tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
fs: port ->set_acl() to pass mnt_idmap
Convert to struct mnt_idmap.
Last cycle we merged the necessary infrastructure in
256c8aed2b42 ("fs: introduce dedicated idmap type for mounts").
This is just the conversion to struct mnt_idmap.
Currently we still pass around the plain namespace that was attached to a
mount. This is in general pretty convenient but it makes it easy to
conflate namespaces that are relevant on the filesystem with namespaces
that are relevent on the mount level. Especially for non-vfs developers
without detailed knowledge in this area this can be a potential source for
bugs.
Once the conversion to struct mnt_idmap is done all helpers down to the
really low-level helpers will take a struct mnt_idmap argument instead of
two namespace arguments. This way it becomes impossible to conflate the two
eliminating the possibility of any bugs. All of the vfs and all filesystems
only operate on struct mnt_idmap.
Acked-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
+122
-111
+1
-1
Documentation/filesystems/vfs.rst
+1
-1
Documentation/filesystems/vfs.rst
···
444
444
unsigned open_flag, umode_t create_mode);
445
445
int (*tmpfile) (struct mnt_idmap *, struct inode *, struct file *, umode_t);
446
446
struct posix_acl * (*get_acl)(struct mnt_idmap *, struct dentry *, int);
447
-
int (*set_acl)(struct user_namespace *, struct dentry *, struct posix_acl *, int);
447
+
int (*set_acl)(struct mnt_idmap *, struct dentry *, struct posix_acl *, int);
448
448
int (*fileattr_set)(struct user_namespace *mnt_userns,
449
449
struct dentry *dentry, struct fileattr *fa);
450
450
int (*fileattr_get)(struct dentry *dentry, struct fileattr *fa);
+1
-1
fs/9p/acl.c
+1
-1
fs/9p/acl.c
···
151
151
return v9fs_get_cached_acl(d_inode(dentry), type);
152
152
}
153
153
154
-
int v9fs_iop_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
154
+
int v9fs_iop_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
155
155
struct posix_acl *acl, int type)
156
156
{
157
157
int retval;
+1
-1
fs/9p/acl.h
+1
-1
fs/9p/acl.h
···
12
12
bool rcu);
13
13
struct posix_acl *v9fs_iop_get_acl(struct mnt_idmap *idmap,
14
14
struct dentry *dentry, int type);
15
-
int v9fs_iop_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
15
+
int v9fs_iop_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
16
16
struct posix_acl *acl, int type);
17
17
int v9fs_acl_chmod(struct inode *inode, struct p9_fid *fid);
18
18
int v9fs_set_create_acl(struct inode *inode, struct p9_fid *fid,
+1
-1
fs/bad_inode.c
+1
-1
fs/bad_inode.c
+2
-1
fs/btrfs/acl.c
+2
-1
fs/btrfs/acl.c
···
110
110
return ret;
111
111
}
112
112
113
-
int btrfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
113
+
int btrfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
114
114
struct posix_acl *acl, int type)
115
115
{
116
116
int ret;
117
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
117
118
struct inode *inode = d_inode(dentry);
118
119
umode_t old_mode = inode->i_mode;
119
120
+1
-1
fs/btrfs/acl.h
+1
-1
fs/btrfs/acl.h
···
6
6
#ifdef CONFIG_BTRFS_FS_POSIX_ACL
7
7
8
8
struct posix_acl *btrfs_get_acl(struct inode *inode, int type, bool rcu);
9
-
int btrfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
9
+
int btrfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
10
10
struct posix_acl *acl, int type);
11
11
int __btrfs_set_acl(struct btrfs_trans_handle *trans, struct inode *inode,
12
12
struct posix_acl *acl, int type);
+1
-2
fs/btrfs/inode.c
+1
-2
fs/btrfs/inode.c
···
5307
5307
err = btrfs_dirty_inode(BTRFS_I(inode));
5308
5308
5309
5309
if (!err && attr->ia_valid & ATTR_MODE)
5310
-
err = posix_acl_chmod(mnt_idmap_owner(idmap), dentry,
5311
-
inode->i_mode);
5310
+
err = posix_acl_chmod(idmap, dentry, inode->i_mode);
5312
5311
}
5313
5312
5314
5313
return err;
+1
-1
fs/ceph/acl.c
+1
-1
fs/ceph/acl.c
+1
-1
fs/ceph/inode.c
+1
-1
fs/ceph/inode.c
+1
-1
fs/ceph/super.h
+1
-1
fs/ceph/super.h
···
1118
1118
#ifdef CONFIG_CEPH_FS_POSIX_ACL
1119
1119
1120
1120
struct posix_acl *ceph_get_acl(struct inode *, int, bool);
1121
-
int ceph_set_acl(struct user_namespace *mnt_userns,
1121
+
