From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70027C2BD09 for ; Fri, 28 Jun 2024 12:23:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F40E86B008A; Fri, 28 Jun 2024 08:23:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EF0C96B008C; Fri, 28 Jun 2024 08:23:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB8526B0092; Fri, 28 Jun 2024 08:23:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id BD2AF6B008A for ; Fri, 28 Jun 2024 08:23:44 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 6AC92160246 for ; Fri, 28 Jun 2024 12:23:44 +0000 (UTC) X-FDA: 82280213568.24.1025A98 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id AAB5DC0012 for ; Fri, 28 Jun 2024 12:23:42 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=I1vPWRJV; spf=pass (imf28.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719577414; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rS7M9LftuSoPbMd4E3LPFRiTxN87l+OduWtMa3R6Iuc=; b=slM5MEDeiikYyIiLOJpfjSc51vVgA3KzFFidrWli0SfUGz1inI0APeO9EJqPmMQvGS/wk9 KngEr0WLbF7QxpwbNwFN6RZW796ZU/IdljPmYat84ZyfZTgkjYvXVDnsvsMNUhd33F2ueH TBoHzkd2Ku9ngLLDVHNKtLifHSwxUcA= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=I1vPWRJV; spf=pass (imf28.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719577414; a=rsa-sha256; cv=none; b=tcM0wzxNpinYt6e/1efgnh5xWp1l4xOm/xK9wVj/obY1zlsdagCfWAhQsEoJW1yPGbP7ky tl/poVImC4thIhP0NN9nGvm9dBfVSUJuTXulDQYRj96QctRCV1UcXwpwLwyTomxGTjt4Bh DutNI6himRpKJ9PxvxJrq00S9RMQOuA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id BEDBF61F3B; Fri, 28 Jun 2024 12:23:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F6B7C116B1; Fri, 28 Jun 2024 12:23:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719577421; bh=tyZqFLkUX46EtxQxpgFqQIPv61XudWLgX6qkok5gyLI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=I1vPWRJVMasvY4mSgOwL+L4R0Z01LXE3UFK7pYsVqQdVi4imj1q5a28q9BufwvqyD pCGoelb66a/S5uh8EhKjanRQDQAx6QLWSnS8KqeGrxE2yi5WeWgeThSzaKLvt7h4TN L5RQ7niVHIME7q0U2JSDXX6gtjGaHVAF7EBxt6NyS5W2e+49h33y7ryT2nRhbJDwIJ 1yggZDk953f2jU5O5oNWJQGkZROQETcf+b2Zql9WKFLFAWoq/Mo37IYBvIhGuR8Ppi s5qpC69mAlvQCTXJxNgmDvZMM/9uE92gt+RIMJLAUihUgpq6OB0ccf8aSDgFW9OQDl TSN2daGuoqk3A== Date: Fri, 28 Jun 2024 14:23:35 +0200 From: Christian Brauner To: Jan Kara Cc: Eric Sandeen , linux-fsdevel@vger.kernel.org, autofs@vger.kernel.org, "Rafael J. Wysocki" , linux-efi@vger.kernel.org, Namjae Jeon , linux-ext4@vger.kernel.org, Miklos Szeredi , linux-mm@kvack.org, ntfs3@lists.linux.dev, linux-cifs@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Hans Caniullan Subject: Re: [PATCH 01/14] fs_parse: add uid & gid option option parsing helpers Message-ID: <20240628-fernfahrt-missverstanden-01543e7492b4@brauner> References: <8dca3c11-99f4-446d-a291-35c50ed2dc14@redhat.com> <20240628094517.ifs4bp73nlggsnxz@quack3> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240628094517.ifs4bp73nlggsnxz@quack3> X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: AAB5DC0012 X-Stat-Signature: 7tjc4uzri6fwjyktd7ijqzgf4a5x8jwo X-HE-Tag: 1719577422-30491 X-HE-Meta: U2FsdGVkX19bjz4YuAJdi4MkCwb1CDifhR7S85Ei8SRDrxfmr2UgzwNrM0u56Aaxx/QbX+xkoYtLM6yte0kYicmeaVdEaKghFpfCZVeqs35sGET/cUc5X+LVpm6zyuqZbeTmOrRWRTpRNRr+QpO0N5QUo3Eu6HXYpmHgBHR8CL+erqj7dRgJdIkkHQUK8E4HW/D+u3ToR7hJNDYeKw2zKcpekJAhR19NM+ocGwExZbpeX4HWnEfljMwPQU76LzDucwjvLWpcS5qgBMYfihkDAyHZt5KiQNTIcN00c2cYMz7+6L4W/5Qfy+MO55StvVTpU2tznXij6qsMyCM0IcdepyZ3QXsj/wiakoZhfrDxDP+7JMawwiSn7zAo+DLGcV8FQBRuuErp8Mww26CpTTHDhsvuw6gTsCrljqJE+t8Dqp4vazr9a1nZTFnbekJlfwydNxorPOaRtU6ECpM+aVVF0+t6CqNAUFwKUVYckMZVx7hCRrUCb+7iXvaD8a4p6BzKAAhJNpOzBKn59i3RfjF3SDsSzS7O6aCNaOaHQadS+FcsKHJQkGCjGjxi1DY52Kh9gX3c56+7hCnnOMrrVPDg4oJDPBpvqV2FTMot7vXDdsgX9ctIOM/aTGHRL4tlGcau0MA6eerIbIgaWVqQSBtmV25P6yyBJSkuwhCra5qmqb1pAnzyhERmlpf51doiRckbfGGTxe+A7Q7HogLzxjfi+ke45vpg3wfo6aUcruxKdGqjj6fs7g5flQmXPSoccdF1k65PGm7BFBJWSa51gJE4IwzEq7KkjybWL5axE9YeISaBbb2Ttu3lGKqW4gHekK5Ca6tw/qwidK7cU2WWPsSemR3QwpJflAPvo94X9bl90jVYlBMrtNO1GG4nfqvcnoGe5rwNVdlunRcIedDhnMq4+8Ne16S3rCBoVb76VKVK9jzyj1ifA1dnFsPgZG+06jIcHQT1EGdNspt7Jf6h218 