From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org, Seth Forshee <sforshee@kernel.org>,
Christian Brauner <brauner@kernel.org>
Subject: [PATCH 2/4] mnt_idmapping: remove nop check
Date: Wed, 22 Nov 2023 13:44:38 +0100 [thread overview]
Message-ID: <20231122-vfs-mnt_idmap-v1-2-dae4abdde5bd@kernel.org> (raw)
In-Reply-To: <20231122-vfs-mnt_idmap-v1-0-dae4abdde5bd@kernel.org>
All mounts default to nop_mnt_idmap and we don't allow creating idmapped
mounts that reuse the idmapping of the filesystem. So unless someone
passes a non-superblock namespace to these helpers this check will
always be false. Remove it and replace it with a simple check for
nop_mnt_idmap.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/mnt_idmapping.c | 36 ++++++++----------------------------
1 file changed, 8 insertions(+), 28 deletions(-)
diff --git a/fs/mnt_idmapping.c b/fs/mnt_idmapping.c
index 2674942311c3..35d78cb3c38a 100644
--- a/fs/mnt_idmapping.c
+++ b/fs/mnt_idmapping.c
@@ -39,26 +39,6 @@ static inline bool initial_idmapping(const struct user_namespace *ns)
return ns == &init_user_ns;
}
-/**
- * no_idmapping - check whether we can skip remapping a kuid/gid
- * @mnt_userns: the mount's idmapping
- * @fs_userns: the filesystem's idmapping
- *
- * This function can be used to check whether a remapping between two
- * idmappings is required.
- * An idmapped mount is a mount that has an idmapping attached to it that
- * is different from the filsystem's idmapping and the initial idmapping.
- * If the initial mapping is used or the idmapping of the mount and the
- * filesystem are identical no remapping is required.
- *
- * Return: true if remapping can be skipped, false if not.
- */
-static inline bool no_idmapping(const struct user_namespace *mnt_userns,
- const struct user_namespace *fs_userns)
-{
- return initial_idmapping(mnt_userns) || mnt_userns == fs_userns;
-}
-
/**
* make_vfsuid - map a filesystem kuid according to an idmapping
* @idmap: the mount's idmapping
@@ -68,8 +48,8 @@ static inline bool no_idmapping(const struct user_namespace *mnt_userns,
* Take a @kuid and remap it from @fs_userns into @idmap. Use this
* function when preparing a @kuid to be reported to userspace.
*
- * If no_idmapping() determines that this is not an idmapped mount we can
- * simply return @kuid unchanged.
+ * If initial_idmapping() determines that this is not an idmapped mount
+ * we can simply return @kuid unchanged.
* If initial_idmapping() tells us that the filesystem is not mounted with an
* idmapping we know the value of @kuid won't change when calling
* from_kuid() so we can simply retrieve the value via __kuid_val()
@@ -87,7 +67,7 @@ vfsuid_t make_vfsuid(struct mnt_idmap *idmap,
uid_t uid;
struct user_namespace *mnt_userns = idmap->owner;
- if (no_idmapping(mnt_userns, fs_userns))
+ if (idmap == &nop_mnt_idmap)
return VFSUIDT_INIT(kuid);
if (initial_idmapping(fs_userns))
uid = __kuid_val(kuid);
@@ -108,8 +88,8 @@ EXPORT_SYMBOL_GPL(make_vfsuid);
* Take a @kgid and remap it from @fs_userns into @idmap. Use this
* function when preparing a @kgid to be reported to userspace.
*
- * If no_idmapping() determines that this is not an idmapped mount we can
- * simply return @kgid unchanged.
+ * If initial_idmapping() determines that this is not an idmapped mount
+ * we can simply return @kgid unchanged.
* If initial_idmapping() tells us that the filesystem is not mounted with an
* idmapping we know the value of @kgid won't change when calling
* from_kgid() so we can simply retrieve the value via __kgid_val()
@@ -125,7 +105,7 @@ vfsgid_t make_vfsgid(struct mnt_idmap *idmap,
gid_t gid;
struct user_namespace *mnt_userns = idmap->owner;
- if (no_idmapping(mnt_userns, fs_userns))
+ if (idmap == &nop_mnt_idmap)
return VFSGIDT_INIT(kgid);
if (initial_idmapping(fs_userns))
gid = __kgid_val(kgid);
@@ -154,7 +134,7 @@ kuid_t from_vfsuid(struct mnt_idmap *idmap,
uid_t uid;
struct user_namespace *mnt_userns = idmap->owner;
- if (no_idmapping(mnt_userns, fs_userns))
+ if (idmap == &nop_mnt_idmap)
return AS_KUIDT(vfsuid);
uid = from_kuid(mnt_userns, AS_KUIDT(vfsuid));
if (uid == (uid_t)-1)
@@ -182,7 +162,7 @@ kgid_t from_vfsgid(struct mnt_idmap *idmap,
gid_t gid;
struct user_namespace *mnt_userns = idmap->owner;
- if (no_idmapping(mnt_userns, fs_userns))
+ if (idmap == &nop_mnt_idmap)
return AS_KGIDT(vfsgid);
gid = from_kgid(mnt_userns, AS_KGIDT(vfsgid));
if (gid == (gid_t)-1)
--
2.42.0
next prev parent reply other threads:[~2023-11-22 12:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 12:44 [PATCH 0/4] mnt_idmapping: decouple from namespaces Christian Brauner
2023-11-22 12:44 ` [PATCH 1/4] mnt_idmapping: remove check_fsmapping() Christian Brauner
2023-11-22 12:44 ` Christian Brauner [this message]
2023-11-22 12:44 ` [PATCH 3/4] mnt_idmapping: decouple from namespaces Christian Brauner
2023-11-22 14:26 ` Josef Bacik
2023-11-22 14:34 ` Christian Brauner
2023-11-22 15:14 ` Josef Bacik
2023-11-22 12:44 ` [PATCH 4/4] fs: reformat idmapped mounts entry Christian Brauner
2023-11-24 7:52 ` [PATCH 0/4] mnt_idmapping: decouple from namespaces Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231122-vfs-mnt_idmap-v1-2-dae4abdde5bd@kernel.org \
--to=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sforshee@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).