From patchwork Fri Apr 15 11:02:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814717
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 32F87C4321E
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:02:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352055AbiDOKEo (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:04:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38242 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231634AbiDOKEm (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:04:42 -0400
Received: from mail1.bemta34.messagelabs.com (mail1.bemta34.messagelabs.com
 [195.245.231.2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8425BB092;
        Fri, 15 Apr 2022 03:02:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650016932; i=@fujitsu.com;
        bh=L39Zc6T31yhBdlKZJPZn+8BfrmfPaBm119Jec/uhYAA=;
        h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
        b=KGvEO1qDW1f7azgJxx4j/+vZ2wx+7xAoJHrGP8SIABs1QyibzCU0Eu+sst64JFFUd
         uoboTag2Us2lj1U3zBuUr9qD5LNaDeziHsm0xXGcud5q+THMHqkvgvtm80DQGU8qxV
         12U96NqGkvSu9AKK5sCm2+adWDnE1Jex7TLtva7jZB0mBzBfb4XWPlBinG8qqHXgwZ
         /z//E4n9LnnOkBjMxigTrXldz0mhwCaNOlr2JeHyChWw6Oj9oMszJIzbut/8yw+g2I
         /TIsxMtEhhFnL8jGRG4wb5mDxkS8Xv8yyk1hRkqDyn/+K4YYSPKkDdsII8lGXGcZMo
         9KFsvBT8vyp6Q==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrBIsWRWlGSWpSXmKPExsViZ8MxSXexU2S
  SwZtZkhavD39itPhwcxKTxZZj9xgtLj/hs/i5bBW7xZ69J1ksLhw4zWqx688Odovzf4+zOnB6
  nFok4bFpVSebx+dNch6bnrxlCmCJYs3MS8qvSGDNuH1tE2PBY6GKu8suMTYwPuXvYuTkEBLYw
  ijxY4pZFyMXkL2ASWLW+x1MEM4eRomPTY9YQKrYBDQlnnUuYAaxRQRcJBZOWM8IUsQscIVR4n
  r7HLCEsEC6RMuhr+wgNouAqsSUA/vZQGxeAU+JWee2gg2SEFCQmPLwPTNEXFDi5MwnYHFmAQm
  Jgy9eMEPUKEpc6vjGCGFXSMya1cYEYatJXD23iXkCI/8sJO2zkLQvYGRaxWidVJSZnlGSm5iZ
  o2toYKBraGiqa2ypa2RorJdYpZuol1qqW55aXKJrpJdYXqyXWlysV1yZm5yTopeXWrKJERgBK
  cXqV3cwbl71U+8QoyQHk5Io71vRyCQhvqT8lMqMxOKM+KLSnNTiQ4wyHBxKErx/7YFygkWp6a
  kVaZk5wGiESUtw8CiJ8IZaA6V5iwsSc4sz0yFSpxgVpcR5lRyBEgIgiYzSPLg2WAK4xCgrJcz
  LyMDAIMRTkFqUm1mCKv+KUZyDUUmY9xvIFJ7MvBK46a+AFjMBLf62KhRkcUkiQkqqgWm2zIMr
  BTor8v9dSTppq8/YfMI97NXhZYInZIsj3F8ke9+Y9TajUqDv6/4zxWLCsddfNRjoHvy5csGMh
  668UxrMS2cdSP/5m/FmwFG/F8ufVh+tiJdKsIx05Lq19qOKy//1r65XBti0ps84dnL2dJk3sa
  s+nDxTo3+MLbPv4M86mSNcXB0r3/j+4F59y9as6bDxzh9Hr+mWFs8wSLx4c9m8/qrHS4tXO0/
  rjtOs+29qafIw995V8dd6jAvLjprMrQg+35z1XTw282HmmqmL9/tkPpmf9c5NuerZ2vfLT0oX
  cj8/GJV0/viDb8dFUiXjQs0PlvyTyzwY01b8oaF7uW/T5KCWSSE3DK7NXVS4KVBGiaU4I9FQi
  7moOBEA/dcPcnsDAAA=
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-23.tower-548.messagelabs.com!1650016931!58992!1
X-Originating-IP: [62.60.8.146]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 12238 invoked from network); 15 Apr 2022 10:02:11 -0000
Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146)
  by server-23.tower-548.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:02:11 -0000
Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1])
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id 05119100475;
        Fri, 15 Apr 2022 11:02:11 +0100 (BST)
Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id
 EBDD2100467;
        Fri, 15 Apr 2022 11:02:10 +0100 (BST)
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:01:45 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 1/7] fs/inode: move sgid strip operation from
 inode_init_owner into inode_sgid_strip
Date: Fri, 15 Apr 2022 19:02:17 +0800
Message-ID: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
X-Virus-Scanned: ClamAV using ClamSMTP
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

This has no functional change. Just create and export inode_sgid_strip api for
the subsequent patch. This function is used to strip S_ISGID mode when init
a new inode.

Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
v2->v3:
1.Use const struct inode * instead of struct inode *
2.replace sgid strip with inode_sgid_strip in a single patch
 fs/inode.c         | 24 ++++++++++++++++++++----
 include/linux/fs.h |  3 ++-
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index 9d9b422504d1..1b569ad882ce 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -2246,10 +2246,8 @@ void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode,
 		/* Directories are special, and always inherit S_ISGID */
 		if (S_ISDIR(mode))
 			mode |= S_ISGID;
-		else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
-			 !in_group_p(i_gid_into_mnt(mnt_userns, dir)) &&
-			 !capable_wrt_inode_uidgid(mnt_userns, dir, CAP_FSETID))
-			mode &= ~S_ISGID;
+		else
+			inode_sgid_strip(mnt_userns, dir, &mode);
 	} else
 		inode_fsgid_set(inode, mnt_userns);
 	inode->i_mode = mode;
@@ -2405,3 +2403,21 @@ struct timespec64 current_time(struct inode *inode)
 	return timestamp_truncate(now, inode);
 }
 EXPORT_SYMBOL(current_time);
+
+void inode_sgid_strip(struct user_namespace *mnt_userns,
+		      const struct inode *dir, umode_t *mode)
+{
+	if (!dir || !(dir->i_mode & S_ISGID))
+		return;
+	if ((*mode & (S_ISGID | S_IXGRP)) != (S_ISGID | S_IXGRP))
+		return;
+	if (S_ISDIR(*mode))
+		return;
+	if (in_group_p(i_gid_into_mnt(mnt_userns, dir)))
+		return;
+	if (capable_wrt_inode_uidgid(mnt_userns, dir, CAP_FSETID))
+		return;
+
+	*mode &= ~S_ISGID;
+}
+EXPORT_SYMBOL(inode_sgid_strip);
diff --git a/include/linux/fs.h b/include/linux/fs.h
index bbde95387a23..4a617aaab6f6 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1897,7 +1897,8 @@ extern long compat_ptr_ioctl(struct file *file, unsigned int cmd,
 void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode,
 		      const struct inode *dir, umode_t mode);
 extern bool may_open_dev(const struct path *path);
-
+void inode_sgid_strip(struct user_namespace *mnt_userns,
+		      const struct inode *dir, umode_t *mode);
 /*
  * This is the "filldir" function type, used by readdir() to let
  * the kernel specify what kind of dirent layout it wants to have.

