From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C2D11C3F11
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713890; cv=none;
 b=Sf8/k6yI1u6j5RVSdwPWIOn5JA0e7uqSyiwiy6p+tWqsBfILFVmkB7yHIH02XD3ERUfvEb1NCsymGHj50F0EaIddwQN6L8P0g9vDMBoRH2/1lXhpneTFcaIa5TJ4RmHicOjTa3XCLgpFtZ7K3AT+GbvAVi0FK0GeDuwAHrGec9M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713890; c=relaxed/simple;
	bh=7QlYD6l9p5eF21jVsZq19AIhqtZNByHgXnAh7C0YaT4=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=u8lGpPDH+nP+ev4MKEVfh+a4vivtkwlrAj5BVyI1uzLqtgJ3mpgRibM97jRQ8J072g3SSb+wHLyDH7RmP8c7CGKbwOXp6Y+Q4t1oGu2xb9DlBp2F3/hKlj7GnTORuogKpYzvH0VKxpgOSFGrItbZJRE32Cp0voOChd5nTe1Hifk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=DPvwIH7N; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="DPvwIH7N"
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id DDE7D3F1ED
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713886;
	bh=rAXMreNRBTPp2+RJ3in8rXzVuCGcw271HJnlzrndXY4=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=DPvwIH7Nxo/G6vxKU5f5NnxsZN0g9klwabS8P7LbEAyKSU4haqFP5eAZcchCoPOCJ
	 ZjVLOx4pKTFGZJPxFjPcp4Jrli6TuB8Y3zAioCUnavLJT/cQBD9gr6vzXZxJbkVJ+x
	 XpzwvuM+J6Nopn3OrzUH13n5u924pk10+lt8UxC+MEAeVoTBT0Oigm9e2noyI7xu8i
	 SOdYoGf0MjoPi8W5fIklaQlF1SX9nDMiQeMBXyArBDmHdZaqTM/IGmpJ95IY4KONAC
	 GteU4q09hGNwjPlfh9NLDU6tmL8cS6J+5Xv5UHIB3emhqGr34LG5BIZ+u6FaPVtcEE
	 odXb3WegFyuQw==
Received: by mail-ej1-f70.google.com with SMTP id
 a640c23a62f3a-a77f0eca75bso84180666b.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:24:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713886; x=1724318686;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=rAXMreNRBTPp2+RJ3in8rXzVuCGcw271HJnlzrndXY4=;
        b=aKiFoB4quF360fTDg2DPnzkA0Bt//ni7GNR1QzGKDQFKpQJfvyV0asrvleutGX2/5u
         rlu6WnaoMDBbwo8dhO2mT27eZkVrWtdza9O+6p6SF991d2YUA6fAHl81xWZZOfXxQIRA
         uEPPvkRsjicvpc46902O6gu/w6Q/cWL2xVDyuUuZQFvVFwTU1S+TIrVdKRhaR+Wfyyry
         B4lscy7UHQEzShTt3n3fEKTtS10bls/GmXTPMoVDAcQnkwe6UtULOLuGTGqLEdLsSo0e
         6a2YdOOp0cFHlkw0+wCqWulEBR9+G+TE8OYn2XDRxSq0JYZCQb8DMw2u6kTW1ioIjow7
         aheQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCWX5Uu0uuTvzDkFF/LFsKfysW388Hl6H5TUJ2206IMnvuO9NtQCJk6nxDOJ2dyrzKRuSgcbFX0aBYBTfhNG3VK58LMkHOnckKLQsQbV
X-Gm-Message-State: AOJu0Yz+enCe2OuOSwClt9XrG/F/KXbFnS1+X/boahHXzoJcpv2NxjZs
	d8ATDnwPxGSzVd6uDIyK9VyPwGWlVNHNjTrgo1EBDw/hZqBqwwWtCsKHl7W+hqwVFrXClkNB1Q1
	eRCk53wg0nWhKHnSm6CbFrUXqJNROyMkrnXxSlaEuJhVGTIxJr721UdEO6MphsG/Xf8IShi0jSX
	MhNQ==
X-Received: by 2002:a17:906:d25c:b0:a7a:8cb9:7491 with SMTP id
 a640c23a62f3a-a8367087421mr391868566b.54.1723713886450;
        Thu, 15 Aug 2024 02:24:46 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFs7cI7cvU+ksFskAocCsC23yqHF28RZ3Vu3jlzk3u1ykj3LBphtlYXWKHo08N1JU0SKHg0ow==
X-Received: by 2002:a17:906:d25c:b0:a7a:8cb9:7491 with SMTP id
 a640c23a62f3a-a8367087421mr391866066b.54.1723713885797;
        Thu, 15 Aug 2024 02:24:45 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.24.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:24:44 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Jan Kara <jack@suse.cz>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 01/11] fs/namespace: introduce SB_I_NOIDMAP flag
Date: Thu, 15 Aug 2024 11:24:18 +0200
Message-Id: <20240815092429.103356-2-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Right now we determine if filesystem support vfs idmappings
or not basing on the FS_ALLOW_IDMAP flag presence. This
"static" way works perfecly well for local filesystems
like ext4, xfs, btrfs, etc. But for network-like filesystems
like fuse, cephfs this approach is not ideal, because sometimes
proper support of vfs idmaps requires some extensions for the on-wire
protocol, which implies that changes have to be made not only
in the Linux kernel code but also in the 3rd party components like
libfuse, cephfs MDS server and so on.

We have seen that issue during our work on cephfs idmapped mounts [1]
with Christian, but right now I'm working on the idmapped mounts
support for fuse/virtiofs and I think that it is a right time for this exte=
nsion.

[1] 5ccd8530dd7 ("ceph: handle idmapped mounts in create_request_message()")

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Suggested-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v3:
	- this commit added
---
 fs/namespace.c     | 4 ++++
 include/linux/fs.h | 1 +
 2 files changed, 5 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index 328087a4df8a..d1702285c915 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4436,6 +4436,10 @@ static int can_idmap_mount(const struct mount_kattr =
*kattr, struct mount *mnt)
 	if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP))
 		return -EINVAL;
=20
+	/* The filesystem has turned off idmapped mounts. */
+	if (m->mnt_sb->s_iflags & SB_I_NOIDMAP)
+		return -EINVAL;
+
 	/* We're not controlling the superblock. */
 	if (!ns_capable(fs_userns, CAP_SYS_ADMIN))
 		return -EPERM;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index fd34b5755c0b..6ff547ef21f2 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1189,6 +1189,7 @@ extern int send_sigurg(struct fown_struct *fown);
 #define SB_I_TS_EXPIRY_WARNED 0x00000400 /* warned about timestamp range e=
xpiry */
 #define SB_I_RETIRED	0x00000800	/* superblock shouldn't be reused */
 #define SB_I_NOUMASK	0x00001000	/* VFS does not apply umask */
+#define SB_I_NOIDMAP	0x00002000	/* No idmapped mounts on this superblock */
=20
 /* Possible states of 'frozen' field */
 enum {
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AFAD1EB4B2
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713894; cv=none;
 b=BHedGs3tfD7eZsnXVenwLBwK2R85G2b8C3uTbnVmv5ibT+zFJ8CBILUoI24GW0EciYCsATiLLYQ8SE6zkI0R79jr8a7LJlJNTzIjcabxL/9DJeC2H91R0JJ/kuv2rrl+d4oBYu4U8+PIZmGOFkp5qzEzHMcsN4IVqMFYPgI7+bA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713894; c=relaxed/simple;
	bh=3sKR5heXsN3+PDmKkyp9ATdAOr7cyhuezAbCen+o5+Y=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=aAZw74gfkDGsRVPLEqydjUNR5ZXrs3lW5HAiK0QZeQjqt1WenGUSSTAn3uIpQBpYWsq+5JReGnEC204YVYaq2aOmXljHcvJMVHG4UbG+6V8aw72hSJgOsfnGjX1G4qX91d4dtBONFstUyp7MvNfEfIcjkKyrjmP9m5XpVAuAI9k=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=q73mGquI; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="q73mGquI"
Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com
 [209.85.218.69])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id CA1553F366
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713890;
	bh=m96HZWLn8OKWP/L3it/bQmtO6VIcFcKI507cIhh46m0=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=q73mGquI69OZGNL5MIQiAYWxMsQkln182oyfjfzT3Hy/p+RF76g4EgYMBeHbCvxn4
	 5WabbO05loSFMXCJ2Our2XCTdv0bNrqncrs/b+TJU996uGdWVjfqgD0rKgjAjXbmCA
	 TNDSyDS2g58U9xEbXHJUY4kP7vzLb6QJL9DjYvnXANfpA6cG/lgHWLAOv475RvFA5r
	 kGXMN2gQnkH91qdeiq+uMnQxS75ej0pfikABIpdctCqvjkjGuMHCpptsw4fznV5nJL
	 eFFII03xHx4X5TLiakNW+xnuZbg0pmpD+j50l/VD2g7QYoaCMbwxj18XQmKuO1ZPoG
	 pHqt0mAPZAjXA==
Received: by mail-ej1-f69.google.com with SMTP id
 a640c23a62f3a-a7aa020cef5so58081966b.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:24:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713890; x=1724318690;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=m96HZWLn8OKWP/L3it/bQmtO6VIcFcKI507cIhh46m0=;
        b=ZsaTxVnysh/XjAcjXvQHBUQuUn2arKz9K3NMqunXeorTvRKP0m3jNwTIfUC02JKLIW
         m1qsPRmyTPe88yiWfpfD9p6sgoTb8Q8uPFizHijIS5I2HZ1VgW5wIk2MXYam9e5ch+nA
         1doOa39nfgj2B5SMNHZ28y+cwRqdTCYXW3FyY2tDN9cJ+XL4FQOD0WtZoZTfUlm+9hVH
         wEfg8ilgJMNHGbT9mJ5EOYIDiysu8XgXNE1Kow634cc93bjpxJo3LrkFL3N5rVDWtVcX
         PPEmatW/xXjgf2qf5o7WD+Yj0buonIDN7Ouf/6BrYNDXjoH8ogElnyuWF/ToemyKx6pU
         VMqg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUwRctW1CFuLQ0KphNf5HfSkb2WG0fJrZpr41lhkfJUYMJrh4t500CZhp5ueBaAKT419WU71KqenWU7+IY=@vger.kernel.org
X-Gm-Message-State: AOJu0Ywr8csM66skFllrZisOKJEzWd0lb//nT63xrIijHEkWYeynA28c
	Bc40gPGVk1M+rYfPaRRirF8o1HJq0KWPv4cXj0PiSrky1a7WIufwRFwpvaaLZBHeIxxZUK/DlXf
	SAE3FsojdZtDDwjtKjbSSabP0ROWen7wfc4hsG7qYybKsM95PkNksveFIlh/IHfDWrAtivlYgz3
	r5JQ==
X-Received: by 2002:a17:907:e686:b0:a7a:bc34:a4c0 with SMTP id
 a640c23a62f3a-a8367017958mr340288166b.45.1723713889867;
        Thu, 15 Aug 2024 02:24:49 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF2JvonBW7VByiYt9qrK3OXi7/p00XdZN0Z3eAkYXMajB1mk3hDfAZbiimTYiDiMwXegHifNg==
X-Received: by 2002:a17:907:e686:b0:a7a:bc34:a4c0 with SMTP id
 a640c23a62f3a-a8367017958mr340286066b.45.1723713889437;
        Thu, 15 Aug 2024 02:24:49 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.24.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:24:48 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>,
	Seth Forshee <sforshee@kernel.org>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 02/11] fs/fuse: add FUSE_OWNER_UID_GID_EXT extension
Date: Thu, 15 Aug 2024 11:24:19 +0200
Message-Id: <20240815092429.103356-3-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

To properly support vfs idmappings we need to provide
a fuse daemon with the correct owner uid/gid for
inode creation requests like mkdir, mknod, atomic_open,
symlink.

