From: Christian Brauner <brauner@kernel.org>
To: Christoph Hellwig <hch@lst.de>,
linux-fsdevel@vger.kernel.org,
Seth Forshee <sforshee@digitalocean.com>
Cc: Christian Brauner <brauner@kernel.org>,
Aleksa Sarai <cyphar@cyphar.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: [PATCH 4/8] fs: introduce tiny iattr ownership update helpers
Date: Mon, 20 Jun 2022 15:49:43 +0200 [thread overview]
Message-ID: <20220620134947.2772863-5-brauner@kernel.org> (raw)
In-Reply-To: <20220620134947.2772863-1-brauner@kernel.org>
Nearly all fileystems currently open-code the same checks for
determining whether the i{g,u}_id fields of an inode need to be updated
and then updating the fields.
Introduce tiny helpers i_{g,u}id_needs_update() and i_{g,u}id_update()
that wrap this logic. This allows filesystems to not care updating
inode->i_{g,u}id with the correct values themselves instead leaving this
to the helpers.
We also get rid of a lot of code duplication and make it easier to
change struct iattr in the future since changes can be localized to
these helpers.
And finally we make it hard to conflate k{g,u}id_t types with
kmnt{g,u}id_t types for filesystems that support idmapped mounts.
In the following patch we will port all filesystems that raise
FS_ALLOW_IDMAP to use the new helpers. However, the ultimate goal is to
convert all filesystems to make use of these helpers.
All new helpers are nops on non-idmapped mounts.
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
CC: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
include/linux/fs.h | 76 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 0da6c0481dbd..998ac36ea7b0 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1640,6 +1640,44 @@ static inline kmntuid_t i_uid_into_mntuid(struct user_namespace *mnt_userns,
return KMNTUIDT_INIT(i_uid_into_mnt(mnt_userns, inode));
}
+/**
+ * i_uid_needs_update - check whether inode's i_uid needs to be updated
+ * @mnt_userns: user namespace of the mount the inode was found from
+ * @attr: the new attributes of @inode
+ * @inode: the inode to update
+ *
+ * Check whether the $inode's i_uid field needs to be updated taking idmapped
+ * mounts into account if the filesystem supports it.
+ *
+ * Return: true if @inode's i_uid field needs to be updated, false if not.
+ */
+static inline bool i_uid_needs_update(struct user_namespace *mnt_userns,
+ const struct iattr *attr,
+ const struct inode *inode)
+{
+ return ((attr->ia_valid & ATTR_UID) &&
+ !kmntuid_eq(attr->ia_mntuid,
+ i_uid_into_mntuid(mnt_userns, inode)));
+}
+
+/**
+ * i_uid_update - update @inode's i_uid field
+ * @mnt_userns: user namespace of the mount the inode was found from
+ * @attr: the new attributes of @inode
+ * @inode: the inode to update
+ *
+ * Safely update @inode's i_uid field translating the kmntuid of any idmapped
+ * mount into the filesystem kuid.
+ */
+static inline void i_uid_update(struct user_namespace *mnt_userns,
+ const struct iattr *attr,
+ struct inode *inode)
+{
+ if (attr->ia_valid & ATTR_UID)
+ inode->i_uid = kmntuid_to_kuid(mnt_userns, i_user_ns(inode),
+ attr->ia_mntuid);
+}
+
/**
* i_gid_into_mnt - map an inode's i_gid down into a mnt_userns
* @mnt_userns: user namespace of the mount the inode was found from
@@ -1674,6 +1712,44 @@ static inline kmntgid_t i_gid_into_mntgid(struct user_namespace *mnt_userns,
return KMNTGIDT_INIT(i_gid_into_mnt(mnt_userns, inode));
}
+/**
+ * i_gid_needs_update - check whether inode's i_gid needs to be updated
+ * @mnt_userns: user namespace of the mount the inode was found from
+ * @attr: the new attributes of @inode
+ * @inode: the inode to update
+ *
+ * Check whether the $inode's i_gid field needs to be updated taking idmapped
+ * mounts into account if the filesystem supports it.
+ *
+ * Return: true if @inode's i_gid field needs to be updated, false if not.
+ */
+static inline bool i_gid_needs_update(struct user_namespace *mnt_userns,
+ const struct iattr *attr,
+ const struct inode *inode)
+{
+ return ((attr->ia_valid & ATTR_GID) &&
+ !kmntgid_eq(attr->ia_mntgid,
+ i_gid_into_mntgid(mnt_userns, inode)));
+}
+
+/**
+ * i_gid_update - update @inode's i_gid field
+ * @mnt_userns: user namespace of the mount the inode was found from
+ * @attr: the new attributes of @inode
+ * @inode: the inode to update
+ *
+ * Safely update @inode's i_gid field translating the kmntgid of any idmapped
+ * mount into the filesystem kgid.
+ */
+static inline void i_gid_update(struct user_namespace *mnt_userns,
+ const struct iattr *attr,
+ struct inode *inode)
+{
+ if (attr->ia_valid & ATTR_GID)
+ inode->i_gid = kmntgid_to_kgid(mnt_userns, i_user_ns(inode),
+ attr->ia_mntgid);
+}
+
/**
* inode_fsuid_set - initialize inode's i_uid field with callers fsuid
* @inode: inode to initialize
--
2.34.1
next prev parent reply other threads:[~2022-06-20 14:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 13:49 [PATCH 0/8] introduce dedicated type for idmapped mounts Christian Brauner
2022-06-20 13:49 ` [PATCH 1/8] mnt_idmapping: add kmnt{g,u}id_t Christian Brauner
2022-06-20 14:28 ` Linus Torvalds
2022-06-20 15:25 ` Christian Brauner
2022-06-20 18:52 ` Linus Torvalds
2022-06-20 13:49 ` [PATCH 2/8] fs: add two type safe mapping helpers Christian Brauner
2022-06-20 13:49 ` [PATCH 3/8] fs: use mount types in iattr Christian Brauner
2022-06-20 13:49 ` Christian Brauner [this message]
2022-06-20 13:49 ` [PATCH 5/8] fs: port to iattr ownership update helpers Christian Brauner
2022-06-20 13:49 ` [PATCH 6/8] quota: port quota helpers mount ids Christian Brauner
2022-06-21 10:20 ` Jan Kara
2022-06-21 10:40 ` Christian Brauner
2022-06-20 13:49 ` [PATCH 7/8] security: pass down mount idmapping to setattr hook Christian Brauner
2022-06-20 13:49 ` [PATCH 8/8] attr: port attribute changes to new types Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220620134947.2772863-5-brauner@kernel.org \
--to=brauner@kernel.org \
--cc=cyphar@cyphar.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sforshee@digitalocean.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).