mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-29 04:09:39 +00:00
705191b03d
Last cycle we extended the idmapped mounts infrastructure to support
idmapped mounts of idmapped filesystems (No such filesystem yet exist.).
Since then, the meaning of an idmapped mount is a mount whose idmapping
is different from the filesystems idmapping.
While doing that work we missed to adapt the acl translation helpers.
They still assume that checking for the identity mapping is enough. But
they need to use the no_idmapping() helper instead.
Note, POSIX ACLs are always translated right at the userspace-kernel
boundary using the caller's current idmapping and the initial idmapping.
The order depends on whether we're coming from or going to userspace.
The filesystem's idmapping doesn't matter at the border.
Consequently, if a non-idmapped mount is passed we need to make sure to
always pass the initial idmapping as the mount's idmapping and not the
filesystem idmapping. Since it's irrelevant here it would yield invalid
ids and prevent setting acls for filesystems that are mountable in a
userns and support posix acls (tmpfs and fuse).
I verified the regression reported in [1] and verified that this patch
fixes it. A regression test will be added to xfstests in parallel.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215849 [1]
Fixes: bd303368b7 ("fs: support mapped mounts of mapped filesystems")
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: <stable@vger.kernel.org> # 5.17
Cc: <regressions@lists.linux.dev>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
63 lines
1.9 KiB
C
63 lines
1.9 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
File: linux/posix_acl_xattr.h
|
|
|
|
Extended attribute system call representation of Access Control Lists.
|
|
|
|
Copyright (C) 2000 by Andreas Gruenbacher <a.gruenbacher@computer.org>
|
|
Copyright (C) 2002 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
|
|
*/
|
|
#ifndef _POSIX_ACL_XATTR_H
|
|
#define _POSIX_ACL_XATTR_H
|
|
|
|
#include <uapi/linux/xattr.h>
|
|
#include <uapi/linux/posix_acl_xattr.h>
|
|
#include <linux/posix_acl.h>
|
|
|
|
static inline size_t
|
|
posix_acl_xattr_size(int count)
|
|
{
|
|
return (sizeof(struct posix_acl_xattr_header) +
|
|
(count * sizeof(struct posix_acl_xattr_entry)));
|
|
}
|
|
|
|
static inline int
|
|
posix_acl_xattr_count(size_t size)
|
|
{
|
|
if (size < sizeof(struct posix_acl_xattr_header))
|
|
return -1;
|
|
size -= sizeof(struct posix_acl_xattr_header);
|
|
if (size % sizeof(struct posix_acl_xattr_entry))
|
|
return -1;
|
|
return size / sizeof(struct posix_acl_xattr_entry);
|
|
}
|
|
|
|
#ifdef CONFIG_FS_POSIX_ACL
|
|
void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
|
|
struct inode *inode,
|
|
void *value, size_t size);
|
|
void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
|
|
struct inode *inode,
|
|
void *value, size_t size);
|
|
#else
|
|
static inline void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
|
|
struct inode *inode,
|
|
void *value, size_t size)
|
|
{
|
|
}
|
|
static inline void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
|
|
struct inode *inode,
|
|
void *value, size_t size)
|
|
{
|
|
}
|
|
#endif
|
|
|
|
struct posix_acl *posix_acl_from_xattr(struct user_namespace *user_ns,
|
|
const void *value, size_t size);
|
|
int posix_acl_to_xattr(struct user_namespace *user_ns,
|
|
const struct posix_acl *acl, void *buffer, size_t size);
|
|
|
|
extern const struct xattr_handler posix_acl_access_xattr_handler;
|
|
extern const struct xattr_handler posix_acl_default_xattr_handler;
|
|
|
|
#endif /* _POSIX_ACL_XATTR_H */
|