int ceph_set_acl(struct mnt_idmap *idmap,
1122
1122
struct dentry *dentry, struct posix_acl *acl, int type);
1123
1123
int ceph_pre_init_acls(struct inode *dir, umode_t *mode,
1124
1124
struct ceph_acl_sec_ctx *as_ctx);
+1
-1
fs/cifs/cifsacl.c
+1
-1
fs/cifs/cifsacl.c
···
1738
1738
#endif
1739
1739
}
1740
1740
1741
-
int cifs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
1741
+
int cifs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
1742
1742
struct posix_acl *acl, int type)
1743
1743
{
1744
1744
#if defined(CONFIG_CIFS_ALLOW_INSECURE_LEGACY) && defined(CONFIG_CIFS_POSIX)
+1
-1
fs/cifs/cifsproto.h
+1
-1
fs/cifs/cifsproto.h
···
227
227
const struct cifs_fid *, u32 *, u32);
228
228
extern struct posix_acl *cifs_get_acl(struct mnt_idmap *idmap,
229
229
struct dentry *dentry, int type);
230
-
extern int cifs_set_acl(struct user_namespace *mnt_userns,
230
+
extern int cifs_set_acl(struct mnt_idmap *idmap,
231
231
struct dentry *dentry, struct posix_acl *acl, int type);
232
232
extern int set_cifs_acl(struct cifs_ntsd *, __u32, struct inode *,
233
233
const char *, int);
+2
-2
fs/ecryptfs/inode.c
+2
-2
fs/ecryptfs/inode.c
···
1129
1129
posix_acl_xattr_name(type));
1130
1130
}
1131
1131
1132
-
static int ecryptfs_set_acl(struct user_namespace *mnt_userns,
1132
+
static int ecryptfs_set_acl(struct mnt_idmap *idmap,
1133
1133
struct dentry *dentry, struct posix_acl *acl,
1134
1134
int type)
1135
1135
{
···
1137
1137
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
1138
1138
struct inode *lower_inode = d_inode(lower_dentry);
1139
1139
1140
-
rc = vfs_set_acl(&init_user_ns, lower_dentry,
1140
+
rc = vfs_set_acl(&nop_mnt_idmap, lower_dentry,
1141
1141
posix_acl_xattr_name(type), acl);
1142
1142
if (!rc)
1143
1143
fsstack_copy_attr_all(d_inode(dentry), lower_inode);
+1
-1
fs/ext2/acl.c
+1
-1
fs/ext2/acl.c
+1
-1
fs/ext2/acl.h
+1
-1
fs/ext2/acl.h
···
56
56
57
57
/* acl.c */
58
58
extern struct posix_acl *ext2_get_acl(struct inode *inode, int type, bool rcu);
59
-
extern int ext2_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
59
+
extern int ext2_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
60
60
struct posix_acl *acl, int type);
61
61
extern int ext2_init_acl (struct inode *, struct inode *);
62
62
+1
-1
fs/ext2/inode.c
+1
-1
fs/ext2/inode.c
···
1647
1647
}
1648
1648
setattr_copy(&nop_mnt_idmap, inode, iattr);
1649
1649
if (iattr->ia_valid & ATTR_MODE)
1650
-
error = posix_acl_chmod(&init_user_ns, dentry, inode->i_mode);
1650
+
error = posix_acl_chmod(&nop_mnt_idmap, dentry, inode->i_mode);
1651
1651
mark_inode_dirty(inode);
1652
1652
1653
1653
return error;
+2
-1
fs/ext4/acl.c
+2
-1
fs/ext4/acl.c
···
225
225
}
226
226
227
227
int
228
-
ext4_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
228
+
ext4_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
229
229
struct posix_acl *acl, int type)
230
230
{
231
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
231
232
handle_t *handle;
232
233
int error, credits, retries = 0;
233
234
size_t acl_size = acl ? ext4_acl_size(acl->a_count) : 0;
+1
-1
fs/ext4/acl.h
+1
-1
fs/ext4/acl.h
···
56
56
57
57
/* acl.c */
58
58
struct posix_acl *ext4_get_acl(struct inode *inode, int type, bool rcu);
59
-
int ext4_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
59
+
int ext4_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
60
60
struct posix_acl *acl, int type);
61
61
extern int ext4_init_acl(handle_t *, struct inode *, struct inode *);
62
62
+1
-1
fs/ext4/inode.c
+1
-1
fs/ext4/inode.c
+2
-1
fs/f2fs/acl.c
+2
-1
fs/f2fs/acl.c
···
276
276
return error;
277
277
}
278
278
279
-
int f2fs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
279
+
int f2fs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
280
280
struct posix_acl *acl, int type)
281
281
{
282
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
282
283
struct inode *inode = d_inode(dentry);
283
284
284
285
if (unlikely(f2fs_cp_error(F2FS_I_SB(inode))))
+1
-1
fs/f2fs/acl.h
+1
-1
fs/f2fs/acl.h
···
34
34
#ifdef CONFIG_F2FS_FS_POSIX_ACL
35
35
36
36
extern struct posix_acl *f2fs_get_acl(struct inode *, int, bool);
37
-
extern int f2fs_set_acl(struct user_namespace *, struct dentry *,