From patchwork Fri Apr 15 11:02:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814716
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 768B8C43217
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:02:18 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352044AbiDOKEn (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:04:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38246 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352028AbiDOKEm (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:04:42 -0400
Received: from mail1.bemta36.messagelabs.com (mail1.bemta36.messagelabs.com
 [85.158.142.113])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E60A7BB096;
        Fri, 15 Apr 2022 03:02:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650016932; i=@fujitsu.com;
        bh=YW2t31SigmRnYDSTgB+T1pJcLO8aD2sH2Tq7Mun3OFc=;
        h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=kx1S6IfwrNptAnxOZNBs2rUbCoMO5nDfeqdG5YaHFBsgvurrQvuK+v5olv357rKsj
         JGypxZpZP8ykQS6qsfTdQYVukQH765B/w0apyIcBq+vHGZn8y4R/2DCxRlUtZeaM5C
         nPVH8dEDIDZP/LFCPpe3nzpH0X3feITqsVf/7YLXbqzTf7b4siG6/9bJJzAhVGZW3S
         HWyruIJcXvHsN4/m1HxD98WLJWtMajmW3pUd1oFz34zRx3bNwcWo8GsHN+0mLxU2zE
         A91+kcpueuKjDTstvAzwPz2AdDr5PIWdanzzL6y20yK+bxCQksPQb+VvWJR1cEV1cg
         N8DOoz9YY220Q==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpileJIrShJLcpLzFFi42Kxs+GYpLvYKTL
  J4O8OBYvXhz8xWny4OYnJYsuxe4wWl5/wWfxctordYs/ekywWFw6cZrXY9WcHu8X5v8dZHTg9
  Ti2S8Ni0qpPN4/MmOY9NT94yBbBEsWbmJeVXJLBmLP2znLFgPlvFrkPzmBsY17F2MXJxCAlsY
  ZT4v2Y7cxcjJ5CzgEli15wciMQeRolrrd/YQBJsApoSzzoXgBWJCLhILJywnhGkiFngCqPE9f
  Y5YAlhAS+JPVsaWUFsFgFViV1T94PZvAKeEt9nfGUBsSUEFCSmPHwPVM/BwQlU//9sLcRiT4m
  pky6zQZQLSpyc+QSsnFlAQuLgixfMEK2KEpc6vjFC2BUSs2a1MUHYahJXz21insAoOAtJ+ywk
  7QsYmVYx2iUVZaZnlOQmZuboGhoY6BoamuqaWeoamprpJVbpJuqlluomp+aVFCUCpfUSy4v1U
  ouL9Yorc5NzUvTyUks2MQKjJqXYdc4Oxgt9P/UOMUpyMCmJ8r4VjUwS4kvKT6nMSCzOiC8qzU
  ktPsQow8GhJMH71x4oJ1iUmp5akZaZA4xgmLQEB4+SCG+oNVCat7ggMbc4Mx0idYpRUUqcVxg
  Y90ICIImM0jy4NljSuMQoKyXMy8jAwCDEU5BalJtZgir/ilGcg1FJmPebI9AUnsy8Erjpr4AW
  MwEt/rYqFGRxSSJCSqqBqbxFOvPIlul5siv0wreIlL09k2OS9lT48/K/vb53bY27ylq0azPP+
  md7reWJ3JhyzDVGRnBeg9x7/s1tzzXqLZdnVtVoGl7u71AWavJQXe7wSKQ5t+Bo4ylZ/0+vu6
  c6iC5w2fwy1DPw4S/Hm/dXcvy4d3nvnsVNf508vC6f+bn++edLRX55FbkFf3uOGByKUzvIUmr
  Wo+trsNGbs/qbo9cHW6Z1JhfVz/Q+ct1TtTNab6HPFqlY36prxofZrTYbGyrL6O7g05226EJC
  uu4djTWb19us7VSzbXhd2B2qaymsIv3x4EOHCSeVxef4PXQ6sa++0vvaQRXHbXP7Z7zenbj5W
  5ak2tfY2xzqC22UWIozEg21mIuKEwHD8+6ylQMAAA==
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-8.tower-532.messagelabs.com!1650016931!56198!1
X-Originating-IP: [62.60.8.146]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 29816 invoked from network); 15 Apr 2022 10:02:11 -0000
Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146)
  by server-8.tower-532.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:02:11 -0000
Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1])
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id 08451100478;
        Fri, 15 Apr 2022 11:02:11 +0100 (BST)
Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id
 EF9B6100471;
        Fri, 15 Apr 2022 11:02:10 +0100 (BST)
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:02:00 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 2/7] fs/namei.c: Add missing umask strip in vfs_tmpfile
Date: Fri, 15 Apr 2022 19:02:18 +0800
Message-ID: <1650020543-24908-2-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
References: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
X-Virus-Scanned: ClamAV using ClamSMTP
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

If underflying filesystem doesn't enable own CONFIG_FS_POSIX_ACL, then
posix_acl_create can't be called. So we will miss umask strip, ie
use ext4 with noacl or disblae CONFIG_EXT4_FS_POSIX_ACL.

Reported-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
 fs/namei.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/namei.c b/fs/namei.c
index 3f1829b3ab5b..bbc7c950bbdc 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3521,6 +3521,8 @@ struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns,
 	child = d_alloc(dentry, &slash_name);
 	if (unlikely(!child))
 		goto out_err;
+	if (!IS_POSIXACL(dir))
+		mode &= ~current_umask();
 	error = dir->i_op->tmpfile(mnt_userns, dir, child, mode);
 	if (error)
 		goto out_err;

