Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp1976386lql; Wed, 13 Mar 2024 13:40:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV4s4RVVQSklKk2bvkEVKD1adg/WglrmQqRHkz+XXkv7w2jFp82NrdMPWb4kXWwwHiwPFntGrM7TOPEymMIDXPnin7u4k4D95m8RKdxKQ== X-Google-Smtp-Source: AGHT+IExlf2KI6s5eJptk+MmktgoFrNkhFqOu64y0XHL2+C+yrVqzQ2Vssxr2gAN+s+bapPYwGmf X-Received: by 2002:a17:903:244d:b0:1db:fc18:2da5 with SMTP id l13-20020a170903244d00b001dbfc182da5mr4963035pls.30.1710362408165; Wed, 13 Mar 2024 13:40:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710362408; cv=pass; d=google.com; s=arc-20160816; b=OQ2aFno8VwGvbXkuA0ETDdApfQrxLfrweYz+o/l29osq+9mMcgukHamqRINwxRYj6d SCoFIcDLkqxOfxe4eVDBRBwpXI1rXLqGJSdSUFY+Bq3U8m8vR5m6tyKpPzVHtqyrS5Ob fppysnVIts+qYpusTgwkA+LmBmxX4q5YaABH9pcT2liuEW35RPljZUDsyd/eanBLTanS /KFW4vbaDfOj8AFkw7xZ5MTkbklwmFygQhb4TU6Vo1k1apxdfXqpQ/kktTDqttmUYQY7 SiFWmakAkXcF+rpr+0B/QorO+HIVvQiXiSzOmrRlpcLrDJC/7ePbsDdFEll2f72wfWbN vN7w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:message-id:in-reply-to :references:from:subject:cc:to:date:dkim-signature; bh=JrhTyp84sWHbOiBAqJX2C5jIkkkaEpg/S6Nrn3IynAs=; fh=EM2zqtI86goJmasoy80DlwHjZz8NV6sh5qQrHGb79Hk=; b=zsyLTymsXxu61BFIeOqSiwkcSWpIBNH+LZ9TeO4fmAu2pkFQHBRe1+rXxschPpuI4T gG1pDnRXIt0E+CWqyLyXP4rHevGAomUjWXlj9KSFlvdbvOktmodEzShUcva3qX2J6tux NMOWDEqc9SMl2Vqu2gyzrBeA1A3fvBJo3jbZWT2ZUiB1M9z0ikpSGUUVu0vc0b2D4BKj 6oohTtRXKqecKNJls9F1zU9s3ZMlztz5CtPrK3Yt3r50/1yORfsJJ7SWZwMnYeE5Pk0e 8vAwMnxCGg8SHtJJl8El1pH6re5obkna08ccjsQKSi9e8mtRQnvZOkG7FWB1Ld72e0gk csJw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@mforney.org header.s=google header.b=oGg3g8eW; arc=pass (i=1 spf=pass spfdomain=mforney.org dkim=pass dkdomain=mforney.org); spf=pass (google.com: domain of linux-kernel+bounces-102499-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-102499-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id w3-20020a170902d10300b001ddde28f0a2si30576plw.505.2024.03.13.13.40.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 13:40:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-102499-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@mforney.org header.s=google header.b=oGg3g8eW; arc=pass (i=1 spf=pass spfdomain=mforney.org dkim=pass dkdomain=mforney.org); spf=pass (google.com: domain of linux-kernel+bounces-102499-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-102499-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 654EF2884D8 for ; Wed, 13 Mar 2024 20:40:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 96875548F2; Wed, 13 Mar 2024 20:39:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mforney.org header.i=@mforney.org header.b="oGg3g8eW" Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC8B85339A for ; Wed, 13 Mar 2024 20:39:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710362383; cv=none; b=tJhWO2Bqkf8DSZg94PvnAN/D3kxiJJjAqhqdCNxt/56R1GRMjd1KOYe1Ngk+AQbst8EvMTPdwX+iYYBP1hJeocq/vPmh2Qhh+ih//DNoVkPEq0LUU7KlwM4BIMCkBOebEcB1BjvavGNNXeGoEVFU95QxcxQRKJKPl7jx+msJxZc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710362383; c=relaxed/simple; bh=5NYy5F9GaegC1adFOjJmjFtFKrgOGt8L8XjVO8/x/uA=; h=Date:To:Cc:Subject:From:References:In-Reply-To:Message-Id: MIME-Version:Content-Type; b=Mqhqj0vuw/DMNdysySqlm2Eo1TUwJjHuggkulyhZfVTuC7zO8QWMs/y40cEUsxU0Qkp8ClVWFddKLxfgZa0kAkzdgEzdOA/IA4XIs0q+7eL5M4TUKwbKCivCWG97R12wfXTtUemZjQamMFCS+xpRzqfRuSF6JbVp36ne0kT24+M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=mforney.org; spf=pass smtp.mailfrom=mforney.org; dkim=pass (2048-bit key) header.d=mforney.org header.i=@mforney.org header.b=oGg3g8eW; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=mforney.