37
+
extern int f2fs_set_acl(struct mnt_idmap *, struct dentry *,
38
38
struct posix_acl *, int);
39
39
extern int f2fs_init_acl(struct inode *, struct inode *, struct page *,
40
40
struct page *);
+1
-1
fs/f2fs/file.c
+1
-1
fs/f2fs/file.c
···
1028
1028
__setattr_copy(idmap, inode, attr);
1029
1029
1030
1030
if (attr->ia_valid & ATTR_MODE) {
1031
-
err = posix_acl_chmod(mnt_userns, dentry, f2fs_get_inode_mode(inode));
1031
+
err = posix_acl_chmod(idmap, dentry, f2fs_get_inode_mode(inode));
1032
1032
1033
1033
if (is_inode_flag_set(inode, FI_ACL_MODE)) {
1034
1034
if (!err)
+1
-1
fs/fuse/acl.c
+1
-1
fs/fuse/acl.c
+1
-1
fs/fuse/fuse_i.h
+1
-1
fs/fuse/fuse_i.h
···
1269
1269
1270
1270
struct posix_acl;
1271
1271
struct posix_acl *fuse_get_acl(struct inode *inode, int type, bool rcu);
1272
-
int fuse_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
1272
+
int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
1273
1273
struct posix_acl *acl, int type);
1274
1274
1275
1275
/* readdir.c */
+1
-1
fs/gfs2/acl.c
+1
-1
fs/gfs2/acl.c
+1
-1
fs/gfs2/acl.h
+1
-1
fs/gfs2/acl.h
···
13
13
14
14
extern struct posix_acl *gfs2_get_acl(struct inode *inode, int type, bool rcu);
15
15
extern int __gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type);
16
-
extern int gfs2_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
16
+
extern int gfs2_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
17
17
struct posix_acl *acl, int type);
18
18
19
19
#endif /* __ACL_DOT_H__ */
+1
-1
fs/gfs2/inode.c
+1
-1
fs/gfs2/inode.c
+1
-1
fs/jffs2/acl.c
+1
-1
fs/jffs2/acl.c
+1
-1
fs/jffs2/acl.h
+1
-1
fs/jffs2/acl.h
···
28
28
#ifdef CONFIG_JFFS2_FS_POSIX_ACL
29
29
30
30
struct posix_acl *jffs2_get_acl(struct inode *inode, int type, bool rcu);
31
-
int jffs2_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
31
+
int jffs2_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
32
32
struct posix_acl *acl, int type);
33
33
extern int jffs2_init_acl_pre(struct inode *, struct inode *, umode_t *);
34
34
extern int jffs2_init_acl_post(struct inode *);
+1
-1
fs/jffs2/fs.c
+1
-1
fs/jffs2/fs.c
+1
-1
fs/jfs/acl.c
+1
-1
fs/jfs/acl.c
+1
-1
fs/jfs/file.c
+1
-1
fs/jfs/file.c
+1
-1
fs/jfs/jfs_acl.h
+1
-1
fs/jfs/jfs_acl.h
···
8
8
#ifdef CONFIG_JFS_POSIX_ACL
9
9
10
10
struct posix_acl *jfs_get_acl(struct inode *inode, int type, bool rcu);
11
-
int jfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
11
+
int jfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
12
12
struct posix_acl *acl, int type);
13
13
int jfs_init_acl(tid_t, struct inode *, struct inode *);
14
14
+7
-4
fs/ksmbd/smb2pdu.c
+7
-4
fs/ksmbd/smb2pdu.c
···
2512
2512
struct ksmbd_share_config *share = tcon->share_conf;
2513
2513
struct ksmbd_file *fp = NULL;
2514
2514
struct file *filp = NULL;
2515
+
struct mnt_idmap *idmap = NULL;
2515
2516
struct user_namespace *user_ns = NULL;
2516
2517
struct kstat stat;
2517
2518
struct create_context *context;
···
2766
2765
rc = 0;
2767
2766
} else {
2768
2767
file_present = true;
2769
-
user_ns = mnt_user_ns(path.mnt);
2768
+
idmap = mnt_idmap(path.mnt);
2769
+
user_ns = mnt_idmap_owner(idmap);
2770
2770
}
2771
2771
if (stream_name) {
2772
2772
if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) {
···
2866
2864
}
2867
2865
2868
2866
created = true;
2869
-
user_ns = mnt_user_ns(path.mnt);
2867
+
idmap = mnt_idmap(path.mnt);
2868
+
user_ns = mnt_idmap_owner(idmap);
2870
2869
if (ea_buf) {
2871
2870
if (le32_to_cpu(ea_buf->ccontext.DataLength) <
2872
2871
sizeof(struct smb2_ea_info)) {
···
2960
2957
int posix_acl_rc;
2961
2958
struct inode *inode = d_inode(path.dentry);
2962
2959
2963
-
posix_acl_rc = ksmbd_vfs_inherit_posix_acl(user_ns,
2960
+
posix_acl_rc = ksmbd_vfs_inherit_posix_acl(idmap,
2964
2961
path.dentry,
2965
2962
d_inode(path.dentry->d_parent));
2966
2963
if (posix_acl_rc)
···
2976
2973
rc = smb2_create_sd_buffer(work, req, &path);
2977
2974
if (rc) {
2978
2975
if (posix_acl_rc)
2979
-
ksmbd_vfs_set_init_posix_acl(user_ns,
2976
+
ksmbd_vfs_set_init_posix_acl(idmap,
2980
2977
path.dentry);
2981
2978
2982
2979
if (test_share_config_flag(work->tcon->share_conf,
+3
-3
fs/ksmbd/smbacl.c
+3
-3
fs/ksmbd/smbacl.c
