On Tue, Sep 06, 2022 at 09:53:13AM +0200, Christoph Hellwig wrote: > On Tue, Sep 06, 2022 at 09:45:32AM +0200, Christian Brauner wrote: > > > structure type for the on-disk vs uapi ACL formats? They will be the > > > > We do already have separate format for uapi and VFS ACLs. I'm not sure > > if you're suggesting another intermediate format. > > Right now struct posix_acl_xattr_header and > struct posix_acl_xattr_entry is used both for the UAPI, and the > on-disk format of various file systems, despite the different cases > using different kinds of uids/gids. > > > I'm currently working on a larger series to get rid of the uapi struct > > abuse for POSIX ACLs. Building on that work Seth will get rid of similar > > abuses for VFS caps. I'm fairly close but the rough idea is: > > Can we just stop accessing ACLs through the xattrs ops at all, and > just have dedicated methods instead? This whole multiplexing of > ACLs through xattrs APIs has been an unmitigated disaster. IIuc then this is exactly what I tried to do (I have a still very hacky version of this approach in https://gitlab.com/brauner/linux/-/commits/fs.posix_acl.vfsuid/). I've tried switching all filesystem to simply rely on i_op->{g,s}et_acl() but this doesn't work for at least 9p and cifs because they need access to the dentry. cifs hasn't even implemented i_op->get_acl() and I don't think they can because of the lack of a dentry argument. The problem is not just that i_op->{g,s}et_acl() don't take a dentry argument it's in principle also super annoying to pass it to them because i_op->get_acl() is used to retrieve POSIX ACLs during permission checking and thus is called from generic_permission() and thus inode_permission() and I don't think we want or even can pass down a dentry everywhere for those. So I stopped short of finishing this implementation because of that. So in order to make this work for cifs and 9p we would probably need a new i_op method that is separate from the i_op->get_acl() one used in the acl_permission_check() and friends... > > Similar for all other "xattrs" that are not just user data and > interpreted by the kernel, but ACLs are by far the worst. I absolutely agree.