Right now, fuse daemons use req->in.h.uid/req->in.h.gid
to set inode owner. These fields contain fsuid/fsgid of the
syscall's caller. And that's perfectly fine, because inode
owner have to be set to these values. But, for idmapped mounts
it's not the case and caller fsuid/fsgid !=3D inode owner, because
idmapped mounts do nothing with the caller fsuid/fsgid, but
affect inode owner uid/gid. It means that we can't apply vfsid
mapping to caller fsuid/fsgid, but instead we have to introduce
a new fields to store inode owner uid/gid which will be appropriately
transformed.

Christian and I have done the same to support idmapped mounts in
the cephfs recently [1].

[1] 5ccd8530 ("ceph: handle idmapped mounts in create_request_message()")

Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
 fs/fuse/dir.c             | 34 +++++++++++++++++++++++++++++++---
 fs/fuse/fuse_i.h          |  3 +++
 fs/fuse/inode.c           |  4 +++-
 include/uapi/linux/fuse.h | 19 +++++++++++++++++++
 4 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 2b0d4781f394..30d27d4f3b5a 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -572,7 +572,33 @@ static int get_create_supp_group(struct inode *dir, st=
ruct fuse_in_arg *ext)
 	return 0;
 }
=20
-static int get_create_ext(struct fuse_args *args,
+static int get_owner_uid_gid(struct mnt_idmap *idmap, struct fuse_conn *fc=
, struct fuse_in_arg *ext)
+{
+	struct fuse_ext_header *xh;
+	struct fuse_owner_uid_gid *owner_creds;
+	u32 owner_creds_len =3D fuse_ext_size(sizeof(*owner_creds));
+	kuid_t owner_fsuid;
+	kgid_t owner_fsgid;
+
+	xh =3D extend_arg(ext, owner_creds_len);
+	if (!xh)
+		return -ENOMEM;
+
+	xh->size =3D owner_creds_len;
+	xh->type =3D FUSE_EXT_OWNER_UID_GID;
+
+	owner_creds =3D (struct fuse_owner_uid_gid *) &xh[1];
+
+	owner_fsuid =3D mapped_fsuid(idmap, fc->user_ns);
+	owner_fsgid =3D mapped_fsgid(idmap, fc->user_ns);
+	owner_creds->uid =3D from_kuid(fc->user_ns, owner_fsuid);
+	owner_creds->gid =3D from_kgid(fc->user_ns, owner_fsgid);
+
+	return 0;
+}
+
+static int get_create_ext(struct mnt_idmap *idmap,
+			  struct fuse_args *args,
 			  struct inode *dir, struct dentry *dentry,
 			  umode_t mode)
 {
@@ -584,6 +610,8 @@ static int get_create_ext(struct fuse_args *args,
 		err =3D get_security_context(dentry, mode, &ext);
 	if (!err && fc->create_supp_group)
 		err =3D get_create_supp_group(dir, &ext);
+	if (!err && fc->owner_uid_gid_ext)
+		err =3D get_owner_uid_gid(idmap, fc, &ext);
=20
 	if (!err && ext.size) {
 		WARN_ON(args->in_numargs >=3D ARRAY_SIZE(args->in_args));
@@ -668,7 +696,7 @@ static int fuse_create_open(struct inode *dir, struct d=
entry *entry,
 	args.out_args[1].size =3D sizeof(*outopenp);
 	args.out_args[1].value =3D outopenp;
=20
-	err =3D get_create_ext(&args, dir, entry, mode);
+	err =3D get_create_ext(&nop_mnt_idmap, &args, dir, entry, mode);
 	if (err)
 		goto out_put_forget_req;
=20
@@ -798,7 +826,7 @@ static int create_new_entry(struct fuse_mount *fm, stru=
ct fuse_args *args,
 	args->out_args[0].value =3D &outarg;
=20
 	if (args->opcode !=3D FUSE_LINK) {
-		err =3D get_create_ext(args, dir, entry, mode);
+		err =3D get_create_ext(&nop_mnt_idmap, args, dir, entry, mode);
 		if (err)
 			goto out_put_forget_req;
 	}
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index f23919610313..d06934e70cc5 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -845,6 +845,9 @@ struct fuse_conn {
 	/* Add supplementary group info when creating a new inode */
 	unsigned int create_supp_group:1;
=20
+	/* Add owner_{u,g}id info when creating a new inode */
+	unsigned int owner_uid_gid_ext:1;
+
 	/* Does the filesystem support per inode DAX? */
 	unsigned int inode_dax:1;
=20
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index d8ab4e93916f..6c205731c844 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1343,6 +1343,8 @@ static void process_init_reply(struct fuse_mount *fm,=
 struct fuse_args *args,
 			}
 			if (flags & FUSE_NO_EXPORT_SUPPORT)
 				fm->sb->s_export_op =3D &fuse_export_fid_operations;
+			if (flags & FUSE_OWNER_UID_GID_EXT)
+				fc->owner_uid_gid_ext =3D 1;
 		} else {
 			ra_pages =3D fc->max_read / PAGE_SIZE;
 			fc->no_lock =3D 1;
@@ -1390,7 +1392,7 @@ void fuse_send_init(struct fuse_mount *fm)
 		FUSE_HANDLE_KILLPRIV_V2 | FUSE_SETXATTR_EXT | FUSE_INIT_EXT |
 		FUSE_SECURITY_CTX | FUSE_CREATE_SUPP_GROUP |
 		FUSE_HAS_EXPIRE_ONLY | FUSE_DIRECT_IO_ALLOW_MMAP |
-		FUSE_NO_EXPORT_SUPPORT | FUSE_HAS_RESEND;
+		FUSE_NO_EXPORT_SUPPORT | FUSE_HAS_RESEND | FUSE_OWNER_UID_GID_EXT;
 #ifdef CONFIG_FUSE_DAX
 	if (fm->fc->dax)
 		flags |=3D FUSE_MAP_ALIGNMENT;
diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
index d08b99d60f6f..d9ecc17fd13b 100644
--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -217,6 +217,10 @@
  *  - add backing_id to fuse_open_out, add FOPEN_PASSTHROUGH open flag
  *  - add FUSE_NO_EXPORT_SUPPORT init flag
  *  - add FUSE_NOTIFY_RESEND, add FUSE_HAS_RESEND init flag
+ *
+ *  7.41
+ *  - add FUSE_EXT_OWNER_UID_GID
+ *  - add FUSE_OWNER_UID_GID_EXT
  */
=20
 #ifndef _LINUX_FUSE_H
@@ -421,6 +425,8 @@ struct fuse_file_lock {
  * FUSE_NO_EXPORT_SUPPORT: explicitly disable export support
  * FUSE_HAS_RESEND: kernel supports resending pending requests, and the hi=
gh bit
  *		    of the request ID indicates resend requests
+ * FUSE_OWNER_UID_GID_EXT: add inode owner UID/GID info to create, mkdir,
+ *			   symlink and mknod
  */
 #define FUSE_ASYNC_READ		(1 << 0)
 #define FUSE_POSIX_LOCKS	(1 << 1)
@@ -466,6 +472,7 @@ struct fuse_file_lock {
=20
 /* Obsolete alias for FUSE_DIRECT_IO_ALLOW_MMAP */
 #define FUSE_DIRECT_IO_RELAX	FUSE_DIRECT_IO_ALLOW_MMAP
+#define FUSE_OWNER_UID_GID_EXT	(1ULL << 40)
=20
 /**
  * CUSE INIT request/reply flags
@@ -575,11 +582,13 @@ struct fuse_file_lock {
  * extension type
  * FUSE_MAX_NR_SECCTX: maximum value of &fuse_secctx_header.nr_secctx
  * FUSE_EXT_GROUPS: &fuse_supp_groups extension
+ * FUSE_EXT_OWNER_UID_GID: &fuse_owner_uid_gid extension
  */
 enum fuse_ext_type {
 	/* Types 0..31 are reserved for fuse_secctx_header */
 	FUSE_MAX_NR_SECCTX	=3D 31,
 	FUSE_EXT_GROUPS		=3D 32,
+	FUSE_EXT_OWNER_UID_GID	=3D 33,
 };
=20
 enum fuse_opcode {
@@ -1186,4 +1195,14 @@ struct fuse_supp_groups {
 	uint32_t	groups[];
 };
=20
+/**
+ * struct fuse_owner_uid_gid - Inode owner UID/GID extension
+ * @uid: inode owner UID
+ * @gid: inode owner GID
+ */
+struct fuse_owner_uid_gid {
+	uint32_t	uid;
+	uint32_t	gid;
+};
+
 #endif /* _LINUX_FUSE_H */
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2383F200106
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:54 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713897; cv=none;
 b=saNCh7A8iIjurzj4LoxOAHy7Wcm3l3fQIH5T3+qMWCmHQEtrt4WslLIUfInKGzz3+eUbypqVBLEze9GJrh/6rLjZTn3ju1UPERGJnjNeRb+ot0FLNdIis3uOWE5V/gBnSvOFtaCVzv2NB7mhNyqA5mI2qzqECYLgT47JI23o7jQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713897; c=relaxed/simple;
	bh=4eTUDWhrEbeO6LacpkSTpWZsQS6mjvQhzRI0A/zxHU4=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=IlJvvrCqSJfNcQcFDkua/rS5+hMCTWIXQ4B0nxaml9Nls9Gd5UtRYzMZXz30itbeM5NLLznfDdY7JofntvhkOLalUcmSjz28Y/UaI0+ArcmxCTrgNHX6J+ZONzwUekvzdAKgeI7ma3PIhxkm75bURe2lBcvZibjOoli5IYdKirM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=Z7vkY4PW; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="Z7vkY4PW"
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com
 [209.85.218.71])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 6D6FC3F1F4
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713893;
	bh=cuULsUu9z+BvalrO9+cGgsIucfP8fxo4BNYi78/zGSU=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=Z7vkY4PWsL+FbY/LwaeQP8UReIhxt+pJEJJWHSi8C05CP0tueuJHk2gxuL9yW3+QR
	 4XSMyvnpi2Ju2vaQvqSl4KObuIEgc8+XQiqV3sYWbNg28oqwjUSupyP3CG2LS1GqWB
	 9KG4TBy3QHf1KwndLlrfi+3cyF6UElTL+ixjN4+ZZaApTG5ujPR2X6m11g48HWSbVw
	 CQ9jSrAI7iM4dk4rIS2WJLk84vOSam1T8Lr3JrFnwwa7AtbqiacEJ6bCn1ecJQS5i+
	 uA3m4r/CEddcLeY6tWswu5ZhMobWaHrwmWzUBvGMybZ+cPgOJZXFGHEwhCbuUNp3BE
	 6QsfrXUemHiVw==
Received: by mail-ej1-f71.google.com with SMTP id
 a640c23a62f3a-a7a83fad218so68024166b.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:24:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713893; x=1724318693;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=cuULsUu9z+BvalrO9+cGgsIucfP8fxo4BNYi78/zGSU=;
        b=QViqI3IiWYY4sAe6TCi8KthuGnx/Nc4VQucnVnCbybkVSvEBCoeTbriSRmTGfpZ5iP
         /7/SpIVg2fs3d+tcv/IvLnQ4hJE02w+2aSUdxX1Cqcd4xtZPNa1Z3G069MnVjO7Rq/Lc
         uf29gYGB+jvUh7qJNmXnrPKueqlXmTb0xqzLQAQt/EE4BrjGn4cPjffR2j/J0T3Pq+e5
         VUmKnK0WEHB14Dj1v6t0mXeV5Luf1RIdC+Gy1D2BEQxTkovMZsHqNv1Haf7MCsCf4UzS
         TXagKiCQOx7qkzW9viLJk8mDLqX48czIztucCWrMPECAfDhzbpFdDHkj9w957dAZ2vih
         lXVg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVX6yVuImFNRWWJnbsNHT41BBrB1rbNiQ/gL5V1hXWI8p8usZgcPYrijKtZWjOaHm6GfPk7rgnpyn/7xF5d2sBqDIK/ecuDmawCWewZ
X-Gm-Message-State: AOJu0YzRsT+cIUpLPUJHEXxHLaWlAZTLiTKiU4C/wNstMLTQSpzKtd84
	6l5wdwbP6d37hZwQz7Cc32pm9C6MIKGzd4r7IERJmKvnfpdsdi8hxxtpnEedXG5ueKk171vRmqA
	p8Prv+9VmHCN0badMn0pkuCsC5RVcBDXTsqa1soDtdFjuuijij0QAuwG3gsbWdpaO7464pAdHwB
	fDLg==
X-Received: by 2002:a17:907:e65f:b0:a7a:952b:95ae with SMTP id
 a640c23a62f3a-a8367058dbfmr391411466b.47.1723713892783;
        Thu, 15 Aug 2024 02:24:52 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGHVQTlmRiIxSatjFzhhXDyxgdPLqtIwQZ41XRrUNboCAzF4zXXfl9MJmxs2xMNWOOI3Fsi2g==
X-Received: by 2002:a17:907:e65f:b0:a7a:952b:95ae with SMTP id
 a640c23a62f3a-a8367058dbfmr391410066b.47.1723713892276;
        Thu, 15 Aug 2024 02:24:52 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.24.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:24:51 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 03/11] fs/fuse: support idmap for
 mkdir/mknod/symlink/create
Date: Thu, 15 Aug 2024 11:24:20 +0200
Message-Id: <20240815092429.103356-4-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

We have all the infrastructure in place, we just need
to pass an idmapping here.

