Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp96977rdb; Wed, 29 Nov 2023 22:12:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IHE07BzJfsm7XgVaBqywK1InLqCPF96j4kYOsOLfmEKTpeyadggkd9yntYDOfEr3fH3E5HI X-Received: by 2002:a17:902:7d86:b0:1cf:b4d4:1381 with SMTP id a6-20020a1709027d8600b001cfb4d41381mr13934578plm.2.1701324720463; Wed, 29 Nov 2023 22:12:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701324720; cv=none; d=google.com; s=arc-20160816; b=Ys4LzDx5b42TRwgPRXy09pWIv9nybvRFmG3VFm1FSE7H66ksfFPPVDBommeCu9vvAF dvaQuuojHVx0ArS1canWZcHuJ1oDj1oQMvyhx30N3Yn4QEtlCKmn7ARnvwqFvrCQxeHl 6JccF+dx9hwKfiR7uvusHsywEB95hJcwXy77cV3zvGwgoptzRlpMU9qFsFynH3m8aVKt mApttuG8waaUI1knmqMDKtXKEYPPQvVOBDgn8nSd0axFH7VcgvmczzrZdMmBbmGPkIzm NpGZSRgUoLbcQofG4yx3fxW6U/bXlBv0cKRuHnAXUiofOlnXmtNRhAs8cdC0iQFOqQqv hd/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Z5XiZjen14/K+0w9luOMpmzkY5MJrhT/4bY/9yI/Mas=; fh=uf0C73902UvVT6375aCS5mQMh8rIxCm/joSBvfn7vms=; b=NsmP61SzfoHKiXo8nJVGmvQF2CSs/WdpWMdPNMt6kesf2pH6nLaYj+G0Udg5D4IzbP 3gE72QtvY7TnVBI6n6Cu4dUuxn32GB/ELmtOMdsHiX3EjN5V6BfW5OPtchzGfGTdOpFN 4RGkZhk5LGt6SDKG4KFus+55kJAOFn4zqp/4aOUhJacLe5jFJ3Vi4/BJDhrop4DWrO5a RjWPR6v0qn+8h+ksfuVt36IEqiy21zNjYnL2UOqjX8n2poYhOHkM5pZnS2VEbpM4Z8H8 0o0HyVdbiVgSZi2XGuaKSjvuu04fwWV2xelcP+lQmJP8zC+YhSGYehehp4JmJp29lgPR NvLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qj70Yu4M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id jj14-20020a170903048e00b001cfd0ddc5d6si463124plb.348.2023.11.29.22.11.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 22:12:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qj70Yu4M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 6F6CD8047463; Wed, 29 Nov 2023 22:10:47 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344592AbjK3GKZ (ORCPT + 99 others); Thu, 30 Nov 2023 01:10:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234956AbjK3GKX (ORCPT ); Thu, 30 Nov 2023 01:10:23 -0500 Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 769CE10F0; Wed, 29 Nov 2023 22:10:27 -0800 (PST) Received: by mail-yb1-xb30.google.com with SMTP id 3f1490d57ef6-db35caa1749so495518276.2; Wed, 29 Nov 2023 22:10:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701324626; x=1701929426; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Z5XiZjen14/K+0w9luOMpmzkY5MJrhT/4bY/9yI/Mas=; b=Qj70Yu4MiOjzP8XVkEuB7py+zW/8F1ZeuRp4DXSxPncjXA/UOF1IhFx1cB5BpWrNEO r9/lsF5Wx6uuFO1GBR3NDGnzkvmaO+ki3GZGouNNTukv9ylFcUp6QtQ4CLFWa2/5z+Oe q7zcLXg6dbb+TL5Wtc9JvWuGvQix/rz4hcAU+qY8Vv6Qq+p4YfysuEtpjXF64qam9Muz 4ReCzwdIr6iQhPWduEzR1HMTEAHCvhVaS9d87NJCzKW+UUEfM4wsmviTCrdvuP+YTuAa AItupIetdg5w4plDoGPgqTUr380OzyQvQDMYJlJUJPG3k1EjuvzdhU+RBszuE5GT86Go 1Arw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701324626; x=1701929426; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Z5XiZjen14/K+0w9luOMpmzkY5MJrhT/4bY/9yI/Mas=; b=HqCgz9hSxfpk7agIa4jErej74PHlYXkxb4sgoMT3pPG5cKNiLcT56TtzExaUXwlGzn zUxsisUOeDTJTrpWeiFEliLB6mQd+xp9RA5faMnqdIN0P7w4piARunM+NehYHiP6dJ44 lRNuzgeCaTJ9Jl2qrcSmw108olO7cH6McbFgvdwTiyqNP1fkRawvG1mJGRrjMtLFODSI Fi5XplxaydIUJ/+5lClDY2tVbpn9/8h1YUjk3zX+VeISjBnK3jYczXzXyq+zwCGtnJ2S /Yn1EMxpLe6w9elXy3fbalT1Ic1JuTmN1N2LUS4rZrFO0DGg6kUbYpD9RDiqj4oHDbFe KNCA== X-Gm-Message-State: AOJu0YwXl1IKcWJtChFQc5wnNH/2nZJKrBBY9+jWLfb10uBpqDeqttlT DuvvAA1ikBO/HGmdme+/WnGpH+SuVZzJF+aflss= X-Received: by 2002:a25:d78b:0:b0:db5:3c77:4d5b with SMTP id o133-20020a25d78b000000b00db53c774d5bmr348961ybg.8.1701324626581; Wed, 29 Nov 2023 22:10:26 -0800 (PST) MIME-Version: 1.0 References: <20231129-idmap-fscap-refactor-v1-0-da5a26058a5b@kernel.org> <20231129-idmap-fscap-refactor-v1-16-da5a26058a5b@kernel.org> In-Reply-To: <20231129-idmap-fscap-refactor-v1-16-da5a26058a5b@kernel.org> From: Amir Goldstein Date: Thu, 30 Nov 2023 08:10:15 +0200 Message-ID: Subject: Re: [PATCH 16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr() To: "Seth Forshee (DigitalOcean)" Cc: Christian Brauner , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Miklos Szeredi , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, linux-unionfs@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 29 Nov 2023 22:10:47 -0800 (PST) On Wed, Nov 29, 2023 at 11:51=E2=80=AFPM Seth Forshee (DigitalOcean) wrote: > > Now that the new vfs-level interfaces are fully supported and all code > has been converted to use them, stop permitting use of the top-level vfs > xattr interfaces for capabilities xattrs. Unlike with ACLs we still need > to be able to work with fscaps xattrs using lower-level interfaces in a > handful of places, so only use of the top-level xattr interfaces is > restricted. Can you explain why? Is there an inherent difference between ACLs and fscaps in that respect or is it just a matter of more work that needs to be done? > > Signed-off-by: Seth Forshee (DigitalOcean) > --- > fs/xattr.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/fs/xattr.c b/fs/xattr.c > index 372644b15457..4b779779ad8c 100644 > --- a/fs/xattr.c > +++ b/fs/xattr.c > @@ -540,6 +540,9 @@ vfs_setxattr(struct mnt_idmap *idmap, struct dentry *= dentry, > const void *orig_value =3D value; > int error; > > + if (!strcmp(name, XATTR_NAME_CAPS)) > + return -EOPNOTSUPP; > + It this is really not expected, then it should be an assert and please use an inline helper like is_posix_acl_xattr(): if (WARN_ON_ONCE(is_fscaps_xattr(name))) It wouldn't hurt to add those assertions to is_posix_acl_xattr() cases as well, but that is unrelated to your change. Thanks, Amir.