Received: by mail-lf1-f72.google.com with SMTP id 2adb3069b0e04-50e8b929997so868988e87.0 for ; Mon, 08 Jan 2024 04:09:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715798; x=1705320598; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GtdhYLDKs9o20JRSF0JGIkdiKLo4c8K8/G8DvoYAW44=; b=ILsgLUPhFIunGJFN1tUDP5YLvuK26ZKkju6Q29Ru1rKb6MSy3OqpDzSOdrub8luKtk nPFO81v94RrKkXj3/ITXTT0/4yuc6yFuJ/ylsknuvZcRfG6lts45McYJCZFBqTJ25ejf zVCcETq+Pi98aIwnj+mmakdp2ACfJeFS6sL1RGbg28Ugh5cX9V/eXW+387kvA1d+z/Sg VqaQIgJH8kry8+LlHqXZD8CjHu3qRZ34pqJ1DbRHH62ykDBlwR1IVnLqNBbPV2vSH8zI fZxzXMyzDxcBmtl3RDrfz2M6nPpEkV0BvI1ictL1DAeROGNzvlxC5Qeht9kaVNW6P3FD CTHg== X-Gm-Message-State: AOJu0YwDWlqwAY6EuHRvwwXhTVTGc6eyn/Rq3sGzR3vRu6+/0tSpkBeu 6fTBU31ue4axSyfh5X260T5JAxh0ex2tR9XMjuPyLJdCWmXF4Qljo/rz4Hr1tLGX6WShQzRg0Pq +4I+Jv7qpKcymGKrzlft3YBdEaLmfy2wwdfbDEAUJoFXOwA8k X-Received: by 2002:a05:6512:10d6:b0:50e:75ee:ec46 with SMTP id k22-20020a05651210d600b0050e75eeec46mr795193lfg.2.1704715798664; Mon, 08 Jan 2024 04:09:58 -0800 (PST) X-Received: by 2002:a05:6512:10d6:b0:50e:75ee:ec46 with SMTP id k22-20020a05651210d600b0050e75eeec46mr795186lfg.2.1704715798368; Mon, 08 Jan 2024 04:09:58 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.09.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:09:57 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , Alexander Viro , linux-kernel@vger.kernel.org Subject: [PATCH v1 1/9] fs/namespace: introduce fs_type->allow_idmap hook Date: Mon, 8 Jan 2024 13:08:16 +0100 Message-Id: <20240108120824.122178-2-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524112697867642 X-GMAIL-MSGID: 1787524112697867642 Right now we determine if filesystem support vfs idmappings or not basing on the FS_ALLOW_IDMAP flag presence. This "static" way works perfecly well for local filesystems like ext4, xfs, btrfs, etc. But for network-like filesystems like fuse, cephfs this approach is not ideal, because sometimes proper support of vfs idmaps requires some extensions for the on-wire protocol, which implies that changes have to be made not only in the Linux kernel code but also in the 3rd party components like libfuse, cephfs MDS server and so on. We have seen that issue during our work on cephfs idmapped mounts [1] with Christian, but right now I'm working on the idmapped mounts support for fuse and I think that it is a right time for this extension. [1] 5ccd8530dd7 ("ceph: handle idmapped mounts in create_request_message()") Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/namespace.c | 3 ++- include/linux/fs.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/namespace.c b/fs/namespace.c index fbf0e596fcd3..02eb47b3d728 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4300,7 +4300,8 @@ static int can_idmap_mount(const struct mount_kattr *kattr, struct mount *mnt) return -EPERM; /* The underlying filesystem doesn't support idmapped mounts yet. */ - if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP)) + if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP) || + (m->mnt_sb->s_type->allow_idmap && !m->mnt_sb->s_type->allow_idmap(m->mnt_sb))) return -EINVAL; /* We're not controlling the superblock. */ diff --git a/include/linux/fs.h b/include/linux/fs.h index 98b7a7a8c42e..f2e373b5420a 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2377,6 +2377,7 @@ struct file_system_type { #define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */ int (*init_fs_context)(struct fs_context *); const struct fs_parameter_spec *parameters; + bool (*allow_idmap)(struct super_block *); struct dentry *(*mount) (struct file_system_type *, int, const char *, void *); void (*kill_sb) (struct super_block *); From patchwork Mon Jan 8 12:08:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185933 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp974849dyq; Mon, 8 Jan 2024 04:10:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IFh6x/ULMkxAJu0RnDZ4NRjFqrTc/f/cS+pJlhxnO/xBjpjGptLLSiqQivxULH7XOYHbT4W X-Received: by 2002:a05:6871:341e:b0:205:dab5:c019 with SMTP id nh30-20020a056871341e00b00205dab5c019mr5043393oac.24.1704715856534; Mon, 08 Jan 2024 04:10:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715856; cv=none; d=google.com; s=arc-20160816; b=b6MN8sIT7OYl1Lcpgbb//XCcuH5pUkYkd3NquZNRAvmC1VqCNYuIf78ymCiypyle66 wp1ekChYE384HIAb9XVPkUEk/O+VqfGi8Gf+tm9KLEy1J6h1tYTWuFhrrVYbmUCIZCAk 1psKEgZ3+OfJpRPssOmYx7l8VqNHUL9D9wGEmSoVhUPnqVBTiPr20hUEAVD/0n6SrhNz 5WpTbh4/jkGE6fPYRSVJF1VfySFFVPzbzkAFSC2YPYvobczi1dxAAqwhiyvts7+0qDVb n6W+X61xPZ3qPR7vDDHD4BotnwoV/hqxjctqt9v1e2nLLSfU/egaZJ0IrCEDLB+ic+yT tZYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=mr8sbzdAtqXe7/XkmKXPwVfGObhH4DN7fFUmLFyq+MA=; fh=vxClyPjkIB/lFHrzW3whb23CU5E3BkvNRA+FsimnYj4=; b=VNu/reemrcJTvDGU98kEtRWdbiZcpcjUhHB6xjpMmUXYO1z+Htuva402Z24KrBK/uA 90yWsZFTFa+IjASn2Namc65YJqBu/DSbmGEqliMsmj6mADSPCChAMwYy8UwklJQ4lieN A7yUjfrVIUlMeLF4tyjzIPMBqJ6QEhryYqMI0B1vsSAKMJk1CkVG7OY4Zb4J1iVbGBQ1 AV2Uep7fxjTT98CPN0m6h+RSZG1FzeczGY0uOPcatBJsB0ng3ikwDef0ouH60PcKjpcv ok5APjrRdjcQ0039XhRo4M8w1STuqkV+1gQhIorUbBPMNt0KoLiJRKzuGCNykEbhSbpx rdgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=HPWJVlBJ; spf=pass (google.com: domain of linux-kernel+bounces-19473-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19473-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id i68-20020a636d47000000b005c65d0dd9a0si5993716pgc.503.2024.01.08.04.10.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19473-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=HPWJVlBJ; spf=pass (google.com: domain of linux-kernel+bounces-19473-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19473-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 451FB283706 for ; Mon, 8 Jan 2024 12:10:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 06D1B40BEF; Mon, 8 Jan 2024 12:10:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="HPWJVlBJ" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C86D3405DE for ; Mon, 8 Jan 2024 12:10:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id B17463F743 for ; Mon, 8 Jan 2024 12:10:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715805; bh=mr8sbzdAtqXe7/XkmKXPwVfGObhH4DN7fFUmLFyq+MA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=HPWJVlBJuS2/jrNzHxbrlHJeBlg0hB9uxPmoWr1lzlCKwNhiSSUcM6lMs7R6tUzJq r3dQPNXoFixG2MCxScHs/Ooh/omTc8eYp18PD6dUtFh/w3IoQwo9/pkFutETLfcgM5 cUWY0mBK4BZTE21tamOYrxNiW6fZmma/ZsjLUhmVN/Lp41+7Ag88rcuKBd//XA+oL6 aBDnL66zlZf74d5+59eXBf1nlP8aXoLxgafBMfjIgO5fFyy4QVW7ZQEjVLOf9dhwAv 5A/jyX0rI69gJwy2bTDYtBCGY4Ian4DzGLSCjZVDmzg9yugxM+s9NdguDQjJn07p2H eYxZleO7MU/Yw== Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-50e5195db01so1062833e87.3 for ; Mon, 08 Jan 2024 04:10:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715805; x=1705320605; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mr8sbzdAtqXe7/XkmKXPwVfGObhH4DN7fFUmLFyq+MA=; b=NYKVVIjTJyYRA0y+yCGp7uIjFyZHz8cRdXsXmOKVjSaxMI9EjQ+IORqr9ntHXD5AcM RHaAgAxL9CgeTL+GMN55rNld+z645B3UK1tPeH/c8GfY11lZLntEIA9CuFu+InQeriSO /0TcUBmXV1cES7KJizxN56/8+4I6h8DAPJvlzd5RF+i2Ay2lLLpu8EdbCvOKDclkdT69 iZie01g8EsgbKCHovgmrtrXun/NT5H6NRWkqVKraMK5NSQ2NCY0WsM2G+Lxp4wsEhgci FenWMQ1O9Fdj07H1InvSrGAvPncStlGu5RHaHRWBjwAxExU2X4ZywK3r5qBMzfwCGkLi u/Bw== X-Gm-Message-State: AOJu0YzhgWHBU+lbKuuZxG//Mkwj/72zWQ7fJe7yjsPqCnudWhf+ogon C9ZkBfOiMJ+fXatlFrsD0Lz2/SHf4z8YmNOX26ppDajZYMChpDVd2l/+IaYRqebnPfrOhQGMCPs 2nnWk+KL7H8i09TMYgdDDgFntn+k2C6e9xdXlS9bL2GGgC7yp X-Received: by 2002:ac2:5e33:0:b0:50e:52ea:771e with SMTP id o19-20020ac25e33000000b0050e52ea771emr1121325lfg.138.1704715805174; Mon, 08 Jan 2024 04:10:05 -0800 (PST) X-Received: by 2002:ac2:5e33:0:b0:50e:52ea:771e with SMTP id o19-20020ac25e33000000b0050e52ea771emr1121313lfg.138.1704715804894; Mon, 08 Jan 2024 04:10:04 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:04 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Miklos Szeredi , Seth Forshee , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 2/9] fs/fuse: add FUSE_OWNER_UID_GID_EXT extension Date: Mon, 8 Jan 2024 13:08:17 +0100 Message-Id: <20240108120824.122178-3-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524134162368309 X-GMAIL-MSGID: 1787524134162368309 To properly support vfs idmappings we need to provide a fuse daemon with the correct owner uid/gid for inode creation requests like mkdir, mknod, atomic_open, symlink. Right now, fuse daemons use req->in.h.uid/req->in.h.gid to set inode owner. These fields contain fsuid/fsgid of the syscall's caller. And that's perfectly fine, because inode owner have to be set to these values. But, for idmapped mounts it's not the case and caller fsuid/fsgid != inode owner, because idmapped mounts do nothing with the caller