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
 fs/fuse/dir.c | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 30d27d4f3b5a..1e45c6157af4 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -637,9 +637,9 @@ static void free_ext_value(struct fuse_args *args)
  * If the filesystem doesn't support this, then fall back to separate
  * 'mknod' + 'open' requests.
  */
-static int fuse_create_open(struct inode *dir, struct dentry *entry,
-			    struct file *file, unsigned int flags,
-			    umode_t mode, u32 opcode)
+static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir,
+			    struct dentry *entry, struct file *file,
+			    unsigned int flags, umode_t mode, u32 opcode)
 {
 	int err;
 	struct inode *inode;
@@ -696,7 +696,7 @@ static int fuse_create_open(struct inode *dir, struct d=
entry *entry,
 	args.out_args[1].size =3D sizeof(*outopenp);
 	args.out_args[1].value =3D outopenp;
=20
-	err =3D get_create_ext(&nop_mnt_idmap, &args, dir, entry, mode);
+	err =3D get_create_ext(idmap, &args, dir, entry, mode);
 	if (err)
 		goto out_put_forget_req;
=20
@@ -757,6 +757,7 @@ static int fuse_atomic_open(struct inode *dir, struct d=
entry *entry,
 			    umode_t mode)
 {
 	int err;
+	struct mnt_idmap *idmap =3D file_mnt_idmap(file);
 	struct fuse_conn *fc =3D get_fuse_conn(dir);
 	struct dentry *res =3D NULL;
=20
@@ -781,7 +782,7 @@ static int fuse_atomic_open(struct inode *dir, struct d=
entry *entry,
 	if (fc->no_create)
 		goto mknod;
=20
-	err =3D fuse_create_open(dir, entry, file, flags, mode, FUSE_CREATE);
+	err =3D fuse_create_open(idmap, dir, entry, file, flags, mode, FUSE_CREAT=
E);
 	if (err =3D=3D -ENOSYS) {
 		fc->no_create =3D 1;
 		goto mknod;
@@ -792,7 +793,7 @@ static int fuse_atomic_open(struct inode *dir, struct d=
entry *entry,
 	return err;
=20
 mknod:
-	err =3D fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
+	err =3D fuse_mknod(idmap, dir, entry, mode, 0);
 	if (err)
 		goto out_dput;
 no_open:
@@ -802,9 +803,9 @@ static int fuse_atomic_open(struct inode *dir, struct d=
entry *entry,
 /*
  * Code shared between mknod, mkdir, symlink and link
  */
-static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
-			    struct inode *dir, struct dentry *entry,
-			    umode_t mode)
+static int create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm,
+			    struct fuse_args *args, struct inode *dir,
+			    struct dentry *entry, umode_t mode)
 {
 	struct fuse_entry_out outarg;
 	struct inode *inode;
@@ -826,7 +827,7 @@ static int create_new_entry(struct fuse_mount *fm, stru=
ct fuse_args *args,
 	args->out_args[0].value =3D &outarg;
=20
 	if (args->opcode !=3D FUSE_LINK) {
-		err =3D get_create_ext(&nop_mnt_idmap, args, dir, entry, mode);
+		err =3D get_create_ext(idmap, args, dir, entry, mode);
 		if (err)
 			goto out_put_forget_req;
 	}
@@ -892,13 +893,13 @@ static int fuse_mknod(struct mnt_idmap *idmap, struct=
 inode *dir,
 	args.in_args[0].value =3D &inarg;
 	args.in_args[1].size =3D entry->d_name.len + 1;
 	args.in_args[1].value =3D entry->d_name.name;
-	return create_new_entry(fm, &args, dir, entry, mode);
+	return create_new_entry(idmap, fm, &args, dir, entry, mode);
 }
=20
 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
 		       struct dentry *entry, umode_t mode, bool excl)
 {
-	return fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
+	return fuse_mknod(idmap, dir, entry, mode, 0);
 }
=20
 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
@@ -910,7 +911,7 @@ static int fuse_tmpfile(struct mnt_idmap *idmap, struct=
 inode *dir,
 	if (fc->no_tmpfile)
 		return -EOPNOTSUPP;
=20
-	err =3D fuse_create_open(dir, file->f_path.dentry, file, file->f_flags, m=
ode, FUSE_TMPFILE);
+	err =3D fuse_create_open(idmap, dir, file->f_path.dentry, file, file->f_f=
lags, mode, FUSE_TMPFILE);
 	if (err =3D=3D -ENOSYS) {
 		fc->no_tmpfile =3D 1;
 		err =3D -EOPNOTSUPP;
@@ -937,7 +938,7 @@ static int fuse_mkdir(struct mnt_idmap *idmap, struct i=
node *dir,
 	args.in_args[0].value =3D &inarg;
 	args.in_args[1].size =3D entry->d_name.len + 1;
 	args.in_args[1].value =3D entry->d_name.name;
-	return create_new_entry(fm, &args, dir, entry, S_IFDIR);
+	return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR);
 }
=20
 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
@@ -953,7 +954,7 @@ static int fuse_symlink(struct mnt_idmap *idmap, struct=
 inode *dir,
 	args.in_args[0].value =3D entry->d_name.name;
 	args.in_args[1].size =3D len;
 	args.in_args[1].value =3D link;
-	return create_new_entry(fm, &args, dir, entry, S_IFLNK);
+	return create_new_entry(idmap, fm, &args, dir, entry, S_IFLNK);
 }
=20
 void fuse_flush_time_update(struct inode *inode)
@@ -1147,7 +1148,7 @@ static int fuse_link(struct dentry *entry, struct ino=
de *newdir,
 	args.in_args[0].value =3D &inarg;
 	args.in_args[1].size =3D newent->d_name.len + 1;
 	args.in_args[1].value =3D newent->d_name.name;
-	err =3D create_new_entry(fm, &args, newdir, newent, inode->i_mode);
+	err =3D create_new_entry(&nop_mnt_idmap, fm, &args, newdir, newent, inode=
->i_mode);
 	if (!err)
 		fuse_update_ctime_in_cache(inode);
 	else if (err =3D=3D -EINTR)
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5258B200126
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713898; cv=none;
 b=qWreh2rwFpWxyvoz+jY4nUMivfVirc+e5KlMj5SdWEV30VqXtKc7765Un+0knW39cj+j1xMgjkZhdR0J3pccuMS6eYYNYuqfN6TRlucNIm1WxWOa2fny6OXEkg0jbFOF5AVqoTv76gBY7Q8ytZaNmPkrjMyxCZkgmLyT5dWZt28=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713898; c=relaxed/simple;
	bh=No6OwevU+qxY4W/s/DWsEFKfEe7pGU5C8qXdUs/4/SQ=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=lYV61ZKt4c4vFwnHlfFo3/YWUkrbr8yKTs23SKvijrqqDHhMIkstLi82uVtkAXHm3nBrkwUSlIQeg/OEmRmX+KgWPHpiUpCrxs1Q75uCmz9YDG13yLRKFLo+WEtLUi84ih4P5V0r8oNAHTskq5VmE2dxvXk7+oXmgvc51mVYpL8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=swk7a10k; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="swk7a10k"
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id C3BD33F31C
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713895;
	bh=xaypcV2UJPM2r0pQHUTFWnnOJyltujHG9QByRfl37as=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=swk7a10kWqI6Y0/Y/1X74iZrOGzIWwaRRv1NZqKaGFw4Ml6Yv2lcczolgFbTbZdsp
	 CtPhff21vzAln3D7aGA8vGfVxehJmLD3vueIiVXfh3KpjCQZjJUfzN/656yx+Thm0t
	 bMvzJX9zZ+chqWANFQz8+y4jGU9t+VLcCedHFBrAE2uD/SvyPY2vZF7ovi2BLtCorM
	 2MjOxtaly4hLrlCeq8sc0DaVUwfVjxFqDb2YxfcnIB7YjtXKzLyuVjUAMv4Fi1zDaq
	 mCguC8QlzHemM1ROlZpU175/CR2Lh8tjZf/l7hQSsxSRscbB+0SmX93h18g/KXpAFj
	 2H0l4C13JoLRA==
Received: by mail-ej1-f70.google.com with SMTP id
 a640c23a62f3a-a77f0eca75bso84194366b.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:24:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713895; x=1724318695;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xaypcV2UJPM2r0pQHUTFWnnOJyltujHG9QByRfl37as=;
        b=KmOOmuFP0ubso/umv1+R7jhpD5RtXoq4YBkazoDGJGcwU6ObIiNZw05WzeSTU5SHAQ
         ECC0u/tMjrNY9AZzTrJZ60NKgkljX96unToRX0CxkxXzf4r+ILIH8ShzPdESgQ2+7pz7
         Em7Bihlw1iTv29qftZI+Dz0X381afBHq3OsZhcjtE1x7xJDmVBK2EBHW3iz+rnujpJln
         fXr6fu2HpfKV4lnnzDiGav2gq8hlgAUB8ob7BwRu6dYfTBHMqYFrua6PSryuK1ahJhWW
         RCVDtBqdiEIaE8AvahdQW0aSCinRo7/R77aG+LzvTrIIM8O8WFjV9Dmo6NhBQWwOEPYR
         0Hxg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXZrBDrJnipQgyos+Jiggtm9sbZamJzdC6wYCpRLovR9XtgGWNvH7ubZTbgB5fchGgKtywm1Kzkm3VNeH/rhJu6F4qmDnig6FE7BUva
X-Gm-Message-State: AOJu0YwwdI7sDJx2aAsnogeeoMFfRggqTHL4U+mXkQeEp9N5zmpj8yBP
	Od9MgHjFv442uNkz3m+i0nRqG36aHl6woShVZKsHJGM7TjPmYzzehr9jiN6AXGpmPunUBionh4v
	94T+Qx7jAT1nNNSqVpOKnWZs30sSizvSVhwCD40OXL/FrgXNqZ7MjKDvZn08s6SUUPEF6HQdA7w
	Ilqg==
X-Received: by 2002:a17:906:d7d9:b0:a80:f79a:10c9 with SMTP id
 a640c23a62f3a-a8366c387e8mr373890066b.12.1723713895286;
        Thu, 15 Aug 2024 02:24:55 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEUDE6UeM03+0fYWSQvu+kTAfAhwxSnFGl4olPqV1KLax6wyKK7710ZFz/zECKrL7s7mRsrjg==
X-Received: by 2002:a17:906:d7d9:b0:a80:f79a:10c9 with SMTP id
 a640c23a62f3a-a8366c387e8mr373889366b.12.1723713894907;
        Thu, 15 Aug 2024 02:24:54 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.24.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:24:54 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 04/11] fs/fuse: support idmapped getattr inode op
Date: Thu, 15 Aug 2024 11:24:21 +0200
Message-Id: <20240815092429.103356-5-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

We have to:
- pass an idmapping to the generic_fillattr()
to properly handle UIG/GID mapping for the userspace.
- pass -/- to fuse_fillattr() (analog of generic_fillattr() in fuse).