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mforney.org Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1dddbe47ac1so3306015ad.1 for ; Wed, 13 Mar 2024 13:39:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mforney.org; s=google; t=1710362381; x=1710967181; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:references:from:subject:cc:to:date:from:to:cc:subject :date:message-id:reply-to; bh=JrhTyp84sWHbOiBAqJX2C5jIkkkaEpg/S6Nrn3IynAs=; b=oGg3g8eW7Ecp6k8wTelqVv/haRgZlmM6e3mOz4fH3MX5P7S1NTqPknDMwduj0Pg/FZ HobP8nODlrlprSh3M7un8SCqPHk7+oXlnQ1CFsofWx01Wg8Ng2kxzU1uZGWOe6WwOEFd 7i2wUNhZ7VM/pNrl6AgYhTjHRJ32pPr/5KpgfJk+uM8+xqTD6X+TfFwt2YHqa3S1oQ5h Sy/cPOLRColvjjkGi6mUB6npaUbh3BkcVFFPBxQqvCjAeEaIT9IuEjjErb9j3zfo2cbx 7j3m18w5/KIZUz6Sh1I+HbVQAXODZmHU1BmUQI2RLnlW0kR15vHARi1uE11lZYmYjYlb GJYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710362381; x=1710967181; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:references:from:subject:cc:to:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=JrhTyp84sWHbOiBAqJX2C5jIkkkaEpg/S6Nrn3IynAs=; b=utYTgU9XW39+dig3XJIC5dsYbJFDvpKyMa26J1LHs3gSEAy4jXzwbI5iYPfFNttV2h TKRkicssJEfKpwvobYss9KyNLHU9IdfvuhGhZZ0eI8OHeX5VYX24SFdHjMUPi8TPaJGu 2WxKePfZ9XPhk+Tm97gfYcacYClSpJcP5xZjId8Zcs29iSyAqYPugo7kRcHyvksIAd+/ 4HitKxc2ZNjXMPkDELnkDBLOauFwU0zVt8gUG1av059xb3x3q2OcGwsuh8AKODnTHBja aW0rykIXIrU9FiEAoZjuHct4sxxA/deU8r1tN6vMj23gHjcPA0cpOHuKYdugKX6vExok RGmA== X-Forwarded-Encrypted: i=1; AJvYcCWZLRfUzqMkeOXEHbm0M5roEKXiERDCTBDtF8BkKzLGc6PyxEovPqxE2ZqaSPXVlI83a1OUek6TiclsjdSSPD8KUo+LNfY4MNtm9oBx X-Gm-Message-State: AOJu0Ywrr7cRJ0Y/Ra7lTHqua90Y3pzOm0mrzkXXYCQvbAZ3+QUCODht +5UdPNjwVhZg0i9g03oDkKHdE7KNMgYhBLDmanW7apYH1wavSsS7nG4+lDn8FCE= X-Received: by 2002:a17:902:ea05:b0:1dd:a12e:15c8 with SMTP id s5-20020a170902ea0500b001dda12e15c8mr5302773plg.33.1710362380873; Wed, 13 Mar 2024 13:39:40 -0700 (PDT) Received: from localhost ([2601:647:6400:20b0:16dd:a9ff:fee7:6b79]) by smtp.gmail.com with ESMTPSA id b6-20020a170902d50600b001db693d89fdsm22392plg.179.2024.03.13.13.39.40 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 13 Mar 2024 13:39:40 -0700 (PDT) Date: Wed, 13 Mar 2024 13:40:46 -0700 To: Jan Kara Cc: Theodore Ts'o , Christian Brauner , Max Kellermann , Xiubo Li , Ilya Dryomov , Jeff Layton , Jan Kara , Dave Kleikamp , ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org, jfs-discussion@lists.sourceforge.net, Yang Xu , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2] fs/{posix_acl,ext2,jfs,ceph}: apply umask if ACL support is disabled From: Michael Forney References: <20231011100541.sfn3prgtmp7hk2oj@quack3> <20231011120655.ndb7bfasptjym3wl@quack3> <20231011135922.4bij3ittlg4ujkd7@quack3> <20231011-braumeister-anrufen-62127dc64de0@brauner> <20231011170042.GA267994@mit.edu> <20231011172606.mztqyvclq6hq2qa2@quack3> <20231012142918.GB255452@mit.edu> <20231012144246.h3mklfe52gwacrr6@quack3> In-Reply-To: <20231012144246.h3mklfe52gwacrr6@quack3> Message-Id: <28DSITL9912E1.2LSZUVTGTO52Q@mforney.org> User-Agent: mblaze/1.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Jan Kara wrote: > On Thu 12-10-23 10:29:18, Theodore Ts'o wrote: > > On Wed, Oct 11, 2023 at 07:26:06PM +0200, Jan Kara wrote: > > > I don't think this is accurate. posix_acl_create() needs unmasked 'mo= de' > > > because instead of using current_umask() for masking it wants to use > > > whatever is stored in the ACLs as an umask. > > >=20 > > > So I still think we need to keep umask handling in both posix_acl_cre= ate() > > > and vfs_prepare_mode(). But filesystem's only obligation would be to = call > > > posix_acl_create() if the inode is IS_POSIXACL. No more caring about = when > > > to apply umask and when not based on config or mount options. > >=20 > > Ah, right, thanks for the clarification. I *think* the following > > patch in the ext4 dev branch (not