| Message ID | 20210713111344.1149376-1-brauner@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | btrfs: support idmapped mounts | expand |
On 2021/7/13 下午7:13, Christian Brauner wrote: > From: Christian Brauner <christian.brauner@ubuntu.com> > > Hey everyone, > > This series enables the creation of idmapped mounts on btrfs. Any doc on the "idmapped" part? Not familiar with that, the only thing I can thing of is from NFSv4 idmapd, is that related or a completely new thing? Thanks, Qu > On the list of > filesystems btrfs was pretty high-up and requested quite often from userspace > (cf. [1]). This series requires just a few changes to the vfs for specific > lookup helpers that btrfs relies on to perform permission checking when looking > up an inode. The changes are required to port some other filesystem as well. > > The conversion of the necessary btrfs internals was fairly straightforward. No > invasive changes were needed. I've decided to split up the patchset into very > small individual patches. This hopefully makes the series more readable and > fairly easy to review. The overall changeset is quite small. > > All non-filesystem wide ioctls that peform permission checking based on inodes > can be supported on idmapped mounts. There are really just a few restrictions. > This should really only affect the deletion of subvolumes by subvolume id which > can be used to delete any subvolume in the filesystem even though the caller > might not even be able to see the subvolume under their mount. Other than that > behavior on idmapped and non-idmapped mounts is identical for all enabled > ioctls. > > The changeset has an associated new testsuite specific to btrfs. The > core vfs operations that btrfs implements are covered by the generic > idmapped mount testsuite. For the ioctls a new testsuite was added. It > is sent alongside this patchset for ease of review but will very likely > be merged independent of it. > > All patches are based on v5.14-rc1. > > The series can be pulled from: > https://git.kernel.org/brauner/h/fs.idmapped.btrfs > https://github.com/brauner/linux/tree/fs.idmapped.btrfs > > The xfstests can be pulled from: > https://git.kernel.org/brauner/xfstests-dev/h/fs.idmapped.btrfs > https://github.com/brauner/xfstests/tree/fs.idmapped.btrfs > > Note, the new btrfs xfstests patch is on top of a branch of mine > containing a few more preliminary patches. So if you want to run the > tests, please simply pull the branch and build from there. It's based on > latest xfstests master. > > The series has been tested with xfstests including the newly added btrfs > specific test. All tests pass. > There were three unrelated failures that I observed: btrfs/219, > btrfs/2020 and btrfs/235. All three also fail on earlier kernels > without the patch series applied. > > Thanks! > Christian > > [1]: https://github.com/systemd/systemd/pull/19438#discussion_r622807165 > > Christian Brauner (23): > namei: handle mappings in lookup_one_len() > namei: handle mappings in lookup_one_len_unlocked() > namei: handle mappings in lookup_positive_unlocked() > namei: handle mappings in try_lookup_one_len() > btrfs/inode: handle idmaps in btrfs_new_inode() > btrfs/inode: allow idmapped rename iop > btrfs/inode: allow idmapped getattr iop > btrfs/inode: allow idmapped mknod iop > btrfs/inode: allow idmapped create iop > btrfs/inode: allow idmapped mkdir iop > btrfs/inode: allow idmapped symlink iop > btrfs/inode: allow idmapped tmpfile iop > btrfs/inode: allow idmapped setattr iop > btrfs/inode: allow idmapped permission iop > btrfs/ioctl: check whether fs{g,u}id are mapped during subvolume > creation > btrfs/inode: allow idmapped BTRFS_IOC_{SNAP,SUBVOL}_CREATE{_V2} ioctl > btrfs/ioctl: allow idmapped BTRFS_IOC_SNAP_DESTROY{_V2} ioctl > btrfs/ioctl: relax restrictions for BTRFS_IOC_SNAP_DESTROY_V2 with > subvolids > btrfs/ioctl: allow idmapped BTRFS_IOC_SET_RECEIVED_SUBVOL{_32} ioctl > btrfs/ioctl: allow idmapped BTRFS_IOC_SUBVOL_SETFLAGS ioctl > btrfs/ioctl: allow idmapped BTRFS_IOC_INO_LOOKUP_USER ioctl > btrfs/acl: handle idmapped mounts > btrfs/super: allow idmapped btrfs > > arch/s390/hypfs/inode.c | 2 +- > drivers/android/binderfs.c | 4 +- > drivers/infiniband/hw/qib/qib_fs.c | 5 +- > fs/afs/dir.c | 2 +- > fs/afs/dir_silly.c | 2 +- > fs/afs/dynroot.c | 6 +- > fs/binfmt_misc.c | 2 +- > fs/btrfs/acl.c | 13 +++-- > fs/btrfs/ctree.h | 3 +- > fs/btrfs/inode.c | 62 +++++++++++--------- > fs/btrfs/ioctl.c | 94 ++++++++++++++++++++---------- > fs/btrfs/super.c | 2 +- > fs/cachefiles/namei.c | 9 +-- > fs/cifs/cifsfs.c | 3 +- > fs/debugfs/inode.c | 9 ++- > fs/ecryptfs/inode.c | 3 +- > fs/exportfs/expfs.c | 6 +- > fs/kernfs/mount.c | 4 +- > fs/namei.c | 32 ++++++---- > fs/nfs/unlink.c | 3 +- > fs/nfsd/nfs3xdr.c | 3 +- > fs/nfsd/nfs4recover.c | 7 ++- > fs/nfsd/nfs4xdr.c | 3 +- > fs/nfsd/nfsproc.c | 3 +- > fs/nfsd/vfs.c | 19 +++--- > fs/overlayfs/copy_up.c | 10 ++-- > fs/overlayfs/dir.c | 23 ++++---- > fs/overlayfs/export.c | 3 +- > fs/overlayfs/namei.c | 13 +++-- > fs/overlayfs/readdir.c | 12 ++-- > fs/overlayfs/super.c | 8 ++- > fs/overlayfs/util.c | 2 +- > fs/quota/dquot.c | 3 +- > fs/reiserfs/xattr.c | 14 ++--- > fs/tracefs/inode.c | 3 +- > include/linux/namei.h | 12 ++-- > ipc/mqueue.c | 5 +- > kernel/bpf/inode.c | 2 +- > security/apparmor/apparmorfs.c | 5 +- > security/inode.c | 2 +- > 40 files changed, 250 insertions(+), 168 deletions(-) > > > base-commit: e73f0f0ee7541171d89f2e2491130c7771ba58d3 >
On Tue, Jul 13, 2021 at 07:23:14PM +0800, Qu Wenruo wrote: > > > On 2021/7/13 下午7:13, Christian Brauner wrote: > > From: Christian Brauner <christian.brauner@ubuntu.com> > > > > Hey everyone, > > > > This series enables the creation of idmapped mounts on btrfs. > > Any doc on the "idmapped" part? Yes, I've written a long manpage for it that hasn't been merged for manpages yet. Things seem to move a little slow there currently: https://lore.kernel.org/linux-man/20210301093459.1876707-1-christian.brauner@ubuntu.com/ For an easily readable version you can also see: https://github.com/brauner/mount-idmapped > > Not familiar with that, the only thing I can thing of is from NFSv4 > idmapd, is that related or a completely new thing? Unrelated.
From: Christian Brauner <christian.brauner@ubuntu.com> Hey everyone, This series enables the creation of idmapped mounts on btrfs. On the list of filesystems btrfs was pretty high-up and requested quite often from userspace (cf. [1]). This series requires just a few changes to the vfs for specific lookup helpers that btrfs relies on to perform permission checking when looking up an inode. The changes are required to port some other filesystem as well. The conversion of the necessary btrfs internals was fairly straightforward. No invasive changes were needed. I've decided to split up the patchset into very small individual patches. This hopefully makes the series more readable and fairly easy to review. The overall changeset is quite small. All non-filesystem wide ioctls that peform permission checking based on inodes can be supported on idmapped mounts. There are really just a few restrictions. This should really only affect the deletion of subvolumes by subvolume id which can be used to delete any subvolume in the filesystem even though the caller might not even be able to see the subvolume under their mount. Other than that behavior on idmapped and non-idmapped mounts is identical for all enabled ioctls. The changeset has an associated new testsuite specific to btrfs. The core vfs operations that btrfs implements are covered by the generic idmapped mount testsuite. For the ioctls a new testsuite was added. It is sent alongside this patchset for ease of review but will very likely be merged independent of it. All patches are based on v5.14-rc1. The series can be pulled from: https://git.kernel.org/brauner/h/fs.idmapped.btrfs https://github.com/brauner/linux/tree/fs.idmapped.btrfs The xfstests can be pulled from: https://git.kernel.org/brauner/xfstests-dev/h/fs.idmapped.btrfs https://github.com/brauner/xfstests/tree/fs.idmapped.btrfs Note, the new btrfs xfstests patch is on top of a branch of mine containing a few more preliminary patches. So if you want to run the tests, please simply pull the branch and build from there. It's based on latest xfstests master. The series has been tested with xfstests including the newly added btrfs specific test. All tests pass. There were three unrelated failures that I observed: btrfs/219, btrfs/2020 and btrfs/235. All three also fail on earlier kernels without the patch series applied. Thanks! Christian [1]: https://github.com/systemd/systemd/pull/19438#discussion_r622807165 Christian Brauner (23): namei: handle mappings in lookup_one_len() namei: handle mappings in lookup_one_len_unlocked() namei: handle mappings in lookup_positive_unlocked() namei: handle mappings in try_lookup_one_len() btrfs/inode: handle idmaps in btrfs_new_inode() btrfs/inode: allow idmapped rename iop btrfs/inode: allow idmapped getattr iop btrfs/inode: allow idmapped mknod iop btrfs/inode: allow idmapped create iop btrfs/inode: allow idmapped mkdir iop btrfs/inode: allow idmapped symlink iop btrfs/inode: allow idmapped tmpfile iop btrfs/inode: allow idmapped setattr iop btrfs/inode: allow idmapped permission iop btrfs/ioctl: check whether fs{g,u}id are mapped during subvolume creation btrfs/inode: allow idmapped BTRFS_IOC_{SNAP,SUBVOL}_CREATE{_V2} ioctl btrfs/ioctl: allow idmapped BTRFS_IOC_SNAP_DESTROY{_V2} ioctl btrfs/ioctl: relax restrictions for BTRFS_IOC_SNAP_DESTROY_V2 with subvolids btrfs/ioctl: allow idmapped BTRFS_IOC_SET_RECEIVED_SUBVOL{_32} ioctl btrfs/ioctl: allow idmapped BTRFS_IOC_SUBVOL_SETFLAGS ioctl btrfs/ioctl: allow idmapped BTRFS_IOC_INO_LOOKUP_USER ioctl btrfs/acl: handle idmapped mounts btrfs/super: allow idmapped btrfs arch/s390/hypfs/inode.c | 2 +- drivers/android/binderfs.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 5 +- fs/afs/dir.c | 2 +- fs/afs/dir_silly.c | 2 +- fs/afs/dynroot.c | 6 +- fs/binfmt_misc.c | 2 +- fs/btrfs/acl.c | 13 +++-- fs/btrfs/ctree.h | 3 +- fs/btrfs/inode.c | 62 +++++++++++--------- fs/btrfs/ioctl.c | 94 ++++++++++++++++++++---------- fs/btrfs/super.c | 2 +- fs/cachefiles/namei.c | 9 +-- fs/cifs/cifsfs.c | 3 +- fs/debugfs/inode.c | 9 ++- fs/ecryptfs/inode.c | 3 +- fs/exportfs/expfs.c | 6 +- fs/kernfs/mount.c | 4 +- fs/namei.c | 32 ++++++---- fs/nfs/unlink.c | 3 +- fs/nfsd/nfs3xdr.c | 3 +- fs/nfsd/nfs4recover.c | 7 ++- fs/nfsd/nfs4xdr.c | 3 +- fs/nfsd/nfsproc.c | 3 +- fs/nfsd/vfs.c | 19 +++--- fs/overlayfs/copy_up.c | 10 ++-- fs/overlayfs/dir.c | 23 ++++---- fs/overlayfs/export.c | 3 +- fs/overlayfs/namei.c | 13 +++-- fs/overlayfs/readdir.c | 12 ++-- fs/overlayfs/super.c | 8 ++- fs/overlayfs/util.c | 2 +- fs/quota/dquot.c | 3 +- fs/reiserfs/xattr.c | 14 ++--- fs/tracefs/inode.c | 3 +- include/linux/namei.h | 12 ++-- ipc/mqueue.c | 5 +- kernel/bpf/inode.c | 2 +- security/apparmor/apparmorfs.c | 5 +- security/inode.c | 2 +- 40 files changed, 250 insertions(+), 168 deletions(-) base-commit: e73f0f0ee7541171d89f2e2491130c7771ba58d3