aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ocfs2
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-02-25 19:00:49 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-02-25 19:00:49 -0500
commit94f2f14234178f118545a0be60a6371ddeb229b7 (patch)
tree313af6e9e255e9060fc24c836cd71ce712502b17 /fs/ocfs2
parent8d168f71551ec2a6528d01d0389b7a73c091e3e7 (diff)
parent139321c65c0584cd65c4c87a5eb3fdb4fdbd0e19 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace and namespace infrastructure changes from Eric W Biederman: "This set of changes starts with a few small enhnacements to the user namespace. reboot support, allowing more arbitrary mappings, and support for mounting devpts, ramfs, tmpfs, and mqueuefs as just the user namespace root. I do my best to document that if you care about limiting your unprivileged users that when you have the user namespace support enabled you will need to enable memory control groups. There is a minor bug fix to prevent overflowing the stack if someone creates way too many user namespaces. The bulk of the changes are a continuation of the kuid/kgid push down work through the filesystems. These changes make using uids and gids typesafe which ensures that these filesystems are safe to use when multiple user namespaces are in use. The filesystems converted for 3.9 are ceph, 9p, afs, ocfs2, gfs2, ncpfs, nfs, nfsd, and cifs. The changes for these filesystems were a little more involved so I split the changes into smaller hopefully obviously correct changes. XFS is the only filesystem that remains. I was hoping I could get that in this release so that user namespace support would be enabled with an allyesconfig or an allmodconfig but it looks like the xfs changes need another couple of days before it they are ready." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (93 commits) cifs: Enable building with user namespaces enabled. cifs: Convert struct cifs_ses to use a kuid_t and a kgid_t cifs: Convert struct cifs_sb_info to use kuids and kgids cifs: Modify struct smb_vol to use kuids and kgids cifs: Convert struct cifsFileInfo to use a kuid cifs: Convert struct cifs_fattr to use kuid and kgids cifs: Convert struct tcon_link to use a kuid. cifs: Modify struct cifs_unix_set_info_args to hold a kuid_t and a kgid_t cifs: Convert from a kuid before printing current_fsuid cifs: Use kuids and kgids SID to uid/gid mapping cifs: Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID to keyring_alloc cifs: Use BUILD_BUG_ON to validate uids and gids are the same size cifs: Override unmappable incoming uids and gids nfsd: Enable building with user namespaces enabled. nfsd: Properly compare and initialize kuids and kgids nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids nfsd: Modify nfsd4_cb_sec to use kuids and kgids nfsd: Handle kuids and kgids in the nfs4acl to posix_acl conversion nfsd: Convert nfsxdr to use kuids and kgids nfsd: Convert nfs3xdr to use kuids and kgids ...
Diffstat (limited to 'fs/ocfs2')
-rw-r--r--fs/ocfs2/acl.c31
-rw-r--r--fs/ocfs2/dlmglue.c8
-rw-r--r--fs/ocfs2/file.c11
-rw-r--r--fs/ocfs2/inode.c12
-rw-r--r--fs/ocfs2/namei.c4
-rw-r--r--fs/ocfs2/refcounttree.c2
6 files changed, 48 insertions, 20 deletions
diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c
index 260b16281fc3..8a404576fb26 100644
--- a/fs/ocfs2/acl.c
+++ b/fs/ocfs2/acl.c
@@ -65,7 +65,20 @@ static struct posix_acl *ocfs2_acl_from_xattr(const void *value, size_t size)
65 65