Difference between these two is that generic_fillattr() takes all
the stat() data from the inode directly, while fuse_fillattr() codepath
takes a fresh data just from the userspace reply on the FUSE_GETATTR reques=
t.

In some cases we can just pass &nop_mnt_idmap, because idmapping won't
be used in these codepaths. For example, when 3rd argument of fuse_do_getat=
tr()
is NULL then idmap argument is not used.

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v2:
	- pass idmap in more cases to make code easier to understand
---
 fs/fuse/dir.c | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 1e45c6157af4..a5bf8c18a0ae 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1157,18 +1157,22 @@ static int fuse_link(struct dentry *entry, struct i=
node *newdir,
 	return err;
 }
=20
-static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
-			  struct kstat *stat)
+static void fuse_fillattr(struct mnt_idmap *idmap, struct inode *inode,
+			  struct fuse_attr *attr, struct kstat *stat)
 {
 	unsigned int blkbits;
 	struct fuse_conn *fc =3D get_fuse_conn(inode);
+	vfsuid_t vfsuid =3D make_vfsuid(idmap, fc->user_ns,
+				      make_kuid(fc->user_ns, attr->uid));
+	vfsgid_t vfsgid =3D make_vfsgid(idmap, fc->user_ns,
+				      make_kgid(fc->user_ns, attr->gid));
=20
 	stat->dev =3D inode->i_sb->s_dev;
 	stat->ino =3D attr->ino;
 	stat->mode =3D (inode->i_mode & S_IFMT) | (attr->mode & 07777);
 	stat->nlink =3D attr->nlink;
-	stat->uid =3D make_kuid(fc->user_ns, attr->uid);
-	stat->gid =3D make_kgid(fc->user_ns, attr->gid);
+	stat->uid =3D vfsuid_into_kuid(vfsuid);
+	stat->gid =3D vfsgid_into_kgid(vfsgid);
 	stat->rdev =3D inode->i_rdev;
 	stat->atime.tv_sec =3D attr->atime;
 	stat->atime.tv_nsec =3D attr->atimensec;
@@ -1207,8 +1211,8 @@ static void fuse_statx_to_attr(struct fuse_statx *sx,=
 struct fuse_attr *attr)
 	attr->blksize =3D sx->blksize;
 }
=20
-static int fuse_do_statx(struct inode *inode, struct file *file,
-			 struct kstat *stat)
+static int fuse_do_statx(struct mnt_idmap *idmap, struct inode *inode,
+			 struct file *file, struct kstat *stat)
 {
 	int err;
 	struct fuse_attr attr;
@@ -1261,15 +1265,15 @@ static int fuse_do_statx(struct inode *inode, struc=
t file *file,
 		stat->result_mask =3D sx->mask & (STATX_BASIC_STATS | STATX_BTIME);
 		stat->btime.tv_sec =3D sx->btime.tv_sec;
 		stat->btime.tv_nsec =3D min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1);
-		fuse_fillattr(inode, &attr, stat);
+		fuse_fillattr(idmap, inode, &attr, stat);
 		stat->result_mask |=3D STATX_TYPE;
 	}
=20
 	return 0;
 }
=20
-static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
-			   struct file *file)
+static int fuse_do_getattr(struct mnt_idmap *idmap, struct inode *inode,
+			   struct kstat *stat, struct file *file)
 {
 	int err;
 	struct fuse_getattr_in inarg;
@@ -1308,15 +1312,15 @@ static int fuse_do_getattr(struct inode *inode, str=
uct kstat *stat,
 					       ATTR_TIMEOUT(&outarg),
 					       attr_version);
 			if (stat)
-				fuse_fillattr(inode, &outarg.attr, stat);
+				fuse_fillattr(idmap, inode, &outarg.attr, stat);
 		}
 	}
 	return err;
 }
=20
-static int fuse_update_get_attr(struct inode *inode, struct file *file,
-				struct kstat *stat, u32 request_mask,
-				unsigned int flags)
+static int fuse_update_get_attr(struct mnt_idmap *idmap, struct inode *ino=
de,
+				struct file *file, struct kstat *stat,
+				u32 request_mask, unsigned int flags)
 {
 	struct fuse_inode *fi =3D get_fuse_inode(inode);
 	struct fuse_conn *fc =3D get_fuse_conn(inode);
@@ -1347,17 +1351,17 @@ static int fuse_update_get_attr(struct inode *inode=
, struct file *file,
 		forget_all_cached_acls(inode);
 		/* Try statx if BTIME is requested */
 		if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) {
-			err =3D fuse_do_statx(inode, file, stat);
+			err =3D fuse_do_statx(idmap, inode, file, stat);
 			if (err =3D=3D -ENOSYS) {
 				fc->no_statx =3D 1;
 				err =3D 0;
 				goto retry;
 			}
 		} else {
-			err =3D fuse_do_getattr(inode, stat, file);
+			err =3D fuse_do_getattr(idmap, inode, stat, file);
 		}
 	} else if (stat) {
-		generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
+		generic_fillattr(idmap, request_mask, inode, stat);
 		stat->mode =3D fi->orig_i_mode;
 		stat->ino =3D fi->orig_ino;
 		if (test_bit(FUSE_I_BTIME, &fi->state)) {
@@ -1371,7 +1375,7 @@ static int fuse_update_get_attr(struct inode *inode, =
struct file *file,
=20
 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mas=
k)
 {
-	return fuse_update_get_attr(inode, file, NULL, mask, 0);
+	return fuse_update_get_attr(&nop_mnt_idmap, inode, file, NULL, mask, 0);
 }
=20
 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
@@ -1515,7 +1519,7 @@ static int fuse_perm_getattr(struct inode *inode, int=
 mask)
 		return -ECHILD;
=20
 	forget_all_cached_acls(inode);
-	return fuse_do_getattr(inode, NULL, NULL);
+	return fuse_do_getattr(&nop_mnt_idmap, inode, NULL, NULL);
 }
=20
 /*
@@ -2094,7 +2098,7 @@ static int fuse_setattr(struct mnt_idmap *idmap, stru=
ct dentry *entry,
 			 * ia_mode calculation may have used stale i_mode.
 			 * Refresh and recalculate.
 			 */
-			ret =3D fuse_do_getattr(inode, NULL, file);
+			ret =3D fuse_do_getattr(idmap, inode, NULL, file);
 			if (ret)
 				return ret;
=20
@@ -2151,7 +2155,7 @@ static int fuse_getattr(struct mnt_idmap *idmap,
 		return -EACCES;
 	}
=20
-	return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
+	return fuse_update_get_attr(idmap, inode, NULL, stat, request_mask, flags=
);
 }
=20
 static const struct inode_operations fuse_dir_inode_operations =3D {
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 997D120125A
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713901; cv=none;
 b=LswvVM8AKLEgw0clJDfa5kmvNVhVCQk3+X0bpz94N/6qT5Zvc/uiQ8Wm4PCXpl2iG2QTGQ+oCbn8y8IepkkeiEKlaD9mcta3wqW/R2oqGtv+urW4DQZuVCzAz74MKMtMFsIF6PSJi2e/wGLANvvOg/dstN4oIho33fPc9jtKILg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713901; c=relaxed/simple;
	bh=ONyUrWrgUBZRJvO+nhcwWS/g3zi/w0z15wLOTv3nesw=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=YDNTFKX/gyAYnS0X5D3pVKQvJVp8m7ZilfPKMudMWHZlX02msZ8PeUxoJKhloNj63oYj+JOuJNiEiRjEzlAPGhTlUeweyQvF1djGvoB0fJfRUPcNbDo3fLEoKsTKonGZzt66Y1gfOGLD8SKJVy/LJRdaIOtwPlkCwHqj+icbeWw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=WQbp65R9; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="WQbp65R9"
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com
 [209.85.218.71])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 5B29B3F1EE
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:24:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713898;
	bh=+wGAYIUsqVxDBSfRQAij7GIIUQJC7PY8L940f+LK16E=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=WQbp65R96KUqMq2tQQHAbqCR5RPCIB/wA8HBBObPm/zqYgr/CKsvdBqUCfVTWd0aG
	 Zy1SMf/Xcl50OFvzBcAnmboTuEWWFsJY8DdNz5+OXF6SbHTXndPsVoh+YxUrscscS7
	 xLZEwojxqawnYpaHCQzpcnmOQmBc8R/Ex6bOVQAekGxBY4RWSkkxhYBxBNjz0H4VvX
	 bDTm1lTZLF/1tQ/2rZzKaoWrSMLHDZa8XCYocp0NlcjcMGoKZFU6kBGPAu1sE9kCR7
	 g+RB2AAGtpA+kA9FJa7IGVQaeDfd0zFQIYBrbCWYuyuD1j2kpqFZTD4MJq0xMj8dcx
	 Lq3VHpnp0bFig==
Received: by mail-ej1-f71.google.com with SMTP id
 a640c23a62f3a-a7a979cae97so72621266b.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:24:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713898; x=1724318698;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+wGAYIUsqVxDBSfRQAij7GIIUQJC7PY8L940f+LK16E=;
        b=fle4owXX94ELZHgwYlngLRWELKwIhHE+ToMMw14vi4KaQJJ9lYYfeanXAE3WUso0hm
         2zaxCIFCOQPLgBn0evqSDs0LcV9efj2xwC92N/oM4tygIRKAC38KsPVIXXSP7uoDvVAD
         r7hVTqHx5JqAtlmqspBV3SUNj94zc0Bc0A+w0C6kUHRBQRj0pwBWDzEa3AuldrmmxdiU
         FZqbsWAXnZemSw1/s8mPE+RvMpz7p+YAhfxTXF8T/GhJiAOog5HPHsqy0hp6SoDM7Pr5
         5Ogv+VPpthtFmdLaM57PQ3auCOORBg/RMUQn+XTzPJrjtwV9qM12NSbTQfwNcZjvnwCJ
         /OBg==
X-Forwarded-Encrypted: i=1;
 AJvYcCW0FOWOhA0KwAMKZ+G4mZF1VObMYPJBCGFP/1Fls0JzMTEIOIPu3E2k2jCYFe8uv4paA9cFDm8fCuVlf745iwP3I6odKJ4vqy62pWAA
X-Gm-Message-State: AOJu0YzuWYQ0hWzR3IT+4eNjPzquHoTcFjlZ0wMjSvNC9wsN4aZHtgGG
	7UUpzA0mzsS7slNqKQS7T2CQwEp7bjFOgQY2Vo+5uWkNuDwCt/WUz+ZvpdJZiVin8N9b6MLiTq4
	p4Lwb3Ywoyqz73O8VU6Iwfh4c9KGTCcSrFYkCAdapMcEeVBRaXjgwTuCHnQxsj8hGnUilM5/4Wq
	yzcQ==
X-Received: by 2002:a17:907:c7d3:b0:a7a:bd5a:1eb2 with SMTP id
 a640c23a62f3a-a8366ff3a98mr420619266b.54.1723713897815;
        Thu, 15 Aug 2024 02:24:57 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGuKDZsZwogroqc1dsjEpW71XEGxJgIgeq15px+a9+tIq8OenSZ6u8PMrp1qdRVRLS8F9toSw==
X-Received: by 2002:a17:907:c7d3:b0:a7a:bd5a:1eb2 with SMTP id
 a640c23a62f3a-a8366ff3a98mr420618066b.54.1723713897408;
        Thu, 15 Aug 2024 02:24:57 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.24.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:24:57 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 05/11] fs/fuse: support idmapped ->permission inode op
Date: Thu, 15 Aug 2024 11:24:22 +0200
Message-Id: <20240815092429.103356-6-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

We only cover the case when "default_permissions" flag
is used. A reason for that is that otherwise all the permission
checks are done in the userspace and we have to deal with
VFS idmapping in the userspace (which is bad), alternatively
we have to provide the userspace with idmapped req->in.h.uid/req->in.h.gid
which is also not align with VFS idmaps philosophy.