fsuid/fsgid, but affect inode owner uid/gid. It means that we can't apply vfsid mapping to caller fsuid/fsgid, but instead we have to introduce a new fields to store inode owner uid/gid which will be appropriately transformed. Christian and I have done the same to support idmapped mounts in the cephfs recently [1]. [1] 5ccd8530 ("ceph: handle idmapped mounts in create_request_message()") Cc: Miklos Szeredi Cc: Christian Brauner Cc: Seth Forshee Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/dir.c | 34 +++++++++++++++++++++++++++++++--- fs/fuse/fuse_i.h | 3 +++ fs/fuse/inode.c | 4 +++- include/uapi/linux/fuse.h | 19 +++++++++++++++++++ 4 files changed, 56 insertions(+), 4 deletions(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 6f5f9ff95380..e78ad4742aef 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -568,7 +568,33 @@ static int get_create_supp_group(struct inode *dir, struct fuse_in_arg *ext) return 0; } -static int get_create_ext(struct fuse_args *args, +static int get_owner_uid_gid(struct mnt_idmap *idmap, struct fuse_conn *fc, struct fuse_in_arg *ext) +{ + struct fuse_ext_header *xh; + struct fuse_owner_uid_gid *owner_creds; + u32 owner_creds_len = fuse_ext_size(sizeof(*owner_creds)); + kuid_t owner_fsuid; + kgid_t owner_fsgid; + + xh = extend_arg(ext, owner_creds_len); + if (!xh) + return -ENOMEM; + + xh->size = owner_creds_len; + xh->type = FUSE_EXT_OWNER_UID_GID; + + owner_creds = (struct fuse_owner_uid_gid *) &xh[1]; + + owner_fsuid = mapped_fsuid(idmap, fc->user_ns); + owner_fsgid = mapped_fsgid(idmap, fc->user_ns); + owner_creds->uid = from_kuid(fc->user_ns, owner_fsuid); + owner_creds->gid = from_kgid(fc->user_ns, owner_fsgid); + + return 0; +} + +static int get_create_ext(struct mnt_idmap *idmap, + struct fuse_args *args, struct inode *dir, struct dentry *dentry, umode_t mode) { @@ -580,6 +606,8 @@ static int get_create_ext(struct fuse_args *args, err = get_security_context(dentry, mode, &ext); if (!err && fc->create_supp_group) err = get_create_supp_group(dir, &ext); + if (!err && fc->owner_uid_gid_ext) + err = get_owner_uid_gid(idmap, fc, &ext); if (!err && ext.size) { WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args)); @@ -662,7 +690,7 @@ static int fuse_create_open(struct inode *dir, struct dentry *entry, args.out_args[1].size = sizeof(outopen); args.out_args[1].value = &outopen; - err = get_create_ext(&args, dir, entry, mode); + err = get_create_ext(&nop_mnt_idmap, &args, dir, entry, mode); if (err) goto out_put_forget_req; @@ -790,7 +818,7 @@ static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args, args->out_args[0].value = &outarg; if (args->opcode != FUSE_LINK) { - err = get_create_ext(args, dir, entry, mode); + err = get_create_ext(&nop_mnt_idmap, args, dir, entry, mode); if (err) goto out_put_forget_req; } diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 1df83eebda92..15ec95dea276 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -806,6 +806,9 @@ struct fuse_conn { /* Add supplementary group info when creating a new inode */ unsigned int create_supp_group:1; + /* Add owner_{u,g}id info when creating a new inode */ + unsigned int owner_uid_gid_ext:1; + /* Does the filesystem support per inode DAX? */ unsigned int inode_dax:1; diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index ab824a8908b7..08cd3714b32d 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1284,6 +1284,8 @@ static void process_init_reply(struct fuse_mount *fm, struct fuse_args *args, fc->create_supp_group = 1; if (flags & FUSE_DIRECT_IO_ALLOW_MMAP) fc->direct_io_allow_mmap = 1; + if (flags & FUSE_OWNER_UID_GID_EXT) + fc->owner_uid_gid_ext = 1; } else { ra_pages = fc->max_read / PAGE_SIZE; fc->no_lock = 1; @@ -1330,7 +1332,7 @@ void fuse_send_init(struct fuse_mount *fm) FUSE_NO_OPENDIR_SUPPORT | FUSE_EXPLICIT_INVAL_DATA | FUSE_HANDLE_KILLPRIV_V2 | FUSE_SETXATTR_EXT | FUSE_INIT_EXT | FUSE_SECURITY_CTX | FUSE_CREATE_SUPP_GROUP | - FUSE_HAS_EXPIRE_ONLY | FUSE_DIRECT_IO_ALLOW_MMAP; + FUSE_HAS_EXPIRE_ONLY | FUSE_DIRECT_IO_ALLOW_MMAP | FUSE_OWNER_UID_GID_EXT; #ifdef CONFIG_FUSE_DAX if (fm->fc->dax) flags |= FUSE_MAP_ALIGNMENT; diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h index e7418d15fe39..ebe82104b172 100644 --- a/include/uapi/linux/fuse.h +++ b/include/uapi/linux/fuse.h @@ -211,6 +211,10 @@ * 7.39 * - add FUSE_DIRECT_IO_ALLOW_MMAP * - add FUSE_STATX and related structures + * + * 7.40 + * - add FUSE_EXT_OWNER_UID_GID + * - add FUSE_OWNER_UID_GID_EXT */ #ifndef _LINUX_FUSE_H @@ -410,6 +414,8 @@ struct fuse_file_lock { * symlink and mknod (single group that matches parent) * FUSE_HAS_EXPIRE_ONLY: kernel supports expiry-only entry invalidation * FUSE_DIRECT_IO_ALLOW_MMAP: allow shared mmap in FOPEN_DIRECT_IO mode. + * FUSE_OWNER_UID_GID_EXT: add inode owner UID/GID info to create, mkdir, + * symlink and mknod */ #define FUSE_ASYNC_READ (1 << 0) #define FUSE_POSIX_LOCKS (1 << 1) @@ -452,6 +458,7 @@ struct fuse_file_lock { /* Obsolete alias for FUSE_DIRECT_IO_ALLOW_MMAP */ #define FUSE_DIRECT_IO_RELAX FUSE_DIRECT_IO_ALLOW_MMAP +#define FUSE_OWNER_UID_GID_EXT (1ULL << 37) /** * CUSE INIT request/reply flags @@ -561,11 +568,13 @@ struct fuse_file_lock { * extension type * FUSE_MAX_NR_SECCTX: maximum value of &fuse_secctx_header.nr_secctx * FUSE_EXT_GROUPS: &fuse_supp_groups extension + * FUSE_EXT_OWNER_UID_GID: &fuse_owner_uid_gid extension */ enum fuse_ext_type { /* Types 0..31 are reserved for fuse_secctx_header */ FUSE_MAX_NR_SECCTX = 31, FUSE_EXT_GROUPS = 32, + FUSE_EXT_OWNER_UID_GID = 33, }; enum fuse_opcode { @@ -1153,4 +1162,14 @@ struct fuse_supp_groups { uint32_t groups[]; }; +/** + * struct fuse_owner_uid_gid - Inode owner UID/GID extension + * @uid: inode owner UID + * @gid: inode owner GID + */ +struct fuse_owner_uid_gid { + uint32_t uid; + uint32_t gid; +}; + #endif /* _LINUX_FUSE_H */ From patchwork Mon Jan 8 12:08:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185934 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp975035dyq; Mon, 8 Jan 2024 04:11:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IF/kQnwrRR8VXDAiIzjarmv1Yr8Yy26Rgyje5BR4ii99EDttwcpCrMzrsGIOGrgZwptm1hl X-Received: by 2002:a05:6a20:6a2b:b0:199:3fde:1226 with SMTP id p43-20020a056a206a2b00b001993fde1226mr1115090pzk.46.1704715878904; Mon, 08 Jan 2024 04:11:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715878; cv=none; d=google.com; s=arc-20160816; b=004/yk/eSVQSQeho1zuTh/My5Rm0ClqOl1beW5RtStCD/cbZyNxaXIwgNlpqhdOj5X RuwnsrLioRfcfi1OnSTtQvNQ3LqWNQggexrtKCKWFZGamjDwQaN0o5tJVbHI57Ci9iRe 7wn7N9d0rQE87pwvk3vi+1kofDtcIIkSZtELwXly0McDaviW2ZTRdDwlBb7gcWXnQ+Sa uackU1fHz/uzTd5Gh8C1ntTE2821tgbmOHwkydoUjoKYQdcqdFaWobk9SSSJBLweE+Cy ZvY41DuR7sDDUTUEvn8blxjvdkJ4ESE+AJSO5eOEod0W3Sgfxau80w/dOkeSOt8ADmD6 p8Uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Qlcho8chuufL9JmbPqtNzk4zs+rMss6COIQOi9IfnOw=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=v4BT8jGLBRXyNyNK4TCr7N/9JWtZskGR67wHWDMWhq8xqiohSdNK6JPYcNXyLPYqMp LyK7wxToCtCpj5hyeJ53PpO/2wOGuzHbqu9NnfpGrIDmBOLWTronTS6EuVpzlZGxoWkH MZviorczTkE7imdm9LqOmmONn2ZSzBg1O6HnSwM65LV4V/HMj+hA+UhecFZEVcMjFVeS hQ3yDO5we6XwmPn+YTe0V1oonPcU30wYHnn6YaOOKubtm+sP575RPimxDpXDPywf54AV H0DpK+qWc2oSjKXzIMrEpEvBUTZ2Rfb0bjYEANRVJ+mP4NgyrWcPHj65wCw9x5Z245Ye XTpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=Z7OPTZJq; spf=pass (google.com: domain of linux-kernel+bounces-19474-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19474-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id l65-20020a633e44000000b005cec620c36esi6154475pga.460.2024.01.08.04.11.