aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-02 14:11:09 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-02 14:11:09 -0400
commit437589a74b6a590d175f86cf9f7b2efcee7765e7 (patch)
tree37bf8635b1356d80ef002b00e84f3faf3d555a63 /fs
parent68d47a137c3bef754923bccf73fb639c9b0bbd5e (diff)
parent72235465864d84cedb2d9f26f8e1de824ee20339 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace changes from Eric Biederman: "This is a mostly modest set of changes to enable basic user namespace support. This allows the code to code to compile with user namespaces enabled and removes the assumption there is only the initial user namespace. Everything is converted except for the most complex of the filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs, nfs, ocfs2 and xfs as those patches need a bit more review. The strategy is to push kuid_t and kgid_t values are far down into subsystems and filesystems as reasonable. Leaving the make_kuid and from_kuid operations to happen at the edge of userspace, as the values come off the disk, and as the values come in from the network. Letting compile type incompatible compile errors (present when user namespaces are enabled) guide me to find the issues. The most tricky areas have been the places where we had an implicit union of uid and gid values and were storing them in an unsigned int. Those places were converted into explicit unions. I made certain to handle those places with simple trivial patches. Out of that work I discovered we have generic interfaces for storing quota by projid. I had never heard of the project identifiers before. Adding full user namespace support for project identifiers accounts for most of the code size growth in my git tree. Ultimately there will be work to relax privlige checks from "capable(FOO)" to "ns_capable(user_ns, FOO)" where it is safe allowing root in a user names to do those things that today we only forbid to non-root users because it will confuse suid root applications. While I was pushing kuid_t and kgid_t changes deep into the audit code I made a few other cleanups. I capitalized on the fact we process netlink messages in the context of the message sender. I removed usage of NETLINK_CRED, and started directly using current->tty. Some of these patches have also made it into maintainer trees, with no problems from identical code from different trees showing up in linux-next. After reading through all of this code I feel like I might be able to win a game of kernel trivial pursuit." Fix up some fairly trivial conflicts in netfilter uid/git logging code. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits) userns: Convert the ufs filesystem to use kuid/kgid where appropriate userns: Convert the udf filesystem to use kuid/kgid where appropriate userns: Convert ubifs to use kuid/kgid userns: Convert squashfs to use kuid/kgid where appropriate userns: Convert reiserfs to use kuid and kgid where appropriate userns: Convert jfs to use kuid/kgid where appropriate userns: Convert jffs2 to use kuid and kgid where appropriate userns: Convert hpfs to use kuid and kgid where appropriate userns: Convert btrfs to use kuid/kgid where appropriate userns: Convert bfs to use kuid/kgid where appropriate userns: Convert affs to use kuid/kgid wherwe appropriate userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids userns: On ia64 deal with current_uid and current_gid being kuid and kgid userns: On ppc convert current_uid from a kuid before printing. userns: Convert s390 getting uid and gid system calls to use kuid and kgid userns: Convert s390 hypfs to use kuid and kgid where appropriate userns: Convert binder ipc to use kuids userns: Teach security_path_chown to take kuids and kgids userns: Add user namespace support to IMA userns: Convert EVM to deal with kuids and kgids in it's hmac computation ...
Diffstat (limited to 'fs')
-rw-r--r--fs/9p/acl.c8
-rw-r--r--fs/adfs/adfs.h4
-rw-r--r--fs/adfs/inode.c4
-rw-r--r--fs/adfs/super.c21
-rw-r--r--fs/affs/affs.h4
-rw-r--r--fs/affs/inode.c20
-rw-r--r--fs/affs/super.c18
-rw-r--r--fs/befs/befs.h4
-rw-r--r--fs/befs/linuxvfs.c27
-rw-r--r--fs/bfs/inode.c8
-rw-r--r--fs/btrfs/acl.c8
-rw-r--r--fs/btrfs/delayed-inode.c8
-rw-r--r--fs/btrfs/inode.c8
-rw-r--r--fs/btrfs/ioctl.c6
-rw-r--r--fs/configfs/inode.c4
-rw-r--r--fs/cramfs/inode.c4
-rw-r--r--fs/debugfs/inode.c26
-rw-r--r--fs/ecryptfs/main.c5
-rw-r--r--fs/ecryptfs/messaging.c5
-rw-r--r--fs/efs/inode.c4
-rw-r--r--fs/exofs/inode.c8
-rw-r--r--fs/ext2/acl.c32
-rw-r--r--fs/ext3/acl.c32
-rw-r--r--fs/ext3/super.c2
-rw-r--r--fs/ext4/acl.c31
-rw-r--r--fs/ext4/super.c2
-rw-r--r--fs/fat/fat.h4
-rw-r--r--fs/fat/file.c6
-rw-r--r--fs/fat/inode.c18
-rw-r--r--fs/freevxfs/vxfs_inode.c4
-rw-r--r--fs/generic_acl.c4
-rw-r--r--fs/gfs2/acl.c14
-rw-r--r--fs/gfs2/quota.c32
-rw-r--r--fs/hfs/hfs_fs.h4
-rw-r--r--fs/hfs/inode.c4
-rw-r--r--fs/hfs/super.c16
-rw-r--r--fs/hfsplus/catalog.c4
-rw-r--r--fs/hfsplus/hfsplus_fs.h4
-rw-r--r--fs/hfsplus/inode.c8
-rw-r--r--fs/hfsplus/options.c15
-rw-r--r--fs/hostfs/hostfs_kern.c8
-rw-r--r--fs/hpfs/hpfs_fn.h4
-rw-r--r--fs/hpfs/inode.c19
-rw-r--r--fs/hpfs/namei.c8
-rw-r--r--fs/hpfs/super.c18
-rw-r--r--fs/hugetlbfs/inode.c16
-rw-r--r--fs/isofs/inode.c17
-rw-r--r--fs/isofs/isofs.h4
-rw-r--r--fs/isofs/rock.c4
-rw-r--r--fs/jffs2/acl.c30
-rw-r--r--fs/jffs2/file.c8
-rw-r--r--fs/jffs2/fs.c24
-rw-r--r--fs/jffs2/os-linux.h4
-rw-r--r--fs/jfs/acl.c4
-rw-r--r--fs/jfs/file.c4
-rw-r--r--fs/jfs/jfs_imap.c22
-rw-r--r--fs/jfs/jfs_incore.h8
-rw-r--r--fs/jfs/super.c22
-rw-r--r--fs/jfs/xattr.c4
-rw-r--r--fs/logfs/inode.c4
-rw-r--r--fs/logfs/readwrite.c8
-rw-r--r--fs/minix/inode.c16
-rw-r--r--fs/namei.c6
-rw-r--r--fs/nfs/nfs3acl.c4
-rw-r--r--fs/nfsd/vfs.c8
-rw-r--r--fs/nilfs2/inode.c8
-rw-r--r--fs/ntfs/inode.c7
-rw-r--r--fs/ntfs/super.c39
-rw-r--r--fs/ntfs/volume.h5
-rw-r--r--fs/ocfs2/acl.c4
-rw-r--r--fs/ocfs2/file.c6
-rw-r--r--fs/ocfs2/quota_global.c43
-rw-r--r--fs/ocfs2/quota_local.c15
-rw-r--r--fs/omfs/inode.c8
-rw-r--r--fs/omfs/omfs.h4
-rw-r--r--fs/open.c2
-rw-r--r--fs/posix_acl.c30
-rw-r--r--fs/proc/base.c27
-rw-r--r--fs/qnx4/inode.c4
-rw-r--r--fs/qnx6/inode.c4
-rw-r--r--fs/quota/Makefile2
-rw-r--r--fs/quota/dquot.c114
-rw-r--r--fs/quota/kqid.c132
-rw-r--r--fs/quota/netlink.c10
-rw-r--r--fs/quota/quota.c28
-rw-r--r--fs/quota/quota_tree.c22
-rw-r--r--fs/quota/quota_v1.c12
-rw-r--r--fs/quota/quota_v2.c26
-rw-r--r--fs/reiserfs/inode.c26
-rw-r--r--fs/reiserfs/xattr_acl.c24
-rw-r--r--fs/seq_file.c4
-rw-r--r--fs/squashfs/inode.c8
-rw-r--r--fs/sysv/inode.c8
-rw-r--r--fs/ubifs/budget.c4
-rw-r--r--fs/ubifs/debug.c4
-rw-r--r--fs/ubifs/journal.c4
-rw-r--r--fs/ubifs/sb.c4
-rw-r--r--fs/ubifs/super.c4
-rw-r--r--fs/ubifs/ubifs.h4
-rw-r--r--fs/udf/inode.c12
-rw-r--r--fs/udf/super.c20
-rw-r--r--fs/udf/udf_sb.h4
-rw-r--r--fs/ufs/inode.c16
-rw-r--r--fs/xattr.c7
-rw-r--r--fs/xattr_acl.c96
-rw-r--r--fs/xfs/xfs_acl.c4
-rw-r--r--fs/xfs/xfs_quotaops.c12
-rw-r--r--fs/xfs/xfs_trans_dquot.c8
108 files changed, 1011 insertions, 528 deletions
diff --git a/fs/9p/acl.c b/fs/9p/acl.c
index 9a1d42630751..15b679166201 100644
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -37,7 +37,7 @@ static struct posix_acl *__v9fs_get_acl(struct p9_fid *fid, char *name)
37 return ERR_PTR(-ENOMEM); 37 return ERR_PTR(-ENOMEM);
38 size = v9fs_fid_xattr_get(fid, name, value, size); 38 size = v9fs_fid_xattr_get(fid, name, value, size);
39 if (size > 0) { 39 if (size > 0) {
40 acl = posix_acl_from_xattr(value, size); 40 acl = posix_acl_from_xattr(&init_user_ns, value, size);
41 if (IS_ERR(acl)) 41 if (IS_ERR(acl))
42 goto err_out; 42 goto err_out;
43 } 43 }
@@ -131,7 +131,7 @@ static int v9fs_set_acl(struct dentry *dentry, int type, struct posix_acl *acl)
131 buffer = kmalloc(size, GFP_KERNEL); 131 buffer = kmalloc(size, GFP_KERNEL);
132 if (!buffer) 132 if (!buffer)
133 return -ENOMEM; 133 return -ENOMEM;
134 retval = posix_acl_to_xattr(acl, buffer, size); 134 retval = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
135 if (retval < 0) 135 if (retval < 0)
136 goto err_free_out; 136 goto err_free_out;
137 switch (type) { 137 switch (type) {
@@ -251,7 +251,7 @@ static int v9fs_xattr_get_acl(struct dentry *dentry, const char *name,
251 return PTR_ERR(acl); 251 return PTR_ERR(acl);
252 if (acl == NULL) 252 if (acl == NULL)
253 return -ENODATA; 253 return -ENODATA;
254 error = posix_acl_to_xattr(acl, buffer, size); 254 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
255 posix_acl_release(acl); 255 posix_acl_release(acl);
256 256
257 return error; 257 return error;
@@ -304,7 +304,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
304 return -EPERM; 304 return -EPERM;
305 if (value) { 305 if (value) {
306 /* update the cached acl value */ 306 /* update the cached acl value */
307 acl = posix_acl_from_xattr(value, size); 307 acl = posix_acl_from_xattr(&init_user_ns, value, size);
308 if (IS_ERR(acl)) 308 if (IS_ERR(acl))
309 return PTR_ERR(acl); 309 return PTR_ERR(acl);
310 else if (acl) { 310 else if (acl) {
diff --git a/fs/adfs/adfs.h b/fs/adfs/adfs.h
index 718ac1f440c6..585adafb0cc2 100644
--- a/fs/adfs/adfs.h
+++ b/fs/adfs/adfs.h
@@ -46,8 +46,8 @@ struct adfs_sb_info {
46 struct adfs_discmap *s_map; /* bh list containing map */ 46 struct adfs_discmap *s_map; /* bh list containing map */
47 struct adfs_dir_ops *s_dir; /* directory operations */ 47 struct adfs_dir_ops *s_dir; /* directory operations */
48 48
49 uid_t s_uid; /* owner uid */ 49 kuid_t s_uid; /* owner uid */
50 gid_t s_gid; /* owner gid */ 50 kgid_t s_gid; /* owner gid */
51 umode_t s_owner_mask; /* ADFS owner perm -> unix perm */ 51 umode_t s_owner_mask; /* ADFS owner perm -> unix perm */
52 umode_t s_other_mask; /* ADFS other perm -> unix perm */ 52 umode_t s_other_mask; /* ADFS other perm -> unix perm */
53 int s_ftsuffix; /* ,xyz hex filetype suffix option */ 53 int s_ftsuffix; /* ,xyz hex filetype suffix option */
diff --git a/fs/adfs/inode.c b/fs/adfs/inode.c
index 1dab6a174d6a..e9bad5093a3f 100644
--- a/fs/adfs/inode.c
+++ b/fs/adfs/inode.c
@@ -304,8 +304,8 @@ adfs_notify_change(struct dentry *dentry, struct iattr *attr)
304 * we can't change the UID or GID of any file - 304 * we can't change the UID or GID of any file -
305 * we have a global UID/GID in the superblock 305 * we have a global UID/GID in the superblock
306 */ 306 */
307 if ((ia_valid & ATTR_UID && attr->ia_uid != ADFS_SB(sb)->s_uid) || 307 if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, ADFS_SB(sb)->s_uid)) ||
308 (ia_valid & ATTR_GID && attr->ia_gid != ADFS_SB(sb)->s_gid)) 308 (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, ADFS_SB(sb)->s_gid)))
309 error = -EPERM; 309 error = -EPERM;
310 310
311 if (error) 311 if (error)
diff --git a/fs/adfs/super.c b/fs/adfs/super.c
index bdaec92353c2..22a0d7ed5fa1 100644
--- a/fs/adfs/super.c
+++ b/fs/adfs/super.c
@@ -15,6 +15,7 @@
15#include <linux/seq_file.h> 15#include <linux/seq_file.h>
16#include <linux/slab.h> 16#include <linux/slab.h>
17#include <linux/statfs.h> 17#include <linux/statfs.h>
18#include <linux/user_namespace.h>
18#include "adfs.h" 19#include "adfs.h"
19#include "dir_f.h" 20#include "dir_f.h"
20#include "dir_fplus.h" 21#include "dir_fplus.h"
@@ -130,10 +131,10 @@ static int adfs_show_options(struct seq_file *seq, struct dentry *root)
130{ 131{
131 struct adfs_sb_info *asb = ADFS_SB(root->d_sb); 132 struct adfs_sb_info *asb = ADFS_SB(root->d_sb);
132 133
133 if (asb->s_uid != 0) 134 if (!uid_eq(asb->s_uid, GLOBAL_ROOT_UID))
134 seq_printf(seq, ",uid=%u", asb->s_uid); 135 seq_printf(seq, ",uid=%u", from_kuid_munged(&init_user_ns, asb->s_uid));
135 if (asb->s_gid != 0) 136 if (!gid_eq(asb->s_gid, GLOBAL_ROOT_GID))
136 seq_printf(seq, ",gid=%u", asb->s_gid); 137 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, asb->s_gid));
137 if (asb->s_owner_mask != ADFS_DEFAULT_OWNER_MASK) 138 if (asb->s_owner_mask != ADFS_DEFAULT_OWNER_MASK)
138 seq_printf(seq, ",ownmask=%o", asb->s_owner_mask); 139 seq_printf(seq, ",ownmask=%o", asb->s_owner_mask);
139 if (asb->s_other_mask != ADFS_DEFAULT_OTHER_MASK) 140 if (asb->s_other_mask != ADFS_DEFAULT_OTHER_MASK)
@@ -175,12 +176,16 @@ static int parse_options(struct super_block *sb, char *options)
175 case Opt_uid: 176 case Opt_uid:
176 if (match_int(args, &option)) 177 if (match_int(args, &option))
177 return -EINVAL; 178 return -EINVAL;
178 asb->s_uid = option; 179 asb->s_uid = make_kuid(current_user_ns(), option);
180 if (!uid_valid(asb->s_uid))
181 return -EINVAL;
179 break; 182 break;
180 case Opt_gid: 183 case Opt_gid:
181 if (match_int(args, &option)) 184 if (match_int(args, &option))
182 return -EINVAL; 185 return -EINVAL;
183 asb->s_gid = option; 186 asb->s_gid = make_kgid(current_user_ns(), option);
187 if (!gid_valid(asb->s_gid))
188 return -EINVAL;
184 break; 189 break;
185 case Opt_ownmask: 190 case Opt_ownmask:
186 if (match_octal(args, &option)) 191 if (match_octal(args, &option))
@@ -369,8 +374,8 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent)
369 sb->s_fs_info = asb; 374 sb->s_fs_info = asb;
370 375
371 /* set default options */ 376 /* set default options */
372 asb->s_uid = 0; 377 asb->s_uid = GLOBAL_ROOT_UID;
373 asb->s_gid = 0; 378 asb->s_gid = GLOBAL_ROOT_GID;
374 asb->s_owner_mask = ADFS_DEFAULT_OWNER_MASK; 379 asb->s_owner_mask = ADFS_DEFAULT_OWNER_MASK;
375 asb->s_other_mask = ADFS_DEFAULT_OTHER_MASK; 380 asb->s_other_mask = ADFS_DEFAULT_OTHER_MASK;
376 asb->s_ftsuffix = 0; 381 asb->s_ftsuffix = 0;
diff --git a/fs/affs/affs.h b/fs/affs/affs.h
index 6e216419f340..3952121f2f28 100644
--- a/fs/affs/affs.h
+++ b/fs/affs/affs.h
@@ -88,8 +88,8 @@ struct affs_sb_info {
88 u32 s_root_block; /* FFS root block number. */ 88 u32 s_root_block; /* FFS root block number. */
89 int s_hashsize; /* Size of hash table. */ 89 int s_hashsize; /* Size of hash table. */
90 unsigned long s_flags; /* See below. */ 90 unsigned long s_flags; /* See below. */
91 uid_t s_uid; /* uid to override */ 91 kuid_t s_uid; /* uid to override */
92 gid_t s_gid; /* gid to override */ 92 kgid_t s_gid; /* gid to override */
93 umode_t s_mode; /* mode to override */ 93 umode_t s_mode; /* mode to override */
94 struct buffer_head *s_root_bh; /* Cached root block. */ 94 struct buffer_head *s_root_bh; /* Cached root block. */
95 struct mutex s_bmlock; /* Protects bitmap access. */ 95 struct mutex s_bmlock; /* Protects bitmap access. */
diff --git a/fs/affs/inode.c b/fs/affs/inode.c
index 8bc4a59f4e7e..15c484268229 100644
--- a/fs/affs/inode.c
+++ b/fs/affs/inode.c
@@ -80,17 +80,17 @@ struct inode *affs_iget(struct super_block *sb, unsigned long ino)
80 if (id == 0 || sbi->s_flags & SF_SETUID) 80 if (id == 0 || sbi->s_flags & SF_SETUID)
81 inode->i_uid = sbi->s_uid; 81 inode->i_uid = sbi->s_uid;
82 else if (id == 0xFFFF && sbi->s_flags & SF_MUFS) 82 else if (id == 0xFFFF && sbi->s_flags & SF_MUFS)
83 inode->i_uid = 0; 83 i_uid_write(inode, 0);
84 else 84 else
85 inode->i_uid = id; 85 i_uid_write(inode, id);
86 86
87 id = be16_to_cpu(tail->gid); 87 id = be16_to_cpu(tail->gid);
88 if (id == 0 || sbi->s_flags & SF_SETGID) 88 if (id == 0 || sbi->s_flags & SF_SETGID)
89 inode->i_gid = sbi->s_gid; 89 inode->i_gid = sbi->s_gid;
90 else if (id == 0xFFFF && sbi->s_flags & SF_MUFS) 90 else if (id == 0xFFFF && sbi->s_flags & SF_MUFS)
91 inode->i_gid = 0; 91 i_gid_write(inode, 0);
92 else 92 else
93 inode->i_gid = id; 93 i_gid_write(inode, id);
94 94
95 switch (be32_to_cpu(tail->stype)) { 95 switch (be32_to_cpu(tail->stype)) {
96 case ST_ROOT: 96 case ST_ROOT:
@@ -193,13 +193,13 @@ affs_write_inode(struct inode *inode, struct writeback_control *wbc)
193 tail->size = cpu_to_be32(inode->i_size); 193 tail->size = cpu_to_be32(inode->i_size);
194 secs_to_datestamp(inode->i_mtime.tv_sec,&tail->change); 194 secs_to_datestamp(inode->i_mtime.tv_sec,&tail->change);
195 if (!(inode->i_ino == AFFS_SB(sb)->s_root_block)) { 195 if (!(inode->i_ino == AFFS_SB(sb)->s_root_block)) {
196 uid = inode->i_uid; 196 uid = i_uid_read(inode);
197 gid = inode->i_gid; 197 gid = i_gid_read(inode);
198 if (AFFS_SB(sb)->s_flags & SF_MUFS) { 198 if (AFFS_SB(sb)->s_flags & SF_MUFS) {
199 if (inode->i_uid == 0 || inode->i_uid == 0xFFFF) 199 if (uid == 0 || uid == 0xFFFF)
200 uid = inode->i_uid ^ ~0; 200 uid = uid ^ ~0;
201 if (inode->i_gid == 0 || inode->i_gid == 0xFFFF) 201 if (gid == 0 || gid == 0xFFFF)
202 gid = inode->i_gid ^ ~0; 202 gid = gid ^ ~0;
203 } 203 }
204 if (!(AFFS_SB(sb)->s_flags & SF_SETUID)) 204 if (!(AFFS_SB(sb)->s_flags & SF_SETUID))
205 tail->uid = cpu_to_be16(uid); 205 tail->uid = cpu_to_be16(uid);
diff --git a/fs/affs/super.c b/fs/affs/super.c
index 022cecb0757d..1f030825cd3a 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -188,7 +188,7 @@ static const match_table_t tokens = {
188}; 188};
189 189
190static int 190static int
191parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s32 *root, 191parse_options(char *options, kuid_t *uid, kgid_t *gid, int *mode, int *reserved, s32 *root,
192 int *blocksize, char **prefix, char *volume, unsigned long *mount_opts) 192 int *blocksize, char **prefix, char *volume, unsigned long *mount_opts)
193{ 193{
194 char *p; 194 char *p;
@@ -253,13 +253,17 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
253 case Opt_setgid: 253 case Opt_setgid:
254 if (match_int(&args[0], &option)) 254 if (match_int(&args[0], &option))
255 return 0; 255 return 0;
256 *gid = option; 256 *gid = make_kgid(current_user_ns(), option);
257 if (!gid_valid(*gid))
258 return 0;
257 *mount_opts |= SF_SETGID; 259 *mount_opts |= SF_SETGID;
258 break; 260 break;
259 case Opt_setuid: 261 case Opt_setuid:
260 if (match_int(&args[0], &option)) 262 if (match_int(&args[0], &option))
261 return 0; 263 return 0;
262 *uid = option; 264 *uid = make_kuid(current_user_ns(), option);
265 if (!uid_valid(*uid))
266 return 0;
263 *mount_opts |= SF_SETUID; 267 *mount_opts |= SF_SETUID;
264 break; 268 break;
265 case Opt_verbose: 269 case Opt_verbose:
@@ -301,8 +305,8 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
301 int num_bm; 305 int num_bm;
302 int i, j; 306 int i, j;
303 s32 key; 307 s32 key;
304 uid_t uid; 308 kuid_t uid;
305 gid_t gid; 309 kgid_t gid;
306 int reserved; 310 int reserved;
307 unsigned long mount_flags; 311 unsigned long mount_flags;
308 int tmp_flags; /* fix remount prototype... */ 312 int tmp_flags; /* fix remount prototype... */
@@ -527,8 +531,8 @@ affs_remount(struct super_block *sb, int *flags, char *data)
527{ 531{
528 struct affs_sb_info *sbi = AFFS_SB(sb); 532 struct affs_sb_info *sbi = AFFS_SB(sb);
529 int blocksize; 533 int blocksize;
530 uid_t uid; 534 kuid_t uid;
531 gid_t gid; 535 kgid_t gid;
532 int mode; 536 int mode;
533 int reserved; 537 int reserved;
534 int root_block; 538 int root_block;
diff --git a/fs/befs/befs.h b/fs/befs/befs.h
index d9a40abda6b7..b26642839156 100644
--- a/fs/befs/befs.h
+++ b/fs/befs/befs.h
@@ -20,8 +20,8 @@ typedef u64 befs_blocknr_t;
20 */ 20 */
21 21
22typedef struct befs_mount_options { 22typedef struct befs_mount_options {
23 gid_t gid; 23 kgid_t gid;
24 uid_t uid; 24 kuid_t uid;
25 int use_gid; 25 int use_gid;
26 int use_uid; 26 int use_uid;
27 int debug; 27 int debug;
diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
index cf7f3c67c8b7..7f73a692bfd0 100644
--- a/fs/befs/linuxvfs.c
+++ b/fs/befs/linuxvfs.c
@@ -15,6 +15,7 @@
15#include <linux/vfs.h> 15#include <linux/vfs.h>
16#include <linux/parser.h> 16#include <linux/parser.h>
17#include <linux/namei.h> 17#include <linux/namei.h>
18#include <linux/sched.h>
18 19
19#include "befs.h" 20#include "befs.h"
20#include "btree.h" 21#include "btree.h"
@@ -352,9 +353,11 @@ static struct inode *befs_iget(struct super_block *sb, unsigned long ino)
352 */ 353 */
353 354
354 inode->i_uid = befs_sb->mount_opts.use_uid ? 355 inode->i_uid = befs_sb->mount_opts.use_uid ?
355 befs_sb->mount_opts.uid : (uid_t) fs32_to_cpu(sb, raw_inode->uid); 356 befs_sb->mount_opts.uid :
357 make_kuid(&init_user_ns, fs32_to_cpu(sb, raw_inode->uid));
356 inode->i_gid = befs_sb->mount_opts.use_gid ? 358 inode->i_gid = befs_sb->mount_opts.use_gid ?