From patchwork Fri Apr 15 11:02:19 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814718
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8DB6BC4332F
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:02:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352070AbiDOKFQ (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:05:16 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38594 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352075AbiDOKFN (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:05:13 -0400
Received: from mail1.bemta34.messagelabs.com (mail1.bemta34.messagelabs.com
 [195.245.231.4])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64E99BB096;
        Fri, 15 Apr 2022 03:02:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650016963; i=@fujitsu.com;
        bh=P+f9EIyUEbljZpZHlSR64Os55fmb75i3xES1pwHH2Mo=;
        h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=f52fZ/6Q6Q8vmwWotVd+qslURKbGpSCXzOhJANQu8rxIQMzdvxk9HzflJV56l/PV1
         t3vF2CzJp7XUVagcojTNFs2ltCcgkwxHsqhFFb52LaltnrnNorChf4fiHoNEojZF/c
         oPC7cnrsdjAH1G2oXltBgKuwhixO7wEGyo8nEjbmKPTrhWhGxw6TpQwLCnDjoEYT60
         mdzXdUbNevzRTGpK7Rt2RWdUsu9EQgOKNY7+c/FtWBbSoK/aWbj9IXdS3fYVL1mg3s
         A86KC53AsjmmqUecFr0vqSPv3ODcX0YBjptBtn/UZc0/apQJwd2J29dyR/txVf3WG0
         UR8oqOVIrSqUQ==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupgleJIrShJLcpLzFFi42Kxs+FI1D3sFJl
  k8OQUo8Xrw58YLT7cnMRkseXYPUaLy0/4LH4uW8VusWfvSRaLCwdOs1rs+rOD3eL83+OsDpwe
  pxZJeGxa1cnm8XmTnMemJ2+ZAliiWDPzkvIrElgzJratZS/4y1Wx+mp4A+NCzi5GTg4hgS2ME
  t92eUHYC5gkuv/bdjFyAdl7GCX+bTrBApJgE9CUeNa5gBnEFhFwkVg4YT0jSBGzwBVGievtc8
  ASwgKJEhc3LwRrYBFQlWh7+IsVxOYV8JRoa1jMBGJLCChITHn4Hqieg4NTwEvi/9laiMWeElM
  nXWaDKBeUODnzCdgYZgEJiYMvXjBDtCpKXOr4xghhV0jMmtUGNVJN4uq5TcwTGAVnIWmfhaR9
  ASPTKkarpKLM9IyS3MTMHF1DAwNdQ0NTXWNLXVMjvcQq3US91FLd8tTiEl0gt7xYL7W4WK+4M
  jc5J0UvL7VkEyMwUlKK1U12MHav/Kl3iFGSg0lJlPetaGSSEF9SfkplRmJxRnxRaU5q8SFGGQ
  4OJQnev/ZAOcGi1PTUirTMHGDUwqQlOHiURHhDrYHSvMUFibnFmekQqVOMuhxrGw7sZRZiycv
  PS5US5xUGpgAhAZCijNI8uBGwBHKJUVZKmJeRgYFBiKcgtSg3swRV/hWjOAejkjCvMcgUnsy8
  ErhNr4COYAI64tuqUJAjShIRUlINTFmfN1ys2lKjp1iRLRh9J2C9Uiez6KfZR3/uvf5ty9GLH
  IJ5RzM+l4bOzDn3xD5bZPnerrci8iUxjsGLmMv0F/xYJvSx435F7quzc1zdHDjPzW0KkZY89r
  hkdYjJzYeJB55Iyy3e57nLeJaJTPKNyH/ZpxWjO2Wrs6vaJX8r/503Zb++DH/L4YU6O1ccXXH
  7ztZDVv/kthx87fs4m/Hb5Sldz3X+iX4x90hl677C+nLeyhWht9Um/51wsXnGBN+U6cYckwPF
  9/zzvxe7Z6e3zROJKo/cLO/bzDqPG7vvxWz7PjGydV6XtIzF8ql/lC61NEZbh3SaGK56fq/bt
  q01VkA6Me+p0DR7+1y2T1fzE5VYijMSDbWYi4oTAcw7kSmbAwAA
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-10.tower-548.messagelabs.com!1650016962!59551!1
X-Originating-IP: [62.60.8.97]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 31119 invoked from network); 15 Apr 2022 10:02:43 -0000
Received: from unknown (HELO n03ukasimr01.n03.fujitsu.local) (62.60.8.97)
  by server-10.tower-548.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:02:43 -0000
Received: from n03ukasimr01.n03.fujitsu.local (localhost [127.0.0.1])
        by n03ukasimr01.n03.fujitsu.local (Postfix) with ESMTP id 94DA21001A2;
        Fri, 15 Apr 2022 11:02:42 +0100 (BST)
Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by n03ukasimr01.n03.fujitsu.local (Postfix) with ESMTPS id
 86E7310004E;
        Fri, 15 Apr 2022 11:02:42 +0100 (BST)
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:02:17 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 3/7] xfs: Only do posix acl setup/release operation under
 CONFIG_XFS_POSIX_ACL
Date: Fri, 15 Apr 2022 19:02:19 +0800
Message-ID: <1650020543-24908-3-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
References: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
X-Virus-Scanned: ClamAV using ClamSMTP
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

Usually, filesystem will use a function named as fs_init_acl function that belong
to acl.c and this function is externed in acl.h by using CONFIG_FS_POSIX_ACL.

If filesystem disable this switch, we should not call xfs_set_acl also not call
posix_acl_create/posix_acl_release because it is useless(We have do umask
strip in vfs).

Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 fs/xfs/xfs_iops.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
index b34e8e4344a8..9487e68bdd3d 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -146,10 +146,12 @@ xfs_create_need_xattr(
 	struct posix_acl *default_acl,
 	struct posix_acl *acl)
 {
+#ifdef CONFIG_XFS_POSIX_ACL
 	if (acl)
 		return true;
 	if (default_acl)
 		return true;
+#endif
 #if IS_ENABLED(CONFIG_SECURITY)
 	if (dir->i_sb->s_security)
 		return true;
@@ -184,9 +186,11 @@ xfs_generic_create(
 		rdev = 0;
 	}
 
+#ifdef CONFIG_XFS_POSIX_ACL
 	error = posix_acl_create(dir, &mode, &default_acl, &acl);
 	if (error)
 		return error;
+#endif
 
 	/* Verify mode is valid also for tmpfile case */
 	error = xfs_dentry_mode_to_name(&name, dentry, mode);
@@ -241,8 +245,10 @@ xfs_generic_create(
 	xfs_finish_inode_setup(ip);
 
  out_free_acl:
+#ifdef CONFIG_XFS_POSIX_ACL
 	posix_acl_release(default_acl);
 	posix_acl_release(acl);
+#endif
 	return error;
 
  out_cleanup_inode:

