On Mon, Dec 11, 2023 at 03:26:12PM +0100, Daniel Borkmann wrote: > On 12/7/23 4:57 AM, Jie Jiang wrote: > > Parse uid and gid in bpf_parse_param() so that they can be passed in as > > the `data` parameter when mount() bpffs. This will be useful when we > > want to control which user/group has the control to the mounted bpffs, > > otherwise a separate chown() call will be needed. > > > > Signed-off-by: Jie Jiang <jiejiang@xxxxxxxxxxxx> > > Acked-by: Mike Frysinger <vapier@xxxxxxxxxxxx> > > Acked-by: Christian Brauner <brauner@xxxxxxxxxx> > > Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx> > > --- > > v2 -> v3: Rebase to resolve conflicts. > > v1 -> v2: Add additional validation in bpf_parse_param() for if the > > requested uid/gid is representable in the fs's idmapping. > > > > include/linux/bpf.h | 2 ++ > > kernel/bpf/inode.c | 48 ++++++++++++++++++++++++++++++++++++++++++++- > > 2 files changed, 49 insertions(+), 1 deletion(-) > > Looks good, for clarity, should this be folded into the patch? > > Thanks, > Daniel > > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c > index 273d7e0cfbde..f5ca533c62af 100644 > --- a/kernel/bpf/inode.c > +++ b/kernel/bpf/inode.c > @@ -889,6 +889,8 @@ static int bpf_init_fs_context(struct fs_context *fc) > return -ENOMEM; > > opts->mode = S_IRWXUGO; > + opts->uid = GLOBAL_ROOT_UID; > + opts->gid = GLOBAL_ROOT_GID; I think you want opt->uid = current_fsuid(); opt->gid = current_fsgid(); because bpf_init_fs_context() is called from fsopen() which may be called inside a user namespace. Then you can just transfer s_fs_info->uid = opts->uid; s_fs_info->gid = opts->gid; and then always use: inode->i_uid = s_fs_info->uid; inode->i_gid = s_fs_info->gid; when initializing inodes. Otherwise looks good.