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:11:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19474-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=Z7OPTZJq; spf=pass (google.com: domain of linux-kernel+bounces-19474-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19474-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A027D2836F8 for ; Mon, 8 Jan 2024 12:11:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2D9C640C16; Mon, 8 Jan 2024 12:10:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="Z7OPTZJq" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3A6840BE1 for ; Mon, 8 Jan 2024 12:10:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id DBB9E3F45F for ; Mon, 8 Jan 2024 12:10:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715808; bh=Qlcho8chuufL9JmbPqtNzk4zs+rMss6COIQOi9IfnOw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Z7OPTZJqsSTCPqB11nkcuok0NL+getiF4kfHK53/PNFHn4Uv6aemMR2Mi8FRhBfce OLeTmwjJvMdHJhOSD72VFNp7V5nSJGjB55xuSydr/h2o/reKMPLRVhzB4oTh1TbWhX 4xipx579TV4Pz8xvrVbGynKilJd/fqS3Erh+2EoylL417h74enGWvTvgHbxm4l9+tF 25pR/2l3JjaPAsxJ/fQH2W08XaKs7IBQfQ7VJQniQf48hg9hgufNKQbukv23+Um4mL E9DTG1mmSEyejnSCJlgdRJSDVkwLX65eGa4BoydvwG6o4xG5h1v6wfFPfgobN1CoKy kp8IKWpUGrfSg== Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-2cccdcfea74so14473561fa.1 for ; Mon, 08 Jan 2024 04:10:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715808; x=1705320608; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Qlcho8chuufL9JmbPqtNzk4zs+rMss6COIQOi9IfnOw=; b=AsVgEgKJFA1Fa6R/plZeSCdTMaYZK/JjVhgsXH1gHxDS+hQZAWlz4L6IoiYvNvdrMQ 0dEb4HlSDwpTQooe61hFOeIu1ImZPcxyt9D+UQRRJqKSa+xGMHec1U2lUNjf4xmiyp7e MzfL2mYpz8DqQ4EFZzYdKw1/n8WiYzhhekBMsuSTJBac4XNly9pKcJesrNF3YX2RsZva RrnfI3E6XycxyJgAx4NJL2vKmTl6t6ASw5Zl6og02Yab1tkD+L2SZi72obI28r9/5y0H fborfjddAQpLNn+DIFW7rqgTfwLOO3ssF8kRYP4C4vE+w1P1nyZRZrLbo832b2q7ma/Z k7pg== X-Gm-Message-State: AOJu0YwZ39aTU1bIXy1TBQt1FC/ImVDL1qJGAP6Cwl5L85VIvOav8+mp 3OZ/Llh1fZZzYIRT/wQi8o4YuIjKHjGKc+EHoXU5BttxoHntUxgHlXrXPIfvsNtclZUEF4Jl0dT VOccms4dRtzZRe1+HS2zMlzCBo61sgkaz3VOv320Czxvtv0/b X-Received: by 2002:a2e:3005:0:b0:2cc:8545:d6f9 with SMTP id w5-20020a2e3005000000b002cc8545d6f9mr1455633ljw.15.1704715808314; Mon, 08 Jan 2024 04:10:08 -0800 (PST) X-Received: by 2002:a2e:3005:0:b0:2cc:8545:d6f9 with SMTP id w5-20020a2e3005000000b002cc8545d6f9mr1455623ljw.15.1704715808045; Mon, 08 Jan 2024 04:10:08 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:07 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 3/9] fs/fuse: support idmap for mkdir/mknod/symlink/create Date: Mon, 8 Jan 2024 13:08:18 +0100 Message-Id: <20240108120824.122178-4-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524157269138854 X-GMAIL-MSGID: 1787524157269138854 We have all the infrastructure in place, we just need to pass an idmapping here. Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/dir.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index e78ad4742aef..a0968f086b62 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -633,9 +633,9 @@ static void free_ext_value(struct fuse_args *args) * If the filesystem doesn't support this, then fall back to separate * 'mknod' + 'open' requests. */ -static int fuse_create_open(struct inode *dir, struct dentry *entry, - struct file *file, unsigned int flags, - umode_t mode, u32 opcode) +static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir, + struct dentry *entry, struct file *file, + unsigned int flags, umode_t mode, u32 opcode) { int err; struct inode *inode; @@ -690,7 +690,7 @@ static int fuse_create_open(struct inode *dir, struct dentry *entry, args.out_args[1].size = sizeof(outopen); args.out_args[1].value = &outopen; - err = get_create_ext(&nop_mnt_idmap, &args, dir, entry, mode); + err = get_create_ext(idmap, &args, dir, entry, mode); if (err) goto out_put_forget_req; @@ -749,6 +749,7 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, umode_t mode) { int err; + struct mnt_idmap *idmap = file_mnt_idmap(file); struct fuse_conn *fc = get_fuse_conn(dir); struct dentry *res = NULL; @@ -773,7 +774,7 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, if (fc->no_create) goto mknod; - err = fuse_create_open(dir, entry, file, flags, mode, FUSE_CREATE); + err = fuse_create_open(idmap, dir, entry, file, flags, mode, FUSE_CREATE); if (err == -ENOSYS) { fc->no_create = 1; goto mknod; @@ -784,7 +785,7 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, return err; mknod: - err = fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0); + err = fuse_mknod(idmap, dir, entry, mode, 0); if (err) goto out_dput; no_open: @@ -794,9 +795,9 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, /* * Code shared between mknod, mkdir, symlink and link */ -static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args, - struct inode *dir, struct dentry *entry, - umode_t mode) +static int create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm, + struct fuse_args *args, struct inode *dir, + struct dentry *entry, umode_t mode) { struct fuse_entry_out outarg; struct inode *inode; @@ -818,7 +819,7 @@ static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args, args->out_args[0].value = &outarg; if (args->opcode != FUSE_LINK) { - err = get_create_ext(&nop_mnt_idmap, args, dir, entry, mode); + err = get_create_ext(idmap, args, dir, entry, mode); if (err) goto out_put_forget_req; } @@ -884,13 +885,13 @@ static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir, args.in_args[0].value = &inarg; args.in_args[1].size = entry->d_name.len + 1; args.in_args[1].value = entry->d_name.name; - return create_new_entry(fm, &args, dir, entry, mode); + return create_new_entry(idmap, fm, &args, dir, entry, mode); } static int fuse_create(struct mnt_idmap *idmap, struct inode *dir, struct dentry *entry, umode_t mode, bool excl) { - return fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0); + return fuse_mknod(idmap, dir, entry, mode, 0); } static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir, @@ -902,7 +903,7 @@ static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir, if (fc->no_tmpfile) return -EOPNOTSUPP; - err = fuse_create_open(dir, file->f_path.dentry, file, file->f_flags, mode, FUSE_TMPFILE); + err = fuse_create_open(idmap, dir, file->f_path.dentry, file, file->f_flags, mode, FUSE_TMPFILE); if (err == -ENOSYS) { fc->no_tmpfile = 1; err = -EOPNOTSUPP; @@ -929,7 +930,7 @@ static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir, args.in_args[0].value = &inarg; args.in_args[1].size = entry->d_name.len + 1; args.in_args[1].value = entry->d_name.name; - return create_new_entry(fm, &args, dir, entry, S_IFDIR); + return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR); } static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir, @@ -945,7 +946,7 @@ static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir, args.in_args[0].value = entry->d_name.name; args.in_args[1].size = len; args.in_args[1].value = link; - return create_new_entry(fm, &args, dir, entry, S_IFLNK); + return create_new_entry(idmap, fm, &args, dir, entry, S_IFLNK); } void fuse_flush_time_update(struct inode *inode) @@ -1139,7 +1140,7 @@ static int fuse_link(struct dentry *entry, struct inode *newdir, args.in_args[0].value = &inarg; args.in_args[1].size = newent->d_name.len + 1; args.in_args[1].value = newent->d_name.name; - err = create_new_entry(fm, &args, newdir, newent, inode->i_mode); + err = create_new_entry(&nop_mnt_idmap, fm, &args, newdir, newent, inode->i_mode); if (!err) fuse_update_ctime_in_cache(inode); else if (err == -EINTR) From patchwork Mon Jan 8 12:08:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185937 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp975690dyq; Mon, 8 Jan 2024 04:12:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IELJ9806zjZzRl9LND1J2zuFtI1H/4Mt7+WRu8zNpsbrrkwmSJuYMs8doha9ORw0waNjM5S X-Received: by 2002:a05:6359:5e22:b0:172:df87:456d with SMTP id pw34-20020a0563595e2200b00172df87456dmr1262145rwb.38.1704715948524; Mon, 08 Jan 2024 04:12:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715948; cv=none; d=google.com; s=arc-20160816; b=Tuya1mgBVHalopYbqHQaJAK9KTtYhpquEy57qJVr7OWMbjy4di3VGa64TBpWUFylUF EFtPoMUqDq9Q1JZqi6pYEEhGvRv+KM3u5ikG3USH6pesa1JGkVyl+rywHPyZwDIYZKdq 8y8CXexMGvROf5NaRZlhH4yVG1tah/spvvA5/wirDuKlkSDmPeUOi6P2pmK9IxGo3Of2 LIFXCEqueu+yI2wFKFUQdQglqQeDTl+my62i93Oh6zKIL4FYhosmbnC6vOyR7cfCMtTt v0dfUvzYi4bl/qHJN301YblAW28mpRTDa8dvCfMsGdQkP2/2AgxInsoc+NcmpKHu05sq 34tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=mADyhqp5Fy5mB38qoO1ZIXMT9rQkzzjtNQqjvzvAMZk=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=lMsB0n5j0cTTAYASuhv3ku6M9cAFSXM5NFTQ9ybn4eNHraM1vHucUCSS3COGuhiq7m RC15iM5eBQMaROjtGlPzHrAJ2PaK3Sx2sFtsu9dvXB3SdNTtGbocWO1Bdlic0EkxvLer PJY7h+iKfjTachPXCH/huHyTtfK+zqWafnWnxTQEbfY7ISkZyYXsQKaGtxHGm6FaY6q1 8uyT2DFrIhs2ZpbM9Mf+lbVyJL2kXLpVfKNkD9zR2yFblkUA7kI+dhpgWztryZavqMdn YRD9Ep2fRGye19HnFNB82VZxZVasxCFivylwwD4+AuSldFiGrzEW/EH90KDC6iIsghJ6 oUuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=JARV6rrm; spf=pass (google.com: domain of linux-kernel+bounces-19475-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19475-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 7-20020a056a00070700b006d9ada48b85si5987989pfl.139.2024.01.08.04.12.