• Christian Brauner's avatar
    attr: port attribute changes to new types · b27c82e1
    Christian Brauner authored
    Now that we introduced new infrastructure to increase the type safety
    for filesystems supporting idmapped mounts port the first part of the
    vfs over to them.
    
    This ports the attribute changes codepaths to rely on the new better
    helpers using a dedicated type.
    
    Before this change we used to take a shortcut and place the actual
    values that would be written to inode->i_{g,u}id into struct iattr. This
    had the advantage that we moved idmappings mostly out of the picture
    early on but it made reasoning about changes more difficult than it
    should be.
    
    The filesystem was never explicitly told that it dealt with an idmapped
    mount. The transition to the value that needed to be stored in
    inode->i_{g,u}id appeared way too early and increased the probability of
    bugs in various codepaths.
    
    We know place the same value in struct iattr no matter if this is an
    idmapped mount or not. The vfs will only deal with type safe
    vfs{g,u}id_t. This makes it massively safer to perform permission checks
    as the type will tell us what checks we need to perform and what helpers
    we need to use.
    
    Fileystems raising FS_ALLOW_IDMAP can't simply write ia_vfs{g,u}id to
    inode->i_{g,u}id since they are different types. Instead they need to
    use the dedicated vfs{g,u}id_to_k{g,u}id() helpers that map the
    vfs{g,u}id into the filesystem.
    
    The other nice effect is that filesystems like overlayfs don't need to
    care about idmappings explicitly anymore and can simply set up struct
    iattr accordingly directly.
    
    Link: https://lore.kernel.org/lkml/CAHk-=win6+ahs1EwLkcq8apqLi_1wXFWbrPf340zYEhObpz4jA@mail.gmail.com [1]
    Link: https://lore.kernel.org/r/20220621141454.2914719-9-brauner@kernel.org
    Cc: Seth Forshee <sforshee@digitalocean.com>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Aleksa Sarai <cyphar@cyphar.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    CC: linux-fsdevel@vger.kernel.org
    Reviewed-by: default avatarSeth Forshee <sforshee@digitalocean.com>
    Signed-off-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
    b27c82e1
super.c 50.3 KB