[GIT PULL] acl updates for v6.1

[GIT PULL] acl updates for v6.1

[Christian Brauner]

Hey Linus,

/* Summary */
These are general fixes and preparatory changes related to the ongoing posix
acl rework. The actual rework where we build a type safe posix acl api wasn't
ready for this merge window but we're hopeful for the v6.2 merge window.

General fixes:
* Some filesystems like 9p and cifs have to implement custom posix acl handlers
  because they require access to the dentry in order to set and get posix acls
  while the set and get inode operations currently don't. But the ntfs3
  filesystem has no such requirement and thus implemented custom posix acl
  xattr handlers when it really didn't have to. So this pr contains patch that
  just implements set and get inode operations for ntfs3 and switches it to
  rely on the generic posix acl xattr handlers. (We would've appreciated
  reviews from the ntfs3 maintainers but we didn't get any. But hey, if we
  really broke it we'll fix it. But fstests for ntfs3 said it's fine.)
* The posix_acl_fix_xattr_common() helper has been adapted so it can be used by
  a few more callers and avoiding open-coding the same checks over and over.

Other than the two general fixes this series introduces a new helper
vfs_set_acl_prepare(). The reason for this helper is so that we can mitigate
one of the source that change {g,u}id values directly in the uapi struct. With
the vfs_set_acl_prepare() helper we can move the idmapped mount fixup into the
generic posix acl set handler.

The advantage of this is that it allows us to remove the
posix_acl_setxattr_idmapped_mnt() helper which so far we had to call in
vfs_setxattr() to account for idmapped mounts. While semantically correct the
problem with this approach was that we had to keep the value parameter of the
generic vfs_setxattr() call as non-const. This is rectified in this series.

Ultimately, we will get rid of all the extreme kludges and type unsafety once
we have merged the posix api - hopefully during the next merge window - built
solely around get and set inode operations. Which incidentally will also
improve handling of posix acls in security and especially in integrity modesl.
While this will come with temporarily having two inode operation for posix acls
that is nothing compared to the problems we have right now and so well worth
it. We'll end up with something that we can actually reason about instead of
needing to write novels to explain what's going on.

/* Testing */
clang: Ubuntu clang version 14.0.0-1ubuntu1
gcc:   gcc (Ubuntu 11.2.0-19ubuntu1) 11.2.0

All patches are based on v6.0-rc3 and have been sitting in linux-next. No build
failures or warnings were observed. All old and new tests in fstests,
selftests, and LTP pass without regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit b90cb1053190353cc30f0fef0ef1f378ccc063c5:

  Linux 6.0-rc3 (2022-08-28 15:05:29 -0700)

are available in the Git repository at:

  ssh://git@gitolite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.acl.rework.prep.v6.1

for you to fetch changes up to 38e316398e4e6338b80223fb5f74415c0513718f:

  xattr: always us is_posix_acl_xattr() helper (2022-09-21 12:01:29 +0200)

Please consider pulling these changes from the signed fs.acl.rework.prep.v6.1 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.acl.rework.prep.v6.1

----------------------------------------------------------------
Christian Brauner (7):
      ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
      acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
      acl: add vfs_set_acl_prepare()
      acl: move idmapping handling into posix_acl_xattr_set()
      ovl: use vfs_set_acl_prepare()
      xattr: constify value argument in vfs_setxattr()
      xattr: always us is_posix_acl_xattr() helper

Deming Wang (1):
      acl: fix the comments of posix_acl_xattr_set

 fs/ntfs3/inode.c                  |   2 -
 fs/ntfs3/xattr.c                  | 102 +-------------
 fs/overlayfs/overlayfs.h          |   2 +-
 fs/overlayfs/super.c              |  15 +-
 fs/posix_acl.c                    | 288 +++++++++++++++++++++++++++++---------
 fs/xattr.c                        |  15 +-
 include/linux/posix_acl_xattr.h   |  12 +-
 include/linux/xattr.h             |   2 +-
 security/integrity/evm/evm_main.c |  17 ++-
 9 files changed, 264 insertions(+), 191 deletions(-)

[GIT PULL] vfsuid updates for v6.1

[Christian Brauner]

Hey Linus,

/* Summary */
Last cycle we introduced the new vfs{g,u}id_t types that we had agreed on. The
most important parts of the vfs have been converted but there are a few more
places we need to switch before we can remove the old helpers completely.

This cycle we converted all filesystems that called idmapped mount helpers
directly. The affected filesystems are f2fs, fat, fuse, ksmbd, overlayfs, and
xfs. We've sent patches for all of them. Looking at -next f2fs, ksmbd,
overlayfs, and xfs have all picked up these patches and they should land in
mainline during the v6.1 merge window.

So all filesystems that have a separate tree should send the vfsuid
conversion themselves. Onle the fat conversion is going through one of the
generic fs trees because there is no fat tree.

In order to change time settings on an inode fat checks that the caller either is
the owner of the inode or the inode's group is in the caller's group list. If
fat is on an idmapped mount we compare whether the inode mapped into the mount
is equivalent to the caller's fsuid. If it isn't we compare whether the inode's
group mapped into the mount is in the caller's group list. We now use the new
vfsuid based helpers for that.

(Note that I didn't see the fuse conversion patch being picked up in -next.
 This is probably just an oversight. It is a very simple patch so if it doesn't
 show up by the end of the merge window feel free to just pick it up directly
 https://lore.kernel.org/all/20220909094021.940110-1-brauner@kernel.org or let
 use know and we can send it. We can probably also just send it during -rc2.)

/* Testing */
clang: Ubuntu clang version 14.0.0-1ubuntu1
gcc:   gcc (Ubuntu 11.2.0-19ubuntu1) 11.2.0

All patches are based on v6.0-rc3 and have been sitting in linux-next. No build
failures or warnings were observed. All old and new tests in fstests,
selftests, and LTP pass without regressions. (Note, the fat patch got dropped
from -next on accident as I realized while writing the commit message.)

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit b90cb1053190353cc30f0fef0ef1f378ccc063c5:

  Linux 6.0-rc3 (2022-08-28 15:05:29 -0700)

are available in the Git repository at:

  ssh://git@gitolite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.fat.v6.1

for you to fetch changes up to 41d27f518b955ef4b75b02cc67392aef0809a78d:

  fat: port to vfs{g,u}id_t and associated helpers (2022-09-20 11:09:31 +0200)

Please consider pulling these changes from the signed fs.vfsuid.fat.v6.1 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.vfsuid.fat.v6.1

----------------------------------------------------------------
Christian Brauner (1):
      fat: port to vfs{g,u}id_t and associated helpers

 fs/fat/file.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Re: [GIT PULL] acl updates for v6.1

[pr-tracker-bot]

The pull request you sent on Mon,  3 Oct 2022 13:19:42 +0200:

> ssh://git@gitolite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.acl.rework.prep.v6.1

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/223b8452530da8816de09ec76a2182d1ad8f4fe2

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

Re: [GIT PULL] vfsuid updates for v6.1

[pr-tracker-bot]

The pull request you sent on Mon,  3 Oct 2022 13:19:43 +0200:

> ssh://git@gitolite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.fat.v6.1

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/8bea8ff34a8a5a46c9550aad6f6381b9fce0f958

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html