diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-25 19:00:49 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-25 19:00:49 -0500 |
| commit | 94f2f14234178f118545a0be60a6371ddeb229b7 (patch) | |
| tree | 313af6e9e255e9060fc24c836cd71ce712502b17 /fs/nfs | |
| parent | 8d168f71551ec2a6528d01d0389b7a73c091e3e7 (diff) | |
| parent | 139321c65c0584cd65c4c87a5eb3fdb4fdbd0e19 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace and namespace infrastructure changes from Eric W Biederman:
"This set of changes starts with a few small enhnacements to the user
namespace. reboot support, allowing more arbitrary mappings, and
support for mounting devpts, ramfs, tmpfs, and mqueuefs as just the
user namespace root.
I do my best to document that if you care about limiting your
unprivileged users that when you have the user namespace support
enabled you will need to enable memory control groups.
There is a minor bug fix to prevent overflowing the stack if someone
creates way too many user namespaces.
The bulk of the changes are a continuation of the kuid/kgid push down
work through the filesystems. These changes make using uids and gids
typesafe which ensures that these filesystems are safe to use when
multiple user namespaces are in use. The filesystems converted for
3.9 are ceph, 9p, afs, ocfs2, gfs2, ncpfs, nfs, nfsd, and cifs. The
changes for these filesystems were a little more involved so I split
the changes into smaller hopefully obviously correct changes.
XFS is the only filesystem that remains. I was hoping I could get
that in this release so that user namespace support would be enabled
with an allyesconfig or an allmodconfig but it looks like the xfs
changes need another couple of days before it they are ready."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (93 commits)
cifs: Enable building with user namespaces enabled.
cifs: Convert struct cifs_ses to use a kuid_t and a kgid_t
cifs: Convert struct cifs_sb_info to use kuids and kgids
cifs: Modify struct smb_vol to use kuids and kgids
cifs: Convert struct cifsFileInfo to use a kuid
cifs: Convert struct cifs_fattr to use kuid and kgids
cifs: Convert struct tcon_link to use a kuid.
cifs: Modify struct cifs_unix_set_info_args to hold a kuid_t and a kgid_t
cifs: Convert from a kuid before printing current_fsuid
cifs: Use kuids and kgids SID to uid/gid mapping
cifs: Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID to keyring_alloc
cifs: Use BUILD_BUG_ON to validate uids and gids are the same size
cifs: Override unmappable incoming uids and gids
nfsd: Enable building with user namespaces enabled.
nfsd: Properly compare and initialize kuids and kgids
nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids
nfsd: Modify nfsd4_cb_sec to use kuids and kgids
nfsd: Handle kuids and kgids in the nfs4acl to posix_acl conversion
nfsd: Convert nfsxdr to use kuids and kgids
nfsd: Convert nfs3xdr to use kuids and kgids
...
Diffstat (limited to 'fs/nfs')
| -rw-r--r-- | fs/nfs/idmap.c | 53 | ||||
| -rw-r--r-- | fs/nfs/inode.c | 12 | ||||
| -rw-r--r-- | fs/nfs/nfs2xdr.c | 19 | ||||
| -rw-r--r-- | fs/nfs/nfs3xdr.c | 18 | ||||
| -rw-r--r-- | fs/nfs/nfs4xdr.c | 16 |
5 files changed, 79 insertions, 39 deletions
