From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 391C7C30653 for ; Mon, 1 Jul 2024 09:34:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BAAAE6B00B1; Mon, 1 Jul 2024 05:34:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B34556B00B4; Mon, 1 Jul 2024 05:34:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 910356B00B5; Mon, 1 Jul 2024 05:34:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 676A86B00B1 for ; Mon, 1 Jul 2024 05:34:43 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1A1A11A0C50 for ; Mon, 1 Jul 2024 09:34:43 +0000 (UTC) X-FDA: 82290674046.16.26D122E Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf25.hostedemail.com (Postfix) with ESMTP id DA715A0017 for ; Mon, 1 Jul 2024 09:34:40 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=NbE49N1w; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=rxylWUg+; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b="a/p0kXeh"; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=UOg+M19d; dmarc=none; spf=pass (imf25.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719826457; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FozuB0CgYy31OmZnoj5QofV+vYenuNBwwgLrQA0VLBg=; b=fOZO2d2Zooi960+m/SJrwIvNiw0HwpW7N5fba97dmDuOAfprB6+7lL7QBeJKHseSo3U4s3 xhou66hX0faZUWCul74J3hnX4s7VZA0uoMATm8aAvw1RzlJPh/0/ZcqboYv98zRjbHTrn5 5TntbfqigPy38GWQZWL2RlJbZYzkszQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719826457; a=rsa-sha256; cv=none; b=OaQeB/7pwqZn2TmaDsRSOQOCDs5Efm+mff8Uu5UjtVJ37a8lyxoVu8EdQBlooeR2P7nyLC Kx9NsoI/V3FEzn7Coy9xm0fPrDDgAqdt8vImPf+DPlEOkQ4s4ivRPsuOYSH6S03Np8fL3Z E+vJBraqNdPvHvEkH89vWz6PiMU35Ag= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=NbE49N1w; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=rxylWUg+; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b="a/p0kXeh"; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=UOg+M19d; dmarc=none; spf=pass (imf25.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id EE0FD21AE6; Mon, 1 Jul 2024 09:34:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1719826479; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FozuB0CgYy31OmZnoj5QofV+vYenuNBwwgLrQA0VLBg=; b=NbE49N1wg6cM3fA5V/gAHBOfJZ3iQ6sNbuWpsuZ4Zp+bn9Z5Umyo3ZIVsTHpUWUPn2enzW tsMj7AFVvfs8oGvA3u0u0q4fHUpLk8ljfoqfa7KBA0sAlgAvwo7GlAk02ifm04KQgEK8+W oPs5DXZdULhit68Q3ZL6j/6brVN45y0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1719826479; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FozuB0CgYy31OmZnoj5QofV+vYenuNBwwgLrQA0VLBg=; b=rxylWUg+p7ebJEM0zMG68ju2VcNhbAxt57fAMc54omZ0LcTD2DD8Ho+V0qlj9iLpi3Z+YY SmqhwNuzV3gVgjCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1719826477; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FozuB0CgYy31OmZnoj5QofV+vYenuNBwwgLrQA0VLBg=; b=a/p0kXehdSYe3JnwY+HlC46fhPrRSpXxMBXGv/2xw9LkSth2INE9N3aQvcU8OPTBNXf0GK pGHA3H2sYuP9fsloNxZQY+e55cDT7gCJpurzfVnq8ETslMJpp110cle3MpclosQ69nvXFd lPF9U2+C59K1awyl3VaCyb0n98PPWyk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1719826477; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FozuB0CgYy31OmZnoj5QofV+vYenuNBwwgLrQA0VLBg=; b=UOg+M19dnm3PpJnbD1VmxR+FfwdjHAe4yQgxNY1Q9aGxTYVLbOO6OYpafqcZhp4u9ItxH5 