From patchwork Fri Apr 15 11:02:20 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814734
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 81B20C433F5
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:03:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352086AbiDOKFm (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:05:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39202 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352069AbiDOKFk (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:05:40 -0400
Received: from mail1.bemta34.messagelabs.com (mail1.bemta34.messagelabs.com
 [195.245.231.4])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B353BB083;
        Fri, 15 Apr 2022 03:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650016990; i=@fujitsu.com;
        bh=jvyr5zTg5fIxJzLCbvkKxPjtKUEx6nOlVugEaKagNVE=;
        h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=DRWU0iSNpftPbKO6rRT1pu2zTj+HI7lybk8l3DZrhUh9pUEXfIoGLIQRnkW7xJZCl
         GgqHMosyFfjS8XawSnwKBXUX75QYpRlPNZUvUZTxcXYEAvBWmXObrx6lLz/AjiJxyL
         aVMtX0t8D94duqpYPGboMgUv4W/dBEifNZ202bOJ7JTFWPjvkXYMZqs43GCfhIxhc8
         aKVard0Yu0DOnEWWSH12mdW12vEtov6d520bkGsv5T9r5QXKAqss6m8Jq5eKLYHMJS
         EmdmGIVISlpIOwCh5+lEGSCbVYhwd1X93O8vrO3r7f5bPlMBVVPx5ZPIdk7LkkIPUY
         KEdpHA4v0Q5TA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRWlGSWpSXmKPExsViZ8MxSfeeU2S
  SweMJbBavD39itPhwcxKTxZZj9xgtLj/hs/i5bBW7xZ69J1ksLhw4zWqx688Odovzf4+zOnB6
  nFok4bFpVSebx+dNch6bnrxlCmCJYs3MS8qvSGDNeL5/IUvBSvmK0+svsTcwXpTqYuTiEBLYw
  igxvXs2I4SzgEliy9lfbF2MnEDOHkaJGeujQGw2AU2JZ50LmEFsEQEXiYUT1oM1MAtcYZS43j
  4HLCEsEC/xZdZkFhCbRUBVovnrO3YQm1fAU+L5wwYwW0JAQWLKw/dA9RwcnAJeEv/P1kLs8pS
  YOukyG0S5oMTJmU/AxjALSEgcfPGCGaJVUeJSxzdGCLtCYtasNiYIW03i6rlNzBMYBWchaZ+F
  pH0BI9MqRqukosz0jJLcxMwcXUMDA11DQ1NdY0tdUyO9xCrdRL3UUt3y1OISXSC3vFgvtbhYr
  7gyNzknRS8vtWQTIzBaUorVTXYwdq/8qXeIUZKDSUmU961oZJIQX1J+SmVGYnFGfFFpTmrxIU
  YZDg4lCd6/9kA5waLU9NSKtMwcYOTCpCU4eJREeEOtgdK8xQWJucWZ6RCpU4yKUuK8wsB4FxI
  ASWSU5sG1wZLFJUZZKWFeRgYGBiGegtSi3MwSVPlXjOIcjErCvMYgU3gy80rgpr8CWswEtPjb
  qlCQxSWJCCmpBqak6/0TbC5f7syW9dweseFfnfA0x9ypYUIi7Cc6XFbU+NiY+PwIfGzUO0+B2
  d4qu33agltp2vY73+sVn2ByYdvY1/b1+/c4lfN/Hi3uNjHr8bLc37HKn7tj4paJkW+8nSNnW1
  y7dHTtMWm9vqPqP3Vas6erC32a9WbRhkD5if+LMpO3npzlbPHvgJyhmmzZxrAJ6qEmO6Vllr6
  crNDDHPwvyUA+MjBf0yAponIjn/eU/nlh72dtONzD5xKk8YpnffiWRet+L1m1bKK7VWrXsQBX
  y4WL5Ca/13ppdeLcFv/p+yL3bFrWL1J35vjaqW0OK5bcqJtbw1Mh8uT+tMslMg0iSpIdv7cn9
  m23mCQv2qzEUpyRaKjFXFScCAAxvgIgkQMAAA==
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-10.tower-565.messagelabs.com!1650016989!56017!1
X-Originating-IP: [62.60.8.146]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 12386 invoked from network); 15 Apr 2022 10:03:10 -0000
Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146)
  by server-10.tower-565.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:03:10 -0000
Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1])
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id A919F10047A;
        Fri, 15 Apr 2022 11:03:09 +0100 (BST)
Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id
 9BC31100467;
        Fri, 15 Apr 2022 11:03:09 +0100 (BST)
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:02:44 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 4/7] nfs3: Only do posix acl setup/release operation under
 CONFIG_NFS_V3_ACL
Date: Fri, 15 Apr 2022 19:02:20 +0800
Message-ID: <1650020543-24908-4-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
References: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
X-Virus-Scanned: ClamAV using ClamSMTP
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

Usually, filesystem will use a function named as fs_init_acl function that belong
to acl.c and this function is externed in acl.h by using CONFIG_FS_POSIX_ACL.

If filesystem disable this switch, we should not call nfs3_proc_setacls also not
call posix_acl_create/posix_acl_release because it is useless(We have do umask
strip in vfs).

Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 fs/nfs/nfs3proc.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
index 1597eef40d54..55789a625d18 100644
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -337,7 +337,9 @@ static int
 nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 		 int flags)
 {
+#ifdef CONFIG_NFS_V3_ACL
 	struct posix_acl *default_acl, *acl;
+#endif
 	struct nfs3_createdata *data;
 	struct dentry *d_alias;
 	int status = -ENOMEM;
@@ -361,9 +363,11 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 		data->arg.create.verifier[1] = cpu_to_be32(current->pid);
 	}
 
+#ifdef CONFIG_NFS_V3_ACL
 	status = posix_acl_create(dir, &sattr->ia_mode, &default_acl, &acl);
 	if (status)
 		goto out;
+#endif
 
 	for (;;) {
 		d_alias = nfs3_do_create(dir, dentry, data);
@@ -415,13 +419,18 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 			goto out_dput;
 	}
 
+#ifdef CONFIG_NFS_V3_ACL
 	status = nfs3_proc_setacls(d_inode(dentry), acl, default_acl);
+#endif
 
 out_dput:
 	dput(d_alias);
+
 out_release_acls:
+#ifdef CONFIG_NFS_V3_ACL
 	posix_acl_release(acl);
 	posix_acl_release(default_acl);
+#endif
 out:
 	nfs3_free_createdata(data);
 	dprintk("NFS reply create: %d\n", status);
@@ -580,7 +589,9 @@ nfs3_proc_symlink(struct inode *dir, struct dentry *dentry, struct page *page,
 static int
 nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
 {
+#ifdef CONFIG_NFS_V3_ACL
 	struct posix_acl *default_acl, *acl;
+#endif
 	struct nfs3_createdata *data;
 	struct dentry *d_alias;
 	int status = -ENOMEM;
@@ -591,9 +602,11 @@ nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
 	if (data == NULL)
 		goto out;
 
+#ifdef CONFIG_NFS_V3_ACL
 	status = posix_acl_create(dir, &sattr->ia_mode, &default_acl, &acl);
 	if (status)
 		goto out;
+#endif
 
 	data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_MKDIR];
 	data->arg.mkdir.fh = NFS_FH(dir);
@@ -610,12 +623,16 @@ nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
 	if (d_alias)
 		dentry = d_alias;
 
+#ifdef CONFIG_NFS_V3_ACL
 	status = nfs3_proc_setacls(d_inode(dentry), acl, default_acl);
-
+#endif
 	dput(d_alias);
+
 out_release_acls:
+#ifdef CONFIG_NFS_V3_ACL
 	posix_acl_release(acl);
 	posix_acl_release(default_acl);
+#endif
 out:
 	nfs3_free_createdata(data);
 	dprintk("NFS reply mkdir: %d\n", status);
@@ -711,7 +728,9 @@ static int
 nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 		dev_t rdev)
 {
+#ifdef CONFIG_NFS_V3_ACL
 	struct posix_acl *default_acl, *acl;
+#endif
 	struct nfs3_createdata *data;
 	struct dentry *d_alias;
 	int status = -ENOMEM;
@@ -723,9 +742,11 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 	if (data == NULL)
 		goto out;
 
+#ifdef CONFIG_NFS_V3_ACL
 	status = posix_acl_create(dir, &sattr->ia_mode, &default_acl, &acl);
 	if (status)
 		goto out;
+#endif
 
 	data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_MKNOD];
 	data->arg.mknod.fh = NFS_FH(dir);
@@ -760,12 +781,16 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 	if (d_alias)
 		dentry = d_alias;
 
+#ifdef CONFIG_NFS_V3_ACL
 	status = nfs3_proc_setacls(d_inode(dentry), acl, default_acl);
-
+#endif
 	dput(d_alias);
+
 out_release_acls:
+#ifdef CONFIG_NFS_V3_ACL
 	posix_acl_release(acl);
 	posix_acl_release(default_acl);
+#endif
 out:
 	nfs3_free_createdata(data);
 	dprintk("NFS reply mknod: %d\n", status);

From patchwork Fri Apr 15 11:02:21 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814735
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D3C6AC4332F
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:03:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352102AbiDOKFt (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:05:49 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39278 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352091AbiDOKFq (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:05:46 -0400
Received: from mail1.bemta32.messagelabs.com (mail1.bemta32.messagelabs.com
 [195.245.230.65])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 331F7BB0AA;
        Fri, 15 Apr 2022 03:03:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650016996; i=@fujitsu.com;
        bh=umWvxw61hLIrbg/P5jUPIscneWN2fsBQmpr2GWuMT1w=;
        h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=N9X5mnLhce+1t4S94dAZ23gA4neRsLoDqT9V4/dqE0sRcq8/eHi5rAcr/5ELDTNc6
         tEYc5RwuuWPa8QbtTopuztzK6/zHn2Odf+CYNzzuBJN/jM8yvrdVTBva/eqCFbtxaC
         f+dEZVLXYEta9KFRIS84+DDgn/H0++ZIJMzbjv9B4UD9q+0loLgekmAqpJK88ZFML1
         j2O0rimxUTCt4dDGYNqPyOfQZK/jOfXW9PAbSVmjk4TqFoiVJx6x/KiDs01jIMK8Qg
         Jvql/fFjm/QgsmrFTABbcWK10SojGQobVwryppeZIFrgrhbWi/qj/RGiLA057J0ZrN
         yBeehB+HU3Alg==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrGIsWRWlGSWpSXmKPExsViZ8MRovvYKTL
  J4GKDnsXrw58YLT7cnMRkseXYPUaLy0/4LH4uW8VusWfvSRaLCwdOs1rs+rOD3eL83+OsDpwe
  pxZJeGxa1cnm8XmTnMemJ2+ZAliiWDPzkvIrElgzHqx8zFbQy1Ex8dZstgbG32xdjFwcQgKvG
  SUeXj/GBOHsYZTY//EhSxcjJwebgKbEs84FzCC2iICLxMIJ6xlBipgFXjFKTN87A6xIWMBc4v
  Caf2A2i4CqxJ/jK9lAbF4BT4ndD2+wgtgSAgoSUx6+BxrEwcEp4CXx/2wtSFgIqGTqpMtQ5YI
  SJ2c+ARvDLCAhcfDFC2aIVkWJSx3fGCHsColZs9qYJjDyz0LSMgtJywJGplWMVklFmekZJbmJ
  mTm6hgYGuoaGprpA0tREL7FKN1EvtVS3PLW4RNdQL7G8WC+1uFivuDI3OSdFLy+1ZBMjMPhTi
  hlm7WCc1fdT7xCjJAeTkijvW9HIJCG+pPyUyozE4oz4otKc1OJDjDIcHEoSvH/tgXKCRanpqR
  VpmTnASIRJS3DwKInwhloDpXmLCxJzizPTIVKnGBWlxHmFgfErJACSyCjNg2uDRf8lRlkpYV5
  GBgYGIZ6C1KLczBJU+VeM4hyMSsK8xiBTeDLzSuCmA+MG6GYR3m+rQkEWlyQipKQamM6rKDAF
  hLh4M8/Lq7tfF5cns3GR0XXdNRomP15x7Jz69et2sXMmCtlpSo0/X63snpv2sbDF6On9fyLe0
  7gfhpo9uio5wbT47PKvBfrV/37oz1n9nUO59Me1C3+kuZy620QXbE11LS4S3LAyL/zy4ZLuzE
  gLY6sbq3szlx/Nj/uwOC42M1CR64LlbJ+uh5Lvzog3Ku6d/KwwwXEJH9uS7qeyfGXfF/FnPdH
  j+1vqJXDpy2HGXftuS+RkPvN18dvbwtwT8MLGrFP86rsjR7L37tNUij5/44ipbZb2Zn+Lp2cc
  Pmc6HfV/xnbb3Frg75SkmfXmWgXGofwSGxmTrDbyFGTo5ixX+bUsq4Bz6dGvSizFGYmGWsxFx
  YkAQ7iXxHkDAAA=
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-12.tower-587.messagelabs.com!1650016995!55935!1
X-Originating-IP: [62.60.8.84]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 16905 invoked from network); 15 Apr 2022 10:03:15 -0000
Received: from unknown (HELO mailhost3.uk.fujitsu.com) (62.60.8.84)
  by server-12.tower-587.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:03:15 -0000
Received: from R01UKEXCASM126.r01.fujitsu.local ([10.183.43.178])
        by mailhost3.uk.fujitsu.com (8.14.5/8.14.5) with ESMTP id
 23FA3Fer019126
        (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL);
        Fri, 15 Apr 2022 11:03:15 +0100
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:03:10 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 5/7] fs: Add new helper prepare_mode
Date: Fri, 15 Apr 2022 19:02:21 +0800
Message-ID: <1650020543-24908-5-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
References: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

As Christian Brauner suggested, add a new helper calls inode_sgid_strip()
and does the umask stripping as well and then call it in all these places.

This api is introduced to support strip file's S_ISGID mode on vfs instead
of on underlying filesystem.