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
 fs/fuse/dir.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index a5bf8c18a0ae..cd3b91b60cae 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1567,7 +1567,7 @@ static int fuse_permission(struct mnt_idmap *idmap,
 	}
=20
 	if (fc->default_permissions) {
-		err =3D generic_permission(&nop_mnt_idmap, inode, mask);
+		err =3D generic_permission(idmap, inode, mask);
=20
 		/* If permission is denied, try to refresh file
 		   attributes.  This is also needed, because the root
@@ -1575,7 +1575,7 @@ static int fuse_permission(struct mnt_idmap *idmap,
 		if (err =3D=3D -EACCES && !refreshed) {
 			err =3D fuse_perm_getattr(inode, mask);
 			if (!err)
-				err =3D generic_permission(&nop_mnt_idmap,
+				err =3D generic_permission(idmap,
 							 inode, mask);
 		}
=20
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78428201266
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713903; cv=none;
 b=JBeEwTnyIzuZqRTCyBFMEQT5G1nwv3Udt7cN3eiUF6pwUdh4SInalTZJU3COCWkqQpt7h1Mt0JnnxGYc1+rCvrAy9x3281Mmti5lxJExjY/4Mnfl5dEO8xIEqSn7lolMPmhszZKjSAcf750URJ+GPkvFqhgl+7D9Ft/LNRvEsMc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713903; c=relaxed/simple;
	bh=WQyGP3ArX26n53a7N84tK4GY62m6jwfx6zeJykj/kFg=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=FQWzMaZEUq8UkSfk5mIjZ3H+eWlCll9sN28nLKfRDq+jBLKXMQ2rruKA8yh9bD5lD7hD1aSvtt46IY+ZuNR6Kfp/XCideLZI/PwokPL25pJX3/tnxWFcycbptqpG7pRuY7HPX205LysIVpTIAAPV/wSzpt/Fdy9VM3J9XwSmA6E=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=eNbIQsEv; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="eNbIQsEv"
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 0416B3F366
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713901;
	bh=Cr6mS4vM8svS+Y0pvJjPEy2yIGPChWIqWWxar373974=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=eNbIQsEvZldRwn49O7RMTs8/4A1+0NbR22unjmkn9RNI2PSOTYrZpPgH6JlItTBh4
	 NdG8u+Rtjsvvjz76ZBCR0tUjzfwy9zsfy/O/vfEMlXY1HL7giQVAR8+I6q0xJOxdcF
	 Ga/zKXVbxIzfEHq1M7vbs2PZgB0Eu7q1xmDueTqQk1U+mDhzw63XgLiq/POYtihnFy
	 j68cltb2J8miKV82LhGCLITraIAbYyFC8sGoUgLIDCBDRE4KaNORk6T5QsGbzMFbKT
	 Sg9B5Pvci6+2eMTt2J5xPFBbI+eKkyHJ8V3NqgNJNTVnZHI01GhQL8noWY9LMdxwUL
	 pRQ2JR7Z5oSQg==
Received: by mail-ej1-f70.google.com with SMTP id
 a640c23a62f3a-a7ac5d81e2dso56127066b.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:25:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713900; x=1724318700;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Cr6mS4vM8svS+Y0pvJjPEy2yIGPChWIqWWxar373974=;
        b=uct9INnIiBO1H+0SYNoeMcY0wDToy3AD/HurMFjZnTyRXcrAz1dhhZgDnuSSNF8brx
         nVHIT+qtEzXRbXaM+RsMzVS8H467/RAinqMEIDaysFkkXEcyrD5EQWSWPpVMix1q7IYY
         XIvBWUVTz4naFFeFGrWceAuuax4GRLNU6vgD+eY5M7yVQGXOTyKUQGXjeyLmIU7pV4ah
         X1WWKNjqkBBeJugTwtl6ciqyk5OMeS72fZVXP++WSObVrxklfrnseP/LCPbTp/8gujfM
         fL9debNuxDSA1BPZDr1QhBMl+fuM4LTPhjlrNjHK7Z3/T78ujC971uqHszKBamGOfDS5
         Uf9g==
X-Forwarded-Encrypted: i=1;
 AJvYcCVSYf9viIlZS2FSuNb2iXhim+1CEM0ymBnb/aWjmnFQuorb8HeepN+4pL3bq99ZtfNH+9tbFHukMWCfZcVEPprY+R4J0J00T3XZpEk+
X-Gm-Message-State: AOJu0YzMJ0Bei05Yu9H27De6Nm1NQqhUgVVj2heiOaOorDDPzzkrdVFD
	Xtu+npcYMm7eKIV/IT2bFSjn4Vbmam+fQfYwo3y1ZCP1HTUYpedo8ceY/KAhfGKnfByXkCCJuW5
	HH0ALDEGbExlVWm9IA7+XI2/XG8y1gsmFk81IWVWQ8PVxV4FRY/nJ5aoY9XR5clWi3NNaBZQ0cN
	qEZw==
X-Received: by 2002:a17:907:3f89:b0:a7a:a33e:47b7 with SMTP id
 a640c23a62f3a-a83670722aemr419369166b.69.1723713900164;
        Thu, 15 Aug 2024 02:25:00 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEghyVaXn5Dbtn6avz2ju4iyCpDYekR/UIUNfpUCzBfAEqAmdPwUCKFJ/4+cn52QZhbpY2Qjw==
X-Received: by 2002:a17:907:3f89:b0:a7a:a33e:47b7 with SMTP id
 a640c23a62f3a-a83670722aemr419367866b.69.1723713899831;
        Thu, 15 Aug 2024 02:24:59 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.24.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:24:59 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 06/11] fs/fuse: support idmapped ->setattr op
Date: Thu, 15 Aug 2024 11:24:23 +0200
Message-Id: <20240815092429.103356-7-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v2:
	- pass idmap in more cases to make code easier to understand
---
 fs/fuse/dir.c    | 32 +++++++++++++++++++++-----------
 fs/fuse/file.c   |  2 +-
 fs/fuse/fuse_i.h |  4 ++--
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index cd3b91b60cae..c50f951596dd 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1771,17 +1771,27 @@ static bool update_mtime(unsigned ivalid, bool trus=
t_local_mtime)
 	return true;
 }
=20
-static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
-			   struct fuse_setattr_in *arg, bool trust_local_cmtime)
+static void iattr_to_fattr(struct mnt_idmap *idmap, struct fuse_conn *fc,
+			   struct iattr *iattr, struct fuse_setattr_in *arg,
+			   bool trust_local_cmtime)
 {
 	unsigned ivalid =3D iattr->ia_valid;
=20
 	if (ivalid & ATTR_MODE)
 		arg->valid |=3D FATTR_MODE,   arg->mode =3D iattr->ia_mode;
-	if (ivalid & ATTR_UID)
-		arg->valid |=3D FATTR_UID,    arg->uid =3D from_kuid(fc->user_ns, iattr-=
>ia_uid);
-	if (ivalid & ATTR_GID)
-		arg->valid |=3D FATTR_GID,    arg->gid =3D from_kgid(fc->user_ns, iattr-=
>ia_gid);
+
+	if (ivalid & ATTR_UID) {
+		kuid_t fsuid =3D from_vfsuid(idmap, fc->user_ns, iattr->ia_vfsuid);
+		arg->valid |=3D FATTR_UID;
+		arg->uid =3D from_kuid(fc->user_ns, fsuid);
+	}
+
+	if (ivalid & ATTR_GID) {
+		kgid_t fsgid =3D from_vfsgid(idmap, fc->user_ns, iattr->ia_vfsgid);
+		arg->valid |=3D FATTR_GID;
+		arg->gid =3D from_kgid(fc->user_ns, fsgid);
+	}
+
 	if (ivalid & ATTR_SIZE)
 		arg->valid |=3D FATTR_SIZE,   arg->size =3D iattr->ia_size;
 	if (ivalid & ATTR_ATIME) {
@@ -1901,8 +1911,8 @@ int fuse_flush_times(struct inode *inode, struct fuse=
_file *ff)
  * vmtruncate() doesn't allow for this case, so do the rlimit checking
  * and the actual truncation by hand.
  */
-int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
-		    struct file *file)
+int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+		    struct iattr *attr, struct file *file)
 {
 	struct inode *inode =3D d_inode(dentry);
 	struct fuse_mount *fm =3D get_fuse_mount(inode);
@@ -1922,7 +1932,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iat=
tr *attr,
 	if (!fc->default_permissions)
 		attr->ia_valid |=3D ATTR_FORCE;
=20
-	err =3D setattr_prepare(&nop_mnt_idmap, dentry, attr);
+	err =3D setattr_prepare(idmap, dentry, attr);
 	if (err)
 		return err;
=20
@@ -1981,7 +1991,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iat=
tr *attr,
=20
 	memset(&inarg, 0, sizeof(inarg));
 	memset(&outarg, 0, sizeof(outarg));
-	iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
+	iattr_to_fattr(idmap, fc, attr, &inarg, trust_local_cmtime);
 	if (file) {
 		struct fuse_file *ff =3D file->private_data;
 		inarg.valid |=3D FATTR_FH;
@@ -2116,7 +2126,7 @@ static int fuse_setattr(struct mnt_idmap *idmap, stru=
ct dentry *entry,
 	if (!attr->ia_valid)
 		return 0;
=20
-	ret =3D fuse_do_setattr(entry, attr, file);
+	ret =3D fuse_do_setattr(idmap, entry, attr, file);
 	if (!ret) {
 		/*
 		 * If filesystem supports acls it may have updated acl xattrs in
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index f39456c65ed7..562bdf8d5976 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2966,7 +2966,7 @@ static void fuse_do_truncate(struct file *file)
 	attr.ia_file =3D file;
 	attr.ia_valid |=3D ATTR_FILE;
=20
-	fuse_do_setattr(file_dentry(file), &attr, file);
+	fuse_do_setattr(file_mnt_idmap(file), file_dentry(file), &attr, file);
 }
=20
 static inline loff_t fuse_round_up(struct fuse_conn *fc, loff_t off)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index d06934e70cc5..883151a44d72 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -1333,8 +1333,8 @@ bool fuse_write_update_attr(struct inode *inode, loff=
_t pos, ssize_t written);
 int fuse_flush_times(struct inode *inode, struct fuse_file *ff);
 int fuse_write_inode(struct inode *inode, struct writeback_control *wbc);
=20
-int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
-		    struct file *file);
+int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+		    struct iattr *attr, struct file *file);
=20
 void fuse_set_initialized(struct fuse_conn *fc);
=20
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD01720FA9E
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713909; cv=none;
 b=LwLt321+Uh/r25dSe5BmAms+kBvLogHwIGXCBorIUnJXo3UMSpzvFzuPTszg8ruq7UeMlKgatitY8yUt8n6UbR4kF2E1aurf7wrqRgZxoQ72EBi5bqbJW5H+7od0xGt1xyfxKS4WgTICKFcd8GAdfvfrq9GDgbHDXaBuJtCLnS8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713909; c=relaxed/simple;
	bh=4adc61tKzjK2fTdo7B9pTquQAHQKVd/XEnUnW9CoK7g=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=rMPDENPrrGvUQ2E3iZ+hk2cZKVWE5qUL5o8dj71CT4YzwVC896lf1cI9YMbeCwBl5ZCkpuvguLwuu3qMMgokF2SkQV0wZJdY8+vrZW0W1ZzisfjNxjF4lPzy/wuE7K5cdbM9AaTmGpyFut4O6GNjqudpVXSl5jSWgMRKJIS9Ftk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=UIYCB4+z; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="UIYCB4+z"
Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com
 [209.85.167.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id A81BE3F1F4
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713904;
	bh=ftHOv+os2MH3Qk9OKnsGMHrGZxHBoFg3umKFJ4e1joU=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=UIYCB4+z5EbOWyrXTzJdInv1JeaqJIpamaPIE3EVfbPSGfDqPQKuNKPAkmpxn/lmw
	 nXabgONUnyHho9shbaI1ckjznDFKQIejPGQn+985282MPtRumZEYs5FK4TYRFRBvn6
	 29FIVlWJ9cMJzh7iT+VWmXzA9Ukkl4YNecpD4TKrGaDbJq1z9bnZtwU8FePf0gRoKa
	 P++0uE7BwnQ/ZlaNMDTP/8rwGv0CU7s3tOtD8CSJN8MV3UKEM/al2c+g6CDliCQNAH
	 7nNemvLUYwdXjJl47u/07H2X2VC4IEkalZvJZvFIKjBlHi8zttjvKQULUWOxb6+S3D
	 XBjh9xHYDxHsQ==
Received: by mail-lf1-f72.google.com with SMTP id
 2adb3069b0e04-52efce218feso776964e87.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:25:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713902; x=1724318702;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ftHOv+os2MH3Qk9OKnsGMHrGZxHBoFg3umKFJ4e1joU=;
        b=aSDGjLL+oUtkc2/dyl/1aqCcLcauL+nsQgASktVsIcGk4MLYOFAf9g/1S/DiZg6+Fg
         snq+Uf16ZoOxPBu5+KdzDpG0W9hFpFqtdR6SXTEf7Lc9drpwg4UXHSHN6veaVHYzX6+s
         T3UaYXWs8mSHoeY8u4oDcjK6SDibfwZohSHEgrxuy+XUHvHgNBBeQWWDByLW8TB773h8
         kSXxenW5CNxoqw1ynCUjQP8ulNG/WkdFXPMcuUWjkMjzW0J8g+ppm7IYfE/YnF39ruyJ
         DX1dqrm5amVfwuU7RK/vsy3rr3Xg51zTQ11sO2YSmrFz9TES9cYnnus4oqznbFVVf15O
         XEOQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXp3n/FkEMcJQ3F4OFfohYGKJxhOjUU/q1l7ipq2nZdAo8RRDLSmjuOi+bL9YcCojUyuUmW//z8Xz+dIqt9+L9aYICcT+gq/N/gEEj6
X-Gm-Message-State: AOJu0Yy5Pp9aMH4bMh1ce1IPSOF2bbsFjdXM6Q+1CKrFgwvNeJVPsD9L
	qdRYRjMq9Xse8r9G6n13BtIU7p4PxzQkDjKGV218EqmGv8cQJoq8PO21CdcW9XWWQS751Irjdl3
	kw3hHXneROM+UjYV7IYVkWT7BJpU0HUb5hj7o87gXNiyG+LFOzlMqnRIql01yBRKzPfrQ40AtF8
	MrlQ==
X-Received: by 2002:a05:6512:282a:b0:52d:582e:410f with SMTP id
 2adb3069b0e04-532edbbcdddmr3352417e87.46.1723713902561;
        Thu, 15 Aug 2024 02:25:02 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHTZkKDHUW/a1SQ8jPfQJ+Q+tEU5ep/4T2uXV0NfHa+967OhzX5TBfB5pRRpmHTOYVJYolsYw==
X-Received: by 2002:a05:6512:282a:b0:52d:582e:410f with SMTP id
 2adb3069b0e04-532edbbcdddmr3352395e87.46.1723713902114;
        Thu, 15 Aug 2024 02:25:02 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.25.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:25:01 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 07/11] fs/fuse: drop idmap argument from __fuse_get_acl
Date: Thu, 15 Aug 2024 11:24:24 +0200
Message-Id: <20240815092429.103356-8-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