357 befs_sb->mount_opts.gid : (gid_t) fs32_to_cpu(sb, raw_inode->gid); 359 befs_sb->mount_opts.gid :
360 make_kgid(&init_user_ns, fs32_to_cpu(sb, raw_inode->gid));
358 361
359 set_nlink(inode, 1); 362 set_nlink(inode, 1);
360 363
@@ -674,10 +677,12 @@ parse_options(char *options, befs_mount_options * opts)
674 char *p; 677 char *p;
675 substring_t args[MAX_OPT_ARGS]; 678 substring_t args[MAX_OPT_ARGS];
676 int option; 679 int option;
680 kuid_t uid;
681 kgid_t gid;
677 682
678 /* Initialize options */ 683 /* Initialize options */
679 opts->uid = 0; 684 opts->uid = GLOBAL_ROOT_UID;
680 opts->gid = 0; 685 opts->gid = GLOBAL_ROOT_GID;
681 opts->use_uid = 0; 686 opts->use_uid = 0;
682 opts->use_gid = 0; 687 opts->use_gid = 0;
683 opts->iocharset = NULL; 688 opts->iocharset = NULL;
@@ -696,23 +701,29 @@ parse_options(char *options, befs_mount_options * opts)
696 case Opt_uid: 701 case Opt_uid:
697 if (match_int(&args[0], &option)) 702 if (match_int(&args[0], &option))
698 return 0; 703 return 0;
699 if (option < 0) { 704 uid = INVALID_UID;
705 if (option >= 0)
706 uid = make_kuid(current_user_ns(), option);
707 if (!uid_valid(uid)) {
700 printk(KERN_ERR "BeFS: Invalid uid %d, " 708 printk(KERN_ERR "BeFS: Invalid uid %d, "
701 "using default\n", option); 709 "using default\n", option);
702 break; 710 break;
703 } 711 }
704 opts->uid = option; 712 opts->uid = uid;
705 opts->use_uid = 1; 713 opts->use_uid = 1;
706 break; 714 break;
707 case Opt_gid: 715 case Opt_gid:
708 if (match_int(&args[0], &option)) 716 if (match_int(&args[0], &option))
709 return 0; 717 return 0;
710 if (option < 0) { 718 gid = INVALID_GID;
719 if (option >= 0)
720 gid = make_kgid(current_user_ns(), option);
721 if (!gid_valid(gid)) {
711 printk(KERN_ERR "BeFS: Invalid gid %d, " 722 printk(KERN_ERR "BeFS: Invalid gid %d, "
712 "using default\n", option); 723 "using default\n", option);
713 break; 724 break;
714 } 725 }
715 opts->gid = option; 726 opts->gid = gid;
716 opts->use_gid = 1; 727 opts->use_gid = 1;
717 break; 728 break;
718 case Opt_charset: 729 case Opt_charset:
diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c
index 9870417c26e7..b242beba58ed 100644
--- a/fs/bfs/inode.c
+++ b/fs/bfs/inode.c
@@ -76,8 +76,8 @@ struct inode *bfs_iget(struct super_block *sb, unsigned long ino)
76 BFS_I(inode)->i_sblock = le32_to_cpu(di->i_sblock); 76 BFS_I(inode)->i_sblock = le32_to_cpu(di->i_sblock);
77 BFS_I(inode)->i_eblock = le32_to_cpu(di->i_eblock); 77 BFS_I(inode)->i_eblock = le32_to_cpu(di->i_eblock);
78 BFS_I(inode)->i_dsk_ino = le16_to_cpu(di->i_ino); 78 BFS_I(inode)->i_dsk_ino = le16_to_cpu(di->i_ino);
79 inode->i_uid = le32_to_cpu(di->i_uid); 79 i_uid_write(inode, le32_to_cpu(di->i_uid));
80 inode->i_gid = le32_to_cpu(di->i_gid); 80 i_gid_write(inode, le32_to_cpu(di->i_gid));
81 set_nlink(inode, le32_to_cpu(di->i_nlink)); 81 set_nlink(inode, le32_to_cpu(di->i_nlink));
82 inode->i_size = BFS_FILESIZE(di); 82 inode->i_size = BFS_FILESIZE(di);
83 inode->i_blocks = BFS_FILEBLOCKS(di); 83 inode->i_blocks = BFS_FILEBLOCKS(di);
@@ -139,8 +139,8 @@ static int bfs_write_inode(struct inode *inode, struct writeback_control *wbc)
139 139
140 di->i_ino = cpu_to_le16(ino); 140 di->i_ino = cpu_to_le16(ino);
141 di->i_mode = cpu_to_le32(inode->i_mode); 141 di->i_mode = cpu_to_le32(inode->i_mode);
142 di->i_uid = cpu_to_le32(inode->i_uid); 142 di->i_uid = cpu_to_le32(i_uid_read(inode));
143 di->i_gid = cpu_to_le32(inode->i_gid); 143 di->i_gid = cpu_to_le32(i_gid_read(inode));
144 di->i_nlink = cpu_to_le32(inode->i_nlink); 144 di->i_nlink = cpu_to_le32(inode->i_nlink);
145 di->i_atime = cpu_to_le32(inode->i_atime.tv_sec); 145 di->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
146 di->i_mtime = cpu_to_le32(inode->i_mtime.tv_sec); 146 di->i_mtime = cpu_to_le32(inode->i_mtime.tv_sec);
diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c
index 761e2cd8fed1..0c16e3dbfd56 100644
--- a/fs/btrfs/acl.c
+++ b/fs/btrfs/acl.c
@@ -61,7 +61,7 @@ struct posix_acl *btrfs_get_acl(struct inode *inode, int type)
61 size = __btrfs_getxattr(inode, name, value, size); 61 size = __btrfs_getxattr(inode, name, value, size);
62 } 62 }
63 if (size > 0) { 63 if (size > 0) {
64 acl = posix_acl_from_xattr(value, size); 64 acl = posix_acl_from_xattr(&init_user_ns, value, size);
65 } else if (size == -ENOENT || size == -ENODATA || size == 0) { 65 } else if (size == -ENOENT || size == -ENODATA || size == 0) {
66 /* FIXME, who returns -ENOENT? I think nobody */ 66 /* FIXME, who returns -ENOENT? I think nobody */
67 acl = NULL; 67 acl = NULL;
@@ -91,7 +91,7 @@ static int btrfs_xattr_acl_get(struct dentry *dentry, const char *name,
91 return PTR_ERR(acl); 91 return PTR_ERR(acl);
92 if (acl == NULL) 92 if (acl == NULL)
93 return -ENODATA; 93 return -ENODATA;
94 ret = posix_acl_to_xattr(acl, value, size); 94 ret = posix_acl_to_xattr(&init_user_ns, acl, value, size);
95 posix_acl_release(acl); 95 posix_acl_release(acl);
96 96
97 return ret; 97 return ret;
@@ -141,7 +141,7 @@ static int btrfs_set_acl(struct btrfs_trans_handle *trans,
141 goto out; 141 goto out;
142 } 142 }
143 143
144 ret = posix_acl_to_xattr(acl, value, size); 144 ret = posix_acl_to_xattr(&init_user_ns, acl, value, size);
145 if (ret < 0) 145 if (ret < 0)
146 goto out; 146 goto out;
147 } 147 }
@@ -169,7 +169,7 @@ static int btrfs_xattr_acl_set(struct dentry *dentry, const char *name,
169 return -EOPNOTSUPP; 169 return -EOPNOTSUPP;
170 170
171 if (value) { 171 if (value) {
172 acl = posix_acl_from_xattr(value, size); 172 acl = posix_acl_from_xattr(&init_user_ns, value, size);
173 if (IS_ERR(acl)) 173 if (IS_ERR(acl))
174 return PTR_ERR(acl); 174 return PTR_ERR(acl);
175 175
diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
index 07d5eeb1e6f1..52c85e2b95d0 100644
--- a/fs/btrfs/delayed-inode.c
+++ b/fs/btrfs/delayed-inode.c
@@ -1715,8 +1715,8 @@ static void fill_stack_inode_item(struct btrfs_trans_handle *trans,
1715 struct btrfs_inode_item *inode_item, 1715 struct btrfs_inode_item *inode_item,
1716 struct inode *inode) 1716 struct inode *inode)
1717{ 1717{
1718 btrfs_set_stack_inode_uid(inode_item, inode->i_uid); 1718 btrfs_set_stack_inode_uid(inode_item, i_uid_read(inode));
1719 btrfs_set_stack_inode_gid(inode_item, inode->i_gid); 1719 btrfs_set_stack_inode_gid(inode_item, i_gid_read(inode));
1720 btrfs_set_stack_inode_size(inode_item, BTRFS_I(inode)->disk_i_size); 1720 btrfs_set_stack_inode_size(inode_item, BTRFS_I(inode)->disk_i_size);
1721 btrfs_set_stack_inode_mode(inode_item, inode->i_mode); 1721 btrfs_set_stack_inode_mode(inode_item, inode->i_mode);
1722 btrfs_set_stack_inode_nlink(inode_item, inode->i_nlink); 1722 btrfs_set_stack_inode_nlink(inode_item, inode->i_nlink);
@@ -1764,8 +1764,8 @@ int btrfs_fill_inode(struct inode *inode, u32 *rdev)
1764 1764
1765 inode_item = &delayed_node->inode_item; 1765 inode_item = &delayed_node->inode_item;
1766 1766
1767 inode->i_uid = btrfs_stack_inode_uid(inode_item); 1767 i_uid_write(inode, btrfs_stack_inode_uid(inode_item));
1768 inode->i_gid = btrfs_stack_inode_gid(inode_item); 1768 i_gid_write(inode, btrfs_stack_inode_gid(inode_item));
1769 btrfs_i_size_write(inode, btrfs_stack_inode_size(inode_item)); 1769 btrfs_i_size_write(inode, btrfs_stack_inode_size(inode_item));
1770 inode->i_mode = btrfs_stack_inode_mode(inode_item); 1770 inode->i_mode = btrfs_stack_inode_mode(inode_item);
1771 set_nlink(inode, btrfs_stack_inode_nlink(inode_item)); 1771 set_nlink(inode, btrfs_stack_inode_nlink(inode_item));
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 316b07a866d2..2a028a58619c 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2572,8 +2572,8 @@ static void btrfs_read_locked_inode(struct inode *inode)
2572 struct btrfs_inode_item); 2572 struct btrfs_inode_item);
2573 inode->i_mode = btrfs_inode_mode(leaf, inode_item); 2573 inode->i_mode = btrfs_inode_mode(leaf, inode_item);
2574 set_nlink(inode, btrfs_inode_nlink(leaf, inode_item)); 2574 set_nlink(inode, btrfs_inode_nlink(leaf, inode_item));
2575 inode->i_uid = btrfs_inode_uid(leaf, inode_item); 2575 i_uid_write(inode, btrfs_inode_uid(leaf, inode_item));
2576 inode->i_gid = btrfs_inode_gid(leaf, inode_item); 2576 i_gid_write(inode, btrfs_inode_gid(leaf, inode_item));
2577 btrfs_i_size_write(inode, btrfs_inode_size(leaf, inode_item)); 2577 btrfs_i_size_write(inode, btrfs_inode_size(leaf, inode_item));
2578 2578
2579 tspec = btrfs_inode_atime(inode_item); 2579 tspec = btrfs_inode_atime(inode_item);
@@ -2651,8 +2651,8 @@ static void fill_inode_item(struct btrfs_trans_handle *trans,
2651 struct btrfs_inode_item *item, 2651 struct btrfs_inode_item *item,
2652 struct inode *inode) 2652 struct inode *inode)
2653{ 2653{
2654 btrfs_set_inode_uid(leaf, item, inode->i_uid); 2654 btrfs_set_inode_uid(leaf, item, i_uid_read(inode));
2655 btrfs_set_inode_gid(leaf, item, inode->i_gid); 2655 btrfs_set_inode_gid(leaf, item, i_gid_read(inode));
2656 btrfs_set_inode_size(leaf, item, BTRFS_I(inode)->disk_i_size); 2656 btrfs_set_inode_size(leaf, item, BTRFS_I(inode)->disk_i_size);
2657 btrfs_set_inode_mode(leaf, item, inode->i_mode); 2657 btrfs_set_inode_mode(leaf, item, inode->i_mode);
2658 btrfs_set_inode_nlink(leaf, item, inode->i_nlink); 2658 btrfs_set_inode_nlink(leaf, item, inode->i_nlink);
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 9df50fa8a078..27bfce58da3b 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -575,13 +575,13 @@ fail:
575*/ 575*/
576static inline int btrfs_check_sticky(struct inode *dir, struct inode *inode) 576static inline int btrfs_check_sticky(struct inode *dir, struct inode *inode)
577{ 577{
578 uid_t fsuid = current_fsuid(); 578 kuid_t fsuid = current_fsuid();
579 579
580 if (!(dir->i_mode & S_ISVTX)) 580 if (!(dir->i_mode & S_ISVTX))
581 return 0; 581 return 0;
582 if (inode->i_uid == fsuid) 582 if (uid_eq(inode->i_uid, fsuid))
583 return 0; 583 return 0;
584 if (dir->i_uid == fsuid) 584 if (uid_eq(dir->i_uid, fsuid))
585 return 0; 585 return 0;
586 return !capable(CAP_FOWNER); 586 return !capable(CAP_FOWNER);
587} 587}
diff --git a/fs/configfs/inode.c b/fs/configfs/inode.c
index 0074362d9f7f..a9d35b0e06cf 100644
--- a/fs/configfs/inode.c
+++ b/fs/configfs/inode.c
@@ -79,8 +79,8 @@ int configfs_setattr(struct dentry * dentry, struct iattr * iattr)
79 return -ENOMEM; 79 return -ENOMEM;
80 /* assign default attributes */ 80 /* assign default attributes */
81 sd_iattr->ia_mode = sd->s_mode; 81 sd_iattr->ia_mode = sd->s_mode;
82 sd_iattr->ia_uid = 0; 82 sd_iattr->ia_uid = GLOBAL_ROOT_UID;
83 sd_iattr->ia_gid = 0; 83 sd_iattr->ia_gid = GLOBAL_ROOT_GID;
84 sd_iattr->ia_atime = sd_iattr->ia_mtime = sd_iattr->ia_ctime = CURRENT_TIME; 84 sd_iattr->ia_atime = sd_iattr->ia_mtime = sd_iattr->ia_ctime = CURRENT_TIME;
85 sd->s_iattr = sd_iattr; 85 sd->s_iattr = sd_iattr;
86 } 86 }
diff --git a/fs/cramfs/inode.c b/fs/cramfs/inode.c
index 28cca01ca9c9..c6c3f91ecf06 100644
--- a/fs/cramfs/inode.c
+++ b/fs/cramfs/inode.c
@@ -90,8 +90,8 @@ static struct inode *get_cramfs_inode(struct super_block *sb,
90 } 90 }
91 91
92 inode->i_mode = cramfs_inode->mode; 92 inode->i_mode = cramfs_inode->mode;
93 inode->i_uid = cramfs_inode->uid; 93 i_uid_write(inode, cramfs_inode->uid);
94 inode->i_gid = cramfs_inode->gid; 94 i_gid_write(inode, cramfs_inode->gid);
95 95
96 /* if the lower 2 bits are zero, the inode contains data */ 96 /* if the lower 2 bits are zero, the inode contains data */
97 if (!(inode->i_ino & 3)) { 97 if (!(inode->i_ino & 3)) {
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 6393fd61d5c4..b607d92cdf24 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -128,8 +128,8 @@ static inline int debugfs_positive(struct dentry *dentry)
128} 128}
129 129
130struct debugfs_mount_opts { 130struct debugfs_mount_opts {
131 uid_t uid; 131 kuid_t uid;
132 gid_t gid; 132 kgid_t gid;
133 umode_t mode; 133 umode_t mode;
134}; 134};
135 135
@@ -156,6 +156,8 @@ static int debugfs_parse_options(char *data, struct debugfs_mount_opts *opts)
156 substring_t args[MAX_OPT_ARGS]; 156 substring_t args[MAX_OPT_ARGS];
157 int option; 157 int option;
158 int token; 158 int token;
159 kuid_t uid;
160 kgid_t gid;
159 char *p; 161 char *p;
160 162
161 opts->mode = DEBUGFS_DEFAULT_MODE; 163 opts->mode = DEBUGFS_DEFAULT_MODE;
@@ -169,12 +171,18 @@ static int debugfs_parse_options(char *data, struct debugfs_mount_opts *opts)
169 case Opt_uid: 171 case Opt_uid:
170 if (match_int(&args[0], &option)) 172 if (match_int(&args[0], &option))
171 return -EINVAL; 173 return -EINVAL;
172 opts->uid = option; 174 uid = make_kuid(current_user_ns(), option);
175 if (!uid_valid(uid))
176 return -EINVAL;
177 opts->uid = uid;
173 break; 178 break;
174 case Opt_gid: 179 case Opt_gid:
175 if (match_octal(&args[0], &option)) 180 if (match_octal(&args[0], &option))
176 return -EINVAL; 181 return -EINVAL;
177 opts->gid = option; 182 gid = make_kgid(current_user_ns(), option);
183 if (!gid_valid(gid))
184 return -EINVAL;
185 opts->gid = gid;
178 break; 186 break;
179 case Opt_mode: 187 case Opt_mode:
180 if (match_octal(&args[0], &option)) 188 if (match_octal(&args[0], &option))
@@ -226,10 +234,12 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root)
226 struct debugfs_fs_info *fsi = root->d_sb->s_fs_info; 234 struct debugfs_fs_info *fsi = root->d_sb->s_fs_info;
227 struct debugfs_mount_opts *opts = &fsi->mount_opts; 235 struct debugfs_mount_opts *opts = &fsi->mount_opts;
228 236
229 if (opts->uid != 0) 237 if (!uid_eq(opts->uid, GLOBAL_ROOT_UID))
230 seq_printf(m, ",uid=%u", opts->uid); 238 seq_printf(m, ",uid=%u",
231 if (opts->gid != 0) 239 from_kuid_munged(&init_user_ns, opts->uid));
232 seq_printf(m, ",gid=%u", opts->gid); 240 if (!gid_eq(opts->gid, GLOBAL_ROOT_GID))
241 seq_printf(m, ",gid=%u",
242 from_kgid_munged(&init_user_ns, opts->gid));
233 if (opts->mode != DEBUGFS_DEFAULT_MODE) 243 if (opts->mode != DEBUGFS_DEFAULT_MODE)
234 seq_printf(m, ",mode=%o", opts->mode); 244 seq_printf(m, ",mode=%o", opts->mode);
235 245
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 9b627c15010a..24bb043e50d9 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -545,11 +545,12 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
545 goto out_free; 545 goto out_free;
546 } 546 }
547 547
548 if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) { 548 if (check_ruid && !uid_eq(path.dentry->d_inode->i_uid, current_uid())) {
549 rc = -EPERM; 549 rc = -EPERM;
550 printk(KERN_ERR "Mount of device (uid: %d) not owned by " 550 printk(KERN_ERR "Mount of device (uid: %d) not owned by "
551 "requested user (uid: %d)\n", 551 "requested user (uid: %d)\n",
552 path.dentry->d_inode->i_uid, current_uid()); 552 i_uid_read(path.dentry->d_inode),
553 from_kuid(&init_user_ns, current_uid()));
553 goto out_free; 554 goto out_free;
554 } 555 }
555 556
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index b29bb8bfa8d9..5fa2471796c2 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -33,7 +33,7 @@ static struct hlist_head *ecryptfs_daemon_hash;
33struct mutex ecryptfs_daemon_hash_mux; 33struct mutex ecryptfs_daemon_hash_mux;
34static int ecryptfs_hash_bits; 34static int ecryptfs_hash_bits;
35#define ecryptfs_current_euid_hash(uid) \ 35#define ecryptfs_current_euid_hash(uid) \
36 hash_long((unsigned long)current_euid(), ecryptfs_hash_bits) 36 hash_long((unsigned long)from_kuid(&init_user_ns, current_euid()), ecryptfs_hash_bits)
37 37
38static u32 ecryptfs_msg_counter; 38static u32 ecryptfs_msg_counter;
39static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; 39static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
@@ -121,8 +121,7 @@ int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon)
121 hlist_for_each_entry(*daemon, elem, 121 hlist_for_each_entry(*daemon, elem,
122 &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()], 122 &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()],
123 euid_chain) { 123 euid_chain) {
124 if ((*daemon)->file->f_cred->euid == current_euid() && 124 if (uid_eq((*daemon)->file->f_cred->euid, current_euid())) {
125 (*daemon)->file->f_cred->user_ns == current_user_ns()) {
126 rc = 0; 125 rc = 0;
127 goto out; 126 goto out;
128 } 127 }
diff --git a/fs/efs/inode.c b/fs/efs/inode.c
index bc84f365d75c..f3913eb2c474 100644
--- a/fs/efs/inode.c
+++ b/fs/efs/inode.c
@@ -97,8 +97,8 @@ struct inode *efs_iget(struct super_block *super, unsigned long ino)
97 97
98 inode->i_mode = be16_to_cpu(efs_inode->di_mode); 98 inode->i_mode = be16_to_cpu(efs_inode->di_mode);
99 set_nlink(inode, be16_to_cpu(efs_inode->di_nlink)); 99 set_nlink(inode, be16_to_cpu(efs_inode->di_nlink));
100 inode->i_uid = (uid_t)be16_to_cpu(efs_inode->di_uid); 100 i_uid_write(inode, (uid_t)be16_to_cpu(efs_inode->di_uid));
101 inode->i_gid = (gid_t)be16_to_cpu(efs_inode->di_gid); 101 i_gid_write(inode, (gid_t)be16_to_cpu(efs_inode->di_gid));
102 inode->i_size = be32_to_cpu(efs_inode->di_size); 102 inode->i_size = be32_to_cpu(efs_inode->di_size);
103 inode->i_atime.tv_sec = be32_to_cpu(efs_inode->di_atime); 103 inode->i_atime.tv_sec = be32_to_cpu(efs_inode->di_atime);
104 inode->i_mtime.tv_sec = be32_to_cpu(efs_inode->di_mtime); 104 inode->i_mtime.tv_sec = be32_to_cpu(efs_inode->di_mtime);
diff --git a/fs/exofs/inode.c b/fs/exofs/inode.c
index 1562c27a2fab..b56181047751 100644
--- a/fs/exofs/inode.c
+++ b/fs/exofs/inode.c
@@ -1172,8 +1172,8 @@ struct inode *exofs_iget(struct super_block *sb, unsigned long ino)
1172 1172
1173 /* copy stuff from on-disk struct to in-memory struct */ 1173 /* copy stuff from on-disk struct to in-memory struct */
1174 inode->i_mode = le16_to_cpu(fcb.i_mode); 1174 inode->i_mode = le16_to_cpu(fcb.i_mode);
1175 inode->i_uid = le32_to_cpu(fcb.i_uid); 1175 i_uid_write(inode, le32_to_cpu(fcb.i_uid));
1176 inode->i_gid = le32_to_cpu(fcb.i_gid); 1176 i_gid_write(inode, le32_to_cpu(fcb.i_gid));
1177 set_nlink(inode, le16_to_cpu(fcb.i_links_count)); 1177 set_nlink(inode, le16_to_cpu(fcb.i_links_count));
1178 inode->i_ctime.tv_sec = (signed)le32_to_cpu(fcb.i_ctime); 1178 inode->i_ctime.tv_sec = (signed)le32_to_cpu(fcb.i_ctime);
1179 inode->i_atime.tv_sec = (signed)le32_to_cpu(fcb.i_atime); 1179 inode->i_atime.tv_sec = (signed)le32_to_cpu(fcb.i_atime);
@@ -1385,8 +1385,8 @@ static int exofs_update_inode(struct inode *inode, int do_sync)
1385 fcb = &args->fcb; 1385 fcb = &args->fcb;
1386 1386
1387 fcb->i_mode = cpu_to_le16(inode->i_mode); 1387 fcb->i_mode = cpu_to_le16(inode->i_mode);
1388 fcb->i_uid = cpu_to_le32(inode->i_uid); 1388 fcb->i_uid = cpu_to_le32(i_uid_read(inode));
1389 fcb->i_gid = cpu_to_le32(inode->i_gid); 1389 fcb->i_gid = cpu_to_le32(i_gid_read(inode));
1390 fcb->i_links_count = cpu_to_le16(inode->i_nlink); 1390 fcb->i_links_count = cpu_to_le16(inode->i_nlink);
1391 fcb->i_ctime = cpu_to_le32(inode->i_ctime.tv_sec); 1391 fcb->i_ctime = cpu_to_le32(inode->i_ctime.tv_sec);
1392 fcb->i_atime = cpu_to_le32(inode->i_atime.tv_sec); 1392 fcb->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
index 35d6a3cfd9ff..110b6b371a4e 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -53,16 +53,23 @@ ext2_acl_from_disk(const void *value, size_t size)
53 case ACL_OTHER: 53 case ACL_OTHER:
54 value = (char *)value + 54 value = (char *)value +
55 sizeof(ext2_acl_entry_short); 55 sizeof(ext2_acl_entry_short);
56 acl->a_entries[n].e_id = ACL_UNDEFINED_ID;
57 break; 56 break;
58 57
59 case ACL_USER: 58 case ACL_USER:
59 value = (char *)value + sizeof(ext2_acl_entry);
60 if ((char *)value > end)
61 goto fail;
62 acl->a_entries[n].e_uid =
63 make_kuid(&init_user_ns,
64 le32_to_cpu(entry->e_id));
65 break;
60 case ACL_GROUP: 66 case ACL_GROUP:
