userns: Convert group_info values from gid_t to kgid_t.

As a first step to converting struct cred to be all kuid_t and kgid_t values convert the group values stored in group_info to always be kgid_t values. Unless user namespaces are used this change should have no effect. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2011-11-14 18:56:38 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-05-03 06:27:21 -0400
commit: ae2975bc3476243b45a1e2344236d7920c268f38 (patch)
tree: e4b2a8472f6047734b6e7e2bdc994375b2790323 /kernel/groups.c
parent: 22d917d80e842829d0ca0a561967d728eb1d6303 (diff)
1 files changed, 25 insertions, 23 deletions
diff --git a/kernel/groups.c b/kernel/groups.c
index 99b53d1eb7ea..84156f2d4c8c 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -31,7 +31,7 @@ struct group_info *groups_alloc(int gidsetsize)
                group_info->blocks[0] = group_info->small_block;
        else {
                for (i = 0; i < nblocks; i++) {
-                        gid_t *b;
+                        kgid_t *b;
                        b = (void *)__get_free_page(GFP_USER);
                        if (!b)
                                goto out_undo_partial_alloc;
@@ -66,18 +66,15 @@ EXPORT_SYMBOL(groups_free);
 static int groups_to_user(gid_t __user *grouplist,
                          const struct group_info *group_info)
 {
+        struct user_namespace *user_ns = current_user_ns();
        int i;
        unsigned int count = group_info->ngroups;
-        for (i = 0; i < group_info->nblocks; i++) {
+        for (i = 0; i < count; i++) {
-                unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
+                gid_t gid;
-                unsigned int len = cp_count * sizeof(*grouplist);
+                gid = from_kgid_munged(user_ns, GROUP_AT(group_info, i));
+                if (put_user(gid, grouplist+i))
-                if (copy_to_user(grouplist, group_info->blocks[i], len))
                        return -EFAULT;
-                grouplist += NGROUPS_PER_BLOCK;
-                count -= cp_count;
        }
        return 0;
 }
@@ -86,18 +83,21 @@ static int groups_to_user(gid_t __user *grouplist,
 static int groups_from_user(struct group_info *group_info,
    gid_t __user *grouplist)
 {
+        struct user_namespace *user_ns = current_user_ns();
        int i;
        unsigned int count = group_info->ngroups;
-        for (i = 0; i < group_info->nblocks; i++) {
+        for (i = 0; i < count; i++) {
-                unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
+                gid_t gid;
-                unsigned int len = cp_count * sizeof(*grouplist);
+                kgid_t kgid;
+                if (get_user(gid, grouplist+i))
-                if (copy_from_user(group_info->blocks[i], grouplist, len))
                        return -EFAULT;
-                grouplist += NGROUPS_PER_BLOCK;
+                kgid = make_kgid(user_ns, gid);
-                count -= cp_count;
+                if (!gid_valid(kgid))
+                        return -EINVAL;
+                GROUP_AT(group_info, i) = kgid;
        }
        return 0;
 }
@@ -117,9 +117,9 @@ static void groups_sort(struct group_info *group_info)
                for (base = 0; base < max; base++) {
                        int left = base;
                        int right = left + stride;
-                        gid_t tmp = GROUP_AT(group_info, right);
+                        kgid_t tmp = GROUP_AT(group_info, right);
-                        while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
+                        while (left >= 0 && gid_gt(GROUP_AT(group_info, left), tmp)) {
                                GROUP_AT(group_info, right) =
                                    GROUP_AT(group_info, left);
                                right = left;
@@ -132,7 +132,7 @@ static void groups_sort(struct group_info *group_info)
 }
 /* a simple bsearch */
-int groups_search(const struct group_info *group_info, gid_t grp)
+int groups_search(const struct group_info *group_info, kgid_t grp)
 {
        unsigned int left, right;
@@ -143,9 +143,9 @@ int groups_search(const struct group_info *group_info, gid_t grp)
        right = group_info->ngroups;
        while (left < right) {
                unsigned int mid = (left+right)/2;
-                if (grp > GROUP_AT(group_info, mid))
+                if (gid_gt(grp, GROUP_AT(group_info, mid)))
                        left = mid + 1;
-                else if (grp < GROUP_AT(group_info, mid))
+                else if (gid_lt(grp, GROUP_AT(group_info, mid)))
                        right = mid;
                else
                        return 1;
@@ -262,7 +262,8 @@ int in_group_p(gid_t grp)
        int retval = 1;
        if (grp != cred->fsgid)
-                retval = groups_search(cred->group_info, grp);
+                retval = groups_search(cred->group_info,
+                                       make_kgid(cred->user_ns, grp));
        return retval;
 }
@@ -274,7 +275,8 @@ int in_egroup_p(gid_t grp)
        int retval = 1;
        if (grp != cred->egid)
-                retval = groups_search(cred->group_info, grp);
+                retval = groups_search(cred->group_info,
