mirror of
https://github.com/tbsdtv/linux_media.git
synced 2025-07-23 12:43:29 +02:00
Merge tag 'fs.idmapped.v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping
Pull vfs idmapping updates from Christian Brauner:
- Last cycle we introduced the dedicated struct mnt_idmap type for
mount idmapping and the required infrastucture in 256c8aed2b ("fs:
introduce dedicated idmap type for mounts"). As promised in last
cycle's pull request message this converts everything to rely on
struct mnt_idmap.
Currently we still pass around the plain namespace that was attached
to a mount. This is in general pretty convenient but it makes it easy
to conflate namespaces that are relevant on the filesystem with
namespaces that are relevant on the mount level. Especially for
non-vfs developers without detailed knowledge in this area this was a
potential source for bugs.
This finishes the conversion. Instead of passing the plain namespace
around this updates all places that currently take a pointer to a
mnt_userns with a pointer to struct mnt_idmap.
Now that the conversion is done all helpers down to the really
low-level helpers only accept a struct mnt_idmap argument instead of
two namespace arguments.
Conflating mount and other idmappings will now cause the compiler to
complain loudly thus eliminating the possibility of any bugs. This
makes it impossible for filesystem developers to mix up mount and
filesystem idmappings as they are two distinct types and require
distinct helpers that cannot be used interchangeably.
Everything associated with struct mnt_idmap is moved into a single
separate file. With that change no code can poke around in struct
mnt_idmap. It can only be interacted with through dedicated helpers.
That means all filesystems are and all of the vfs is completely
oblivious to the actual implementation of idmappings.
We are now also able to extend struct mnt_idmap as we see fit. For
example, we can decouple it completely from namespaces for users that
don't require or don't want to use them at all. We can also extend
the concept of idmappings so we can cover filesystem specific
requirements.
In combination with the vfs{g,u}id_t work we finished in v6.2 this
makes this feature substantially more robust and thus difficult to
implement wrong by a given filesystem and also protects the vfs.
- Enable idmapped mounts for tmpfs and fulfill a longstanding request.
A long-standing request from users had been to make it possible to
create idmapped mounts for tmpfs. For example, to share the host's
tmpfs mount between multiple sandboxes. This is a prerequisite for
some advanced Kubernetes cases. Systemd also has a range of use-cases
to increase service isolation. And there are more users of this.
However, with all of the other work going on this was way down on the
priority list but luckily someone other than ourselves picked this
up.
As usual the patch is tiny as all the infrastructure work had been
done multiple kernel releases ago. In addition to all the tests that
we already have I requested that Rodrigo add a dedicated tmpfs
testsuite for idmapped mounts to xfstests. It is to be included into
xfstests during the v6.3 development cycle. This should add a slew of
additional tests.
* tag 'fs.idmapped.v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping: (26 commits)
shmem: support idmapped mounts for tmpfs
fs: move mnt_idmap
fs: port vfs{g,u}id helpers to mnt_idmap
fs: port fs{g,u}id helpers to mnt_idmap
fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap
fs: port i_{g,u}id_{needs_}update() to mnt_idmap
quota: port to mnt_idmap
fs: port privilege checking helpers to mnt_idmap
fs: port inode_owner_or_capable() to mnt_idmap
fs: port inode_init_owner() to mnt_idmap
fs: port acl to mnt_idmap
fs: port xattr to mnt_idmap
fs: port ->permission() to pass mnt_idmap
fs: port ->fileattr_set() to pass mnt_idmap
fs: port ->set_acl() to pass mnt_idmap
fs: port ->get_acl() to pass mnt_idmap
fs: port ->tmpfile() to pass mnt_idmap
fs: port ->rename() to pass mnt_idmap
fs: port ->mknod() to pass mnt_idmap
fs: port ->mkdir() to pass mnt_idmap
...
