qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

shmem: support idmapped mounts for tmpfs 

JIRA: https://issues.redhat.com/browse/RHEL-23900

Conflicts:
- the upstream version uses the "struct mnt_idmap" while the backport
  uses the type "struct user_namespace" since the upstream changes to
  move from user_namespace to mnt_idmap were not backported.
- the second argument to the posix_acl_chmod() call is different, as
  it passes the inode instead of the dentry.  It was changed upstream
  by commit 138060ba92b3b0d77c8e6818d0f33398b23ea42e.

Tested: manually created Podman containers with idmapped volumes on tmpfs

commit 7a80e5b8c6fa7d0ae6624bd6aedc4a6a1cfc62fa
Author: Giuseppe Scrivano <gscrivan@redhat.com>
Date:   Fri Jan 20 10:43:46 2023 +0100

    shmem: support idmapped mounts for tmpfs

    This patch enables idmapped mounts for tmpfs when CONFIG_SHMEM is defined.
    Since all dedicated helpers for this functionality exist, in this
    patch we just pass down the idmap argument from the VFS methods to the
    relevant helpers.

    Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
    Tested-by: Christian Brauner (Microsoft) <brauner@kernel.org>
    Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
    Reviewed-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
    Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2023-01-20 10:43:46 +01:00
parent 73043ff05f
commit 892da692fa
No known key found for this signature in database
GPG Key ID: 67E38F7A8BA21772
1 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
mm/shmem.c
View File

