[PATCH v1] fs: Add kfuncs to handle idmapped mounts

From: Alexey Gladkov <legion@kernel.org>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Christian Brauner <brauner@kernel.org>
Cc: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH v1] fs: Add kfuncs to handle idmapped mounts
Date: Fri, 30 Jun 2023 13:08:25 +0200	[thread overview]
Message-ID: <c35fbb4cb0a3a9b4653f9a032698469d94ca6e9c.1688123230.git.legion@kernel.org> (raw)

Since the introduction of idmapped mounts, file handling has become
somewhat more complicated. If the inode has been found through an
idmapped mount the idmap of the vfsmount must be used to get proper
i_uid / i_gid. This is important, for example, to correctly take into
account idmapped files when caching, LSM or for an audit.

Signed-off-by: Alexey Gladkov <legion@kernel.org>
---
 fs/mnt_idmapping.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/fs/mnt_idmapping.c b/fs/mnt_idmapping.c
index 4905665c47d0..ba98ce26b883 100644
--- a/fs/mnt_idmapping.c
+++ b/fs/mnt_idmapping.c
@@ -6,6 +6,7 @@
 #include <linux/mnt_idmapping.h>
 #include <linux/slab.h>
 #include <linux/user_namespace.h>
+#include <linux/bpf.h>
 
 #include "internal.h"
 
@@ -271,3 +272,71 @@ void mnt_idmap_put(struct mnt_idmap *idmap)
 		kfree(idmap);
 	}
 }
+
+__diag_push();
+__diag_ignore_all("-Wmissing-prototypes",
+		  "Global functions as their definitions will be in vmlinux BTF");
+
+/**
+ * bpf_is_idmapped_mnt - check whether a mount is idmapped
+ * @mnt: the mount to check
+ *
+ * Return: true if mount is mapped, false if not.
+ */
+__bpf_kfunc bool bpf_is_idmapped_mnt(struct vfsmount *mnt)
+{
+	return is_idmapped_mnt(mnt);
+}
+
+/**
+ * bpf_file_mnt_idmap - get file idmapping
+ * @file: the file from which to get mapping
+ *
+ * Return: The idmap for the @file.
+ */
+__bpf_kfunc struct mnt_idmap *bpf_file_mnt_idmap(struct file *file)
+{
+	return file_mnt_idmap(file);
+}
+
+/**
+ * bpf_inode_into_vfs_ids - map an inode's i_uid and i_gid down according to an idmapping
+ * @idmap: idmap of the mount the inode was found from
+ * @inode: inode to map
+ *
+ * The inode's i_uid and i_gid mapped down according to @idmap. If the inode's
+ * i_uid or i_gid has no mapping INVALID_VFSUID or INVALID_VFSGID is returned in
+ * the corresponding position.
+ *
+ * Return: A 64-bit integer containing the current GID and UID, and created as
+ * such: *gid* **<< 32 \|** *uid*.
+ */
+__bpf_kfunc uint64_t bpf_inode_into_vfs_ids(struct mnt_idmap *idmap,
+		const struct inode *inode)
+{
+	vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode);
+	vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);
+
+	return (u64) __vfsgid_val(vfsgid) << 32 |
+		     __vfsuid_val(vfsuid);
+}
+
+__diag_pop();
+
+BTF_SET8_START(idmap_btf_ids)
+BTF_ID_FLAGS(func, bpf_is_idmapped_mnt)
+BTF_ID_FLAGS(func, bpf_file_mnt_idmap)
+BTF_ID_FLAGS(func, bpf_inode_into_vfs_ids)
+BTF_SET8_END(idmap_btf_ids)
+
+static const struct btf_kfunc_id_set idmap_kfunc_set = {
+	.owner = THIS_MODULE,
+	.set   = &idmap_btf_ids,
+};
+
+static int __init bpf_idmap_kfunc_init(void)
+{
+	return register_btf_kfunc_id_set(BPF_PROG_TYPE_UNSPEC, &idmap_kfunc_set);
+}
+
+late_initcall(bpf_idmap_kfunc_init);
-- 
2.33.8