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:12:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19475-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=JARV6rrm; spf=pass (google.com: domain of linux-kernel+bounces-19475-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19475-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DC6F8B21FA1 for ; Mon, 8 Jan 2024 12:11:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 778564120F; Mon, 8 Jan 2024 12:10:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="JARV6rrm" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5ECD940C00 for ; Mon, 8 Jan 2024 12:10:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 66FE03F5B1 for ; Mon, 8 Jan 2024 12:10:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715811; bh=mADyhqp5Fy5mB38qoO1ZIXMT9rQkzzjtNQqjvzvAMZk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JARV6rrmrwl2dhrMxKwjtxHhcxrvvpFrG9B38kB6ZgU8sFjV0WvPP+N3Z8Qj7x8lP 2RRTd/AJAbC593xYTRenNmvwiXG+KbzjHUyvS9LcMczyqQHKrCLM51zAxWyrYUD50s +irn3t+jwSALdadtoN7qtoJzpfluHp7N2qzVsq23BvqFPYt1aZlGjHAY76cRzeJtsB zI6/pTboBLxHh0dq3ftvLHAuXz4cpxnlOpqPbppDPv+JxaGdME17pOh30y63bGpMT9 O4KGKqp9NNKGeZhqWbHNzbMh5sz+L40kiREgQcGLzuTcsIe3d9Nl6pFZxMxQct/ss9 ENsYu+ndcaTIg== Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2cce9de723cso13931911fa.0 for ; Mon, 08 Jan 2024 04:10:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715811; x=1705320611; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mADyhqp5Fy5mB38qoO1ZIXMT9rQkzzjtNQqjvzvAMZk=; b=XWUyiSreu/3w8hye2znQcI5hepUgtvHlbKmxOuORHFy2BIX76EUlYB0O1NEqQ9ruuG f0rlrYXBmHoY5+R3loMmzkvNGXzZi6rZjFgMwSG0zSx56dRICW1uf+F7ZfKb58ePAC15 IOkcwrtcOFQGs1v2So366P+VQ0AdyYcRdRZy+dZ7SSmsJuzaB9RRvO0zBpD8aUukFLQe 2kSa3Io31uRliNHp1VXdWvM8hB1caDhL1lwXFkmBhWWhRlGWXvscqdbOg1IVCCRQUVcW wjy09fcGKAoBdgnx7pMvcIp+Nq5hszElrsUYk+mOFh8nLzRvZutLMD2o9zW0dm9+6BNP LdDA== X-Gm-Message-State: AOJu0YxXZG02n67WJTU09DXxp3mg48KiKB/bbCHxjjsWp4+KMYU3isj6 CsxRQefuSCHMttJJgBwqc/VZo7Mrde9DN0zH3Spg+3+np4zRQIVqbedMdRgJyNBmfSie37Qc4Qd LR8YYADz83J3LOuGzZXYn5f8oeeL3+ntNH6yZsqYWAcvcWq+W X-Received: by 2002:a2e:b384:0:b0:2cd:57ba:b4f2 with SMTP id f4-20020a2eb384000000b002cd57bab4f2mr489983lje.79.1704715810863; Mon, 08 Jan 2024 04:10:10 -0800 (PST) X-Received: by 2002:a2e:b384:0:b0:2cd:57ba:b4f2 with SMTP id f4-20020a2eb384000000b002cd57bab4f2mr489976lje.79.1704715810668; Mon, 08 Jan 2024 04:10:10 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:09 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 4/9] fs/fuse: support idmapped getattr inode op Date: Mon, 8 Jan 2024 13:08:19 +0100 Message-Id: <20240108120824.122178-5-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524229939493845 X-GMAIL-MSGID: 1787524229939493845 We have to: - pass an idmapping to the generic_fillattr() to properly handle UIG/GID mapping for the userspace. - pass -/- to fuse_fillattr() (analog of generic_fillattr() in fuse). Difference between these two is that generic_fillattr() takes all the stat() data from the inode directly, while fuse_fillattr() codepath takes a fresh data just from the userspace reply on the FUSE_GETATTR request. Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/dir.c | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index a0968f086b62..5efcf06622f0 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1149,18 +1149,22 @@ static int fuse_link(struct dentry *entry, struct inode *newdir, return err; } -static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr, - struct kstat *stat) +static void fuse_fillattr(struct mnt_idmap *idmap, struct inode *inode, + struct fuse_attr *attr, struct kstat *stat) { unsigned int blkbits; struct fuse_conn *fc = get_fuse_conn(inode); + vfsuid_t vfsuid = make_vfsuid(idmap, fc->user_ns, + make_kuid(fc->user_ns, attr->uid)); + vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, + make_kgid(fc->user_ns, attr->gid)); stat->dev = inode->i_sb->s_dev; stat->ino = attr->ino; stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777); stat->nlink = attr->nlink; - stat->uid = make_kuid(fc->user_ns, attr->uid); - stat->gid = make_kgid(fc->user_ns, attr->gid); + stat->uid = vfsuid_into_kuid(vfsuid); + stat->gid = vfsgid_into_kgid(vfsgid); stat->rdev = inode->i_rdev; stat->atime.tv_sec = attr->atime; stat->atime.tv_nsec = attr->atimensec; @@ -1199,8 +1203,8 @@ static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr) attr->blksize = sx->blksize; } -static int fuse_do_statx(struct inode *inode, struct file *file, - struct kstat *stat) +static int fuse_do_statx(struct mnt_idmap *idmap, struct inode *inode, + struct file *file, struct kstat *stat) { int err; struct fuse_attr attr; @@ -1253,15 +1257,15 @@ static int fuse_do_statx(struct inode *inode, struct file *file, stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME); stat->btime.tv_sec = sx->btime.tv_sec; stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1); - fuse_fillattr(inode, &attr, stat); + fuse_fillattr(idmap, inode, &attr, stat); stat->result_mask |= STATX_TYPE; } return 0; } -static int fuse_do_getattr(struct inode *inode, struct kstat *stat, - struct file *file) +static int fuse_do_getattr(struct mnt_idmap *idmap, struct inode *inode, + struct kstat *stat, struct file *file) { int err; struct fuse_getattr_in inarg; @@ -1300,15 +1304,15 @@ static int fuse_do_getattr(struct inode *inode, struct kstat *stat, ATTR_TIMEOUT(&outarg), attr_version); if (stat) - fuse_fillattr(inode, &outarg.attr, stat); + fuse_fillattr(idmap, inode, &outarg.attr, stat); } } return err; } -static int fuse_update_get_attr(struct inode *inode, struct file *file, - struct kstat *stat, u32 request_mask, - unsigned int flags) +static int fuse_update_get_attr(struct mnt_idmap *idmap, struct inode *inode, + struct file *file, struct kstat *stat, + u32 request_mask, unsigned int flags) { struct fuse_inode *fi = get_fuse_inode(inode); struct fuse_conn *fc = get_fuse_conn(inode); @@ -1339,16 +1343,16 @@ static int fuse_update_get_attr(struct inode *inode, struct file *file, forget_all_cached_acls(inode); /* Try statx if BTIME is requested */ if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) { - err = fuse_do_statx(inode, file, stat); + err = fuse_do_statx(idmap, inode, file, stat); if (err == -ENOSYS) { fc->no_statx = 1; goto retry; } } else { - err = fuse_do_getattr(inode, stat, file); + err = fuse_do_getattr(idmap, inode, stat, file); } } else if (stat) { - generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat); + generic_fillattr(idmap, request_mask, inode, stat); stat->mode = fi->orig_i_mode; stat->ino = fi->orig_ino; if (test_bit(FUSE_I_BTIME, &fi->state)) { @@ -1362,7 +1366,7 @@ static int fuse_update_get_attr(struct inode *inode, struct file *file, int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask) { - return fuse_update_get_attr(inode, file, NULL, mask, 0); + return fuse_update_get_attr(&nop_mnt_idmap, inode, file, NULL, mask, 0); } int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid, @@ -1506,7 +1510,7 @@ static int fuse_perm_getattr(struct inode *inode, int mask) return -ECHILD; forget_all_cached_acls(inode); - return fuse_do_getattr(inode, NULL, NULL); + return fuse_do_getattr(&nop_mnt_idmap, inode, NULL, NULL); } /* @@ -2062,7 +2066,7 @@ static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry, * ia_mode calculation may have used stale i_mode. * Refresh and recalculate. */ - ret = fuse_do_getattr(inode, NULL, file); + ret = fuse_do_getattr(&nop_mnt_idmap, inode, NULL, file); if (ret) return ret; @@ -2119,7 +2123,7 @@ static int fuse_getattr(struct mnt_idmap *idmap, return -EACCES; } - return fuse_update_get_attr(inode, NULL, stat, request_mask, flags); + return fuse_update_get_attr(idmap, inode, NULL, stat, request_mask, flags); } static const struct inode_operations fuse_dir_inode_operations = { From patchwork Mon Jan 8 12:08:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185935 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp975437dyq; Mon, 8 Jan 2024 04:11:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IEh9Y+p2aJI7i3FH9BzrdA4fy6BcahWS6NmgiaK1wfT3Ksd3ch8lBkxkxAJ7ZM3oJbAAdR+ X-Received: by 2002:a17:902:c40c:b0:1d4:4fc6:8c4 with SMTP id k12-20020a170902c40c00b001d44fc608c4mr1671323plk.1.1704715916766; Mon, 08 Jan 2024 04:11:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715916; cv=none; d=google.com; s=arc-20160816; b=kcqxJ7B4pfuMzBOFxjxEJAKcYxZU/tkrztjpD6xlajSHn4QfVvSjRJnOADJco3WPLw H+9elbyltswrvxhl8yqTWtqxhcEZSiEMEbQfsmnTGeSUEonh61bM4+lCiBM64k3FI7wq dQvLcq2Ru5ubcLStjTlUx1bBH7lPVlkDAMmwVgiN7zeiOONHY0l1M+2yhqgA7elaTwWi 8/KDcahf3aJj04TjFrE+5UFkFfquS0QO/2+imQr+c8GZLYj+TqOIFUw65X/R92CaTDj8 jvMRnfSpxrlVOlwWKVwAiax9BrYcjoy7EDl3gqhsWZyQvQjmCPuT1sPjM670m4xQdGJL UCVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=aN55u2dkdKkT9zGjEjP2EnVAXA2m3PLWvFfoTZsXkV4=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=s/dojFgTaP/6M80teN/6ZIomxt9clIwgu0bhJBpdPaJEGeN32B1HRi6zrS5YK+HLDJ Lv/OdUbnRko47Q61Hptvfa0li7ENhzBp0Pf6r0ggZwdDGGMwOTf1HK335xlBIG2X5IqQ MGMJLVwnFPhUkQi90VmktgKFCoHvojp1u/N8DAVtUicLrXTaLgkOMyg9tgsz/bi7NVME Qpzr515OdRTse2bDBGmtAtg4V/1YPPlfi7yOucXuOhQOvogBTIby06E43K/wPbsbTQ4h ej+0hPIxJVWrzHE8R1ZMlXRHTwn9mnfGPrrvs4AsbSQUmaUiFjGLoue+t9dklcRTUQ8C 4tkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=JtN9iQVC; spf=pass (google.com: domain of linux-kernel+bounces-19476-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19476-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id ay8-20020a1709028b8800b001d496d21086si5866779plb.500.2024.01.08.04.11.