This commit is contained in:
Linus Torvalds
@@ -1296,22 +1296,22 @@ static inline void i_gid_write(struct inode *inode, gid_t gid)
|
||||
}
|
||||
|
||||
/**
|
||||
* i_uid_into_vfsuid - map an inode's i_uid down into a mnt_userns
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* i_uid_into_vfsuid - map an inode's i_uid down according to an idmapping
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
* @inode: inode to map
|
||||
*
|
||||
* Return: whe inode's i_uid mapped down according to @mnt_userns.
|
||||
* Return: whe inode's i_uid mapped down according to @idmap.
|
||||
* If the inode's i_uid has no mapping INVALID_VFSUID is returned.
|
||||
*/
|
||||
static inline vfsuid_t i_uid_into_vfsuid(struct user_namespace *mnt_userns,
|
||||
static inline vfsuid_t i_uid_into_vfsuid(struct mnt_idmap *idmap,
|
||||
const struct inode *inode)
|
||||
{
|
||||
return make_vfsuid(mnt_userns, i_user_ns(inode), inode->i_uid);
|
||||
return make_vfsuid(idmap, i_user_ns(inode), inode->i_uid);
|
||||
}
|
||||
|
||||
/**
|
||||
* i_uid_needs_update - check whether inode's i_uid needs to be updated
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
* @attr: the new attributes of @inode
|
||||
* @inode: the inode to update
|
||||
*
|
||||
@@ -1320,50 +1320,50 @@ static inline vfsuid_t i_uid_into_vfsuid(struct user_namespace *mnt_userns,
|
||||
*
|
||||
* Return: true if @inode's i_uid field needs to be updated, false if not.
|
||||
*/
|
||||
static inline bool i_uid_needs_update(struct user_namespace *mnt_userns,
|
||||
static inline bool i_uid_needs_update(struct mnt_idmap *idmap,
|
||||
const struct iattr *attr,
|
||||
const struct inode *inode)
|
||||
{
|
||||
return ((attr->ia_valid & ATTR_UID) &&
|
||||
!vfsuid_eq(attr->ia_vfsuid,
|
||||
i_uid_into_vfsuid(mnt_userns, inode)));
|
||||
i_uid_into_vfsuid(idmap, inode)));
|
||||
}
|
||||
|
||||
/**
|
||||
* i_uid_update - update @inode's i_uid field
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
* @attr: the new attributes of @inode
|
||||
* @inode: the inode to update
|
||||
*
|
||||
* Safely update @inode's i_uid field translating the vfsuid of any idmapped
|
||||
* mount into the filesystem kuid.
|
||||
*/
|
||||
static inline void i_uid_update(struct user_namespace *mnt_userns,
|
||||
static inline void i_uid_update(struct mnt_idmap *idmap,
|
||||
const struct iattr *attr,
|
||||
struct inode *inode)
|
||||
{
|
||||
if (attr->ia_valid & ATTR_UID)
|
||||
inode->i_uid = from_vfsuid(mnt_userns, i_user_ns(inode),
|
||||
inode->i_uid = from_vfsuid(idmap, i_user_ns(inode),
|
||||
attr->ia_vfsuid);
|
||||
}
|
||||
|
||||
/**
|
||||
* i_gid_into_vfsgid - map an inode's i_gid down into a mnt_userns
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* i_gid_into_vfsgid - map an inode's i_gid down according to an idmapping
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
* @inode: inode to map
|
||||
*
|
||||
* Return: the inode's i_gid mapped down according to @mnt_userns.
|
||||
* Return: the inode's i_gid mapped down according to @idmap.
|
||||
* If the inode's i_gid has no mapping INVALID_VFSGID is returned.
|
||||
*/
|
||||
static inline vfsgid_t i_gid_into_vfsgid(struct user_namespace *mnt_userns,
|
||||
static inline vfsgid_t i_gid_into_vfsgid(struct mnt_idmap *idmap,
|
||||
const struct inode *inode)
|
||||
{
|
||||
return make_vfsgid(mnt_userns, i_user_ns(inode), inode->i_gid);
|
||||
return make_vfsgid(idmap, i_user_ns(inode), inode->i_gid);
|
||||
}
|
||||
|
||||
/**
|
||||
* i_gid_needs_update - check whether inode's i_gid needs to be updated
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
* @attr: the new attributes of @inode
|
||||
* @inode: the inode to update
|
||||
*
|
||||
@@ -1372,83 +1372,83 @@ static inline vfsgid_t i_gid_into_vfsgid(struct user_namespace *mnt_userns,
|
||||
*
|
||||
* Return: true if @inode's i_gid field needs to be updated, false if not.