61 value = (char *)value + sizeof(ext2_acl_entry); 67 value = (char *)value + sizeof(ext2_acl_entry);
62 if ((char *)value > end) 68 if ((char *)value > end)
63 goto fail; 69 goto fail;
64 acl->a_entries[n].e_id = 70 acl->a_entries[n].e_gid =
65 le32_to_cpu(entry->e_id); 71 make_kgid(&init_user_ns,
72 le32_to_cpu(entry->e_id));
66 break; 73 break;
67 74
68 default: 75 default:
@@ -96,14 +103,19 @@ ext2_acl_to_disk(const struct posix_acl *acl, size_t *size)
96 ext_acl->a_version = cpu_to_le32(EXT2_ACL_VERSION); 103 ext_acl->a_version = cpu_to_le32(EXT2_ACL_VERSION);
97 e = (char *)ext_acl + sizeof(ext2_acl_header); 104 e = (char *)ext_acl + sizeof(ext2_acl_header);
98 for (n=0; n < acl->a_count; n++) { 105 for (n=0; n < acl->a_count; n++) {
106 const struct posix_acl_entry *acl_e = &acl->a_entries[n];
99 ext2_acl_entry *entry = (ext2_acl_entry *)e; 107 ext2_acl_entry *entry = (ext2_acl_entry *)e;
100 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 108 entry->e_tag = cpu_to_le16(acl_e->e_tag);
101 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 109 entry->e_perm = cpu_to_le16(acl_e->e_perm);
102 switch(acl->a_entries[n].e_tag) { 110 switch(acl_e->e_tag) {
103 case ACL_USER: 111 case ACL_USER:
112 entry->e_id = cpu_to_le32(
113 from_kuid(&init_user_ns, acl_e->e_uid));
114 e += sizeof(ext2_acl_entry);
115 break;
104 case ACL_GROUP: 116 case ACL_GROUP:
105 entry->e_id = 117 entry->e_id = cpu_to_le32(
106 cpu_to_le32(acl->a_entries[n].e_id); 118 from_kgid(&init_user_ns, acl_e->e_gid));
107 e += sizeof(ext2_acl_entry); 119 e += sizeof(ext2_acl_entry);
108 break; 120 break;
109 121
@@ -350,7 +362,7 @@ ext2_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer,
350 return PTR_ERR(acl); 362 return PTR_ERR(acl);
351 if (acl == NULL) 363 if (acl == NULL)
352 return -ENODATA; 364 return -ENODATA;
353 error = posix_acl_to_xattr(acl, buffer, size); 365 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
354 posix_acl_release(acl); 366 posix_acl_release(acl);
355 367
356 return error; 368 return error;
@@ -371,7 +383,7 @@ ext2_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
371 return -EPERM; 383 return -EPERM;
372 384
373 if (value) { 385 if (value) {
374 acl = posix_acl_from_xattr(value, size); 386 acl = posix_acl_from_xattr(&init_user_ns, value, size);
375 if (IS_ERR(acl)) 387 if (IS_ERR(acl))
376 return PTR_ERR(acl); 388 return PTR_ERR(acl);
377 else if (acl) { 389 else if (acl) {
diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c
index c76832c8d192..dbb5ad59a7fc 100644
--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -48,16 +48,23 @@ ext3_acl_from_disk(const void *value, size_t size)
48 case ACL_OTHER: 48 case ACL_OTHER:
49 value = (char *)value + 49 value = (char *)value +
50 sizeof(ext3_acl_entry_short); 50 sizeof(ext3_acl_entry_short);
51 acl->a_entries[n].e_id = ACL_UNDEFINED_ID;
52 break; 51 break;
53 52
54 case ACL_USER: 53 case ACL_USER:
54 value = (char *)value + sizeof(ext3_acl_entry);
55 if ((char *)value > end)
56 goto fail;
57 acl->a_entries[n].e_uid =
58 make_kuid(&init_user_ns,
59 le32_to_cpu(entry->e_id));
60 break;
55 case ACL_GROUP: 61 case ACL_GROUP:
56 value = (char *)value + sizeof(ext3_acl_entry); 62 value = (char *)value + sizeof(ext3_acl_entry);
57 if ((char *)value > end) 63 if ((char *)value > end)
58 goto fail; 64 goto fail;
59 acl->a_entries[n].e_id = 65 acl->a_entries[n].e_gid =
60 le32_to_cpu(entry->e_id); 66 make_kgid(&init_user_ns,
67 le32_to_cpu(entry->e_id));
61 break; 68 break;
62 69
63 default: 70 default:
@@ -91,14 +98,19 @@ ext3_acl_to_disk(const struct posix_acl *acl, size_t *size)
91 ext_acl->a_version = cpu_to_le32(EXT3_ACL_VERSION); 98 ext_acl->a_version = cpu_to_le32(EXT3_ACL_VERSION);
92 e = (char *)ext_acl + sizeof(ext3_acl_header); 99 e = (char *)ext_acl + sizeof(ext3_acl_header);
93 for (n=0; n < acl->a_count; n++) { 100 for (n=0; n < acl->a_count; n++) {
101 const struct posix_acl_entry *acl_e = &acl->a_entries[n];
94 ext3_acl_entry *entry = (ext3_acl_entry *)e; 102 ext3_acl_entry *entry = (ext3_acl_entry *)e;
95 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 103 entry->e_tag = cpu_to_le16(acl_e->e_tag);
96 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 104 entry->e_perm = cpu_to_le16(acl_e->e_perm);
97 switch(acl->a_entries[n].e_tag) { 105 switch(acl_e->e_tag) {
98 case ACL_USER: 106 case ACL_USER:
107 entry->e_id = cpu_to_le32(
108 from_kuid(&init_user_ns, acl_e->e_uid));
109 e += sizeof(ext3_acl_entry);
110 break;
99 case ACL_GROUP: 111 case ACL_GROUP:
100 entry->e_id = 112 entry->e_id = cpu_to_le32(
101 cpu_to_le32(acl->a_entries[n].e_id); 113 from_kgid(&init_user_ns, acl_e->e_gid));
102 e += sizeof(ext3_acl_entry); 114 e += sizeof(ext3_acl_entry);
103 break; 115 break;
104 116
@@ -369,7 +381,7 @@ ext3_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer,
369 return PTR_ERR(acl); 381 return PTR_ERR(acl);
370 if (acl == NULL) 382 if (acl == NULL)
371 return -ENODATA; 383 return -ENODATA;
372 error = posix_acl_to_xattr(acl, buffer, size); 384 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
373 posix_acl_release(acl); 385 posix_acl_release(acl);
374 386
375 return error; 387 return error;
@@ -392,7 +404,7 @@ ext3_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
392 return -EPERM; 404 return -EPERM;
393 405
394 if (value) { 406 if (value) {
395 acl = posix_acl_from_xattr(value, size); 407 acl = posix_acl_from_xattr(&init_user_ns, value, size);
396 if (IS_ERR(acl)) 408 if (IS_ERR(acl))
397 return PTR_ERR(acl); 409 return PTR_ERR(acl);
398 else if (acl) { 410 else if (acl) {
diff --git a/fs/ext3/super.c b/fs/ext3/super.c
index 8c892e93d8e7..09b8455bd7eb 100644
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -2803,7 +2803,7 @@ static int ext3_statfs (struct dentry * dentry, struct kstatfs * buf)
2803 2803
2804static inline struct inode *dquot_to_inode(struct dquot *dquot) 2804static inline struct inode *dquot_to_inode(struct dquot *dquot)
2805{ 2805{
2806 return sb_dqopt(dquot->dq_sb)->files[dquot->dq_type]; 2806 return sb_dqopt(dquot->dq_sb)->files[dquot->dq_id.type];
2807} 2807}
2808 2808
2809static int ext3_write_dquot(struct dquot *dquot) 2809static int ext3_write_dquot(struct dquot *dquot)
diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
index a5c29bb3b835..d3c5b88fd89f 100644
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -55,16 +55,23 @@ ext4_acl_from_disk(const void *value, size_t size)
55 case ACL_OTHER: 55 case ACL_OTHER:
56 value = (char *)value + 56 value = (char *)value +
57 sizeof(ext4_acl_entry_short); 57 sizeof(ext4_acl_entry_short);
58 acl->a_entries[n].e_id = ACL_UNDEFINED_ID;
59 break; 58 break;
60 59
61 case ACL_USER: 60 case ACL_USER:
61 value = (char *)value + sizeof(ext4_acl_entry);
62 if ((char *)value > end)
63 goto fail;
64 acl->a_entries[n].e_uid =
65 make_kuid(&init_user_ns,
66 le32_to_cpu(entry->e_id));
67 break;
62 case ACL_GROUP: 68 case ACL_GROUP:
63 value = (char *)value + sizeof(ext4_acl_entry); 69 value = (char *)value + sizeof(ext4_acl_entry);
64 if ((char *)value > end) 70 if ((char *)value > end)
65 goto fail; 71 goto fail;
66 acl->a_entries[n].e_id = 72 acl->a_entries[n].e_gid =
67 le32_to_cpu(entry->e_id); 73 make_kgid(&init_user_ns,
74 le32_to_cpu(entry->e_id));
68 break; 75 break;
69 76
70 default: 77 default:
@@ -98,13 +105,19 @@ ext4_acl_to_disk(const struct posix_acl *acl, size_t *size)
98 ext_acl->a_version = cpu_to_le32(EXT4_ACL_VERSION); 105 ext_acl->a_version = cpu_to_le32(EXT4_ACL_VERSION);
99 e = (char *)ext_acl + sizeof(ext4_acl_header); 106 e = (char *)ext_acl + sizeof(ext4_acl_header);
100 for (n = 0; n < acl->a_count; n++) { 107 for (n = 0; n < acl->a_count; n++) {
108 const struct posix_acl_entry *acl_e = &acl->a_entries[n];
101 ext4_acl_entry *entry = (ext4_acl_entry *)e; 109 ext4_acl_entry *entry = (ext4_acl_entry *)e;
102 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 110 entry->e_tag = cpu_to_le16(acl_e->e_tag);
103 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 111 entry->e_perm = cpu_to_le16(acl_e->e_perm);
104 switch (acl->a_entries[n].e_tag) { 112 switch (acl_e->e_tag) {
105 case ACL_USER: 113 case ACL_USER:
114 entry->e_id = cpu_to_le32(
115 from_kuid(&init_user_ns, acl_e->e_uid));
116 e += sizeof(ext4_acl_entry);
117 break;
106 case ACL_GROUP: 118 case ACL_GROUP:
107 entry->e_id = cpu_to_le32(acl->a_entries[n].e_id); 119 entry->e_id = cpu_to_le32(
120 from_kgid(&init_user_ns, acl_e->e_gid));
108 e += sizeof(ext4_acl_entry); 121 e += sizeof(ext4_acl_entry);
109 break; 122 break;
110 123
@@ -374,7 +387,7 @@ ext4_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer,
374 return PTR_ERR(acl); 387 return PTR_ERR(acl);
375 if (acl == NULL) 388 if (acl == NULL)
376 return -ENODATA; 389 return -ENODATA;
377 error = posix_acl_to_xattr(acl, buffer, size); 390 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
378 posix_acl_release(acl); 391 posix_acl_release(acl);
379 392
380 return error; 393 return error;
@@ -397,7 +410,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
397 return -EPERM; 410 return -EPERM;
398 411
399 if (value) { 412 if (value) {
400 acl = posix_acl_from_xattr(value, size); 413 acl = posix_acl_from_xattr(&init_user_ns, value, size);
401 if (IS_ERR(acl)) 414 if (IS_ERR(acl))
402 return PTR_ERR(acl); 415 return PTR_ERR(acl);
403 else if (acl) { 416 else if (acl) {
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index c6e0cb3d1f4a..1f15cc836fbd 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4791,7 +4791,7 @@ static int ext4_statfs(struct dentry *dentry, struct kstatfs *buf)
4791 4791
4792static inline struct inode *dquot_to_inode(struct dquot *dquot) 4792static inline struct inode *dquot_to_inode(struct dquot *dquot)
4793{ 4793{
4794 return sb_dqopt(dquot->dq_sb)->files[dquot->dq_type]; 4794 return sb_dqopt(dquot->dq_sb)->files[dquot->dq_id.type];
4795} 4795}
4796 4796
4797static int ext4_write_dquot(struct dquot *dquot) 4797static int ext4_write_dquot(struct dquot *dquot)
diff --git a/fs/fat/fat.h b/fs/fat/fat.h
index 2deeeb86f331..7d8e0dcac5d5 100644
--- a/fs/fat/fat.h
+++ b/fs/fat/fat.h
@@ -23,8 +23,8 @@
23#define FAT_ERRORS_RO 3 /* remount r/o on error */ 23#define FAT_ERRORS_RO 3 /* remount r/o on error */
24 24
25struct fat_mount_options { 25struct fat_mount_options {
26 uid_t fs_uid; 26 kuid_t fs_uid;
27 gid_t fs_gid; 27 kgid_t fs_gid;
28 unsigned short fs_fmask; 28 unsigned short fs_fmask;
29 unsigned short fs_dmask; 29 unsigned short fs_dmask;
30 unsigned short codepage; /* Codepage for shortname conversions */ 30 unsigned short codepage; /* Codepage for shortname conversions */
diff --git a/fs/fat/file.c b/fs/fat/file.c
index e007b8bd8e5e..a62e0ecbe2db 100644
--- a/fs/fat/file.c
+++ b/fs/fat/file.c
@@ -352,7 +352,7 @@ static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode)
352{ 352{
353 umode_t allow_utime = sbi->options.allow_utime; 353 umode_t allow_utime = sbi->options.allow_utime;
354 354
355 if (current_fsuid() != inode->i_uid) { 355 if (!uid_eq(current_fsuid(), inode->i_uid)) {
356 if (in_group_p(inode->i_gid)) 356 if (in_group_p(inode->i_gid))
357 allow_utime >>= 3; 357 allow_utime >>= 3;
358 if (allow_utime & MAY_WRITE) 358 if (allow_utime & MAY_WRITE)
@@ -407,9 +407,9 @@ int fat_setattr(struct dentry *dentry, struct iattr *attr)
407 } 407 }
408 408
409 if (((attr->ia_valid & ATTR_UID) && 409 if (((attr->ia_valid & ATTR_UID) &&
410 (attr->ia_uid != sbi->options.fs_uid)) || 410 (!uid_eq(attr->ia_uid, sbi->options.fs_uid))) ||
411 ((attr->ia_valid & ATTR_GID) && 411 ((attr->ia_valid & ATTR_GID) &&
412 (attr->ia_gid != sbi->options.fs_gid)) || 412 (!gid_eq(attr->ia_gid, sbi->options.fs_gid))) ||
413 ((attr->ia_valid & ATTR_MODE) && 413 ((attr->ia_valid & ATTR_MODE) &&
414 (attr->ia_mode & ~FAT_VALID_MODE))) 414 (attr->ia_mode & ~FAT_VALID_MODE)))
415 error = -EPERM; 415 error = -EPERM;
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index 05e897fe9866..47d9eb0be886 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -791,10 +791,12 @@ static int fat_show_options(struct seq_file *m, struct dentry *root)
791 struct fat_mount_options *opts = &sbi->options; 791 struct fat_mount_options *opts = &sbi->options;
792 int isvfat = opts->isvfat; 792 int isvfat = opts->isvfat;
793 793
794 if (opts->fs_uid != 0) 794 if (!uid_eq(opts->fs_uid, GLOBAL_ROOT_UID))
795 seq_printf(m, ",uid=%u", opts->fs_uid); 795 seq_printf(m, ",uid=%u",
796 if (opts->fs_gid != 0) 796 from_kuid_munged(&init_user_ns, opts->fs_uid));
797 seq_printf(m, ",gid=%u", opts->fs_gid); 797 if (!gid_eq(opts->fs_gid, GLOBAL_ROOT_GID))
798 seq_printf(m, ",gid=%u",
799 from_kgid_munged(&init_user_ns, opts->fs_gid));
798 seq_printf(m, ",fmask=%04o", opts->fs_fmask); 800 seq_printf(m, ",fmask=%04o", opts->fs_fmask);
799 seq_printf(m, ",dmask=%04o", opts->fs_dmask); 801 seq_printf(m, ",dmask=%04o", opts->fs_dmask);
800 if (opts->allow_utime) 802 if (opts->allow_utime)
@@ -1037,12 +1039,16 @@ static int parse_options(struct super_block *sb, char *options, int is_vfat,
1037 case Opt_uid: 1039 case Opt_uid:
1038 if (match_int(&args[0], &option)) 1040 if (match_int(&args[0], &option))
1039 return 0; 1041 return 0;
1040 opts->fs_uid = option; 1042 opts->fs_uid = make_kuid(current_user_ns(), option);
1043 if (!uid_valid(opts->fs_uid))
1044 return 0;
1041 break; 1045 break;
1042 case Opt_gid: 1046 case Opt_gid:
1043 if (match_int(&args[0], &option)) 1047 if (match_int(&args[0], &option))
1044 return 0; 1048 return 0;
1045 opts->fs_gid = option; 1049 opts->fs_gid = make_kgid(current_user_ns(), option);
1050 if (!gid_valid(opts->fs_gid))
1051 return 0;
1046 break; 1052 break;
1047 case Opt_umask: 1053 case Opt_umask:
1048 if (match_octal(&args[0], &option)) 1054 if (match_octal(&args[0], &option))
diff --git a/fs/freevxfs/vxfs_inode.c b/fs/freevxfs/vxfs_inode.c
index ef67c95f12d4..f47df72cef17 100644
--- a/fs/freevxfs/vxfs_inode.c
+++ b/fs/freevxfs/vxfs_inode.c
@@ -224,8 +224,8 @@ vxfs_iinit(struct inode *ip, struct vxfs_inode_info *vip)
224{ 224{
225 225
226 ip->i_mode = vxfs_transmod(vip); 226 ip->i_mode = vxfs_transmod(vip);
227 ip->i_uid = (uid_t)vip->vii_uid; 227 i_uid_write(ip, (uid_t)vip->vii_uid);
228 ip->i_gid = (gid_t)vip->vii_gid; 228 i_gid_write(ip, (gid_t)vip->vii_gid);
229 229
230 set_nlink(ip, vip->vii_nlink); 230 set_nlink(ip, vip->vii_nlink);
231 ip->i_size = vip->vii_size; 231 ip->i_size = vip->vii_size;
diff --git a/fs/generic_acl.c b/fs/generic_acl.c
index d0dddaceac59..b3f3676796d3 100644
--- a/fs/generic_acl.c
+++ b/fs/generic_acl.c
@@ -56,7 +56,7 @@ generic_acl_get(struct dentry *dentry, const char *name, void *buffer,
56 acl = get_cached_acl(dentry->d_inode, type); 56 acl = get_cached_acl(dentry->d_inode, type);
57 if (!acl) 57 if (!acl)
58 return -ENODATA; 58 return -ENODATA;
59 error = posix_acl_to_xattr(acl, buffer, size); 59 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
60 posix_acl_release(acl); 60 posix_acl_release(acl);
61 61
62 return error; 62 return error;
@@ -77,7 +77,7 @@ generic_acl_set(struct dentry *dentry, const char *name, const void *value,
77 if (!inode_owner_or_capable(inode)) 77 if (!inode_owner_or_capable(inode))
78 return -EPERM; 78 return -EPERM;
79 if (value) { 79 if (value) {
80 acl = posix_acl_from_xattr(value, size); 80 acl = posix_acl_from_xattr(&init_user_ns, value, size);
81 if (IS_ERR(acl)) 81 if (IS_ERR(acl))
82 return PTR_ERR(acl); 82 return PTR_ERR(acl);
83 } 83 }
diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c
index bd4a5892c93c..f850020ad906 100644
--- a/fs/gfs2/acl.c
+++ b/fs/gfs2/acl.c
@@ -63,7 +63,7 @@ struct posix_acl *gfs2_get_acl(struct inode *inode, int type)
63 if (len == 0) 63 if (len == 0)
64 return NULL; 64 return NULL;
65 65
66 acl = posix_acl_from_xattr(data, len); 66 acl = posix_acl_from_xattr(&init_user_ns, data, len);
67 kfree(data); 67 kfree(data);
68 return acl; 68 return acl;
69} 69}
@@ -88,13 +88,13 @@ static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl)
88 const char *name = gfs2_acl_name(type); 88 const char *name = gfs2_acl_name(type);
89 89
90 BUG_ON(name == NULL); 90 BUG_ON(name == NULL);
91 len = posix_acl_to_xattr(acl, NULL, 0); 91 len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0);
92 if (len == 0) 92 if (len == 0)
93 return 0; 93 return 0;
94 data = kmalloc(len, GFP_NOFS); 94 data = kmalloc(len, GFP_NOFS);
95 if (data == NULL) 95 if (data == NULL)
96 return -ENOMEM; 96 return -ENOMEM;
97 error = posix_acl_to_xattr(acl, data, len); 97 error = posix_acl_to_xattr(&init_user_ns, acl, data, len);
98 if (error < 0) 98 if (error < 0)
99 goto out; 99 goto out;
100 error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS); 100 error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS);
@@ -166,12 +166,12 @@ int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr)
166 if (error) 166 if (error)
167 return error; 167 return error;
168 168
169 len = posix_acl_to_xattr(acl, NULL, 0); 169 len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0);
170 data = kmalloc(len, GFP_NOFS); 170 data = kmalloc(len, GFP_NOFS);
171 error = -ENOMEM; 171 error = -ENOMEM;
172 if (data == NULL) 172 if (data == NULL)
173 goto out; 173 goto out;
174 posix_acl_to_xattr(acl, data, len); 174 posix_acl_to_xattr(&init_user_ns, acl, data, len);
175 error = gfs2_xattr_acl_chmod(ip, attr, data); 175 error = gfs2_xattr_acl_chmod(ip, attr, data);
176 kfree(data); 176 kfree(data);
177 set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl); 177 set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl);
@@ -212,7 +212,7 @@ static int gfs2_xattr_system_get(struct dentry *dentry, const char *name,
212 if (acl == NULL) 212 if (acl == NULL)
213 return -ENODATA; 213 return -ENODATA;
214 214
215 error = posix_acl_to_xattr(acl, buffer, size); 215 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
216 posix_acl_release(acl); 216 posix_acl_release(acl);
217 217
218 return error; 218 return error;
@@ -245,7 +245,7 @@ static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,
245 if (!value) 245 if (!value)
246 goto set_acl; 246 goto set_acl;
247 247
248 acl = posix_acl_from_xattr(value, size); 248 acl = posix_acl_from_xattr(&init_user_ns, value, size);
249 if (!acl) { 249 if (!acl) {
250 /* 250 /*
251 * acl_set_file(3) may request that we set default ACLs with 251 * acl_set_file(3) may request that we set default ACLs with
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index 4021deca61ef..40c4b0d42fa8 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -1071,8 +1071,10 @@ int gfs2_quota_check(struct gfs2_inode *ip, u32 uid, u32 gid)
1071 1071
1072 if (be64_to_cpu(qd->qd_qb.qb_limit) && (s64)be64_to_cpu(qd->qd_qb.qb_limit) < value) { 1072 if (be64_to_cpu(qd->qd_qb.qb_limit) && (s64)be64_to_cpu(qd->qd_qb.qb_limit) < value) {
1073 print_message(qd, "exceeded"); 1073 print_message(qd, "exceeded");
1074 quota_send_warning(test_bit(QDF_USER, &qd->qd_flags) ? 1074 quota_send_warning(make_kqid(&init_user_ns,
1075 USRQUOTA : GRPQUOTA, qd->qd_id, 1075 test_bit(QDF_USER, &qd->qd_flags) ?
1076 USRQUOTA : GRPQUOTA,
1077 qd->qd_id),
1076 sdp->sd_vfs->s_dev, QUOTA_NL_BHARDWARN); 1078 sdp->sd_vfs->s_dev, QUOTA_NL_BHARDWARN);
1077 1079
1078 error = -EDQUOT; 1080 error = -EDQUOT;
@@ -1082,8 +1084,10 @@ int gfs2_quota_check(struct gfs2_inode *ip, u32 uid, u32 gid)
1082 time_after_eq(jiffies, qd->qd_last_warn + 1084 time_after_eq(jiffies, qd->qd_last_warn +
1083 gfs2_tune_get(sdp, 1085 gfs2_tune_get(sdp,
1084 gt_quota_warn_period) * HZ)) { 1086 gt_quota_warn_period) * HZ)) {
1085 quota_send_warning(test_bit(QDF_USER, &qd->qd_flags) ? 1087 quota_send_warning(make_kqid(&init_user_ns,
