Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
MIME-Version: 1.0
References: <20230524153316.476973-1-aleksandr.mikhalitsyn@canonical.com>
 <20230524153316.476973-11-aleksandr.mikhalitsyn@canonical.com>
 <b3b1b8dc-9903-c4ff-0a63-9a31a311ff0b@redhat.com> <CAEivzxfxug8kb7_SzJGvEZMcYwGM8uW25gKa_osFqUCpF_+Lhg@mail.gmail.com>
 <20230602-vorzeichen-praktikum-f17931692301@brauner>
In-Reply-To: <20230602-vorzeichen-praktikum-f17931692301@brauner>
From:   Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Date:   Fri, 2 Jun 2023 15:05:50 +0200
Message-ID: <CAEivzxcwTbOUrT2ha8fR=wy-bU1+ZppapnMsqVXBXAc+C0gwhw@mail.gmail.com>
Subject: Re: [PATCH v2 10/13] ceph: allow idmapped setattr inode op
To:     Christian Brauner <brauner@kernel.org>
Cc:     Xiubo Li <xiubli@redhat.com>, stgraber@ubuntu.com,
        linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@kernel.org>,
        Ilya Dryomov <idryomov@gmail.com>, ceph-devel@vger.kernel.org,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk

On Fri, Jun 2, 2023 at 2:54=E2=80=AFPM Christian Brauner <brauner@kernel.or=
g> wrote:
>
> On Fri, Jun 02, 2023 at 02:45:30PM +0200, Aleksandr Mikhalitsyn wrote:
> > On Fri, Jun 2, 2023 at 3:30=E2=80=AFAM Xiubo Li <xiubli@redhat.com> wro=
te:
> > >
> > >
> > > On 5/24/23 23:33, Alexander Mikhalitsyn wrote:
> > > > From: Christian Brauner <christian.brauner@ubuntu.com>
> > > >
> > > > Enable __ceph_setattr() to handle idmapped mounts. This is just a m=
atter
> > > > of passing down the mount's idmapping.
> > > >
> > > > Cc: Jeff Layton <jlayton@kernel.org>
> > > > Cc: Ilya Dryomov <idryomov@gmail.com>
> > > > Cc: ceph-devel@vger.kernel.org
> > > > Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
> > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonic=
al.com>
> > > > ---
> > > >   fs/ceph/inode.c | 11 +++++++++--
> > > >   1 file changed, 9 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
> > > > index 37e1cbfc7c89..f1f934439be0 100644
> > > > --- a/fs/ceph/inode.c
> > > > +++ b/fs/ceph/inode.c
> > > > @@ -2050,6 +2050,13 @@ int __ceph_setattr(struct inode *inode, stru=
ct iattr *attr)
> > > >
> > > >       dout("setattr %p issued %s\n", inode, ceph_cap_string(issued)=
);
> > > >
> > > > +     /*
> > > > +      * The attr->ia_{g,u}id members contain the target {g,u}id we=
're
>
> This is now obsolete... In earlier imlementations attr->ia_{g,u}id was
> used and contained the filesystem wide value, not the idmapped mount
> value.
>
> However, this was misleading and we changed that in commit b27c82e12965
> ("attr: port attribute changes to new types") and introduced dedicated
> new types into struct iattr->ia_vfs{g,u}id. So the you need to use
> attr->ia_vfs{g,u}id as documented in include/linux/fs.h and you need to
> transform them into filesystem wide values and then to raw values you
> send over the wire.
>
> Alex should be able to figure this out though.

Hi Christian,

Thanks for pointing this out. Unfortunately I wasn't able to notice
that. I'll take a look closer and fix that.

>
> > > > +      * sending over the wire. The mount idmapping only matters wh=
en we
> > > > +      * create new filesystem objects based on the caller's mapped
> > > > +      * fs{g,u}id.
> > > > +      */
> > > > +     req->r_mnt_idmap =3D &nop_mnt_idmap;
> > >
> > > For example with an idmapping 1000:0 and in the /mnt/idmapped_ceph/.
> > >
> > > This means the "__ceph_setattr()" will always use UID 0 to set the
> > > caller_uid, right ? If it is then the client auth checking for the
> >
> > Yes, if you have a mapping like b:1000:0:1 (the last number is a
> > length of a mapping). It means even more,
> > the only user from which you can create something on the filesystem
> > will be UID =3D 0,
> > because all other UIDs/GIDs are not mapped and you'll instantly get
> > -EOVERFLOW from the kernel.
> >
> > > setattr requests in cephfs MDS will succeed, since the UID 0 is root.
> > > But if you use a different idmapping, such as 1000:2000, it will fail=
.
> >
> > If you have a mapping b:1000:2000:1 then the only valid UID/GID from
> > which you can create something
> > on an idmapped mount will be UID/GID =3D 2000:2000 (and this will be
> > mapped to 1000:1000 and sent over the wire,
> > because we performing an idmapping procedure for requests those are
> > creating inodes).
> > So, even root with UID =3D 0 will not be able to create a file on such =
a
> > mount and get -EOVERFLOW.
> >
> > >
> > > So here IMO we should set it to 'idmap' too ?
> >
> > Good question. I can't see any obvious issue with setting an actual
> > idmapping here.
> > It will be interesting to know Christian's opinion about this.

^

Kind regards,
Alex

> >
> > Kind regards,
> > Alex
> >
> > >
> > > Thanks
> > >
> > > - Xiubo
> > >
> > > >       if (ia_valid & ATTR_UID) {
> > > >               dout("setattr %p uid %d -> %d\n", inode,
> > > >                    from_kuid(&init_user_ns, inode->i_uid),
> > > > @@ -2240,7 +2247,7 @@ int ceph_setattr(struct mnt_idmap *idmap, str=
uct dentry *dentry,
> > > >       if (ceph_inode_is_shutdown(inode))
> > > >               return -ESTALE;
> > > >
> > > > -     err =3D setattr_prepare(&nop_mnt_idmap, dentry, attr);
> > > > +     err =3D setattr_prepare(idmap, dentry, attr);
> > > >       if (err !=3D 0)
> > > >               return err;
> > > >
> > > > @@ -2255,7 +2262,7 @@ int ceph_setattr(struct mnt_idmap *idmap, str=
uct dentry *dentry,
> > > >       err =3D __ceph_setattr(inode, attr);
> > > >
> > > >       if (err >=3D 0 && (attr->ia_valid & ATTR_MODE))
> > > > -             err =3D posix_acl_chmod(&nop_mnt_idmap, dentry, attr-=
>ia_mode);
> > > > +             err =3D posix_acl_chmod(idmap, dentry, attr->ia_mode)=
;
> > > >
> > > >       return err;
> > > >   }
> > >