···
1384
1384
newattrs.ia_valid |= ATTR_MODE;
1385
1385
newattrs.ia_mode = (inode->i_mode & ~0777) | (fattr.cf_mode & 0777);
1386
1386
1387
-
ksmbd_vfs_remove_acl_xattrs(user_ns, path->dentry);
1387
+
ksmbd_vfs_remove_acl_xattrs(idmap, path->dentry);
1388
1388
/* Update posix acls */
1389
1389
if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && fattr.cf_dacls) {
1390
-
rc = set_posix_acl(user_ns, path->dentry,
1390
+
rc = set_posix_acl(idmap, path->dentry,
1391
1391
ACL_TYPE_ACCESS, fattr.cf_acls);
1392
1392
if (rc < 0)
1393
1393
ksmbd_debug(SMB,
1394
1394
"Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n",
1395
1395
rc);
1396
1396
if (S_ISDIR(inode->i_mode) && fattr.cf_dacls) {
1397
-
rc = set_posix_acl(user_ns, path->dentry,
1397
+
rc = set_posix_acl(idmap, path->dentry,
1398
1398
ACL_TYPE_DEFAULT, fattr.cf_dacls);
1399
1399
if (rc)
1400
1400
ksmbd_debug(SMB,
+8
-8
fs/ksmbd/vfs.c
+8
-8
fs/ksmbd/vfs.c
···
1305
1305
return dent;
1306
1306
}
1307
1307
1308
-
int ksmbd_vfs_remove_acl_xattrs(struct user_namespace *user_ns,
1308
+
int ksmbd_vfs_remove_acl_xattrs(struct mnt_idmap *idmap,
1309
1309
struct dentry *dentry)
1310
1310
{
1311
1311
char *name, *xattr_list = NULL;
···
1328
1328
sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1) ||
1329
1329
!strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
1330
1330
sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1)) {
1331
-
err = vfs_remove_acl(user_ns, dentry, name);
1331
+
err = vfs_remove_acl(idmap, dentry, name);
1332
1332
if (err)
1333
1333
ksmbd_debug(SMB,
1334
1334
"remove acl xattr failed : %s\n", name);
···
1830
1830
locks_delete_block(flock);
1831
1831
}
1832
1832
1833
-
int ksmbd_vfs_set_init_posix_acl(struct user_namespace *user_ns,
1833
+
int ksmbd_vfs_set_init_posix_acl(struct mnt_idmap *idmap,
1834
1834
struct dentry *dentry)
1835
1835
{
1836
1836
struct posix_acl_state acl_state;
···
1864
1864
return -ENOMEM;
1865
1865
}
1866
1866
posix_state_to_acl(&acl_state, acls->a_entries);
1867
-
rc = set_posix_acl(user_ns, dentry, ACL_TYPE_ACCESS, acls);
1867
+
rc = set_posix_acl(idmap, dentry, ACL_TYPE_ACCESS, acls);
1868
1868
if (rc < 0)
1869
1869
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n",
1870
1870
rc);
1871
1871
else if (S_ISDIR(inode->i_mode)) {
1872
1872
posix_state_to_acl(&acl_state, acls->a_entries);
1873
-
rc = set_posix_acl(user_ns, dentry, ACL_TYPE_DEFAULT, acls);
1873
+
rc = set_posix_acl(idmap, dentry, ACL_TYPE_DEFAULT, acls);
1874
1874
if (rc < 0)
1875
1875
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n",
1876
1876
rc);
···
1880
1880
return rc;
1881
1881
}
1882
1882
1883
-
int ksmbd_vfs_inherit_posix_acl(struct user_namespace *user_ns,
1883
+
int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap,
1884
1884
struct dentry *dentry, struct inode *parent_inode)
1885
1885
{
1886
1886
struct posix_acl *acls;
···
1903
1903
}
1904
1904
}
1905
1905
1906
-
rc = set_posix_acl(user_ns, dentry, ACL_TYPE_ACCESS, acls);
1906
+
rc = set_posix_acl(idmap, dentry, ACL_TYPE_ACCESS, acls);
1907
1907
if (rc < 0)
1908
1908
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_ACCESS) failed, rc : %d\n",
1909
1909
rc);
1910
1910
if (S_ISDIR(inode->i_mode)) {
1911
-
rc = set_posix_acl(user_ns, dentry, ACL_TYPE_DEFAULT,
1911
+
rc = set_posix_acl(idmap, dentry, ACL_TYPE_DEFAULT,
1912
1912
acls);
1913
1913
if (rc < 0)
1914
1914
ksmbd_debug(SMB, "Set posix acl(ACL_TYPE_DEFAULT) failed, rc : %d\n",
+3
-3
fs/ksmbd/vfs.h
+3
-3
fs/ksmbd/vfs.h
···
141
141
void ksmbd_vfs_posix_lock_wait(struct file_lock *flock);
142
142
int ksmbd_vfs_posix_lock_wait_timeout(struct file_lock *flock, long timeout);
143
143
void ksmbd_vfs_posix_lock_unblock(struct file_lock *flock);
144
-
int ksmbd_vfs_remove_acl_xattrs(struct user_namespace *user_ns,
144
+
int ksmbd_vfs_remove_acl_xattrs(struct mnt_idmap *idmap,
145
145
struct dentry *dentry);
146
146
int ksmbd_vfs_remove_sd_xattrs(struct user_namespace *user_ns,
147
147
struct dentry *dentry);
···
159
159
int ksmbd_vfs_get_dos_attrib_xattr(struct user_namespace *user_ns,
160
160
struct dentry *dentry,
161
161
struct xattr_dos_attrib *da);
162
-
int ksmbd_vfs_set_init_posix_acl(struct user_namespace *user_ns,