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:11:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19476-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=JtN9iQVC; spf=pass (google.com: domain of linux-kernel+bounces-19476-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19476-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8C0EF283783 for ; Mon, 8 Jan 2024 12:11:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D9BD341753; Mon, 8 Jan 2024 12:10:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="JtN9iQVC" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E564041208 for ; Mon, 8 Jan 2024 12:10:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 20C403F744 for ; Mon, 8 Jan 2024 12:10:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715814; bh=aN55u2dkdKkT9zGjEjP2EnVAXA2m3PLWvFfoTZsXkV4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JtN9iQVC11J1SchqzCJSRAg67r4S5UDZyehwGkKERF25+8lAosFuE4pCdCR68SB8g MphGgwr75jSZnX/s1MOP7bth5iHDAe4utxzy6DV+IRP0sG+Jz/3KkyTRDTpND605Lo 4267d/R91yMcgAy8x2myT4H+wGqVTJQUjrCLMep+yhAtJTuTHCgF7BG4aC3aKyP4TE WL1V3HacZaHShDyeE8V3kmpas1YukBQxfNwjoNpQDQ/FMAv1FHGEZ5MAa0Mk+5SATp 2DKmUXnVcVzUmZf3sPGuyWCjlBE1HoSlXHQFPV4IaSUfiQkSdBMfVj2R2yF/9XSQNr ANkiBvT+2Wrxg== Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-557a615aa33so442988a12.2 for ; Mon, 08 Jan 2024 04:10:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715813; x=1705320613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aN55u2dkdKkT9zGjEjP2EnVAXA2m3PLWvFfoTZsXkV4=; b=okD9W1+FngElW/EgZcXTLWfTfDHgR/V0uTt/bK7+NypOe9XWSdt1LrhKNCJCXSN3ic iKQLHqp0zAFBTBQgacNmUQG7nBDc+5XS43y4FbR/+vdOZK4HmGaQ2dCMrRZ2wUwPoMSg F+HuI21L3wDIGVgOuVUpy1Ml8ggl9AbL7fYJGVbzsfMC5nqY+SJgznns6IvgHKNuffro oqF+0gGC2PnYPxaTEEB8/c2VnFubbPk3MwtqdVBlXrduC/6ST70664Q0rr3+GsHUmy4/ G5jqOj1IiX8KXxccRAlmZ72iSuGn5RsYNyoXzPc6sXtJu81N4FRLvZxnLPRx1U5htAFE QAFw== X-Gm-Message-State: AOJu0YyRfJPoSBSjhVKZPWUUACFmUKvjJc0AcP8aOHx9Q9g30T3pDRp1 95qiLbr9D16JGTAIokOdDBonjy26HMnqbkAVhresMV/od5ZO8XX3ph9eQwChI/d7iaZKyk8mtJt LrcpDBluVY7UZ5oUYx22iHddmG2jYfrR6hX+1wy6eKPFHX9q5 X-Received: by 2002:a50:8ac4:0:b0:553:a041:3560 with SMTP id k4-20020a508ac4000000b00553a0413560mr2378959edk.58.1704715813678; Mon, 08 Jan 2024 04:10:13 -0800 (PST) X-Received: by 2002:a50:8ac4:0:b0:553:a041:3560 with SMTP id k4-20020a508ac4000000b00553a0413560mr2378953edk.58.1704715813387; Mon, 08 Jan 2024 04:10:13 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:12 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 5/9] fs/fuse: support idmapped ->permission inode op Date: Mon, 8 Jan 2024 13:08:20 +0100 Message-Id: <20240108120824.122178-6-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524197167373781 X-GMAIL-MSGID: 1787524197167373781 We only cover the case when "default_permissions" flag is used. A reason for that is that otherwise all the permission checks are done in the userspace and we have to deal with VFS idmapping in the userspace (which is bad), alternatively we have to provide the userspace with idmapped req->in.h.uid/req->in.h.gid which is also not align with VFS idmaps philosophy. Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 5efcf06622f0..f7c2c54f7122 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1558,7 +1558,7 @@ static int fuse_permission(struct mnt_idmap *idmap, } if (fc->default_permissions) { - err = generic_permission(&nop_mnt_idmap, inode, mask); + err = generic_permission(idmap, inode, mask); /* If permission is denied, try to refresh file attributes. This is also needed, because the root @@ -1566,7 +1566,7 @@ static int fuse_permission(struct mnt_idmap *idmap, if (err == -EACCES && !refreshed) { err = fuse_perm_getattr(inode, mask); if (!err) - err = generic_permission(&nop_mnt_idmap, + err = generic_permission(idmap, inode, mask); } From patchwork Mon Jan 8 12:08:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185936 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp975616dyq; Mon, 8 Jan 2024 04:12:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IGdQnumYScdFdu4Q2q1Aq4z8pm5V943Gwn11pP3lNo6Bdv+N3OJmB24jruug325PTE2Y7SF X-Received: by 2002:a17:906:6a81:b0:a28:d132:c4ab with SMTP id p1-20020a1709066a8100b00a28d132c4abmr954025ejr.48.1704715940241; Mon, 08 Jan 2024 04:12:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715940; cv=none; d=google.com; s=arc-20160816; b=VNj3pZhutKLfHqMdgsDbhp3Iw2GKwmr2zjzlVV36bfToYjDrIlE8x6Z9HUpbAQ34fv +Lpxw5QidlziiJwLfL5RT8tXV1vIlLQL283E5Th+MRxsdN2DGkUZqCmzAaZz4A/p2lSB meJpdXO0Wf5ST2rRiQNjHs9nfiSiVmJ/M3CDK1HFyaAOui4MMMtytim/rtk/sJ90u84h rNlIj1mb2RtcBlNkLz14yoV+JFcRxTh/ewfomH7DuTIx0bDSs5lk3lrUc3yTG0/0o550 vGUhQyDnHS1GOJtLiaCuxw2X64sRnr7RVGfPhUK1G++QQfRDnA51M3v2NaK/O1VxFGJk Sj7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=9JOCkZnahtYcjH5f/6OzDGT6n3cRWHJ6WXIUPPzUvyw=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=ofxwVvQfJ3g69EiE23Fq3UTxBubGfd4cHMUWowNyiLJNmr92x1TQ5J5I9VEg+lArye Bt/khrdjTEuG32/KPmE8QlVRpiSk2w9LonM8q2uBFrQDEhPfSPvTP2xyCPk+H5Xm/Ne3 x9jxspNq2s11wuLOcUc5IrJicuyOiCFQ08Ns+h/TOY0QSUnc3OSek5PhzAhP9LrqG3tI k1bgNEp6dBIYhs26WMxTg3UQPBj97Jhz49M3piCN9C3eizMyAeKMp9xpha2njhVqDmqE jHlTmattn5zn9LvstQZEDdGznKMNHXTBpcpTm4ln6uV5saWKeNJUzVTNgl7JHoKoVPRc 6+dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=O3ONM7m+; spf=pass (google.com: domain of linux-kernel+bounces-19477-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19477-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id n17-20020a170906841100b00a2ac071b409si584388ejx.1037.2024.01.08.04.12.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:12:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19477-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=O3ONM7m+; spf=pass (google.com: domain of linux-kernel+bounces-19477-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19477-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id AB0711F21642 for ; Mon, 8 Jan 2024 12:12:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5820E42046; Mon, 8 Jan 2024 12:10:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="O3ONM7m+" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E48041230 for ; Mon, 8 Jan 2024 12:10:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id AE6103F2A6 for ; Mon, 8 Jan 2024 12:10:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715816; bh=9JOCkZnahtYcjH5f/6OzDGT6n3cRWHJ6WXIUPPzUvyw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=O3ONM7m+eFjSrc/qCOGyOSDoP9mzxvpW4mg13LZQzt8raSR+yZG6qNs2lC2pPNcMk dadoWRzbK4UGfN4gTf9E/0DaukJwudqo02FI8BWvdETQ7OGtHkavTqX4rxGD6rLRwL vPRhArHbHXFnX0RwZwebAV0XbY+T2Pg8efOatTJOygVazKdVjOQjSjI4irgxSb1IAW bROfPJFdaQp6nYlT7AMvpxq7eHAhyXgM7XR1xaoCW7aL0qlkAiaE/6NMCKkbRwRigj E9HA/A/dwFNroT5HcsaAYlRfbUQDJIBDKFceJ92Yc0DCCaxvRywXEPX0ijlebi3pio Ad1Mp63ezzmcg== Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-557a318580dso536676a12.3 for ; Mon, 08 Jan 2024 04:10:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715816; x=1705320616; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9JOCkZnahtYcjH5f/6OzDGT6n3cRWHJ6WXIUPPzUvyw=; b=npC7rYn/zFlLe6mShrE7DBV0iVpqKDRs0bpSqyDkoHu+v05x8RLo/QLx4+8useZGYO JG3fyR2lFyxMLZSS1TaHHTnEGJ1YbMtcwfiwVgZqkEqyUAfRHs+o5RnWXfSAdjHPt12i 2Uc2u+YpoKzZhAhYcEH10+FSoJowzBsxcU8jMXIPQtVt37R38K9LbCv0P3JSZHUK8l64 ggrCHe6lI5mT8OCT5BMdmsgLUWIBjq+jh/iDQFXmGrCnRB/REIpYcR7cHWdOZHDXTrfL N7JerO90tr6Cyb9OdNnLnVhLd2twqsNaoDUyjMX87hra+KpO5CW8qLks/Mx1Q7MIy2HK jOjQ== X-Gm-Message-State: AOJu0YxtdU08/HJCPrkopjpdALb4wtJu2ir3W0imvN6gSVRtYfkygC+1 tCok8u10PktTnaRMMQIAeP7/PwVBH6g7pkw+BtYx6e0EKkwAzyAt3DDZKpFt1qPkpL+zfFDzw3C bmw9Y7ite0hELOsGn9t9+lhws/a5GuFIFzlMGw0gCd0eOZiYL X-Received: by 2002:a50:9e24:0:b0:557:2213:bc4e with SMTP id z33-20020a509e24000000b005572213bc4emr1414494ede.57.1704715816369; Mon, 08 Jan 2024 04:10:16 -0800 (PST) X-Received: by 2002:a50:9e24:0:b0:557:2213:bc4e with SMTP id z33-20020a509e24000000b005572213bc4emr1414490ede.57.1704715816191; Mon, 08 Jan 2024 04:10:16 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:14 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 6/9] fs/fuse: support idmapped ->setattr op Date: Mon, 8 Jan 2024 13:08:21 +0100 Message-Id: <20240108120824.122178-7-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524221470842262 X-GMAIL-MSGID: 1787524221470842262 Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/dir.c | 32 +++++++++++++++++++++----------- fs/fuse/file.c | 2 +- fs/fuse/fuse_i.h | 4 ++-- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index f7c2c54f7122..5fbb7100ad1c 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1739,17 +1739,27 @@ static bool update_mtime(unsigned ivalid, bool trust_local_mtime) return true; } -static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr, - struct fuse_setattr_in *arg, bool trust_local_cmtime) +static void iattr_to_fattr(struct mnt_idmap *idmap, struct fuse_conn *fc, + struct iattr *iattr, struct fuse_setattr_in *arg, + bool trust_local_cmtime) { unsigned ivalid = iattr->ia_valid; if (ivalid & ATTR_MODE) arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode; - if (ivalid & ATTR_UID) - arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid); - if (ivalid & ATTR_GID) - arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid); + + if (ivalid & ATTR_UID) { + kuid_t fsuid = from_vfsuid(idmap, fc->user_ns, iattr->ia_vfsuid); + arg->valid |= FATTR_UID; + arg->uid = from_kuid(fc->user_ns, fsuid); + } + + if (ivalid & ATTR_GID) { + kgid_t fsgid = from_vfsgid(idmap, fc->user_ns, iattr->ia_vfsgid); + arg->valid |= FATTR_GID; + arg->gid = from_kgid(fc->user_ns, fsgid); + } + if (ivalid & ATTR_SIZE) arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size; if (ivalid & ATTR_ATIME) { @@ -1869,8 +1879,8 @@ int fuse_flush_times(struct inode *inode, struct fuse_file *ff) * vmtruncate() doesn't allow for this case, so do the rlimit checking * and the actual truncation by hand. */ -int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, - struct file *file) +int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry, + struct iattr *attr, struct file *file) { struct inode *inode = d_inode(dentry); struct fuse_mount *fm = get_fuse_mount(inode); @@ -1890,7 +1900,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, if (!fc->default_permissions) attr->ia_valid |= ATTR_FORCE; - err = setattr_prepare(&nop_mnt_idmap, dentry, attr); + err = setattr_prepare(idmap, dentry, attr); if (err) return err; @@ -1949,7 +1959,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, memset(&inarg, 0, sizeof(inarg)); memset(&outarg, 0, sizeof(outarg)); - iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime); + iattr_to_fattr(idmap, fc, attr, &inarg, trust_local_cmtime); if (file) { struct fuse_file *ff = file->private_data; inarg.valid |= FATTR_FH; @@ -2084,7 +2094,7 @@ static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry, if (!attr->ia_valid) return 0; - ret = fuse_do_setattr(entry, attr, file); + ret = fuse_do_setattr(idmap, entry, attr, file); if (!ret) { /* * If filesystem supports acls it may have updated acl xattrs in diff --git a/fs/fuse/file.c b/fs/fuse/file.c index a660f1f21540..e0fe5497a548 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -2870,7 +2870,7 @@ static void fuse_do_truncate(struct file *file) attr.ia_file = file; attr.ia_valid |= ATTR_FILE; - fuse_do_setattr(file_dentry(file), &attr, file); + fuse_do_setattr(&nop_mnt_idmap, file_dentry(file), &attr, file); } static inline loff_t fuse_round_up(struct fuse_conn *fc, loff_t off) diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 15ec95dea276..94b25ea5344a 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -1288,8 +1288,8 @@ bool fuse_write_update_attr(struct inode *inode, loff_t pos, ssize_t written); int fuse_flush_times(struct inode *inode, struct fuse_file *ff); int fuse_write_inode(struct inode *inode, struct writeback_control *wbc); -int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, - struct file *file); +int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry, + struct iattr *attr, struct file *file); void fuse_set_initialized(struct fuse_conn *fc); From patchwork Mon Jan 8 12:08:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185938 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp975853dyq; Mon, 8 Jan 2024 04:12:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IFIfg5XFkx1aaZ1wTQ9MEVXbLgUDLExzaSS+qoNCLLlferdr3sD5LyxkpWuZURivMMeXj2/ X-Received: by 2002:a17:906:1b0b:b0:a23:69ea:659e with SMTP id o11-20020a1709061b0b00b00a2369ea659emr1415804ejg.136.1704715964661; Mon, 08 Jan 2024 04:12:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715964; cv=none; d=google.com; s=arc-20160816; b=wQpS5Zl9zkpTwzxvm+KwK+V2wMMFTDKeY/jNtG3OKT2n8xoicV25RTR/fchEYzEXf+ nK2W8gAoyhUXD1BadMEEMdHApVdR/ZmyFAC0r1kw9EM3M5CQ0naBWnBp5NfE660gJ0yR Wy7XgY7t745ssSuqCTQhR+DSRiF/3qYRHF4MUfML1D8eGg6So68jdhKhxMTxwKdKewWZ ypH30PtD9ol0VBoqF3P1MGkdko+Z6ZuJJP3dXnG4Infmubgz7//OfHD/zXGwS7+vcSh/ Qo1ep4zDmKE0YvZBJZIskssJyfhbAaGmD1aryc3KcMrQMjtOoDXLCfJa9ToDumbwi39I QtIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=AZ1e4DQplobEkYb2oelZJP/g6uMuj6ixR2NKn4USgqo=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=ceYjzui6CVmBNbl5Um6QstLcm1UcfdHeePy/ISo6GkOMio2q7GuB8A/YAV/Hubu5qO bR/6236CPGAQDgBVn3pRp9xzZuFeI19feCeUT0NTIRr5Zi11jb/d9IArUHJTthOzZl3V AoAhLFToFY7aQIM8QYoAwZCoHNoTkQSYxmoGitxCANIzvRAj2zWvHYHe9KaJO/o+xVT1 VC2Ol4mq9wWLILHCuZS+zfec4fqj1LstPMzpvvyjM1emuyh58c85VRtfEYWIMfjizSqF BoRkHuLxuCrK+TH7/OMDcTN3P2Aw6Iin3uihnzwS325rLBTxYCjWa3Xly3hF/I25G4iT MxPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=oZgET+09; spf=pass (google.com: domain of linux-kernel+bounces-19478-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19478-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id cb1-20020a170906a44100b00a2802e014ccsi3028361ejb.542.2024.01.08.04.12.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:12:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19478-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=oZgET+09; spf=pass (google.com: domain of linux-kernel+bounces-19478-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19478-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 4B1141F226D7 for ; Mon, 8 Jan 2024 12:12:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 241A44436D; Mon, 8 Jan 2024 12:10:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="oZgET+09" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DBE042044 for ; Mon, 8 Jan 2024 12:10:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B14F83F5A7 for ; Mon, 8 Jan 2024 12:10:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715819; bh=AZ1e4DQplobEkYb2oelZJP/g6uMuj6ixR2NKn4USgqo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=oZgET+09Ka8MNP9uDRDSiEXoBiVx6GYwnMHXNDL4GQCvAdtU6ymuhi9QMZobpNiLI y1ek8B3KBeTZsMv6+8Ks72uRfZCg4wtlJezxSwDVrM35BRcg/jtf+xCloGAJzR6X6z +6xcfcmko6NoOhs4lLGqR7TiSKPxzySaPUpzAERXy+22ef1l8OFK0/3UEYGggcRehO E0GDqXmEwpqBocf/8ihFCUoiA62p2Tp90+5IJhkIe4hBNWne+pXHJ0izdMAIIb8i0z OLoVaSAU5ObfDlMaLWu+Zg/BwHqwa9SXQVv2JJTIARsfe5hKzFDxWRceft2BaXmE0K kuDSLTFwAhlig== Received: by mail-lf1-f71.google.com with SMTP id 2adb3069b0e04-50e69fc4574so1186636e87.3 for ; Mon, 08 Jan 2024 04:10:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715819; x=1705320619; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AZ1e4DQplobEkYb2oelZJP/g6uMuj6ixR2NKn4USgqo=; b=Fj8acP8ib5UaP0sP7BgP0+I+uqGmHp9CYtmB2TnGbp8W8cgbGpZpvdTU1Rfo7rcJX3 E/Wpzl5VhLftfoL+eGicPVNwC0xb99j2TgG9yAie+3zgRLMJ+4qgt7Z8hHv7681taoVl aY/4CzicZT8G9drPjRLRJFa0RAAc4avLZelMsp9mf9eduUuftihAIGNw01wA0I36sDmD Pwm7+p9KcBCrAO5pkngdVEf6tyr0OB/Nkq23UdOlW4LnZ4DD7RemlQkg3PDybxHNov6G TTIfVKvV+jb8qfkpuev57PVkczDi7E7yFiRCrrhfUPyTkBOkFTJ5+DL6/f2JOt76eW2h MNRg== X-Gm-Message-State: AOJu0YwZLp9Bd+TocWeie+ow7o+/azBzZkEnL8JKnmZACAou+BiP+SZw mX+VuWB565vp2PDffRDyyUDDU33l8MRfC7kycN6K/PXqKZbG5RcZwLnudXFhu9513aOyPksFuCv hHZ41vgkhkauzRxYEtflLmfvBXw8cCj1Y1WwLoiNwcVaOwkeE X-Received: by 2002:ac2:44a8:0:b0:50e:7c6e:b411 with SMTP id c8-20020ac244a8000000b0050e7c6eb411mr1194731lfm.103.1704715819058; Mon, 08 Jan 2024 04:10:19 -0800 (PST) X-Received: by 2002:ac2:44a8:0:b0:50e:7c6e:b411 with SMTP id c8-20020ac244a8000000b0050e7c6eb411mr1194719lfm.103.1704715818859; Mon, 08 Jan 2024 04:10:18 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:17 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 7/9] fs/fuse: drop idmap argument from __fuse_get_acl Date: Mon, 8 Jan 2024 13:08:22 +0100 Message-Id: <20240108120824.122178-8-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524247459788966 X-GMAIL-MSGID: 1787524247459788966 We don't need to have idmap in the __fuse_get_acl as we don't have any use for it. In the current POSIX ACL implementation, idmapped mounts are taken into account on the userspace/kernel border (see vfs_set_acl_idmapped_mnt() and vfs_posix_acl_to_xattr()). Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn Reviewed-by: Christian Brauner --- fs/fuse/acl.