We don't need to have idmap in the __fuse_get_acl as we don't
have any use for it.

In the current POSIX ACL implementation, idmapped mounts are
taken into account on the userspace/kernel border
(see vfs_set_acl_idmapped_mnt() and vfs_posix_acl_to_xattr()).

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
 fs/fuse/acl.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c
index 04cfd8fee992..897d813c5e92 100644
--- a/fs/fuse/acl.c
+++ b/fs/fuse/acl.c
@@ -12,7 +12,6 @@
 #include <linux/posix_acl_xattr.h>
=20
 static struct posix_acl *__fuse_get_acl(struct fuse_conn *fc,
-					struct mnt_idmap *idmap,
 					struct inode *inode, int type, bool rcu)
 {
 	int size;
@@ -74,7 +73,7 @@ struct posix_acl *fuse_get_acl(struct mnt_idmap *idmap,
 	if (fuse_no_acl(fc, inode))
 		return ERR_PTR(-EOPNOTSUPP);
=20
-	return __fuse_get_acl(fc, idmap, inode, type, false);
+	return __fuse_get_acl(fc, inode, type, false);
 }
=20
 struct posix_acl *fuse_get_inode_acl(struct inode *inode, int type, bool r=
cu)
@@ -90,8 +89,7 @@ struct posix_acl *fuse_get_inode_acl(struct inode *inode,=
 int type, bool rcu)
 	 */
 	if (!fc->posix_acl)
 		return NULL;
-
-	return __fuse_get_acl(fc, &nop_mnt_idmap, inode, type, rcu);
+	return __fuse_get_acl(fc,  inode, type, rcu);
 }
=20
 int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16C6D20FA98
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713909; cv=none;
 b=E3xNFwPOuqPhG7r1uFkp/VoBuvmlP7YR7OtHvsmKOvFbIxyhJOnSngfxD5n9nt4H+tHG3Y/8HxdjsXOcbSWgNWlxbHh6yEZVNLTOGRPqYxNYXmMQuZYuJnY7BaFKAoBv7hQBLD0jmN/8SEtSFBxQLLPQHgn52LqJeaSenEv4WTE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713909; c=relaxed/simple;
	bh=ItY86ikXLB5CiOOsAivB6bVSog31+kYXgujXhFdDat8=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=kd3TlYlzZw/ZAsysdmAicT62FXJ8WV/1JCAzDMHBvak8AZJGt9BwGAgOGEbGVFuzKF+ZjIMUfwQMwciQtYwhlji4hFF9PoMAEIHpbHxqKQdvg3/6Y6valVok9Vf7gAHtI+hvCFb4eKhKBrx99hKzL3UOsbVWpGvf3Tp7bRu10ig=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=BnNj6wA3; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="BnNj6wA3"
Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com
 [209.85.167.70])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id CA53F3F48A
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713905;
	bh=AKgOJzf1FD6sazbw1kqXlY4ydMZMTG/q+wfid3Wy6NY=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=BnNj6wA32LnXZeoy9bPiT9cHPmdDa5RY1xbOnsPZfWZ4Z5pJQ3G27FCyDkou+WP84
	 lP90pDEmHaOETD3tVIhqu4kS1eRBt7xcOS/rCh8WL8CvGvq6yR2a5PIA2RkgqwJuoX
	 pRROiMyYB5vIhmxIYh4ksr+Q5RkvCxiWbRgk4rwg+sjMnP6cBOaaRNfpiM4vlEI8DG
	 AguQw7yvKnashWjPwILQPvm6/VHUVPCLZ5Dvir/46+YiXbDNHZ4FG6ru4dvu6qBly/
	 nL9x43gQgYYJ2BBiHKrAUCNoeZt3JRufpNGgN3DjzImjJ4ngAZP3o17xdx6F/z7IgZ
	 G4M95KqjjvG+Q==
Received: by mail-lf1-f70.google.com with SMTP id
 2adb3069b0e04-52f00bde29dso872190e87.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:25:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713905; x=1724318705;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=AKgOJzf1FD6sazbw1kqXlY4ydMZMTG/q+wfid3Wy6NY=;
        b=mcdI5SGVQmUyHQ8Y+7ZTz8SROdQ/KThdss4kx11pTcfnhqzVV/VzGXWYuQdW15lCJg
         496FYHlXcQoC4bdaHQstYvFjeX4twIC3SgO5zjSJjq184IuEDRlP6tFC8trwvBlEaiym
         eUQvuGbxSK/QlC53K5wlRTtr83q+Ld8KvS9VyLBnf5+QS7DXI4z9i/tA3/HDfebxYBzQ
         UgrYKnlr1x/PueJvb/c+8C2AJMx+KSFssybHFbm/DmkVXA6cM2/SdYzExeOFgleCZZ/+
         uVFgJXxZCN/6e5Mv5+qsBwTtpL9UYE3Ts9ATcu2EcPSK4fObtbdoKx0o5XJgnP2qKMxs
         bqUg==
X-Forwarded-Encrypted: i=1;
 AJvYcCU8dfGm88ghFRMoUFQItx53lU8sa2maT8sMya1XK+i9WMOmkKQP7l6ZniPEyEfGpQMQ3rKetfM8L/dfqIsIxz4Baq6HVQmD17+ZUwmM
X-Gm-Message-State: AOJu0YwMjY6Z3qUffUiR3c7uE6DXyfXKArX+9GtzHxj6ELurT13qxUv3
	q7PLohacjV1fXR8W7GyNbFjSFSu30/M5chCGuGZcw/9TSFPYNUu3XdU8Y/YitmnuGVw2XDycWjS
	C39PWxH738eyX75N9EXC3fnpSX5r/JUt7vuyPFp1Rd8/DIu3FhZNdpzprcaVgVXn6xqFaf7AKsj
	ZrMg==
X-Received: by 2002:ac2:5695:0:b0:532:fb9e:a175 with SMTP id
 2adb3069b0e04-532fb9ea617mr3817508e87.6.1723713904888;
        Thu, 15 Aug 2024 02:25:04 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFGx/vdKNpZNgVQz01CbRwoXGyKCak1Dnuqwz633QdtWw+oIMOWdvHhKLICOjgJpC7mpuObEw==
X-Received: by 2002:ac2:5695:0:b0:532:fb9e:a175 with SMTP id
 2adb3069b0e04-532fb9ea617mr3817480e87.6.1723713904456;
        Thu, 15 Aug 2024 02:25:04 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.25.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:25:03 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 08/11] fs/fuse: support idmapped ->set_acl
Date: Thu, 15 Aug 2024 11:24:25 +0200
Message-Id: <20240815092429.103356-9-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

It's just a matter of adjusting a permission check condition
for S_ISGID flag. All the rest is already handled in the generic
VFS code.

Notice that this permission check is the analog of what
we have in posix_acl_update_mode() generic helper, but
fuse doesn't use this helper as on the kernel side we don't
care about ensuring that POSIX ACL and CHMOD permissions are in sync
as it is a responsibility of a userspace daemon to handle that.
For the same reason we don't have a calls to posix_acl_chmod(),
while most of other filesystem do.