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c index bc3968fa81e5..b9623d19d599 100644 --- a/fs/nfs/idmap.c +++ b/fs/nfs/idmap.c | |||
| @@ -97,7 +97,7 @@ static void nfs_fattr_free_group_name(struct nfs_fattr *fattr) | |||
| 97 | static bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr *fattr) | 97 | static bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr *fattr) |
| 98 | { | 98 | { |
| 99 | struct nfs4_string *owner = fattr->owner_name; | 99 | struct nfs4_string *owner = fattr->owner_name; |
| 100 | __u32 uid; | 100 | kuid_t uid; |
| 101 | 101 | ||
| 102 | if (!(fattr->valid & NFS_ATTR_FATTR_OWNER_NAME)) | 102 | if (!(fattr->valid & NFS_ATTR_FATTR_OWNER_NAME)) |
| 103 | return false; | 103 | return false; |
| @@ -111,7 +111,7 @@ static bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr | |||
| 111 | static bool nfs_fattr_map_group_name(struct nfs_server *server, struct nfs_fattr *fattr) | 111 | static bool nfs_fattr_map_group_name(struct nfs_server *server, struct nfs_fattr *fattr) |
| 112 | { | 112 | { |
| 113 | struct nfs4_string *group = fattr->group_name; | 113 | struct nfs4_string *group = fattr->group_name; |
| 114 | __u32 gid; | 114 | kgid_t gid; |
| 115 | 115 | ||
| 116 | if (!(fattr->valid & NFS_ATTR_FATTR_GROUP_NAME)) | 116 | if (!(fattr->valid & NFS_ATTR_FATTR_GROUP_NAME)) |
| 117 | return false; | 117 | return false; |
| @@ -193,7 +193,8 @@ static int nfs_idmap_init_keyring(void) | |||
| 193 | if (!cred) | 193 | if (!cred) |
| 194 | return -ENOMEM; | 194 | return -ENOMEM; |
| 195 | 195 | ||
| 196 | keyring = keyring_alloc(".id_resolver", 0, 0, cred, | 196 | keyring = keyring_alloc(".id_resolver", |
| 197 | GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, | ||
| 197 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | | 198 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | |
| 198 | KEY_USR_VIEW | KEY_USR_READ, | 199 | KEY_USR_VIEW | KEY_USR_READ, |
| 199 | KEY_ALLOC_NOT_IN_QUOTA, NULL); | 200 | KEY_ALLOC_NOT_IN_QUOTA, NULL); |
| @@ -836,43 +837,61 @@ idmap_release_pipe(struct inode *inode) | |||
| 836 | nfs_idmap_abort_pipe_upcall(idmap, -EPIPE); | 837 | nfs_idmap_abort_pipe_upcall(idmap, -EPIPE); |
| 837 | } | 838 | } |
| 838 | 839 | ||
| 839 | int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) | 840 | int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid) |
| 840 | { | 841 | { |
| 841 | struct idmap *idmap = server->nfs_client->cl_idmap; | 842 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 843 | __u32 id = -1; | ||
| 844 | int ret = 0; | ||
| 842 | 845 | ||
| 843 | if (nfs_map_string_to_numeric(name, namelen, uid)) | 846 | if (!nfs_map_string_to_numeric(name, namelen, &id)) |
| 844 | return 0; | 847 | ret = nfs_idmap_lookup_id(name, namelen, "uid", &id, idmap); |
| 845 | return nfs_idmap_lookup_id(name, namelen, "uid", uid, idmap); | 848 | if (ret == 0) { |
| 849 | *uid = make_kuid(&init_user_ns, id); | ||
| 850 | if (!uid_valid(*uid)) | ||
| 851 | ret = -ERANGE; | ||
| 852 | } | ||
| 853 | return ret; | ||
| 846 | } | 854 | } |
| 847 | 855 | ||
| 848 | int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid) | 856 | int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, kgid_t *gid) |
