All of lore.kernel.org
 help / color / mirror / Atom feed
From: Seth Forshee <sforshee@digitalocean.com>
To: Christian Brauner <brauner@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>,
	Amir Goldstein <amir73il@gmail.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel@vger.kernel.org,
	Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: [PATCH v2 03/10] fs: tweak fsuidgid_has_mapping()
Date: Thu, 2 Dec 2021 11:12:18 -0600	[thread overview]
Message-ID: <Yaj+cuzaAIaIReM7@do-x1extreme> (raw)
In-Reply-To: <20211130121032.3753852-4-brauner@kernel.org>

On Tue, Nov 30, 2021 at 01:10:25PM +0100, Christian Brauner wrote:
> From: Christian Brauner <christian.brauner@ubuntu.com>
> 
> If the caller's fs{g,u}id aren't mapped in the mount's idmapping we can
> return early and skip the check whether the mapped fs{g,u}id also have a
> mapping in the filesystem's idmapping. If the fs{g,u}id aren't mapped in
> the mount's idmapping they consequently can't be mapped in the
> filesystem's idmapping. So there's no point in checking that.
> 
> Link: https://lore.kernel.org/r/20211123114227.3124056-4-brauner@kernel.org (v1)
> Cc: Seth Forshee <sforshee@digitalocean.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Al Viro <viro@zeniv.linux.org.uk>
> CC: linux-fsdevel@vger.kernel.org
> Reviewed-by: Amir Goldstein <amir73il@gmail.com>
> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Reviewed-by: Seth Forshee <sforshee@digitalocean.com>

> ---
> /* v2 */
> unchanged
> ---
>  include/linux/fs.h | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index f5d1ae0a783a..28ab20ce0adc 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1695,10 +1695,18 @@ static inline void inode_fsgid_set(struct inode *inode,
>  static inline bool fsuidgid_has_mapping(struct super_block *sb,
>  					struct user_namespace *mnt_userns)
>  {
> -	struct user_namespace *s_user_ns = sb->s_user_ns;
> +	struct user_namespace *fs_userns = sb->s_user_ns;
> +	kuid_t kuid;
> +	kgid_t kgid;
>  
> -	return kuid_has_mapping(s_user_ns, mapped_fsuid(mnt_userns)) &&
> -	       kgid_has_mapping(s_user_ns, mapped_fsgid(mnt_userns));
> +	kuid = mapped_fsuid(mnt_userns);
> +	if (!uid_valid(kuid))
> +		return false;
> +	kgid = mapped_fsgid(mnt_userns);
> +	if (!gid_valid(kgid))
> +		return false;
> +	return kuid_has_mapping(fs_userns, kuid) &&
> +	       kgid_has_mapping(fs_userns, kgid);
>  }
>  
>  extern struct timespec64 current_time(struct inode *inode);
> -- 
> 2.30.2
> 

  reply	other threads:[~2021-12-02 17:12 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-30 12:10 [PATCH v2 00/10] Extend and tweak mapping support Christian Brauner
2021-11-30 12:10 ` [PATCH v2 01/10] fs: add is_idmapped_mnt() helper Christian Brauner
2021-12-02 17:09   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 02/10] fs: move mapping helpers Christian Brauner
2021-12-02 17:10   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 03/10] fs: tweak fsuidgid_has_mapping() Christian Brauner
2021-12-02 17:12   ` Seth Forshee [this message]
2021-11-30 12:10 ` [PATCH v2 04/10] fs: account for filesystem mappings Christian Brauner
2021-12-02 17:13   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 05/10] docs: update mapping documentation Christian Brauner
2021-12-02 17:27   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 06/10] fs: use low-level mapping helpers Christian Brauner
2021-12-02 17:34   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 07/10] fs: remove unused " Christian Brauner
2021-12-02 17:39   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 08/10] fs: port higher-level " Christian Brauner
2021-12-02 17:40   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 09/10] fs: add i_user_ns() helper Christian Brauner
2021-12-02 17:40   ` Seth Forshee
2021-11-30 12:10 ` [PATCH v2 10/10] fs: support mapped mounts of mapped filesystems Christian Brauner
2021-12-02 17:50   ` Seth Forshee
2021-12-02 19:20     ` Christian Brauner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yaj+cuzaAIaIReM7@do-x1extreme \
    --to=sforshee@digitalocean.com \
    --cc=amir73il@gmail.com \
    --cc=brauner@kernel.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=hch@lst.de \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.