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
 fs/fuse/acl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c
index 897d813c5e92..8f484b105f13 100644
--- a/fs/fuse/acl.c
+++ b/fs/fuse/acl.c
@@ -144,8 +144,8 @@ int fuse_set_acl(struct mnt_idmap *idmap, struct dentry=
 *dentry,
 		 * be stripped.
 		 */
 		if (fc->posix_acl &&
-		    !in_group_or_capable(&nop_mnt_idmap, inode,
-					 i_gid_into_vfsgid(&nop_mnt_idmap, inode)))
+		    !in_group_or_capable(idmap, inode,
+					 i_gid_into_vfsgid(idmap, inode)))
 			extra_flags |=3D FUSE_SETXATTR_ACL_KILL_SGID;
=20
 		ret =3D fuse_setxattr(inode, name, value, size, 0, extra_flags);
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D90DE1BF33E
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713910; cv=none;
 b=Qhtf3c3G4bXT3NXgTa6TwYR1c6kYopxV5DM25PRFRUSS0tXolbRo8R2aa14rDL9jT+d5yEzuhOfBFhajAtmHAkXOhuRn5ZWUe5OvL7stmBb/mlHSLY1o44cdl32SVksrUas55KNG2xUFjYxWDHVwHNa8Dx8/3KxaC3/9jwfOw/E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713910; c=relaxed/simple;
	bh=9LyCmNQL+Wo2sLWHPY86vHgjnCGu8A+hXloJ3pDxAko=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=Qx/wnaUoNRo1dMO9Bv4+0crMzE6sZgD3hcYhA8hl9XhLjetHpdY0Qgxzu546deOxtLibBr62hYMgnuw3jwHwBVtUKXDdSgFow9ND+egXNqm9FkzpaQJqoJKODodxsDuZyaFDO1gOAPB6oJTNivYW79xKmxO0OGtyp+Vljc8vDHU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=R86FgbAk; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="R86FgbAk"
Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com
 [209.85.218.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B14D63F429
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713907;
	bh=ex29ohbhGi3Fy6+0Qs/1K/FDT7vHiirCCSI2eAx8vvk=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=R86FgbAkGw8v8oIzoq6yVS/N45XM7MC35LVyhhnJYLgPT+P1mtfCZ1juOGIJk24I2
	 wHln28uqSibfD9o/Ck2KAMUOJV7uhJbbxEtGMrrEgxl7tc7INt7yQF7RCt8/rP5mZ3
	 wxRWWqOuTR7Pt1zKkxsI3+MdiGIqknitdln2Fmry27A21GCnxIEk/8KfAWM5YctxjR
	 jvayuk5uUbXAcqQ/rDnqrScP+29Udp3xUHVxOKM3JVF1fKRqoK9ZxeUzml+HIdrpA6
	 LBJB40UcnPOOf7ELFeSmNuCpnCTIWAEiE0MB7aeKE5gY4VkA7nk8nSacTWLHeIbhXl
	 1s+PvInnZg1Yg==
Received: by mail-ej1-f72.google.com with SMTP id
 a640c23a62f3a-a837cc95c77so66421266b.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:25:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713907; x=1724318707;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ex29ohbhGi3Fy6+0Qs/1K/FDT7vHiirCCSI2eAx8vvk=;
        b=KCYCdoxg6Nqyd8IDQjyv3uIPMJ9CnLqA3fFQVNi7ZV9g5cC0oobfxdJ+xmjq+jHiib
         rW7Qz0Z4gP4DoE1r58C0MdjXqE7uU25RkhVNc1/Ts2am6oBiHBJcUnGUCsz1tO2pzoIX
         BaFbJFFgDBwUl/6/ZnVCtX8MMKEy+qiEKV9+Aujq2FfF6MrouzIQszJwWw5aZp6ETMR3
         oKrlC8cLcQm8TAU5sIl5w02Kz7s91LuW/BpYRZtiAhaie2x840icRRN1/Q9xgjMQ6z3U
         ykqW50ghpxepktHi9GFYRcokLuY7y9BpdWWnqA6BA1N5tifnjscsu1OsEl6JYC2m8/YP
         nzjg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVf4hSb5M+CNdGb9Ypr+ozZj33nxu8uvdi/Hok76IKJDNcVMYJgGVNqJmHbMYa8HvaecO/l6sIESGVzaUioi4mBbUa9Nzg50YIb38z2
X-Gm-Message-State: AOJu0YxNXUrrwdpmE3OJXZnFY7Q2EOZlL2+rHTzSgzoQNVna8hwe62ZU
	Y3zscrx+1gI9sjiFEMGq3wI5zu0LTwtXyxuHkTzVmnf8dnbtQwjBAqYEqrxkB/tZGn+K4KCHjqn
	+Zy2NW/yxl1HpkWkz3RjpzIUZovcYuaG+JYtjRIbhaty0MLUvHtuGgRH9Cym67cZkQ7e37ppQ8m
	XpQw==
X-Received: by 2002:a17:907:e622:b0:a7d:cf4f:180b with SMTP id
 a640c23a62f3a-a8366d5be39mr383852366b.32.1723713906894;
        Thu, 15 Aug 2024 02:25:06 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHZ5OnmkMFXHCENGvuouya0YLtsXvkFjYOL6tsjC3SgQjQW5b/e4j/Mtgu8clZbCAuhvbK4pg==
X-Received: by 2002:a17:907:e622:b0:a7d:cf4f:180b with SMTP id
 a640c23a62f3a-a8366d5be39mr383851166b.32.1723713906574;
        Thu, 15 Aug 2024 02:25:06 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.25.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:25:06 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 09/11] fs/fuse: properly handle idmapped ->rename op
Date: Thu, 15 Aug 2024 11:24:26 +0200
Message-Id: <20240815092429.103356-10-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Support of RENAME_WHITEOUT with idmapped mounts requires
an API extension for FUSE_RENAME2.

Let's just forbid this combination for now. It's not
critical at all as it's only needed for overlayfs on top
of fuse/virtiofs.

Choice of EINVAL is not random, we just simulate a standard
behavior when RENAME_WHITEOUT flag is not supported.

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v2:
	- this commit added
---
 fs/fuse/dir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index c50f951596dd..0cd01f25251f 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1111,6 +1111,9 @@ static int fuse_rename2(struct mnt_idmap *idmap, stru=
ct inode *olddir,
 	if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
 		return -EINVAL;
=20
+	if ((flags & RENAME_WHITEOUT) && (idmap !=3D &nop_mnt_idmap))
+		return -EINVAL;
+
 	if (flags) {
 		if (fc->no_rename2 || fc->minor < 23)
 			return -EINVAL;
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90ABE2101BC
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713914; cv=none;
 b=FMM+QlVVfvuoSHuJJ+f6I6tb4WdABhhcuP9HcOLUrKHhuF+YlJa8lnNYdZlrEI4EtIGVCWhlDJ88ZQYFpCZ4fkTNvuTkSjqvYs07AqDSP/hV9Og4ryU6H3X4ENqK1rhQ+lTQLFW4Flh/B/nBhoJl8edX9ZWmUSiwNEwHSH7dIgk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713914; c=relaxed/simple;
	bh=Uvo6a5h0Mq4wDc4UKZj3kSS6IHIbPsNpdHtWtHYTJrE=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=mAgajzgataRQoLQ6l65RTNsAddRUbh3chFb7K3Vnp5mJstj+vixTz0y5kAxHkRdqB0Cho0uUyEZfKRHMQ9g2TzopyUvQvv+K9I72EF4IHshBqPTlxLO+OFErlZZaJyykwTQkgEQGbh8oPbj3XfP/J/3dGda43ZYLZFO0GDe7VAg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=X7pteKxh; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="X7pteKxh"
Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com
 [209.85.218.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 30D823F1F4
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713911;
	bh=63Iup0ra8rDQZw3AHJfX27OH/U8X3fJMxHpyqnCbE2I=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=X7pteKxhTQdg6dDKuM17Z4/hWR5DvkQhqHozDJFSmU9/1oUypHAs26OiJNOJm5DC0
	 TOWIwK54ndx+agaNEg0AiHWha6fj2NSWEW7SwuUXA2q6ByUfGHazkBpugUqYmDuxnY
	 jDyfzKph3kDXJZi4nDQFGWNeWOSCV/DofyxCiR7E7VmGOkuK9uViyz1qhwGzkxsj4t
	 nazEqdWOWTsB+GE5JiJ+AW70DhORI+kzlc1RaKGYtnqzdn+TmVepReAQPa0oI4QnAi
	 J7E/jIl4TNIyuZ0jKuDTyxZ/s6sNaNbzf8gg906Rxj6fb4Tm6y1nxgyYiHtetUx3mX
	 Zi0fukupu1LQg==
Received: by mail-ej1-f72.google.com with SMTP id
 a640c23a62f3a-a837cc95c77so66423466b.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:25:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713909; x=1724318709;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=63Iup0ra8rDQZw3AHJfX27OH/U8X3fJMxHpyqnCbE2I=;
        b=oOyb861onB6LvePuMv9o9WnboREHshXe+vITjvfmDdH3CT1GJvJqtfm1v9nc+oWW49
         kDOXiNPQkEGtPeuIWOoz54FHb/x8X5JgIdvLB/kASh1oC5r+eajt9l3AWg6NzcXEYtHu
         9jNonYVp1yV081V7TOFo/vJzt9Fg7jzPW39uPSJcihm4ZKRwfXRU72byiRAK0B9FF2uQ
         UC+Q2LmNC8tpmdnOzyUWUbJhwVHJv4ZhQZvFmq6NVxdIBcdy7y4jxKQYCXUoYxUjldKO
         A1yemB4njeaNbjiMLsOjuYjDaj73t8Efqzg/3e1QpmjQOB1rRhkTgF+EZjsVW2IuSkKh
         /9Ag==
X-Forwarded-Encrypted: i=1;
 AJvYcCXSL0QHjLYDffj/07xrFHHNAZtVX91UBgfCJxzIJX8vwhNN61aLIY21humz6KwNwlqV+voEg20f/veErA1IzU3XMXDQqu8rFzO+ytW4
X-Gm-Message-State: AOJu0YynKSvjAA+xjH457emaopalheHXUFBy/UiUMTLI/SRB9o2w2nQs
	O/Jp96kLllpeAqahbi6XBtlBkjAaW9q3nKkyo9GKq5+1xg08j13+1NmIJfkXrGLx1nOUOOmb761
	ug5nD3t8DTH94axGwApO9c8DZfc5wt5+MwUU9iQcwfDkjGhDUaeipi0EK/giCLyxa+m3cYPdpWP
	NmNw==
X-Received: by 2002:a17:907:ea5:b0:a80:bf0f:2256 with SMTP id
 a640c23a62f3a-a8366c1e7a1mr381459466b.8.1723713909250;
        Thu, 15 Aug 2024 02:25:09 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IETTIDQ9OzhDD4lLGreLHiYuvXvyqwtTitrGMl+Ajjnib3jCTcBF7RJUjWTevOZFresikXBrg==
X-Received: by 2002:a17:907:ea5:b0:a80:bf0f:2256 with SMTP id
 a640c23a62f3a-a8366c1e7a1mr381457466b.8.1723713908704;
        Thu, 15 Aug 2024 02:25:08 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.25.07
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:25:08 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 10/11] fs/fuse: allow idmapped mounts
Date: Thu, 15 Aug 2024 11:24:27 +0200
Message-Id: <20240815092429.103356-11-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Now we have everything in place and we can allow idmapped mounts
by setting the FS_ALLOW_IDMAP flag. Notice that real availability
of idmapped mounts will depend on the fuse daemon. Fuse daemon
have to set FUSE_ALLOW_IDMAP flag in the FUSE_INIT reply.

To discuss:
- we enable idmapped mounts support only if "default_permissions" mode is e=
nabled,
because otherwise we would need to deal with UID/GID mappings in the usersp=
ace side OR
provide the userspace with idmapped req->in.h.uid/req->in.h.gid values whic=
h is not
something that we probably want to. Idmapped mounts phylosophy is not about=
 faking
caller uid/gid.