Suggested-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 include/linux/fs.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 4a617aaab6f6..8c2f4cde974b 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3458,6 +3458,15 @@ static inline bool dir_relax_shared(struct inode *inode)
 	return !IS_DEADDIR(inode);
 }
 
+static inline void prepare_mode(struct user_namespace *mnt_userns,
+				const struct inode *dir, umode_t *mode)
+{
+	inode_sgid_strip(mnt_userns, dir, mode);
+
+	if (!IS_POSIXACL(dir))
+		*mode &= ~current_umask();
+}
+
 extern bool path_noexec(const struct path *path);
 extern void inode_nohighmem(struct inode *inode);
 

From patchwork Fri Apr 15 11:02:22 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814736
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72391C433F5
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:03:58 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352092AbiDOKGX (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:06:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39872 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1350085AbiDOKGW (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:06:22 -0400
Received: from mail1.bemta32.messagelabs.com (mail1.bemta32.messagelabs.com
 [195.245.230.1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DE8CBB90D;
        Fri, 15 Apr 2022 03:03:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650017031; i=@fujitsu.com;
        bh=JYxOrOmzPww5e/cvLOKV4C/Tg6MwUBO/ELdaoQEDCRM=;
        h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=IIzAzF0BB4MtWZCaiEmit0gw0RqVsGWaxuI0H11xR4nY6K5uy5tPRIx1SC0ahqSup
         na5S5F/Iu4/EMnA6m5Y8fhwQrKJ6qA0Glk4jS4MkKZpf+cvSMeML/0Ddh5OeQsu/EZ
         thfd2FlziGwcQbMq9/OVH6uOQVvfnvMV7dBIeowHkJ2n9aUE7UnO9Ax+2+FU3Zu2mk
         61C+IdSc1B6lOj9veXrmzP126GKMeV7La5E0xhCTWb4IPnYzYU7c4E21Jr77ZSGKgs
         jwL4ej5AoyL0wFmxzU8uLD82SJtaYDSG2IUxSiIAYDmjzb7MUkVfqxmVXRomfu2fNz
         y8h/SdS0M7hUg==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDIsWRWlGSWpSXmKPExsViZ8MxRZfdOTL
  J4EuoxevDnxgtPtycxGSx5dg9RovLT/gsfi5bxW6xZ+9JFosLB06zWuz6s4Pd4vzf46wOnB6n
  Fkl4bFrVyebxeZOcx6Ynb5kCWKJYM/OS8isSWDPu3LzDVHDftuLmo/1sDYwvjbsYuTiEBF4zS
  nyfeYoJwtnDKPH10C/GLkZODjYBTYlnnQuYQWwRAReJhRPWM4IUMQu8YpSYvncGC0hCWCBB4l
  XXTNYuRg4OFgFVidVLCkHCvAKeEse3n2QHsSUEFCSmPHzPDFLCKeAl8f9sLUhYCKhk6qTLbBD
  lghInZz4Bm8gsICFx8MULZohWRYlLHd8YIewKiVmz2pgmMPLPQtIyC0nLAkamVYxWSUWZ6Rkl
  uYmZObqGBga6hoamukDS1EQvsUo3US+1VLc8tbhE11AvsbxYL7W4WK+4Mjc5J0UvL7VkEyMw8
  FOKGWbtYJzV91PvEKMkB5OSKO9b0cgkIb6k/JTKjMTijPii0pzU4kOMMhwcShK8f+2BcoJFqe
  mpFWmZOcAohElLcPAoifCGWgOleYsLEnOLM9MhUqcYLTnO79y/l5ljbcMBIPn309+9zEIsefl
  5qVLivMJOQA0CIA0ZpXlw42CJ4hKjrJQwLyMDA4MQT0FqUW5mCar8K0ZxDkYlYV5jkCk8mXkl
  cFuBUQb0iwjvt1WhIAeVJCKkpBqYLiip7KyNCzlQZ5NT/kv0v8HO639E+i8YvitlZ2XrM7r4P
  a30f95U7+Yt8e5eNbeevji0dc2yS5FH9z76+jGuhNU3YdXGvTX8bo9Kn/wqrGBOuX3DK3Fl4a
  /XtdIWG5b2HNDx9Jsht/z7nnccHQKxZ1tFpP80hM76Jrg2pLD2uMBR+bVrVq7/+yoq7Kf7jBo
  5vo0TFP7lmDRv+HrvQaPTwb6iqmxBb4V/XSyr1WvdixeKTd4+S/zl/1N8jkzKjw7cMvt9IPyS
  tmfaK1+P0qNrGI1nSR44xJFdxbzHfFNNoU7g68bl2yzuf+RPu9LGH+V1+43d4pZlF29M2mfgb
  HdtrZiCR9TLnyz3Ihyff4iLVWIpzkg01GIuKk4EALd1ZbiPAwAA
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-8.tower-591.messagelabs.com!1650017030!56429!1
X-Originating-IP: [62.60.8.148]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 18592 invoked from network); 15 Apr 2022 10:03:50 -0000
Received: from unknown (HELO mailhost1.uk.fujitsu.com) (62.60.8.148)
  by server-8.tower-591.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:03:50 -0000
Received: from R01UKEXCASM126.r01.fujitsu.local ([10.183.43.178])
        by mailhost1.uk.fujitsu.com (8.14.5/8.14.5) with ESMTP id
 23FA3obE003897
        (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL);
        Fri, 15 Apr 2022 11:03:50 +0100
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:03:46 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 6/7] fs: strip file's S_ISGID mode on vfs instead of on
 underlying filesystem
Date: Fri, 15 Apr 2022 19:02:22 +0800
Message-ID: <1650020543-24908-6-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
References: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

Currently, vfs only passes mode argument to filesystem, then use inode_init_owner()
to strip S_ISGID. Some filesystem(ie ext4/btrfs) will call inode_init_owner
firstly, then posxi acl setup, but xfs uses the contrary order. It will affect
S_ISGID clear especially we filter S_IXGRP by umask or acl.

Regardless of which filesystem is in use, failure to strip the SGID correctly is
considered a security failure that needs to be fixed. The current VFS infrastructure
requires the filesystem to do everything right and not step on any landmines to
strip the SGID bit, when in fact it can easily be done at the VFS and the filesystems
then don't even need to be aware that the SGID needs to be (or has been stripped) by
the operation the user asked to be done.

Vfs has all the info it needs - it doesn't need the filesystems to do everything
correctly with the mode and ensuring that they order things like posix acl setup
functions correctly with inode_init_owner() to strip the SGID bit.

Just strip the SGID bit at the VFS, and then the filesystems can't get it wrong.

Also, the inode_sgid_strip() api should be used before IS_POSIXACL() because
this api may change mode.

