[v2,0/4] enhance the path resolution capability in fs_parser

Message ID	20240527075854.1260981-1-lihongbo22@huawei.com (mailing list archive)
Headers	show Received: from szxga07-in.huawei.com (szxga07-in.huawei.com [45.249.212.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5FE856455; Mon, 27 May 2024 07:58:17 +0000 (UTC) From: Hongbo Li <lihongbo22@huawei.com> To: <viro@zeniv.linux.org.uk>, <brauner@kernel.org>, <jack@suse.cz>, <tytso@mit.edu>, <adilger.kernel@dilger.ca> CC: <lczerner@redhat.com>, <cmaiolino@redhat.com>, <linux-fsdevel@vger.kernel.org>, <linux-doc@vger.kernel.org>, <yi.zhang@huawei.com>, <lihongbo22@huawei.com> Subject: [PATCH v2 0/4] enhance the path resolution capability in fs_parser Date: Mon, 27 May 2024 15:58:50 +0800 Message-ID: <20240527075854.1260981-1-lihongbo22@huawei.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	enhance the path resolution capability in fs_parser \| expand [v2,0/4] enhance the path resolution capability in fs_parser [v2,1/4] fs: add blockdev parser for filesystem mount option. [v2,2/4] fs: add path parser for filesystem mount option. [v2,3/4] fs: ext4: support relative path for `journal_path` in mount option. [v2,4/4] fs: remove fs_lookup_param and its description.

Message ID

20240527075854.1260981-1-lihongbo22@huawei.com (mailing list archive)

Headers

From: Hongbo Li <lihongbo22@huawei.com>
To: <viro@zeniv.linux.org.uk>, <brauner@kernel.org>, <jack@suse.cz>,
	<tytso@mit.edu>, <adilger.kernel@dilger.ca>
CC: <lczerner@redhat.com>, <cmaiolino@redhat.com>,
	<linux-fsdevel@vger.kernel.org>, <linux-doc@vger.kernel.org>,
	<yi.zhang@huawei.com>, <lihongbo22@huawei.com>
Subject: [PATCH v2 0/4] enhance the path resolution capability in fs_parser
Date: Mon, 27 May 2024 15:58:50 +0800
Message-ID: <20240527075854.1260981-1-lihongbo22@huawei.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

enhance the path resolution capability in fs_parser | expand

Message

Hongbo Li May 27, 2024, 7:58 a.m. UTC

Mount options with path should be parsed into block device or inode. As
the new mount API provides a serial of parsers, path should also be 
looked up into block device within these parsers, not in each specific
filesystem.

The following is a brief overview of the patches, see the patches for
more details.

Patch 1-2: Enhance the path resolution capability in fs_parser.
Patch 3: Fix the `journal_path` options error in ext4. 
Patch 4: Remove the `fs_lookup_param` and its description.

Comments and questions are, as always, welcome.

Thanks,
Hongbo

Changes since v1:
	* Fix test robot warning and rebase on latest code.

Hongbo Li (4):
  fs: add blockdev parser for filesystem mount option.
  fs: add path parser for filesystem mount option.
  fs: ext4: support relative path for `journal_path` in mount option.
  fs: remove fs_lookup_param and its description.

 Documentation/filesystems/mount_api.rst |  17 +---
 fs/ext4/super.c                         |  26 +----
 fs/fs_parser.c                          | 125 +++++++++++++-----------
 include/linux/fs_parser.h               |   7 +-
 4 files changed, 71 insertions(+), 104 deletions(-)

Comments

Christian Brauner May 27, 2024, 3:08 p.m. UTC | #1

On Mon, May 27, 2024 at 03:58:50PM +0800, Hongbo Li wrote:
> Mount options with path should be parsed into block device or inode. As
> the new mount API provides a serial of parsers, path should also be 
> looked up into block device within these parsers, not in each specific
> filesystem.

The problem is that by moving those options into the VFS layer we're
dictating when and with what permissions paths are resolved.

Parsing of parameters via fsconfig(FSCONFIG_SET_*) and superblock
creation via fsconfig(FSCONFIG_CMD_CREAT) can happen in different
contexts.

It's entirely possible that the parameter is set by an unprivileged task
that cannot open the provided path while the task that actually creates
the superblock does have the permission to resolve the path.

It's also legitimate that a filesystem may want to explicitly delay all
path resolution until the superblock is created and not resolve the path
right when it's passed.

That wouldn't be possible anymore after your changes. So this is a more
subtle change than it seems and I'm not sure it's worth it.