|
||||
*/
|
||||
static inline bool i_gid_needs_update(struct user_namespace *mnt_userns,
|
||||
static inline bool i_gid_needs_update(struct mnt_idmap *idmap,
|
||||
const struct iattr *attr,
|
||||
const struct inode *inode)
|
||||
{
|
||||
return ((attr->ia_valid & ATTR_GID) &&
|
||||
!vfsgid_eq(attr->ia_vfsgid,
|
||||
i_gid_into_vfsgid(mnt_userns, inode)));
|
||||
i_gid_into_vfsgid(idmap, inode)));
|
||||
}
|
||||
|
||||
/**
|
||||
* i_gid_update - update @inode's i_gid field
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
* @attr: the new attributes of @inode
|
||||
* @inode: the inode to update
|
||||
*
|
||||
* Safely update @inode's i_gid field translating the vfsgid of any idmapped
|
||||
* mount into the filesystem kgid.
|
||||
*/
|
||||
static inline void i_gid_update(struct user_namespace *mnt_userns,
|
||||
static inline void i_gid_update(struct mnt_idmap *idmap,
|
||||
const struct iattr *attr,
|
||||
struct inode *inode)
|
||||
{
|
||||
if (attr->ia_valid & ATTR_GID)
|
||||
inode->i_gid = from_vfsgid(mnt_userns, i_user_ns(inode),
|
||||
inode->i_gid = from_vfsgid(idmap, i_user_ns(inode),
|
||||
attr->ia_vfsgid);
|
||||
}
|
||||
|
||||
/**
|
||||
* inode_fsuid_set - initialize inode's i_uid field with callers fsuid
|
||||
* @inode: inode to initialize
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
*
|
||||
* Initialize the i_uid field of @inode. If the inode was found/created via
|
||||
* an idmapped mount map the caller's fsuid according to @mnt_users.
|
||||
* an idmapped mount map the caller's fsuid according to @idmap.
|
||||
*/
|
||||
static inline void inode_fsuid_set(struct inode *inode,
|
||||
struct user_namespace *mnt_userns)
|
||||
struct mnt_idmap *idmap)
|
||||
{
|
||||
inode->i_uid = mapped_fsuid(mnt_userns, i_user_ns(inode));
|
||||
inode->i_uid = mapped_fsuid(idmap, i_user_ns(inode));
|
||||
}
|
||||
|
||||
/**
|
||||
* inode_fsgid_set - initialize inode's i_gid field with callers fsgid
|
||||
* @inode: inode to initialize
|
||||
* @mnt_userns: user namespace of the mount the inode was found from
|
||||
* @idmap: idmap of the mount the inode was found from
|
||||
*
|
||||
* Initialize the i_gid field of @inode. If the inode was found/created via
|
||||
* an idmapped mount map the caller's fsgid according to @mnt_users.
|
||||
* an idmapped mount map the caller's fsgid according to @idmap.
|
||||
*/
|
||||
static inline void inode_fsgid_set(struct inode *inode,
|
||||
struct user_namespace *mnt_userns)
|
||||
struct mnt_idmap *idmap)
|
||||
{
|
||||
inode->i_gid = mapped_fsgid(mnt_userns, i_user_ns(inode));
|
||||
inode->i_gid = mapped_fsgid(idmap, i_user_ns(inode));
|
||||
}
|
||||
|
||||
/**
|
||||
* fsuidgid_has_mapping() - check whether caller's fsuid/fsgid is mapped
|
||||
* @sb: the superblock we want a mapping in
|
||||
* @mnt_userns: user namespace of the relevant mount
|
||||
* @idmap: idmap of the relevant mount
|
||||
*
|
||||
* Check whether the caller's fsuid and fsgid have a valid mapping in the
|
||||
* s_user_ns of the superblock @sb. If the caller is on an idmapped mount map
|
||||
* the caller's fsuid and fsgid according to the @mnt_userns first.
|
||||
* the caller's fsuid and fsgid according to the @idmap first.
|
||||
*
|
||||
* Return: true if fsuid and fsgid is mapped, false if not.