NAkDxzXq cTItKwGEAnq/LTdNqlCP739yeeOn/8b69jsYGHK6IbbmbKbProTg25ZpxTtAqw8sK7C52uD09NF1Ayk1vRBtaGtLrBVX9VGxB4oahGQnAVsYpsdcGA7eOA/qn2o/cSMcito0UKmH45vp2ihsH3O8rF0n++/fAY/2Wtawt+s/PdFqxsorV9jDsrAopbEOz2A3iOhBRgeh4qHV+tiCszsKkaRE5Un1wPJgsx+ZAbOj5p6gBMpeucsdL1kSRSExcCIF4JMaF1lkJfxXiE514WKq9N26uwxLzv3yrhcPEF2PjpaxGvQq0CeYj3XqmbYOOiIbJH4lshA8PV3vNyHDY6GQds+ki4NkoyHT74Cy1Q5COa6RR3HDSYl6+X1zjH5gyPAr5ivAuBz29FAWo6d4KpxqFoR39WahsA8Mgn5AEGDkCmLkJnSh3yOhKOOdzUvmkDAP7JWoyzTfs5GMc0Ak= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jun 28, 2024 at 11:45:17AM GMT, Jan Kara wrote: > On Thu 27-06-24 19:26:24, Eric Sandeen wrote: > > Multiple filesystems take uid and gid as options, and the code to > > create the ID from an integer and validate it is standard boilerplate > > that can be moved into common helper functions, so do that for > > consistency and less cut&paste. > > > > This also helps avoid the buggy pattern noted by Seth Jenkins at > > https://lore.kernel.org/lkml/CALxfFW4BXhEwxR0Q5LSkg-8Vb4r2MONKCcUCVioehXQKr35eHg@mail.gmail.com/ > > because uid/gid parsing will fail before any assignment in most > > filesystems. > > > > Signed-off-by: Eric Sandeen > > I like the idea since this seems like a nobrainer but is actually > surprisingly subtle... > > > diff --git a/fs/fs_parser.c b/fs/fs_parser.c > > index a4d6ca0b8971..24727ec34e5a 100644 > > --- a/fs/fs_parser.c > > +++ b/fs/fs_parser.c > > @@ -308,6 +308,40 @@ int fs_param_is_fd(struct p_log *log, const struct fs_parameter_spec *p, > > } > > EXPORT_SYMBOL(fs_param_is_fd); > > > > +int fs_param_is_uid(struct p_log *log, const struct fs_parameter_spec *p, > > + struct fs_parameter *param, struct fs_parse_result *result) > > +{ > > + kuid_t uid; > > + > > + if (fs_param_is_u32(log, p, param, result) != 0) > > + return fs_param_bad_value(log, param); > > + > > + uid = make_kuid(current_user_ns(), result->uint_32); > > But here is the problem: Filesystems mountable in user namespaces need to use > fc->user_ns for resolving uids / gids (e.g. like fuse_parse_param()). > Having helpers that work for some filesystems and are subtly broken for > others is worse than no helpers... Or am I missing something? > > And the problem with fc->user_ns is that currently __fs_parse() does not > get fs_context as an argument... So that will need some larger work. Not really. If someone does an fsopen() in a namespace but the process that actually sets mount options is in another namespace then it's completely intransparent what uid/gid this will resolve to if it's resovled according to fsopen(). It's also a bit strange if someone ends up handing off a tmpfs fscontext that was created in the initial namespace to some random namespace and they now can set uid/gid options that aren't mapped according to their namespace but instead are 1:1 resolved according to the intial namespace. So this would hinder delegation. The expectation is that uid/gid options are resolved in the caller's namespace and that shouldn't be any different for fscontexts for namespace mountable filesystems. The crucial point is to ensure that the resulting kuid/kgid can be resolved in the namespace the filesystem is mounted in at the end. That's what was lacking in e.g., tmpfs in commit 0200679fc795 ("tmpfs: verify {g,u}id mount options correctly") The fuse conversion is the only inconsistency in that regard.