From patchwork Tue Mar 29 10:35:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12794644 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCF79C433EF for ; Tue, 29 Mar 2022 10:36:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235201AbiC2Kh6 (ORCPT ); Tue, 29 Mar 2022 06:37:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235208AbiC2Kh5 (ORCPT ); Tue, 29 Mar 2022 06:37:57 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E7E791379; Tue, 29 Mar 2022 03:36:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 16B65B816D4; Tue, 29 Mar 2022 10:36:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 929E4C340ED; Tue, 29 Mar 2022 10:36:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1648550171; bh=9Plb9VhvUpoxgMdSbUmt2WT8UKpSaH0M5soUNOsiWMA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fYG138Ozwb3KXensR/PV1+rFP1VkQY1XrmWKosQIrPOFu/QdOoURuWbx20/WgSUlD lrO64LTyrvpke29s2qnqIg18xPLfREYzT8z8FAhCXgzoJ6vSw1JmheNUF++qi2LdFK 2CdRF1h6EspUpZpt97+xHZsFGh50tFZgW1rDcYNdDmxm8DF0Jyazhx3uK1cA1gjgN2 A955rrKsNqlhJ8f0uHOV3cGBrmSZg6jSZueMPzblUJCb2gMTsXMUMeoeWVK6Pg3ROf QcsvbENFoRx4xN/TFrmkSWKX+dQlYHk4fOFzF7AIr1QdRPk6n0aKTKAKRrVAnEWt7s zOCTsDSg4UOAg== From: Christian Brauner To: Amir Goldstein , Christoph Hellwig , Miklos Szeredi , Al Viro Cc: Christian Brauner , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, Aleksa Sarai , Giuseppe Scrivano , Rodrigo Campos Catelin , Seth Forshee , Luca Bocassi , Lennart Poettering , =?utf-8?q?St=C3=A9phane_Graber?= Subject: [PATCH 01/18] fs: add two trivial lookup helpers Date: Tue, 29 Mar 2022 12:35:08 +0200 Message-Id: <20220329103526.1207086-2-brauner@kernel.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220329103526.1207086-1-brauner@kernel.org> References: <20220329103526.1207086-1-brauner@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4623; h=from:subject; bh=9Plb9VhvUpoxgMdSbUmt2WT8UKpSaH0M5soUNOsiWMA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMSQ5Pdjz7LZIl9RX1YMVu3f6pB1eOb/93JOvnOlcD/ZMf8na NrvhXUcpC4MYF4OsmCKLQ7tJuNxynorNRpkaMHNYmUCGMHBxCsBEbN8wMixfrV2x3GfalnV3j4bNPW 3YGSv0xbR2SZjV7pcvlFjtAjcw/DO/8TGOh+/q4uotbOWSfAz6jZnWD/lsdDVs/M+Ev1tsyAIA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Similar to the addition of lookup_one() add a version of lookup_one_unlocked() and lookup_one_positive_unlocked() that take idmapped mounts into account. This is required to port overlay to support idmapped base layers. Cc: Tested-by: Giuseppe Scrivano Reviewed-by: Amir Goldstein Signed-off-by: Christian Brauner (Microsoft) --- fs/namei.c | 52 ++++++++++++++++++++++++++++++++++--------- include/linux/namei.h | 2 ++ 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 3f1829b3ab5b..ca2a490a1f6b 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2768,7 +2768,8 @@ struct dentry *lookup_one(struct user_namespace *mnt_userns, const char *name, EXPORT_SYMBOL(lookup_one); /** - * lookup_one_len_unlocked - filesystem helper to lookup single pathname component + * lookup_one_unlocked - filesystem helper to lookup single pathname component + * @mnt_userns: idmapping of the mount the lookup is performed from * @name: pathname component to lookup * @base: base directory to lookup from * @len: maximum length @len should be interpreted to @@ -2779,14 +2780,15 @@ EXPORT_SYMBOL(lookup_one); * Unlike lookup_one_len, it should be called without the parent * i_mutex held, and will take the