From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-vk0-f48.google.com ([209.85.213.48]:32836 "EHLO
	mail-vk0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752237AbcEXQbw (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 24 May 2016 12:31:52 -0400
Received: by mail-vk0-f48.google.com with SMTP id r140so29140877vkf.0
        for <linux-fsdevel@vger.kernel.org>; Tue, 24 May 2016 09:31:51 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <20160524153949.GA2830@dztty.fritz.box>
References: <1464008989-3812-1-git-send-email-agruenba@redhat.com>
	<20160524153949.GA2830@dztty.fritz.box>
Date: Tue, 24 May 2016 18:31:51 +0200
Message-ID: <CAHc6FU5mTAM6cCP9S5CxrJ7PhZ-_3SxQeOLty1UgtVCu3ZVshw@mail.gmail.com>
Subject: Re: [PATCH] posix acls: Move namespace conversion into filesystem /
 xattr handlers
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Djalal Harouni <tixxdz@gmail.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
	Oleg Drokin <oleg.drokin@intel.com>,
	Andreas Dilger <andreas.dilger@intel.com>,
	Steve French <sfrench@samba.org>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Lustre Developement <lustre-devel@lists.lustre.org>,
	linux-cifs@vger.kernel.org, Eric Biederman <ebiederm@xmission.com>,
	Andy Lutomirski <luto@amacapital.net>
Content-Type: text/plain; charset=UTF-8
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, May 24, 2016 at 5:41 PM, Djalal Harouni <tixxdz@gmail.com> wrote:
> On Mon, May 23, 2016 at 03:09:49PM +0200, Andreas Gruenbacher wrote:
>> Currently, getxattr() and setxattr() check for the xattr names
>> "system.posix_acl_{access,default}" and perform in-place UID / GID
>> namespace mappings in the xattr values. Filesystems then again check for
>> the same xattr names to handle those attributes, almost always using the
>> standard posix_acl_{access,default}_xattr_handler handlers.  This is
>> unnecessary overhead; move the namespace conversion into the xattr
>> handlers instead.
>
> Please, are you sure that the changes in posix_acl_xattr_get() and
> posix_acl_xattr_set() are safe ? you are reading into current user
> namespace, from a first view this is not safe unless I'm missing
> something... they should map into init_user_ns...

Yes, moving the namespace conversion from the VFS into those functions
so that we don't have to check for those attributes and parse them
twice is exactly the point of this patch.

> Please Cc the user namespace maintainers before. Thank you!

Eric, Andy, anyone else?

Thanks,
Andreas