1086 USRQUOTA : GRPQUOTA, qd->qd_id, 1088 test_bit(QDF_USER, &qd->qd_flags) ?
1089 USRQUOTA : GRPQUOTA,
1090 qd->qd_id),
1087 sdp->sd_vfs->s_dev, QUOTA_NL_BSOFTWARN); 1091 sdp->sd_vfs->s_dev, QUOTA_NL_BSOFTWARN);
1088 error = print_message(qd, "warning"); 1092 error = print_message(qd, "warning");
1089 qd->qd_last_warn = jiffies; 1093 qd->qd_last_warn = jiffies;
@@ -1470,7 +1474,7 @@ static int gfs2_quota_get_xstate(struct super_block *sb,
1470 return 0; 1474 return 0;
1471} 1475}
1472 1476
1473static int gfs2_get_dqblk(struct super_block *sb, int type, qid_t id, 1477static int gfs2_get_dqblk(struct super_block *sb, struct kqid qid,
1474 struct fs_disk_quota *fdq) 1478 struct fs_disk_quota *fdq)
1475{ 1479{
1476 struct gfs2_sbd *sdp = sb->s_fs_info; 1480 struct gfs2_sbd *sdp = sb->s_fs_info;
@@ -1478,20 +1482,21 @@ static int gfs2_get_dqblk(struct super_block *sb, int type, qid_t id,
1478 struct gfs2_quota_data *qd; 1482 struct gfs2_quota_data *qd;
1479 struct gfs2_holder q_gh; 1483 struct gfs2_holder q_gh;
1480 int error; 1484 int error;
1485 int type;
1481 1486
1482 memset(fdq, 0, sizeof(struct fs_disk_quota)); 1487 memset(fdq, 0, sizeof(struct fs_disk_quota));
1483 1488
1484 if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF) 1489 if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
1485 return -ESRCH; /* Crazy XFS error code */ 1490 return -ESRCH; /* Crazy XFS error code */
1486 1491
1487 if (type == USRQUOTA) 1492 if (qid.type == USRQUOTA)
1488 type = QUOTA_USER; 1493 type = QUOTA_USER;
1489 else if (type == GRPQUOTA) 1494 else if (qid.type == GRPQUOTA)
1490 type = QUOTA_GROUP; 1495 type = QUOTA_GROUP;
1491 else 1496 else
1492 return -EINVAL; 1497 return -EINVAL;
1493 1498
1494 error = qd_get(sdp, type, id, &qd); 1499 error = qd_get(sdp, type, from_kqid(&init_user_ns, qid), &qd);
1495 if (error) 1500 if (error)
1496 return error; 1501 return error;
1497 error = do_glock(qd, FORCE, &q_gh); 1502 error = do_glock(qd, FORCE, &q_gh);
@@ -1501,7 +1506,7 @@ static int gfs2_get_dqblk(struct super_block *sb, int type, qid_t id,
1501 qlvb = (struct gfs2_quota_lvb *)qd->qd_gl->gl_lvb; 1506 qlvb = (struct gfs2_quota_lvb *)qd->qd_gl->gl_lvb;
1502 fdq->d_version = FS_DQUOT_VERSION; 1507 fdq->d_version = FS_DQUOT_VERSION;
1503 fdq->d_flags = (type == QUOTA_USER) ? FS_USER_QUOTA : FS_GROUP_QUOTA; 1508 fdq->d_flags = (type == QUOTA_USER) ? FS_USER_QUOTA : FS_GROUP_QUOTA;
1504 fdq->d_id = id; 1509 fdq->d_id = from_kqid(&init_user_ns, qid);
1505 fdq->d_blk_hardlimit = be64_to_cpu(qlvb->qb_limit) << sdp->sd_fsb2bb_shift; 1510 fdq->d_blk_hardlimit = be64_to_cpu(qlvb->qb_limit) << sdp->sd_fsb2bb_shift;
1506 fdq->d_blk_softlimit = be64_to_cpu(qlvb->qb_warn) << sdp->sd_fsb2bb_shift; 1511 fdq->d_blk_softlimit = be64_to_cpu(qlvb->qb_warn) << sdp->sd_fsb2bb_shift;
1507 fdq->d_bcount = be64_to_cpu(qlvb->qb_value) << sdp->sd_fsb2bb_shift; 1512 fdq->d_bcount = be64_to_cpu(qlvb->qb_value) << sdp->sd_fsb2bb_shift;
@@ -1515,7 +1520,7 @@ out:
1515/* GFS2 only supports a subset of the XFS fields */ 1520/* GFS2 only supports a subset of the XFS fields */
1516#define GFS2_FIELDMASK (FS_DQ_BSOFT|FS_DQ_BHARD|FS_DQ_BCOUNT) 1521#define GFS2_FIELDMASK (FS_DQ_BSOFT|FS_DQ_BHARD|FS_DQ_BCOUNT)
1517 1522
1518static int gfs2_set_dqblk(struct super_block *sb, int type, qid_t id, 1523static int gfs2_set_dqblk(struct super_block *sb, struct kqid qid,
1519 struct fs_disk_quota *fdq) 1524 struct fs_disk_quota *fdq)
1520{ 1525{
1521 struct gfs2_sbd *sdp = sb->s_fs_info; 1526 struct gfs2_sbd *sdp = sb->s_fs_info;
@@ -1527,11 +1532,12 @@ static int gfs2_set_dqblk(struct super_block *sb, int type, qid_t id,
1527 int alloc_required; 1532 int alloc_required;
1528 loff_t offset; 1533 loff_t offset;
1529 int error; 1534 int error;
1535 int type;
1530 1536
1531 if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF) 1537 if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
1532 return -ESRCH; /* Crazy XFS error code */ 1538 return -ESRCH; /* Crazy XFS error code */
1533 1539
1534 switch(type) { 1540 switch(qid.type) {
1535 case USRQUOTA: 1541 case USRQUOTA:
1536 type = QUOTA_USER; 1542 type = QUOTA_USER;
1537 if (fdq->d_flags != FS_USER_QUOTA) 1543 if (fdq->d_flags != FS_USER_QUOTA)
@@ -1548,10 +1554,10 @@ static int gfs2_set_dqblk(struct super_block *sb, int type, qid_t id,
1548 1554
1549 if (fdq->d_fieldmask & ~GFS2_FIELDMASK) 1555 if (fdq->d_fieldmask & ~GFS2_FIELDMASK)
1550 return -EINVAL; 1556 return -EINVAL;
1551 if (fdq->d_id != id) 1557 if (fdq->d_id != from_kqid(&init_user_ns, qid))
1552 return -EINVAL; 1558 return -EINVAL;
1553 1559
1554 error = qd_get(sdp, type, id, &qd); 1560 error = qd_get(sdp, type, from_kqid(&init_user_ns, qid), &qd);
1555 if (error) 1561 if (error)
1556 return error; 1562 return error;
1557 1563
diff --git a/fs/hfs/hfs_fs.h b/fs/hfs/hfs_fs.h
index 8275175acf6e..693df9fe52b2 100644
--- a/fs/hfs/hfs_fs.h
+++ b/fs/hfs/hfs_fs.h
@@ -134,8 +134,8 @@ struct hfs_sb_info {
134 permissions on all files */ 134 permissions on all files */
135 umode_t s_dir_umask; /* The umask applied to the 135 umode_t s_dir_umask; /* The umask applied to the
136 permissions on all dirs */ 136 permissions on all dirs */
137 uid_t s_uid; /* The uid of all files */ 137 kuid_t s_uid; /* The uid of all files */
138 gid_t s_gid; /* The gid of all files */ 138 kgid_t s_gid; /* The gid of all files */
139 139
140 int session, part; 140 int session, part;
141 struct nls_table *nls_io, *nls_disk; 141 struct nls_table *nls_io, *nls_disk;
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 553909395270..0b35903219bc 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -594,9 +594,9 @@ int hfs_inode_setattr(struct dentry *dentry, struct iattr * attr)
594 594
595 /* no uig/gid changes and limit which mode bits can be set */ 595 /* no uig/gid changes and limit which mode bits can be set */
596 if (((attr->ia_valid & ATTR_UID) && 596 if (((attr->ia_valid & ATTR_UID) &&
597 (attr->ia_uid != hsb->s_uid)) || 597 (!uid_eq(attr->ia_uid, hsb->s_uid))) ||
598 ((attr->ia_valid & ATTR_GID) && 598 ((attr->ia_valid & ATTR_GID) &&
599 (attr->ia_gid != hsb->s_gid)) || 599 (!gid_eq(attr->ia_gid, hsb->s_gid))) ||
600 ((attr->ia_valid & ATTR_MODE) && 600 ((attr->ia_valid & ATTR_MODE) &&
601 ((S_ISDIR(inode->i_mode) && 601 ((S_ISDIR(inode->i_mode) &&
602 (attr->ia_mode != inode->i_mode)) || 602 (attr->ia_mode != inode->i_mode)) ||
diff --git a/fs/hfs/super.c b/fs/hfs/super.c
index 4eb873e0c07b..0b63d135a092 100644
--- a/fs/hfs/super.c
+++ b/fs/hfs/super.c
@@ -138,7 +138,9 @@ static int hfs_show_options(struct seq_file *seq, struct dentry *root)
138 seq_printf(seq, ",creator=%.4s", (char *)&sbi->s_creator); 138 seq_printf(seq, ",creator=%.4s", (char *)&sbi->s_creator);
139 if (sbi->s_type != cpu_to_be32(0x3f3f3f3f)) 139 if (sbi->s_type != cpu_to_be32(0x3f3f3f3f))
140 seq_printf(seq, ",type=%.4s", (char *)&sbi->s_type); 140 seq_printf(seq, ",type=%.4s", (char *)&sbi->s_type);
141 seq_printf(seq, ",uid=%u,gid=%u", sbi->s_uid, sbi->s_gid); 141 seq_printf(seq, ",uid=%u,gid=%u",
142 from_kuid_munged(&init_user_ns, sbi->s_uid),
143 from_kgid_munged(&init_user_ns, sbi->s_gid));
142 if (sbi->s_file_umask != 0133) 144 if (sbi->s_file_umask != 0133)
143 seq_printf(seq, ",file_umask=%o", sbi->s_file_umask); 145 seq_printf(seq, ",file_umask=%o", sbi->s_file_umask);
144 if (sbi->s_dir_umask != 0022) 146 if (sbi->s_dir_umask != 0022)
@@ -254,14 +256,22 @@ static int parse_options(char *options, struct hfs_sb_info *hsb)
254 printk(KERN_ERR "hfs: uid requires an argument\n"); 256 printk(KERN_ERR "hfs: uid requires an argument\n");
255 return 0; 257 return 0;
256 } 258 }
257 hsb->s_uid = (uid_t)tmp; 259 hsb->s_uid = make_kuid(current_user_ns(), (uid_t)tmp);
260 if (!uid_valid(hsb->s_uid)) {
261 printk(KERN_ERR "hfs: invalid uid %d\n", tmp);
262 return 0;
263 }
258 break; 264 break;
259 case opt_gid: 265 case opt_gid:
260 if (match_int(&args[0], &tmp)) { 266 if (match_int(&args[0], &tmp)) {
261 printk(KERN_ERR "hfs: gid requires an argument\n"); 267 printk(KERN_ERR "hfs: gid requires an argument\n");
262 return 0; 268 return 0;
263 } 269 }
264 hsb->s_gid = (gid_t)tmp; 270 hsb->s_gid = make_kgid(current_user_ns(), (gid_t)tmp);
271 if (!gid_valid(hsb->s_gid)) {
272 printk(KERN_ERR "hfs: invalid gid %d\n", tmp);
273 return 0;
274 }
265 break; 275 break;
266 case opt_umask: 276 case opt_umask:
267 if (match_octal(&args[0], &tmp)) { 277 if (match_octal(&args[0], &tmp)) {
diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
index ec2a9c23f0c9..798d9c4c5e71 100644
--- a/fs/hfsplus/catalog.c
+++ b/fs/hfsplus/catalog.c
@@ -80,8 +80,8 @@ void hfsplus_cat_set_perms(struct inode *inode, struct hfsplus_perm *perms)
80 80
81 perms->userflags = HFSPLUS_I(inode)->userflags; 81 perms->userflags = HFSPLUS_I(inode)->userflags;
82 perms->mode = cpu_to_be16(inode->i_mode); 82 perms->mode = cpu_to_be16(inode->i_mode);
83 perms->owner = cpu_to_be32(inode->i_uid); 83 perms->owner = cpu_to_be32(i_uid_read(inode));
84 perms->group = cpu_to_be32(inode->i_gid); 84 perms->group = cpu_to_be32(i_gid_read(inode));
85 85
86 if (S_ISREG(inode->i_mode)) 86 if (S_ISREG(inode->i_mode))
87 perms->dev = cpu_to_be32(inode->i_nlink); 87 perms->dev = cpu_to_be32(inode->i_nlink);
diff --git a/fs/hfsplus/hfsplus_fs.h b/fs/hfsplus/hfsplus_fs.h
index 558dbb463a4e..c571de224b15 100644
--- a/fs/hfsplus/hfsplus_fs.h
+++ b/fs/hfsplus/hfsplus_fs.h
@@ -149,8 +149,8 @@ struct hfsplus_sb_info {
149 u32 type; 149 u32 type;
150 150
151 umode_t umask; 151 umode_t umask;
152 uid_t uid; 152 kuid_t uid;
153 gid_t gid; 153 kgid_t gid;
154 154
155 int part, session; 155 int part, session;
156 unsigned long flags; 156 unsigned long flags;
diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c
index 3d8b4a675ba0..2172aa5976f5 100644
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -233,12 +233,12 @@ static void hfsplus_get_perms(struct inode *inode,
233 233
234 mode = be16_to_cpu(perms->mode); 234 mode = be16_to_cpu(perms->mode);
235 235
236 inode->i_uid = be32_to_cpu(perms->owner); 236 i_uid_write(inode, be32_to_cpu(perms->owner));
237 if (!inode->i_uid && !mode) 237 if (!i_uid_read(inode) && !mode)
238 inode->i_uid = sbi->uid; 238 inode->i_uid = sbi->uid;
239 239
240 inode->i_gid = be32_to_cpu(perms->group); 240 i_gid_write(inode, be32_to_cpu(perms->group));
241 if (!inode->i_gid && !mode) 241 if (!i_gid_read(inode) && !mode)
242 inode->i_gid = sbi->gid; 242 inode->i_gid = sbi->gid;
243 243
244 if (dir) { 244 if (dir) {
diff --git a/fs/hfsplus/options.c b/fs/hfsplus/options.c
index 06fa5618600c..ed257c671615 100644
--- a/fs/hfsplus/options.c
+++ b/fs/hfsplus/options.c
@@ -135,14 +135,22 @@ int hfsplus_parse_options(char *input, struct hfsplus_sb_info *sbi)
135 printk(KERN_ERR "hfs: uid requires an argument\n"); 135 printk(KERN_ERR "hfs: uid requires an argument\n");
136 return 0; 136 return 0;
137 } 137 }
138 sbi->uid = (uid_t)tmp; 138 sbi->uid = make_kuid(current_user_ns(), (uid_t)tmp);
139 if (!uid_valid(sbi->uid)) {
140 printk(KERN_ERR "hfs: invalid uid specified\n");
141 return 0;
142 }
139 break; 143 break;
140 case opt_gid: 144 case opt_gid:
141 if (match_int(&args[0], &tmp)) { 145 if (match_int(&args[0], &tmp)) {
142 printk(KERN_ERR "hfs: gid requires an argument\n"); 146 printk(KERN_ERR "hfs: gid requires an argument\n");
143 return 0; 147 return 0;
144 } 148 }
145 sbi->gid = (gid_t)tmp; 149 sbi->gid = make_kgid(current_user_ns(), (gid_t)tmp);
150 if (!gid_valid(sbi->gid)) {
151 printk(KERN_ERR "hfs: invalid gid specified\n");
152 return 0;
153 }
146 break; 154 break;
147 case opt_part: 155 case opt_part:
148 if (match_int(&args[0], &sbi->part)) { 156 if (match_int(&args[0], &sbi->part)) {
@@ -215,7 +223,8 @@ int hfsplus_show_options(struct seq_file *seq, struct dentry *root)
215 if (sbi->type != HFSPLUS_DEF_CR_TYPE) 223 if (sbi->type != HFSPLUS_DEF_CR_TYPE)
216 seq_printf(seq, ",type=%.4s", (char *)&sbi->type); 224 seq_printf(seq, ",type=%.4s", (char *)&sbi->type);
217 seq_printf(seq, ",umask=%o,uid=%u,gid=%u", sbi->umask, 225 seq_printf(seq, ",umask=%o,uid=%u,gid=%u", sbi->umask,
218 sbi->uid, sbi->gid); 226 from_kuid_munged(&init_user_ns, sbi->uid),
227 from_kgid_munged(&init_user_ns, sbi->gid));
219 if (sbi->part >= 0) 228 if (sbi->part >= 0)
220 seq_printf(seq, ",part=%u", sbi->part); 229 seq_printf(seq, ",part=%u", sbi->part);
221 if (sbi->session >= 0) 230 if (sbi->session >= 0)
diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
index 124146543aa7..6c9f3a9d5e21 100644
--- a/fs/hostfs/hostfs_kern.c
+++ b/fs/hostfs/hostfs_kern.c
@@ -542,8 +542,8 @@ static int read_name(struct inode *ino, char *name)
542 ino->i_ino = st.ino; 542 ino->i_ino = st.ino;
543 ino->i_mode = st.mode; 543 ino->i_mode = st.mode;
544 set_nlink(ino, st.nlink); 544 set_nlink(ino, st.nlink);
545 ino->i_uid = st.uid; 545 i_uid_write(ino, st.uid);
546 ino->i_gid = st.gid; 546 i_gid_write(ino, st.gid);
547 ino->i_atime = st.atime; 547 ino->i_atime = st.atime;
548 ino->i_mtime = st.mtime; 548 ino->i_mtime = st.mtime;
549 ino->i_ctime = st.ctime; 549 ino->i_ctime = st.ctime;
@@ -808,11 +808,11 @@ int hostfs_setattr(struct dentry *dentry, struct iattr *attr)
808 } 808 }
809 if (attr->ia_valid & ATTR_UID) { 809 if (attr->ia_valid & ATTR_UID) {
810 attrs.ia_valid |= HOSTFS_ATTR_UID; 810 attrs.ia_valid |= HOSTFS_ATTR_UID;
811 attrs.ia_uid = attr->ia_uid; 811 attrs.ia_uid = from_kuid(&init_user_ns, attr->ia_uid);
812 } 812 }
813 if (attr->ia_valid & ATTR_GID) { 813 if (attr->ia_valid & ATTR_GID) {
814 attrs.ia_valid |= HOSTFS_ATTR_GID; 814 attrs.ia_valid |= HOSTFS_ATTR_GID;
815 attrs.ia_gid = attr->ia_gid; 815 attrs.ia_gid = from_kgid(&init_user_ns, attr->ia_gid);
816 } 816 }
817 if (attr->ia_valid & ATTR_SIZE) { 817 if (attr->ia_valid & ATTR_SIZE) {
818 attrs.ia_valid |= HOSTFS_ATTR_SIZE; 818 attrs.ia_valid |= HOSTFS_ATTR_SIZE;
diff --git a/fs/hpfs/hpfs_fn.h b/fs/hpfs/hpfs_fn.h
index ac1ead194db5..7102aaecc244 100644
--- a/fs/hpfs/hpfs_fn.h
+++ b/fs/hpfs/hpfs_fn.h
@@ -63,8 +63,8 @@ struct hpfs_sb_info {
63 unsigned sb_dmap; /* sector number of dnode bit map */ 63 unsigned sb_dmap; /* sector number of dnode bit map */
64 unsigned sb_n_free; /* free blocks for statfs, or -1 */ 64 unsigned sb_n_free; /* free blocks for statfs, or -1 */
65 unsigned sb_n_free_dnodes; /* free dnodes for statfs, or -1 */ 65 unsigned sb_n_free_dnodes; /* free dnodes for statfs, or -1 */
66 uid_t sb_uid; /* uid from mount options */ 66 kuid_t sb_uid; /* uid from mount options */
67 gid_t sb_gid; /* gid from mount options */ 67 kgid_t sb_gid; /* gid from mount options */
68 umode_t sb_mode; /* mode from mount options */ 68 umode_t sb_mode; /* mode from mount options */
69 unsigned sb_eas : 2; /* eas: 0-ignore, 1-ro, 2-rw */ 69 unsigned sb_eas : 2; /* eas: 0-ignore, 1-ro, 2-rw */
70 unsigned sb_err : 2; /* on errs: 0-cont, 1-ro, 2-panic */ 70 unsigned sb_err : 2; /* on errs: 0-cont, 1-ro, 2-panic */
diff --git a/fs/hpfs/inode.c b/fs/hpfs/inode.c
index ed671e0ea784..804a9a842cbc 100644
--- a/fs/hpfs/inode.c
+++ b/fs/hpfs/inode.c
@@ -7,6 +7,7 @@
7 */ 7 */
8 8
9#include <linux/slab.h> 9#include <linux/slab.h>
10#include <linux/user_namespace.h>
10#include "hpfs_fn.h" 11#include "hpfs_fn.h"
11 12
12void hpfs_init_inode(struct inode *i) 13void hpfs_init_inode(struct inode *i)
@@ -60,14 +61,14 @@ void hpfs_read_inode(struct inode *i)
60 if (hpfs_sb(i->i_sb)->sb_eas) { 61 if (hpfs_sb(i->i_sb)->sb_eas) {
61 if ((ea = hpfs_get_ea(i->i_sb, fnode, "UID", &ea_size))) { 62 if ((ea = hpfs_get_ea(i->i_sb, fnode, "UID", &ea_size))) {
62 if (ea_size == 2) { 63 if (ea_size == 2) {
63 i->i_uid = le16_to_cpu(*(__le16*)ea); 64 i_uid_write(i, le16_to_cpu(*(__le16*)ea));
64 hpfs_inode->i_ea_uid = 1; 65 hpfs_inode->i_ea_uid = 1;
65 } 66 }
66 kfree(ea); 67 kfree(ea);
67 } 68 }
68 if ((ea = hpfs_get_ea(i->i_sb, fnode, "GID", &ea_size))) { 69 if ((ea = hpfs_get_ea(i->i_sb, fnode, "GID", &ea_size))) {
69 if (ea_size == 2) { 70 if (ea_size == 2) {
70 i->i_gid = le16_to_cpu(*(__le16*)ea); 71 i_gid_write(i, le16_to_cpu(*(__le16*)ea));
71 hpfs_inode->i_ea_gid = 1; 72 hpfs_inode->i_ea_gid = 1;
72 } 73 }
73 kfree(ea); 74 kfree(ea);
@@ -149,13 +150,13 @@ static void hpfs_write_inode_ea(struct inode *i, struct fnode *fnode)
149 hpfs_error(i->i_sb, "fnode %08x has some unknown HPFS386 stuctures", i->i_ino); 150 hpfs_error(i->i_sb, "fnode %08x has some unknown HPFS386 stuctures", i->i_ino);
150 } else*/ if (hpfs_sb(i->i_sb)->sb_eas >= 2) { 151 } else*/ if (hpfs_sb(i->i_sb)->sb_eas >= 2) {
151 __le32 ea; 152 __le32 ea;
152 if ((i->i_uid != hpfs_sb(i->i_sb)->sb_uid) || hpfs_inode->i_ea_uid) { 153 if (!uid_eq(i->i_uid, hpfs_sb(i->i_sb)->sb_uid) || hpfs_inode->i_ea_uid) {
153 ea = cpu_to_le32(i->i_uid); 154 ea = cpu_to_le32(i_uid_read(i));
154 hpfs_set_ea(i, fnode, "UID", (char*)&ea, 2); 155 hpfs_set_ea(i, fnode, "UID", (char*)&ea, 2);
155 hpfs_inode->i_ea_uid = 1; 156 hpfs_inode->i_ea_uid = 1;
156 } 157 }
157 if ((i->i_gid != hpfs_sb(i->i_sb)->sb_gid) || hpfs_inode->i_ea_gid) { 158 if (!gid_eq(i->i_gid, hpfs_sb(i->i_sb)->sb_gid) || hpfs_inode->i_ea_gid) {
158 ea = cpu_to_le32(i->i_gid); 159 ea = cpu_to_le32(i_gid_read(i));
159 hpfs_set_ea(i, fnode, "GID", (char *)&ea, 2); 160 hpfs_set_ea(i, fnode, "GID", (char *)&ea, 2);
160 hpfs_inode->i_ea_gid = 1; 161 hpfs_inode->i_ea_gid = 1;
161 } 162 }
@@ -261,9 +262,11 @@ int hpfs_setattr(struct dentry *dentry, struct iattr *attr)
261 hpfs_lock(inode->i_sb); 262 hpfs_lock(inode->i_sb);
262 if (inode->i_ino == hpfs_sb(inode->i_sb)->sb_root) 263 if (inode->i_ino == hpfs_sb(inode->i_sb)->sb_root)
263 goto out_unlock; 264 goto out_unlock;
264 if ((attr->ia_valid & ATTR_UID) && attr->ia_uid >= 0x10000) 265 if ((attr->ia_valid & ATTR_UID) &&
266 from_kuid(&init_user_ns, attr->ia_uid) >= 0x10000)
265 goto out_unlock; 267 goto out_unlock;
266 if ((attr->ia_valid & ATTR_GID) && attr->ia_gid >= 0x10000) 268 if ((attr->ia_valid & ATTR_GID) &&
269 from_kgid(&init_user_ns, attr->ia_gid) >= 0x10000)
267 goto out_unlock; 270 goto out_unlock;
268 if ((attr->ia_valid & ATTR_SIZE) && attr->ia_size > inode->i_size) 271 if ((attr->ia_valid & ATTR_SIZE) && attr->ia_size > inode->i_size)
269 goto out_unlock; 272 goto out_unlock;
diff --git a/fs/hpfs/namei.c b/fs/hpfs/namei.c
index bc9082482f68..345713d2f8f3 100644
--- a/fs/hpfs/namei.c
+++ b/fs/hpfs/namei.c
@@ -91,8 +91,8 @@ static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
91 inc_nlink(dir); 91 inc_nlink(dir);
92 insert_inode_hash(result); 92 insert_inode_hash(result);
93 93
94 if (result->i_uid != current_fsuid() || 94 if (!uid_eq(result->i_uid, current_fsuid()) ||
95 result->i_gid != current_fsgid() || 95 !gid_eq(result->i_gid, current_fsgid()) ||
96 result->i_mode != (mode | S_IFDIR)) { 96 result->i_mode != (mode | S_IFDIR)) {
97 result->i_uid = current_fsuid(); 97 result->i_uid = current_fsuid();
98 result->i_gid = current_fsgid(); 98 result->i_gid = current_fsgid();
@@ -179,8 +179,8 @@ static int hpfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, b
179 179
180 insert_inode_hash(result); 180 insert_inode_hash(result);
181 181
182 if (result->i_uid != current_fsuid() || 182 if (!uid_eq(result->i_uid, current_fsuid()) ||
183 result->i_gid != current_fsgid() || 183 !gid_eq(result->i_gid, current_fsgid()) ||
184 result->i_mode != (mode | S_IFREG)) { 184 result->i_mode != (mode | S_IFREG)) {
185 result->i_uid = current_fsuid(); 185 result->i_uid = current_fsuid();
186 result->i_gid = current_fsgid(); 186 result->i_gid = current_fsgid();
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c
index 706a12c083ea..a152783602d9 100644
--- a/fs/hpfs/super.c
+++ b/fs/hpfs/super.c
@@ -251,7 +251,7 @@ static const match_table_t tokens = {
251 {Opt_err, NULL}, 251 {Opt_err, NULL},
252}; 252};
253 253
254static int parse_opts(char *opts, uid_t *uid, gid_t *gid, umode_t *umask, 254static int parse_opts(char *opts, kuid_t *uid, kgid_t *gid, umode_t *umask,
255 int *lowercase, int *eas, int *chk, int *errs, 255 int *lowercase, int *eas, int *chk, int *errs,
256 int *chkdsk, int *timeshift) 256 int *chkdsk, int *timeshift)
257{ 257{
@@ -276,12 +276,16 @@ static int parse_opts(char *opts, uid_t *uid, gid_t *gid, umode_t *umask,
276 case Opt_uid: 276 case Opt_uid:
277 if (match_int(args, &option)) 277 if (match_int(args, &option))
278 return 0; 278 return 0;
279 *uid = option; 279 *uid = make_kuid(current_user_ns(), option);