| 849 | { | 857 | { |
| 850 | struct idmap *idmap = server->nfs_client->cl_idmap; | 858 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 859 | __u32 id = -1; | ||
| 860 | int ret = 0; | ||
| 851 | 861 | ||
| 852 | if (nfs_map_string_to_numeric(name, namelen, gid)) | 862 | if (!nfs_map_string_to_numeric(name, namelen, &id)) |
| 853 | return 0; | 863 | ret = nfs_idmap_lookup_id(name, namelen, "gid", &id, idmap); |
| 854 | return nfs_idmap_lookup_id(name, namelen, "gid", gid, idmap); | 864 | if (ret == 0) { |
| 865 | *gid = make_kgid(&init_user_ns, id); | ||
| 866 | if (!gid_valid(*gid)) | ||
| 867 | ret = -ERANGE; | ||
| 868 | } | ||
| 869 | return ret; | ||
| 855 | } | 870 | } |
| 856 | 871 | ||
| 857 | int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) | 872 | int nfs_map_uid_to_name(const struct nfs_server *server, kuid_t uid, char *buf, size_t buflen) |
| 858 | { | 873 | { |
| 859 | struct idmap *idmap = server->nfs_client->cl_idmap; | 874 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 860 | int ret = -EINVAL; | 875 | int ret = -EINVAL; |
| 876 | __u32 id; | ||
| 861 | 877 | ||
| 878 | id = from_kuid(&init_user_ns, uid); | ||
| 862 | if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) | 879 | if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) |
| 863 | ret = nfs_idmap_lookup_name(uid, "user", buf, buflen, idmap); | 880 | ret = nfs_idmap_lookup_name(id, "user", buf, buflen, idmap); |
| 864 | if (ret < 0) | 881 | if (ret < 0) |
| 865 | ret = nfs_map_numeric_to_string(uid, buf, buflen); | 882 | ret = nfs_map_numeric_to_string(id, buf, buflen); |
| 866 | return ret; | 883 | return ret; |
| 867 | } | 884 | } |
| 868 | int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen) | 885 | int nfs_map_gid_to_group(const struct nfs_server *server, kgid_t gid, char *buf, size_t buflen) |
| 869 | { | 886 | { |
| 870 | struct idmap *idmap = server->nfs_client->cl_idmap; | 887 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 871 | int ret = -EINVAL; | 888 | int ret = -EINVAL; |
| 889 | __u32 id; | ||
| 872 | 890 | ||
| 891 | id = from_kgid(&init_user_ns, gid); | ||
| 873 | if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) | 892 | if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) |
| 874 | ret = nfs_idmap_lookup_name(gid, "group", buf, buflen, idmap); | 893 | ret = nfs_idmap_lookup_name(id, "group", buf, buflen, idmap); |
| 875 | if (ret < 0) | 894 | if (ret < 0) |
| 876 | ret = nfs_map_numeric_to_string(gid, buf, buflen); | 895 | ret = nfs_map_numeric_to_string(id, buf, buflen); |
| 877 | return ret; | 896 | return ret; |
| 878 | } | 897 | } |
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 6acc73c80d7f..468ba8bf0f56 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c | |||
| @@ -332,8 +332,8 @@ nfs_fhget(struct super_block *sb, struct nfs_fh *fh, struct nfs_fattr *fattr) | |||
| 332 | inode->i_version = 0; | 332 | inode->i_version = 0; |
| 333 | inode->i_size = 0; | 333 | inode->i_size = 0; |
| 334 | clear_nlink(inode); | 334 | clear_nlink(inode); |
| 335 | inode->i_uid = -2; | 335 | inode->i_uid = make_kuid(&init_user_ns, -2); |
| 336 | inode->i_gid = -2; | 336 | inode->i_gid = make_kgid(&init_user_ns, -2); |
