On Thu, Nov 12, 2020 at 12:30:56AM +0000, Sargun Dhillon wrote: > On Wed, Nov 11, 2020 at 08:03:18PM +0000, Trond Myklebust wrote: > > On Wed, 2020-11-11 at 18:57 +0000, Sargun Dhillon wrote: > > > On Wed, Nov 11, 2020 at 02:38:11PM +0000, Trond Myklebust wrote: > > > > On Wed, 2020-11-11 at 11:12 +0000, Sargun Dhillon wrote: > > > > > > > > The current code for setting server->cred was developed > > > > independently > > > > of fsopen() (and predates it actually). I'm fine with the change to > > > > have server->cred be the cred of the user that called fsopen(). > > > > That's > > > > in line with what we used to do for sys_mount(). > > > > > > > Just curious, without FS_USERNS, how were you mounting NFSv4 in an > > > unprivileged user ns? > > > > The code was originally developed on a 5.1 kernel. So all my testing > > has been with ordinary sys_mount() calls in a container that had > > CAP_SYS_ADMIN privileges. > > > > > > However all the other stuff to throw errors when the user namespace > > > > is > > > > not init_user_ns introduces massive regressions. > > > > > > > > > > I can remove that and respin the patch. How do you feel about that? > > > I would > > > still like to keep the log lines though because it is a uapi change. > > > I am > > > worried that someone might exercise this path with GSS and allow for > > > upcalls > > > into the main namespaces by accident -- or be confused of why they're > > > seeing > > > upcalls "in a different namespace". > > > > > > Are you okay with picking up ("NFS: NFSv2/NFSv3: Use cred from > > > fs_context during > > > mount") without any changes? > > > > Why do we need the dprintk()s? It seems to me that either they should > > be reporting something that the user needs to know (in which case they > > should be real printk()s) or they are telling us something that we > > should already know. To me they seem to fit more in the latter > > category. > > > > > > > > I can respin ("NFSv4: Refactor NFS to use user namespaces") without: > > > /* > > > * nfs4idmap is not fully isolated by user namespaces. It is > > > currently > > > * only network namespace aware. If upcalls never happen, we do not > > > * need to worry as nfs_client instances aren't shared between > > > * user namespaces. > > > */ > > > if (idmap_userns(server->nfs_client->cl_idmap) != &init_user_ns && > > > !(server->caps & NFS_CAP_UIDGID_NOMAP)) { > > > error = -EINVAL; > > > errorf(fc, "Mount credentials are from non init user > > > namespace and ID mapping is enabled. This is not allowed."); > > > goto error; > > > } > > > > > > (and making it so we can call idmap_userns) > > > > > > > Yes. That would be acceptable. Again, though, I'd like to see the > > dprintk()s gone. > > > > I can drop the dprintks, but given this is a uapi change, does it make sense to > pr_info_once? Especially, because this can have security impact? Spending 5 minutes thinking about this, I think that best go out in another patch that I can spin, and we can discuss there.