162
+
int ksmbd_vfs_set_init_posix_acl(struct mnt_idmap *idmap,
163
163
struct dentry *dentry);
164
-
int ksmbd_vfs_inherit_posix_acl(struct user_namespace *user_ns,
164
+
int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap,
165
165
struct dentry *dentry,
166
166
struct inode *parent_inode);
167
167
#endif /* __KSMBD_VFS_H__ */
+1
-1
fs/nfs/nfs3_fs.h
+1
-1
fs/nfs/nfs3_fs.h
···
12
12
*/
13
13
#ifdef CONFIG_NFS_V3_ACL
14
14
extern struct posix_acl *nfs3_get_acl(struct inode *inode, int type, bool rcu);
15
-
extern int nfs3_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
15
+
extern int nfs3_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
16
16
struct posix_acl *acl, int type);
17
17
extern int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl,
18
18
struct posix_acl *dfacl);
+1
-1
fs/nfs/nfs3acl.c
+1
-1
fs/nfs/nfs3acl.c
+2
-2
fs/nfsd/nfs2acl.c
+2
-2
fs/nfsd/nfs2acl.c
···
113
113
114
114
inode_lock(inode);
115
115
116
-
error = set_posix_acl(&init_user_ns, fh->fh_dentry, ACL_TYPE_ACCESS,
116
+
error = set_posix_acl(&nop_mnt_idmap, fh->fh_dentry, ACL_TYPE_ACCESS,
117
117
argp->acl_access);
118
118
if (error)
119
119
goto out_drop_lock;
120
-
error = set_posix_acl(&init_user_ns, fh->fh_dentry, ACL_TYPE_DEFAULT,
120
+
error = set_posix_acl(&nop_mnt_idmap, fh->fh_dentry, ACL_TYPE_DEFAULT,
121
121
argp->acl_default);
122
122
if (error)
123
123
goto out_drop_lock;
+2
-2
fs/nfsd/nfs3acl.c
+2
-2
fs/nfsd/nfs3acl.c
···
103
103
104
104
inode_lock(inode);
105
105
106
-
error = set_posix_acl(&init_user_ns, fh->fh_dentry, ACL_TYPE_ACCESS,
106
+
error = set_posix_acl(&nop_mnt_idmap, fh->fh_dentry, ACL_TYPE_ACCESS,
107
107
argp->acl_access);
108
108
if (error)
109
109
goto out_drop_lock;
110
-
error = set_posix_acl(&init_user_ns, fh->fh_dentry, ACL_TYPE_DEFAULT,
110
+
error = set_posix_acl(&nop_mnt_idmap, fh->fh_dentry, ACL_TYPE_DEFAULT,
111
111
argp->acl_default);
112
112
113
113
out_drop_lock:
+2
-2
fs/nfsd/vfs.c
+2
-2
fs/nfsd/vfs.c
···
542
542
attr->na_labelerr = security_inode_setsecctx(dentry,
543
543
attr->na_seclabel->data, attr->na_seclabel->len);
544
544
if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && attr->na_pacl)
545
-
attr->na_aclerr = set_posix_acl(&init_user_ns,
545
+
attr->na_aclerr = set_posix_acl(&nop_mnt_idmap,
546
546
dentry, ACL_TYPE_ACCESS,
547
547
attr->na_pacl);
548
548
if (IS_ENABLED(CONFIG_FS_POSIX_ACL) &&
549
549
!attr->na_aclerr && attr->na_dpacl && S_ISDIR(inode->i_mode))
550
-
attr->na_aclerr = set_posix_acl(&init_user_ns,
550
+
attr->na_aclerr = set_posix_acl(&nop_mnt_idmap,
551
551
dentry, ACL_TYPE_DEFAULT,
552
552
attr->na_dpacl);
553
553
inode_unlock(inode);
+1
-1
fs/ntfs3/file.c
+1
-1
fs/ntfs3/file.c
+2
-2
fs/ntfs3/ntfs_fs.h
+2
-2
fs/ntfs3/ntfs_fs.h
···
859
859
/* globals from xattr.c */
860
860
#ifdef CONFIG_NTFS3_FS_POSIX_ACL
861
861
struct posix_acl *ntfs_get_acl(struct inode *inode, int type, bool rcu);
862
-
int ntfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
862
+
int ntfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
863
863
struct posix_acl *acl, int type);
864
864
int ntfs_init_acl(struct user_namespace *mnt_userns, struct inode *inode,
865
865
struct inode *dir);
···
868
868
#define ntfs_set_acl NULL
869
869
#endif
870
870
871
-
int ntfs_acl_chmod(struct user_namespace *mnt_userns, struct dentry *dentry);
871
+
int ntfs_acl_chmod(struct mnt_idmap *idmap, struct dentry *dentry);
872
872
int ntfs_permission(struct user_namespace *mnt_userns, struct inode *inode,
873
873
int mask);
874
874
ssize_t ntfs_listxattr(struct dentry *dentry, char *buffer, size_t size);
+5
-3
fs/ntfs3/xattr.c
+5
-3
fs/ntfs3/xattr.c
···
652
652
/*
653
653
* ntfs_set_acl - inode_operations::set_acl
654
654
*/
655
-
int ntfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
655
+
int ntfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
656
656
struct posix_acl *acl, int type)
657
657
{
658
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
659
+
658
660
return ntfs_set_acl_ex(mnt_userns, d_inode(dentry), acl, type, false);
659
661
}
660
662
···
699
697
/*
700
698
* ntfs_acl_chmod - Helper for ntfs3_setattr().
