Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp3311759rwo;
        Fri, 4 Aug 2023 02:57:15 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGp2CIaw8HvTYZ1VXup5rGSG7THM4QdJiEtLWepgfnjqm0L9KxUb3ou54b8yFJ2H0cFcFli
X-Received: by 2002:a05:6402:42cb:b0:522:aad4:aae0 with SMTP id i11-20020a05640242cb00b00522aad4aae0mr1675432edc.3.1691143035304;
        Fri, 04 Aug 2023 02:57:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691143035; cv=none;
        d=google.com; s=arc-20160816;
        b=D82DIOq1bfy/Ifo0mDTDZOcpU7Ing31wgLWVK9Eh67KnPhbX6I2+kF+mnUAr42YNxS
         6YaExeqX9kqlrmDDMMxQz3Bu7JIBaHUcsPZ8vBTulZmRoPlLGIYlxtS67kU3V++sL623
         kL/j0YLIdPzF3tOWmruGmdOi9QKhrXMASW3XNZsHj3rGcdRzvCEuvTaYNB+/TfZAHmRN
         1oTmCaFRfzPU/ZGg1IHNmlb+M+nTbNnAcJvZfPRjG/AEVmmfwS5xeKmgXXcGrPCM9IJZ
         dDq9W0s2N1Qrh4ACbTuociugNAkLw7GJxxA22npP3HhDFBsJ5i/peqmR+iuM+tKaOXVh
         zBug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=vA7Z34zBj4jzvwwxICC6DC+yM3ZqeVgNJDmT3zJBPQ8=;
        fh=Z2mkFIQPI1atT1PXylFFs5aXkUtGzwkgwqJaEftWDsI=;
        b=N/DSd8cBeOCRJV/PVWVqQgBOQcY9aOGjJdPNV3jEUfl1pXcJh4pC3jqthVWMTgEEGn
         RX0/rum0oabQWY0T8rYdZnDPk9WYiKmnVYlACX5t4QJJqqQdCDOugkV0il7Y+H0x9UGB
         grozvZLhseHmgREO4uSiBXxESC9H11Vju9cs3J7RJXv3rLLQ1VJh8u5OzqcsE/E6wqGy
         jSXb0B/4aSgCvKypZ0oLeNl7QwaU7rIF1yAYDrV0pSPD5r9H2zIs71CTYUYnyjsuKYZx
         cvb1j3HXXHQ1NvvqPMx3taRiUQPaBRlinqGPgeK/KH3B+CVc5055HcH6ta6rKwi7cEnF
         U/AQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@canonical.com header.s=20210705 header.b=kfIgkHpX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id w18-20020a50fa92000000b005224c6046a6si1258996edr.508.2023.08.04.02.56.42;
        Fri, 04 Aug 2023 02:57:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@canonical.com header.s=20210705 header.b=kfIgkHpX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229866AbjHDIus (ORCPT <rfc822;apalekar@gmail.com> + 99 others);
        Fri, 4 Aug 2023 04:50:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42984 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229598AbjHDItm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 4 Aug 2023 04:49:42 -0400
Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FEF34EC5
        for <linux-kernel@vger.kernel.org>; Fri,  4 Aug 2023 01:49:38 -0700 (PDT)
Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id BC87F44279
        for <linux-kernel@vger.kernel.org>; Fri,  4 Aug 2023 08:49:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
        s=20210705; t=1691138975;
        bh=vA7Z34zBj4jzvwwxICC6DC+yM3ZqeVgNJDmT3zJBPQ8=;
        h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
         MIME-Version:Content-Type;
        b=kfIgkHpXsJ238I7eMhLRd77KExHJ1PXoUky7a99WBnSjfAfzaAkGmaXtNId2VZDOa