280 if (!uid_valid(*uid))
281 return 0;
280 break; 282 break;
281 case Opt_gid: 283 case Opt_gid:
282 if (match_int(args, &option)) 284 if (match_int(args, &option))
283 return 0; 285 return 0;
284 *gid = option; 286 *gid = make_kgid(current_user_ns(), option);
287 if (!gid_valid(*gid))
288 return 0;
285 break; 289 break;
286 case Opt_umask: 290 case Opt_umask:
287 if (match_octal(args, &option)) 291 if (match_octal(args, &option))
@@ -378,8 +382,8 @@ HPFS filesystem options:\n\
378 382
379static int hpfs_remount_fs(struct super_block *s, int *flags, char *data) 383static int hpfs_remount_fs(struct super_block *s, int *flags, char *data)
380{ 384{
381 uid_t uid; 385 kuid_t uid;
382 gid_t gid; 386 kgid_t gid;
383 umode_t umask; 387 umode_t umask;
384 int lowercase, eas, chk, errs, chkdsk, timeshift; 388 int lowercase, eas, chk, errs, chkdsk, timeshift;
385 int o; 389 int o;
@@ -455,8 +459,8 @@ static int hpfs_fill_super(struct super_block *s, void *options, int silent)
455 struct hpfs_sb_info *sbi; 459 struct hpfs_sb_info *sbi;
456 struct inode *root; 460 struct inode *root;
457 461
458 uid_t uid; 462 kuid_t uid;
459 gid_t gid; 463 kgid_t gid;
460 umode_t umask; 464 umode_t umask;
461 int lowercase, eas, chk, errs, chkdsk, timeshift; 465 int lowercase, eas, chk, errs, chkdsk, timeshift;
462 466
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index 8349a899912e..6e572c4fbf68 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -42,8 +42,8 @@ static const struct inode_operations hugetlbfs_dir_inode_operations;
42static const struct inode_operations hugetlbfs_inode_operations; 42static const struct inode_operations hugetlbfs_inode_operations;
43 43
44struct hugetlbfs_config { 44struct hugetlbfs_config {
45 uid_t uid; 45 kuid_t uid;
46 gid_t gid; 46 kgid_t gid;
47 umode_t mode; 47 umode_t mode;
48 long nr_blocks; 48 long nr_blocks;
49 long nr_inodes; 49 long nr_inodes;
@@ -785,13 +785,17 @@ hugetlbfs_parse_options(char *options, struct hugetlbfs_config *pconfig)
785 case Opt_uid: 785 case Opt_uid:
786 if (match_int(&args[0], &option)) 786 if (match_int(&args[0], &option))
787 goto bad_val; 787 goto bad_val;
788 pconfig->uid = option; 788 pconfig->uid = make_kuid(current_user_ns(), option);
789 if (!uid_valid(pconfig->uid))
790 goto bad_val;
789 break; 791 break;
790 792
791 case Opt_gid: 793 case Opt_gid:
792 if (match_int(&args[0], &option)) 794 if (match_int(&args[0], &option))
793 goto bad_val; 795 goto bad_val;
794 pconfig->gid = option; 796 pconfig->gid = make_kgid(current_user_ns(), option);
797 if (!gid_valid(pconfig->gid))
798 goto bad_val;
795 break; 799 break;
796 800
797 case Opt_mode: 801 case Opt_mode:
@@ -924,7 +928,9 @@ static struct vfsmount *hugetlbfs_vfsmount;
924 928
925static int can_do_hugetlb_shm(void) 929static int can_do_hugetlb_shm(void)
926{ 930{
927 return capable(CAP_IPC_LOCK) || in_group_p(sysctl_hugetlb_shm_group); 931 kgid_t shm_group;
932 shm_group = make_kgid(&init_user_ns, sysctl_hugetlb_shm_group);
933 return capable(CAP_IPC_LOCK) || in_group_p(shm_group);
928} 934}
929 935
930struct file *hugetlb_file_setup(const char *name, unsigned long addr, 936struct file *hugetlb_file_setup(const char *name, unsigned long addr,
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
index 29037c365ba4..a7d8e6cc5e0c 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -21,6 +21,7 @@
21#include <linux/cdrom.h> 21#include <linux/cdrom.h>
22#include <linux/parser.h> 22#include <linux/parser.h>
23#include <linux/mpage.h> 23#include <linux/mpage.h>
24#include <linux/user_namespace.h>
24 25
25#include "isofs.h" 26#include "isofs.h"
26#include "zisofs.h" 27#include "zisofs.h"
@@ -171,8 +172,8 @@ struct iso9660_options{
171 unsigned int blocksize; 172 unsigned int blocksize;
172 umode_t fmode; 173 umode_t fmode;
173 umode_t dmode; 174 umode_t dmode;
174 gid_t gid; 175 kgid_t gid;
175 uid_t uid; 176 kuid_t uid;
176 char *iocharset; 177 char *iocharset;
177 /* LVE */ 178 /* LVE */
178 s32 session; 179 s32 session;
@@ -383,8 +384,8 @@ static int parse_options(char *options, struct iso9660_options *popt)
383 popt->fmode = popt->dmode = ISOFS_INVALID_MODE; 384 popt->fmode = popt->dmode = ISOFS_INVALID_MODE;
384 popt->uid_set = 0; 385 popt->uid_set = 0;
385 popt->gid_set = 0; 386 popt->gid_set = 0;
386 popt->gid = 0; 387 popt->gid = GLOBAL_ROOT_GID;
387 popt->uid = 0; 388 popt->uid = GLOBAL_ROOT_UID;
388 popt->iocharset = NULL; 389 popt->iocharset = NULL;
389 popt->utf8 = 0; 390 popt->utf8 = 0;
390 popt->overriderockperm = 0; 391 popt->overriderockperm = 0;
@@ -460,13 +461,17 @@ static int parse_options(char *options, struct iso9660_options *popt)
460 case Opt_uid: 461 case Opt_uid:
461 if (match_int(&args[0], &option)) 462 if (match_int(&args[0], &option))
462 return 0; 463 return 0;
463 popt->uid = option; 464 popt->uid = make_kuid(current_user_ns(), option);
465 if (!uid_valid(popt->uid))
466 return 0;
464 popt->uid_set = 1; 467 popt->uid_set = 1;
465 break; 468 break;
466 case Opt_gid: 469 case Opt_gid:
467 if (match_int(&args[0], &option)) 470 if (match_int(&args[0], &option))
468 return 0; 471 return 0;
469 popt->gid = option; 472 popt->gid = make_kgid(current_user_ns(), option);
473 if (!gid_valid(popt->gid))
474 return 0;
470 popt->gid_set = 1; 475 popt->gid_set = 1;
471 break; 476 break;
472 case Opt_mode: 477 case Opt_mode:
diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
index 3620ad1ea9bc..99167238518d 100644
--- a/fs/isofs/isofs.h
+++ b/fs/isofs/isofs.h
@@ -52,8 +52,8 @@ struct isofs_sb_info {
52 52
53 umode_t s_fmode; 53 umode_t s_fmode;
54 umode_t s_dmode; 54 umode_t s_dmode;
55 gid_t s_gid; 55 kgid_t s_gid;
56 uid_t s_uid; 56 kuid_t s_uid;
57 struct nls_table *s_nls_iocharset; /* Native language support table */ 57 struct nls_table *s_nls_iocharset; /* Native language support table */
58}; 58};
59 59
diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
index 70e79d0c756a..c0bf42472e40 100644
--- a/fs/isofs/rock.c
+++ b/fs/isofs/rock.c
@@ -364,8 +364,8 @@ repeat:
364 case SIG('P', 'X'): 364 case SIG('P', 'X'):
365 inode->i_mode = isonum_733(rr->u.PX.mode); 365 inode->i_mode = isonum_733(rr->u.PX.mode);
366 set_nlink(inode, isonum_733(rr->u.PX.n_links)); 366 set_nlink(inode, isonum_733(rr->u.PX.n_links));
367 inode->i_uid = isonum_733(rr->u.PX.uid); 367 i_uid_write(inode, isonum_733(rr->u.PX.uid));
368 inode->i_gid = isonum_733(rr->u.PX.gid); 368 i_gid_write(inode, isonum_733(rr->u.PX.gid));
369 break; 369 break;
370 case SIG('P', 'N'): 370 case SIG('P', 'N'):
371 { 371 {
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
index 922f146e4235..223283c30111 100644
--- a/fs/jffs2/acl.c
+++ b/fs/jffs2/acl.c
@@ -94,15 +94,23 @@ static struct posix_acl *jffs2_acl_from_medium(void *value, size_t size)
94 case ACL_MASK: 94 case ACL_MASK:
95 case ACL_OTHER: 95 case ACL_OTHER:
96 value += sizeof(struct jffs2_acl_entry_short); 96 value += sizeof(struct jffs2_acl_entry_short);
97 acl->a_entries[i].e_id = ACL_UNDEFINED_ID;
98 break; 97 break;
99 98
100 case ACL_USER: 99 case ACL_USER:
100 value += sizeof(struct jffs2_acl_entry);
101 if (value > end)
102 goto fail;
103 acl->a_entries[i].e_uid =
104 make_kuid(&init_user_ns,
105 je32_to_cpu(entry->e_id));
106 break;
101 case ACL_GROUP: 107 case ACL_GROUP:
102 value += sizeof(struct jffs2_acl_entry); 108 value += sizeof(struct jffs2_acl_entry);
103 if (value > end) 109 if (value > end)
104 goto fail; 110 goto fail;
105 acl->a_entries[i].e_id = je32_to_cpu(entry->e_id); 111 acl->a_entries[i].e_gid =
112 make_kgid(&init_user_ns,
113 je32_to_cpu(entry->e_id));
106 break; 114 break;
107 115
108 default: 116 default:
@@ -131,13 +139,19 @@ static void *jffs2_acl_to_medium(const struct posix_acl *acl, size_t *size)
131 header->a_version = cpu_to_je32(JFFS2_ACL_VERSION); 139 header->a_version = cpu_to_je32(JFFS2_ACL_VERSION);
132 e = header + 1; 140 e = header + 1;
133 for (i=0; i < acl->a_count; i++) { 141 for (i=0; i < acl->a_count; i++) {
142 const struct posix_acl_entry *acl_e = &acl->a_entries[i];
134 entry = e; 143 entry = e;
135 entry->e_tag = cpu_to_je16(acl->a_entries[i].e_tag); 144 entry->e_tag = cpu_to_je16(acl_e->e_tag);
136 entry->e_perm = cpu_to_je16(acl->a_entries[i].e_perm); 145 entry->e_perm = cpu_to_je16(acl_e->e_perm);
137 switch(acl->a_entries[i].e_tag) { 146 switch(acl_e->e_tag) {
138 case ACL_USER: 147 case ACL_USER:
148 entry->e_id = cpu_to_je32(
149 from_kuid(&init_user_ns, acl_e->e_uid));
150 e += sizeof(struct jffs2_acl_entry);
151 break;
139 case ACL_GROUP: 152 case ACL_GROUP:
140 entry->e_id = cpu_to_je32(acl->a_entries[i].e_id); 153 entry->e_id = cpu_to_je32(
154 from_kgid(&init_user_ns, acl_e->e_gid));
141 e += sizeof(struct jffs2_acl_entry); 155 e += sizeof(struct jffs2_acl_entry);
142 break; 156 break;
143 157
@@ -363,7 +377,7 @@ static int jffs2_acl_getxattr(struct dentry *dentry, const char *name,
363 return PTR_ERR(acl); 377 return PTR_ERR(acl);
364 if (!acl) 378 if (!acl)
365 return -ENODATA; 379 return -ENODATA;
366 rc = posix_acl_to_xattr(acl, buffer, size); 380 rc = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
367 posix_acl_release(acl); 381 posix_acl_release(acl);
368 382
369 return rc; 383 return rc;
@@ -381,7 +395,7 @@ static int jffs2_acl_setxattr(struct dentry *dentry, const char *name,
381 return -EPERM; 395 return -EPERM;
382 396
383 if (value) { 397 if (value) {
384 acl = posix_acl_from_xattr(value, size); 398 acl = posix_acl_from_xattr(&init_user_ns, value, size);
385 if (IS_ERR(acl)) 399 if (IS_ERR(acl))
386 return PTR_ERR(acl); 400 return PTR_ERR(acl);
387 if (acl) { 401 if (acl) {
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index db3889ba8818..60ef3fb707ff 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -175,8 +175,8 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
175 ri.ino = cpu_to_je32(f->inocache->ino); 175 ri.ino = cpu_to_je32(f->inocache->ino);
176 ri.version = cpu_to_je32(++f->highest_version); 176 ri.version = cpu_to_je32(++f->highest_version);
177 ri.mode = cpu_to_jemode(inode->i_mode); 177 ri.mode = cpu_to_jemode(inode->i_mode);
178 ri.uid = cpu_to_je16(inode->i_uid); 178 ri.uid = cpu_to_je16(i_uid_read(inode));
179 ri.gid = cpu_to_je16(inode->i_gid); 179 ri.gid = cpu_to_je16(i_gid_read(inode));
180 ri.isize = cpu_to_je32(max((uint32_t)inode->i_size, pageofs)); 180 ri.isize = cpu_to_je32(max((uint32_t)inode->i_size, pageofs));
181 ri.atime = ri.ctime = ri.mtime = cpu_to_je32(get_seconds()); 181 ri.atime = ri.ctime = ri.mtime = cpu_to_je32(get_seconds());
182 ri.offset = cpu_to_je32(inode->i_size); 182 ri.offset = cpu_to_je32(inode->i_size);
@@ -283,8 +283,8 @@ static int jffs2_write_end(struct file *filp, struct address_space *mapping,
283 /* Set the fields that the generic jffs2_write_inode_range() code can't find */ 283 /* Set the fields that the generic jffs2_write_inode_range() code can't find */
284 ri->ino = cpu_to_je32(inode->i_ino); 284 ri->ino = cpu_to_je32(inode->i_ino);
285 ri->mode = cpu_to_jemode(inode->i_mode); 285 ri->mode = cpu_to_jemode(inode->i_mode);
286 ri->uid = cpu_to_je16(inode->i_uid); 286 ri->uid = cpu_to_je16(i_uid_read(inode));
287 ri->gid = cpu_to_je16(inode->i_gid); 287 ri->gid = cpu_to_je16(i_gid_read(inode));
288 ri->isize = cpu_to_je32((uint32_t)inode->i_size); 288 ri->isize = cpu_to_je32((uint32_t)inode->i_size);
289 ri->atime = ri->ctime = ri->mtime = cpu_to_je32(get_seconds()); 289 ri->atime = ri->ctime = ri->mtime = cpu_to_je32(get_seconds());
290 290
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
index 3d3092eda811..fe3c0527545f 100644
--- a/fs/jffs2/fs.c
+++ b/fs/jffs2/fs.c
@@ -99,8 +99,10 @@ int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
99 ri->ino = cpu_to_je32(inode->i_ino); 99 ri->ino = cpu_to_je32(inode->i_ino);
100 ri->version = cpu_to_je32(++f->highest_version); 100 ri->version = cpu_to_je32(++f->highest_version);
101 101
102 ri->uid = cpu_to_je16((ivalid & ATTR_UID)?iattr->ia_uid:inode->i_uid); 102 ri->uid = cpu_to_je16((ivalid & ATTR_UID)?
103 ri->gid = cpu_to_je16((ivalid & ATTR_GID)?iattr->ia_gid:inode->i_gid); 103 from_kuid(&init_user_ns, iattr->ia_uid):i_uid_read(inode));
104 ri->gid = cpu_to_je16((ivalid & ATTR_GID)?
105 from_kgid(&init_user_ns, iattr->ia_gid):i_gid_read(inode));
104 106
105 if (ivalid & ATTR_MODE) 107 if (ivalid & ATTR_MODE)
106 ri->mode = cpu_to_jemode(iattr->ia_mode); 108 ri->mode = cpu_to_jemode(iattr->ia_mode);
@@ -147,8 +149,8 @@ int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
147 inode->i_ctime = ITIME(je32_to_cpu(ri->ctime)); 149 inode->i_ctime = ITIME(je32_to_cpu(ri->ctime));
148 inode->i_mtime = ITIME(je32_to_cpu(ri->mtime)); 150 inode->i_mtime = ITIME(je32_to_cpu(ri->mtime));
149 inode->i_mode = jemode_to_cpu(ri->mode); 151 inode->i_mode = jemode_to_cpu(ri->mode);
150 inode->i_uid = je16_to_cpu(ri->uid); 152 i_uid_write(inode, je16_to_cpu(ri->uid));
151 inode->i_gid = je16_to_cpu(ri->gid); 153 i_gid_write(inode, je16_to_cpu(ri->gid));
152 154
153 155
154 old_metadata = f->metadata; 156 old_metadata = f->metadata;
@@ -276,8 +278,8 @@ struct inode *jffs2_iget(struct super_block *sb, unsigned long ino)
276 return ERR_PTR(ret); 278 return ERR_PTR(ret);
277 } 279 }
278 inode->i_mode = jemode_to_cpu(latest_node.mode); 280 inode->i_mode = jemode_to_cpu(latest_node.mode);
279 inode->i_uid = je16_to_cpu(latest_node.uid); 281 i_uid_write(inode, je16_to_cpu(latest_node.uid));
280 inode->i_gid = je16_to_cpu(latest_node.gid); 282 i_gid_write(inode, je16_to_cpu(latest_node.gid));
281 inode->i_size = je32_to_cpu(latest_node.isize); 283 inode->i_size = je32_to_cpu(latest_node.isize);
282 inode->i_atime = ITIME(je32_to_cpu(latest_node.atime)); 284 inode->i_atime = ITIME(je32_to_cpu(latest_node.atime));
283 inode->i_mtime = ITIME(je32_to_cpu(latest_node.mtime)); 285 inode->i_mtime = ITIME(je32_to_cpu(latest_node.mtime));
@@ -440,14 +442,14 @@ struct inode *jffs2_new_inode (struct inode *dir_i, umode_t mode, struct jffs2_r
440 442
441 memset(ri, 0, sizeof(*ri)); 443 memset(ri, 0, sizeof(*ri));
442 /* Set OS-specific defaults for new inodes */ 444 /* Set OS-specific defaults for new inodes */
443 ri->uid = cpu_to_je16(current_fsuid()); 445 ri->uid = cpu_to_je16(from_kuid(&init_user_ns, current_fsuid()));
444 446
445 if (dir_i->i_mode & S_ISGID) { 447 if (dir_i->i_mode & S_ISGID) {
446 ri->gid = cpu_to_je16(dir_i->i_gid); 448 ri->gid = cpu_to_je16(i_gid_read(dir_i));
447 if (S_ISDIR(mode)) 449 if (S_ISDIR(mode))
448 mode |= S_ISGID; 450 mode |= S_ISGID;
449 } else { 451 } else {
450 ri->gid = cpu_to_je16(current_fsgid()); 452 ri->gid = cpu_to_je16(from_kgid(&init_user_ns, current_fsgid()));
451 } 453 }
452 454
453 /* POSIX ACLs have to be processed now, at least partly. 455 /* POSIX ACLs have to be processed now, at least partly.
@@ -467,8 +469,8 @@ struct inode *jffs2_new_inode (struct inode *dir_i, umode_t mode, struct jffs2_r
467 set_nlink(inode, 1); 469 set_nlink(inode, 1);
468 inode->i_ino = je32_to_cpu(ri->ino); 470 inode->i_ino = je32_to_cpu(ri->ino);
469 inode->i_mode = jemode_to_cpu(ri->mode); 471 inode->i_mode = jemode_to_cpu(ri->mode);
470 inode->i_gid = je16_to_cpu(ri->gid); 472 i_gid_write(inode, je16_to_cpu(ri->gid));
471 inode->i_uid = je16_to_cpu(ri->uid); 473 i_uid_write(inode, je16_to_cpu(ri->uid));
472 inode->i_atime = inode->i_ctime = inode->i_mtime = CURRENT_TIME_SEC; 474 inode->i_atime = inode->i_ctime = inode->i_mtime = CURRENT_TIME_SEC;
473 ri->atime = ri->mtime = ri->ctime = cpu_to_je32(I_SEC(inode->i_mtime)); 475 ri->atime = ri->mtime = ri->ctime = cpu_to_je32(I_SEC(inode->i_mtime));
474 476
diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h
index bcd983d7e7f9..d200a9b8fd5e 100644
--- a/fs/jffs2/os-linux.h
+++ b/fs/jffs2/os-linux.h
@@ -27,8 +27,8 @@ struct kvec;
27 27
28#define JFFS2_F_I_SIZE(f) (OFNI_EDONI_2SFFJ(f)->i_size) 28#define JFFS2_F_I_SIZE(f) (OFNI_EDONI_2SFFJ(f)->i_size)
29#define JFFS2_F_I_MODE(f) (OFNI_EDONI_2SFFJ(f)->i_mode) 29#define JFFS2_F_I_MODE(f) (OFNI_EDONI_2SFFJ(f)->i_mode)
30#define JFFS2_F_I_UID(f) (OFNI_EDONI_2SFFJ(f)->i_uid) 30#define JFFS2_F_I_UID(f) (i_uid_read(OFNI_EDONI_2SFFJ(f)))
31#define JFFS2_F_I_GID(f) (OFNI_EDONI_2SFFJ(f)->i_gid) 31#define JFFS2_F_I_GID(f) (i_gid_read(OFNI_EDONI_2SFFJ(f)))
32#define JFFS2_F_I_RDEV(f) (OFNI_EDONI_2SFFJ(f)->i_rdev) 32#define JFFS2_F_I_RDEV(f) (OFNI_EDONI_2SFFJ(f)->i_rdev)
33 33
34#define ITIME(sec) ((struct timespec){sec, 0}) 34#define ITIME(sec) ((struct timespec){sec, 0})
diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c
index 45559dc3ea2f..d254d6d35995 100644
--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -64,7 +64,7 @@ struct posix_acl *jfs_get_acl(struct inode *inode, int type)
64 else 64 else
65 acl = ERR_PTR(size); 65 acl = ERR_PTR(size);
66 } else { 66 } else {
67 acl = posix_acl_from_xattr(value, size); 67 acl = posix_acl_from_xattr(&init_user_ns, value, size);
68 } 68 }
69 kfree(value); 69 kfree(value);
70 if (!IS_ERR(acl)) 70 if (!IS_ERR(acl))
@@ -100,7 +100,7 @@ static int jfs_set_acl(tid_t tid, struct inode *inode, int type,
100 value = kmalloc(size, GFP_KERNEL); 100 value = kmalloc(size, GFP_KERNEL);
101 if (!value) 101 if (!value)
102 return -ENOMEM; 102 return -ENOMEM;
103 rc = posix_acl_to_xattr(acl, value, size); 103 rc = posix_acl_to_xattr(&init_user_ns, acl, value, size);
104 if (rc < 0) 104 if (rc < 0)
105 goto out; 105 goto out;
106 } 106 }
diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 844f9460cb11..9d3afd157f99 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c
@@ -108,8 +108,8 @@ int jfs_setattr(struct dentry *dentry, struct iattr *iattr)
108 108
109 if (is_quota_modification(inode, iattr)) 109 if (is_quota_modification(inode, iattr))
110 dquot_initialize(inode); 110 dquot_initialize(inode);
111 if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) || 111 if ((iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)) ||
112 (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) { 112 (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))) {
113 rc = dquot_transfer(inode, iattr); 113 rc = dquot_transfer(inode, iattr);
114 if (rc) 114 if (rc)
115 return rc; 115 return rc;
diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index 1b6f15f191b3..6ba4006e011b 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -3078,15 +3078,15 @@ static int copy_from_dinode(struct dinode * dip, struct inode *ip)
3078 } 3078 }
3079 set_nlink(ip, le32_to_cpu(dip->di_nlink)); 3079 set_nlink(ip, le32_to_cpu(dip->di_nlink));
3080 3080
3081 jfs_ip->saved_uid = le32_to_cpu(dip->di_uid); 3081 jfs_ip->saved_uid = make_kuid(&init_user_ns, le32_to_cpu(dip->di_uid));
3082 if (sbi->uid == -1) 3082 if (!uid_valid(sbi->uid))
3083 ip->i_uid = jfs_ip->saved_uid; 3083 ip->i_uid = jfs_ip->saved_uid;
3084 else { 3084 else {
3085 ip->i_uid = sbi->uid; 3085 ip->i_uid = sbi->uid;
3086 } 3086 }
3087 3087
3088 jfs_ip->saved_gid = le32_to_cpu(dip->di_gid); 3088 jfs_ip->saved_gid = make_kgid(&init_user_ns, le32_to_cpu(dip->di_gid));
3089 if (sbi->gid == -1) 3089 if (!gid_valid(sbi->gid))
3090 ip->i_gid = jfs_ip->saved_gid; 3090 ip->i_gid = jfs_ip->saved_gid;
3091 else { 3091 else {
3092 ip->i_gid = sbi->gid; 3092 ip->i_gid = sbi->gid;
@@ -3150,14 +3150,16 @@ static void copy_to_dinode(struct dinode * dip, struct inode *ip)
3150 dip->di_size = cpu_to_le64(ip->i_size); 3150 dip->di_size = cpu_to_le64(ip->i_size);
3151 dip->di_nblocks = cpu_to_le64(PBLK2LBLK(ip->i_sb, ip->i_blocks)); 3151 dip->di_nblocks = cpu_to_le64(PBLK2LBLK(ip->i_sb, ip->i_blocks));
3152 dip->di_nlink = cpu_to_le32(ip->i_nlink); 3152 dip->di_nlink = cpu_to_le32(ip->i_nlink);
3153 if (sbi->uid == -1) 3153 if (!uid_valid(sbi->uid))
3154 dip->di_uid = cpu_to_le32(ip->i_uid); 3154 dip->di_uid = cpu_to_le32(i_uid_read(ip));
3155 else 3155 else
3156 dip->di_uid = cpu_to_le32(jfs_ip->saved_uid); 3156 dip->di_uid =cpu_to_le32(from_kuid(&init_user_ns,
3157 if (sbi->gid == -1) 3157 jfs_ip->saved_uid));
3158 dip->di_gid = cpu_to_le32(ip->i_gid); 3158 if (!gid_valid(sbi->gid))
3159 dip->di_gid = cpu_to_le32(i_gid_read(ip));
3159 else 3160 else
3160 dip->di_gid = cpu_to_le32(jfs_ip->saved_gid); 3161 dip->di_gid = cpu_to_le32(from_kgid(&init_user_ns,
3162 jfs_ip->saved_gid));
3161 jfs_get_inode_flags(jfs_ip); 3163 jfs_get_inode_flags(jfs_ip);
3162 /* 3164 /*
3163 * mode2 is only needed for storing the higher order bits. 3165 * mode2 is only needed for storing the higher order bits.
