mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 15:18:19 +00:00
Code Issues Releases Wiki Activity
linux-stable/include
History
Christian Brauner f518e2e75d fs: fix acl translation 
commit 705191b03d upstream.

Last cycle we extended the idmapped mounts infrastructure to support
idmapped mounts of idmapped filesystems (No such filesystem yet exist.).
Since then, the meaning of an idmapped mount is a mount whose idmapping
is different from the filesystems idmapping.

While doing that work we missed to adapt the acl translation helpers.
They still assume that checking for the identity mapping is enough.  But
they need to use the no_idmapping() helper instead.

Note, POSIX ACLs are always translated right at the userspace-kernel
boundary using the caller's current idmapping and the initial idmapping.
The order depends on whether we're coming from or going to userspace.
The filesystem's idmapping doesn't matter at the border.

Consequently, if a non-idmapped mount is passed we need to make sure to
always pass the initial idmapping as the mount's idmapping and not the
filesystem idmapping.  Since it's irrelevant here it would yield invalid
ids and prevent setting acls for filesystems that are mountable in a
userns and support posix acls (tmpfs and fuse).

I verified the regression reported in [1] and verified that this patch
fixes it.  A regression test will be added to xfstests in parallel.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=215849 [1]
Fixes: bd303368b7 ("fs: support mapped mounts of mapped filesystems")
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: <stable@vger.kernel.org> # 5.17
Cc: <regressions@lists.linux.dev>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-27 14:41:14 +02:00
..
acpi
asm-generic tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry 2022-04-20 09:36:21 +02:00
clocksource
crypto lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI 2022-02-04 19:22:32 +01:00
drm drm/connector: Fix typo in documentation 2022-04-08 13:58:58 +02:00
dt-bindings Fixes for omaps 2022-02-07 17:42:44 +01:00
keys
kunit kunit: replace kernel.h with the necessary inclusions 2022-01-20 08:52:54 +02:00
kvm
linux fs: fix acl translation 2022-04-27 14:41:14 +02:00
math-emu
media
memory
misc
net ipv6: make ip6_rt_gc_expire an atomic_t 2022-04-27 14:41:01 +02:00
pcmcia
ras
rdma
scsi scsi: iscsi: Fix NOP handling during conn recovery 2022-04-27 14:41:10 +02:00
soc soc: fsl: Replace kernel.h with the necessary inclusions 2022-02-18 17:11:17 -06:00
sound ALSA: memalloc: Add fallback SG-buffer allocations for x86 2022-04-20 09:36:11 +02:00
target
trace SUNRPC: Fix the svc_deferred_event trace class 2022-04-20 09:36:12 +02:00
uapi io_uring: flag the fact that linked file assignment is sane 2022-04-20 09:36:14 +02:00
vdso
video
xen xen/gnttab: fix gnttab_end_foreign_access() without page specified 2022-03-07 09:48:55 +01:00