• Christian Brauner's avatar
    fs: fix acl translation · 705191b0
    Christian Brauner authored
    Last cycle we extended the idmapped mounts infrastructure to support
    idmapped mounts of idmapped filesystems (No such filesystem yet exist.).
    Since then, the meaning of an idmapped mount is a mount whose idmapping
    is different from the filesystems idmapping.
    
    While doing that work we missed to adapt the acl translation helpers.
    They still assume that checking for the identity mapping is enough.  But
    they need to use the no_idmapping() helper instead.
    
    Note, POSIX ACLs are always translated right at the userspace-kernel
    boundary using the caller's current idmapping and the initial idmapping.
    The order depends on whether we're coming from or going to userspace.
    The filesystem's idmapping doesn't matter at the border.
    
    Consequently, if a non-idmapped mount is passed we need to make sure to
    always pass the initial idmapping as the mount's idmapping and not the
    filesystem idmapping.  Since it's irrelevant here it would yield invalid
    ids and prevent setting acls for filesystems that are mountable in a
    userns and support posix acls (tmpfs and fuse).
    
    I verified the regression reported in [1] and verified that this patch
    fixes it.  A regression test will be added to xfstests in parallel.
    
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=215849 [1]
    Fixes: bd303368 ("fs: support mapped mounts of mapped filesystems")
    Cc: Seth Forshee <sforshee@digitalocean.com>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: <stable@vger.kernel.org> # 5.17
    Cc: <regressions@lists.linux.dev>
    Signed-off-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    705191b0
posix_acl.c 24.1 KB