diff --git a/fs/jfs/jfs_incore.h b/fs/jfs/jfs_incore.h
index 584a4a1a6e81..680605d7bf15 100644
--- a/fs/jfs/jfs_incore.h
+++ b/fs/jfs/jfs_incore.h
@@ -38,8 +38,8 @@
38struct jfs_inode_info { 38struct jfs_inode_info {
39 int fileset; /* fileset number (always 16)*/ 39 int fileset; /* fileset number (always 16)*/
40 uint mode2; /* jfs-specific mode */ 40 uint mode2; /* jfs-specific mode */
41 uint saved_uid; /* saved for uid mount option */ 41 kuid_t saved_uid; /* saved for uid mount option */
42 uint saved_gid; /* saved for gid mount option */ 42 kgid_t saved_gid; /* saved for gid mount option */
43 pxd_t ixpxd; /* inode extent descriptor */ 43 pxd_t ixpxd; /* inode extent descriptor */
44 dxd_t acl; /* dxd describing acl */ 44 dxd_t acl; /* dxd describing acl */
45 dxd_t ea; /* dxd describing ea */ 45 dxd_t ea; /* dxd describing ea */
@@ -192,8 +192,8 @@ struct jfs_sb_info {
192 uint state; /* mount/recovery state */ 192 uint state; /* mount/recovery state */
193 unsigned long flag; /* mount time flags */ 193 unsigned long flag; /* mount time flags */
194 uint p_state; /* state prior to going no integrity */ 194 uint p_state; /* state prior to going no integrity */
195 uint uid; /* uid to override on-disk uid */ 195 kuid_t uid; /* uid to override on-disk uid */
196 uint gid; /* gid to override on-disk gid */ 196 kgid_t gid; /* gid to override on-disk gid */
197 uint umask; /* umask to override on-disk umask */ 197 uint umask; /* umask to override on-disk umask */
198}; 198};
199 199
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
index c55c7452d285..706692f24033 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
@@ -321,13 +321,19 @@ static int parse_options(char *options, struct super_block *sb, s64 *newLVSize,
321 case Opt_uid: 321 case Opt_uid:
322 { 322 {
323 char *uid = args[0].from; 323 char *uid = args[0].from;
324 sbi->uid = simple_strtoul(uid, &uid, 0); 324 uid_t val = simple_strtoul(uid, &uid, 0);
325 sbi->uid = make_kuid(current_user_ns(), val);
326 if (!uid_valid(sbi->uid))
327 goto cleanup;
325 break; 328 break;
326 } 329 }
327 case Opt_gid: 330 case Opt_gid:
328 { 331 {
329 char *gid = args[0].from; 332 char *gid = args[0].from;
330 sbi->gid = simple_strtoul(gid, &gid, 0); 333 gid_t val = simple_strtoul(gid, &gid, 0);
334 sbi->gid = make_kgid(current_user_ns(), val);
335 if (!gid_valid(sbi->gid))
336 goto cleanup;
331 break; 337 break;
332 } 338 }
333 case Opt_umask: 339 case Opt_umask:
@@ -443,7 +449,9 @@ static int jfs_fill_super(struct super_block *sb, void *data, int silent)
443 sb->s_fs_info = sbi; 449 sb->s_fs_info = sbi;
444 sb->s_max_links = JFS_LINK_MAX; 450 sb->s_max_links = JFS_LINK_MAX;
445 sbi->sb = sb; 451 sbi->sb = sb;
446 sbi->uid = sbi->gid = sbi->umask = -1; 452 sbi->uid = INVALID_UID;
453 sbi->gid = INVALID_GID;
454 sbi->umask = -1;
447 455
448 /* initialize the mount flag and determine the default error handler */ 456 /* initialize the mount flag and determine the default error handler */
449 flag = JFS_ERR_REMOUNT_RO; 457 flag = JFS_ERR_REMOUNT_RO;
@@ -617,10 +625,10 @@ static int jfs_show_options(struct seq_file *seq, struct dentry *root)
617{ 625{
618 struct jfs_sb_info *sbi = JFS_SBI(root->d_sb); 626 struct jfs_sb_info *sbi = JFS_SBI(root->d_sb);
619 627
620 if (sbi->uid != -1) 628 if (uid_valid(sbi->uid))
621 seq_printf(seq, ",uid=%d", sbi->uid); 629 seq_printf(seq, ",uid=%d", from_kuid(&init_user_ns, sbi->uid));
622 if (sbi->gid != -1) 630 if (gid_valid(sbi->gid))
623 seq_printf(seq, ",gid=%d", sbi->gid); 631 seq_printf(seq, ",gid=%d", from_kgid(&init_user_ns, sbi->gid));
624 if (sbi->umask != -1) 632 if (sbi->umask != -1)
625 seq_printf(seq, ",umask=%03o", sbi->umask); 633 seq_printf(seq, ",umask=%03o", sbi->umask);
626 if (sbi->flag & JFS_NOINTEGRITY) 634 if (sbi->flag & JFS_NOINTEGRITY)
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index 26683e15b3ac..42d67f9757bf 100644
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -685,7 +685,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
685 * POSIX_ACL_XATTR_ACCESS is tied to i_mode 685 * POSIX_ACL_XATTR_ACCESS is tied to i_mode
686 */ 686 */
687 if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) { 687 if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) {
688 acl = posix_acl_from_xattr(value, value_len); 688 acl = posix_acl_from_xattr(&init_user_ns, value, value_len);
689 if (IS_ERR(acl)) { 689 if (IS_ERR(acl)) {
690 rc = PTR_ERR(acl); 690 rc = PTR_ERR(acl);
691 printk(KERN_ERR "posix_acl_from_xattr returned %d\n", 691 printk(KERN_ERR "posix_acl_from_xattr returned %d\n",
@@ -710,7 +710,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
710 710
711 return 0; 711 return 0;
712 } else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) { 712 } else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) {
713 acl = posix_acl_from_xattr(value, value_len); 713 acl = posix_acl_from_xattr(&init_user_ns, value, value_len);
714 if (IS_ERR(acl)) { 714 if (IS_ERR(acl)) {
715 rc = PTR_ERR(acl); 715 rc = PTR_ERR(acl);
716 printk(KERN_ERR "posix_acl_from_xattr returned %d\n", 716 printk(KERN_ERR "posix_acl_from_xattr returned %d\n",
diff --git a/fs/logfs/inode.c b/fs/logfs/inode.c
index 6984562738d3..bda39085309f 100644
--- a/fs/logfs/inode.c
+++ b/fs/logfs/inode.c
@@ -208,8 +208,8 @@ static void logfs_init_inode(struct super_block *sb, struct inode *inode)
208 li->li_height = 0; 208 li->li_height = 0;
209 li->li_used_bytes = 0; 209 li->li_used_bytes = 0;
210 li->li_block = NULL; 210 li->li_block = NULL;
211 inode->i_uid = 0; 211 i_uid_write(inode, 0);
212 inode->i_gid = 0; 212 i_gid_write(inode, 0);
213 inode->i_size = 0; 213 inode->i_size = 0;
214 inode->i_blocks = 0; 214 inode->i_blocks = 0;
215 inode->i_ctime = CURRENT_TIME; 215 inode->i_ctime = CURRENT_TIME;
diff --git a/fs/logfs/readwrite.c b/fs/logfs/readwrite.c
index 5be0abef603d..e1a3b6bf6324 100644
--- a/fs/logfs/readwrite.c
+++ b/fs/logfs/readwrite.c
@@ -119,8 +119,8 @@ static void logfs_disk_to_inode(struct logfs_disk_inode *di, struct inode*inode)
119 inode->i_mode = be16_to_cpu(di->di_mode); 119 inode->i_mode = be16_to_cpu(di->di_mode);
120 li->li_height = di->di_height; 120 li->li_height = di->di_height;
121 li->li_flags = be32_to_cpu(di->di_flags); 121 li->li_flags = be32_to_cpu(di->di_flags);
122 inode->i_uid = be32_to_cpu(di->di_uid); 122 i_uid_write(inode, be32_to_cpu(di->di_uid));
123 inode->i_gid = be32_to_cpu(di->di_gid); 123 i_gid_write(inode, be32_to_cpu(di->di_gid));
124 inode->i_size = be64_to_cpu(di->di_size); 124 inode->i_size = be64_to_cpu(di->di_size);
125 logfs_set_blocks(inode, be64_to_cpu(di->di_used_bytes)); 125 logfs_set_blocks(inode, be64_to_cpu(di->di_used_bytes));
126 inode->i_atime = be64_to_timespec(di->di_atime); 126 inode->i_atime = be64_to_timespec(di->di_atime);
@@ -156,8 +156,8 @@ static void logfs_inode_to_disk(struct inode *inode, struct logfs_disk_inode*di)
156 di->di_height = li->li_height; 156 di->di_height = li->li_height;
157 di->di_pad = 0; 157 di->di_pad = 0;
158 di->di_flags = cpu_to_be32(li->li_flags); 158 di->di_flags = cpu_to_be32(li->li_flags);
159 di->di_uid = cpu_to_be32(inode->i_uid); 159 di->di_uid = cpu_to_be32(i_uid_read(inode));
160 di->di_gid = cpu_to_be32(inode->i_gid); 160 di->di_gid = cpu_to_be32(i_gid_read(inode));
161 di->di_size = cpu_to_be64(i_size_read(inode)); 161 di->di_size = cpu_to_be64(i_size_read(inode));
162 di->di_used_bytes = cpu_to_be64(li->li_used_bytes); 162 di->di_used_bytes = cpu_to_be64(li->li_used_bytes);
163 di->di_atime = timespec_to_be64(inode->i_atime); 163 di->di_atime = timespec_to_be64(inode->i_atime);
diff --git a/fs/minix/inode.c b/fs/minix/inode.c
index 2a503ad020d5..d0e42c678923 100644
--- a/fs/minix/inode.c
+++ b/fs/minix/inode.c
@@ -460,8 +460,8 @@ static struct inode *V1_minix_iget(struct inode *inode)
460 return ERR_PTR(-EIO); 460 return ERR_PTR(-EIO);
461 } 461 }
462 inode->i_mode = raw_inode->i_mode; 462 inode->i_mode = raw_inode->i_mode;
463 inode->i_uid = (uid_t)raw_inode->i_uid; 463 i_uid_write(inode, raw_inode->i_uid);
464 inode->i_gid = (gid_t)raw_inode->i_gid; 464 i_gid_write(inode, raw_inode->i_gid);
465 set_nlink(inode, raw_inode->i_nlinks); 465 set_nlink(inode, raw_inode->i_nlinks);
466 inode->i_size = raw_inode->i_size; 466 inode->i_size = raw_inode->i_size;
467 inode->i_mtime.tv_sec = inode->i_atime.tv_sec = inode->i_ctime.tv_sec = raw_inode->i_time; 467 inode->i_mtime.tv_sec = inode->i_atime.tv_sec = inode->i_ctime.tv_sec = raw_inode->i_time;
@@ -493,8 +493,8 @@ static struct inode *V2_minix_iget(struct inode *inode)
493 return ERR_PTR(-EIO); 493 return ERR_PTR(-EIO);
494 } 494 }
495 inode->i_mode = raw_inode->i_mode; 495 inode->i_mode = raw_inode->i_mode;
496 inode->i_uid = (uid_t)raw_inode->i_uid; 496 i_uid_write(inode, raw_inode->i_uid);
497 inode->i_gid = (gid_t)raw_inode->i_gid; 497 i_gid_write(inode, raw_inode->i_gid);
498 set_nlink(inode, raw_inode->i_nlinks); 498 set_nlink(inode, raw_inode->i_nlinks);
499 inode->i_size = raw_inode->i_size; 499 inode->i_size = raw_inode->i_size;
500 inode->i_mtime.tv_sec = raw_inode->i_mtime; 500 inode->i_mtime.tv_sec = raw_inode->i_mtime;
@@ -545,8 +545,8 @@ static struct buffer_head * V1_minix_update_inode(struct inode * inode)
545 if (!raw_inode) 545 if (!raw_inode)
546 return NULL; 546 return NULL;
547 raw_inode->i_mode = inode->i_mode; 547 raw_inode->i_mode = inode->i_mode;
548 raw_inode->i_uid = fs_high2lowuid(inode->i_uid); 548 raw_inode->i_uid = fs_high2lowuid(i_uid_read(inode));
549 raw_inode->i_gid = fs_high2lowgid(inode->i_gid); 549 raw_inode->i_gid = fs_high2lowgid(i_gid_read(inode));
550 raw_inode->i_nlinks = inode->i_nlink; 550 raw_inode->i_nlinks = inode->i_nlink;
551 raw_inode->i_size = inode->i_size; 551 raw_inode->i_size = inode->i_size;
552 raw_inode->i_time = inode->i_mtime.tv_sec; 552 raw_inode->i_time = inode->i_mtime.tv_sec;
@@ -572,8 +572,8 @@ static struct buffer_head * V2_minix_update_inode(struct inode * inode)
572 if (!raw_inode) 572 if (!raw_inode)
573 return NULL; 573 return NULL;
574 raw_inode->i_mode = inode->i_mode; 574 raw_inode->i_mode = inode->i_mode;
575 raw_inode->i_uid = fs_high2lowuid(inode->i_uid); 575 raw_inode->i_uid = fs_high2lowuid(i_uid_read(inode));
576 raw_inode->i_gid = fs_high2lowgid(inode->i_gid); 576 raw_inode->i_gid = fs_high2lowgid(i_gid_read(inode));
577 raw_inode->i_nlinks = inode->i_nlink; 577 raw_inode->i_nlinks = inode->i_nlink;
578 raw_inode->i_size = inode->i_size; 578 raw_inode->i_size = inode->i_size;
579 raw_inode->i_mtime = inode->i_mtime.tv_sec; 579 raw_inode->i_mtime = inode->i_mtime.tv_sec;
diff --git a/fs/namei.c b/fs/namei.c
index dd1ed1b8e98e..a856e7f7b6e3 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -680,7 +680,7 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
680 680
681 /* Allowed if owner and follower match. */ 681 /* Allowed if owner and follower match. */
682 inode = link->dentry->d_inode; 682 inode = link->dentry->d_inode;
683 if (current_cred()->fsuid == inode->i_uid) 683 if (uid_eq(current_cred()->fsuid, inode->i_uid))
684 return 0; 684 return 0;
685 685
686 /* Allowed if parent directory not sticky and world-writable. */ 686 /* Allowed if parent directory not sticky and world-writable. */
@@ -689,7 +689,7 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
689 return 0; 689 return 0;
690 690
691 /* Allowed if parent directory and link owner match. */ 691 /* Allowed if parent directory and link owner match. */
692 if (parent->i_uid == inode->i_uid) 692 if (uid_eq(parent->i_uid, inode->i_uid))
693 return 0; 693 return 0;
694 694
695 path_put_conditional(link, nd); 695 path_put_conditional(link, nd);
@@ -759,7 +759,7 @@ static int may_linkat(struct path *link)
759 /* Source inode owner (or CAP_FOWNER) can hardlink all they like, 759 /* Source inode owner (or CAP_FOWNER) can hardlink all they like,
760 * otherwise, it must be a safe source. 760 * otherwise, it must be a safe source.
761 */ 761 */
762 if (cred->fsuid == inode->i_uid || safe_hardlink_source(inode) || 762 if (uid_eq(cred->fsuid, inode->i_uid) || safe_hardlink_source(inode) ||
763 capable(CAP_FOWNER)) 763 capable(CAP_FOWNER))
764 return 0; 764 return 0;
765 765
diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
index e4498dc351a8..4a1aafba6a20 100644
--- a/fs/nfs/nfs3acl.c
+++ b/fs/nfs/nfs3acl.c
@@ -70,7 +70,7 @@ ssize_t nfs3_getxattr(struct dentry *dentry, const char *name,
70 if (type == ACL_TYPE_ACCESS && acl->a_count == 0) 70 if (type == ACL_TYPE_ACCESS && acl->a_count == 0)
71 error = -ENODATA; 71 error = -ENODATA;
72 else 72 else
73 error = posix_acl_to_xattr(acl, buffer, size); 73 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
74 posix_acl_release(acl); 74 posix_acl_release(acl);
75 } else 75 } else
76 error = -ENODATA; 76 error = -ENODATA;
@@ -92,7 +92,7 @@ int nfs3_setxattr(struct dentry *dentry, const char *name,
92 else 92 else
93 return -EOPNOTSUPP; 93 return -EOPNOTSUPP;
94 94
95 acl = posix_acl_from_xattr(value, size); 95 acl = posix_acl_from_xattr(&init_user_ns, value, size);
96 if (IS_ERR(acl)) 96 if (IS_ERR(acl))
97 return PTR_ERR(acl); 97 return PTR_ERR(acl);
98 error = nfs3_proc_setacl(inode, type, acl); 98 error = nfs3_proc_setacl(inode, type, acl);
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index a9269f142cc4..3f67b8e12251 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -480,7 +480,7 @@ set_nfsv4_acl_one(struct dentry *dentry, struct posix_acl *pacl, char *key)
480 if (buf == NULL) 480 if (buf == NULL)
481 goto out; 481 goto out;
482 482
483 len = posix_acl_to_xattr(pacl, buf, buflen); 483 len = posix_acl_to_xattr(&init_user_ns, pacl, buf, buflen);
484 if (len < 0) { 484 if (len < 0) {
485 error = len; 485 error = len;
486 goto out; 486 goto out;
@@ -549,7 +549,7 @@ _get_posix_acl(struct dentry *dentry, char *key)
549 if (buflen <= 0) 549 if (buflen <= 0)
550 return ERR_PTR(buflen); 550 return ERR_PTR(buflen);
551 551
552 pacl = posix_acl_from_xattr(buf, buflen); 552 pacl = posix_acl_from_xattr(&init_user_ns, buf, buflen);
553 kfree(buf); 553 kfree(buf);
554 return pacl; 554 return pacl;
555} 555}
@@ -2264,7 +2264,7 @@ nfsd_get_posix_acl(struct svc_fh *fhp, int type)
2264 if (size < 0) 2264 if (size < 0)
2265 return ERR_PTR(size); 2265 return ERR_PTR(size);
2266 2266
2267 acl = posix_acl_from_xattr(value, size); 2267 acl = posix_acl_from_xattr(&init_user_ns, value, size);
2268 kfree(value); 2268 kfree(value);
2269 return acl; 2269 return acl;
2270} 2270}
@@ -2297,7 +2297,7 @@ nfsd_set_posix_acl(struct svc_fh *fhp, int type, struct posix_acl *acl)
2297 value = kmalloc(size, GFP_KERNEL); 2297 value = kmalloc(size, GFP_KERNEL);
2298 if (!value) 2298 if (!value)
2299 return -ENOMEM; 2299 return -ENOMEM;
2300 error = posix_acl_to_xattr(acl, value, size); 2300 error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
2301 if (error < 0) 2301 if (error < 0)
2302 goto getout; 2302 goto getout;
2303 size = error; 2303 size = error;
diff --git a/fs/nilfs2/inode.c b/fs/nilfs2/inode.c
index 6e2c3db976b2..4d31d2cca7fd 100644
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -401,8 +401,8 @@ int nilfs_read_inode_common(struct inode *inode,
401 int err; 401 int err;
402 402
403 inode->i_mode = le16_to_cpu(raw_inode->i_mode); 403 inode->i_mode = le16_to_cpu(raw_inode->i_mode);
404 inode->i_uid = (uid_t)le32_to_cpu(raw_inode->i_uid); 404 i_uid_write(inode, le32_to_cpu(raw_inode->i_uid));
405 inode->i_gid = (gid_t)le32_to_cpu(raw_inode->i_gid); 405 i_gid_write(inode, le32_to_cpu(raw_inode->i_gid));
406 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count)); 406 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
407 inode->i_size = le64_to_cpu(raw_inode->i_size); 407 inode->i_size = le64_to_cpu(raw_inode->i_size);
408 inode->i_atime.tv_sec = le64_to_cpu(raw_inode->i_mtime); 408 inode->i_atime.tv_sec = le64_to_cpu(raw_inode->i_mtime);
@@ -590,8 +590,8 @@ void nilfs_write_inode_common(struct inode *inode,
590 struct nilfs_inode_info *ii = NILFS_I(inode); 590 struct nilfs_inode_info *ii = NILFS_I(inode);
591 591
592 raw_inode->i_mode = cpu_to_le16(inode->i_mode); 592 raw_inode->i_mode = cpu_to_le16(inode->i_mode);
593 raw_inode->i_uid = cpu_to_le32(inode->i_uid); 593 raw_inode->i_uid = cpu_to_le32(i_uid_read(inode));
594 raw_inode->i_gid = cpu_to_le32(inode->i_gid); 594 raw_inode->i_gid = cpu_to_le32(i_gid_read(inode));
595 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink); 595 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
596 raw_inode->i_size = cpu_to_le64(inode->i_size); 596 raw_inode->i_size = cpu_to_le64(inode->i_size);
597 raw_inode->i_ctime = cpu_to_le64(inode->i_ctime.tv_sec); 597 raw_inode->i_ctime = cpu_to_le64(inode->i_ctime.tv_sec);
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index c6dbd3db6ca8..1d27331e6fc9 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -2124,7 +2124,8 @@ int ntfs_read_inode_mount(struct inode *vi)
2124 * ntfs_read_inode() will have set up the default ones. 2124 * ntfs_read_inode() will have set up the default ones.
2125 */ 2125 */
2126 /* Set uid and gid to root. */ 2126 /* Set uid and gid to root. */
2127 vi->i_uid = vi->i_gid = 0; 2127 vi->i_uid = GLOBAL_ROOT_UID;
2128 vi->i_gid = GLOBAL_ROOT_GID;
2128 /* Regular file. No access for anyone. */ 2129 /* Regular file. No access for anyone. */
2129 vi->i_mode = S_IFREG; 2130 vi->i_mode = S_IFREG;
2130 /* No VFS initiated operations allowed for $MFT. */ 2131 /* No VFS initiated operations allowed for $MFT. */
@@ -2312,8 +2313,8 @@ int ntfs_show_options(struct seq_file *sf, struct dentry *root)
2312 ntfs_volume *vol = NTFS_SB(root->d_sb); 2313 ntfs_volume *vol = NTFS_SB(root->d_sb);
2313 int i; 2314 int i;
2314 2315
2315 seq_printf(sf, ",uid=%i", vol->uid); 2316 seq_printf(sf, ",uid=%i", from_kuid_munged(&init_user_ns, vol->uid));
2316 seq_printf(sf, ",gid=%i", vol->gid); 2317 seq_printf(sf, ",gid=%i", from_kgid_munged(&init_user_ns, vol->gid));
2317 if (vol->fmask == vol->dmask) 2318 if (vol->fmask == vol->dmask)
2318 seq_printf(sf, ",umask=0%o", vol->fmask); 2319 seq_printf(sf, ",umask=0%o", vol->fmask);
2319 else { 2320 else {
diff --git a/fs/ntfs/super.c b/fs/ntfs/super.c
index 2bc149d6a784..da01c165067d 100644
--- a/fs/ntfs/super.c
+++ b/fs/ntfs/super.c
@@ -102,8 +102,8 @@ static bool parse_options(ntfs_volume *vol, char *opt)
102 char *p, *v, *ov; 102 char *p, *v, *ov;
103 static char *utf8 = "utf8"; 103 static char *utf8 = "utf8";
104 int errors = 0, sloppy = 0; 104 int errors = 0, sloppy = 0;
105 uid_t uid = (uid_t)-1; 105 kuid_t uid = INVALID_UID;
106 gid_t gid = (gid_t)-1; 106 kgid_t gid = INVALID_GID;
107 umode_t fmask = (umode_t)-1, dmask = (umode_t)-1; 107 umode_t fmask = (umode_t)-1, dmask = (umode_t)-1;
108 int mft_zone_multiplier = -1, on_errors = -1; 108 int mft_zone_multiplier = -1, on_errors = -1;
109 int show_sys_files = -1, case_sensitive = -1, disable_sparse = -1; 109 int show_sys_files = -1, case_sensitive = -1, disable_sparse = -1;
@@ -128,6 +128,30 @@ static bool parse_options(ntfs_volume *vol, char *opt)
128 if (*v) \ 128 if (*v) \
129 goto needs_val; \ 129 goto needs_val; \
130 } 130 }
131#define NTFS_GETOPT_UID(option, variable) \
132 if (!strcmp(p, option)) { \
133 uid_t uid_value; \
134 if (!v || !*v) \
135 goto needs_arg; \
136 uid_value = simple_strtoul(ov = v, &v, 0); \
137 if (*v) \
138 goto needs_val; \
139 variable = make_kuid(current_user_ns(), uid_value); \
140 if (!uid_valid(variable)) \
141 goto needs_val; \
142 }
143#define NTFS_GETOPT_GID(option, variable) \
144 if (!strcmp(p, option)) { \
145 gid_t gid_value; \
146 if (!v || !*v) \
147 goto needs_arg; \
148 gid_value = simple_strtoul(ov = v, &v, 0); \
149 if (*v) \
150 goto needs_val; \
151 variable = make_kgid(current_user_ns(), gid_value); \
152 if (!gid_valid(variable)) \
153 goto needs_val; \
154 }
131#define NTFS_GETOPT_OCTAL(option, variable) \ 155#define NTFS_GETOPT_OCTAL(option, variable) \
132 if (!strcmp(p, option)) { \ 156 if (!strcmp(p, option)) { \
133 if (!v || !*v) \ 157 if (!v || !*v) \
@@ -165,8 +189,8 @@ static bool parse_options(ntfs_volume *vol, char *opt)
165 while ((p = strsep(&opt, ","))) { 189 while ((p = strsep(&opt, ","))) {
166 if ((v = strchr(p, '='))) 190 if ((v = strchr(p, '=')))
167 *v++ = 0; 191 *v++ = 0;
168 NTFS_GETOPT("uid", uid) 192 NTFS_GETOPT_UID("uid", uid)
169 else NTFS_GETOPT("gid", gid) 193 else NTFS_GETOPT_GID("gid", gid)
170 else NTFS_GETOPT_OCTAL("umask", fmask = dmask) 194 else NTFS_GETOPT_OCTAL("umask", fmask = dmask)
171 else NTFS_GETOPT_OCTAL("fmask", fmask) 195 else NTFS_GETOPT_OCTAL("fmask", fmask)
172 else NTFS_GETOPT_OCTAL("dmask", dmask) 196 else NTFS_GETOPT_OCTAL("dmask", dmask)
@@ -283,9 +307,9 @@ no_mount_options:
283 vol->on_errors = on_errors; 307 vol->on_errors = on_errors;
284 if (!vol->on_errors || vol->on_errors == ON_ERRORS_RECOVER) 308 if (!vol->on_errors || vol->on_errors == ON_ERRORS_RECOVER)
285 vol->on_errors |= ON_ERRORS_CONTINUE; 309 vol->on_errors |= ON_ERRORS_CONTINUE;
286 if (uid != (uid_t)-1) 310 if (uid_valid(uid))
287 vol->uid = uid; 311 vol->uid = uid;
288 if (gid != (gid_t)-1) 312 if (gid_valid(gid))
289 vol->gid = gid; 313 vol->gid = gid;
290 if (fmask != (umode_t)-1) 314 if (fmask != (umode_t)-1)
291 vol->fmask = fmask; 315 vol->fmask = fmask;
@@ -1023,7 +1047,8 @@ static bool load_and_init_mft_mirror(ntfs_volume *vol)
1023 * ntfs_read_inode() will have set up the default ones. 1047 * ntfs_read_inode() will have set up the default ones.