| 337 | inode->i_blocks = 0; | 337 | inode->i_blocks = 0; |
| 338 | memset(nfsi->cookieverf, 0, sizeof(nfsi->cookieverf)); | 338 | memset(nfsi->cookieverf, 0, sizeof(nfsi->cookieverf)); |
| 339 | nfsi->write_io = 0; | 339 | nfsi->write_io = 0; |
| @@ -1006,9 +1006,9 @@ static int nfs_check_inode_attributes(struct inode *inode, struct nfs_fattr *fat | |||
| 1006 | /* Have any file permissions changed? */ | 1006 | /* Have any file permissions changed? */ |
| 1007 | if ((fattr->valid & NFS_ATTR_FATTR_MODE) && (inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO)) | 1007 | if ((fattr->valid & NFS_ATTR_FATTR_MODE) && (inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO)) |
| 1008 | invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL; | 1008 | invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL; |
| 1009 | if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && inode->i_uid != fattr->uid) | 1009 | if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && !uid_eq(inode->i_uid, fattr->uid)) |
| 1010 | invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL; | 1010 | invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL; |
| 1011 | if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && inode->i_gid != fattr->gid) | 1011 | if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && !gid_eq(inode->i_gid, fattr->gid)) |
| 1012 | invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL; | 1012 | invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL; |
| 1013 | 1013 | ||
| 1014 | /* Has the link count changed? */ | 1014 | /* Has the link count changed? */ |
| @@ -1437,7 +1437,7 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr) | |||
| 1437 | | NFS_INO_REVAL_FORCED); | 1437 | | NFS_INO_REVAL_FORCED); |
| 1438 | 1438 | ||
| 1439 | if (fattr->valid & NFS_ATTR_FATTR_OWNER) { | 1439 | if (fattr->valid & NFS_ATTR_FATTR_OWNER) { |
| 1440 | if (inode->i_uid != fattr->uid) { | 1440 | if (!uid_eq(inode->i_uid, fattr->uid)) { |
| 1441 | invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL; | 1441 | invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL; |
| 1442 | inode->i_uid = fattr->uid; | 1442 | inode->i_uid = fattr->uid; |
| 1443 | } | 1443 | } |
| @@ -1448,7 +1448,7 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr) | |||
| 1448 | | NFS_INO_REVAL_FORCED); | 1448 | | NFS_INO_REVAL_FORCED); |
| 1449 | 1449 | ||
| 1450 | if (fattr->valid & NFS_ATTR_FATTR_GROUP) { | 1450 | if (fattr->valid & NFS_ATTR_FATTR_GROUP) { |
| 1451 | if (inode->i_gid != fattr->gid) { | 1451 | if (!gid_eq(inode->i_gid, fattr->gid)) { |
| 1452 | invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL; | 1452 | invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL; |
| 1453 | inode->i_gid = fattr->gid; | 1453 | inode->i_gid = fattr->gid; |
| 1454 | } | 1454 | } |
diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c index 06b9df49f7f7..62db136339ea 100644 --- a/fs/nfs/nfs2xdr.c +++ b/fs/nfs/nfs2xdr.c | |||
| @@ -290,8 +290,13 @@ static int decode_fattr(struct xdr_stream *xdr, struct nfs_fattr *fattr) | |||
| 290 | 290 | ||
| 291 | fattr->mode = be32_to_cpup(p++); | 291 | fattr->mode = be32_to_cpup(p++); |