NnuyFGkeLi7VTnCQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id DD63813800; Mon, 1 Jul 2024 09:34:37 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id ps0FNi14gmb4FwAAD6G6ig (envelope-from ); Mon, 01 Jul 2024 09:34:37 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id 533E2A088E; Mon, 1 Jul 2024 11:34:37 +0200 (CEST) Date: Mon, 1 Jul 2024 11:34:37 +0200 From: Jan Kara To: Christian Brauner Cc: Jan Kara , Eric Sandeen , linux-fsdevel@vger.kernel.org, autofs@vger.kernel.org, "Rafael J. Wysocki" , linux-efi@vger.kernel.org, Namjae Jeon , linux-ext4@vger.kernel.org, Miklos Szeredi , linux-mm@kvack.org, ntfs3@lists.linux.dev, linux-cifs@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Hans Caniullan Subject: Re: [PATCH 01/14] fs_parse: add uid & gid option option parsing helpers Message-ID: <20240701093437.d2654yek4nnq2ep6@quack3> References: <8dca3c11-99f4-446d-a291-35c50ed2dc14@redhat.com> <20240628094517.ifs4bp73nlggsnxz@quack3> <20240628-fernfahrt-missverstanden-01543e7492b4@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240628-fernfahrt-missverstanden-01543e7492b4@brauner> X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: DA715A0017 X-Stat-Signature: ujga4sx4tb75e7hgj6hd1s73itctx556 X-Rspam-User: X-HE-Tag: 1719826480-794497 X-HE-Meta: U2FsdGVkX18obwls+i+rB2KYvSjR9XUQceym24e1p0E1eBJ594nBWG2dsggUr/4S+Mx3e0GrGID1gbtEueTKTYu0yyZulfu18BJ5CV7FaPX3czhpGA/PaIe5UAZDO8K1ME8xVOx2zo3nXkEJ1IsQMCayVi5lSBPTFlZXXwYYIgHQicr2LUJmbbiw4iLIBl225vmFyLhWlUPQzFjhJn8wck1DWxSP4lHxVxv7fh15bk3ITamlKkVmjSKnyNuucOQBFyqzd1tN5OTaM9AUd+0obmkPFbn1Se5AUS+mNuWh/Ta0RTiJRJCQ+/bmZXkAbvKDuYRFVaGuXy66mieRnkxPNLpu8pcEsWfnziRXXp4bKbN5aezLFVVWzGxEFujmdssmfil9VyHPK1wgQJof8tvApdBYhEW+DdDmMk4glSeZe/1x9asBQI50ZIt7dGEiIuJvwnm8KwfGvpG6CBQTFIZnU9alicPLgLzOJqGiK9L+qSbLJb4G2YnnXK0XI9dksheSrI1j19MMuARzktb0yUHPPezJ6rlWa1e996/96/wTt3ljqkXkZYNpHeeBa0YI3baM7Aqv4TEyG5Cu9unqV5gM+ihB7utPhl6ZKXn32txkxnjQnLLkJsgxU1dnd7qCmLmGkOgFYOCwS/mpBXmsP0trovwh2C8O6JWaow3whbM6WKTTb7X3UQQZZoXleo8KjFEbqJcqjEi6x1tSQ1ZlSmpyOxluIqtL33sbosmVY/lOHi+1baRYJo913JYfFum81PjyglPP62GdSjsBD9b69gEYdoUBCEhtYlt8VO0wLlu+p8kHDL5iRebtVPn6j+49X5oX9BOMNJsSADIdlo86Wx+xXB/u68p44km07+oeMB9d6znpuwaAddfxIfs9bU+ba8oQMdNl9X9pcfhMy7rqevfUDqKmNSdgcYKYRAznFuQbOSqmiVOvGXiJhzpaOsTIfsh4k/yddsbSMBgrip1pnZY EdU8YIvM M5xYWWrbZPT610kjmKvCihk0bvi5xvuI84YDppG0TMZge2cbLdq7+iKkZX//jEUs2+JL4cNiThvMN3pot4slW2t0X4lmSwlkA+eOBpcyBaV0/SOYOPSTZRhy6FEIYJme8gnnL4nMi4Ax5jrU5iP+iQrCdSQTxWUlaR+gW0uxLGZqfuAZrktuA7lEw6tTm5caTQ+6Pnw8La/uZTrD6iDFbYPNccWr8PuY2bknP9fL8CtCSZoFgCYMtP7gvBgA2/LyaVCrt8mKlJJ9rCe7QRktK16JtsbXU4weRDR42PWJLEPT5M5y+4lP6J+UlnZe0BbbHolGOBP6FXaJ8SMNdne4siUmOwZrVeDTEHA58RSgzLn2Dsvp4koh7JPTbNF1/4sSIEbPwm3VLB5MzOfOfLgpWKlHvkOApTxOaIZTSyysOBhQFKYapfsnUErknR5FOZM781Rt4JWxv39aTFRwXhw2O4nztLqjAC7lfeLzvnLk+oFYI5musEtotPxRWmzBK0+Ngd2rV X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri 28-06-24 14:23:35, Christian Brauner wrote: > On Fri, Jun 28, 2024 at 11:45:17AM GMT, Jan Kara wrote: > > On Thu 27-06-24 19:26:24, Eric Sandeen wrote: > > > Multiple filesystems take uid and gid as options, and the code to > > > create the ID from an integer and validate it is standard boilerplate > > > that can be moved into common helper functions, so do that for > > > consistency and less cut&paste. > > > > > > This also helps avoid the buggy pattern noted by Seth Jenkins at > > > https://lore.kernel.org/lkml/CALxfFW4BXhEwxR0Q5LSkg-8Vb4r2MONKCcUCVioehXQKr35eHg@mail.gmail.com/ > > > because uid/gid parsing will fail before any assignment in most > > > filesystems. > > > > > > Signed-off-by: Eric Sandeen > > > > I like the idea since this seems like a nobrainer but is actually > > surprisingly subtle... > > > > > diff --git a/fs/fs_parser.c b/fs/fs_parser.c > > > index a4d6ca0b8971..24727ec34e5a 100644 > > > --- a/fs/fs_parser.c > > > +++ b/fs/fs_parser.c > > > @@ -308,6 +308,40 @@ int fs_param_is_fd(struct p_log *log, const struct fs_parameter_spec *p, > > > } > > > EXPORT_SYMBOL(fs_param_is_fd); > > > > > > +int fs_param_is_uid(struct p_log *log, const struct fs_parameter_spec *p, > > > + struct fs_parameter *param, struct fs_parse_result *result) > > > +{ > > > + kuid_t uid; > > > + > > > + if (fs_param_is_u32(log, p, param, result) != 0) > > > + return fs_param_bad_value(log, param); > > > + > > > + uid = make_kuid(current_user_ns(), result->uint_32); > > > > But here is the problem: Filesystems mountable in user namespaces need to use > > fc->user_ns for resolving uids / gids (e.g. like fuse_parse_param()). > > Having helpers that work for some filesystems and are subtly broken for > > others is worse than no helpers... Or am I missing something? > > > > And the problem with fc->user_ns is that currently __fs_parse() does not > > get fs_context as an argument... So that will need some larger work. > > Not really. If someone does an fsopen() in a namespace but the process > that actually sets mount options is in another namespace then it's > completely intransparent what uid/gid this will resolve to if it's > resovled according to fsopen(). > > It's also a bit strange if someone ends up handing off a tmpfs fscontext > that was created in the initial namespace to some random namespace and > they now can set uid/gid options that aren't mapped according to their > namespace but instead are 1:1 resolved according to the intial > namespace. So this would hinder delegation. > > The expectation is that uid/gid options are resolved in the caller's > namespace and that shouldn't be any different for fscontexts for > namespace mountable filesystems. The crucial point is to ensure that the > resulting kuid/kgid can be resolved in the namespace the filesystem is > mounted in at the end. That's what was lacking in e.g., tmpfs in commit > 0200679fc795 ("tmpfs: verify {g,u}id mount options correctly") > > The fuse conversion is the only inconsistency in that regard. OK, thanks for explanation! Honza -- Jan Kara SUSE Labs, CR