+                                       make_kgid(cred->user_ns, grp));
        return retval;
 }
author	Eric W. Biederman <ebiederm@xmission.com>	2011-11-14 18:56:38 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-05-03 06:27:21 -0400
commit	ae2975bc3476243b45a1e2344236d7920c268f38 (patch)
tree	e4b2a8472f6047734b6e7e2bdc994375b2790323 /kernel/groups.c
parent	22d917d80e842829d0ca0a561967d728eb1d6303 (diff)

diff --git a/kernel/groups.c b/kernel/groups.c index 99b53d1eb7ea..84156f2d4c8c 100644 --- a/kernel/groups.c +++ b/kernel/groups.c
@@ -31,7 +31,7 @@ struct group_info *groups_alloc(int gidsetsize)
31	group_info->blocks[0] = group_info->small_block;	31	group_info->blocks[0] = group_info->small_block;
32	else {	32	else {
33	for (i = 0; i < nblocks; i++) {	33	for (i = 0; i < nblocks; i++) {
34	gid_t *b;	34	kgid_t *b;
35	b = (void *)__get_free_page(GFP_USER);	35	b = (void *)__get_free_page(GFP_USER);
36	if (!b)	36	if (!b)
37	goto out_undo_partial_alloc;	37	goto out_undo_partial_alloc;
@@ -66,18 +66,15 @@ EXPORT_SYMBOL(groups_free);
66	static int groups_to_user(gid_t __user *grouplist,	66	static int groups_to_user(gid_t __user *grouplist,
67	const struct group_info *group_info)	67	const struct group_info *group_info)
68	{	68	{
		69	struct user_namespace *user_ns = current_user_ns();
69	int i;	70	int i;
70	unsigned int count = group_info->ngroups;	71	unsigned int count = group_info->ngroups;
71		72
72	for (i = 0; i < group_info->nblocks; i++) {	73	for (i = 0; i < count; i++) {
73	unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);	74	gid_t gid;
74	unsigned int len = cp_count * sizeof(*grouplist);	75	gid = from_kgid_munged(user_ns, GROUP_AT(group_info, i));
75		76	if (put_user(gid, grouplist+i))
76	if (copy_to_user(grouplist, group_info->blocks[i], len))
77	return -EFAULT;	77	return -EFAULT;
78
79	grouplist += NGROUPS_PER_BLOCK;
80	count -= cp_count;
81	}	78	}
82	return 0;	79	return 0;
83	}	80	}
@@ -86,18 +83,21 @@ static int groups_to_user(gid_t __user *grouplist,
86	static int groups_from_user(struct group_info *group_info,	83	static int groups_from_user(struct group_info *group_info,
87	gid_t __user *grouplist)	84	gid_t __user *grouplist)
88	{	85	{
		86	struct user_namespace *user_ns = current_user_ns();
89	int i;	87	int i;
90	unsigned int count = group_info->ngroups;	88	unsigned int count = group_info->ngroups;
91		89
92	for (i = 0; i < group_info->nblocks; i++) {	90	for (i = 0; i < count; i++) {
93	unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);	91	gid_t gid;
94	unsigned int len = cp_count * sizeof(*grouplist);	92	kgid_t kgid;
95		93	if (get_user(gid, grouplist+i))
96	if (copy_from_user(group_info->blocks[i], grouplist, len))
97	return -EFAULT;	94	return -EFAULT;
98		95
99	grouplist += NGROUPS_PER_BLOCK;	96	kgid = make_kgid(user_ns, gid);
100	count -= cp_count;	97	if (!gid_valid(kgid))
		98	return -EINVAL;
		99
		100	GROUP_AT(group_info, i) = kgid;
101	}	101	}
102	return 0;	102	return 0;
103	}	103	}
@@ -117,9 +117,9 @@ static void groups_sort(struct group_info *group_info)
117	for (base = 0; base < max; base++) {	117	for (base = 0; base < max; base++) {
118	int left = base;	118	int left = base;
119	int right = left + stride;	119	int right = left + stride;
120	gid_t tmp = GROUP_AT(group_info, right);	120	kgid_t tmp = GROUP_AT(group_info, right);
121		121
122	while (left >= 0 && GROUP_AT(group_info, left) > tmp) {	122	while (left >= 0 && gid_gt(GROUP_AT(group_info, left), tmp)) {
123	GROUP_AT(group_info, right) =	123	GROUP_AT(group_info, right) =
124	GROUP_AT(group_info, left);	124	GROUP_AT(group_info, left);
125	right = left;	125	right = left;
@@ -132,7 +132,7 @@ static void groups_sort(struct group_info *group_info)
132	}	132	}
133		133
134	/* a simple bsearch */	134	/* a simple bsearch */
135	int groups_search(const struct group_info *group_info, gid_t grp)	135	int groups_search(const struct group_info *group_info, kgid_t grp)
136	{	136	{
137	unsigned int left, right;	137	unsigned int left, right;
138		138
@@ -143,9 +143,9 @@ int groups_search(const struct group_info *group_info, gid_t grp)
143	right = group_info->ngroups;	143	right = group_info->ngroups;
144	while (left < right) {	144	while (left < right) {
145	unsigned int mid = (left+right)/2;	145	unsigned int mid = (left+right)/2;
146	if (grp > GROUP_AT(group_info, mid))	146	if (gid_gt(grp, GROUP_AT(group_info, mid)))
147	left = mid + 1;	147	left = mid + 1;
148	else if (grp < GROUP_AT(group_info, mid))	148	else if (gid_lt(grp, GROUP_AT(group_info, mid)))
149	right = mid;	149	right = mid;
150	else	150	else
151	return 1;	151	return 1;
@@ -262,7 +262,8 @@ int in_group_p(gid_t grp)
262	int retval = 1;	262	int retval = 1;
263		263
264	if (grp != cred->fsgid)	264	if (grp != cred->fsgid)
265	retval = groups_search(cred->group_info, grp);	265	retval = groups_search(cred->group_info,
		266	make_kgid(cred->user_ns, grp));
266	return retval;	267	return retval;
267	}	268	}
268		269
@@ -274,7 +275,8 @@ int in_egroup_p(gid_t grp)
274	int retval = 1;	275	int retval = 1;
275		276
276	if (grp != cred->egid)	277	if (grp != cred->egid)
277	retval = groups_search(cred->group_info, grp);	278	retval = groups_search(cred->group_info,
		279	make_kgid(cred->user_ns, grp));
278	return retval;	280	return retval;
279	}	281	}
280		282