|
||||
*/
|
||||
static inline bool fsuidgid_has_mapping(struct super_block *sb,
|
||||
struct user_namespace *mnt_userns)
|
||||
struct mnt_idmap *idmap)
|
||||
{
|
||||
struct user_namespace *fs_userns = sb->s_user_ns;
|
||||
kuid_t kuid;
|
||||
kgid_t kgid;
|
||||
|
||||
kuid = mapped_fsuid(mnt_userns, fs_userns);
|
||||
kuid = mapped_fsuid(idmap, fs_userns);
|
||||
if (!uid_valid(kuid))
|
||||
return false;
|
||||
kgid = mapped_fsgid(mnt_userns, fs_userns);
|
||||
kgid = mapped_fsgid(idmap, fs_userns);
|
||||
if (!gid_valid(kgid))
|
||||
return false;
|
||||
return kuid_has_mapping(fs_userns, kuid) &&
|
||||
@@ -1602,42 +1602,42 @@ static inline bool sb_start_intwrite_trylock(struct super_block *sb)
|
||||
return __sb_start_write_trylock(sb, SB_FREEZE_FS);
|
||||
}
|
||||
|
||||
bool inode_owner_or_capable(struct user_namespace *mnt_userns,
|
||||
bool inode_owner_or_capable(struct mnt_idmap *idmap,
|
||||
const struct inode *inode);
|
||||
|
||||
/*
|
||||
* VFS helper functions..
|
||||
*/
|
||||
int vfs_create(struct user_namespace *, struct inode *,
|
||||
int vfs_create(struct mnt_idmap *, struct inode *,
|
||||
struct dentry *, umode_t, bool);
|
||||
int vfs_mkdir(struct user_namespace *, struct inode *,
|
||||
int vfs_mkdir(struct mnt_idmap *, struct inode *,
|
||||
struct dentry *, umode_t);
|
||||
int vfs_mknod(struct user_namespace *, struct inode *, struct dentry *,
|
||||
int vfs_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
|
||||
umode_t, dev_t);
|
||||
int vfs_symlink(struct user_namespace *, struct inode *,
|
||||
int vfs_symlink(struct mnt_idmap *, struct inode *,
|
||||
struct dentry *, const char *);
|
||||
int vfs_link(struct dentry *, struct user_namespace *, struct inode *,
|
||||
int vfs_link(struct dentry *, struct mnt_idmap *, struct inode *,
|
||||
struct dentry *, struct inode **);
|
||||
int vfs_rmdir(struct user_namespace *, struct inode *, struct dentry *);
|
||||
int vfs_unlink(struct user_namespace *, struct inode *, struct dentry *,
|
||||
int vfs_rmdir(struct mnt_idmap *, struct inode *, struct dentry *);
|
||||
int vfs_unlink(struct mnt_idmap *, struct inode *, struct dentry *,
|
||||
struct inode **);
|
||||
|
||||
/**
|
||||
* struct renamedata - contains all information required for renaming
|
||||
* @old_mnt_userns: old user namespace of the mount the inode was found from
|
||||
* @old_mnt_idmap: idmap of the old mount the inode was found from
|
||||
* @old_dir: parent of source
|
||||
* @old_dentry: source
|
||||
* @new_mnt_userns: new user namespace of the mount the inode was found from
|
||||
* @new_mnt_idmap: idmap of the new mount the inode was found from
|
||||
* @new_dir: parent of destination
|
||||
* @new_dentry: destination
|
||||
* @delegated_inode: returns an inode needing a delegation break
|
||||
* @flags: rename flags
|
||||
*/
|
||||
struct renamedata {
|
||||
struct user_namespace *old_mnt_userns;
|
||||
struct mnt_idmap *old_mnt_idmap;
|
||||
struct inode *old_dir;
|
||||
struct dentry *old_dentry;
|
||||
struct user_namespace *new_mnt_userns;
|
||||
struct mnt_idmap *new_mnt_idmap;
|
||||
struct inode *new_dir;
|
||||
struct dentry *new_dentry;
|
||||
struct inode **delegated_inode;
|
||||
@@ -1646,14 +1646,14 @@ struct renamedata {
|
||||
|
||||
int vfs_rename(struct renamedata *);
|
||||
|
||||
static inline int vfs_whiteout(struct user_namespace *mnt_userns,
|
||||
static inline int vfs_whiteout(struct mnt_idmap *idmap,
|
||||
struct inode *dir, struct dentry *dentry)
|
||||
{
|
||||
return vfs_mknod(mnt_userns, dir, dentry, S_IFCHR | WHITEOUT_MODE,
|
||||
return vfs_mknod(idmap, dir, dentry, S_IFCHR | WHITEOUT_MODE,
|
||||
WHITEOUT_DEV);
|
||||
}
|
||||
|
||||
struct file *vfs_tmpfile_open(struct user_namespace *mnt_userns,
|
||||
struct file *vfs_tmpfile_open(struct mnt_idmap *idmap,
|
||||
const struct path *parentpath,
|
||||
umode_t mode, int open_flag, const struct cred *cred);
|
||||
|
||||
@@ -1677,10 +1677,10 @@ extern long compat_ptr_ioctl(struct file *file, unsigned int cmd,
|
||||
/*
|
||||
* VFS file helper functions.