yet in Linus's tree, but it should > > be in linux-next) should be harmless, though, right? And once we get > > the changes in vfs_prepare_mode() we can revert in ext4 --- or do > > folks I think I should just drop it from the ext4 dev branch now? >=20 > It definitely does no harm. As you say, you can revert it once the VFS > changes land if you want. I've been debugging why flatpak was always considering its database corrupted, and found this commit to be the source of the issue. $ ostree --repo=3Drepo --mode=3Dbare-user-only init $ mkdir tree && umask 0 && ln -s target tree/symlink && umask 022 $ ostree --repo=3Drepo commit --branch=3Dfoo tree/ c508e0564267b376661889b9016f8438bd6d39412078838f78856383fdd8ac2f $ ostree --repo=3Drepo fsck Validating refs... Validating refs in collections... Enumerating commits... Verifying content integrity of 1 commit objects... fsck objects (1/4) [=3D=3D=3D ] 25% error: In commits c508e0564267b376661889b9016f8438bd6d39412078838f78856383f= dd8ac2f: fsck content object a6b40a5400ed082fbe067d2c8397aab54046a089768651= c392a36db46d24c1cd: Corrupted file object; checksum expected=3D'a6b40a5400e= d082fbe067d2c8397aab54046a089768651c392a36db46d24c1cd' actual=3D'6bdc88f9722f96dbd51735e381f8a1b0e01363e1d7ee2edbb474c091f83c3987'= $ Turns out that symlinks are inheriting umask on my system (which has CONFIG_EXT4_FS_POSIX_ACL=3Dn): $ umask 022 $ ln -s target symlink $ ls -l symlink lrwxr-xr-x 1 michael michael 6 Mar 13 13:28 symlink -> target= $ Looking at the referenced functions, posix_acl_create() returns early before applying umask for symlinks, but ext4_init_acl() now applies the umask unconditionally. After reverting this commit, it works correctly. I am also unable to reproduce the mentioned issue with O_TMPFILE after reverting the commit. It seems that the bug was fixed properly in ac6800e279a2 ('fs: Add missing umask strip in vfs_tmpfile'), and all branches that have this ext4_init_acl patch already had ac6800e279a2 backported. So I think this patch should be reverted, since the bug was already fixed and it breaks symlink modes. If not, it should at least be changed to not to apply the umask to symlinks. > > commit 484fd6c1de13b336806a967908a927cc0356e312 > > Author: Max Kellermann > > Date: Tue Sep 19 10:18:23 2023 +0200 > >=20 > > ext4: apply umask if ACL support is disabled > > =20 > > The function ext4_init_acl() calls posix_acl_create() which is > > responsible for applying the umask. But without > > CONFIG_EXT4_FS_POSIX_ACL, ext4_init_acl() is an empty inline functi= on, > > and nobody applies the umask. > > =20 > > This fixes a bug which causes the umask to be ignored with O_TMPFIL= E > > on ext4: > > =20 > > https://github.com/MusicPlayerDaemon/MPD/issues/558 > > https://bugs.gentoo.org/show_bug.cgi?id=3D686142#c3 > > https://bugzilla.kernel.org/show_bug.cgi?id=3D203625 > > =20 > > Reviewed-by: "J. Bruce Fields" > > Cc: stable@vger.kernel.org > > Signed-off-by: Max Kellermann > > Link: https://lore.kernel.org/r/20230919081824.1096619-1-max.keller= mann@ionos.com > > Signed-off-by: Theodore Ts'o > >=20 > > diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h > > index 0c5a79c3b5d4..ef4c19e5f570 100644 > > --- a/fs/ext4/acl.h > > +++ b/fs/ext4/acl.h > > @@ -68,6 +68,11 @@ extern int ext4_init_acl(handle_t *, struct inode *,= struct inode *); > > static inline int > > ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir= ) > > { > > + /* usually, the umask is applied by posix_acl_create(), but if > > + ext4 ACL support is disabled at compile time, we need to do > > + it here, because posix_acl_create() will never be called */ > > + inode->i_mode &=3D ~current_umask(); > > + > > return 0; > > } > > #endif /* CONFIG_EXT4_FS_POSIX_ACL */