i_mutex itself if necessary. */ -struct dentry *lookup_one_len_unlocked(const char *name, - struct dentry *base, int len) +struct dentry *lookup_one_unlocked(struct user_namespace *mnt_userns, + const char *name, struct dentry *base, + int len) { struct qstr this; int err; struct dentry *ret; - err = lookup_one_common(&init_user_ns, name, base, len, &this); + err = lookup_one_common(mnt_userns, name, base, len, &this); if (err) return ERR_PTR(err); @@ -2795,6 +2797,41 @@ struct dentry *lookup_one_len_unlocked(const char *name, ret = lookup_slow(&this, base, 0); return ret; } +EXPORT_SYMBOL(lookup_one_unlocked); + +/* + * Like lookup_positive_unlocked() but takes a mount's idmapping into account. + */ +struct dentry *lookup_one_positive_unlocked(struct user_namespace *mnt_userns, + const char *name, + struct dentry *base, int len) +{ + struct dentry *ret = lookup_one_unlocked(mnt_userns, name, base, len); + if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) { + dput(ret); + ret = ERR_PTR(-ENOENT); + } + return ret; +} +EXPORT_SYMBOL(lookup_one_positive_unlocked); + +/** + * lookup_one_len_unlocked - filesystem helper to lookup single pathname component + * @name: pathname component to lookup + * @base: base directory to lookup from + * @len: maximum length @len should be interpreted to + * + * Note that this routine is purely a helper for filesystem usage and should + * not be called by generic code. + * + * Unlike lookup_one_len, it should be called without the parent + * i_mutex held, and will take the i_mutex itself if necessary. + */ +struct dentry *lookup_one_len_unlocked(const char *name, + struct dentry *base, int len) +{ + return lookup_one_unlocked(&init_user_ns, name, base, len); +} EXPORT_SYMBOL(lookup_one_len_unlocked); /* @@ -2808,12 +2845,7 @@ EXPORT_SYMBOL(lookup_one_len_unlocked); struct dentry *lookup_positive_unlocked(const char *name, struct dentry *base, int len) { - struct dentry *ret = lookup_one_len_unlocked(name, base, len); - if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) { - dput(ret); - ret = ERR_PTR(-ENOENT); - } - return ret; + return lookup_one_positive_unlocked(&init_user_ns, name, base, len); } EXPORT_SYMBOL(lookup_positive_unlocked); diff --git a/include/linux/namei.h b/include/linux/namei.h index e89329bb3134..759b996b9e1a 100644 --- a/include/linux/namei.h +++ b/include/linux/namei.h @@ -69,6 +69,8 @@ extern struct dentry *lookup_one_len(const char *, struct dentry *, int); extern struct dentry *lookup_one_len_unlocked(const char *, struct dentry *, int); extern struct dentry *lookup_positive_unlocked(const char *, struct dentry *, int); struct dentry *lookup_one(struct user_namespace *, const char *, struct dentry *, int); +struct dentry *lookup_one_unlocked(struct user_namespace *, const char *, struct dentry *, int); +struct dentry *lookup_one_positive_unlocked(struct user_namespace *, const char *, struct dentry *, int); extern int follow_down_one(struct path *); extern int follow_down(struct path *); From patchwork Tue Mar 29 10:35:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12794645 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 045A6C433EF for ; Tue, 29 Mar 2022 10:36:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235213AbiC2KiE (ORCPT ); Tue, 29 Mar 2022 06:38:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235209AbiC2KiE (ORCPT ); Tue, 29 Mar 2022 