Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp973763rdg;
        Wed, 11 Oct 2023 10:26:28 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFMGcJ6Y2NGXvME4i/YQi5x2a4nV/dnOAsn0bSR6q8oLux7XBmJ1k55vls3yaJYp192aEgI
X-Received: by 2002:a05:6870:f105:b0:1d6:5133:2f37 with SMTP id k5-20020a056870f10500b001d651332f37mr25298174oac.48.1697045188002;
        Wed, 11 Oct 2023 10:26:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697045187; cv=none;
        d=google.com; s=arc-20160816;
        b=AGy1VTcZCidaleMjx8WeRwBCPFRRVDdX9Vmo2oJZYUaPMKz5o+Nu6qOqzvv5VVmtgZ
         vUbY1mVX5eICc5C+1VIWr+EsyJNGFxf0/oQ3MPim6alCW8pSs1zq9CtU4JWQnCHSl/oV
         zmtHQmIduB7xw8WG8WqhIMB2bBNwWjy8g0eCJDlvStIhCv61uiuTFf1g6YhYMg80+akT
         PK7p2fifTvYtzZMTUJGDCUJ+40UaTS1ViaxfQrhg1F8rriQ2FWzWYYwVnRkhqvwoN5F3
         AGInVPoNJxmYBlxwd/K67ed9PfkSM9pWVwKKuLm/cntFXDj1DxPfCPehSvqXuv5AU7cv
         FioA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature
         :dkim-signature;
        bh=PfP83Apuioc6QwrQ9hjnsK+t+FQBcuvjUeVK6xfxlsI=;
        fh=a/Cowp0TAFrz3JIhEQOHCwRmDbHS67u+8RFGo9v/y78=;
        b=yO1QWg9P0zcNHTcXdwkuiuyTRITLDpawv5gtcJUf4GtHoEEJYvGSutOSV1S90yOMwk
         StHi82Y+sBzCNmF+6dpqooDiY4gxtIVuDdAL2j0M9R+8u9NAAji8sPv3XLSmeZ7uBG3o
         fWmku4ta4a01DaeN/ZYZ9dj808lV3UvZDIR5WQE0KfD47OCtAL4H2FVmeUf9L9qgy0pN
         WLHngPEUbJyGGvZDR0tBZeEn5+3046BKidSoFEQzqV//NbNwgodXTZ5VFIY3Jd1sywZQ
         T4DJ1STry3HDB6FlWbXouOUyVqezWoSgAwJQn7BIZfpwlTQvaVsk9DrZoUsgQs3YTd6N
         Fb2A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b="kr/n4ozJ";
       dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
        by mx.google.com with ESMTPS id o32-20020a635a20000000b00584a9290bd3si218423pgb.522.2023.10.11.10.26.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 11 Oct 2023 10:26:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b="kr/n4ozJ";
       dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id 676B680D707C;
	Wed, 11 Oct 2023 10:26:20 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231221AbjJKR0S (ORCPT <rfc822;mycomplexlove@gmail.com>
        + 99 others); Wed, 11 Oct 2023 13:26:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47670 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230012AbjJKR0R (ORCPT
        <rfc822;linux-ext4@vger.kernel.org>); Wed, 11 Oct 2023 13:26:17 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC7F78F;
        Wed, 11 Oct 2023 10:26:15 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 41B8B1F88E;
        Wed, 11 Oct 2023 17:26:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
        t=1697045167; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=PfP83Apuioc6QwrQ9hjnsK+t+FQBcuvjUeVK6xfxlsI=;
        b=kr/n4ozJKeSRcTxUWkUDER9ANl5ysmCMwwn5jTIuXq6Nu6vMj5OGtVTIryyeXynEv0QmeO
        Zhy+dX2NbiLj0xRMv3bNuTJxiIJCI00Tiw9klfnKBnexnxlLzGEBQtIuhmfuMsb7Thyr4o
        /FFuqr7fTzjwGe4evj+VqWiwjBiUb1M=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
        s=susede2_ed25519; t=1697045167;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=PfP83Apuioc6QwrQ9hjnsK+t+FQBcuvjUeVK6xfxlsI=;
        b=vFckiP0JXcsJIYzBmUMHSKggcqEdsHzRu7vUKBWvlkifhsnhO+PiVl4DK8F327TFpVj4hK
        kaJA6pmCJtZVKrBQ==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2D9E9138EF;
        Wed, 11 Oct 2023 17:26:07 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id hsYaC6/aJmWpSAAAMHmgww
        (envelope-from <jack@suse.cz>); Wed, 11 Oct 2023 17:26:07 +0000
Received: by quack3.suse.cz (Postfix, from userid 1000)
        id B0F75A06B0; Wed, 11 Oct 2023 19:26:06 +0200 (CEST)
Date:   Wed, 11 Oct 2023 19:26:06 +0200
From:   Jan Kara <jack@suse.cz>
To:     Theodore Ts'o <tytso@mit.edu>
Cc:     Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
        Max Kellermann <max.kellermann@ionos.com>,
        Xiubo Li <xiubli@redhat.com>,
        Ilya Dryomov <idryomov@gmail.com>,
        Jeff Layton <jlayton@kernel.org>, Jan Kara <jack@suse.com>,
        Dave Kleikamp <shaggy@kernel.org>, ceph-devel@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org,
        jfs-discussion@lists.sourceforge.net,
        Yang Xu <xuyang2018.jy@fujitsu.com>,
        linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2] fs/{posix_acl,ext2,jfs,ceph}: apply umask if ACL
 support is disabled
Message-ID: <20231011172606.mztqyvclq6hq2qa2@quack3>
References: <20231010131125.3uyfkqbcetfcqsve@quack3>
 <CAKPOu+-nC2bQTZYL0XTzJL6Tx4Pi1gLfNWCjU2Qz1f_5CbJc1w@mail.gmail.com>
 <20231011100541.sfn3prgtmp7hk2oj@quack3>
 <CAKPOu+_xdFALt9sgdd5w66Ab6KTqiy8+Z0Yd3Ss4+92jh8nCwg@mail.gmail.com>
 <20231011120655.ndb7bfasptjym3wl@quack3>
 <CAKPOu+-hLrrpZShHh0o6uc_KMW91suEd0_V_uzp5vMf4NM-8yw@mail.gmail.com>
 <CAKPOu+_0yjg=PrwAR8jKok8WskjdDEJOBtu3uKR_4Qtp8b7H1Q@mail.gmail.com>
 <20231011135922.4bij3ittlg4ujkd7@quack3>
 <20231011-braumeister-anrufen-62127dc64de0@brauner>
 <20231011170042.GA267994@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20231011170042.GA267994@mit.edu>
X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 11 Oct 2023 10:26:20 -0700 (PDT)
X-Spam-Level: **