701
699
*/
702
-
int ntfs_acl_chmod(struct user_namespace *mnt_userns, struct dentry *dentry)
700
+
int ntfs_acl_chmod(struct mnt_idmap *idmap, struct dentry *dentry)
703
701
{
704
702
struct inode *inode = d_inode(dentry);
705
703
struct super_block *sb = inode->i_sb;
···
710
708
if (S_ISLNK(inode->i_mode))
711
709
return -EOPNOTSUPP;
712
710
713
-
return posix_acl_chmod(mnt_userns, dentry, inode->i_mode);
711
+
return posix_acl_chmod(idmap, dentry, inode->i_mode);
714
712
}
715
713
716
714
/*
+1
-1
fs/ocfs2/acl.c
+1
-1
fs/ocfs2/acl.c
+1
-1
fs/ocfs2/acl.h
+1
-1
fs/ocfs2/acl.h
···
17
17
};
18
18
19
19
struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type, bool rcu);
20
-
int ocfs2_iop_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
20
+
int ocfs2_iop_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
21
21
struct posix_acl *acl, int type);
22
22
extern int ocfs2_acl_chmod(struct inode *, struct buffer_head *);
23
23
extern int ocfs2_init_acl(handle_t *, struct inode *, struct inode *,
+1
-1
fs/orangefs/acl.c
+1
-1
fs/orangefs/acl.c
+1
-1
fs/orangefs/inode.c
+1
-1
fs/orangefs/inode.c
···
839
839
ret = __orangefs_setattr(inode, iattr);
840
840
/* change mode on a file that has ACLs */
841
841
if (!ret && (iattr->ia_valid & ATTR_MODE))
842
-
ret = posix_acl_chmod(&init_user_ns, dentry, inode->i_mode);
842
+
ret = posix_acl_chmod(&nop_mnt_idmap, dentry, inode->i_mode);
843
843
return ret;
844
844
}
845
845
+1
-1
fs/orangefs/orangefs-kernel.h
+1
-1
fs/orangefs/orangefs-kernel.h
···
106
106
extern const struct xattr_handler *orangefs_xattr_handlers[];
107
107
108
108
extern struct posix_acl *orangefs_get_acl(struct inode *inode, int type, bool rcu);
109
-
extern int orangefs_set_acl(struct user_namespace *mnt_userns,
109
+
extern int orangefs_set_acl(struct mnt_idmap *idmap,
110
110
struct dentry *dentry, struct posix_acl *acl,
111
111
int type);
112
112
int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
+1
-1
fs/overlayfs/inode.c
+1
-1
fs/overlayfs/inode.c
+3
-3
fs/overlayfs/overlayfs.h
+3
-3
fs/overlayfs/overlayfs.h
···
284
284
static inline int ovl_do_set_acl(struct ovl_fs *ofs, struct dentry *dentry,
285
285
const char *acl_name, struct posix_acl *acl)
286
286
{
287
-
return vfs_set_acl(ovl_upper_mnt_userns(ofs), dentry, acl_name, acl);
287
+
return vfs_set_acl(ovl_upper_mnt_idmap(ofs), dentry, acl_name, acl);
288
288
}
289
289
290
290
static inline int ovl_do_remove_acl(struct ovl_fs *ofs, struct dentry *dentry,
291
291
const char *acl_name)
292
292
{
293
-
return vfs_remove_acl(ovl_upper_mnt_userns(ofs), dentry, acl_name);
293
+
return vfs_remove_acl(ovl_upper_mnt_idmap(ofs), dentry, acl_name);
294
294
}
295
295
296
296
static inline int ovl_do_rename(struct ovl_fs *ofs, struct inode *olddir,
···
623
623
{
624
624
return do_ovl_get_acl(idmap, d_inode(dentry), type, false, false);
625
625
}
626
-
int ovl_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
626
+
int ovl_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
627
627
struct posix_acl *acl, int type);
628
628
struct posix_acl *ovl_get_acl_path(const struct path *path,
629
629
const char *acl_name, bool noperm);
+21
-18
fs/posix_acl.c
+21
-18
fs/posix_acl.c
···
591
591
/**
592
592
* posix_acl_chmod - chmod a posix acl
593
593
*
594
-
* @mnt_userns: user namespace of the mount @inode was found from
594
+
* @idmap: idmap of the mount @inode was found from
595
595
* @dentry: dentry to check permissions on
596
596
* @mode: the new mode of @inode
597
597
*
598
-
* If the dentry has been found through an idmapped mount the user namespace of
599
-
* the vfsmount must be passed through @mnt_userns. This function will then
600
-
* take care to map the inode according to @mnt_userns before checking
598
+
* If the dentry has been found through an idmapped mount the idmap of
599
+
* the vfsmount must be passed through @idmap. This function will then
600
+
* take care to map the inode according to @idmap before checking
601
601
* permissions. On non-idmapped mounts or if permission checking is to be
602
-
* performed on the raw inode simply passs init_user_ns.
602
+
* performed on the raw inode simply passs @nop_mnt_idmap.