@ -1072,7 +1072,7 @@ static int shmem_getattr(struct user_namespace *mnt_userns,
stat->attributes_mask |= (STATX_ATTR_APPEND | stat->attributes_mask |= (STATX_ATTR_APPEND |
STATX_ATTR_IMMUTABLE | STATX_ATTR_IMMUTABLE |
STATX_ATTR_NODUMP); STATX_ATTR_NODUMP);
generic_fillattr(&init_user_ns, inode, stat); generic_fillattr(mnt_userns, inode, stat);
if (shmem_is_huge(inode, 0, false, NULL, 0)) if (shmem_is_huge(inode, 0, false, NULL, 0))
stat->blksize = HPAGE_PMD_SIZE; stat->blksize = HPAGE_PMD_SIZE;
@ -1095,7 +1095,7 @@ static int shmem_setattr(struct user_namespace *mnt_userns,
bool update_mtime = false; bool update_mtime = false;
bool update_ctime = true; bool update_ctime = true;
error = setattr_prepare(&init_user_ns, dentry, attr); error = setattr_prepare(mnt_userns, dentry, attr);
if (error) if (error)
return error; return error;
@ -1139,9 +1139,9 @@ static int shmem_setattr(struct user_namespace *mnt_userns,
} }
} }
setattr_copy(&init_user_ns, inode, attr); setattr_copy(mnt_userns, inode, attr);
if (attr->ia_valid & ATTR_MODE) if (attr->ia_valid & ATTR_MODE)
error = posix_acl_chmod(&init_user_ns, inode, inode->i_mode); error = posix_acl_chmod(mnt_userns, inode, inode->i_mode);
if (!error && update_ctime) { if (!error && update_ctime) {
inode->i_ctime = current_time(inode); inode->i_ctime = current_time(inode);
if (update_mtime) if (update_mtime)
@ -2351,8 +2351,9 @@ static void shmem_set_inode_flags(struct inode *inode, unsigned int fsflags)
#define shmem_initxattrs NULL #define shmem_initxattrs NULL
#endif #endif
static struct inode *shmem_get_inode(struct super_block *sb, struct inode *dir, static struct inode *shmem_get_inode(struct user_namespace *mnt_userns, struct super_block *sb,
umode_t mode, dev_t dev, unsigned long flags) struct inode *dir, umode_t mode, dev_t dev,
unsigned long flags)
{ {
struct inode *inode; struct inode *inode;
struct shmem_inode_info *info; struct shmem_inode_info *info;
@ -2365,7 +2366,7 @@ static struct inode *shmem_get_inode(struct super_block *sb, struct inode *dir,
inode = new_inode(sb); inode = new_inode(sb);
if (inode) { if (inode) {
inode->i_ino = ino; inode->i_ino = ino;
inode_init_owner(&init_user_ns, inode, dir, mode); inode_init_owner(mnt_userns, inode, dir, mode);
inode->i_blocks = 0; inode->i_blocks = 0;
inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
inode->i_generation = get_random_u32(); inode->i_generation = get_random_u32();
@ -2933,7 +2934,7 @@ shmem_mknod(struct user_namespace *mnt_userns, struct inode *dir,
struct inode *inode; struct inode *inode;
int error = -ENOSPC; int error = -ENOSPC;
inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE); inode = shmem_get_inode(mnt_userns, dir->i_sb, dir, mode, dev, VM_NORESERVE);
if (inode) { if (inode) {
error = simple_acl_create(dir, inode); error = simple_acl_create(dir, inode);
if (error) if (error)
@ -2964,7 +2965,7 @@ shmem_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
struct inode *inode; struct inode *inode;
int error = -ENOSPC; int error = -ENOSPC;
inode = shmem_get_inode(dir->i_sb, dir, mode, 0, VM_NORESERVE); inode = shmem_get_inode(mnt_userns, dir->i_sb, dir, mode, 0, VM_NORESERVE);
if (inode) { if (inode) {
error = security_inode_init_security(inode, dir, error = security_inode_init_security(inode, dir,
NULL, NULL,
@ -2987,8 +2988,8 @@ static int shmem_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
{ {
int error; int error;
if ((error = shmem_mknod(&init_user_ns, dir, dentry, error = shmem_mknod(mnt_userns, dir, dentry, mode | S_IFDIR, 0);
mode | S_IFDIR, 0))) if (error)
return error; return error;
inc_nlink(dir); inc_nlink(dir);
return 0; return 0;
@ -2997,7 +2998,7 @@ static int shmem_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
static int shmem_create(struct user_namespace *mnt_userns, struct inode *dir, static int shmem_create(struct user_namespace *mnt_userns, struct inode *dir,
struct dentry *dentry, umode_t mode, bool excl) struct dentry *dentry, umode_t mode, bool excl)
{ {
return shmem_mknod(&init_user_ns, dir, dentry, mode | S_IFREG, 0); return shmem_mknod(mnt_userns, dir, dentry, mode | S_IFREG, 0);
} }
/* /*
@ -3067,7 +3068,7 @@ static int shmem_whiteout(struct user_namespace *mnt_userns,
if (!whiteout) if (!whiteout)
return -ENOMEM; return -ENOMEM;
error = shmem_mknod(&init_user_ns, old_dir, whiteout, error = shmem_mknod(mnt_userns, old_dir, whiteout,
S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV); S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
dput(whiteout); dput(whiteout);
if (error) if (error)
@ -3110,7 +3111,7 @@ static int shmem_rename2(struct user_namespace *mnt_userns,
if (flags & RENAME_WHITEOUT) { if (flags & RENAME_WHITEOUT) {
int error; int error;
error = shmem_whiteout(&init_user_ns, old_dir, old_dentry); error = shmem_whiteout(mnt_userns, old_dir, old_dentry);
if (error) if (error)
return error; return error;
} }
@ -3148,7 +3149,7 @@ static int shmem_symlink(struct user_namespace *mnt_userns, struct inode *dir,
if (len > PAGE_SIZE) if (len > PAGE_SIZE)
return -ENAMETOOLONG; return -ENAMETOOLONG;
inode = shmem_get_inode(dir->i_sb, dir, S_IFLNK | 0777, 0, inode = shmem_get_inode(mnt_userns, dir->i_sb, dir, S_IFLNK | 0777, 0,
VM_NORESERVE); VM_NORESERVE);
if (!inode) if (!inode)
return -ENOSPC; return -ENOSPC;
@ -3831,7 +3832,8 @@ static int shmem_fill_super(struct super_block *sb, struct fs_context *fc)
#endif #endif
uuid_gen(&sb->s_uuid); uuid_gen(&sb->s_uuid);
inode = shmem_get_inode(sb, NULL, S_IFDIR | sbinfo->mode, 0, VM_NORESERVE); inode = shmem_get_inode(&init_user_ns, sb, NULL, S_IFDIR | sbinfo->mode, 0,
VM_NORESERVE);
if (!inode) if (!inode)
goto failed; goto failed;
inode->i_uid = sbinfo->uid; inode->i_uid = sbinfo->uid;
@ -4055,7 +4057,11 @@ static struct file_system_type shmem_fs_type = {
.parameters = shmem_fs_parameters, .parameters = shmem_fs_parameters,
#endif #endif
.kill_sb = kill_litter_super, .kill_sb = kill_litter_super,
#ifdef CONFIG_SHMEM
.fs_flags = FS_USERNS_MOUNT | FS_ALLOW_IDMAP,
#else
.fs_flags = FS_USERNS_MOUNT, .fs_flags = FS_USERNS_MOUNT,
#endif
}; };
void __init shmem_init(void) void __init shmem_init(void)
@ -4207,7 +4213,7 @@ EXPORT_SYMBOL_GPL(shmem_truncate_range);
#define shmem_vm_ops generic_file_vm_ops #define shmem_vm_ops generic_file_vm_ops
#define shmem_anon_vm_ops generic_file_vm_ops #define shmem_anon_vm_ops generic_file_vm_ops
#define shmem_file_operations ramfs_file_operations #define shmem_file_operations ramfs_file_operations
#define shmem_get_inode(sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev) #define shmem_get_inode(idmap, sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev)
#define shmem_acct_size(flags, size) 0 #define shmem_acct_size(flags, size) 0
#define shmem_unacct_size(flags, size) do {} while (0) #define shmem_unacct_size(flags, size) do {} while (0)
@ -4230,8 +4236,11 @@ static struct file *__shmem_file_setup(struct vfsmount *mnt, const char *name, l
if (shmem_acct_size(flags, size)) if (shmem_acct_size(flags, size))
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
inode = shmem_get_inode(mnt->mnt_sb, NULL, S_IFREG | S_IRWXUGO, 0, if (is_idmapped_mnt(mnt))
flags); return ERR_PTR(-EINVAL);
inode = shmem_get_inode(&init_user_ns, mnt->mnt_sb, NULL,
S_IFREG | S_IRWXUGO, 0, flags);
if (unlikely(!inode)) { if (unlikely(!inode)) {
shmem_unacct_size(flags, size); shmem_unacct_size(flags, size);
return ERR_PTR(-ENOSPC); return ERR_PTR(-ENOSPC);