| 292 | fattr->nlink = be32_to_cpup(p++); | 292 | fattr->nlink = be32_to_cpup(p++); |
| 293 | fattr->uid = be32_to_cpup(p++); | 293 | fattr->uid = make_kuid(&init_user_ns, be32_to_cpup(p++)); |
| 294 | fattr->gid = be32_to_cpup(p++); | 294 | if (!uid_valid(fattr->uid)) |
| 295 | goto out_uid; | ||
| 296 | fattr->gid = make_kgid(&init_user_ns, be32_to_cpup(p++)); | ||
| 297 | if (!gid_valid(fattr->gid)) | ||
| 298 | goto out_gid; | ||
| 299 | |||
| 295 | fattr->size = be32_to_cpup(p++); | 300 | fattr->size = be32_to_cpup(p++); |
| 296 | fattr->du.nfs2.blocksize = be32_to_cpup(p++); | 301 | fattr->du.nfs2.blocksize = be32_to_cpup(p++); |
| 297 | 302 | ||
| @@ -313,6 +318,12 @@ static int decode_fattr(struct xdr_stream *xdr, struct nfs_fattr *fattr) | |||
| 313 | fattr->change_attr = nfs_timespec_to_change_attr(&fattr->ctime); | 318 | fattr->change_attr = nfs_timespec_to_change_attr(&fattr->ctime); |
| 314 | 319 | ||
| 315 | return 0; | 320 | return 0; |
| 321 | out_uid: | ||
| 322 | dprintk("NFS: returned invalid uid\n"); | ||
| 323 | return -EINVAL; | ||
| 324 | out_gid: | ||
| 325 | dprintk("NFS: returned invalid gid\n"); | ||
| 326 | return -EINVAL; | ||
| 316 | out_overflow: | 327 | out_overflow: |
| 317 | print_overflow_msg(__func__, xdr); | 328 | print_overflow_msg(__func__, xdr); |
| 318 | return -EIO; | 329 | return -EIO; |
| @@ -351,11 +362,11 @@ static void encode_sattr(struct xdr_stream *xdr, const struct iattr *attr) | |||
| 351 | else | 362 | else |
| 352 | *p++ = cpu_to_be32(NFS2_SATTR_NOT_SET); | 363 | *p++ = cpu_to_be32(NFS2_SATTR_NOT_SET); |
| 353 | if (attr->ia_valid & ATTR_UID) | 364 | if (attr->ia_valid & ATTR_UID) |
| 354 | *p++ = cpu_to_be32(attr->ia_uid); | 365 | *p++ = cpu_to_be32(from_kuid(&init_user_ns, attr->ia_uid)); |
| 355 | else | 366 | else |
| 356 | *p++ = cpu_to_be32(NFS2_SATTR_NOT_SET); | 367 | *p++ = cpu_to_be32(NFS2_SATTR_NOT_SET); |
| 357 | if (attr->ia_valid & ATTR_GID) | 368 | if (attr->ia_valid & ATTR_GID) |
| 358 | *p++ = cpu_to_be32(attr->ia_gid); | 369 | *p++ = cpu_to_be32(from_kgid(&init_user_ns, attr->ia_gid)); |
| 359 | else | 370 | else |
| 360 | *p++ = cpu_to_be32(NFS2_SATTR_NOT_SET); | 371 | *p++ = cpu_to_be32(NFS2_SATTR_NOT_SET); |
| 361 | if (attr->ia_valid & ATTR_SIZE) | 372 | if (attr->ia_valid & ATTR_SIZE) |
diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c index bffc32406fbf..fa6d72131c19 100644 --- a/fs/nfs/nfs3xdr.c +++ b/fs/nfs/nfs3xdr.c | |||
| @@ -592,13 +592,13 @@ static void encode_sattr3(struct xdr_stream *xdr, const struct iattr *attr) | |||
| 592 | 592 | ||
| 593 | if (attr->ia_valid & ATTR_UID) { | 593 | if (attr->ia_valid & ATTR_UID) { |
| 594 | *p++ = xdr_one; | 594 | *p++ = xdr_one; |
| 595 | *p++ = cpu_to_be32(attr->ia_uid); | 595 | *p++ = cpu_to_be32(from_kuid(&init_user_ns, attr->ia_uid)); |
| 596 | } else | 596 | } else |
| 597 | *p++ = xdr_zero; | 597 | *p++ = xdr_zero; |
| 598 | 598 | ||
| 599 | if (attr->ia_valid & ATTR_GID) { | 599 | if (attr->ia_valid & ATTR_GID) { |
| 600 | *p++ = xdr_one; | 600 | *p++ = xdr_one; |
| 601 | *p++ = cpu_to_be32(attr->ia_gid); | 601 | *p++ = cpu_to_be32(from_kgid(&init_user_ns, attr->ia_gid)); |
| 602 | } else | 602 | } else |
