From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Seth Forshee <sforshee@digitalocean.com>,
Christoph Hellwig <hch@lst.de>,
regressions@lists.linux.dev,
"Christian Brauner (Microsoft)" <brauner@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.15 23/28] fs: fix acl translation
Date: Thu, 30 Jun 2022 15:47:19 +0200 [thread overview]
Message-ID: <20220630133233.613171266@linuxfoundation.org> (raw)
In-Reply-To: <20220630133232.926711493@linuxfoundation.org>
From: Christian Brauner <brauner@kernel.org>
commit 705191b03d507744c7e097f78d583621c14988ac upstream.
Last cycle we extended the idmapped mounts infrastructure to support
idmapped mounts of idmapped filesystems (No such filesystem yet exist.).
Since then, the meaning of an idmapped mount is a mount whose idmapping
is different from the filesystems idmapping.
While doing that work we missed to adapt the acl translation helpers.
They still assume that checking for the identity mapping is enough. But
they need to use the no_idmapping() helper instead.
Note, POSIX ACLs are always translated right at the userspace-kernel
boundary using the caller's current idmapping and the initial idmapping.
The order depends on whether we're coming from or going to userspace.
The filesystem's idmapping doesn't matter at the border.
Consequently, if a non-idmapped mount is passed we need to make sure to
always pass the initial idmapping as the mount's idmapping and not the
filesystem idmapping. Since it's irrelevant here it would yield invalid
ids and prevent setting acls for filesystems that are mountable in a
userns and support posix acls (tmpfs and fuse).
I verified the regression reported in [1] and verified that this patch
fixes it. A regression test will be added to xfstests in parallel.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215849 [1]
Fixes: bd303368b776 ("fs: support mapped mounts of mapped filesystems")
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: <stable@vger.kernel.org> # 5.15+
Cc: <regressions@lists.linux.dev>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/posix_acl.c | 10 ++++++++++
fs/xattr.c | 6 ++++--
include/linux/posix_acl_xattr.h | 4 ++++
3 files changed, 18 insertions(+), 2 deletions(-)
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -760,9 +760,14 @@ static void posix_acl_fix_xattr_userns(
}
void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
+ struct inode *inode,
void *value, size_t size)
{
struct user_namespace *user_ns = current_user_ns();
+
+ /* Leave ids untouched on non-idmapped mounts. */
+ if (no_idmapping(mnt_userns, i_user_ns(inode)))
+ mnt_userns = &init_user_ns;
if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns))
return;
posix_acl_fix_xattr_userns(&init_user_ns, user_ns, mnt_userns, value,
@@ -770,9 +775,14 @@ void posix_acl_fix_xattr_from_user(struc
}
void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
+ struct inode *inode,
void *value, size_t size)
{
struct user_namespace *user_ns = current_user_ns();
+
+ /* Leave ids untouched on non-idmapped mounts. */
+ if (no_idmapping(mnt_userns, i_user_ns(inode)))
+ mnt_userns = &init_user_ns;
if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns))
return;
posix_acl_fix_xattr_userns(user_ns, &init_user_ns, mnt_userns, value,
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -569,7 +569,8 @@ setxattr(struct user_namespace *mnt_user
}
if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
(strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
- posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
+ posix_acl_fix_xattr_from_user(mnt_userns, d_inode(d),
+ kvalue, size);
}
error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
@@ -667,7 +668,8 @@ getxattr(struct user_namespace *mnt_user
if (error > 0) {
if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
(strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
- posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
+ posix_acl_fix_xattr_to_user(mnt_userns, d_inode(d),
+ kvalue, error);
if (size && copy_to_user(value, kvalue, error))
error = -EFAULT;
} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
--- a/include/linux/posix_acl_xattr.h
+++ b/include/linux/posix_acl_xattr.h
@@ -34,15 +34,19 @@ posix_acl_xattr_count(size_t size)
#ifdef CONFIG_FS_POSIX_ACL
void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
+ struct inode *inode,
void *value, size_t size);
void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
+ struct inode *inode,
void *value, size_t size);
#else
static inline void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
+ struct inode *inode,
void *value, size_t size)
{
}
static inline void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
+ struct inode *inode,
void *value, size_t size)
{
}
next prev parent reply other threads:[~2022-06-30 14:11 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-30 13:46 [PATCH 5.15 00/28] 5.15.52-rc1 review Greg Kroah-Hartman
2022-06-30 13:46 ` [PATCH 5.15 01/28] tick/nohz: unexport __init-annotated tick_nohz_full_setup() Greg Kroah-Hartman
2022-06-30 13:46 ` [PATCH 5.15 02/28] clocksource/drivers/ixp4xx: remove __init from ixp4xx_timer_setup() Greg Kroah-Hartman
2022-07-01 15:31 ` Nathan Chancellor
2022-07-01 15:50 ` Greg Kroah-Hartman
2022-06-30 13:46 ` [PATCH 5.15 03/28] x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 04/28] bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 05/28] xfs: use kmem_cache_free() for kmem_cache objects Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 06/28] xfs: punch out data fork delalloc blocks on COW writeback failure Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 07/28] xfs: Fix the free logic of state in xfs_attr_node_hasname Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 08/28] xfs: remove all COW fork extents when remounting readonly Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 09/28] xfs: check sb_meta_uuid for dabuf buffer recovery Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 10/28] xfs: prevent UAF in xfs_log_item_in_current_chkpt Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 11/28] xfs: only bother with sync_filesystem during readonly remount Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 12/28] powerpc/ftrace: Remove ftrace init tramp once kernel init is complete Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 13/28] fs: add is_idmapped_mnt() helper Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 14/28] fs: move mapping helpers Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 15/28] fs: tweak fsuidgid_has_mapping() Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 16/28] fs: account for filesystem mappings Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 17/28] docs: update mapping documentation Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 18/28] fs: use low-level mapping helpers Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 19/28] fs: remove unused " Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 20/28] fs: port higher-level " Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 21/28] fs: add i_user_ns() helper Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 22/28] fs: support mapped mounts of mapped filesystems Greg Kroah-Hartman
2022-06-30 13:47 ` Greg Kroah-Hartman [this message]
2022-06-30 13:47 ` [PATCH 5.15 24/28] fs: account for group membership Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 25/28] rtw88: 8821c: support RFE type4 wifi NIC Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 26/28] rtw88: rtw8821c: enable rfe 6 devices Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 27/28] net: mscc: ocelot: allow unregistered IP multicast flooding to CPU Greg Kroah-Hartman
2022-06-30 13:47 ` [PATCH 5.15 28/28] io_uring: fix not locked access to fixed buf table Greg Kroah-Hartman
2022-06-30 23:17 ` [PATCH 5.15 00/28] 5.15.52-rc1 review Shuah Khan
2022-06-30 23:21 ` Florian Fainelli
2022-07-01 0:58 ` Guenter Roeck
2022-07-01 3:51 ` Bagas Sanjaya
2022-07-01 6:18 ` Naresh Kamboju
2022-07-01 8:51 ` Christian Brauner
2022-07-01 8:57 ` Greg Kroah-Hartman
2022-07-01 12:51 ` Christian Brauner
2022-07-01 10:36 ` Sudip Mukherjee
2022-07-01 13:55 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220630133233.613171266@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=brauner@kernel.org \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=regressions@lists.linux.dev \
--cc=sforshee@digitalocean.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox