userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs

Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-03-04 00:17:15 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-05-03 06:29:34 -0400
commit: 8e96e3b7b8407be794ab1fd8e4b332818a358e78 (patch)
tree: f27756bb2ec49e586221ac669ea00c68e8a2ee58
parent: 72cda3d1ef24ab0a9a89c15e9776ca737b75f45a (diff)
7 files changed, 21 insertions, 21 deletions
diff --git a/fs/attr.c b/fs/attr.c
index 73f69a6ce9ed..584620e5dee5 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -47,14 +47,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
        /* Make sure a caller can chown. */
        if ((ia_valid & ATTR_UID) &&
-            (current_fsuid() != inode->i_uid ||
+            (!uid_eq(current_fsuid(), inode->i_uid) ||
-             attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))
+             !uid_eq(attr->ia_uid, inode->i_uid)) && !capable(CAP_CHOWN))
                return -EPERM;
        /* Make sure caller can chgrp. */
        if ((ia_valid & ATTR_GID) &&
-            (current_fsuid() != inode->i_uid ||
+            (!uid_eq(current_fsuid(), inode->i_uid) ||
-            (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
+            (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
            !capable(CAP_CHOWN))
                return -EPERM;
diff --git a/fs/exec.c b/fs/exec.c
index 9a1d9f0a60ab..00ae2ef100d8 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm)
        /* This is the point of no return */
        current->sas_ss_sp = current->sas_ss_size = 0;
-        if (current_euid() == current_uid() && current_egid() == current_gid())
+        if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
                set_dumpable(current->mm, 1);
        else
                set_dumpable(current->mm, suid_dumpable);
@@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm)
        current->mm->task_size = TASK_SIZE;
        /* install the new credentials */
-        if (bprm->cred->uid != current_euid() ||
+        if (!uid_eq(bprm->cred->uid, current_euid()) ||
-            bprm->cred->gid != current_egid()) {
+            !gid_eq(bprm->cred->gid, current_egid())) {
                current->pdeath_signal = 0;
        } else {
                would_dump(bprm, bprm->file);
@@ -2120,7 +2120,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
        if (__get_dumpable(cprm.mm_flags) == 2) {
                /* Setuid core dump mode */
                flag = O_EXCL;          /* Stop rewrite attacks */
-                cred->fsuid = 0;        /* Dump root private */
+                cred->fsuid = GLOBAL_ROOT_UID;  /* Dump root private */
        }
        retval = coredump_wait(exit_code, &core_state);
@@ -2221,7 +2221,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
                 * Dont allow local users get cute and trick others to coredump
                 * into their pre-created files.
                 */
-                if (inode->i_uid != current_fsuid())
+                if (!uid_eq(inode->i_uid, current_fsuid()))
                        goto close_fail;
                if (!cprm.file->f_op || !cprm.file->f_op->write)
                        goto close_fail;
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 75e7c1f3a080..d078b75572a7 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -532,9 +532,9 @@ static inline int sigio_perm(struct task_struct *p,
        rcu_read_lock();
        cred = __task_cred(p);
-        ret = ((fown->euid == 0 ||
+        ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) ||
-                fown->euid == cred->suid || fown->euid == cred->uid ||
+                uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) ||
-                fown->uid  == cred->suid || fown->uid  == cred->uid) &&
+                uid_eq(fown->uid,  cred->suid) || uid_eq(fown->uid,  cred->uid)) &&
               !security_file_send_sigiotask(p, fown, sig));
        rcu_read_unlock();
        return ret;
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 2072e41785d2..5e6dbe8958fc 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -37,8 +37,8 @@ int set_task_ioprio(struct task_struct *task, int ioprio)
        rcu_read_lock();
        tcred = __task_cred(task);
-        if (tcred->uid != cred->euid &&
+        if (!uid_eq(tcred->uid, cred->euid) &&
-            tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) {
+            !uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) {
                rcu_read_unlock();
                return -EPERM;
        }
diff --git a/fs/locks.c b/fs/locks.c
index 637694bf3a03..3e946cda98c6 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1445,7 +1445,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
        struct inode *inode = dentry->d_inode;
        int error;
-        if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE))
+        if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
                return -EACCES;
        if (!S_ISREG(inode->i_mode))
                return -EINVAL;
diff --git a/fs/namei.c b/fs/namei.c
index 941c4362e298..86512b4d38fd 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -228,7 +228,7 @@ static int acl_permission_check(struct inode *inode, int mask)
 {
        unsigned int mode = inode->i_mode;
-        if (likely(current_fsuid() == inode->i_uid))
+        if (likely(uid_eq(current_fsuid(), inode->i_uid)))
                mode >>= 6;
        else {
                if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
@@ -1956,13 +1956,13 @@ static int user_path_parent(int dfd, const char __user *path,
 */
 static inline int check_sticky(struct inode *dir, struct inode *inode)
 {
-        uid_t fsuid = current_fsuid();
+        kuid_t fsuid = current_fsuid();
        if (!(dir->i_mode & S_ISVTX))
                return 0;
-        if (inode->i_uid == fsuid)
+        if (uid_eq(inode->i_uid, fsuid))
                return 0;
-        if (dir->i_uid == fsuid)
+        if (uid_eq(dir->i_uid, fsuid))
                return 0;
        return !inode_capable(inode, CAP_FOWNER);
 }
diff --git a/include/linux/quotaops.h b/include/linux/quotaops.h
index d93f95e6177c..17b977304a09 100644
--- a/include/linux/quotaops.h
+++ b/include/linux/quotaops.h
@@ -22,8 +22,8 @@ static inline struct quota_info *sb_dqopt(struct super_block *sb)
 static inline bool is_quota_modification(struct inode *inode, struct iattr *ia)
 {
        return (ia->ia_valid & ATTR_SIZE && ia->ia_size != inode->i_size) ||
-                (ia->ia_valid & ATTR_UID && ia->ia_uid != inode->i_uid) ||
+                (ia->ia_valid & ATTR_UID && !uid_eq(ia->ia_uid, inode->i_uid)) ||
-                (ia->ia_valid & ATTR_GID && ia->ia_gid != inode->i_gid);
+                (ia->ia_valid & ATTR_GID && !gid_eq(ia->ia_gid, inode->i_gid));
 }
 #if defined(CONFIG_QUOTA)
author	Eric W. Biederman <ebiederm@xmission.com>	2012-03-04 00:17:15 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-05-03 06:29:34 -0400
commit	8e96e3b7b8407be794ab1fd8e4b332818a358e78 (patch)
tree	f27756bb2ec49e586221ac669ea00c68e8a2ee58
parent	72cda3d1ef24ab0a9a89c15e9776ca737b75f45a (diff)