| 603 | *p++ = xdr_zero; | 603 | *p++ = xdr_zero; |
| 604 | 604 | ||
| @@ -657,8 +657,12 @@ static int decode_fattr3(struct xdr_stream *xdr, struct nfs_fattr *fattr) | |||
| 657 | 657 | ||
| 658 | fattr->mode = (be32_to_cpup(p++) & ~S_IFMT) | fmode; | 658 | fattr->mode = (be32_to_cpup(p++) & ~S_IFMT) | fmode; |
| 659 | fattr->nlink = be32_to_cpup(p++); | 659 | fattr->nlink = be32_to_cpup(p++); |
| 660 | fattr->uid = be32_to_cpup(p++); | 660 | fattr->uid = make_kuid(&init_user_ns, be32_to_cpup(p++)); |
| 661 | fattr->gid = be32_to_cpup(p++); | 661 | if (!uid_valid(fattr->uid)) |
| 662 | goto out_uid; | ||
| 663 | fattr->gid = make_kgid(&init_user_ns, be32_to_cpup(p++)); | ||
| 664 | if (!gid_valid(fattr->gid)) | ||
| 665 | goto out_gid; | ||
| 662 | 666 | ||
| 663 | p = xdr_decode_size3(p, &fattr->size); | 667 | p = xdr_decode_size3(p, &fattr->size); |
| 664 | p = xdr_decode_size3(p, &fattr->du.nfs3.used); | 668 | p = xdr_decode_size3(p, &fattr->du.nfs3.used); |
| @@ -675,6 +679,12 @@ static int decode_fattr3(struct xdr_stream *xdr, struct nfs_fattr *fattr) | |||
| 675 | 679 | ||
| 676 | fattr->valid |= NFS_ATTR_FATTR_V3; | 680 | fattr->valid |= NFS_ATTR_FATTR_V3; |
| 677 | return 0; | 681 | return 0; |
| 682 | out_uid: | ||
| 683 | dprintk("NFS: returned invalid uid\n"); | ||
| 684 | return -EINVAL; | ||
| 685 | out_gid: | ||
| 686 | dprintk("NFS: returned invalid gid\n"); | ||
| 687 | return -EINVAL; | ||
| 678 | out_overflow: | 688 | out_overflow: |
| 679 | print_overflow_msg(__func__, xdr); | 689 | print_overflow_msg(__func__, xdr); |
| 680 | return -EIO; | 690 | return -EIO; |
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 26b143920433..e3edda554ac7 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c | |||
| @@ -1002,7 +1002,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, const | |||
| 1002 | owner_namelen = nfs_map_uid_to_name(server, iap->ia_uid, owner_name, IDMAP_NAMESZ); | 1002 | owner_namelen = nfs_map_uid_to_name(server, iap->ia_uid, owner_name, IDMAP_NAMESZ); |
| 1003 | if (owner_namelen < 0) { | 1003 | if (owner_namelen < 0) { |
| 1004 | dprintk("nfs: couldn't resolve uid %d to string\n", | 1004 | dprintk("nfs: couldn't resolve uid %d to string\n", |
| 1005 | iap->ia_uid); | 1005 | from_kuid(&init_user_ns, iap->ia_uid)); |
| 1006 | /* XXX */ | 1006 | /* XXX */ |
| 1007 | strcpy(owner_name, "nobody"); | 1007 | strcpy(owner_name, "nobody"); |
| 1008 | owner_namelen = sizeof("nobody") - 1; | 1008 | owner_namelen = sizeof("nobody") - 1; |
| @@ -1014,7 +1014,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, const | |||
| 1014 | owner_grouplen = nfs_map_gid_to_group(server, iap->ia_gid, owner_group, IDMAP_NAMESZ); | 1014 | owner_grouplen = nfs_map_gid_to_group(server, iap->ia_gid, owner_group, IDMAP_NAMESZ); |
| 1015 | if (owner_grouplen < 0) { | 1015 | if (owner_grouplen < 0) { |
| 1016 | dprintk("nfs: couldn't resolve gid %d to string\n", | 1016 | dprintk("nfs: couldn't resolve gid %d to string\n", |
| 1017 | iap->ia_gid); | 1017 | from_kgid(&init_user_ns, iap->ia_gid)); |
| 1018 | strcpy(owner_group, "nobody"); | 1018 | strcpy(owner_group, "nobody"); |
| 1019 | owner_grouplen = sizeof("nobody") - 1; | 1019 | owner_grouplen = sizeof("nobody") - 1; |