1024 */ 1048 */
1025 /* Set uid and gid to root. */ 1049 /* Set uid and gid to root. */
1026 tmp_ino->i_uid = tmp_ino->i_gid = 0; 1050 tmp_ino->i_uid = GLOBAL_ROOT_UID;
1051 tmp_ino->i_gid = GLOBAL_ROOT_GID;
1027 /* Regular file. No access for anyone. */ 1052 /* Regular file. No access for anyone. */
1028 tmp_ino->i_mode = S_IFREG; 1053 tmp_ino->i_mode = S_IFREG;
1029 /* No VFS initiated operations allowed for $MFTMirr. */ 1054 /* No VFS initiated operations allowed for $MFTMirr. */
diff --git a/fs/ntfs/volume.h b/fs/ntfs/volume.h
index 15e3ba8d521a..4f579b02bc76 100644
--- a/fs/ntfs/volume.h
+++ b/fs/ntfs/volume.h
@@ -25,6 +25,7 @@
25#define _LINUX_NTFS_VOLUME_H 25#define _LINUX_NTFS_VOLUME_H
26 26
27#include <linux/rwsem.h> 27#include <linux/rwsem.h>
28#include <linux/uidgid.h>
28 29
29#include "types.h" 30#include "types.h"
30#include "layout.h" 31#include "layout.h"
@@ -46,8 +47,8 @@ typedef struct {
46 sized blocks on the device. */ 47 sized blocks on the device. */
47 /* Configuration provided by user at mount time. */ 48 /* Configuration provided by user at mount time. */
48 unsigned long flags; /* Miscellaneous flags, see below. */ 49 unsigned long flags; /* Miscellaneous flags, see below. */
49 uid_t uid; /* uid that files will be mounted as. */ 50 kuid_t uid; /* uid that files will be mounted as. */
50 gid_t gid; /* gid that files will be mounted as. */ 51 kgid_t gid; /* gid that files will be mounted as. */
51 umode_t fmask; /* The mask for file permissions. */ 52 umode_t fmask; /* The mask for file permissions. */
52 umode_t dmask; /* The mask for directory 53 umode_t dmask; /* The mask for directory
53 permissions. */ 54 permissions. */
diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c
index a7219075b4de..260b16281fc3 100644
--- a/fs/ocfs2/acl.c
+++ b/fs/ocfs2/acl.c
@@ -452,7 +452,7 @@ static int ocfs2_xattr_get_acl(struct dentry *dentry, const char *name,
452 return PTR_ERR(acl); 452 return PTR_ERR(acl);
453 if (acl == NULL) 453 if (acl == NULL)
454 return -ENODATA; 454 return -ENODATA;
455 ret = posix_acl_to_xattr(acl, buffer, size); 455 ret = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
456 posix_acl_release(acl); 456 posix_acl_release(acl);
457 457
458 return ret; 458 return ret;
@@ -475,7 +475,7 @@ static int ocfs2_xattr_set_acl(struct dentry *dentry, const char *name,
475 return -EPERM; 475 return -EPERM;
476 476
477 if (value) { 477 if (value) {
478 acl = posix_acl_from_xattr(value, size); 478 acl = posix_acl_from_xattr(&init_user_ns, value, size);
479 if (IS_ERR(acl)) 479 if (IS_ERR(acl))
480 return PTR_ERR(acl); 480 return PTR_ERR(acl);
481 else if (acl) { 481 else if (acl) {
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 46a1f6d75104..5a4ee77cec51 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -1184,8 +1184,7 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
1184 if (attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid 1184 if (attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid
1185 && OCFS2_HAS_RO_COMPAT_FEATURE(sb, 1185 && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
1186 OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) { 1186 OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) {
1187 transfer_to[USRQUOTA] = dqget(sb, attr->ia_uid, 1187 transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(attr->ia_uid));
1188 USRQUOTA);
1189 if (!transfer_to[USRQUOTA]) { 1188 if (!transfer_to[USRQUOTA]) {
1190 status = -ESRCH; 1189 status = -ESRCH;
1191 goto bail_unlock; 1190 goto bail_unlock;
@@ -1194,8 +1193,7 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
1194 if (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid 1193 if (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid
1195 && OCFS2_HAS_RO_COMPAT_FEATURE(sb, 1194 && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
1196 OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) { 1195 OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) {
1197 transfer_to[GRPQUOTA] = dqget(sb, attr->ia_gid, 1196 transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(attr->ia_gid));
1198 GRPQUOTA);
1199 if (!transfer_to[GRPQUOTA]) { 1197 if (!transfer_to[GRPQUOTA]) {
1200 status = -ESRCH; 1198 status = -ESRCH;
1201 goto bail_unlock; 1199 goto bail_unlock;
diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c
index 0a86e302655f..332a281f217e 100644
--- a/fs/ocfs2/quota_global.c
+++ b/fs/ocfs2/quota_global.c
@@ -95,7 +95,7 @@ static void ocfs2_global_mem2diskdqb(void *dp, struct dquot *dquot)
95 struct ocfs2_global_disk_dqblk *d = dp; 95 struct ocfs2_global_disk_dqblk *d = dp;
96 struct mem_dqblk *m = &dquot->dq_dqb; 96 struct mem_dqblk *m = &dquot->dq_dqb;
97 97
98 d->dqb_id = cpu_to_le32(dquot->dq_id); 98 d->dqb_id = cpu_to_le32(from_kqid(&init_user_ns, dquot->dq_id));
99 d->dqb_use_count = cpu_to_le32(OCFS2_DQUOT(dquot)->dq_use_count); 99 d->dqb_use_count = cpu_to_le32(OCFS2_DQUOT(dquot)->dq_use_count);
100 d->dqb_ihardlimit = cpu_to_le64(m->dqb_ihardlimit); 100 d->dqb_ihardlimit = cpu_to_le64(m->dqb_ihardlimit);
101 d->dqb_isoftlimit = cpu_to_le64(m->dqb_isoftlimit); 101 d->dqb_isoftlimit = cpu_to_le64(m->dqb_isoftlimit);
@@ -112,11 +112,14 @@ static int ocfs2_global_is_id(void *dp, struct dquot *dquot)
112{ 112{
113 struct ocfs2_global_disk_dqblk *d = dp; 113 struct ocfs2_global_disk_dqblk *d = dp;
114 struct ocfs2_mem_dqinfo *oinfo = 114 struct ocfs2_mem_dqinfo *oinfo =
115 sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv; 115 sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv;
116 116
117 if (qtree_entry_unused(&oinfo->dqi_gi, dp)) 117 if (qtree_entry_unused(&oinfo->dqi_gi, dp))
118 return 0; 118 return 0;
119 return le32_to_cpu(d->dqb_id) == dquot->dq_id; 119
120 return qid_eq(make_kqid(&init_user_ns, dquot->dq_id.type,
121 le32_to_cpu(d->dqb_id)),
122 dquot->dq_id);
120} 123}
121 124
122struct qtree_fmt_operations ocfs2_global_ops = { 125struct qtree_fmt_operations ocfs2_global_ops = {
@@ -475,7 +478,7 @@ int __ocfs2_sync_dquot(struct dquot *dquot, int freeing)
475{ 478{
476 int err, err2; 479 int err, err2;
477 struct super_block *sb = dquot->dq_sb; 480 struct super_block *sb = dquot->dq_sb;
478 int type = dquot->dq_type; 481 int type = dquot->dq_id.type;
479 struct ocfs2_mem_dqinfo *info = sb_dqinfo(sb, type)->dqi_priv; 482 struct ocfs2_mem_dqinfo *info = sb_dqinfo(sb, type)->dqi_priv;
480 struct ocfs2_global_disk_dqblk dqblk; 483 struct ocfs2_global_disk_dqblk dqblk;
481 s64 spacechange, inodechange; 484 s64 spacechange, inodechange;
@@ -504,7 +507,8 @@ int __ocfs2_sync_dquot(struct dquot *dquot, int freeing)
504 olditime = dquot->dq_dqb.dqb_itime; 507 olditime = dquot->dq_dqb.dqb_itime;
505 oldbtime = dquot->dq_dqb.dqb_btime; 508 oldbtime = dquot->dq_dqb.dqb_btime;
506 ocfs2_global_disk2memdqb(dquot, &dqblk); 509 ocfs2_global_disk2memdqb(dquot, &dqblk);
507 trace_ocfs2_sync_dquot(dquot->dq_id, dquot->dq_dqb.dqb_curspace, 510 trace_ocfs2_sync_dquot(from_kqid(&init_user_ns, dquot->dq_id),
511 dquot->dq_dqb.dqb_curspace,
508 (long long)spacechange, 512 (long long)spacechange,
509 dquot->dq_dqb.dqb_curinodes, 513 dquot->dq_dqb.dqb_curinodes,
510 (long long)inodechange); 514 (long long)inodechange);
@@ -555,8 +559,8 @@ int __ocfs2_sync_dquot(struct dquot *dquot, int freeing)
555 err = ocfs2_qinfo_lock(info, freeing); 559 err = ocfs2_qinfo_lock(info, freeing);
556 if (err < 0) { 560 if (err < 0) {
557 mlog(ML_ERROR, "Failed to lock quota info, losing quota write" 561 mlog(ML_ERROR, "Failed to lock quota info, losing quota write"
558 " (type=%d, id=%u)\n", dquot->dq_type, 562 " (type=%d, id=%u)\n", dquot->dq_id.type,
559 (unsigned)dquot->dq_id); 563 (unsigned)from_kqid(&init_user_ns, dquot->dq_id));
560 goto out; 564 goto out;
561 } 565 }
562 if (freeing) 566 if (freeing)
@@ -591,9 +595,10 @@ static int ocfs2_sync_dquot_helper(struct dquot *dquot, unsigned long type)
591 struct ocfs2_super *osb = OCFS2_SB(sb); 595 struct ocfs2_super *osb = OCFS2_SB(sb);
592 int status = 0; 596 int status = 0;
593 597
594 trace_ocfs2_sync_dquot_helper(dquot->dq_id, dquot->dq_type, 598 trace_ocfs2_sync_dquot_helper(from_kqid(&init_user_ns, dquot->dq_id),
599 dquot->dq_id.type,
595 type, sb->s_id); 600 type, sb->s_id);
596 if (type != dquot->dq_type) 601 if (type != dquot->dq_id.type)
597 goto out; 602 goto out;
598 status = ocfs2_lock_global_qf(oinfo, 1); 603 status = ocfs2_lock_global_qf(oinfo, 1);
599 if (status < 0) 604 if (status < 0)
@@ -643,7 +648,8 @@ static int ocfs2_write_dquot(struct dquot *dquot)
643 struct ocfs2_super *osb = OCFS2_SB(dquot->dq_sb); 648 struct ocfs2_super *osb = OCFS2_SB(dquot->dq_sb);
644 int status = 0; 649 int status = 0;
645 650
646 trace_ocfs2_write_dquot(dquot->dq_id, dquot->dq_type); 651 trace_ocfs2_write_dquot(from_kqid(&init_user_ns, dquot->dq_id),
652 dquot->dq_id.type);
647 653
648 handle = ocfs2_start_trans(osb, OCFS2_QWRITE_CREDITS); 654 handle = ocfs2_start_trans(osb, OCFS2_QWRITE_CREDITS);
649 if (IS_ERR(handle)) { 655 if (IS_ERR(handle)) {
@@ -677,11 +683,12 @@ static int ocfs2_release_dquot(struct dquot *dquot)
677{ 683{
678 handle_t *handle; 684 handle_t *handle;
679 struct ocfs2_mem_dqinfo *oinfo = 685 struct ocfs2_mem_dqinfo *oinfo =
680 sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv; 686 sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv;
681 struct ocfs2_super *osb = OCFS2_SB(dquot->dq_sb); 687 struct ocfs2_super *osb = OCFS2_SB(dquot->dq_sb);
682 int status = 0; 688 int status = 0;
683 689
684 trace_ocfs2_release_dquot(dquot->dq_id, dquot->dq_type); 690 trace_ocfs2_release_dquot(from_kqid(&init_user_ns, dquot->dq_id),
691 dquot->dq_id.type);
685 692
686 mutex_lock(&dquot->dq_lock); 693 mutex_lock(&dquot->dq_lock);
687 /* Check whether we are not racing with some other dqget() */ 694 /* Check whether we are not racing with some other dqget() */
@@ -691,7 +698,7 @@ static int ocfs2_release_dquot(struct dquot *dquot)
691 if (status < 0) 698 if (status < 0)
692 goto out; 699 goto out;
693 handle = ocfs2_start_trans(osb, 700 handle = ocfs2_start_trans(osb,
694 ocfs2_calc_qdel_credits(dquot->dq_sb, dquot->dq_type)); 701 ocfs2_calc_qdel_credits(dquot->dq_sb, dquot->dq_id.type));
695 if (IS_ERR(handle)) { 702 if (IS_ERR(handle)) {
696 status = PTR_ERR(handle); 703 status = PTR_ERR(handle);
697 mlog_errno(status); 704 mlog_errno(status);
@@ -733,13 +740,14 @@ static int ocfs2_acquire_dquot(struct dquot *dquot)
733 int ex = 0; 740 int ex = 0;
734 struct super_block *sb = dquot->dq_sb; 741 struct super_block *sb = dquot->dq_sb;
735 struct ocfs2_super *osb = OCFS2_SB(sb); 742 struct ocfs2_super *osb = OCFS2_SB(sb);
736 int type = dquot->dq_type; 743 int type = dquot->dq_id.type;
737 struct ocfs2_mem_dqinfo *info = sb_dqinfo(sb, type)->dqi_priv; 744 struct ocfs2_mem_dqinfo *info = sb_dqinfo(sb, type)->dqi_priv;
738 struct inode *gqinode = info->dqi_gqinode; 745 struct inode *gqinode = info->dqi_gqinode;
739 int need_alloc = ocfs2_global_qinit_alloc(sb, type); 746 int need_alloc = ocfs2_global_qinit_alloc(sb, type);
740 handle_t *handle; 747 handle_t *handle;
741 748
742 trace_ocfs2_acquire_dquot(dquot->dq_id, type); 749 trace_ocfs2_acquire_dquot(from_kqid(&init_user_ns, dquot->dq_id),
750 type);
743 mutex_lock(&dquot->dq_lock); 751 mutex_lock(&dquot->dq_lock);
744 /* 752 /*
745 * We need an exclusive lock, because we're going to update use count 753 * We need an exclusive lock, because we're going to update use count
@@ -821,12 +829,13 @@ static int ocfs2_mark_dquot_dirty(struct dquot *dquot)
821 int sync = 0; 829 int sync = 0;
822 int status; 830 int status;
823 struct super_block *sb = dquot->dq_sb; 831 struct super_block *sb = dquot->dq_sb;
824 int type = dquot->dq_type; 832 int type = dquot->dq_id.type;
825 struct ocfs2_mem_dqinfo *oinfo = sb_dqinfo(sb, type)->dqi_priv; 833 struct ocfs2_mem_dqinfo *oinfo = sb_dqinfo(sb, type)->dqi_priv;
826 handle_t *handle; 834 handle_t *handle;
827 struct ocfs2_super *osb = OCFS2_SB(sb); 835 struct ocfs2_super *osb = OCFS2_SB(sb);
828 836
829 trace_ocfs2_mark_dquot_dirty(dquot->dq_id, type); 837 trace_ocfs2_mark_dquot_dirty(from_kqid(&init_user_ns, dquot->dq_id),
838 type);
830 839
831 /* In case user set some limits, sync dquot immediately to global 840 /* In case user set some limits, sync dquot immediately to global
832 * quota file so that information propagates quicker */ 841 * quota file so that information propagates quicker */
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index f100bf70a906..27fe7ee4874c 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -501,7 +501,9 @@ static int ocfs2_recover_local_quota_file(struct inode *lqinode,
501 } 501 }
502 dqblk = (struct ocfs2_local_disk_dqblk *)(qbh->b_data + 502 dqblk = (struct ocfs2_local_disk_dqblk *)(qbh->b_data +
503 ol_dqblk_block_off(sb, chunk, bit)); 503 ol_dqblk_block_off(sb, chunk, bit));
504 dquot = dqget(sb, le64_to_cpu(dqblk->dqb_id), type); 504 dquot = dqget(sb,
505 make_kqid(&init_user_ns, type,
506 le64_to_cpu(dqblk->dqb_id)));
505 if (!dquot) { 507 if (!dquot) {
506 status = -EIO; 508 status = -EIO;
507 mlog(ML_ERROR, "Failed to get quota structure " 509 mlog(ML_ERROR, "Failed to get quota structure "
@@ -881,7 +883,8 @@ static void olq_set_dquot(struct buffer_head *bh, void *private)
881 dqblk = (struct ocfs2_local_disk_dqblk *)(bh->b_data 883 dqblk = (struct ocfs2_local_disk_dqblk *)(bh->b_data
882 + ol_dqblk_block_offset(sb, od->dq_local_off)); 884 + ol_dqblk_block_offset(sb, od->dq_local_off));
883 885
884 dqblk->dqb_id = cpu_to_le64(od->dq_dquot.dq_id); 886 dqblk->dqb_id = cpu_to_le64(from_kqid(&init_user_ns,
887 od->dq_dquot.dq_id));
885 spin_lock(&dq_data_lock); 888 spin_lock(&dq_data_lock);
886 dqblk->dqb_spacemod = cpu_to_le64(od->dq_dquot.dq_dqb.dqb_curspace - 889 dqblk->dqb_spacemod = cpu_to_le64(od->dq_dquot.dq_dqb.dqb_curspace -
887 od->dq_origspace); 890 od->dq_origspace);
@@ -891,7 +894,7 @@ static void olq_set_dquot(struct buffer_head *bh, void *private)
891 trace_olq_set_dquot( 894 trace_olq_set_dquot(
892 (unsigned long long)le64_to_cpu(dqblk->dqb_spacemod), 895 (unsigned long long)le64_to_cpu(dqblk->dqb_spacemod),
893 (unsigned long long)le64_to_cpu(dqblk->dqb_inodemod), 896 (unsigned long long)le64_to_cpu(dqblk->dqb_inodemod),
894 od->dq_dquot.dq_id); 897 from_kqid(&init_user_ns, od->dq_dquot.dq_id));
895} 898}
896 899
897/* Write dquot to local quota file */ 900/* Write dquot to local quota file */
@@ -900,7 +903,7 @@ int ocfs2_local_write_dquot(struct dquot *dquot)
900 struct super_block *sb = dquot->dq_sb; 903 struct super_block *sb = dquot->dq_sb;
901 struct ocfs2_dquot *od = OCFS2_DQUOT(dquot); 904 struct ocfs2_dquot *od = OCFS2_DQUOT(dquot);
902 struct buffer_head *bh; 905 struct buffer_head *bh;
903 struct inode *lqinode = sb_dqopt(sb)->files[dquot->dq_type]; 906 struct inode *lqinode = sb_dqopt(sb)->files[dquot->dq_id.type];
904 int status; 907 int status;
905 908
906 status = ocfs2_read_quota_phys_block(lqinode, od->dq_local_phys_blk, 909 status = ocfs2_read_quota_phys_block(lqinode, od->dq_local_phys_blk,
@@ -1221,7 +1224,7 @@ static void olq_alloc_dquot(struct buffer_head *bh, void *private)
1221int ocfs2_create_local_dquot(struct dquot *dquot) 1224int ocfs2_create_local_dquot(struct dquot *dquot)
1222{ 1225{
1223 struct super_block *sb = dquot->dq_sb; 1226 struct super_block *sb = dquot->dq_sb;
1224 int type = dquot->dq_type; 1227 int type = dquot->dq_id.type;
1225 struct inode *lqinode = sb_dqopt(sb)->files[type]; 1228 struct inode *lqinode = sb_dqopt(sb)->files[type];
1226 struct ocfs2_quota_chunk *chunk; 1229 struct ocfs2_quota_chunk *chunk;
1227 struct ocfs2_dquot *od = OCFS2_DQUOT(dquot); 1230 struct ocfs2_dquot *od = OCFS2_DQUOT(dquot);
@@ -1275,7 +1278,7 @@ out:
1275int ocfs2_local_release_dquot(handle_t *handle, struct dquot *dquot) 1278int ocfs2_local_release_dquot(handle_t *handle, struct dquot *dquot)
1276{ 1279{
1277 int status; 1280 int status;
1278 int type = dquot->dq_type; 1281 int type = dquot->dq_id.type;
1279 struct ocfs2_dquot *od = OCFS2_DQUOT(dquot); 1282 struct ocfs2_dquot *od = OCFS2_DQUOT(dquot);
1280 struct super_block *sb = dquot->dq_sb; 1283 struct super_block *sb = dquot->dq_sb;
1281 struct ocfs2_local_disk_chunk *dchunk; 1284 struct ocfs2_local_disk_chunk *dchunk;
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index e6213b3725d1..25d715c7c87a 100644
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -391,12 +391,16 @@ static int parse_options(char *options, struct omfs_sb_info *sbi)
391 case Opt_uid: 391 case Opt_uid:
392 if (match_int(&args[0], &option)) 392 if (match_int(&args[0], &option))
393 return 0; 393 return 0;
394 sbi->s_uid = option; 394 sbi->s_uid = make_kuid(current_user_ns(), option);
395 if (!uid_valid(sbi->s_uid))
396 return 0;
395 break; 397 break;
396 case Opt_gid: 398 case Opt_gid:
397 if (match_int(&args[0], &option)) 399 if (match_int(&args[0], &option))
398 return 0; 400 return 0;
399 sbi->s_gid = option; 401 sbi->s_gid = make_kgid(current_user_ns(), option);
402 if (!gid_valid(sbi->s_gid))
403 return 0;
400 break; 404 break;
401 case Opt_umask: 405 case Opt_umask:
402 if (match_octal(&args[0], &option)) 406 if (match_octal(&args[0], &option))
diff --git a/fs/omfs/omfs.h b/fs/omfs/omfs.h
index 8941f12c6b01..f0f8bc75e609 100644
--- a/fs/omfs/omfs.h
+++ b/fs/omfs/omfs.h
@@ -19,8 +19,8 @@ struct omfs_sb_info {
19 unsigned long **s_imap; 19 unsigned long **s_imap;
20 int s_imap_size; 20 int s_imap_size;
21 struct mutex s_bitmap_lock; 21 struct mutex s_bitmap_lock;
22 int s_uid; 22 kuid_t s_uid;
23 int s_gid; 23 kgid_t s_gid;
24 int s_dmask; 24 int s_dmask;
25 int s_fmask; 25 int s_fmask;
26}; 26};
diff --git a/fs/open.c b/fs/open.c
index e1f2cdb91a4d..b0bae3a41825 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -534,7 +534,7 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
534 newattrs.ia_valid |= 534 newattrs.ia_valid |=
535 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; 535 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
536 mutex_lock(&inode->i_mutex); 536 mutex_lock(&inode->i_mutex);
537 error = security_path_chown(path, user, group); 537 error = security_path_chown(path, uid, gid);
538 if (!error) 538 if (!error)
539 error = notify_change(path->dentry, &newattrs); 539 error = notify_change(path->dentry, &newattrs);
540 mutex_unlock(&inode->i_mutex); 540 mutex_unlock(&inode->i_mutex);
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 5e325a42e33d..8bd2135b7f82 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -78,7 +78,8 @@ posix_acl_valid(const struct posix_acl *acl)
78{ 78{
79 const struct posix_acl_entry *pa, *pe; 79 const struct posix_acl_entry *pa, *pe;
80 int state = ACL_USER_OBJ; 80 int state = ACL_USER_OBJ;
81 unsigned int id = 0; /* keep gcc happy */ 81 kuid_t prev_uid = INVALID_UID;
82 kgid_t prev_gid = INVALID_GID;
82 int needs_mask = 0; 83 int needs_mask = 0;
83 84
84 FOREACH_ACL_ENTRY(pa, acl, pe) { 85 FOREACH_ACL_ENTRY(pa, acl, pe) {
@@ -87,7 +88,6 @@ posix_acl_valid(const struct posix_acl *acl)
87 switch (pa->e_tag) { 88 switch (pa->e_tag) {
88 case ACL_USER_OBJ: 89 case ACL_USER_OBJ:
89 if (state == ACL_USER_OBJ) { 90 if (state == ACL_USER_OBJ) {
90 id = 0;
91 state = ACL_USER; 91 state = ACL_USER;
92 break; 92 break;
93 } 93 }
@@ -96,16 +96,17 @@ posix_acl_valid(const struct posix_acl *acl)
96 case ACL_USER: 96 case ACL_USER:
97 if (state != ACL_USER) 97 if (state != ACL_USER)
98 return -EINVAL; 98 return -EINVAL;
99 if (pa->e_id == ACL_UNDEFINED_ID || 99 if (!uid_valid(pa->e_uid))
100 pa->e_id < id)
101 return -EINVAL; 100 return -EINVAL;
102 id = pa->e_id + 1; 101 if (uid_valid(prev_uid) &&
102 uid_lte(pa->e_uid, prev_uid))
103 return -EINVAL;
104 prev_uid = pa->e_uid;
103 needs_mask = 1; 105 needs_mask = 1;
104 break; 106 break;
105 107
106 case ACL_GROUP_OBJ: 108 case ACL_GROUP_OBJ:
107 if (state == ACL_USER) { 109 if (state == ACL_USER) {
108 id = 0;
109 state = ACL_GROUP; 110 state = ACL_GROUP;
110 break; 111 break;
111 } 112 }
@@ -114,10 +115,12 @@ posix_acl_valid(const struct posix_acl *acl)
114 case ACL_GROUP: 115 case ACL_GROUP:
115 if (state != ACL_GROUP) 116 if (state != ACL_GROUP)
116 return -EINVAL; 117 return -EINVAL;
117 if (pa->e_id == ACL_UNDEFINED_ID || 118 if (!gid_valid(pa->e_gid))
118 pa->e_id < id) 119 return -EINVAL;
120 if (gid_valid(prev_gid) &&
121 gid_lte(pa->e_gid, prev_gid))
119 return -EINVAL; 122 return -EINVAL;
120 id = pa->e_id + 1; 123 prev_gid = pa->e_gid;
121 needs_mask = 1; 124 needs_mask = 1;
122 break; 125 break;
123 126
@@ -195,15 +198,12 @@ posix_acl_from_mode(umode_t mode, gfp_t flags)
195 return ERR_PTR(-ENOMEM); 198 return ERR_PTR(-ENOMEM);
196 199
197 acl->a_entries[0].e_tag = ACL_USER_OBJ; 200 acl->a_entries[0].e_tag = ACL_USER_OBJ;
198 acl->a_entries[0].e_id = ACL_UNDEFINED_ID;
199 acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; 201 acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6;
200 202
201 acl->a_entries[1].e_tag = ACL_GROUP_OBJ; 203 acl->a_entries[1].e_tag = ACL_GROUP_OBJ;
202 acl->a_entries[1].e_id = ACL_UNDEFINED_ID;
203 acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; 204 acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3;
204 205
205 acl->a_entries[2].e_tag = ACL_OTHER; 206 acl->a_entries[2].e_tag = ACL_OTHER;
206 acl->a_entries[2].e_id = ACL_UNDEFINED_ID;
207 acl->a_entries[2].e_perm = (mode & S_IRWXO); 207 acl->a_entries[2].e_perm = (mode & S_IRWXO);
208 return acl; 208 return acl;
209} 209}
