Re: [PATCH] fs: fix regression querying for ACL on fs's that don't support them

From: Jeff Layton
Date: Sun Sep 10 2023 - 08:03:49 EST

Next message: Macpaul Lin: "Re: [PATCH] dt-bindings: arm64: dts: mediatek: add description for mt8365-evk board"
Previous message: kernel test robot: "kernel/bpf/hashtab.c:1059:30: sparse: sparse: incorrect type in assignment (different address spaces)"
In reply to: Christian Brauner: "Re: [PATCH] fs: fix regression querying for ACL on fs's that don't support them"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2023-09-10 at 12:14 +0200, Christian Brauner wrote:
> On Fri, Sep 08, 2023 at 05:05:27PM -0400, Jeff Layton wrote:
> > In the not too distant past, the VFS ACL infrastructure would return
> > -EOPNOTSUPP on filesystems (like NFS) that set SB_POSIXACL but that
> > don't supply a get_acl or get_inode_acl method. On more recent kernels
> > this returns -ENODATA, which breaks one method of detecting when ACLs
> > are supported.
> >
> > Fix __get_acl to also check whether the inode has a "get_(inode_)?acl"
> > method and to just return -EOPNOTSUPP if not.
> >
> > Reported-by: Ondrej Valousek <ondrej.valousek.xm@xxxxxxxxxxx>
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> > This patch is another approach to fixing this issue. I don't care too
> > much either way which approach we take, but this may fix the problem
> > for other filesystems too. Should we take a belt and suspenders
> > approach here and fix it in both places?
> > ---
> > fs/posix_acl.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> > index a05fe94970ce..4c7c62040c43 100644
> > --- a/fs/posix_acl.c
> > +++ b/fs/posix_acl.c
> > @@ -130,8 +130,12 @@ static struct posix_acl *__get_acl(struct mnt_idmap *idmap,
> > if (!is_uncached_acl(acl))
> > return acl;
> >
> > - if (!IS_POSIXACL(inode))
> > - return NULL;
> > + /*
> > + * NB: checking this after checking for a cached ACL allows tmpfs
> > + * (which doesn't specify a get_acl operation) to work properly.
> > + */
> > + if (!IS_POSIXACL(inode) || (!inode->i_op->get_acl && !inode->i_op->get_inode_acl))
> > + return ERR_PTR(-EOPNOTSUPP);
>
> Hmmm, I think that'll cause issues for permission checking during
> lookup:
>
> generic_permission()
> -> acl_permission_check()
> -> check_acl()
> -> get_inode_acl()
> -> __get_acl()
> // return ERR_PTR(-EOPNOTSUPP) instead of NULL
>
> Before this change this would've returned NULL and thus check_acl()
> would've returned EAGAIN which would've informed acl_permission_check()
> to continue with non-ACL based permission checking.
>
> Now you're going to error out with EOPNOTSUPP and cause permission
> checking to fallback to CAP_DAC_READ_SEARCH/CAP_DAC_OVERRIDE.
>
> So if you want this change you'll either need to change check_acl() as well.
> Unless I'm misreading.

Ok, I didn't see problems in testing this with xfstests, but maybe it
didn't tickle that bug in the right way.

Instead of this, what if we were to add a new SB_NOUMASK flag? NFS could
set that, and then we could fix the places that NFS needs to use that
instead. That might bring more clarity to this code -- SB_POSIXACL would
really mean that ACLs were supported.

I'll see what I can put together...

Thanks!
--
Jeff Layton <jlayton@xxxxxxxxxx>

Next message: Macpaul Lin: "Re: [PATCH] dt-bindings: arm64: dts: mediatek: add description for mt8365-evk board"
Previous message: kernel test robot: "kernel/bpf/hashtab.c:1059:30: sparse: sparse: incorrect type in assignment (different address spaces)"
In reply to: Christian Brauner: "Re: [PATCH] fs: fix regression querying for ACL on fs's that don't support them"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]