Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp3474390pxx;
        Mon, 2 Nov 2020 09:48:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxwDuPRUSJQznC/+d2Ql2gFMUtNP12Ia/HiJ+XzCNk3BHGH8Gprt4+sct9XFjc1Bmu78Iv4
X-Received: by 2002:a05:6402:1a58:: with SMTP id bf24mr8004013edb.191.1604339305172;
        Mon, 02 Nov 2020 09:48:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1604339305; cv=none;
        d=google.com; s=arc-20160816;
        b=i9QowtFAzTN89zBDFIpeX+nILgYaIATHnKiM4gCfwWUQpCrUun9kOAh486E7bGmpOU
         srC1jdDEbRu9jACVtG2bHx61tT/AYqF0oG0rtCUruIIzuR/ymVQIB6HYiM4gV61K2bks
         HNC3w75gY8OnJUlqO3QW6ZJyJP74mcBer2ZeM2GfEGwkDfwB1lnrCcsMwwigeJmlJRt8
         13G6EEN6ZwrehmE146jE2Q1aa/if7dXFGTES3e4K0FgFqJ8yRLE+ULukEk3YNoTJxHJG
         402C0rAvkJfOgXvgvTaVTVa6dcOuSOFidWE1hP1Q8ZvrueEiGrG/hVqMhoggGJY8UK7J
         XMtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=;
        b=Y4NSDskK/pK+l7lkJqxVEYRCf7ZOwQF83h2k2GsgBKjyhuoFCgevmAadJpi/cOIGqZ
         m0HfSwIV4tarqZKCqrE6J4OL/vYDkxTo6SAzr/lar+pY0O8F+JFJmmz8ikoLpX6/u3bJ
         Sk1zxfgll+ljNCBvQ2NsG3j03dHrwfuLeD/EkNHpzro6Ymj4DBCppA4yjhtgQ6jIo9Vt
         FSHft3cSoEJZKHTrowMe6Mt4wcar1WXMTozLi81ZSjId3D31Q2dFL3oyKm3kOgHV0/Dc
         qE/t1nqy/ulofg5nxCnrpR0FZalKiOkIzF1OCmOrIYJS/ayEeNTjs2n+WRe9fSI12fF4
         mgpA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sargun.me header.s=google header.b=wWq2ykhX;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k20si11681097eds.233.2020.11.02.09.48.01;
        Mon, 02 Nov 2020 09:48:25 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sargun.me header.s=google header.b=wWq2ykhX;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726076AbgKBRrs (ORCPT <rfc822;beomheyn.kim@gmail.com>
        + 99 others); Mon, 2 Nov 2020 12:47:48 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51774 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725982AbgKBRrq (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Mon, 2 Nov 2020 12:47:46 -0500
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87D3EC061A04
        for <linux-nfs@vger.kernel.org>; Mon,  2 Nov 2020 09:47:45 -0800 (PST)
Received: by mail-pg1-x529.google.com with SMTP id r186so11442322pgr.0
        for <linux-nfs@vger.kernel.org>; Mon, 02 Nov 2020 09:47:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sargun.me; s=google;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=;
        b=wWq2ykhXi6fVitAbeMVisX3fyxKKKGyoNOTC1c0zV20h/DEuDmnjoaXg4y2VX4hdoC
         FvBCsdTGS3ca52CRqIwng2Zqk/Jz7/JmR/lkXZnpPiqJAuFq6koEjyCC+nTXw5HBFMr6
         zNqBe7GmyDQ8IAxRHg9MQmGEstUGKVn4a0Up0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=;
        b=aOoUxkFPJmizs3ZS209jmNjiiPVBE3znku5PbJArqfXw46tIe+DooQVfUhADZwZ6yi
         /4zAYuh6LZrd8t+s/4vyR9SDQ5gZHs8nAaSCElJ4RhHw5ko8TOQTtQ5kXV0vq1zkTKA2
         GWK74dFSwkJAp1VO2R5w1gcNVVYA2/YfMbvv0icKjfcKkHEOHq0X6XeFvHZceeCQesWo
         zKsGvreEgpoRAZ13CdQ9iCdMassWC9eA0LEFl/yLcbG0dGnwWhLomGBMnBPJru179L75
         Ed5bPHjzfdY+yuU2C8nCkC5Mx38CyeK2IoAg842tKgyAFe8wPSTG6fEG6mo44LuPrMFm
         v3Qg==
X-Gm-Message-State: AOAM531mVJiVOlj6tG8wfLXdsWKGeftbi/Ni4e5WNrDc1L4a2RN2qDPZ
        b59nU2LeH7zcmwQj+zz9eKhjdw==
X-Received: by 2002:a63:d456:: with SMTP id i22mr14208167pgj.440.1604339264860;
        Mon, 02 Nov 2020 09:47:44 -0800 (PST)
Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203])
        by smtp.gmail.com with ESMTPSA id f4sm115989pjs.8.2020.11.02.09.47.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 02 Nov 2020 09:47:44 -0800 (PST)
From:   Sargun Dhillon <sargun@sargun.me>
To:     "J . Bruce Fields" <bfields@fieldses.org>,
        Chuck Lever <chuck.lever@oracle.com>,
        Trond Myklebust <trond.myklebust@hammerspace.com>,
        Anna Schumaker <anna.schumaker@netapp.com>,
        Anna Schumaker <schumaker.anna@gmail.com>,
        David Howells <dhowells@redhat.com>,
        Scott Mayhew <smayhew@redhat.com>
Cc:     Sargun Dhillon <sargun@sargun.me>, linux-nfs@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v4 0/2] NFS: Fix interaction between fs_context and user namespaces
Date:   Mon,  2 Nov 2020 09:47:35 -0800
Message-Id: <20201102174737.2740-1-sargun@sargun.me>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

This is effectively a resend, but re-based atop Anna's current tree. I can
add the samples back in an another patchset.

Right now, it is possible to mount NFS with an non-matching super block
user ns, and NFS sunrpc user ns. This (for the user) results in an awkward
set of interactions if using anything other than auth_null, where the UIDs
being sent to the server are different than the local UIDs being checked.
This can cause "breakage", where if you try to communicate with the NFS
server with any other set of mappings, it breaks.

This is after the initial v5.10 merge window, so hopefully this patchset
can be reconsidered, and maybe we can make forward progress? I think that
it takes a relatively conservative approach in enabling user namespaces,
and it prevents the case where someone is using auth_gss (for now), as the
mappings are non-trivial.

Changes since v3:
  * Rebase atop Anna's tree
Changes since v2:
  * Removed samples
  * Split out NFSv2/v3 patchset from NFSv4 patchset
  * Added restrictions around use
Changes since v1:
  * Added samples

Sargun Dhillon (2):
  NFS: NFSv2/NFSv3: Use cred from fs_context during mount
  NFSv4: Refactor NFS to use user namespaces

 fs/nfs/client.c     | 10 ++++++++--
 fs/nfs/nfs4client.c | 27 ++++++++++++++++++++++++++-
 fs/nfs/nfs4idmap.c  |  2 +-
 fs/nfs/nfs4idmap.h  |  3 ++-
 4 files changed, 37 insertions(+), 5 deletions(-)


base-commit: 8c39076c276be0b31982e44654e2c2357473258a
-- 
2.25.1