Only the following places use inode_init_owner
"hugetlbfs/inode.c:846:          inode_init_owner(&init_user_ns, inode, dir, mode);
 nilfs2/inode.c:354:     inode_init_owner(&init_user_ns, inode, dir, mode);
 zonefs/super.c:1289:    inode_init_owner(&init_user_ns, inode, parent, S_IFDIR | 0555);
 reiserfs/namei.c:619:   inode_init_owner(&init_user_ns, inode, dir, mode);
 jfs/jfs_inode.c:67:     inode_init_owner(&init_user_ns, inode, parent, mode);
 f2fs/namei.c:50:        inode_init_owner(mnt_userns, inode, dir, mode);
 ext2/ialloc.c:549:              inode_init_owner(&init_user_ns, inode, dir, mode);
 overlayfs/dir.c:643:    inode_init_owner(&init_user_ns, inode, dentry->d_parent->d_inode, mode);
 ufs/ialloc.c:292:       inode_init_owner(&init_user_ns, inode, dir, mode);
 ntfs3/inode.c:1283:     inode_init_owner(mnt_userns, inode, dir, mode);
 ramfs/inode.c:64:               inode_init_owner(&init_user_ns, inode, dir, mode);
 9p/vfs_inode.c:263:     inode_init_owner(&init_user_ns, inode, NULL, mode);
 btrfs/tests/btrfs-tests.c:65:   inode_init_owner(&init_user_ns, inode, NULL, S_IFREG);
 btrfs/inode.c:6215:     inode_init_owner(mnt_userns, inode, dir, mode);
 sysv/ialloc.c:166:      inode_init_owner(&init_user_ns, inode, dir, mode);
 omfs/inode.c:51:        inode_init_owner(&init_user_ns, inode, NULL, mode);
 ubifs/dir.c:97: inode_init_owner(&init_user_ns, inode, dir, mode);
 udf/ialloc.c:108:       inode_init_owner(&init_user_ns, inode, dir, mode);
 ext4/ialloc.c:979:              inode_init_owner(mnt_userns, inode, dir, mode);
 hfsplus/inode.c:393:    inode_init_owner(&init_user_ns, inode, dir, mode);
 xfs/xfs_inode.c:840:            inode_init_owner(mnt_userns, inode, dir, mode);
 ocfs2/dlmfs/dlmfs.c:331:                inode_init_owner(&init_user_ns, inode, NULL, mode);
 ocfs2/dlmfs/dlmfs.c:354:        inode_init_owner(&init_user_ns, inode, parent, mode);
 ocfs2/namei.c:200:      inode_init_owner(&init_user_ns, inode, dir, mode);
 minix/bitmap.c:255:     inode_init_owner(&init_user_ns, inode, dir, mode);
 bfs/dir.c:99:   inode_init_owner(&init_user_ns, inode, dir, mode);
"

They are used in filesystem init new inode function and these init inode functions are used
by following operations:
mkdir
symlink
mknod
create
tmpfile
rename

We don't care about mkdir because we don't strip SGID bit for directory except fs.xfs.irix_sgid_inherit.
But we even call it in do_mkdirat() since inode_sgid_strip() will skip directories anyway. This will
enforce the  same ordering for all relevant operations and it will make the code more uniform and
easier to understand by using prepare_mode().

symlink and rename only use valid mode that doesn't have SGID bit.

We have added inode_sgid_strip api for the remaining operations.

In addition to the above six operations, two filesystems has a little difference
1) btrfs has btrfs_create_subvol_root to create new inode but used non SGID bit mode and can ignore
2) ocfs2 reflink function should add inode_sgid_strip api manually because we don't add it in vfs

This patch also changed grpid behaviour for ext4/xfs because the mode passed to them may been
changed by inode_sgid_strip.

Also as Christian Brauner said"
The patch itself is useful as it would move a security sensitive operation that is currently burried in
individual filesystems into the vfs layer. But it has a decent regression  potential since it might strip
filesystems that have so far relied on getting the S_ISGID bit with a mode argument. So this needs a lot
of testing and long exposure in -next for at least one full kernel cycle."

Suggested-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
v2->v3:
1.use new helper prepare_mode to do inode sgid strip and umask strip
2.also use prepare_mode() for mkdirat
 fs/inode.c       |  2 --
 fs/namei.c       | 14 +++++---------
 fs/ocfs2/namei.c |  1 +
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index 1b569ad882ce..a250aa01d3c3 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -2246,8 +2246,6 @@ void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode,
 		/* Directories are special, and always inherit S_ISGID */
 		if (S_ISDIR(mode))
 			mode |= S_ISGID;
-		else
-			inode_sgid_strip(mnt_userns, dir, &mode);
 	} else
 		inode_fsgid_set(inode, mnt_userns);
 	inode->i_mode = mode;
diff --git a/fs/namei.c b/fs/namei.c
index bbc7c950bbdc..0fadc884af7f 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3287,8 +3287,7 @@ static struct dentry *lookup_open(struct nameidata *nd, struct file *file,
 	if (open_flag & O_CREAT) {
 		if (open_flag & O_EXCL)
 			open_flag &= ~O_TRUNC;
-		if (!IS_POSIXACL(dir->d_inode))
-			mode &= ~current_umask();
+		prepare_mode(mnt_userns, dir->d_inode, &mode);
 		if (likely(got_write))
 			create_error = may_o_create(mnt_userns, &nd->path,
 						    dentry, mode);
@@ -3521,8 +3520,7 @@ struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns,
 	child = d_alloc(dentry, &slash_name);
 	if (unlikely(!child))
 		goto out_err;
-	if (!IS_POSIXACL(dir))
-		mode &= ~current_umask();
+	prepare_mode(mnt_userns, dir, &mode);
 	error = dir->i_op->tmpfile(mnt_userns, dir, child, mode);
 	if (error)
 		goto out_err;
@@ -3852,13 +3850,12 @@ static int do_mknodat(int dfd, struct filename *name, umode_t mode,
 	if (IS_ERR(dentry))
 		goto out1;
 
-	if (!IS_POSIXACL(path.dentry->d_inode))
-		mode &= ~current_umask();
+	mnt_userns = mnt_user_ns(path.mnt);
+	prepare_mode(mnt_userns, path.dentry->d_inode, &mode);
 	error = security_path_mknod(&path, dentry, mode, dev);
 	if (error)
 		goto out2;
 
-	mnt_userns = mnt_user_ns(path.mnt);
 	switch (mode & S_IFMT) {
 		case 0: case S_IFREG:
 			error = vfs_create(mnt_userns, path.dentry->d_inode,
@@ -3952,12 +3949,11 @@ int do_mkdirat(int dfd, struct filename *name, umode_t mode)
 	if (IS_ERR(dentry))
 		goto out_putname;
 
-	if (!IS_POSIXACL(path.dentry->d_inode))
-		mode &= ~current_umask();
 	error = security_path_mkdir(&path, dentry, mode);
 	if (!error) {
 		struct user_namespace *mnt_userns;
 		mnt_userns = mnt_user_ns(path.mnt);
+		prepare_mode(mnt_userns, path.dentry->d_inode, &mode);
 		error = vfs_mkdir(mnt_userns, path.dentry->d_inode, dentry,
 				  mode);
 	}
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index c75fd54b9185..c81b8e0847aa 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -198,6 +198,7 @@ static struct inode *ocfs2_get_init_inode(struct inode *dir, umode_t mode)
 	if (S_ISDIR(mode))
 		set_nlink(inode, 2);
 	inode_init_owner(&init_user_ns, inode, dir, mode);
+	inode_sgid_strip(&init_user_ns, dir, &mode);
 	status = dquot_initialize(inode);
 	if (status)
 		return ERR_PTR(status);