66 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag); 66 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag);
67 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm); 67 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm);
68 acl->a_entries[n].e_id = le32_to_cpu(entry->e_id); 68 switch(acl->a_entries[n].e_tag) {
69 case ACL_USER:
70 acl->a_entries[n].e_uid =
71 make_kuid(&init_user_ns,
72 le32_to_cpu(entry->e_id));
73 break;
74 case ACL_GROUP:
75 acl->a_entries[n].e_gid =
76 make_kgid(&init_user_ns,
77 le32_to_cpu(entry->e_id));
78 break;
79 default:
80 break;
81 }
69 value += sizeof(struct posix_acl_entry); 82 value += sizeof(struct posix_acl_entry);
70 83
71 } 84 }
@@ -91,7 +104,21 @@ static void *ocfs2_acl_to_xattr(const struct posix_acl *acl, size_t *size)
91 for (n = 0; n < acl->a_count; n++, entry++) { 104 for (n = 0; n < acl->a_count; n++, entry++) {
92 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 105 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag);
93 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 106 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm);
94 entry->e_id = cpu_to_le32(acl->a_entries[n].e_id); 107 switch(acl->a_entries[n].e_tag) {
108 case ACL_USER:
109 entry->e_id = cpu_to_le32(
110 from_kuid(&init_user_ns,
111 acl->a_entries[n].e_uid));
112 break;
113 case ACL_GROUP:
114 entry->e_id = cpu_to_le32(
115 from_kgid(&init_user_ns,
116 acl->a_entries[n].e_gid));
117 break;
118 default:
119 entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID);
120 break;
121 }
95 } 122 }
96 return ocfs2_acl; 123 return ocfs2_acl;
97} 124}
diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
index 88577eb5d712..12ae194ac943 100644
--- a/fs/ocfs2/dlmglue.c
+++ b/fs/ocfs2/dlmglue.c
@@ -2045,8 +2045,8 @@ static void __ocfs2_stuff_meta_lvb(struct inode *inode)
2045 lvb->lvb_version = OCFS2_LVB_VERSION; 2045 lvb->lvb_version = OCFS2_LVB_VERSION;
2046 lvb->lvb_isize = cpu_to_be64(i_size_read(inode)); 2046 lvb->lvb_isize = cpu_to_be64(i_size_read(inode));
2047 lvb->lvb_iclusters = cpu_to_be32(oi->ip_clusters); 2047 lvb->lvb_iclusters = cpu_to_be32(oi->ip_clusters);
2048 lvb->lvb_iuid = cpu_to_be32(inode->i_uid); 2048 lvb->lvb_iuid = cpu_to_be32(i_uid_read(inode));
2049 lvb->lvb_igid = cpu_to_be32(inode->i_gid); 2049 lvb->lvb_igid = cpu_to_be32(i_gid_read(inode));
2050 lvb->lvb_imode = cpu_to_be16(inode->i_mode); 2050 lvb->lvb_imode = cpu_to_be16(inode->i_mode);
2051 lvb->lvb_inlink = cpu_to_be16(inode->i_nlink); 2051 lvb->lvb_inlink = cpu_to_be16(inode->i_nlink);
2052 lvb->lvb_iatime_packed = 2052 lvb->lvb_iatime_packed =
@@ -2095,8 +2095,8 @@ static void ocfs2_refresh_inode_from_lvb(struct inode *inode)
2095 else 2095 else
2096 inode->i_blocks = ocfs2_inode_sector_count(inode); 2096 inode->i_blocks = ocfs2_inode_sector_count(inode);
2097 2097
2098 inode->i_uid = be32_to_cpu(lvb->lvb_iuid); 2098 i_uid_write(inode, be32_to_cpu(lvb->lvb_iuid));
2099 inode->i_gid = be32_to_cpu(lvb->lvb_igid); 2099 i_gid_write(inode, be32_to_cpu(lvb->lvb_igid));
2100 inode->i_mode = be16_to_cpu(lvb->lvb_imode); 2100 inode->i_mode = be16_to_cpu(lvb->lvb_imode);
2101 set_nlink(inode, be16_to_cpu(lvb->lvb_inlink)); 2101 set_nlink(inode, be16_to_cpu(lvb->lvb_inlink));
2102 ocfs2_unpack_timespec(&inode->i_atime, 2102 ocfs2_unpack_timespec(&inode->i_atime,
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 37d313ede159..0a2924a2d9e6 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -1116,7 +1116,8 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