         P+h6nW54W65b1Re2l7QFXuPGTcaAcgZ15Nu2ZYeemzQbMffTxih8ayhm/qFxO1jLZ8
         IvzCukjDmnW/RaNIDh2+2dlne6mKwyCpp5AV86PEVn+dVduILz+u5eAMDiw1zDfEgK
         POWMzHhYCTy+0KstNqN6gxwjJNsm1NQn+cBIADxVlB4I3e52SLyRL6tKRHVq13ElyD
         prmDWf94aaVwFUvSfoXmPQGMkFhgHk9tEqRuGE72XRZ3uDVaM5sPQ4TYG+lbL9RLl8
         PNx7JHmLvb/Tg==
Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-99bdee94b84so243390566b.0
        for <linux-kernel@vger.kernel.org>; Fri, 04 Aug 2023 01:49:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691138975; x=1691743775;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vA7Z34zBj4jzvwwxICC6DC+yM3ZqeVgNJDmT3zJBPQ8=;
        b=hCszZb4ZDzCLgzQOz7v7KGp02oHM+MXzwz9WMKQolgtbxzAmnM94gPOES9XEbS8s0k
         JvmGmgR06nUz8tquQqWV5qGVtUlv5pHoNunX2944FzfKUZ6uLeCAZMCnCZadEr108W3V
         qoKNLYG3+fHea3+oD7AoRI1vqcmgkpFHrN1lvFNMKcDsQ66kEQ2I9eLBjiM0fcNTL328
         cbOm/m46BzLCYz9ZCVo/umhxFTCoDd5OfCQMzZHjA1eITdUlGz/1Iv8CQ5YdJ4rCLAbs
         ZGaMxHyg/y0FQ1tu4D7/WOig9fdgSY5chnL32UE5zE7FaMHWEVr4wIE8Dyy0dPveqwmE
         XEWw==
X-Gm-Message-State: AOJu0YzxhJ1+C1jR2kNmRz0APk2MKjhqFHYlcFHAHW0Tl6XyB4gQv966
        wyLPffeMVrDQHhAEon/o4FNPgIUvoWUwE2Bgr60R84i62hMVtHWtISMVMXYsftsV7xu4atctoX4
        nT7/0RA+WQhmlFrRjDXSCrBS0jRb5Hg/6s28F4774Gg==
X-Received: by 2002:a17:907:1ca5:b0:96f:9cea:a34d with SMTP id nb37-20020a1709071ca500b0096f9ceaa34dmr1440490ejc.21.1691138975508;
        Fri, 04 Aug 2023 01:49:35 -0700 (PDT)
X-Received: by 2002:a17:907:1ca5:b0:96f:9cea:a34d with SMTP id nb37-20020a1709071ca500b0096f9ceaa34dmr1440479ejc.21.1691138975358;
        Fri, 04 Aug 2023 01:49:35 -0700 (PDT)
Received: from amikhalitsyn.local (dslb-088-066-182-192.088.066.pools.vodafone-ip.de. [88.66.182.192])
        by smtp.gmail.com with ESMTPSA id k25-20020a17090646d900b00992e94bcfabsm979279ejs.167.2023.08.04.01.49.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Aug 2023 01:49:34 -0700 (PDT)
From:   Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To:     xiubli@redhat.com
Cc:     brauner@kernel.org, stgraber@ubuntu.com,
        linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@kernel.org>,
        Ilya Dryomov <idryomov@gmail.com>, ceph-devel@vger.kernel.org,
        Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
        linux-kernel@vger.kernel.org
Subject: [PATCH v9 04/12] ceph: add enable_unsafe_idmap module parameter
Date:   Fri,  4 Aug 2023 10:48:50 +0200
Message-Id: <20230804084858.126104-5-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230804084858.126104-1-aleksandr.mikhalitsyn@canonical.com>
References: <20230804084858.126104-1-aleksandr.mikhalitsyn@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This parameter is used to decide if we allow
to perform IO on idmapped mount in case when MDS lacks
support of CEPHFS_FEATURE_HAS_OWNER_UIDGID feature.

