Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp653551iog; Thu, 30 Jun 2022 07:45:01 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sSoE9U5l+4feB6BnRvE8eN2tkui8Au8jbwLyg8Q+4yCStrkNsOupOjoL3/4zAckQu8reTS X-Received: by 2002:a63:5c58:0:b0:411:8062:5308 with SMTP id n24-20020a635c58000000b0041180625308mr7213634pgm.553.1656600300888; Thu, 30 Jun 2022 07:45:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656600300; cv=none; d=google.com; s=arc-20160816; b=Am31tuLNvVubMl3yBr0esZ6Jqitf4SqsYShBUx9/3u2vxWznwXsirLaxKradzCDD1h 3y+a4SUFV+6v/hFIzNwr5vXxgFmvb2699+1K9maDeDElLpC6xPs6wnNvmfRUqPaFCqUE h0QQXM3WBWXUCq6RE5aMMsPvGTGDsaWDk/MCgkRjfD889JSg8LuAxPZlM+YOfgVwSNfi 7kmZC8w9JShgnuQurG7CYm4ZQdhIxby0YH8HSKCfZGo3aq4Wd5kAEAFZ2mrcLPDTdM2+ 6U8391w+OnG7dQusEEyrSvc4zQUnzfbgwhCyRLDgkhPGeA5KDUdUoIELC4iT7Ju8cATe lCUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GiijDILF2F8e7SWZwYSu4LDJZ8XiQK+EPGThQGx0cfM=; b=OFelxK6wvVcwnhy4edvI5cyKag9N9iPLzaRRHHCrZ+DHvND/Xton2Nh16i/9H4DBaj DIxxnm1FH38s55BKbSe+FwDlJPC+rCrRkcdANdf2D2vWP5MtaoCvmFwM4/txksEpZWKm YemE00kR4+FSU3eDHNjZWmVX+KmW677neVm4ZAxeEnwzV/COEdAM8rZTMROx3mC5Wnfa rQAT1/t2yB+cwxuDF3cHPr0NmMbHEW7QMJbi5Ob/41ZZEPPsQRoFV+y2/PMgc8Z9rr3y spjFAAGdg1YkYq+hTUm4U0sfTPW50lzrucUD2TfueRMRCuMCrSv3aN3OoWbAUbTBaiZq bdxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PlazCD0t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a38-20020a631a26000000b00408aa276331si27337696pga.517.2022.06.30.07.44.49; Thu, 30 Jun 2022 07:45:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PlazCD0t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236680AbiF3OLl (ORCPT + 99 others); Thu, 30 Jun 2022 10:11:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236704AbiF3OKo (ORCPT ); Thu, 30 Jun 2022 10:10:44 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89B157C19B; Thu, 30 Jun 2022 06:55:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8AFD7620E4; Thu, 30 Jun 2022 13:55:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C5B6C34115; Thu, 30 Jun 2022 13:55:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1656597342; bh=DPSnfVmUkjxjOVgrKP/yyu45qCKH1BtQKQNHohlDJmo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PlazCD0tum4jgKRb7ngXMZw7cHlcT5kArH1CC71VgzJkc6EPatAmTCcl+7A72R3sW MbQfBlgLzHTu2eKCSUNiDyLYrcJ0AiTzdMlRnosZGrQRHVSbYDJIJ8/87KSMBVsfje wBzXHveYmd79sdCEChi3cPMm1K/PysIOHKfyNcKA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Seth Forshee , Christoph Hellwig , regressions@lists.linux.dev, "Christian Brauner (Microsoft)" , Linus Torvalds Subject: [PATCH 5.15 23/28] fs: fix acl translation Date: Thu, 30 Jun 2022 15:47:19 +0200 Message-Id: <20220630133233.613171266@linuxfoundation.org> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220630133232.926711493@linuxfoundation.org> References: <20220630133232.926711493@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christian Brauner commit 705191b03d507744c7e097f78d583621c14988ac upstream. Last cycle we extended the idmapped mounts infrastructure to support idmapped mounts of idmapped filesystems (No such filesystem yet exist.). Since then, the meaning of an idmapped mount is a mount whose idmapping is different from the filesystems idmapping. While doing that work we missed to adapt the acl translation helpers. They still assume that checking for the identity mapping is enough. But they need to use the no_idmapping() helper instead. Note, POSIX ACLs are always translated right at the userspace-kernel boundary using the caller's current idmapping and the initial idmapping. The order depends on whether we're coming from or going to userspace. The filesystem's idmapping doesn't matter at the border. Consequently, if a non-idmapped mount is passed we need to make sure to always pass the initial idmapping as the mount's idmapping and not the filesystem idmapping. Since it's irrelevant here it would yield invalid ids and prevent setting acls for filesystems that are mountable in a userns and support posix acls (tmpfs and fuse). I verified the regression reported in [1] and verified that this patch fixes it. A regression test will be added to xfstests in parallel. Link: https://bugzilla.kernel.org/show_bug.cgi?id=215849 [1] Fixes: bd303368b776 ("fs: support mapped mounts of mapped filesystems") Cc: Seth Forshee Cc: Christoph Hellwig Cc: # 5.15+ Cc: Signed-off-by: Christian Brauner (Microsoft) Signed-off-by: Linus Torvalds Signed-off-by: Christian Brauner (Microsoft) Signed-off-by: Greg Kroah-Hartman --- fs/posix_acl.c | 10 ++++++++++ fs/xattr.c | 6 ++++-- include/linux/posix_acl_xattr.h | 4 ++++ 3 files changed, 18 insertions(+), 2 deletions(-) --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -760,9 +760,14 @@ static void posix_acl_fix_xattr_userns( } void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns, + struct inode *inode, void *value, size_t size) { struct user_namespace *user_ns = current_user_ns(); + + /* Leave ids untouched on non-idmapped mounts. */ + if (no_idmapping(mnt_userns, i_user_ns(inode))) + mnt_userns = &init_user_ns; if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns)) return; posix_acl_fix_xattr_userns(&init_user_ns, user_ns, mnt_userns, value, @@ -770,9 +775,14 @@ void posix_acl_fix_xattr_from_user(struc } void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns, + struct inode *inode, void *value, size_t size) { struct user_namespace *user_ns = current_user_ns(); + + /* Leave ids untouched on non-idmapped mounts. */ + if (no_idmapping(mnt_userns, i_user_ns(inode))) + mnt_userns = &init_user_ns; if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns)) return; posix_acl_fix_xattr_userns(user_ns, &init_user_ns, mnt_userns, value, --- a/fs/xattr.c +++ b/fs/xattr.c @@ -569,7 +569,8 @@ setxattr(struct user_namespace *mnt_user } if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) - posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size); + posix_acl_fix_xattr_from_user(mnt_userns, d_inode(d), + kvalue, size); } error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags); @@ -667,7 +668,8 @@ getxattr(struct user_namespace *mnt_user if (error > 0) { if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) - posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error); + posix_acl_fix_xattr_to_user(mnt_userns, d_inode(d), + kvalue, error); if (size && copy_to_user(value, kvalue, error)) error = -EFAULT; } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { --- a/include/linux/posix_acl_xattr.h +++ b/include/linux/posix_acl_xattr.h @@ -34,15 +34,19 @@ posix_acl_xattr_count(size_t size) #ifdef CONFIG_FS_POSIX_ACL void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns, + struct inode *inode, void *value, size_t size); void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns, + struct inode *inode, void *value, size_t size); #else static inline void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns, + struct inode *inode, void *value, size_t size) { } static inline void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns, + struct inode *inode, void *value, size_t size) { }