From patchwork Fri Nov 29 13:38:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13888711 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 47ABF1A7274; Fri, 29 Nov 2024 13:39:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732887574; cv=none; b=G7v9kXjoT/TwYE+PE8J5wiDmkX2EgbTsE20lk87BQeRddC4Q9lSlaMoRuJ129YV2iN1D1A+8N6AnLBT0BVK8Zxw5Bmi4Q0uJ2shdWeCnizjNE9Lv/ZjaUNE5w0t2hYNGNs6qG1qTVxP75mnxyno1QL+htfFGwY6d03dXaUTOK6w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732887574; c=relaxed/simple; bh=mZfbHs4mNu6U8OuHnn6AHXjPoepY5hOvawaSJo/awdo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UmKw2otBJvEdJghiY01xw35EGeFDJpD2/5o9+eYxtjTrMVx2X2umhGLZRBv6c9UcW3JuiLXIq0+qKDKAgs1v3pjzrGJHsBlbvn6BrhSm72d59krcxhDtzm0/KgA/UW6JGFHy7BICvOUUQZ2ZaEg1FMJd4tBN6dcS+A5f5MFa+Sc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WJbYnNsW; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WJbYnNsW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D465C4CED2; Fri, 29 Nov 2024 13:39:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732887573; bh=mZfbHs4mNu6U8OuHnn6AHXjPoepY5hOvawaSJo/awdo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WJbYnNsWr8gAk6kku4/yzZo9cZRyG0eQqJlnfXRYA4BD4UPtgnBk3rjjq+YA6dr4/ 7PTi1cxghYMPERjCq1NIVnfrpcf95uC/g3gtzSMRK33s1yp3D+Lf3DtKK5AHrId8u9 ZfExURO96dLLn92ODwKFZzwfcW9Ywzvzc6i5uLcnIxObppCowfsU/wSOs8FzYK65BA dFxxbroGNLk8/q9P97Y3m18Iw/9Tt3hxA4W5rzedUmMfZPYdPM64OT+gcpT66Ic8oD lREfy345wtMt34fejmX/gur5M54adEgnXYXxjfCkxqo4TtmVFcum+EZCJsOx8NKbOV xkZn2mKMNOiFQ== From: Christian Brauner To: Erin Shepherd , Amir Goldstein , Jeff Layton Cc: Christian Brauner , Alexander Viro , Jan Kara , Chuck Lever , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH RFC 5/6] exportfs: add permission method Date: Fri, 29 Nov 2024 14:38:04 +0100 Message-ID: <20241129-work-pidfs-file_handle-v1-5-87d803a42495@kernel.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241129-work-pidfs-file_handle-v1-0-87d803a42495@kernel.org> References: <20241129-work-pidfs-file_handle-v1-0-87d803a42495@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=3542; i=brauner@kernel.org; h=from:subject:message-id; bh=mZfbHs4mNu6U8OuHnn6AHXjPoepY5hOvawaSJo/awdo=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaR7Hj7IHNIUIFB0X+vnw6L4CXP2Phe1bhGK/P5+AaOhq /ma3lmnOkpZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACaywZ+RoX+bcZzqxJ9uj89Y JAWekPebccBm2oa1Cx+78+eu3M4wV5CR4cf2yrO/1JIqz07ZlbP3YtzvV1o3Fu8w3nv18+aunLD +Wm4A X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 This allows filesystems such as pidfs to provide their custom permission checks. Signed-off-by: Christian Brauner --- fs/fhandle.c | 21 +++++++-------------- include/linux/exportfs.h | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/fs/fhandle.c b/fs/fhandle.c index 031ad5592a0beabcc299436f037ad5fe626332e6..23491094032ec037066a271873ea8ff794616bee 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -187,17 +187,6 @@ static int get_path_from_fd(int fd, struct path *root) return 0; } -enum handle_to_path_flags { - HANDLE_CHECK_PERMS = (1 << 0), - HANDLE_CHECK_SUBTREE = (1 << 1), -}; - -struct handle_to_path_ctx { - struct path root; - enum handle_to_path_flags flags; - unsigned int fh_flags; -}; - static int vfs_dentry_acceptable(void *context, struct dentry *dentry) { struct handle_to_path_ctx *ctx = context; @@ -335,15 +324,19 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, struct file_handle f_handle; struct file_handle *handle = NULL; struct handle_to_path_ctx ctx = {}; + const struct export_operations *eops; retval = get_path_from_fd(mountdirfd, &ctx.root); if (retval) goto out_err; - if (!may_decode_fh(&ctx, o_flags)) { - retval = -EPERM; + eops = ctx.root.mnt->mnt_sb->s_export_op; + if (eops && eops->permission) + retval = eops->permission(&ctx, o_flags); + else + retval = may_decode_fh(&ctx, o_flags); + if (retval) goto out_path; - } if (copy_from_user(&f_handle, ufh, sizeof(struct file_handle))) { retval = -EFAULT; diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h index c69b79b64466d5bc32ffe9b2796a388130fe72d8..a087606ace194ccc9d1250f990ce55627aaf8dc5 100644 --- a/include/linux/exportfs.h +++ b/include/linux/exportfs.h @@ -3,6 +3,7 @@ #define LINUX_EXPORTFS_H 1 #include +#include struct dentry; struct iattr; @@ -10,7 +11,6 @@ struct inode; struct iomap; struct super_block; struct vfsmount; -struct path; /* limit the handle size to NFSv4 handle size now */ #define MAX_HANDLE_SZ 128 @@ -157,6 +157,17 @@ struct fid { }; }; +enum handle_to_path_flags { + HANDLE_CHECK_PERMS = (1 << 0), + HANDLE_CHECK_SUBTREE = (1 << 1), +}; + +struct handle_to_path_ctx { + struct path root; + enum handle_to_path_flags flags; + unsigned int fh_flags; +}; + #define EXPORT_FH_CONNECTABLE 0x1 /* Encode file handle with parent */ #define EXPORT_FH_FID 0x2 /* File handle may be non-decodeable */ #define EXPORT_FH_DIR_ONLY 0x4 /* Only decode file handle for a directory */ @@ -226,6 +237,9 @@ struct fid { * is also a directory. In the event that it cannot be found, or storage * space cannot be allocated, a %ERR_PTR should be returned. * + * permission: + * Allow filesystems to specify a custom permission function. + * * open: * Allow filesystems to specify a custom open function. * @@ -255,6 +269,7 @@ struct export_operations { bool write, u32 *device_generation); int (*commit_blocks)(struct inode *inode, struct iomap *iomaps, int nr_iomaps, struct iattr *iattr); + int (*permission)(struct handle_to_path_ctx *ctx, unsigned int oflags); struct file * (*open)(struct path *path, unsigned int oflags); #define EXPORT_OP_NOWCC (0x1) /* don't collect v3 wcc data */ #define EXPORT_OP_NOSUBTREECHK (0x2) /* no subtree checking */