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c index 3d192b80a561..3a3cd88bd3d7 100644 --- a/fs/fuse/acl.c +++ b/fs/fuse/acl.c @@ -12,7 +12,6 @@ #include static struct posix_acl *__fuse_get_acl(struct fuse_conn *fc, - struct mnt_idmap *idmap, struct inode *inode, int type, bool rcu) { int size; @@ -74,7 +73,7 @@ struct posix_acl *fuse_get_acl(struct mnt_idmap *idmap, if (fuse_no_acl(fc, inode)) return ERR_PTR(-EOPNOTSUPP); - return __fuse_get_acl(fc, idmap, inode, type, false); + return __fuse_get_acl(fc, inode, type, false); } struct posix_acl *fuse_get_inode_acl(struct inode *inode, int type, bool rcu) @@ -90,8 +89,7 @@ struct posix_acl *fuse_get_inode_acl(struct inode *inode, int type, bool rcu) */ if (!fc->posix_acl) return NULL; - - return __fuse_get_acl(fc, &nop_mnt_idmap, inode, type, rcu); + return __fuse_get_acl(fc, inode, type, rcu); } int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, From patchwork Mon Jan 8 12:08:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185939 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp975997dyq; Mon, 8 Jan 2024 04:13:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IFtU3wk1KDPc8LwrcnK46vviTxMrHUQqUpy/b3i6/CaAjjoxlSAS1OrlwFd4yX1McKoyZRk X-Received: by 2002:a50:99d6:0:b0:557:bef:7c50 with SMTP id n22-20020a5099d6000000b005570bef7c50mr1936971edb.34.1704715979922; Mon, 08 Jan 2024 04:12:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715979; cv=none; d=google.com; s=arc-20160816; b=Zr3/ttq4XaxpU7uNWpCBsDjlxIwe7WXMDdYPzpeui0YLaqlryyXAI1Ori6/BJ7jJzI xqveKTb4MjnyLJpuArzNqXN/GaG7SdCnfC46H9VWaC8uAHLoW7JWTWjkAjXt4goDq5WO Qi7Tg274ydmKc9PsiCTMw1g6bhuj+Pw7vkr9/z+PqQlV3L/+XumjvEEcjk91HfuLpdrg mChv8iBpKLdoktJHi27I77joy4zd3Jq8Yq5AC1TW7FygtQNgUwYHd5x6jeuQ0txEAjKm IzXU6Ra087ZSvK9GIGnkSdck7zxN6UmZFM4ZQ29KKVrInOGgaSNrKRHFPzi3+BsRCp5y B3hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=9iWRZnNscxr8QayhU5Rg4d2f++I0rJo2nyXgNTtGjkw=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=txB7IkJZc4NkY0fY29QkzmfzCp5edK4O9T9VgzhEj62VcBJzsOIo5TYlztldov391g 4041PXDehQ4h5o53S2n/J8eILKtuNs//GVtpQAaJLWrpi/uj4MavC1DEDyIBKYcnTrID BGvO3a8M7AYqsaUi2hNt8HROh7eY+jlOUOfnlzwNSLf18wfM6uXLIqk1Nx8btB377xfJ PNY35xIfwOQRGhkmpWxeh9tb8nTdFB8nfjDkKxic5JLAnaKM+NWFgKBrhKWTB5i12yhx MRw2ecENdBF63hMTNAQcxdc1O6bYg4G3N2mQzp+0LIYtVSIF0f9QZ0kkNJHmoqb6429L WD7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="QBWWjpI/"; spf=pass (google.com: domain of linux-kernel+bounces-19479-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19479-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id co9-20020a0564020c0900b0055490e36565si3170852edb.55.2024.01.08.04.12.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:12:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19479-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="QBWWjpI/"; spf=pass (google.com: domain of linux-kernel+bounces-19479-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19479-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 60D0C1F22108 for ; Mon, 8 Jan 2024 12:12:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5ED883FE5E; Mon, 8 Jan 2024 12:10:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="QBWWjpI/" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EC8A43168 for ; Mon, 8 Jan 2024 12:10:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1D0A03F582 for ; Mon, 8 Jan 2024 12:10:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715822; bh=9iWRZnNscxr8QayhU5Rg4d2f++I0rJo2nyXgNTtGjkw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QBWWjpI/vwNsW4e0Nrk+uB+Vy7BEF1BBYekr4ch8hpXdEf+tBI07ypHOWmvEAzQFV IxXgt+zcqBqp8YMqFIfBwRCh/2Vc0cB54tG0TY70Nat//xp0TxMfm5gybFOG8YFZTk IIOukF4nmxFKpxiwaznrPJIoRIJZ5hn3pFkEwP4oXNGfoesPvA/qKAeBO87vjpn2qw X+msdpS3rjQN0DWCEcDcnxlpHZAI0vsrNt6WduTr1cH2qFPjbafNeeg9r4rGxxK+3q lp/cVpCo0Y7d6Gd6UnzSB0K3XG3v8kgLNO4BUbrqD70EeMYcUgUPyoqRNqVlm5H7NA NPD/sISFG9lYg== Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-5551f8ec1c8so1104868a12.1 for ; Mon, 08 Jan 2024 04:10:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715821; x=1705320621; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9iWRZnNscxr8QayhU5Rg4d2f++I0rJo2nyXgNTtGjkw=; b=o+bSkU02q6HE4/Wijf8X8BQ0yZXy3KnBMDmryuMdTQshjwYW52pNPLILo8CqbvNb5H 1zw8mZZLrCX0dnoftervP9goF44Ys5Tgmp1srslNJ9G41HwuUomgP14SLCdE13M67yWn rAM9pUb562+9uawHG80OT20d+Ox3PTVh67crp4PSbzBo1YBnV+3sUX0TUTWsOwM9ApD6 2EyxNDC8QN59mYwAIwFjWbvEcdvky9idAYtUoY0qw70m3lnguA+8KGNY1BxXMpFb8bXC IDr1FexfW+Cwo3vP1ww2EJhtBok9pw8hTrZx7TDlrTGuTsX7pTucH6UmuzJ+keJk869J tnnQ== X-Gm-Message-State: AOJu0Yx9GiQTQUKC+XUTDmoT0jvGXzqOMSW9wQicif+KfsnsX9kJJYmQ T4p6yJywPAXCawH9o4oFyRNVQKtFKcSdpSrR/ZFKpG+botF9h33NpeBu1MvvmaLtlhsVSGBRWyG cBqXv/kfomrxl1sEbNxFlpPf3SAWtBd3rEOgUxYUoBp5q2lnY X-Received: by 2002:a50:f688:0:b0:557:8d37:2e8d with SMTP id d8-20020a50f688000000b005578d372e8dmr1279929edn.15.1704715821268; Mon, 08 Jan 2024 04:10:21 -0800 (PST) X-Received: by 2002:a50:f688:0:b0:557:8d37:2e8d with SMTP id d8-20020a50f688000000b005578d372e8dmr1279918edn.15.1704715821105; Mon, 08 Jan 2024 04:10:21 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:20 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 8/9] fs/fuse: support idmapped ->set_acl Date: Mon, 8 Jan 2024 13:08:23 +0100 Message-Id: <20240108120824.122178-9-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524263248071058 X-GMAIL-MSGID: 1787524263248071058 It's just a matter of adjusting a permission check condition for S_ISGID flag. All the rest is already handled in the generic VFS code. Notice that this permission check is the analog of what we have in posix_acl_update_mode() generic helper, but fuse doesn't use this helper as on the kernel side we don't care about ensuring that POSIX ACL and CHMOD permissions are in sync as it is a responsibility of a userspace daemon to handle that. For the same reason we don't have a calls to posix_acl_chmod(), while most of other filesystem do. Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/acl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c index 3a3cd88bd3d7..727fe50e255e 100644 --- a/fs/fuse/acl.c +++ b/fs/fuse/acl.c @@ -144,8 +144,8 @@ int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, * be stripped. */ if (fc->posix_acl && - !vfsgid_in_group_p(i_gid_into_vfsgid(&nop_mnt_idmap, inode)) && - !capable_wrt_inode_uidgid(&nop_mnt_idmap, inode, CAP_FSETID)) + !vfsgid_in_group_p(i_gid_into_vfsgid(idmap, inode)) && + !capable_wrt_inode_uidgid(idmap, inode, CAP_FSETID)) extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID; ret = fuse_setxattr(inode, name, value, size, 0, extra_flags); From patchwork Mon Jan 8 12:08:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksandr Mikhalitsyn X-Patchwork-Id: 185940 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:37c1:b0:101:2151:f287 with SMTP id y1csp976146dyq; Mon, 8 Jan 2024 04:13:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IGLVa2Xiwqe7T0D2OVs7vVuJlTdh9ckZk3iO7t4jI9z5vP3w3sZmJv7Xd0cdySxnCqyLwdy X-Received: by 2002:a17:906:268c:b0:a23:4472:57e7 with SMTP id t12-20020a170906268c00b00a23447257e7mr1172706ejc.174.1704715998617; Mon, 08 Jan 2024 04:13:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704715998; cv=none; d=google.com; s=arc-20160816; b=EN312xPtrHqgJYv+6JMwJtONrK2OgcO2ZqdJI2FMwGuY2S+CuCO86SJcAK//OwVvcb dci7fFWPwApmVw/mDikU03HFm4Rx+CilGi4OSm0VLg5/WTgx20VSMwFBSeYmUx6BJ9ds 74v0jgcLc0yhQVoVzmsXLjgB2WrB22+6L+rCNhcbKgoN780zCALuuZVnxMoqOLYBpYBJ oEmXBIhEeXmyYUEEchzIENDNWcyeArGhEWNVFFCIGek9woJ3IvY6QgmWAw2TZNm2LoNz z+nmlb63kevCOkFlRzqO8uZ0LOqfes7s4SMqkaXm86ZeBIF+sMG9RT6zHjt5UBTqxjQs zxjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=5YU1NX55EkC+kEj5EffEs5H2AwvURtGdQ/HYjkwRM8I=; fh=6GtRBdPq6nEb6T83pusfVldkp/vdgMCY7tEuq6Ds6GM=; b=xlFsOOYuErxb1LjxcqV/7KCu7BzZoRke3JxTgyAHwpxjziG/m0gEeweBfcCei5lgiB 0TZCfx+KApCxEf5do1OqeayxEbYkVhgR9mfX2O08h4HpbEcEzqsF0MtbutXt3aYRQskq ebliEANlcPjPyYP3DHIFr+8kyrFrePMFltQ5P6+3BN6s055eSYHhyzc3eLvIIFvvQAAS d7hadEw4gGCEWosbUs7c+Kw66QCOzILbB0t0mZhaskzVjeQDY1ZplBe0fFj02a76LgSC InhcQ95K6Gt757rz6g1ItbtYYlhHbrnzOrVCGlVqelD5d5s/isXhVtXbhU557ZryCOkM Gk/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=ME1wlTxe; spf=pass (google.com: domain of linux-kernel+bounces-19480-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19480-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id qx10-20020a170906fcca00b00a29b533a72csi2386828ejb.152.2024.01.08.04.13.