Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp1930223rdd;
        Thu, 11 Jan 2024 13:52:29 -0800 (PST)
X-Google-Smtp-Source: AGHT+IG8C4EBoQmNoKoqypFPw2R4/1pnrel6Wtah1YHx6hmfTIclO3awdGV5AY9AzqnHpMNNOzk7
X-Received: by 2002:a05:6402:642:b0:553:5b1d:956e with SMTP id u2-20020a056402064200b005535b1d956emr145876edx.82.1705009949677;
        Thu, 11 Jan 2024 13:52:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705009949; cv=none;
        d=google.com; s=arc-20160816;
        b=iUMf+F1A8e9HtGL1355wgD2qRvqNERZBta5MCAoeG2Hn1QnWyugj7Id/QCXOERTWdW
         fOA7SFu3beba+W39ukqSoBkTMJn8eeOmq4WP7SG2O68Wi+f9Y9JmaiWnKlBZ/VahAZ/q
         nbQM2jK0FyWNuRhPn+2o/GjTfpzbsSGKvoPYdENaT3u5UAU55JN8kqLTE3fPKxNT5Z3B
         vFtguEJ0EhFGVJB6AyMy4S/i2aIjom3BmuGzGtO2RT7p1Z1n2LLqU8PoAuGUOWUnwsNR
         T6kwxyWMhdJmv4Z6GhdNCt27PKP4Ec5FabNRDwskACzGCYa4j1bFQO1yTKmDYW/0+J8D
         l5pQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :subject:cc:to:from:date;
        bh=z82ta3LOQSO47cLe1juELuB96BPMRHk5koWVtuU3lAY=;
        fh=d0Ct0J+JiGzn8473V3+2DIY7dSmzIWejAPUIcKsWBu0=;
        b=d4Bh3qd55oVdtHAJ3gd0cPjw8h4WTz0vm116uI5GkhXqXxG2Ay4fbCTql7L/kh48iw
         DASHiosS/roGHwk/lD6rTYmPI27gA0qn7F2RHkVSEsTyauvZMZGFn0vugMdX8jr1uG16
         YL1Xyv5iApY2D/V5f6SceAHDF1UgF3Je3SEByAzbIcMA5cFWeBuIHU5Uod6WN/rbHLTG
         DvXmPmEM0wvQXq+4LY/iCv+ls47iWY/fwujbVJafWnMsEJvj8Jo+RNLXpncuMfZHDto8
         eSDLaMZxIYZlJvw/laJujHeEIpb5H9Qo35QFjuBXsJMyWS91obUlh+9s0eDlQ8MWjHhN
         Zukg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel+bounces-24100-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-24100-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-24100-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id s9-20020a056402164900b0055899426a1esi881896edx.198.2024.01.11.13.52.29
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Jan 2024 13:52:29 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-24100-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel+bounces-24100-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-24100-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 6C7091F254DC
	for <linux.lists.archive@gmail.com>; Thu, 11 Jan 2024 21:52:29 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 4ED5C58217;
	Thu, 11 Jan 2024 21:52:18 +0000 (UTC)
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CEF7156B83;
	Thu, 11 Jan 2024 21:52:17 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 573C2C433C7;
	Thu, 11 Jan 2024 21:52:16 +0000 (UTC)
Date: Thu, 11 Jan 2024 16:53:19 -0500
From: Steven Rostedt <rostedt@goodmis.org>
To: Christian Brauner <brauner@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Linux Trace Kernel
 <linux-trace-kernel@vger.kernel.org>, Masami Hiramatsu
 <mhiramat@kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
 Linus Torvalds <torvalds@linux-foundation.org>, Al Viro
 <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org, Greg
 Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] tracefs/eventfs: Use root and instance inodes as
 default ownership
Message-ID: <20240111165319.4bb2af76@gandalf.local.home>
In-Reply-To: <20240111-unzahl-gefegt-433acb8a841d@brauner>
References: <20240103203246.115732ec@gandalf.local.home>
	<20240105-wegstecken-sachkenntnis-6289842d6d01@brauner>
	<20240105095954.67de63c2@gandalf.local.home>
	<20240107-getrickst-angeeignet-049cea8cad13@brauner>
	<20240107132912.71b109d8@rorschach.local.home>
	<20240108-ortsrand-ziehen-4e9a9a58e708@brauner>
	<20240108102331.7de98cab@gandalf.local.home>
	<20240110-murren-extra-cd1241aae470@brauner>
	<20240110080746.50f7767d@gandalf.local.home>
	<20240111-unzahl-gefegt-433acb8a841d@brauner>
X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 11 Jan 2024 22:01:32 +0100
Christian Brauner <brauner@kernel.org> wrote:

> What I'm pointing out in the current logic is that the caller is
> taxed twice:
> 
> (1) Once when the VFS has done inode_permission(MAY_EXEC, "xfs")
> (2) And again when you call lookup_one_len() in eventfs_start_creating()
>     _because_ the permission check in lookup_one_len() is the exact
>     same permission check again that the vfs has done
>     inode_permission(MAY_EXEC, "xfs").

As I described in: https://lore.kernel.org/all/20240110133154.6e18feb9@gandalf.local.home/

The eventfs files below "events" doesn't need the .permissions callback at
all. It's only there because the "events" inode uses it.

The .permissions call for eventfs has:

static int eventfs_permission(struct mnt_idmap *idmap,
			      struct inode *inode, int mask)
{
	set_top_events_ownership(inode);
	return generic_permission(idmap, inode, mask);
}

Where the "set_top_events_ownership() is a nop for everything but the
"events" directory.

I guess I could have two ops:

static const struct inode_operations eventfs_root_dir_inode_operations = {
	.lookup		= eventfs_root_lookup,
	.setattr	= eventfs_set_attr,
	.getattr	= eventfs_get_attr,
	.permission	= eventfs_permission,
};

static const struct inode_operations eventfs_dir_inode_operations = {
	.lookup		= eventfs_root_lookup,
	.setattr	= eventfs_set_attr,
	.getattr	= eventfs_get_attr,
};

And use the second one for all dentries below the root, but I figured it's
not that big of a deal if I called the permissions on all. Perhaps I should
do it with two?

Anyway, the issue is with "events" directory and remounting, because like
the tracefs system, the inode and dentry for "evnets" is created at boot
up, before the mount happens. The VFS layer is going to check the
permissions of its inode and dentry, which will be incorrect if the mount
was mounted with a "gid" option.


-- Steve