Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp973763rdg; Wed, 11 Oct 2023 10:26:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFMGcJ6Y2NGXvME4i/YQi5x2a4nV/dnOAsn0bSR6q8oLux7XBmJ1k55vls3yaJYp192aEgI X-Received: by 2002:a05:6870:f105:b0:1d6:5133:2f37 with SMTP id k5-20020a056870f10500b001d651332f37mr25298174oac.48.1697045188002; Wed, 11 Oct 2023 10:26:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697045187; cv=none; d=google.com; s=arc-20160816; b=AGy1VTcZCidaleMjx8WeRwBCPFRRVDdX9Vmo2oJZYUaPMKz5o+Nu6qOqzvv5VVmtgZ vUbY1mVX5eICc5C+1VIWr+EsyJNGFxf0/oQ3MPim6alCW8pSs1zq9CtU4JWQnCHSl/oV zmtHQmIduB7xw8WG8WqhIMB2bBNwWjy8g0eCJDlvStIhCv61uiuTFf1g6YhYMg80+akT PK7p2fifTvYtzZMTUJGDCUJ+40UaTS1ViaxfQrhg1F8rriQ2FWzWYYwVnRkhqvwoN5F3 AGInVPoNJxmYBlxwd/K67ed9PfkSM9pWVwKKuLm/cntFXDj1DxPfCPehSvqXuv5AU7cv FioA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=PfP83Apuioc6QwrQ9hjnsK+t+FQBcuvjUeVK6xfxlsI=; fh=a/Cowp0TAFrz3JIhEQOHCwRmDbHS67u+8RFGo9v/y78=; b=yO1QWg9P0zcNHTcXdwkuiuyTRITLDpawv5gtcJUf4GtHoEEJYvGSutOSV1S90yOMwk StHi82Y+sBzCNmF+6dpqooDiY4gxtIVuDdAL2j0M9R+8u9NAAji8sPv3XLSmeZ7uBG3o fWmku4ta4a01DaeN/ZYZ9dj808lV3UvZDIR5WQE0KfD47OCtAL4H2FVmeUf9L9qgy0pN WLHngPEUbJyGGvZDR0tBZeEn5+3046BKidSoFEQzqV//NbNwgodXTZ5VFIY3Jd1sywZQ T4DJ1STry3HDB6FlWbXouOUyVqezWoSgAwJQn7BIZfpwlTQvaVsk9DrZoUsgQs3YTd6N Fb2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b="kr/n4ozJ"; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id o32-20020a635a20000000b00584a9290bd3si218423pgb.522.2023.10.11.10.26.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 10:26:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b="kr/n4ozJ"; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 676B680D707C; Wed, 11 Oct 2023 10:26:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231221AbjJKR0S (ORCPT + 99 others); Wed, 11 Oct 2023 13:26:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230012AbjJKR0R (ORCPT ); Wed, 11 Oct 2023 13:26:17 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC7F78F; Wed, 11 Oct 2023 10:26:15 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 41B8B1F88E; Wed, 11 Oct 2023 17:26:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1697045167; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PfP83Apuioc6QwrQ9hjnsK+t+FQBcuvjUeVK6xfxlsI=; b=kr/n4ozJKeSRcTxUWkUDER9ANl5ysmCMwwn5jTIuXq6Nu6vMj5OGtVTIryyeXynEv0QmeO Zhy+dX2NbiLj0xRMv3bNuTJxiIJCI00Tiw9klfnKBnexnxlLzGEBQtIuhmfuMsb7Thyr4o /FFuqr7fTzjwGe4evj+VqWiwjBiUb1M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1697045167; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PfP83Apuioc6QwrQ9hjnsK+t+FQBcuvjUeVK6xfxlsI=; b=vFckiP0JXcsJIYzBmUMHSKggcqEdsHzRu7vUKBWvlkifhsnhO+PiVl4DK8F327TFpVj4hK kaJA6pmCJtZVKrBQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2D9E9138EF; Wed, 11 Oct 2023 17:26:07 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id hsYaC6/aJmWpSAAAMHmgww (envelope-from ); Wed, 11 Oct 2023 17:26:07 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id B0F75A06B0; Wed, 11 Oct 2023 19:26:06 +0200 (CEST) Date: Wed, 11 Oct 2023 19:26:06 +0200 From: Jan Kara To: Theodore Ts'o Cc: Christian Brauner , Jan Kara , Max Kellermann , Xiubo Li , Ilya Dryomov , Jeff Layton , Jan Kara , Dave Kleikamp , ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org, jfs-discussion@lists.sourceforge.net, Yang Xu , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2] fs/{posix_acl,ext2,jfs,ceph}: apply umask if ACL support is disabled Message-ID: <20231011172606.mztqyvclq6hq2qa2@quack3> References: <20231010131125.3uyfkqbcetfcqsve@quack3> <20231011100541.sfn3prgtmp7hk2oj@quack3> <20231011120655.ndb7bfasptjym3wl@quack3> <20231011135922.4bij3ittlg4ujkd7@quack3> <20231011-braumeister-anrufen-62127dc64de0@brauner> <20231011170042.GA267994@mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231011170042.GA267994@mit.edu> X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 11 Oct 2023 10:26:20 -0700 (PDT) X-Spam-Level: ** On Wed 11-10-23 13:00:42, Theodore Ts'o wrote: > On Wed, Oct 11, 2023 at 05:27:37PM +0200, Christian Brauner wrote: > > Aside from that, the problem had been that filesystems like nfs v4 > > intentionally raised SB_POSIXACL to prevent umask stripping in the VFS. > > IOW, for them SB_POSIXACL was equivalent to "don't apply any umask". > > > > And afaict nfs v4 has it's own thing going on how and where umasks are > > applied. However, since we now have the following commit in vfs.misc: > > > > fs: add a new SB_I_NOUMASK flag > > To summarize, just to make sure I understand where we're going. Since > normally (excepting unusual cases like NFS), it's fine to strip the > umask bits twice (once in the VFS, and once in the file system, for > those file systems that are doing it), once we have SB_I_NOUMASK and > NFS starts using it, then the VFS can just unconditionally strip the > umask bits, and then we can gradually clean up the file system umask > handling (which would then be harmlessly duplicative). > > Did I get this right? I don't think this is accurate. posix_acl_create() needs unmasked 'mode' because instead of using current_umask() for masking it wants to use whatever is stored in the ACLs as an umask. So I still think we need to keep umask handling in both posix_acl_create() and vfs_prepare_mode(). But filesystem's only obligation would be to call posix_acl_create() if the inode is IS_POSIXACL. No more caring about when to apply umask and when not based on config or mount options. Honza -- Jan Kara SUSE Labs, CR