| Message ID | 20220621141454.2914719-1-brauner@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | introduce dedicated type for idmapped mounts | expand |
On Tue, Jun 21, 2022 at 04:14:46PM +0200, Christian Brauner wrote: > From: "Christian Brauner (Microsoft)" <brauner@kernel.org> > > Hey everyone, > > /* v2 */ > No major changes. The type got renamed since we agreed that the initial > name wasn't great. There are some typo fixes in the commit messages and > a few tweaks to the last commit and added Jan's rvb. > > This series starts to introduce a new vfs{g,u}id_t type. It allows to > distinguish {g,u}ids on idmapped mounts from filesystem k{g,u}ids. > > We leverage the type framework to increase the safety for filesystems > and the vfs when dealing with idmapped mounts. > > The series introduces the type and converts the setattr codepaths to > use the new type and associated helpers. > > Currently these codepaths place the value that will ultimately be > written to inode->i_{g,u}id into attr->ia_{g,u}id which allows to avoid > changing a few callsites. But there are drawbacks to this approach. > > As Linus rightly points out it makes some of the permission checks in > the attribute code harder to understand than they need and should be and > increases the probability for further issues. > > This series makes it so that the values will always be treated as being > mapped into the idmapped mount. Only when the filesystem object is > actually updated will the value be mapped into the filesystem idmapping. > > I first looked into this about ~7 months ago but put it on hold to focus > on the testsuite. Linus expressed the desire for something like this > last week so I got back to working on this. > > I'd like to get at least this first series in for v5.20. The conversion > can the continue until we can remove all the regular non-type safe > helpers and will only be left with the type safe helpers. > > Thanks! > Christian As I mentioned in my other responses I prefer to see comparisons with invalid ids always evaluate as not equal. You can take or leave that suggestion, but even without it this looks correct, and I think a separate type is a good change to avoid confusion. For all the patches, feel free to add: Reviewed-by: Seth Forshee <sforshee@digitalocean.com> Seth
From: "Christian Brauner (Microsoft)" <brauner@kernel.org> Hey everyone, /* v2 */ No major changes. The type got renamed since we agreed that the initial name wasn't great. There are some typo fixes in the commit messages and a few tweaks to the last commit and added Jan's rvb. This series starts to introduce a new vfs{g,u}id_t type. It allows to distinguish {g,u}ids on idmapped mounts from filesystem k{g,u}ids. We leverage the type framework to increase the safety for filesystems and the vfs when dealing with idmapped mounts. The series introduces the type and converts the setattr codepaths to use the new type and associated helpers. Currently these codepaths place the value that will ultimately be written to inode->i_{g,u}id into attr->ia_{g,u}id which allows to avoid changing a few callsites. But there are drawbacks to this approach. As Linus rightly points out it makes some of the permission checks in the attribute code harder to understand than they need and should be and increases the probability for further issues. This series makes it so that the values will always be treated as being mapped into the idmapped mount. Only when the filesystem object is actually updated will the value be mapped into the filesystem idmapping. I first looked into this about ~7 months ago but put it on hold to focus on the testsuite. Linus expressed the desire for something like this last week so I got back to working on this. I'd like to get at least this first series in for v5.20. The conversion can the continue until we can remove all the regular non-type safe helpers and will only be left with the type safe helpers. Thanks! Christian Christian Brauner (8): mnt_idmapping: add vfs{g,u}id_t fs: add two type safe mapping helpers fs: use mount types in iattr fs: introduce tiny iattr ownership update helpers fs: port to iattr ownership update helpers quota: port quota helpers mount ids security: pass down mount idmapping to setattr hook attr: port attribute changes to new types fs/attr.c | 70 +++++------ fs/ext2/inode.c | 8 +- fs/ext4/inode.c | 14 +-- fs/f2fs/file.c | 22 ++-- fs/f2fs/recovery.c | 10 +- fs/fat/file.c | 11 +- fs/jfs/file.c | 4 +- fs/ocfs2/file.c | 2 +- fs/open.c | 60 ++++++--- fs/overlayfs/copy_up.c | 4 +- fs/overlayfs/overlayfs.h | 12 +- fs/quota/dquot.c | 17 ++- fs/reiserfs/inode.c | 4 +- fs/xfs/xfs_iops.c | 14 ++- fs/zonefs/super.c | 2 +- include/linux/evm.h | 6 +- include/linux/fs.h | 132 +++++++++++++++++++- include/linux/mnt_idmapping.h | 195 ++++++++++++++++++++++++++++++ include/linux/quotaops.h | 15 ++- include/linux/security.h | 8 +- security/integrity/evm/evm_main.c | 12 +- security/security.c | 5 +- 22 files changed, 490 insertions(+), 137 deletions(-) base-commit: a111daf0c53ae91e71fd2bfe7497862d14132e3e