603
603
*/
604
604
int
605
-
posix_acl_chmod(struct user_namespace *mnt_userns, struct dentry *dentry,
605
+
posix_acl_chmod(struct mnt_idmap *idmap, struct dentry *dentry,
606
606
umode_t mode)
607
607
{
608
608
struct inode *inode = d_inode(dentry);
···
624
624
ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode);
625
625
if (ret)
626
626
return ret;
627
-
ret = inode->i_op->set_acl(mnt_userns, dentry, acl, ACL_TYPE_ACCESS);
627
+
ret = inode->i_op->set_acl(idmap, dentry, acl, ACL_TYPE_ACCESS);
628
628
posix_acl_release(acl);
629
629
return ret;
630
630
}
···
934
934
}
935
935
936
936
int
937
-
set_posix_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
937
+
set_posix_acl(struct mnt_idmap *idmap, struct dentry *dentry,
938
938
int type, struct posix_acl *acl)
939
939
{
940
940
struct inode *inode = d_inode(dentry);
···
946
946
947
947
if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
948
948
return acl ? -EACCES : 0;
949
-
if (!inode_owner_or_capable(mnt_userns, inode))
949
+
if (!inode_owner_or_capable(mnt_idmap_owner(idmap), inode))
950
950
return -EPERM;
951
951
952
952
if (acl) {
···
954
954
if (ret)
955
955
return ret;
956
956
}
957
-
return inode->i_op->set_acl(mnt_userns, dentry, acl, type);
957
+
return inode->i_op->set_acl(idmap, dentry, acl, type);
958
958
}
959
959
EXPORT_SYMBOL(set_posix_acl);
960
960
···
978
978
};
979
979
EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler);
980
980
981
-
int simple_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
981
+
int simple_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
982
982
struct posix_acl *acl, int type)
983
983
{
984
984
int error;
985
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
985
986
struct inode *inode = d_inode(dentry);
986
987
987
988
if (type == ACL_TYPE_ACCESS) {
···
1042
1041
1043
1042
/**
1044
1043
* vfs_set_acl - set posix acls
1045
-
* @mnt_userns: user namespace of the mount
1044
+
* @idmap: idmap of the mount
1046
1045
* @dentry: the dentry based on which to set the posix acls
1047
1046
* @acl_name: the name of the posix acl
1048
1047
* @kacl: the posix acls in the appropriate VFS format
···
1052
1051
*
1053
1052
* Return: On success 0, on error negative errno.
1054
1053
*/
1055
-
int vfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
1054
+
int vfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
1056
1055
const char *acl_name, struct posix_acl *kacl)
1057
1056
{
1058
1057
int acl_type;
1059
1058
int error;
1059
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
1060
1060
struct inode *inode = d_inode(dentry);
1061
1061
struct inode *delegated_inode = NULL;
1062
1062
···
1098
1096
goto out_inode_unlock;
1099
1097
1100
1098
if (inode->i_opflags & IOP_XATTR)
1101
-
error = set_posix_acl(mnt_userns, dentry, acl_type, kacl);
1099
+
error = set_posix_acl(idmap, dentry, acl_type, kacl);
1102
1100
else if (unlikely(is_bad_inode(inode)))
1103
1101
error = -EIO;
1104
1102
else
···
1169
1167
1170
1168
/**
1171
1169
* vfs_remove_acl - remove posix acls
1172
-
* @mnt_userns: user namespace of the mount
1170
+
* @idmap: idmap of the mount
1173
1171
* @dentry: the dentry based on which to retrieve the posix acls
1174
1172
* @acl_name: the name of the posix acl
1175
1173
*
···
1177
1175
*
1178
1176
* Return: On success 0, on error negative errno.
1179
1177
*/
1180
-
int vfs_remove_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
1178
+
int vfs_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry,
1181
1179
const char *acl_name)
1182
1180
{
1183
1181
int acl_type;
1184
1182
int error;
1183
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
1185
1184
struct inode *inode = d_inode(dentry);
1186
1185
struct inode *delegated_inode = NULL;
1187
1186
···
1210
1207
goto out_inode_unlock;
1211
1208
1212
1209
if (inode->i_opflags & IOP_XATTR)
1213
-
error = set_posix_acl(mnt_userns, dentry, acl_type, NULL);
1210
+
error = set_posix_acl(idmap, dentry, acl_type, NULL);
1214
1211
else if (unlikely(is_bad_inode(inode)))
1215
1212
error = -EIO;
1216
1213
else
···
1249
1246
return PTR_ERR(acl);
1250
1247
}
1251
1248
1252
-
error = vfs_set_acl(mnt_idmap_owner(idmap), dentry, acl_name, acl);
1249
+
error = vfs_set_acl(idmap, dentry, acl_name, acl);
1253
1250
posix_acl_release(acl);
1254
1251
return error;
1255
1252
}
+1
-1
fs/reiserfs/acl.h
+1
-1
fs/reiserfs/acl.h
···
49
49
50
50
#ifdef CONFIG_REISERFS_FS_POSIX_ACL
51
51
struct posix_acl *reiserfs_get_acl(struct inode *inode, int type, bool rcu);
52
-
int reiserfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
52
+
int reiserfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
53
53
struct posix_acl *acl, int type);
54
54
int reiserfs_acl_chmod(struct dentry *dentry);
55
55
int reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th,
+2
-2
