Make the two locations where exportfs helpers check permission to lookup a given inode idmapped mount aware by switching it to the lookup_one() helper. This is a bugfix for the open_by_handle_at() system call which doesn't take idmapped mounts into account currently. It's not tied to a specific commit so we'll just Cc stable.
In addition this is required to support idmapped base layers in overlay. The overlay filesystem uses exportfs to encode and decode file handles for its index=on mount option and when nfs_export=on.
Cc: stable@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Tested-by: Giuseppe Scrivano gscrivan@redhat.com Reviewed-by: Amir Goldstein amir73il@gmail.com Signed-off-by: Christian Brauner (Microsoft) brauner@kernel.org --- /* v2 */ unchanged --- fs/exportfs/expfs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c index 0106eba46d5a..3ef80d000e13 100644 --- a/fs/exportfs/expfs.c +++ b/fs/exportfs/expfs.c @@ -145,7 +145,7 @@ static struct dentry *reconnect_one(struct vfsmount *mnt, if (err) goto out_err; dprintk("%s: found name: %s\n", __func__, nbuf); - tmp = lookup_one_len_unlocked(nbuf, parent, strlen(nbuf)); + tmp = lookup_one_unlocked(mnt_user_ns(mnt), nbuf, parent, strlen(nbuf)); if (IS_ERR(tmp)) { dprintk("%s: lookup failed: %d\n", __func__, PTR_ERR(tmp)); err = PTR_ERR(tmp); @@ -525,7 +525,8 @@ exportfs_decode_fh_raw(struct vfsmount *mnt, struct fid *fid, int fh_len, }
inode_lock(target_dir->d_inode); - nresult = lookup_one_len(nbuf, target_dir, strlen(nbuf)); + nresult = lookup_one(mnt_user_ns(mnt), nbuf, + target_dir, strlen(nbuf)); if (!IS_ERR(nresult)) { if (unlikely(nresult->d_inode != result->d_inode)) { dput(nresult);
On Wed, Mar 30, 2022 at 12:23:50PM +0200, Christian Brauner wrote:
Make the two locations where exportfs helpers check permission to lookup a given inode idmapped mount aware by switching it to the lookup_one() helper. This is a bugfix for the open_by_handle_at() system call which doesn't take idmapped mounts into account currently. It's not tied to a specific commit so we'll just Cc stable.
In addition this is required to support idmapped base layers in overlay. The overlay filesystem uses exportfs to encode and decode file handles for its index=on mount option and when nfs_export=on.
This probably wants a Fixes tag, as without it NFS exporting idmapped file will give slightly unexpected results.
Otherwise looks fine:
Reviewed-by: Christoph Hellwig hch@lst.de
On Wed, Mar 30, 2022 at 05:26:35PM +0200, Christoph Hellwig wrote:
On Wed, Mar 30, 2022 at 12:23:50PM +0200, Christian Brauner wrote:
Make the two locations where exportfs helpers check permission to lookup a given inode idmapped mount aware by switching it to the lookup_one() helper. This is a bugfix for the open_by_handle_at() system call which doesn't take idmapped mounts into account currently. It's not tied to a specific commit so we'll just Cc stable.
In addition this is required to support idmapped base layers in overlay. The overlay filesystem uses exportfs to encode and decode file handles for its index=on mount option and when nfs_export=on.
This probably wants a Fixes tag, as without it NFS exporting idmapped file will give slightly unexpected results.
I made it so that the nfs kernel server will refuse to be mounted on top of idmapped mounts in check_export() similar to what I did originally do for overlayfs. It's unclear what the Fixes: tag would be so I'll just Cc stable.
Otherwise looks fine:
Reviewed-by: Christoph Hellwig hch@lst.de
Thanks!
On Wed, Mar 30, 2022 at 06:04:48PM +0200, Christian Brauner wrote:
This probably wants a Fixes tag, as without it NFS exporting idmapped file will give slightly unexpected results.
I made it so that the nfs kernel server will refuse to be mounted on top of idmapped mounts in check_export() similar to what I did originally do for overlayfs. It's unclear what the Fixes: tag would be so I'll just Cc stable.
So knfsd is fine, and the handle_to_name syscall doesn't ever do the equivalent of the subtree check. So with that we probably don't need a Fixes tag - sorry for the noise.
On Wed, Mar 30, 2022 at 06:08:16PM +0200, Christoph Hellwig wrote:
On Wed, Mar 30, 2022 at 06:04:48PM +0200, Christian Brauner wrote:
This probably wants a Fixes tag, as without it NFS exporting idmapped file will give slightly unexpected results.
I made it so that the nfs kernel server will refuse to be mounted on top of idmapped mounts in check_export() similar to what I did originally do for overlayfs. It's unclear what the Fixes: tag would be so I'll just Cc stable.
So knfsd is fine, and the handle_to_name syscall doesn't ever do the equivalent of the subtree check. So with that we probably don't need a Fixes tag - sorry for the noise.
No worries, thank you for taking a close look!
linux-stable-mirror@lists.linaro.org
-
Christian Brauner -
Christoph Hellwig