06:38:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32EA495A0F; Tue, 29 Mar 2022 03:36:21 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C77F961231; Tue, 29 Mar 2022 10:36:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1E6FC340ED; Tue, 29 Mar 2022 10:36:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1648550180; bh=+9eNimi5LAt7KKHQ3rAJ0gx8a6AV/bhijhdowKWF8RQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=loxo3il48odtQdkKsh4Kz39f/rwFPjEuuHtSvELMlSV89+KYWt4MuT40jEvTuzFpW xYrStH9KCsWayB6iE9JV6LW8jWBlguu9BTVzwxFJpRxv24QFMFZ2oMkIv9hfffyVAD n8Ftamvmzj3lrnZvV3A6Vu8n4ZHpjg2hI08GqUqhXN9iqJqyp5RV9l2MxLXuOYQ+nV gwpsF6hXdDmKmap91bvo12nZUOJ/duhqmI26HVOoetkEVjTWc5aK0dF9LUW+UWP2T+ tWSY2kaUnAoz9ll99GqCYZiZGSO63epx+G+eE+RHDmc9B68O/ZbCjeSAnqRcdjdZCb OjJqjyEgArlmw== From: Christian Brauner To: Amir Goldstein , Christoph Hellwig , Miklos Szeredi , Al Viro Cc: Christian Brauner , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, Aleksa Sarai , Giuseppe Scrivano , Rodrigo Campos Catelin , Seth Forshee , Luca Bocassi , Lennart Poettering , =?utf-8?q?St=C3=A9phane_Graber?= , stable@vger.kernel.org Subject: [PATCH 02/18] exportfs: support idmapped mounts Date: Tue, 29 Mar 2022 12:35:09 +0200 Message-Id: <20220329103526.1207086-3-brauner@kernel.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220329103526.1207086-1-brauner@kernel.org> References: <20220329103526.1207086-1-brauner@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1833; h=from:subject; bh=+9eNimi5LAt7KKHQ3rAJ0gx8a6AV/bhijhdowKWF8RQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMSQ5PdhjtCO39f13LfltXROzSnKOnr582jl3x66+hPl2veLn 0zdt6ShlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZjIkq8M/3MP7phdtWnNu7BLidzr/D WfrPz05+MB08Os18QjEo53+Hsw/C/L/vng2aE90Wf1U/3FbijtCfxR3zgnrud6ooDYyZl6QlwA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Make the two locations where exportfs helpers check permission to lookup a given inode idmapped mount aware by switching it to the lookup_one() helper. This is a bugfix for the open_by_handle_at() system call which doesn't take idmapped mounts into account currently. It's not tied to a specific commit so we'll just Cc stable. In addition this is required to support idmapped base layers in overlay. The overlay filesystem uses exportfs to encode and decode file handles for its index=on mount option and when nfs_export=on. Cc: Cc: Tested-by: Giuseppe Scrivano Reviewed-by: Amir Goldstein Signed-off-by: Christian Brauner (Microsoft) --- fs/exportfs/expfs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c index 0106eba46d5a..3ef80d000e13 100644 --- a/fs/exportfs/expfs.c +++ b/fs/exportfs/expfs.c @@ -145,7 +145,7 @@ static struct dentry *reconnect_one(struct vfsmount *mnt, if (err) goto out_err; dprintk("%s: found name: %s\n", __func__, nbuf); - tmp = lookup_one_len_unlocked(nbuf, parent, strlen(nbuf)); + tmp = lookup_one_unlocked(mnt_user_ns(mnt), nbuf, parent, strlen(nbuf)); if (IS_ERR(tmp)) { dprintk("%s: lookup failed: %d\n", __func__, PTR_ERR(tmp)); err = PTR_ERR(tmp); @@ -525,7 +525,8 @@ exportfs_decode_fh_raw(struct vfsmount *mnt, struct fid *fid, int fh_len, } inode_lock(target_dir->d_inode); - nresult = lookup_one_len(nbuf, target_dir, strlen(nbuf)); + nresult = lookup_one(mnt_user_ns(mnt), nbuf, + target_dir, strlen(nbuf)); if (!IS_ERR(nresult)) { if (unlikely(nresult->d_inode != result->d_inode)) { dput(nresult);