Some extra links and examples:

- libfuse support
https://github.com/mihalicyn/libfuse/commits/idmap_support

- fuse-overlayfs support:
https://github.com/mihalicyn/fuse-overlayfs/commits/idmap_support

- cephfs-fuse conversion example
https://github.com/mihalicyn/ceph/commits/fuse_idmap

- glusterfs conversion example
https://github.com/mihalicyn/glusterfs/commits/fuse_idmap

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v2:
	- simplified and get rid of ->allow_idmap global VFS callback
v3:
	- now use a new SB_I_NOIDMAP flag
---
 fs/fuse/inode.c           | 14 +++++++++++---
 include/uapi/linux/fuse.h |  5 ++++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 6c205731c844..b840189ac8be 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1345,6 +1345,12 @@ static void process_init_reply(struct fuse_mount *fm=
, struct fuse_args *args,
 				fm->sb->s_export_op =3D &fuse_export_fid_operations;
 			if (flags & FUSE_OWNER_UID_GID_EXT)
 				fc->owner_uid_gid_ext =3D 1;
+			if (flags & FUSE_ALLOW_IDMAP) {
+				if (fc->owner_uid_gid_ext && fc->default_permissions)
+					fm->sb->s_iflags &=3D ~SB_I_NOIDMAP;
+				else
+					ok =3D false;
+			}
 		} else {
 			ra_pages =3D fc->max_read / PAGE_SIZE;
 			fc->no_lock =3D 1;
@@ -1392,7 +1398,8 @@ void fuse_send_init(struct fuse_mount *fm)
 		FUSE_HANDLE_KILLPRIV_V2 | FUSE_SETXATTR_EXT | FUSE_INIT_EXT |
 		FUSE_SECURITY_CTX | FUSE_CREATE_SUPP_GROUP |
 		FUSE_HAS_EXPIRE_ONLY | FUSE_DIRECT_IO_ALLOW_MMAP |
-		FUSE_NO_EXPORT_SUPPORT | FUSE_HAS_RESEND | FUSE_OWNER_UID_GID_EXT;
+		FUSE_NO_EXPORT_SUPPORT | FUSE_HAS_RESEND | FUSE_OWNER_UID_GID_EXT |
+		FUSE_ALLOW_IDMAP;
 #ifdef CONFIG_FUSE_DAX
 	if (fm->fc->dax)
 		flags |=3D FUSE_MAP_ALIGNMENT;
@@ -1569,6 +1576,7 @@ static void fuse_sb_defaults(struct super_block *sb)
 	sb->s_time_gran =3D 1;
 	sb->s_export_op =3D &fuse_export_operations;
 	sb->s_iflags |=3D SB_I_IMA_UNVERIFIABLE_SIGNATURE;
+	sb->s_iflags |=3D SB_I_NOIDMAP;
 	if (sb->s_user_ns !=3D &init_user_ns)
 		sb->s_iflags |=3D SB_I_UNTRUSTED_MOUNTER;
 	sb->s_flags &=3D ~(SB_NOSEC | SB_I_VERSION);
@@ -1981,7 +1989,7 @@ static void fuse_kill_sb_anon(struct super_block *sb)
 static struct file_system_type fuse_fs_type =3D {
 	.owner		=3D THIS_MODULE,
 	.name		=3D "fuse",
-	.fs_flags	=3D FS_HAS_SUBTYPE | FS_USERNS_MOUNT,
+	.fs_flags	=3D FS_HAS_SUBTYPE | FS_USERNS_MOUNT | FS_ALLOW_IDMAP,
 	.init_fs_context =3D fuse_init_fs_context,
 	.parameters	=3D fuse_fs_parameters,
 	.kill_sb	=3D fuse_kill_sb_anon,
@@ -2002,7 +2010,7 @@ static struct file_system_type fuseblk_fs_type =3D {
 	.init_fs_context =3D fuse_init_fs_context,
 	.parameters	=3D fuse_fs_parameters,
 	.kill_sb	=3D fuse_kill_sb_blk,
-	.fs_flags	=3D FS_REQUIRES_DEV | FS_HAS_SUBTYPE,
+	.fs_flags	=3D FS_REQUIRES_DEV | FS_HAS_SUBTYPE | FS_ALLOW_IDMAP,
 };
 MODULE_ALIAS_FS("fuseblk");
=20
diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
index d9ecc17fd13b..b23e8247ce43 100644
--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -221,6 +221,7 @@
  *  7.41
  *  - add FUSE_EXT_OWNER_UID_GID
  *  - add FUSE_OWNER_UID_GID_EXT
+ *  - add FUSE_ALLOW_IDMAP
  */
=20
 #ifndef _LINUX_FUSE_H
@@ -256,7 +257,7 @@
 #define FUSE_KERNEL_VERSION 7
=20
 /** Minor version number of this interface */
-#define FUSE_KERNEL_MINOR_VERSION 40
+#define FUSE_KERNEL_MINOR_VERSION 41
=20
 /** The node ID of the root inode */
 #define FUSE_ROOT_ID 1
@@ -427,6 +428,7 @@ struct fuse_file_lock {
  *		    of the request ID indicates resend requests
  * FUSE_OWNER_UID_GID_EXT: add inode owner UID/GID info to create, mkdir,
  *			   symlink and mknod
+ * FUSE_ALLOW_IDMAP: allow creation of idmapped mounts
  */
 #define FUSE_ASYNC_READ		(1 << 0)
 #define FUSE_POSIX_LOCKS	(1 << 1)
@@ -473,6 +475,7 @@ struct fuse_file_lock {
 /* Obsolete alias for FUSE_DIRECT_IO_ALLOW_MMAP */
 #define FUSE_DIRECT_IO_RELAX	FUSE_DIRECT_IO_ALLOW_MMAP
 #define FUSE_OWNER_UID_GID_EXT	(1ULL << 40)
+#define FUSE_ALLOW_IDMAP	(1ULL << 41)
=20
 /**
  * CUSE INIT request/reply flags
--=20
2.34.1
From nobody Mon Feb  9 09:17:01 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2A3D2101B2
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1723713915; cv=none;
 b=CYGeW79z/BjFyE3S27atJ9xjcfdcdSrZ0dWIw2zulZqAUHtnU67BFUUzEg5rFwRzgnO0QcfTgpSKyi1eABt8Y9lwNxeZBvU9S5e8cCZWMifF3QrbMwhrX5tyYA0UpoE3p44+rS4bhcAQ6p2XYK4xRDP3tsSGypVlS3DtxdxMLqk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1723713915; c=relaxed/simple;
	bh=ymy9AdLU4FnRhhiUnMjD0ZbEgyL+Q2k8uHDQ8UA+HNE=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=qdzEqN2tjqZ4Rd83ppMkIxAvPFLltu84WcbqtL6J7hZHsfGE1qKRHX1tbdoU5i43bczASw8MjGalk7SiFK7rxokrt6SWO6mQv26Y0P9odCRDeGVYJBHrl9Dhyveo4/aqwnw+sYG9wTV0tIJYCmUp7i8aOZTgsOs0Cw/sCf2Q63U=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=ORm2gGoD; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="ORm2gGoD"
Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com
 [209.85.167.70])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6F64B3F1ED
	for <linux-kernel@vger.kernel.org>; Thu, 15 Aug 2024 09:25:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1723713912;
	bh=mjFOlrsdA+rODkwJYHT/kVKlqhDJvVibiu+JqNMSC1g=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
	b=ORm2gGoDL4V40CyxZRLO/AO48sGW16oz+oWNDdjw8iC/FvkJZsYU3eLZRNUOPUcoX
	 mNB5dXFMwjDWEb6Wkp7Nkb4cn+CkkExSjoZ5iOkNN/oApNI9B1EhxiKX5EjVGdrUCm
	 j4ON28VAam68el/G82rUir6fYK6RX6IgVTVz24W0LF5tg7Ntgkt6WLkWR42uu+2xyF
	 5rgbpd6YQwdk3x4ZZKQsf1XgOTxvyfv0l+20wMNx+8nS7IHg4KpqhQrpXFtd7d/ZQW
	 HhG/KGYLy42ia5VluUyPnWnbo1492Wo48Nw6+UsQ2ddNYxID26CMXauBcZpeenRwvZ
	 Z/OZIvz+/0G3w==
Received: by mail-lf1-f70.google.com with SMTP id
 2adb3069b0e04-52f00bde210so875284e87.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 15 Aug 2024 02:25:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723713912; x=1724318712;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=mjFOlrsdA+rODkwJYHT/kVKlqhDJvVibiu+JqNMSC1g=;
        b=s2GijNG2Kw0m4bkgeogC6EpXc5rXT/6v/AQeT2rdeKFYngwZ4IyWZP2Qq2HrhcL4Ri
         Q1KPEIVf+y+bbEDfBmefq7PdiQYvjaX5L5NUpcb8XcFRikjuRv09S0SB8WRFE6M0GaM8
         8mpb8dNUs8icS4XjOF/WC239r1/4BviRhQ3h3gHJdLDbKiSm9WjIOzYBOmd5l75cnS1R
         LEwLiMdcntjxOwOdWiwENBwnp0tgYQWZIWwsu6YMKqV+IG5Pc+J4qbhxTW0gM/WUfO8b
         3C8a7fcn8F0PVp2yyD5CGnF6NLijVviMyOY3PzySFmvL05SFb3lZFXZO6D+BtJES5R1i
         xqrA==
X-Forwarded-Encrypted: i=1;
 AJvYcCVAN/jWjvKfdzG3DUM5sGHB3vXRS/6Gu2g8mCoVd3jpJV5mvjN0jvuQ/abbFp5mRRLKouCX3xa2Ge9TbRpXR1OpilO199aeSPWCMkri
X-Gm-Message-State: AOJu0YyZcUugDuMpc9AkS9ikPhFzNrSj1NpWdnUb2fzySRbbpHc+/2lA
	iqYwXcXeo01m4p/D3vXPm5SSKflpQiEVKfv4H5fdYtuZ8F7ykAnazX4XxXBS6f2U2JVwKR3kSoG
	5PWhdVy7IkB7TGnLKlFYYdhSpgGTzzQWiotsRUDBGvMxwikR6RqOEiqOHZ2FxjQT4P1JCgHZ9YY
	2CqA==
X-Received: by 2002:a05:6512:3c8a:b0:52f:2adf:d445 with SMTP id
 2adb3069b0e04-532edbade41mr3498326e87.41.1723713911623;
        Thu, 15 Aug 2024 02:25:11 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGXVHcom9bqqi9GSeZiOw88lrHGMwV+yLO4NjQtn8iMbKuCv4yuzR2v2cJk7x7ywlGr+9KTSQ==
X-Received: by 2002:a05:6512:3c8a:b0:52f:2adf:d445 with SMTP id
 2adb3069b0e04-532edbade41mr3498304e87.41.1723713911159;
        Thu, 15 Aug 2024 02:25:11 -0700 (PDT)
Received: from amikhalitsyn.. ([188.192.113.77])
        by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a8383934585sm72142866b.107.2024.08.15.02.25.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Aug 2024 02:25:10 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mszeredi@redhat.com
Cc: brauner@kernel.org,
	stgraber@stgraber.org,
	linux-fsdevel@vger.kernel.org,
	Seth Forshee <sforshee@kernel.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Vivek Goyal <vgoyal@redhat.com>,
	German Maglione <gmaglione@redhat.com>,
	Amir Goldstein <amir73il@gmail.com>,
	Bernd Schubert <bschubert@ddn.com>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	=?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>,
	linux-kernel@vger.kernel.org,
	virtualization@lists.linux.dev
Subject: [PATCH v3 11/11] fs/fuse/virtio_fs: allow idmapped mounts
Date: Thu, 15 Aug 2024 11:24:28 +0200
Message-Id: <20240815092429.103356-12-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
References: <20240815092429.103356-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Allow idmapped mounts for virtiofs.
It's absolutely safe as for virtiofs we have the same
feature negotiation mechanism as for classical fuse
filesystems. This does not affect any existing
setups anyhow.

virtiofsd support:
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/245

Cc: Christian Brauner <brauner@kernel.org>
Cc: Seth Forshee <sforshee@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: German Maglione <gmaglione@redhat.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Bernd Schubert <bschubert@ddn.com>
Cc: <linux-fsdevel@vger.kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
v3:
	- this commit added
---
 fs/fuse/virtio_fs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
index dd5260141615..7e5bbaef6f76 100644
--- a/fs/fuse/virtio_fs.c
+++ b/fs/fuse/virtio_fs.c
@@ -1628,6 +1628,7 @@ static struct file_system_type virtio_fs_type =3D {
 	.name		=3D "virtiofs",
 	.init_fs_context =3D virtio_fs_init_fs_context,
 	.kill_sb	=3D virtio_kill_sb,
+	.fs_flags	=3D FS_ALLOW_IDMAP,
 };
=20
 static int virtio_fs_uevent(const struct kobject *kobj, struct kobj_uevent=
_env *env)
--=20
2.34.1