1116 (unsigned long long)OCFS2_I(inode)->ip_blkno, 1116 (unsigned long long)OCFS2_I(inode)->ip_blkno,
1117 dentry->d_name.len, dentry->d_name.name, 1117 dentry->d_name.len, dentry->d_name.name,
1118 attr->ia_valid, attr->ia_mode, 1118 attr->ia_valid, attr->ia_mode,
1119 attr->ia_uid, attr->ia_gid); 1119 from_kuid(&init_user_ns, attr->ia_uid),
1120 from_kgid(&init_user_ns, attr->ia_gid));
1120 1121
1121 /* ensuring we don't even attempt to truncate a symlink */ 1122 /* ensuring we don't even attempt to truncate a symlink */
1122 if (S_ISLNK(inode->i_mode)) 1123 if (S_ISLNK(inode->i_mode))
@@ -1174,14 +1175,14 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
1174 } 1175 }
1175 } 1176 }
1176 1177
1177 if ((attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || 1178 if ((attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
1178 (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) { 1179 (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
1179 /* 1180 /*
1180 * Gather pointers to quota structures so that allocation / 1181 * Gather pointers to quota structures so that allocation /
1181 * freeing of quota structures happens here and not inside 1182 * freeing of quota structures happens here and not inside
1182 * dquot_transfer() where we have problems with lock ordering 1183 * dquot_transfer() where we have problems with lock ordering
1183 */ 1184 */
1184 if (attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid 1185 if (attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)
1185 && OCFS2_HAS_RO_COMPAT_FEATURE(sb, 1186 && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
1186 OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) { 1187 OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) {
1187 transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(attr->ia_uid)); 1188 transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(attr->ia_uid));
@@ -1190,7 +1191,7 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
1190 goto bail_unlock; 1191 goto bail_unlock;
1191 } 1192 }
1192 } 1193 }
1193 if (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid 1194 if (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)
1194 && OCFS2_HAS_RO_COMPAT_FEATURE(sb, 1195 && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
1195 OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) { 1196 OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) {
1196 transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(attr->ia_gid)); 1197 transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(attr->ia_gid));
diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c
index d89e08a81eda..f87f9bd1edff 100644
--- a/fs/ocfs2/inode.c
+++ b/fs/ocfs2/inode.c
@@ -269,8 +269,8 @@ void ocfs2_populate_inode(struct inode *inode, struct ocfs2_dinode *fe,
269 inode->i_generation = le32_to_cpu(fe->i_generation); 269 inode->i_generation = le32_to_cpu(fe->i_generation);
270 inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev)); 270 inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev));
271 inode->i_mode = le16_to_cpu(fe->i_mode); 271 inode->i_mode = le16_to_cpu(fe->i_mode);
272 inode->i_uid = le32_to_cpu(fe->i_uid); 272 i_uid_write(inode, le32_to_cpu(fe->i_uid));
273 inode->i_gid = le32_to_cpu(fe->i_gid); 273 i_gid_write(inode, le32_to_cpu(fe->i_gid));
274 274
275 /* Fast symlinks will have i_size but no allocated clusters. */ 275 /* Fast symlinks will have i_size but no allocated clusters. */