In this case we can't properly handle MDS permission
checks and if UID/GID-based restrictions are enabled
on the MDS side then IO requests which go through an
idmapped mount may fail with -EACCESS/-EPERM.
Fortunately, for most of users it's not a case and
everything should work fine. But we put work "unsafe"
in the module parameter name to warn users about
possible problems with this feature and encourage
update of cephfs MDS.

Cc: Xiubo Li <xiubli@redhat.com>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: ceph-devel@vger.kernel.org
Suggested-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 fs/ceph/mds_client.c | 28 +++++++++++++++++++++-------
 fs/ceph/mds_client.h |  2 ++
 fs/ceph/super.c      |  5 +++++
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 41e4bf3811c4..42c0afbb6376 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -2949,6 +2949,8 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session,
 	int ret;
 	bool legacy = !(session->s_con.peer_features & CEPH_FEATURE_FS_BTIME);
 	u16 request_head_version = mds_supported_head_version(session);
+	kuid_t caller_fsuid = req->r_cred->fsuid;
+	kgid_t caller_fsgid = req->r_cred->fsgid;
 
 	ret = set_request_path_attr(mdsc, req->r_inode, req->r_dentry,
 			      req->r_parent, req->r_path1, req->r_ino1.ino,
@@ -3044,12 +3046,24 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session,
 
 	if ((req->r_mnt_idmap != &nop_mnt_idmap) &&
 	    !test_bit(CEPHFS_FEATURE_HAS_OWNER_UIDGID, &session->s_features)) {
-		pr_err_ratelimited_client(cl,
-			"idmapped mount is used and CEPHFS_FEATURE_HAS_OWNER_UIDGID"
-			" is not supported by MDS. Fail request with -EIO.\n");
+		if (enable_unsafe_idmap) {
+			pr_warn_once_client(cl,
+				"idmapped mount is used and CEPHFS_FEATURE_HAS_OWNER_UIDGID"
+				" is not supported by MDS. UID/GID-based restrictions may"
+				" not work properly.\n");
+
+			caller_fsuid = from_vfsuid(req->r_mnt_idmap, &init_user_ns,
+						   VFSUIDT_INIT(req->r_cred->fsuid));
+			caller_fsgid = from_vfsgid(req->r_mnt_idmap, &init_user_ns,
+						   VFSGIDT_INIT(req->r_cred->fsgid));
+		} else {
+			pr_err_ratelimited_client(cl,
+				"idmapped mount is used and CEPHFS_FEATURE_HAS_OWNER_UIDGID"
+				" is not supported by MDS. Fail request with -EIO.\n");
 
-		ret = -EIO;
-		goto out_err;
+			ret = -EIO;
+			goto out_err;
+		}
 	}
 
 	/*
@@ -3095,9 +3109,9 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session,
 	lhead->mdsmap_epoch = cpu_to_le32(mdsc->mdsmap->m_epoch);
 	lhead->op = cpu_to_le32(req->r_op);
 	lhead->caller_uid = cpu_to_le32(from_kuid(&init_user_ns,
-						  req->r_cred->fsuid));
+						  caller_fsuid));
 	lhead->caller_gid = cpu_to_le32(from_kgid(&init_user_ns,
-						  req->r_cred->fsgid));
+						  caller_fsgid));
 	lhead->ino = cpu_to_le64(req->r_deleg_ino);
 	lhead->args = req->r_args;
 
diff --git a/fs/ceph/mds_client.h b/fs/ceph/mds_client.h
index 8f683e8203bd..0945ae4cf3c5 100644
--- a/fs/ceph/mds_client.h
+++ b/fs/ceph/mds_client.h
@@ -619,4 +619,6 @@ static inline int ceph_wait_on_async_create(struct inode *inode)
 extern int ceph_wait_on_conflict_unlink(struct dentry *dentry);
 extern u64 ceph_get_deleg_ino(struct ceph_mds_session *session);
 extern int ceph_restore_deleg_ino(struct ceph_mds_session *session, u64 ino);
+
+extern bool enable_unsafe_idmap;
 #endif
diff --git a/fs/ceph/super.c b/fs/ceph/super.c
index 49fd17fbba9f..18bfdfd48cef 100644
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -1680,6 +1680,11 @@ static const struct kernel_param_ops param_ops_mount_syntax = {
 module_param_cb(mount_syntax_v1, &param_ops_mount_syntax, &mount_support, 0444);
 module_param_cb(mount_syntax_v2, &param_ops_mount_syntax, &mount_support, 0444);
 
+bool enable_unsafe_idmap = false;
+module_param(enable_unsafe_idmap, bool, 0644);
+MODULE_PARM_DESC(enable_unsafe_idmap,
+		 "Allow to use idmapped mounts with MDS without CEPHFS_FEATURE_HAS_OWNER_UIDGID");
+
 module_init(init_ceph);
 module_exit(exit_ceph);
 
-- 
2.34.1