|
||||
*/
|
||||
void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode,
|
||||
void inode_init_owner(struct mnt_idmap *idmap, struct inode *inode,
|
||||
const struct inode *dir, umode_t mode);
|
||||
extern bool may_open_dev(const struct path *path);
|
||||
umode_t mode_strip_sgid(struct user_namespace *mnt_userns,
|
||||
umode_t mode_strip_sgid(struct mnt_idmap *idmap,
|
||||
const struct inode *dir, umode_t mode);
|
||||
|
||||
/*
|
||||
@@ -1798,27 +1798,26 @@ struct file_operations {
|
||||
struct inode_operations {
|
||||
struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
|
||||
const char * (*get_link) (struct dentry *, struct inode *, struct delayed_call *);
|
||||
int (*permission) (struct user_namespace *, struct inode *, int);
|
||||
int (*permission) (struct mnt_idmap *, struct inode *, int);
|
||||
struct posix_acl * (*get_inode_acl)(struct inode *, int, bool);
|
||||
|
||||
int (*readlink) (struct dentry *, char __user *,int);
|
||||
|
||||
int (*create) (struct user_namespace *, struct inode *,struct dentry *,
|
||||
int (*create) (struct mnt_idmap *, struct inode *,struct dentry *,
|
||||
umode_t, bool);
|
||||
int (*link) (struct dentry *,struct inode *,struct dentry *);
|
||||
int (*unlink) (struct inode *,struct dentry *);
|
||||
int (*symlink) (struct user_namespace *, struct inode *,struct dentry *,
|
||||
int (*symlink) (struct mnt_idmap *, struct inode *,struct dentry *,
|
||||
const char *);
|
||||
int (*mkdir) (struct user_namespace *, struct inode *,struct dentry *,
|
||||
int (*mkdir) (struct mnt_idmap *, struct inode *,struct dentry *,
|
||||
umode_t);
|
||||
int (*rmdir) (struct inode *,struct dentry *);
|
||||
int (*mknod) (struct user_namespace *, struct inode *,struct dentry *,
|
||||
int (*mknod) (struct mnt_idmap *, struct inode *,struct dentry *,
|
||||
umode_t,dev_t);
|
||||
int (*rename) (struct user_namespace *, struct inode *, struct dentry *,
|
||||
int (*rename) (struct mnt_idmap *, struct inode *, struct dentry *,
|
||||
struct inode *, struct dentry *, unsigned int);
|
||||
int (*setattr) (struct user_namespace *, struct dentry *,
|
||||
struct iattr *);
|
||||
int (*getattr) (struct user_namespace *, const struct path *,
|
||||
int (*setattr) (struct mnt_idmap *, struct dentry *, struct iattr *);
|
||||
int (*getattr) (struct mnt_idmap *, const struct path *,
|
||||
struct kstat *, u32, unsigned int);
|
||||
ssize_t (*listxattr) (struct dentry *, char *, size_t);
|
||||
int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start,
|
||||
@@ -1827,13 +1826,13 @@ struct inode_operations {
|
||||
int (*atomic_open)(struct inode *, struct dentry *,
|
||||
struct file *, unsigned open_flag,
|
||||
umode_t create_mode);
|
||||
int (*tmpfile) (struct user_namespace *, struct inode *,
|
||||
int (*tmpfile) (struct mnt_idmap *, struct inode *,
|
||||
struct file *, umode_t);
|
||||
struct posix_acl *(*get_acl)(struct user_namespace *, struct dentry *,
|
||||
struct posix_acl *(*get_acl)(struct mnt_idmap *, struct dentry *,
|
||||
int);
|
||||
int (*set_acl)(struct user_namespace *, struct dentry *,
|
||||
int (*set_acl)(struct mnt_idmap *, struct dentry *,
|
||||
struct posix_acl *, int);
|
||||
int (*fileattr_set)(struct user_namespace *mnt_userns,
|
||||
int (*fileattr_set)(struct mnt_idmap *idmap,
|
||||
struct dentry *dentry, struct fileattr *fa);
|
||||
int (*fileattr_get)(struct dentry *dentry, struct fileattr *fa);
|
||||
} ____cacheline_aligned;
|
||||
