Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp3474390pxx; Mon, 2 Nov 2020 09:48:25 -0800 (PST) X-Google-Smtp-Source: ABdhPJxwDuPRUSJQznC/+d2Ql2gFMUtNP12Ia/HiJ+XzCNk3BHGH8Gprt4+sct9XFjc1Bmu78Iv4 X-Received: by 2002:a05:6402:1a58:: with SMTP id bf24mr8004013edb.191.1604339305172; Mon, 02 Nov 2020 09:48:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604339305; cv=none; d=google.com; s=arc-20160816; b=i9QowtFAzTN89zBDFIpeX+nILgYaIATHnKiM4gCfwWUQpCrUun9kOAh486E7bGmpOU srC1jdDEbRu9jACVtG2bHx61tT/AYqF0oG0rtCUruIIzuR/ymVQIB6HYiM4gV61K2bks HNC3w75gY8OnJUlqO3QW6ZJyJP74mcBer2ZeM2GfEGwkDfwB1lnrCcsMwwigeJmlJRt8 13G6EEN6ZwrehmE146jE2Q1aa/if7dXFGTES3e4K0FgFqJ8yRLE+ULukEk3YNoTJxHJG 402C0rAvkJfOgXvgvTaVTVa6dcOuSOFidWE1hP1Q8ZvrueEiGrG/hVqMhoggGJY8UK7J XMtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=; b=Y4NSDskK/pK+l7lkJqxVEYRCf7ZOwQF83h2k2GsgBKjyhuoFCgevmAadJpi/cOIGqZ m0HfSwIV4tarqZKCqrE6J4OL/vYDkxTo6SAzr/lar+pY0O8F+JFJmmz8ikoLpX6/u3bJ Sk1zxfgll+ljNCBvQ2NsG3j03dHrwfuLeD/EkNHpzro6Ymj4DBCppA4yjhtgQ6jIo9Vt FSHft3cSoEJZKHTrowMe6Mt4wcar1WXMTozLi81ZSjId3D31Q2dFL3oyKm3kOgHV0/Dc qE/t1nqy/ulofg5nxCnrpR0FZalKiOkIzF1OCmOrIYJS/ayEeNTjs2n+WRe9fSI12fF4 mgpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=wWq2ykhX; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k20si11681097eds.233.2020.11.02.09.48.01; Mon, 02 Nov 2020 09:48:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=wWq2ykhX; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726076AbgKBRrs (ORCPT + 99 others); Mon, 2 Nov 2020 12:47:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725982AbgKBRrq (ORCPT ); Mon, 2 Nov 2020 12:47:46 -0500 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87D3EC061A04 for ; Mon, 2 Nov 2020 09:47:45 -0800 (PST) Received: by mail-pg1-x529.google.com with SMTP id r186so11442322pgr.0 for ; Mon, 02 Nov 2020 09:47:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=; b=wWq2ykhXi6fVitAbeMVisX3fyxKKKGyoNOTC1c0zV20h/DEuDmnjoaXg4y2VX4hdoC FvBCsdTGS3ca52CRqIwng2Zqk/Jz7/JmR/lkXZnpPiqJAuFq6koEjyCC+nTXw5HBFMr6 zNqBe7GmyDQ8IAxRHg9MQmGEstUGKVn4a0Up0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Fgdp9Q5Ryos9FWUvwhnwrJKEhYJ+1M5L8BMrT6meyNY=; b=aOoUxkFPJmizs3ZS209jmNjiiPVBE3znku5PbJArqfXw46tIe+DooQVfUhADZwZ6yi /4zAYuh6LZrd8t+s/4vyR9SDQ5gZHs8nAaSCElJ4RhHw5ko8TOQTtQ5kXV0vq1zkTKA2 GWK74dFSwkJAp1VO2R5w1gcNVVYA2/YfMbvv0icKjfcKkHEOHq0X6XeFvHZceeCQesWo zKsGvreEgpoRAZ13CdQ9iCdMassWC9eA0LEFl/yLcbG0dGnwWhLomGBMnBPJru179L75 Ed5bPHjzfdY+yuU2C8nCkC5Mx38CyeK2IoAg842tKgyAFe8wPSTG6fEG6mo44LuPrMFm v3Qg== X-Gm-Message-State: AOAM531mVJiVOlj6tG8wfLXdsWKGeftbi/Ni4e5WNrDc1L4a2RN2qDPZ b59nU2LeH7zcmwQj+zz9eKhjdw== X-Received: by 2002:a63:d456:: with SMTP id i22mr14208167pgj.440.1604339264860; Mon, 02 Nov 2020 09:47:44 -0800 (PST) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id f4sm115989pjs.8.2020.11.02.09.47.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Nov 2020 09:47:44 -0800 (PST) From: Sargun Dhillon To: "J . Bruce Fields" , Chuck Lever , Trond Myklebust , Anna Schumaker , Anna Schumaker , David Howells , Scott Mayhew Cc: Sargun Dhillon , linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 0/2] NFS: Fix interaction between fs_context and user namespaces Date: Mon, 2 Nov 2020 09:47:35 -0800 Message-Id: <20201102174737.2740-1-sargun@sargun.me> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org This is effectively a resend, but re-based atop Anna's current tree. I can add the samples back in an another patchset. Right now, it is possible to mount NFS with an non-matching super block user ns, and NFS sunrpc user ns. This (for the user) results in an awkward set of interactions if using anything other than auth_null, where the UIDs being sent to the server are different than the local UIDs being checked. This can cause "breakage", where if you try to communicate with the NFS server with any other set of mappings, it breaks. This is after the initial v5.10 merge window, so hopefully this patchset can be reconsidered, and maybe we can make forward progress? I think that it takes a relatively conservative approach in enabling user namespaces, and it prevents the case where someone is using auth_gss (for now), as the mappings are non-trivial. Changes since v3: * Rebase atop Anna's tree Changes since v2: * Removed samples * Split out NFSv2/v3 patchset from NFSv4 patchset * Added restrictions around use Changes since v1: * Added samples Sargun Dhillon (2): NFS: NFSv2/NFSv3: Use cred from fs_context during mount NFSv4: Refactor NFS to use user namespaces fs/nfs/client.c | 10 ++++++++-- fs/nfs/nfs4client.c | 27 ++++++++++++++++++++++++++- fs/nfs/nfs4idmap.c | 2 +- fs/nfs/nfs4idmap.h | 3 ++- 4 files changed, 37 insertions(+), 5 deletions(-) base-commit: 8c39076c276be0b31982e44654e2c2357473258a -- 2.25.1