• Linus Torvalds's avatar
    Merge tag 'fs.idmapped.v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux · 5dfbfe71
    Linus Torvalds authored
    Pull fs idmapping updates from Christian Brauner:
     "This contains the work to enable the idmapping infrastructure to
      support idmapped mounts of filesystems mounted with an idmapping.
    
      In addition this contains various cleanups that avoid repeated
      open-coding of the same functionality and simplify the code in quite a
      few places.
    
      We also finish the renaming of the mapping helpers we started a few
      kernel releases back and move them to a dedicated header to not
      continue polluting the fs header needlessly with low-level idmapping
      helpers. With this series the fs header only contains idmapping
      helpers that interact with fs objects.
    
      Currently we only support idmapped mounts for filesystems mounted
      without an idmapping themselves. This was a conscious decision
      mentioned in multiple places (cf. [1]).
    
      As explained at length in [3] it is perfectly fine to extend support
      for idmapped mounts to filesystem's mounted with an idmapping should
      the need arise. The need has been there for some time now (cf. [2]).
    
      Before we can port any filesystem that is mountable with an idmapping
      to support idmapped mounts in the coming cycles, we need to first
      extend the mapping helpers to account for the filesystem's idmapping.
      This again, is explained at length in our documentation at [3] and
      also in the individual commit messages so here's an overview.
    
      Currently, the low-level mapping helpers implement the remapping
      algorithms described in [3] in a simplified manner as we could rely on
      the fact that all filesystems supporting idmapped mounts are mounted
      without an idmapping.
    
      In contrast, filesystems mounted with an idmapping are very likely to
      not use an identity mapping and will instead use a non-identity
      mapping. So the translation step from or into the filesystem's
      idmapping in the remapping algorithm cannot be skipped for such
      filesystems.
    
      Non-idmapped filesystems and filesystems not supporting idmapped
      mounts are unaffected by this change as the remapping algorithms can
      take the same shortcut as before. If the low-level helpers detect that
      they are dealing with an idmapped mount but the underlying filesystem
      is mounted without an idmapping we can rely on the previous shortcut
      and can continue to skip the translation step from or into the
      filesystem's idmapping. And of course, if the low-level helpers detect
      that they are not dealing with an idmapped mount they can simply
      return the relevant id unchanged; no remapping needs to be performed
      at all.
    
      These checks guarantee that only the minimal amount of work is
      performed. As before, if idmapped mounts aren't used the low-level
      helpers are idempotent and no work is performed at all"
    
    Link: 2ca4dcc4 ("fs/mount_setattr: tighten permission checks") [1]
    Link: https://github.com/containers/podman/issues/10374 [2]
    Link: Documentations/filesystems/idmappings.rst [3]
    Link: a65e58e7 ("fs: document and rename fsid helpers") [4]
    
    * tag 'fs.idmapped.v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
      fs: support mapped mounts of mapped filesystems
      fs: add i_user_ns() helper
      fs: port higher-level mapping helpers
      fs: remove unused low-level mapping helpers
      fs: use low-level mapping helpers
      docs: update mapping documentation
      fs: account for filesystem mappings
      fs: tweak fsuidgid_has_mapping()
      fs: move mapping helpers
      fs: add is_idmapped_mnt() helper
    5dfbfe71
xfs_inode.c 105 KB