@@ -1987,11 +1986,11 @@ static inline bool sb_rdonly(const struct super_block *sb) { return sb->s_flags
|
||||
#define IS_WHITEOUT(inode) (S_ISCHR(inode->i_mode) && \
|
||||
(inode)->i_rdev == WHITEOUT_DEV)
|
||||
|
||||
static inline bool HAS_UNMAPPED_ID(struct user_namespace *mnt_userns,
|
||||
static inline bool HAS_UNMAPPED_ID(struct mnt_idmap *idmap,
|
||||
struct inode *inode)
|
||||
{
|
||||
return !vfsuid_valid(i_uid_into_vfsuid(mnt_userns, inode)) ||
|
||||
!vfsgid_valid(i_gid_into_vfsgid(mnt_userns, inode));
|
||||
return !vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||
|
||||
!vfsgid_valid(i_gid_into_vfsgid(idmap, inode));
|
||||
}
|
||||
|
||||
static inline void init_sync_kiocb(struct kiocb *kiocb, struct file *filp)
|
||||
@@ -2296,11 +2295,6 @@ struct filename {
|
||||
};
|
||||
static_assert(offsetof(struct filename, iname) % sizeof(long) == 0);
|
||||
|
||||
static inline struct user_namespace *file_mnt_user_ns(struct file *file)
|
||||
{
|
||||
return mnt_user_ns(file->f_path.mnt);
|
||||
}
|
||||
|
||||
static inline struct mnt_idmap *file_mnt_idmap(struct file *file)
|
||||
{
|
||||
return mnt_idmap(file->f_path.mnt);
|
||||
@@ -2320,7 +2314,7 @@ static inline bool is_idmapped_mnt(const struct vfsmount *mnt)
|
||||
}
|
||||
|
||||
extern long vfs_truncate(const struct path *, loff_t);
|
||||
int do_truncate(struct user_namespace *, struct dentry *, loff_t start,
|
||||
int do_truncate(struct mnt_idmap *, struct dentry *, loff_t start,
|
||||
unsigned int time_attrs, struct file *filp);
|
||||
extern int vfs_fallocate(struct file *file, int mode, loff_t offset,
|
||||
loff_t len);
|
||||
@@ -2475,21 +2469,21 @@ static inline int bmap(struct inode *inode, sector_t *block)
|
||||
}
|
||||
#endif
|
||||
|
||||
int notify_change(struct user_namespace *, struct dentry *,
|
||||
int notify_change(struct mnt_idmap *, struct dentry *,
|
||||
struct iattr *, struct inode **);
|
||||
int inode_permission(struct user_namespace *, struct inode *, int);
|
||||
int generic_permission(struct user_namespace *, struct inode *, int);
|
||||
int inode_permission(struct mnt_idmap *, struct inode *, int);
|
||||
int generic_permission(struct mnt_idmap *, struct inode *, int);
|
||||
static inline int file_permission(struct file *file, int mask)
|
||||
{
|
||||
return inode_permission(file_mnt_user_ns(file),
|
||||
return inode_permission(file_mnt_idmap(file),
|
||||
file_inode(file), mask);
|
||||
}
|
||||
static inline int path_permission(const struct path *path, int mask)
|
||||
{
|
||||
return inode_permission(mnt_user_ns(path->mnt),
|
||||
return inode_permission(mnt_idmap(path->mnt),
|
||||
d_inode(path->dentry), mask);
|
||||
}
|
||||
int __check_sticky(struct user_namespace *mnt_userns, struct inode *dir,
|
||||
int __check_sticky(struct mnt_idmap *idmap, struct inode *dir,
|
||||
struct inode *inode);
|
||||
|
||||
static inline bool execute_ok(struct inode *inode)
|
||||
@@ -2677,7 +2671,7 @@ extern void __destroy_inode(struct inode *);
|
||||
extern struct inode *new_inode_pseudo(struct super_block *sb);
|
||||
extern struct inode *new_inode(struct super_block *sb);
|
||||
extern void free_inode_nonrcu(struct inode *inode);
|
||||
extern int setattr_should_drop_suidgid(struct user_namespace *, struct inode *);
|
||||
extern int setattr_should_drop_suidgid(struct mnt_idmap *, struct inode *);
|
||||
extern int file_remove_privs(struct file *);
|
||||
|
||||
/*
|
||||
