[GIT PULL] acl updates for v6.1

From: Christian Brauner
Date: Mon Oct 03 2022 - 07:21:18 EST

Next message: Christian Brauner: "[GIT PULL] vfsuid updates for v6.1"
Previous message: Sudip Mukherjee: "Re: [PATCH] parport_pc: Avoid FIFO port location truncation"
Next in thread: Christian Brauner: "[GIT PULL] vfsuid updates for v6.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Linus,

/* Summary */
These are general fixes and preparatory changes related to the ongoing posix
acl rework. The actual rework where we build a type safe posix acl api wasn't
ready for this merge window but we're hopeful for the v6.2 merge window.

General fixes:
* Some filesystems like 9p and cifs have to implement custom posix acl handlers
because they require access to the dentry in order to set and get posix acls
while the set and get inode operations currently don't. But the ntfs3
filesystem has no such requirement and thus implemented custom posix acl
xattr handlers when it really didn't have to. So this pr contains patch that
just implements set and get inode operations for ntfs3 and switches it to
rely on the generic posix acl xattr handlers. (We would've appreciated
reviews from the ntfs3 maintainers but we didn't get any. But hey, if we
really broke it we'll fix it. But fstests for ntfs3 said it's fine.)
* The posix_acl_fix_xattr_common() helper has been adapted so it can be used by
a few more callers and avoiding open-coding the same checks over and over.

Other than the two general fixes this series introduces a new helper
vfs_set_acl_prepare(). The reason for this helper is so that we can mitigate
one of the source that change {g,u}id values directly in the uapi struct. With
the vfs_set_acl_prepare() helper we can move the idmapped mount fixup into the
generic posix acl set handler.

The advantage of this is that it allows us to remove the
posix_acl_setxattr_idmapped_mnt() helper which so far we had to call in
vfs_setxattr() to account for idmapped mounts. While semantically correct the
problem with this approach was that we had to keep the value parameter of the
generic vfs_setxattr() call as non-const. This is rectified in this series.

Ultimately, we will get rid of all the extreme kludges and type unsafety once
we have merged the posix api - hopefully during the next merge window - built
solely around get and set inode operations. Which incidentally will also
improve handling of posix acls in security and especially in integrity modesl.
While this will come with temporarily having two inode operation for posix acls
that is nothing compared to the problems we have right now and so well worth
it. We'll end up with something that we can actually reason about instead of
needing to write novels to explain what's going on.

/* Testing */
clang: Ubuntu clang version 14.0.0-1ubuntu1
gcc: gcc (Ubuntu 11.2.0-19ubuntu1) 11.2.0

All patches are based on v6.0-rc3 and have been sitting in linux-next. No build
failures or warnings were observed. All old and new tests in fstests,
selftests, and LTP pass without regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit b90cb1053190353cc30f0fef0ef1f378ccc063c5:

Linux 6.0-rc3 (2022-08-28 15:05:29 -0700)

are available in the Git repository at:

ssh://git@xxxxxxxxxxxxxxxxxxx/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.acl.rework.prep.v6.1

for you to fetch changes up to 38e316398e4e6338b80223fb5f74415c0513718f:

xattr: always us is_posix_acl_xattr() helper (2022-09-21 12:01:29 +0200)

Please consider pulling these changes from the signed fs.acl.rework.prep.v6.1 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.acl.rework.prep.v6.1

----------------------------------------------------------------
Christian Brauner (7):
ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
acl: add vfs_set_acl_prepare()
acl: move idmapping handling into posix_acl_xattr_set()
ovl: use vfs_set_acl_prepare()
xattr: constify value argument in vfs_setxattr()
xattr: always us is_posix_acl_xattr() helper

Deming Wang (1):
acl: fix the comments of posix_acl_xattr_set

fs/ntfs3/inode.c | 2 -
fs/ntfs3/xattr.c | 102 +-------------
fs/overlayfs/overlayfs.h | 2 +-
fs/overlayfs/super.c | 15 +-
fs/posix_acl.c | 288 +++++++++++++++++++++++++++++---------
fs/xattr.c | 15 +-
include/linux/posix_acl_xattr.h | 12 +-
include/linux/xattr.h | 2 +-
security/integrity/evm/evm_main.c | 17 ++-
9 files changed, 264 insertions(+), 191 deletions(-)

Next message: Christian Brauner: "[GIT PULL] vfsuid updates for v6.1"
Previous message: Sudip Mukherjee: "Re: [PATCH] parport_pc: Avoid FIFO port location truncation"
Next in thread: Christian Brauner: "[GIT PULL] vfsuid updates for v6.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]