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:13:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19480-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=ME1wlTxe; spf=pass (google.com: domain of linux-kernel+bounces-19480-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19480-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 08C0F1F2282A for ; Mon, 8 Jan 2024 12:13:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7BB314123B; Mon, 8 Jan 2024 12:10:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="ME1wlTxe" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7034444374 for ; Mon, 8 Jan 2024 12:10:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id EC3DA3F744 for ; Mon, 8 Jan 2024 12:10:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1704715824; bh=5YU1NX55EkC+kEj5EffEs5H2AwvURtGdQ/HYjkwRM8I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ME1wlTxeCrq7VypFX8QeCIX9CrWDmtHj3rCV7u52LprNG24j5mRPU1v0quLW8Yp6X GIa1SUT3GdEZLo47aA2gHLg/zC/3vUqjWtZQyi5V45qQ7AOayOlIRSbKZ/OytvW34h GK+ScFaONHEUNA5TgQZBZaB/zexMemv8THw/icOkRqS4rJvrZmKPV/fs2+LvFHSw6Y Z3CK69KZQtloqdiNrmipkdd4j03+B9GBFNPeLqTcr5Bdk5CN/HUT0JGJfjwebT1alb ZcLDCuaEvnUCzM/FyLVl9R6IQTtjmGtlpI7GOnVcugOkvVvRP981hYQWMR/DjqPhtt 6mZadzbd03egw== Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-5572a57deb1so968216a12.3 for ; Mon, 08 Jan 2024 04:10:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704715824; x=1705320624; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5YU1NX55EkC+kEj5EffEs5H2AwvURtGdQ/HYjkwRM8I=; b=Xu2Z//rAHGs211CE3lMedN2pa3Wr49kMYPk+GvBWRDp9P8v42VdcjnIwDz3t72/AXY 6ySCj1aPCthpaNHLIoO6rsfYpetE7tH/ei+D8SlY70CZNM1qsI1eBqmoD9PDyONYqUOf cJ+ib3qzhtkrtCj5krC1q9tsosEVTJz8TYvhGX2yIXuPmxsA2Fd8LJt2ws5LZhwVOkYI muO8ptKvSyRalwmbwzovmQqyMFI4JeuQzdVAiHdPB9gE/HHMU6npSiIwUai5seeAY4sc xnR7ryuPdwnL6dQHICKnELaJpd0NQoHPZFHgyFEdjMc5RbUfjwnMRkBuf137unyz2Cb5 BqWA== X-Gm-Message-State: AOJu0Yxcios9YcTmVzzmpCMvY7CieSOqBkKf2686ZQPeIiwaD/tT9tbP 1OUMnJYur1y0P/1CdUSfGgG5cLrx2l/Rmd2s7tNkwjKPG1XNTt8h9zw6ObSlXURnRLduDFlYhBn xBgWp7eRb69StnbG4YbIdAafZVOTaxCJhoMUZqsJF6SvydMcF X-Received: by 2002:a50:951e:0:b0:552:fcca:ee11 with SMTP id u30-20020a50951e000000b00552fccaee11mr1322927eda.74.1704715824424; Mon, 08 Jan 2024 04:10:24 -0800 (PST) X-Received: by 2002:a50:951e:0:b0:552:fcca:ee11 with SMTP id u30-20020a50951e000000b00552fccaee11mr1322918eda.74.1704715823978; Mon, 08 Jan 2024 04:10:23 -0800 (PST) Received: from localhost.localdomain ([91.64.72.41]) by smtp.gmail.com with ESMTPSA id fi21-20020a056402551500b005578b816f20sm1767959edb.29.2024.01.08.04.10.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 04:10:22 -0800 (PST) From: Alexander Mikhalitsyn To: mszeredi@redhat.com Cc: brauner@kernel.org, stgraber@stgraber.org, linux-fsdevel@vger.kernel.org, Seth Forshee , Miklos Szeredi , Amir Goldstein , Bernd Schubert , Alexander Mikhalitsyn , linux-kernel@vger.kernel.org Subject: [PATCH v1 9/9] fs/fuse: allow idmapped mounts Date: Mon, 8 Jan 2024 13:08:24 +0100 Message-Id: <20240108120824.122178-10-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> References: <20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787524282656998289 X-GMAIL-MSGID: 1787524282656998289 Now we have everything in place and we can allow idmapped mounts by setting the FS_ALLOW_IDMAP flag. Notice that real availability of idmapped mounts will depend on the fuse daemon. Fuse daemon have to set FUSE_ALLOW_IDMAP flag in the FUSE_INIT reply. To discuss: - we enable idmapped mounts support only if "default_permissions" mode is enabled, because otherwise we would need to deal with UID/GID mappings in the userspace side OR provide the userspace with idmapped req->in.h.uid/req->in.h.gid values which is not something that we probably want to. Idmapped mounts phylosophy is not about faking caller uid/gid. - We have a small offlist discussion with Christian around adding fs_type->allow_idmap hook. Christian pointed that it would be nice to have a superblock flag instead like SB_I_NOIDMAP and we can set this flag during mount time if we see that filesystem does not support idmappings. But, unfortunately I didn't succeed here because the kernel will know if the filesystem supports idmapping or not after FUSE_INIT request, but FUSE_INIT request is being sent at the end of mounting process, so mount and superblock will exist and visible by the userspace in that time. It seems like setting SB_I_NOIDMAP flag in this case is too late as user may do the trick with creating a idmapped mount while it wasn't restricted by SB_I_NOIDMAP. Alternatively, we can introduce a "positive" version SB_I_ALLOWIDMAP and "weak" version of FS_ALLOW_IDMAP like FS_MAY_ALLOW_IDMAP. So if FS_MAY_ALLOW_IDMAP is set, then SB_I_ALLOWIDMAP has to be set on the superblock to allow creation of an idmapped mount. But that's a matter of our discussion. Some extra links and examples: - libfuse support https://github.com/mihalicyn/libfuse/commits/idmap_support - fuse-overlayfs support: https://github.com/mihalicyn/fuse-overlayfs/commits/idmap_support - cephfs-fuse conversion example https://github.com/mihalicyn/ceph/commits/fuse_idmap - glusterfs conversion example https://github.com/mihalicyn/glusterfs/commits/fuse_idmap Cc: Christian Brauner Cc: Seth Forshee Cc: Miklos Szeredi Cc: Amir Goldstein Cc: Bernd Schubert Cc: Signed-off-by: Alexander Mikhalitsyn --- fs/fuse/fuse_i.h | 3 +++ fs/fuse/inode.c | 22 +++++++++++++++++++--- include/uapi/linux/fuse.h | 5 ++++- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 94b25ea5344a..9317b8c35191 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -809,6 +809,9 @@ struct fuse_conn { /* Add owner_{u,g}id info when creating a new inode */ unsigned int owner_uid_gid_ext:1; + /* Allow creation of idmapped mounts */ + unsigned int allow_idmap:1; + /* Does the filesystem support per inode DAX? */ unsigned int inode_dax:1; diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 08cd3714b32d..47e32a8baed3 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1286,6 +1286,12 @@ static void process_init_reply(struct fuse_mount *fm, struct fuse_args *args, fc->direct_io_allow_mmap = 1; if (flags & FUSE_OWNER_UID_GID_EXT) fc->owner_uid_gid_ext = 1; + if (flags & FUSE_ALLOW_IDMAP) { + if (fc->owner_uid_gid_ext && fc->default_permissions) + fc->allow_idmap = 1; + else + ok = false; + } } else { ra_pages = fc->max_read / PAGE_SIZE; fc->no_lock = 1; @@ -1332,7 +1338,8 @@ void fuse_send_init(struct fuse_mount *fm) FUSE_NO_OPENDIR_SUPPORT | FUSE_EXPLICIT_INVAL_DATA | FUSE_HANDLE_KILLPRIV_V2 | FUSE_SETXATTR_EXT | FUSE_INIT_EXT | FUSE_SECURITY_CTX | FUSE_CREATE_SUPP_GROUP | - FUSE_HAS_EXPIRE_ONLY | FUSE_DIRECT_IO_ALLOW_MMAP | FUSE_OWNER_UID_GID_EXT; + FUSE_HAS_EXPIRE_ONLY | FUSE_DIRECT_IO_ALLOW_MMAP | + FUSE_OWNER_UID_GID_EXT | FUSE_ALLOW_IDMAP; #ifdef CONFIG_FUSE_DAX if (fm->fc->dax) flags |= FUSE_MAP_ALIGNMENT; @@ -1915,12 +1922,20 @@ static void fuse_kill_sb_anon(struct super_block *sb) fuse_mount_destroy(get_fuse_mount_super(sb)); } +static bool fuse_allow_idmap(struct super_block *sb) +{ + struct fuse_conn *fc = get_fuse_conn_super(sb); + + return fc->allow_idmap; +} + static struct file_system_type fuse_fs_type = { .owner = THIS_MODULE, .name = "fuse", - .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT, + .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT | FS_ALLOW_IDMAP, .init_fs_context = fuse_init_fs_context, .parameters = fuse_fs_parameters, + .allow_idmap = fuse_allow_idmap, .kill_sb = fuse_kill_sb_anon, }; MODULE_ALIAS_FS("fuse"); @@ -1938,8 +1953,9 @@ static struct file_system_type fuseblk_fs_type = { .name = "fuseblk", .init_fs_context = fuse_init_fs_context, .parameters = fuse_fs_parameters, + .allow_idmap = fuse_allow_idmap, .kill_sb = fuse_kill_sb_blk, - .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE, + .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE | FS_ALLOW_IDMAP, }; MODULE_ALIAS_FS("fuseblk"); diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h index ebe82104b172..d8e1235d9796 100644 --- a/include/uapi/linux/fuse.h +++ b/include/uapi/linux/fuse.h @@ -215,6 +215,7 @@ * 7.40 * - add FUSE_EXT_OWNER_UID_GID * - add FUSE_OWNER_UID_GID_EXT + * - add FUSE_ALLOW_IDMAP */ #ifndef _LINUX_FUSE_H @@ -250,7 +251,7 @@ #define FUSE_KERNEL_VERSION 7 /** Minor version number of this interface */ -#define FUSE_KERNEL_MINOR_VERSION 39 +#define FUSE_KERNEL_MINOR_VERSION 40 /** The node ID of the root inode */ #define FUSE_ROOT_ID 1 @@ -416,6 +417,7 @@ struct fuse_file_lock { * FUSE_DIRECT_IO_ALLOW_MMAP: allow shared mmap in FOPEN_DIRECT_IO mode. * FUSE_OWNER_UID_GID_EXT: add inode owner UID/GID info to create, mkdir, * symlink and mknod + * FUSE_ALLOW_IDMAP: allow creation of idmapped mounts */ #define FUSE_ASYNC_READ (1 << 0) #define FUSE_POSIX_LOCKS (1 << 1) @@ -459,6 +461,7 @@ struct fuse_file_lock { /* Obsolete alias for FUSE_DIRECT_IO_ALLOW_MMAP */ #define FUSE_DIRECT_IO_RELAX FUSE_DIRECT_IO_ALLOW_MMAP #define FUSE_OWNER_UID_GID_EXT (1ULL << 37) +#define FUSE_ALLOW_IDMAP (1ULL << 38) /** * CUSE INIT request/reply flags