[PATCH 0/6] acl: rework idmap handling when setting posix acls

[Christian Brauner <brauner@kernel.org>]

From: "Christian Brauner (Microsoft)" <brauner@kernel.org>

Hey everyone,

As explained in detail in [1] POSIX ACLs are a bit wonky as they abuse
the uapi POSIX ACL structure to transport the values of k{g,u}id_t as
raw {g,u}id stored in ACL_{GROUP,USER} entries down to the filesystems.

The values stored in the POSIX ACL uapi struct have been mapped into the
caller's idmapping in setxattr_convert(). In addition, the VFS needs to
take idmapped mounts into during vfs_setxattr(). Currently, it uses the
uapi POSIX ACL structure for this as well.

While the handling of idmapped mounts needs to happen in vfs_setxattr()
or deeper in its callchain to guarantee that overlayfs handles POSIX
ACLs correctly on top of idmapped layers it isn't necessary to further
abuse the uapi POSIX ACL structure for this.

Instead of taking idmapped mounts into account and updaing the values in
the POSIX ACL uapi struct directly in vfs_setxattr() we can move it down
into posix_acl_xattr_set() helper. This allows us to make the value
argument of vfs_setxattr() const and gets rid of an additional loop.

Ultimately, we hope to still get rid of the POSIX ACL uapi struct abuse
completely but that requires a little more work.

This series also ports ntfs3 to rely on the standard POSXI ACL xattr
handler instead of rolling its own (currently broken) implementation.

This survives xfstests and LTP.

Thanks!
Christian

[1]: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org

Christian Brauner (6):
  ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
  acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
  acl: add vfs_set_acl_prepare()
  acl: move idmapping handling into posix_acl_xattr_set()
  ovl: use vfs_set_acl_prepare()
  xattr: constify value argument in vfs_setxattr()

 fs/ntfs3/inode.c                  |   2 -
 fs/ntfs3/xattr.c                  | 102 +----------
 fs/overlayfs/overlayfs.h          |   2 +-
 fs/overlayfs/super.c              |  15 +-
 fs/posix_acl.c                    | 288 +++++++++++++++++++++++-------
 fs/xattr.c                        |   8 +-
 include/linux/posix_acl_xattr.h   |   3 +
 include/linux/xattr.h             |   2 +-
 security/integrity/evm/evm_main.c |  17 +-
 9 files changed, 262 insertions(+), 177 deletions(-)


base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
-- 
2.34.1