From patchwork Mon Nov 2 17:47:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sargun Dhillon X-Patchwork-Id: 11874715 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0995392C for ; Mon, 2 Nov 2020 17:47:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D4B742222B for ; Mon, 2 Nov 2020 17:47:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=sargun.me header.i=@sargun.me header.b="wWq2ykhX" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726076AbgKBRrs (ORCPT ); Mon, 2 Nov 2020 12:47:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725982AbgKBRrq (ORCPT ); Mon, 2 Nov 2020 12:47:46 -0500 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87D3EC061A04 for ; Mon, 2 Nov 2020 09:47:45 -0800 (PST) Received: by mail-pg1-x529.google.com with SMTP id r186so11442322pgr.0 for ; Mon, 02 Nov 2020 09:47:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=; b=wWq2ykhXi6fVitAbeMVisX3fyxKKKGyoNOTC1c0zV20h/DEuDmnjoaXg4y2VX4hdoC FvBCsdTGS3ca52CRqIwng2Zqk/Jz7/JmR/lkXZnpPiqJAuFq6koEjyCC+nTXw5HBFMr6 zNqBe7GmyDQ8IAxRHg9MQmGEstUGKVn4a0Up0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=; b=aOoUxkFPJmizs3ZS209jmNjiiPVBE3znku5PbJArqfXw46tIe+DooQVfUhADZwZ6yi /4zAYuh6LZrd8t+s/4vyR9SDQ5gZHs8nAaSCElJ4RhHw5ko8TOQTtQ5kXV0vq1zkTKA2 GWK74dFSwkJAp1VO2R5w1gcNVVYA2/YfMbvv0icKjfcKkHEOHq0X6XeFvHZceeCQesWo zKsGvreEgpoRAZ13CdQ9iCdMassWC9eA0LEFl/yLcbG0dGnwWhLomGBMnBPJru179L75 Ed5bPHjzfdY+yuU2C8nCkC5Mx38CyeK2IoAg842tKgyAFe8wPSTG6fEG6mo44LuPrMFm v3Qg== X-Gm-Message-State: AOAM531mVJiVOlj6tG8wfLXdsWKGeftbi/Ni4e5WNrDc1L4a2RN2qDPZ b59nU2LeH7zcmwQj+zz9eKhjdw== X-Google-Smtp-Source: ABdhPJwJxojkON8BTRl7uxWAP/jj+ExC2FAQKTI1xauZE+CTwqlXP7ivXNS/9FOvx0XVp7+jhulgNg== X-Received: by 2002:a63:d456:: with SMTP id i22mr14208167pgj.440.1604339264860; Mon, 02 Nov 2020 09:47:44 -0800 (PST) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id f4sm115989pjs.8.2020.11.02.09.47.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Nov 2020 09:47:44 -0800 (PST) From: Sargun Dhillon To: "J . Bruce Fields" , Chuck Lever , Trond Myklebust , Anna Schumaker , Anna Schumaker , David Howells , Scott Mayhew Cc: Sargun Dhillon , linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 0/2] NFS: Fix interaction between fs_context and user namespaces Date: Mon, 2 Nov 2020 09:47:35 -0800 Message-Id: <20201102174737.2740-1-sargun@sargun.me> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org This is effectively a resend, but re-based atop Anna's current tree. I can add the samples back in an another patchset. Right now, it is possible to mount NFS with an non-matching super block user ns, and NFS sunrpc user ns. This (for the user) results in an awkward set of interactions if using anything other than auth_null, where the UIDs being sent to the server are different than the local UIDs being checked. This can cause "breakage", where if you try to communicate with the NFS server with any other set of mappings, it breaks. This is after the initial v5.10 merge window, so hopefully this patchset can be reconsidered, and maybe we can make forward progress? I think that it takes a relatively conservative approach in enabling user namespaces, and it prevents the case where someone is using auth_gss (for now), as the mappings are non-trivial. Changes since v3: * Rebase atop Anna's tree Changes since v2: * Removed samples * Split out NFSv2/v3 patchset from NFSv4 patchset * Added restrictions around use Changes since v1: * Added samples Sargun Dhillon (2): NFS: NFSv2/NFSv3: Use cred from fs_context during mount NFSv4: Refactor NFS to use user namespaces fs/nfs/client.c | 10 ++++++++-- fs/nfs/nfs4client.c | 27 ++++++++++++++++++++++++++- fs/nfs/nfs4idmap.c | 2 +- fs/nfs/nfs4idmap.h | 3 ++- 4 files changed, 37 insertions(+), 5 deletions(-) base-commit: 8c39076c276be0b31982e44654e2c2357473258a