fs/reiserfs/xattr_acl.c
+2
-2
fs/reiserfs/xattr_acl.c
···
18
18
19
19
20
20
int
21
-
reiserfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
21
+
reiserfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
22
22
struct posix_acl *acl, int type)
23
23
{
24
24
int error, error2;
···
407
407
!reiserfs_posixacl(inode->i_sb))
408
408
return 0;
409
409
410
-
return posix_acl_chmod(&init_user_ns, dentry, inode->i_mode);
410
+
return posix_acl_chmod(&nop_mnt_idmap, dentry, inode->i_mode);
411
411
}
+1
-1
fs/xattr.c
+1
-1
fs/xattr.c
+2
-1
fs/xfs/xfs_acl.c
+2
-1
fs/xfs/xfs_acl.c
···
242
242
}
243
243
244
244
int
245
-
xfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
245
+
xfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
246
246
struct posix_acl *acl, int type)
247
247
{
248
+
struct user_namespace *mnt_userns = mnt_idmap_owner(idmap);
248
249
umode_t mode;
249
250
bool set_mode = false;
250
251
int error = 0;
+1
-1
fs/xfs/xfs_acl.h
+1
-1
fs/xfs/xfs_acl.h
···
11
11
12
12
#ifdef CONFIG_XFS_POSIX_ACL
13
13
extern struct posix_acl *xfs_get_acl(struct inode *inode, int type, bool rcu);
14
-
extern int xfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
14
+
extern int xfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
15
15
struct posix_acl *acl, int type);
16
16
extern int __xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
17
17
void xfs_forget_acl(struct inode *inode, const char *name);
+1
-1
fs/xfs/xfs_iops.c
+1
-1
fs/xfs/xfs_iops.c
+1
-1
include/linux/fs.h
+1
-1
include/linux/fs.h
···
2166
2166
struct file *, umode_t);
2167
2167
struct posix_acl *(*get_acl)(struct mnt_idmap *, struct dentry *,
2168
2168
int);
2169
-
int (*set_acl)(struct user_namespace *, struct dentry *,
2169
+
int (*set_acl)(struct mnt_idmap *, struct dentry *,
2170
2170
struct posix_acl *, int);
2171
2171
int (*fileattr_set)(struct user_namespace *mnt_userns,
2172
2172
struct dentry *dentry, struct fileattr *fa);
+8
-8
include/linux/posix_acl.h
+8
-8
include/linux/posix_acl.h
···
69
69
extern int __posix_acl_chmod(struct posix_acl **, gfp_t, umode_t);
70
70
71
71
extern struct posix_acl *get_posix_acl(struct inode *, int);
72
-
int set_posix_acl(struct user_namespace *, struct dentry *, int,
72
+
int set_posix_acl(struct mnt_idmap *, struct dentry *, int,
73
73
struct posix_acl *);
74
74
75
75
struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type);
76
76
struct posix_acl *posix_acl_clone(const struct posix_acl *acl, gfp_t flags);
77
77
78
78
#ifdef CONFIG_FS_POSIX_ACL
79
-
int posix_acl_chmod(struct user_namespace *, struct dentry *, umode_t);
79
+
int posix_acl_chmod(struct mnt_idmap *, struct dentry *, umode_t);
80
80
extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
81
81
struct posix_acl **);
82
82
int posix_acl_update_mode(struct user_namespace *, struct inode *, umode_t *,
83
83
struct posix_acl **);
84
84
85
-
int simple_set_acl(struct user_namespace *, struct dentry *,
85
+
int simple_set_acl(struct mnt_idmap *, struct dentry *,
86
86
struct posix_acl *, int);
87
87
extern int simple_acl_create(struct inode *, struct inode *);
88
88
···
100
100
inode->i_default_acl = NULL;
101
101
}
102
102
103
-
int vfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
103
+
int vfs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
104
104
const char *acl_name, struct posix_acl *kacl);
105
105
struct posix_acl *vfs_get_acl(struct mnt_idmap *idmap,
106
106
struct dentry *dentry, const char *acl_name);
107
-
int vfs_remove_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
107
+
int vfs_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry,
108
108
const char *acl_name);
109
109
#else
110
-
static inline int posix_acl_chmod(struct user_namespace *mnt_userns,
110
+
static inline int posix_acl_chmod(struct mnt_idmap *idmap,
111
111
struct dentry *dentry, umode_t mode)
112
112
{
113
113
return 0;
···
134
134
{
135
135
}
136
136
137
-
static inline int vfs_set_acl(struct user_namespace *mnt_userns,
137
+
static inline int vfs_set_acl(struct mnt_idmap *idmap,
138
138
struct dentry *dentry, const char *name,
139
139
struct posix_acl *acl)
140
140
{
···
148
148
return ERR_PTR(-EOPNOTSUPP);
149
149
}
150
150
151
-
static inline int vfs_remove_acl(struct user_namespace *mnt_userns,
151
+
static inline int vfs_remove_acl(struct mnt_idmap *idmap,
152
152
struct dentry *dentry, const char *acl_name)
153
153
{
154
154
return -EOPNOTSUPP;
+1
-1
mm/shmem.c
+1
-1
mm/shmem.c
···
1131
1131
1132
1132
setattr_copy(&nop_mnt_idmap, inode, attr);
1133
1133
if (attr->ia_valid & ATTR_MODE)
1134
-
error = posix_acl_chmod(&init_user_ns, dentry, inode->i_mode);
1134
+
error = posix_acl_chmod(&nop_mnt_idmap, dentry, inode->i_mode);
1135
1135
if (!error && update_ctime) {
1136
1136
inode->i_ctime = current_time(inode);
1137
1137
if (update_mtime)