276 if (S_ISLNK(inode->i_mode) && !fe->i_clusters) { 276 if (S_ISLNK(inode->i_mode) && !fe->i_clusters) {
@@ -1259,8 +1259,8 @@ int ocfs2_mark_inode_dirty(handle_t *handle,
1259 1259
1260 fe->i_size = cpu_to_le64(i_size_read(inode)); 1260 fe->i_size = cpu_to_le64(i_size_read(inode));
1261 ocfs2_set_links_count(fe, inode->i_nlink); 1261 ocfs2_set_links_count(fe, inode->i_nlink);
1262 fe->i_uid = cpu_to_le32(inode->i_uid); 1262 fe->i_uid = cpu_to_le32(i_uid_read(inode));
1263 fe->i_gid = cpu_to_le32(inode->i_gid); 1263 fe->i_gid = cpu_to_le32(i_gid_read(inode));
1264 fe->i_mode = cpu_to_le16(inode->i_mode); 1264 fe->i_mode = cpu_to_le16(inode->i_mode);
1265 fe->i_atime = cpu_to_le64(inode->i_atime.tv_sec); 1265 fe->i_atime = cpu_to_le64(inode->i_atime.tv_sec);
1266 fe->i_atime_nsec = cpu_to_le32(inode->i_atime.tv_nsec); 1266 fe->i_atime_nsec = cpu_to_le32(inode->i_atime.tv_nsec);
@@ -1290,8 +1290,8 @@ void ocfs2_refresh_inode(struct inode *inode,
1290 ocfs2_set_inode_flags(inode); 1290 ocfs2_set_inode_flags(inode);
1291 i_size_write(inode, le64_to_cpu(fe->i_size)); 1291 i_size_write(inode, le64_to_cpu(fe->i_size));
1292 set_nlink(inode, ocfs2_read_links_count(fe)); 1292 set_nlink(inode, ocfs2_read_links_count(fe));
1293 inode->i_uid = le32_to_cpu(fe->i_uid); 1293 i_uid_write(inode, le32_to_cpu(fe->i_uid));
1294 inode->i_gid = le32_to_cpu(fe->i_gid); 1294 i_gid_write(inode, le32_to_cpu(fe->i_gid));
1295 inode->i_mode = le16_to_cpu(fe->i_mode); 1295 inode->i_mode = le16_to_cpu(fe->i_mode);
1296 if (S_ISLNK(inode->i_mode) && le32_to_cpu(fe->i_clusters) == 0) 1296 if (S_ISLNK(inode->i_mode) && le32_to_cpu(fe->i_clusters) == 0)
1297 inode->i_blocks = 0; 1297 inode->i_blocks = 0;
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index f1fd0741162b..04ee1b57c243 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -512,8 +512,8 @@ static int __ocfs2_mknod_locked(struct inode *dir,
512 fe->i_suballoc_loc = cpu_to_le64(suballoc_loc); 512 fe->i_suballoc_loc = cpu_to_le64(suballoc_loc);
513 fe->i_suballoc_bit = cpu_to_le16(suballoc_bit); 513 fe->i_suballoc_bit = cpu_to_le16(suballoc_bit);
514 fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot); 514 fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot);
515 fe->i_uid = cpu_to_le32(inode->i_uid); 515 fe->i_uid = cpu_to_le32(i_uid_read(inode));
516 fe->i_gid = cpu_to_le32(inode->i_gid); 516 fe->i_gid = cpu_to_le32(i_gid_read(inode));
517 fe->i_mode = cpu_to_le16(inode->i_mode); 517 fe->i_mode = cpu_to_le16(inode->i_mode);
518 if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode)) 518 if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode))
519 fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev)); 519 fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev));
diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
index 30a055049e16..934a4ac3e7fc 100644
--- a/fs/ocfs2/refcounttree.c
+++ b/fs/ocfs2/refcounttree.c
@@ -4407,7 +4407,7 @@ static int ocfs2_vfs_reflink(struct dentry *old_dentry, struct inode *dir,
4407 * rights to do so. 4407 * rights to do so.
4408 */ 4408 */
4409 if (preserve) { 4409 if (preserve) {
4410 if ((current_fsuid() != inode->i_uid) && !capable(CAP_CHOWN)) 4410 if (!uid_eq(current_fsuid(), inode->i_uid) && !capable(CAP_CHOWN))
4411 return -EPERM; 4411 return -EPERM;
4412 if (!in_group_p(inode->i_gid) && !capable(CAP_CHOWN)) 4412 if (!in_group_p(inode->i_gid) && !capable(CAP_CHOWN))
4413 return -EPERM; 4413 return -EPERM;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-05 01:49:42 -0500