@@ -2836,7 +2830,7 @@ extern void page_put_link(void *);
|
||||
extern int page_symlink(struct inode *inode, const char *symname, int len);
|
||||
extern const struct inode_operations page_symlink_inode_operations;
|
||||
extern void kfree_link(void *);
|
||||
void generic_fillattr(struct user_namespace *, struct inode *, struct kstat *);
|
||||
void generic_fillattr(struct mnt_idmap *, struct inode *, struct kstat *);
|
||||
void generic_fill_statx_attr(struct inode *inode, struct kstat *stat);
|
||||
extern int vfs_getattr_nosec(const struct path *, struct kstat *, u32, unsigned int);
|
||||
extern int vfs_getattr(const struct path *, struct kstat *, u32, unsigned int);
|
||||
@@ -2887,9 +2881,9 @@ extern int dcache_dir_open(struct inode *, struct file *);
|
||||
extern int dcache_dir_close(struct inode *, struct file *);
|
||||
extern loff_t dcache_dir_lseek(struct file *, loff_t, int);
|
||||
extern int dcache_readdir(struct file *, struct dir_context *);
|
||||
extern int simple_setattr(struct user_namespace *, struct dentry *,
|
||||
extern int simple_setattr(struct mnt_idmap *, struct dentry *,
|
||||
struct iattr *);
|
||||
extern int simple_getattr(struct user_namespace *, const struct path *,
|
||||
extern int simple_getattr(struct mnt_idmap *, const struct path *,
|
||||
struct kstat *, u32, unsigned int);
|
||||
extern int simple_statfs(struct dentry *, struct kstatfs *);
|
||||
extern int simple_open(struct inode *inode, struct file *file);
|
||||
@@ -2898,7 +2892,7 @@ extern int simple_unlink(struct inode *, struct dentry *);
|
||||
extern int simple_rmdir(struct inode *, struct dentry *);
|
||||
extern int simple_rename_exchange(struct inode *old_dir, struct dentry *old_dentry,
|
||||
struct inode *new_dir, struct dentry *new_dentry);
|
||||
extern int simple_rename(struct user_namespace *, struct inode *,
|
||||
extern int simple_rename(struct mnt_idmap *, struct inode *,
|
||||
struct dentry *, struct inode *, struct dentry *,
|
||||
unsigned int);
|
||||
extern void simple_recursive_removal(struct dentry *,
|
||||
@@ -2940,11 +2934,11 @@ extern int generic_check_addressable(unsigned, u64);
|
||||
|
||||
extern void generic_set_encrypted_ci_d_ops(struct dentry *dentry);
|
||||
|
||||
int may_setattr(struct user_namespace *mnt_userns, struct inode *inode,
|
||||
int may_setattr(struct mnt_idmap *idmap, struct inode *inode,
|
||||
unsigned int ia_valid);
|
||||
int setattr_prepare(struct user_namespace *, struct dentry *, struct iattr *);
|
||||
int setattr_prepare(struct mnt_idmap *, struct dentry *, struct iattr *);
|
||||
extern int inode_newsize_ok(const struct inode *, loff_t offset);
|
||||
void setattr_copy(struct user_namespace *, struct inode *inode,
|
||||
void setattr_copy(struct mnt_idmap *, struct inode *inode,
|
||||
const struct iattr *attr);
|
||||
|
||||
extern int file_update_time(struct file *file);
|
||||
@@ -3111,13 +3105,13 @@ static inline bool is_sxid(umode_t mode)
|
||||
return mode & (S_ISUID | S_ISGID);
|
||||
}
|
||||
|
||||
static inline int check_sticky(struct user_namespace *mnt_userns,
|
||||
static inline int check_sticky(struct mnt_idmap *idmap,
|
||||
struct inode *dir, struct inode *inode)
|
||||
{
|
||||
if (!(dir->i_mode & S_ISVTX))
|
||||
return 0;
|
||||
|
||||
return __check_sticky(mnt_userns, dir, inode);
|
||||
return __check_sticky(idmap, dir, inode);
|
||||
}
|
||||
|
||||
static inline void inode_has_no_xattr(struct inode *inode)
|
||||
|
||||
Reference in New Issue
Block a user