| 1020 | /* goto out; */ | 1020 | /* goto out; */ |
| @@ -3778,14 +3778,14 @@ out_overflow: | |||
| 3778 | } | 3778 | } |
| 3779 | 3779 | ||
| 3780 | static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap, | 3780 | static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap, |
| 3781 | const struct nfs_server *server, uint32_t *uid, | 3781 | const struct nfs_server *server, kuid_t *uid, |
| 3782 | struct nfs4_string *owner_name) | 3782 | struct nfs4_string *owner_name) |
| 3783 | { | 3783 | { |
| 3784 | uint32_t len; | 3784 | uint32_t len; |
| 3785 | __be32 *p; | 3785 | __be32 *p; |
| 3786 | int ret = 0; | 3786 | int ret = 0; |
| 3787 | 3787 | ||
| 3788 | *uid = -2; | 3788 | *uid = make_kuid(&init_user_ns, -2); |
| 3789 | if (unlikely(bitmap[1] & (FATTR4_WORD1_OWNER - 1U))) | 3789 | if (unlikely(bitmap[1] & (FATTR4_WORD1_OWNER - 1U))) |
| 3790 | return -EIO; | 3790 | return -EIO; |
| 3791 | if (likely(bitmap[1] & FATTR4_WORD1_OWNER)) { | 3791 | if (likely(bitmap[1] & FATTR4_WORD1_OWNER)) { |
| @@ -3813,7 +3813,7 @@ static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap, | |||
| 3813 | __func__, len); | 3813 | __func__, len); |
| 3814 | bitmap[1] &= ~FATTR4_WORD1_OWNER; | 3814 | bitmap[1] &= ~FATTR4_WORD1_OWNER; |
| 3815 | } | 3815 | } |
| 3816 | dprintk("%s: uid=%d\n", __func__, (int)*uid); | 3816 | dprintk("%s: uid=%d\n", __func__, (int)from_kuid(&init_user_ns, *uid)); |
| 3817 | return ret; | 3817 | return ret; |
| 3818 | out_overflow: | 3818 | out_overflow: |
| 3819 | print_overflow_msg(__func__, xdr); | 3819 | print_overflow_msg(__func__, xdr); |
| @@ -3821,14 +3821,14 @@ out_overflow: | |||
| 3821 | } | 3821 | } |
| 3822 | 3822 | ||
| 3823 | static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap, | 3823 | static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap, |
| 3824 | const struct nfs_server *server, uint32_t *gid, | 3824 | const struct nfs_server *server, kgid_t *gid, |
| 3825 | struct nfs4_string *group_name) | 3825 | struct nfs4_string *group_name) |
| 3826 | { | 3826 | { |
| 3827 | uint32_t len; | 3827 | uint32_t len; |
| 3828 | __be32 *p; | 3828 | __be32 *p; |
| 3829 | int ret = 0; | 3829 | int ret = 0; |
| 3830 | 3830 | ||
| 3831 | *gid = -2; | 3831 | *gid = make_kgid(&init_user_ns, -2); |
| 3832 | if (unlikely(bitmap[1] & (FATTR4_WORD1_OWNER_GROUP - 1U))) | 3832 | if (unlikely(bitmap[1] & (FATTR4_WORD1_OWNER_GROUP - 1U))) |
| 3833 | return -EIO; | 3833 | return -EIO; |
| 3834 | if (likely(bitmap[1] & FATTR4_WORD1_OWNER_GROUP)) { | 3834 | if (likely(bitmap[1] & FATTR4_WORD1_OWNER_GROUP)) { |
| @@ -3856,7 +3856,7 @@ static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap, | |||
| 3856 | __func__, len); | 3856 | __func__, len); |
| 3857 | bitmap[1] &= ~FATTR4_WORD1_OWNER_GROUP; | 3857 | bitmap[1] &= ~FATTR4_WORD1_OWNER_GROUP; |
| 3858 | } | 3858 | } |
| 3859 | dprintk("%s: gid=%d\n", __func__, (int)*gid); | 3859 | dprintk("%s: gid=%d\n", __func__, (int)from_kgid(&init_user_ns, *gid)); |
| 3860 | return ret; | 3860 | return ret; |
| 3861 | out_overflow: | 3861 | out_overflow: |
| 3862 | print_overflow_msg(__func__, xdr); | 3862 | print_overflow_msg(__func__, xdr); |