From patchwork Fri Apr 15 11:02:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yang Xu (Fujitsu)" <xuyang2018.jy@fujitsu.com>
X-Patchwork-Id: 12814737
Return-Path: <ceph-devel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A86C6C433F5
	for <ceph-devel@archiver.kernel.org>; Fri, 15 Apr 2022 10:05:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352116AbiDOKHV (ORCPT <rfc822;ceph-devel@archiver.kernel.org>);
        Fri, 15 Apr 2022 06:07:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41530 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235926AbiDOKHS (ORCPT
        <rfc822;ceph-devel@vger.kernel.org>); Fri, 15 Apr 2022 06:07:18 -0400
Received: from mail1.bemta36.messagelabs.com (mail1.bemta36.messagelabs.com
 [85.158.142.113])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79E5B9FCB;
        Fri, 15 Apr 2022 03:04:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com;
        s=170520fj; t=1650017083; i=@fujitsu.com;
        bh=2BEBt+KtqG1w23kjA03oL0N4j7CMYSd/9MBWpZADdAw=;
        h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=bW3TaDdV0Lz8DzgF0QxGg1uM2d1wZG8DuvE3UVTnNFOCzRUeV0eDd502znGoRedpd
         TxpYEclkcTimdkKEyO8CddXIKpHyB23+e0JLMbm9E/ft4soDZEtXQclB4/9k5XwVWw
         RqgpAPLfEEbzR72sWCWxUQ3stdFeZEnfUtESjkIVT7fl/ht9rGDo+pOGWdP7Pf0deU
         GnZWBYVOoy7c7IfbiqCXxKd2xhDHk6n0DIxQ3bhjQG9mkq+HM3hT+ScW24Kmz2JgxT
         JoISNSb6q6ZWt8kLW1axzLUNJB2S476DYA/+5BuMCXRuRiFYgpd2ttTqfrcumKRInk
         rXAiUQm3QsEqQ==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgleJIrShJLcpLzFFi42Kxs+GYpGvtHJl
  k8KaT0+L14U+MFh9uTmKy2HLsHqPF5Sd8Fj+XrWK32LP3JIvFhQOnWS12/dnBbnH+73FWB06P
  U4skPDat6mTz+LxJzmPTk7dMASxRrJl5SfkVCawZpzpPshX0slU8PHCRpYGxl7WLkYtDSGALo
  8Sh+3sZIZwFTBLfPl1m6WLkBHL2MEp8ORIJYrMJaEo861zADGKLCLhILJywHqyBWeAKo8T19j
  lgCWGBYIkp+1vBmlkEVCV6dkwDinNw8Ap4SrzrFAQJSwgoSEx5+B4szCngJfH/bC3EKk+JqZM
  us4HYvAKCEidnPgGbwiwgIXHwxQtmiFZFiUsd3xgh7AqJWbPamCBsNYmr5zYxT2AUnIWkfRaS
  9gWMTKsYbZOKMtMzSnITM3N0DQ0MdA0NTXXNLHWNjfUSq3QT9VJLdZNT80qKEoGyeonlxXqpx
  cV6xZW5yTkpenmpJZsYgRGTUuyquIPxWt9PvUOMkhxMSqK8b0Ujk4T4kvJTKjMSizPii0pzUo
  sPMcpwcChJ8P61B8oJFqWmp1akZeYAoxcmLcHBoyTCG2oNlOYtLkjMLc5Mh0idYlSUEucVdgJ
  KCIAkMkrz4NpgCeMSo6yUMC8jAwODEE9BalFuZgmq/CtGcQ5GJWFeY5ApPJl5JXDTXwEtZgJa
  /G1VKMjikkSElFQDk6KRdNR0Ld5fVzKaPO8Xm3fILncRsAuPy9j9xljL8cJ+7d2qLy3+vt2c8
  rC0ReTm/UcVUjdfve4UMra+HCDwfZrrp1+f9gs45K/+trPFw9Wt2PPa2TYFx+XP776WmviltK
  xa0PBvVtqV77MvSl5tWia85ryOWcHFAxsZJlqJfSj6Ifyg0mQ/c8WdinUVcVtneOR1Ni1wdDp
  z6p+WzPJlr2SDk1pFDCsP5n8LlN47+/Fx3/e7bI7WJbPNvy9zTevTVsXGlQ+vnDSe8HbSbWG5
  /P4fHmmPJm14wexfeiGvMfTfbQmjH1rli4OLs5peSly4Fnr4k158ZM9XU0v/VTnzWG9tfuPra
  HFIPH9y7knWE0osxRmJhlrMRcWJAPSKhAmTAwAA
X-Env-Sender: xuyang2018.jy@fujitsu.com
X-Msg-Ref: server-12.tower-528.messagelabs.com!1650017082!67435!1
X-Originating-IP: [62.60.8.146]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received: 
X-StarScan-Version: 9.85.8; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 4420 invoked from network); 15 Apr 2022 10:04:43 -0000
Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146)
  by server-12.tower-528.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384
 encrypted SMTP; 15 Apr 2022 10:04:43 -0000
Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1])
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id 9E27110047A;
        Fri, 15 Apr 2022 11:04:42 +0100 (BST)
Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
        (No client certificate requested)
        by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id
 919E2100467;
        Fri, 15 Apr 2022 11:04:42 +0100 (BST)
Received: from localhost.localdomain (10.167.220.84) by
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server
 (TLS) id 15.0.1497.32; Fri, 15 Apr 2022 11:04:18 +0100
From: Yang Xu <xuyang2018.jy@fujitsu.com>
To: <david@fromorbit.com>, <djwong@kernel.org>, <brauner@kernel.org>
CC: <linux-fsdevel@vger.kernel.org>, <ceph-devel@vger.kernel.org>,
        <linux-nfs@vger.kernel.org>, <linux-xfs@vger.kernel.org>,
        <viro@zeniv.linux.org.uk>, <jlayton@kernel.org>,
        Yang Xu <xuyang2018.jy@fujitsu.com>
Subject: [PATCH v3 7/7] ceph: Remove S_ISGID clear code in
 ceph_finish_async_create
Date: Fri, 15 Apr 2022 19:02:23 +0800
Message-ID: <1650020543-24908-7-git-send-email-xuyang2018.jy@fujitsu.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
References: <1650020543-24908-1-git-send-email-xuyang2018.jy@fujitsu.com>
MIME-Version: 1.0
X-Originating-IP: [10.167.220.84]
X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To
 R01UKEXCASM126.r01.fujitsu.local (10.183.43.178)
X-Virus-Scanned: ClamAV using ClamSMTP
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

Since vfs has stripped S_ISGID, we don't need this code any more.

Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 fs/ceph/file.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 6c9e837aa1d3..8e3b99853333 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -651,10 +651,6 @@ static int ceph_finish_async_create(struct inode *dir, struct dentry *dentry,
 		/* Directories always inherit the setgid bit. */
 		if (S_ISDIR(mode))
 			mode |= S_ISGID;
-		else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
-			 !in_group_p(dir->i_gid) &&
-			 !capable_wrt_inode_uidgid(&init_user_ns, dir, CAP_FSETID))
-			mode &= ~S_ISGID;
 	} else {
 		in.gid = cpu_to_le32(from_kgid(&init_user_ns, current_fsgid()));
 	}