diff --git a/fs/attr.c b/fs/attr.c index 73f69a6ce9ed..584620e5dee5 100644 --- a/fs/attr.c +++ b/fs/attr.c
@@ -47,14 +47,14 @@ int inode_change_ok(const struct inode inode, struct iattr attr)
47		47
48	/* Make sure a caller can chown. */	48	/* Make sure a caller can chown. */
49	if ((ia_valid & ATTR_UID) &&	49	if ((ia_valid & ATTR_UID) &&
50	(current_fsuid() != inode->i_uid \|\|	50	(!uid_eq(current_fsuid(), inode->i_uid) \|\|
51	attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))	51	!uid_eq(attr->ia_uid, inode->i_uid)) && !capable(CAP_CHOWN))
52	return -EPERM;	52	return -EPERM;
53		53
54	/* Make sure caller can chgrp. */	54	/* Make sure caller can chgrp. */
55	if ((ia_valid & ATTR_GID) &&	55	if ((ia_valid & ATTR_GID) &&
56	(current_fsuid() != inode->i_uid \|\|	56	(!uid_eq(current_fsuid(), inode->i_uid) \|\|
57	(!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&	57	(!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
58	!capable(CAP_CHOWN))	58	!capable(CAP_CHOWN))
59	return -EPERM;	59	return -EPERM;
60		60