On Wed 11-10-23 13:00:42, Theodore Ts'o wrote:
> On Wed, Oct 11, 2023 at 05:27:37PM +0200, Christian Brauner wrote:
> > Aside from that, the problem had been that filesystems like nfs v4
> > intentionally raised SB_POSIXACL to prevent umask stripping in the VFS.
> > IOW, for them SB_POSIXACL was equivalent to "don't apply any umask".
> > 
> > And afaict nfs v4 has it's own thing going on how and where umasks are
> > applied. However, since we now have the following commit in vfs.misc:
> > 
> >     fs: add a new SB_I_NOUMASK flag
> 
> To summarize, just to make sure I understand where we're going.  Since
> normally (excepting unusual cases like NFS), it's fine to strip the
> umask bits twice (once in the VFS, and once in the file system, for
> those file systems that are doing it), once we have SB_I_NOUMASK and
> NFS starts using it, then the VFS can just unconditionally strip the
> umask bits, and then we can gradually clean up the file system umask
> handling (which would then be harmlessly duplicative).
> 
> Did I get this right?

I don't think this is accurate. posix_acl_create() needs unmasked 'mode'
because instead of using current_umask() for masking it wants to use
whatever is stored in the ACLs as an umask.

So I still think we need to keep umask handling in both posix_acl_create()
and vfs_prepare_mode(). But filesystem's only obligation would be to call
posix_acl_create() if the inode is IS_POSIXACL. No more caring about when
to apply umask and when not based on config or mount options.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR