| From foo@baz Thu Jun 30 01:35:30 PM CEST 2022 |
| From: Christian Brauner <brauner@kernel.org> |
| Date: Tue, 28 Jun 2022 14:16:13 +0200 |
| Subject: docs: update mapping documentation |
| To: Greg KH <gregkh@linuxfoundation.org> |
| Cc: Christian Brauner <christian.brauner@ubuntu.com>, stable@vger.kernel.org |
| Message-ID: <20220628121620.188722-6-brauner@kernel.org> |
| |
| From: Christian Brauner <christian.brauner@ubuntu.com> |
| |
| commit 8cc5c54de44c5e8e104d364a627ac4296845fc7f upstream. |
| |
| Now that we implement the full remapping algorithms described in our |
| documentation remove the section about shortcircuting them. |
| |
| Link: https://lore.kernel.org/r/20211123114227.3124056-6-brauner@kernel.org (v1) |
| Link: https://lore.kernel.org/r/20211130121032.3753852-6-brauner@kernel.org (v2) |
| Link: https://lore.kernel.org/r/20211203111707.3901969-6-brauner@kernel.org |
| Cc: Seth Forshee <sforshee@digitalocean.com> |
| Cc: Amir Goldstein <amir73il@gmail.com> |
| Cc: Christoph Hellwig <hch@lst.de> |
| Cc: Al Viro <viro@zeniv.linux.org.uk> |
| CC: linux-fsdevel@vger.kernel.org |
| Reviewed-by: Seth Forshee <sforshee@digitalocean.com> |
| Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
| Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| Documentation/filesystems/idmappings.rst | 72 ------------------------------- |
| 1 file changed, 72 deletions(-) |
| |
| --- a/Documentation/filesystems/idmappings.rst |
| +++ b/Documentation/filesystems/idmappings.rst |
| @@ -952,75 +952,3 @@ The raw userspace id that is put on disk |
| their home directory back to their home computer where they are assigned |
| ``u1000`` using the initial idmapping and mount the filesystem with the initial |
| idmapping they will see all those files owned by ``u1000``. |
| - |
| -Shortcircuting |
| --------------- |
| - |
| -Currently, the implementation of idmapped mounts enforces that the filesystem |
| -is mounted with the initial idmapping. The reason is simply that none of the |
| -filesystems that we targeted were mountable with a non-initial idmapping. But |
| -that might change soon enough. As we've seen above, thanks to the properties of |
| -idmappings the translation works for both filesystems mounted with the initial |
| -idmapping and filesystem with non-initial idmappings. |
| - |
| -Based on this current restriction to filesystem mounted with the initial |
| -idmapping two noticeable shortcuts have been taken: |
| - |
| -1. We always stash a reference to the initial user namespace in ``struct |
| - vfsmount``. Idmapped mounts are thus mounts that have a non-initial user |
| - namespace attached to them. |
| - |
| - In order to support idmapped mounts this needs to be changed. Instead of |
| - stashing the initial user namespace the user namespace the filesystem was |
| - mounted with must be stashed. An idmapped mount is then any mount that has |
| - a different user namespace attached then the filesystem was mounted with. |
| - This has no user-visible consequences. |
| - |
| -2. The translation algorithms in ``mapped_fs*id()`` and ``i_*id_into_mnt()`` |
| - are simplified. |
| - |
| - Let's consider ``mapped_fs*id()`` first. This function translates the |
| - caller's kernel id into a kernel id in the filesystem's idmapping via |
| - a mount's idmapping. The full algorithm is:: |
| - |
| - mapped_fsuid(kid): |
| - /* Map the kernel id up into a userspace id in the mount's idmapping. */ |
| - from_kuid(mount-idmapping, kid) = uid |
| - |
| - /* Map the userspace id down into a kernel id in the filesystem's idmapping. */ |
| - make_kuid(filesystem-idmapping, uid) = kuid |
| - |
| - We know that the filesystem is always mounted with the initial idmapping as |
| - we enforce this in ``mount_setattr()``. So this can be shortened to:: |
| - |
| - mapped_fsuid(kid): |
| - /* Map the kernel id up into a userspace id in the mount's idmapping. */ |
| - from_kuid(mount-idmapping, kid) = uid |
| - |
| - /* Map the userspace id down into a kernel id in the filesystem's idmapping. */ |
| - KUIDT_INIT(uid) = kuid |
| - |
| - Similarly, for ``i_*id_into_mnt()`` which translated the filesystem's kernel |
| - id into a mount's kernel id:: |
| - |
| - i_uid_into_mnt(kid): |
| - /* Map the kernel id up into a userspace id in the filesystem's idmapping. */ |
| - from_kuid(filesystem-idmapping, kid) = uid |
| - |
| - /* Map the userspace id down into a kernel id in the mounts's idmapping. */ |
| - make_kuid(mount-idmapping, uid) = kuid |
| - |
| - Again, we know that the filesystem is always mounted with the initial |
| - idmapping as we enforce this in ``mount_setattr()``. So this can be |
| - shortened to:: |
| - |
| - i_uid_into_mnt(kid): |
| - /* Map the kernel id up into a userspace id in the filesystem's idmapping. */ |
| - __kuid_val(kid) = uid |
| - |
| - /* Map the userspace id down into a kernel id in the mounts's idmapping. */ |
| - make_kuid(mount-idmapping, uid) = kuid |
| - |
| -Handling filesystems mounted with non-initial idmappings requires that the |
| -translation functions be converted to their full form. They can still be |
| -shortcircuited on non-idmapped mounts. This has no user-visible consequences. |