diff --git a/fs/exec.c b/fs/exec.c index 9a1d9f0a60ab..00ae2ef100d8 100644 --- a/fs/exec.c +++ b/fs/exec.c
@@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm)
1139	/* This is the point of no return */	1139	/* This is the point of no return */
1140	current->sas_ss_sp = current->sas_ss_size = 0;	1140	current->sas_ss_sp = current->sas_ss_size = 0;
1141		1141
1142	if (current_euid() == current_uid() && current_egid() == current_gid())	1142	if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
1143	set_dumpable(current->mm, 1);	1143	set_dumpable(current->mm, 1);
1144	else	1144	else
1145	set_dumpable(current->mm, suid_dumpable);	1145	set_dumpable(current->mm, suid_dumpable);
@@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm)
1153	current->mm->task_size = TASK_SIZE;	1153	current->mm->task_size = TASK_SIZE;
1154		1154
1155	/* install the new credentials */	1155	/* install the new credentials */
1156	if (bprm->cred->uid != current_euid() \|\|	1156	if (!uid_eq(bprm->cred->uid, current_euid()) \|\|
1157	bprm->cred->gid != current_egid()) {	1157	!gid_eq(bprm->cred->gid, current_egid())) {
1158	current->pdeath_signal = 0;	1158	current->pdeath_signal = 0;
1159	} else {	1159	} else {
1160	would_dump(bprm, bprm->file);	1160	would_dump(bprm, bprm->file);
@@ -2120,7 +2120,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
2120	if (__get_dumpable(cprm.mm_flags) == 2) {	2120	if (__get_dumpable(cprm.mm_flags) == 2) {
2121	/* Setuid core dump mode */	2121	/* Setuid core dump mode */
2122	flag = O_EXCL; /* Stop rewrite attacks */	2122	flag = O_EXCL; /* Stop rewrite attacks */
2123	cred->fsuid = 0; /* Dump root private */	2123	cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */
2124	}	2124	}
2125		2125
2126	retval = coredump_wait(exit_code, &core_state);	2126	retval = coredump_wait(exit_code, &core_state);
@@ -2221,7 +2221,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
2221	* Dont allow local users get cute and trick others to coredump	2221	* Dont allow local users get cute and trick others to coredump
2222	* into their pre-created files.	2222	* into their pre-created files.
2223	*/	2223	*/
2224	if (inode->i_uid != current_fsuid())	2224	if (!uid_eq(inode->i_uid, current_fsuid()))
2225	goto close_fail;	2225	goto close_fail;
2226	if (!cprm.file->f_op \|\| !cprm.file->f_op->write)	2226	if (!cprm.file->f_op \|\| !cprm.file->f_op->write)
2227	goto close_fail;	2227	goto close_fail;


diff --git a/fs/fcntl.c b/fs/fcntl.c index 75e7c1f3a080..d078b75572a7 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c
@@ -532,9 +532,9 @@ static inline int sigio_perm(struct task_struct *p,
532		532
533	rcu_read_lock();	533	rcu_read_lock();
534	cred = __task_cred(p);	534	cred = __task_cred(p);
535	ret = ((fown->euid == 0 \|\|	535	ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) \|\|
536	fown->euid == cred->suid \|\| fown->euid == cred->uid \|\|	536	uid_eq(fown->euid, cred->suid) \|\| uid_eq(fown->euid, cred->uid) \|\|
537	fown->uid == cred->suid \|\| fown->uid == cred->uid) &&	537	uid_eq(fown->uid, cred->suid) \|\| uid_eq(fown->uid, cred->uid)) &&
538	!security_file_send_sigiotask(p, fown, sig));	538	!security_file_send_sigiotask(p, fown, sig));
539	rcu_read_unlock();	539	rcu_read_unlock();
540	return ret;	540	return ret;


diff --git a/fs/ioprio.c b/fs/ioprio.c index 2072e41785d2..5e6dbe8958fc 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c
@@ -37,8 +37,8 @@ int set_task_ioprio(struct task_struct *task, int ioprio)
37		37
38	rcu_read_lock();	38	rcu_read_lock();
39	tcred = __task_cred(task);	39	tcred = __task_cred(task);
40	if (tcred->uid != cred->euid &&	40	if (!uid_eq(tcred->uid, cred->euid) &&
41	tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) {	41	!uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) {
42	rcu_read_unlock();	42	rcu_read_unlock();
43	return -EPERM;	43	return -EPERM;
44	}	44	}


diff --git a/fs/locks.c b/fs/locks.c index 637694bf3a03..3e946cda98c6 100644 --- a/fs/locks.c +++ b/fs/locks.c
@@ -1445,7 +1445,7 @@ int generic_setlease(struct file filp, long arg, struct file_lock *flp)
1445	struct inode *inode = dentry->d_inode;	1445	struct inode *inode = dentry->d_inode;
1446	int error;	1446	int error;
1447		1447
1448	if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE))	1448	if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
1449	return -EACCES;	1449	return -EACCES;
1450	if (!S_ISREG(inode->i_mode))	1450	if (!S_ISREG(inode->i_mode))
1451	return -EINVAL;	1451	return -EINVAL;


diff --git a/fs/namei.c b/fs/namei.c index 941c4362e298..86512b4d38fd 100644 --- a/fs/namei.c +++ b/fs/namei.c
@@ -228,7 +228,7 @@ static int acl_permission_check(struct inode *inode, int mask)
228	{	228	{
229	unsigned int mode = inode->i_mode;	229	unsigned int mode = inode->i_mode;
230		230
231	if (likely(current_fsuid() == inode->i_uid))	231	if (likely(uid_eq(current_fsuid(), inode->i_uid)))
232	mode >>= 6;	232	mode >>= 6;
233	else {	233	else {
234	if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {	234	if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
@@ -1956,13 +1956,13 @@ static int user_path_parent(int dfd, const char __user *path,
1956	*/	1956	*/
1957	static inline int check_sticky(struct inode dir, struct inode inode)	1957	static inline int check_sticky(struct inode dir, struct inode inode)
1958	{	1958	{
1959	uid_t fsuid = current_fsuid();	1959	kuid_t fsuid = current_fsuid();
1960		1960
1961	if (!(dir->i_mode & S_ISVTX))	1961	if (!(dir->i_mode & S_ISVTX))
1962	return 0;	1962	return 0;
1963	if (inode->i_uid == fsuid)	1963	if (uid_eq(inode->i_uid, fsuid))
1964	return 0;	1964	return 0;
1965	if (dir->i_uid == fsuid)	1965	if (uid_eq(dir->i_uid, fsuid))
1966	return 0;	1966	return 0;
1967	return !inode_capable(inode, CAP_FOWNER);	1967	return !inode_capable(inode, CAP_FOWNER);
1968	}	1968	}


diff --git a/include/linux/quotaops.h b/include/linux/quotaops.h index d93f95e6177c..17b977304a09 100644 --- a/include/linux/quotaops.h +++ b/include/linux/quotaops.h
@@ -22,8 +22,8 @@ static inline struct quota_info sb_dqopt(struct super_block sb)
22	static inline bool is_quota_modification(struct inode inode, struct iattr ia)	22	static inline bool is_quota_modification(struct inode inode, struct iattr ia)
23	{	23	{
24	return (ia->ia_valid & ATTR_SIZE && ia->ia_size != inode->i_size) \|\|	24	return (ia->ia_valid & ATTR_SIZE && ia->ia_size != inode->i_size) \|\|
25	(ia->ia_valid & ATTR_UID && ia->ia_uid != inode->i_uid) \|\|	25	(ia->ia_valid & ATTR_UID && !uid_eq(ia->ia_uid, inode->i_uid)) \|\|
26	(ia->ia_valid & ATTR_GID && ia->ia_gid != inode->i_gid);	26	(ia->ia_valid & ATTR_GID && !gid_eq(ia->ia_gid, inode->i_gid));
27	}	27	}
28		28
29	#if defined(CONFIG_QUOTA)	29	#if defined(CONFIG_QUOTA)