@@ -224,11 +224,11 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
224 switch(pa->e_tag) { 224 switch(pa->e_tag) {
225 case ACL_USER_OBJ: 225 case ACL_USER_OBJ:
226 /* (May have been checked already) */ 226 /* (May have been checked already) */
227 if (inode->i_uid == current_fsuid()) 227 if (uid_eq(inode->i_uid, current_fsuid()))
228 goto check_perm; 228 goto check_perm;
229 break; 229 break;
230 case ACL_USER: 230 case ACL_USER:
231 if (pa->e_id == current_fsuid()) 231 if (uid_eq(pa->e_uid, current_fsuid()))
232 goto mask; 232 goto mask;
233 break; 233 break;
234 case ACL_GROUP_OBJ: 234 case ACL_GROUP_OBJ:
@@ -239,7 +239,7 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
239 } 239 }
240 break; 240 break;
241 case ACL_GROUP: 241 case ACL_GROUP:
242 if (in_group_p(pa->e_id)) { 242 if (in_group_p(pa->e_gid)) {
243 found = 1; 243 found = 1;
244 if ((pa->e_perm & want) == want) 244 if ((pa->e_perm & want) == want)
245 goto mask; 245 goto mask;
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 1b6c84cbdb73..acd1960c28a2 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1089,7 +1089,8 @@ static ssize_t proc_loginuid_read(struct file * file, char __user * buf,
1089 if (!task) 1089 if (!task)
1090 return -ESRCH; 1090 return -ESRCH;
1091 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1091 length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1092 audit_get_loginuid(task)); 1092 from_kuid(file->f_cred->user_ns,
1093 audit_get_loginuid(task)));
1093 put_task_struct(task); 1094 put_task_struct(task);
1094 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1095 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1095} 1096}
@@ -1101,6 +1102,7 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
1101 char *page, *tmp; 1102 char *page, *tmp;
1102 ssize_t length; 1103 ssize_t length;
1103 uid_t loginuid; 1104 uid_t loginuid;
1105 kuid_t kloginuid;
1104 1106
1105 rcu_read_lock(); 1107 rcu_read_lock();
1106 if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) { 1108 if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) {
@@ -1130,7 +1132,13 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
1130 goto out_free_page; 1132 goto out_free_page;
1131 1133
1132 } 1134 }
1133 length = audit_set_loginuid(loginuid); 1135 kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
1136 if (!uid_valid(kloginuid)) {
1137 length = -EINVAL;
1138 goto out_free_page;
1139 }
1140
1141 length = audit_set_loginuid(kloginuid);
1134 if (likely(length == 0)) 1142 if (likely(length == 0))
1135 length = count; 1143 length = count;
1136 1144
@@ -2983,6 +2991,11 @@ static int proc_gid_map_open(struct inode *inode, struct file *file)
2983 return proc_id_map_open(inode, file, &proc_gid_seq_operations); 2991 return proc_id_map_open(inode, file, &proc_gid_seq_operations);
2984} 2992}
2985 2993
2994static int proc_projid_map_open(struct inode *inode, struct file *file)
2995{
2996 return proc_id_map_open(inode, file, &proc_projid_seq_operations);
2997}
2998
2986static const struct file_operations proc_uid_map_operations = { 2999static const struct file_operations proc_uid_map_operations = {
2987 .open = proc_uid_map_open, 3000 .open = proc_uid_map_open,
2988 .write = proc_uid_map_write, 3001 .write = proc_uid_map_write,
@@ -2998,6 +3011,14 @@ static const struct file_operations proc_gid_map_operations = {
2998 .llseek = seq_lseek, 3011 .llseek = seq_lseek,
2999 .release = proc_id_map_release, 3012 .release = proc_id_map_release,
3000}; 3013};
3014
3015static const struct file_operations proc_projid_map_operations = {
3016 .open = proc_projid_map_open,
3017 .write = proc_projid_map_write,
3018 .read = seq_read,
3019 .llseek = seq_lseek,
3020 .release = proc_id_map_release,
3021};
3001#endif /* CONFIG_USER_NS */ 3022#endif /* CONFIG_USER_NS */
3002 3023
3003static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, 3024static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns,
@@ -3105,6 +3126,7 @@ static const struct pid_entry tgid_base_stuff[] = {
3105#ifdef CONFIG_USER_NS 3126#ifdef CONFIG_USER_NS
3106 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), 3127 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
3107 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), 3128 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
3129 REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations),
3108#endif 3130#endif
3109}; 3131};
3110 3132
@@ -3468,6 +3490,7 @@ static const struct pid_entry tid_base_stuff[] = {
3468#ifdef CONFIG_USER_NS 3490#ifdef CONFIG_USER_NS
3469 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), 3491 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
3470 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), 3492 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
3493 REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations),
3471#endif 3494#endif
3472}; 3495};
3473 3496
diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
index 552e994e3aa1..5c3c7b02e17b 100644
--- a/fs/qnx4/inode.c
+++ b/fs/qnx4/inode.c
@@ -312,8 +312,8 @@ struct inode *qnx4_iget(struct super_block *sb, unsigned long ino)
312 (ino % QNX4_INODES_PER_BLOCK); 312 (ino % QNX4_INODES_PER_BLOCK);
313 313
314 inode->i_mode = le16_to_cpu(raw_inode->di_mode); 314 inode->i_mode = le16_to_cpu(raw_inode->di_mode);
315 inode->i_uid = (uid_t)le16_to_cpu(raw_inode->di_uid); 315 i_uid_write(inode, (uid_t)le16_to_cpu(raw_inode->di_uid));
316 inode->i_gid = (gid_t)le16_to_cpu(raw_inode->di_gid); 316 i_gid_write(inode, (gid_t)le16_to_cpu(raw_inode->di_gid));
317 set_nlink(inode, le16_to_cpu(raw_inode->di_nlink)); 317 set_nlink(inode, le16_to_cpu(raw_inode->di_nlink));
318 inode->i_size = le32_to_cpu(raw_inode->di_size); 318 inode->i_size = le32_to_cpu(raw_inode->di_size);
319 inode->i_mtime.tv_sec = le32_to_cpu(raw_inode->di_mtime); 319 inode->i_mtime.tv_sec = le32_to_cpu(raw_inode->di_mtime);
diff --git a/fs/qnx6/inode.c b/fs/qnx6/inode.c
index 2049c814bda4..f4eef0b5e7b5 100644
--- a/fs/qnx6/inode.c
+++ b/fs/qnx6/inode.c
@@ -574,8 +574,8 @@ struct inode *qnx6_iget(struct super_block *sb, unsigned ino)
574 raw_inode = ((struct qnx6_inode_entry *)page_address(page)) + offs; 574 raw_inode = ((struct qnx6_inode_entry *)page_address(page)) + offs;
575 575
576 inode->i_mode = fs16_to_cpu(sbi, raw_inode->di_mode); 576 inode->i_mode = fs16_to_cpu(sbi, raw_inode->di_mode);
577 inode->i_uid = (uid_t)fs32_to_cpu(sbi, raw_inode->di_uid); 577 i_uid_write(inode, (uid_t)fs32_to_cpu(sbi, raw_inode->di_uid));
578 inode->i_gid = (gid_t)fs32_to_cpu(sbi, raw_inode->di_gid); 578 i_gid_write(inode, (gid_t)fs32_to_cpu(sbi, raw_inode->di_gid));
579 inode->i_size = fs64_to_cpu(sbi, raw_inode->di_size); 579 inode->i_size = fs64_to_cpu(sbi, raw_inode->di_size);
580 inode->i_mtime.tv_sec = fs32_to_cpu(sbi, raw_inode->di_mtime); 580 inode->i_mtime.tv_sec = fs32_to_cpu(sbi, raw_inode->di_mtime);
581 inode->i_mtime.tv_nsec = 0; 581 inode->i_mtime.tv_nsec = 0;
diff --git a/fs/quota/Makefile b/fs/quota/Makefile
index 5f9e9e276af0..c66c37cdaa39 100644
--- a/fs/quota/Makefile
+++ b/fs/quota/Makefile
@@ -2,6 +2,6 @@ obj-$(CONFIG_QUOTA) += dquot.o
2obj-$(CONFIG_QFMT_V1) += quota_v1.o 2obj-$(CONFIG_QFMT_V1) += quota_v1.o
3obj-$(CONFIG_QFMT_V2) += quota_v2.o 3obj-$(CONFIG_QFMT_V2) += quota_v2.o
4obj-$(CONFIG_QUOTA_TREE) += quota_tree.o 4obj-$(CONFIG_QUOTA_TREE) += quota_tree.o
5obj-$(CONFIG_QUOTACTL) += quota.o 5obj-$(CONFIG_QUOTACTL) += quota.o kqid.o
6obj-$(CONFIG_QUOTACTL_COMPAT) += compat.o 6obj-$(CONFIG_QUOTACTL_COMPAT) += compat.o
7obj-$(CONFIG_QUOTA_NETLINK_INTERFACE) += netlink.o 7obj-$(CONFIG_QUOTA_NETLINK_INTERFACE) += netlink.o
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index c495a3055e2a..557a9c20a215 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -253,8 +253,10 @@ static qsize_t inode_get_rsv_space(struct inode *inode);
253static void __dquot_initialize(struct inode *inode, int type); 253static void __dquot_initialize(struct inode *inode, int type);
254 254
255static inline unsigned int 255static inline unsigned int
256hashfn(const struct super_block *sb, unsigned int id, int type) 256hashfn(const struct super_block *sb, struct kqid qid)
257{ 257{
258 unsigned int id = from_kqid(&init_user_ns, qid);
259 int type = qid.type;
258 unsigned long tmp; 260 unsigned long tmp;
259 261
260 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 262 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type);
@@ -267,7 +269,7 @@ hashfn(const struct super_block *sb, unsigned int id, int type)
267static inline void insert_dquot_hash(struct dquot *dquot) 269static inline void insert_dquot_hash(struct dquot *dquot)
268{ 270{
269 struct hlist_head *head; 271 struct hlist_head *head;
270 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id, dquot->dq_type); 272 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id);
271 hlist_add_head(&dquot->dq_hash, head); 273 hlist_add_head(&dquot->dq_hash, head);
272} 274}
273 275
@@ -277,15 +279,14 @@ static inline void remove_dquot_hash(struct dquot *dquot)
277} 279}
278 280
279static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 281static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb,
280 unsigned int id, int type) 282 struct kqid qid)
281{ 283{
282 struct hlist_node *node; 284 struct hlist_node *node;
283 struct dquot *dquot; 285 struct dquot *dquot;
284 286
285 hlist_for_each (node, dquot_hash+hashent) { 287 hlist_for_each (node, dquot_hash+hashent) {
286 dquot = hlist_entry(node, struct dquot, dq_hash); 288 dquot = hlist_entry(node, struct dquot, dq_hash);
287 if (dquot->dq_sb == sb && dquot->dq_id == id && 289 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid))
288 dquot->dq_type == type)
289 return dquot; 290 return dquot;
290 } 291 }
291 return NULL; 292 return NULL;
@@ -351,7 +352,7 @@ int dquot_mark_dquot_dirty(struct dquot *dquot)
351 spin_lock(&dq_list_lock); 352 spin_lock(&dq_list_lock);
352 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 353 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) {
353 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 354 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)->
354 info[dquot->dq_type].dqi_dirty_list); 355 info[dquot->dq_id.type].dqi_dirty_list);
355 ret = 0; 356 ret = 0;
356 } 357 }
357 spin_unlock(&dq_list_lock); 358 spin_unlock(&dq_list_lock);
@@ -410,17 +411,17 @@ int dquot_acquire(struct dquot *dquot)
410 mutex_lock(&dquot->dq_lock); 411 mutex_lock(&dquot->dq_lock);
411 mutex_lock(&dqopt->dqio_mutex); 412 mutex_lock(&dqopt->dqio_mutex);
412 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) 413 if (!test_bit(DQ_READ_B, &dquot->dq_flags))
413 ret = dqopt->ops[dquot->dq_type]->read_dqblk(dquot); 414 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot);
414 if (ret < 0) 415 if (ret < 0)
415 goto out_iolock; 416 goto out_iolock;
416 set_bit(DQ_READ_B, &dquot->dq_flags); 417 set_bit(DQ_READ_B, &dquot->dq_flags);
417 /* Instantiate dquot if needed */ 418 /* Instantiate dquot if needed */
418 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && !dquot->dq_off) { 419 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && !dquot->dq_off) {
419 ret = dqopt->ops[dquot->dq_type]->commit_dqblk(dquot); 420 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
420 /* Write the info if needed */ 421 /* Write the info if needed */
421 if (info_dirty(&dqopt->info[dquot->dq_type])) { 422 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
422 ret2 = dqopt->ops[dquot->dq_type]->write_file_info( 423 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
423 dquot->dq_sb, dquot->dq_type); 424 dquot->dq_sb, dquot->dq_id.type);
424 } 425 }
425 if (ret < 0) 426 if (ret < 0)
426 goto out_iolock; 427 goto out_iolock;
@@ -455,7 +456,7 @@ int dquot_commit(struct dquot *dquot)
455 /* Inactive dquot can be only if there was error during read/init 456 /* Inactive dquot can be only if there was error during read/init
456 * => we have better not writing it */ 457 * => we have better not writing it */
457 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) 458 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags))
458 ret = dqopt->ops[dquot->dq_type]->commit_dqblk(dquot); 459 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
459 else 460 else
460 ret = -EIO; 461 ret = -EIO;
461out_sem: 462out_sem:
@@ -477,12 +478,12 @@ int dquot_release(struct dquot *dquot)
477 if (atomic_read(&dquot->dq_count) > 1) 478 if (atomic_read(&dquot->dq_count) > 1)
478 goto out_dqlock; 479 goto out_dqlock;
479 mutex_lock(&dqopt->dqio_mutex); 480 mutex_lock(&dqopt->dqio_mutex);
480 if (dqopt->ops[dquot->dq_type]->release_dqblk) { 481 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) {
481 ret = dqopt->ops[dquot->dq_type]->release_dqblk(dquot); 482 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot);
482 /* Write the info */ 483 /* Write the info */
483 if (info_dirty(&dqopt->info[dquot->dq_type])) { 484 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
484 ret2 = dqopt->ops[dquot->dq_type]->write_file_info( 485 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
485 dquot->dq_sb, dquot->dq_type); 486 dquot->dq_sb, dquot->dq_id.type);
486 } 487 }
487 if (ret >= 0) 488 if (ret >= 0)
488 ret = ret2; 489 ret = ret2;
@@ -521,7 +522,7 @@ restart:
521 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 522 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
522 if (dquot->dq_sb != sb) 523 if (dquot->dq_sb != sb)
523 continue; 524 continue;
524 if (dquot->dq_type != type) 525 if (dquot->dq_id.type != type)
525 continue; 526 continue;
526 /* Wait for dquot users */ 527 /* Wait for dquot users */
527 if (atomic_read(&dquot->dq_count)) { 528 if (atomic_read(&dquot->dq_count)) {
@@ -741,7 +742,8 @@ void dqput(struct dquot *dquot)
741#ifdef CONFIG_QUOTA_DEBUG 742#ifdef CONFIG_QUOTA_DEBUG
742 if (!atomic_read(&dquot->dq_count)) { 743 if (!atomic_read(&dquot->dq_count)) {
743 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 744 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d",
744 quotatypes[dquot->dq_type], dquot->dq_id); 745 quotatypes[dquot->dq_id.type],
746 from_kqid(&init_user_ns, dquot->dq_id));
745 BUG(); 747 BUG();
746 } 748 }
747#endif 749#endif
@@ -752,7 +754,7 @@ we_slept:
752 /* We have more than one user... nothing to do */ 754 /* We have more than one user... nothing to do */
753 atomic_dec(&dquot->dq_count); 755 atomic_dec(&dquot->dq_count);
754 /* Releasing dquot during quotaoff phase? */ 756 /* Releasing dquot during quotaoff phase? */
755 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_type) && 757 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) &&
756 atomic_read(&dquot->dq_count) == 1) 758 atomic_read(&dquot->dq_count) == 1)
757 wake_up(&dquot->dq_wait_unused); 759 wake_up(&dquot->dq_wait_unused);
758 spin_unlock(&dq_list_lock); 760 spin_unlock(&dq_list_lock);
@@ -815,7 +817,7 @@ static struct dquot *get_empty_dquot(struct super_block *sb, int type)
815 INIT_LIST_HEAD(&dquot->dq_dirty); 817 INIT_LIST_HEAD(&dquot->dq_dirty);
816 init_waitqueue_head(&dquot->dq_wait_unused); 818 init_waitqueue_head(&dquot->dq_wait_unused);
817 dquot->dq_sb = sb; 819 dquot->dq_sb = sb;
818 dquot->dq_type = type; 820 dquot->dq_id = make_kqid_invalid(type);
819 atomic_set(&dquot->dq_count, 1); 821 atomic_set(&dquot->dq_count, 1);
820 822
821 return dquot; 823 return dquot;
@@ -829,35 +831,35 @@ static struct dquot *get_empty_dquot(struct super_block *sb, int type)
829 * a) checking for quota flags under dq_list_lock and 831 * a) checking for quota flags under dq_list_lock and
830 * b) getting a reference to dquot before we release dq_list_lock 832 * b) getting a reference to dquot before we release dq_list_lock
831 */ 833 */
832struct dquot *dqget(struct super_block *sb, unsigned int id, int type) 834struct dquot *dqget(struct super_block *sb, struct kqid qid)
833{ 835{
834 unsigned int hashent = hashfn(sb, id, type); 836 unsigned int hashent = hashfn(sb, qid);
835 struct dquot *dquot = NULL, *empty = NULL; 837 struct dquot *dquot = NULL, *empty = NULL;
836 838
837 if (!sb_has_quota_active(sb, type)) 839 if (!sb_has_quota_active(sb, qid.type))
838 return NULL; 840 return NULL;
839we_slept: 841we_slept:
840 spin_lock(&dq_list_lock); 842 spin_lock(&dq_list_lock);
841 spin_lock(&dq_state_lock); 843 spin_lock(&dq_state_lock);
842 if (!sb_has_quota_active(sb, type)) { 844 if (!sb_has_quota_active(sb, qid.type)) {
843 spin_unlock(&dq_state_lock); 845 spin_unlock(&dq_state_lock);
844 spin_unlock(&dq_list_lock); 846 spin_unlock(&dq_list_lock);
845 goto out; 847 goto out;
846 } 848 }
847 spin_unlock(&dq_state_lock); 849 spin_unlock(&dq_state_lock);
848 850
849 dquot = find_dquot(hashent, sb, id, type); 851 dquot = find_dquot(hashent, sb, qid);
850 if (!dquot) { 852 if (!dquot) {
851 if (!empty) { 853 if (!empty) {
852 spin_unlock(&dq_list_lock); 854 spin_unlock(&dq_list_lock);
853 empty = get_empty_dquot(sb, type); 855 empty = get_empty_dquot(sb, qid.type);
854 if (!empty) 856 if (!empty)
855 schedule(); /* Try to wait for a moment... */ 857 schedule(); /* Try to wait for a moment... */
856 goto we_slept; 858 goto we_slept;
857 } 859 }
858 dquot = empty; 860 dquot = empty;
859 empty = NULL; 861 empty = NULL;
860 dquot->dq_id = id; 862 dquot->dq_id = qid;
861 /* all dquots go on the inuse_list */ 863 /* all dquots go on the inuse_list */
862 put_inuse(dquot); 864 put_inuse(dquot);
863 /* hash it first so it can be found */ 865 /* hash it first so it can be found */
@@ -1129,8 +1131,7 @@ static void dquot_decr_space(struct dquot *dquot, qsize_t number)
1129 1131
1130struct dquot_warn { 1132struct dquot_warn {
1131 struct super_block *w_sb; 1133 struct super_block *w_sb;
1132 qid_t w_dq_id; 1134 struct kqid w_dq_id;
1133 short w_dq_type;
1134 short w_type; 1135 short w_type;
1135}; 1136};
1136 1137
@@ -1154,11 +1155,11 @@ static int need_print_warning(struct dquot_warn *warn)
1154 if (!flag_print_warnings) 1155 if (!flag_print_warnings)
1155 return 0; 1156 return 0;
1156 1157
1157 switch (warn->w_dq_type) { 1158 switch (warn->w_dq_id.type) {
1158 case USRQUOTA: 1159 case USRQUOTA:
1159 return current_fsuid() == warn->w_dq_id; 1160 return uid_eq(current_fsuid(), warn->w_dq_id.uid);
1160 case GRPQUOTA: 1161 case GRPQUOTA:
1161 return in_group_p(warn->w_dq_id); 1162 return in_group_p(warn->w_dq_id.gid);
1162 } 1163 }
1163 return 0; 1164 return 0;
1164} 1165}
@@ -1184,7 +1185,7 @@ static void print_warning(struct dquot_warn *warn)
1184 tty_write_message(tty, ": warning, "); 1185 tty_write_message(tty, ": warning, ");
1185 else 1186 else
1186 tty_write_message(tty, ": write failed, "); 1187 tty_write_message(tty, ": write failed, ");
1187 tty_write_message(tty, quotatypes[warn->w_dq_type]); 1188 tty_write_message(tty, quotatypes[warn->w_dq_id.type]);
1188 switch (warntype) { 1189 switch (warntype) {
1189 case QUOTA_NL_IHARDWARN: 1190 case QUOTA_NL_IHARDWARN:
1190 msg = " file limit reached.\r\n"; 1191 msg = " file limit reached.\r\n";
@@ -1218,7 +1219,6 @@ static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot,
1218 warn->w_type = warntype; 1219 warn->w_type = warntype;
1219 warn->w_sb = dquot->dq_sb; 1220 warn->w_sb = dquot->dq_sb;
1220 warn->w_dq_id = dquot->dq_id; 1221 warn->w_dq_id = dquot->dq_id;
1221 warn->w_dq_type = dquot->dq_type;
1222} 1222}
1223 1223
1224/* 1224/*
@@ -1236,14 +1236,14 @@ static void flush_warnings(struct dquot_warn *warn)
1236#ifdef CONFIG_PRINT_QUOTA_WARNING 1236#ifdef CONFIG_PRINT_QUOTA_WARNING
1237 print_warning(&warn[i]); 1237 print_warning(&warn[i]);
1238#endif 1238#endif
1239 quota_send_warning(warn[i].w_dq_type, warn[i].w_dq_id, 1239 quota_send_warning(warn[i].w_dq_id,
1240 warn[i].w_sb->s_dev, warn[i].w_type); 1240 warn[i].w_sb->s_dev, warn[i].w_type);
1241 } 1241 }
1242} 1242}
1243 1243
1244static int ignore_hardlimit(struct dquot *dquot) 1244static int ignore_hardlimit(struct dquot *dquot)
1245{ 1245{
1246 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_type]; 1246 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
1247 1247
1248 return capable(CAP_SYS_RESOURCE) && 1248 return capable(CAP_SYS_RESOURCE) &&
1249 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1249 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
@@ -1256,7 +1256,7 @@ static int check_idq(struct dquot *dquot, qsize_t inodes,
1256{ 1256{
1257 qsize_t newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1257 qsize_t newinodes = dquot->dq_dqb.dqb_curinodes + inodes;
1258 1258
1259 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_type) || 1259 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) ||
1260 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1260 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1261 return 0; 1261 return 0;
1262 1262
@@ -1281,7 +1281,7 @@ static int check_idq(struct dquot *dquot, qsize_t inodes,
1281 dquot->dq_dqb.dqb_itime == 0) { 1281 dquot->dq_dqb.dqb_itime == 0) {
1282 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1282 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN);
1283 dquot->dq_dqb.dqb_itime = get_seconds() + 1283 dquot->dq_dqb.dqb_itime = get_seconds() +
1284 sb_dqopt(dquot->dq_sb)->info[dquot->dq_type].dqi_igrace; 1284 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace;
1285 } 1285 }
1286 1286
1287 return 0; 1287 return 0;
@@ -1294,7 +1294,7 @@ static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc,
1294 qsize_t tspace; 1294 qsize_t tspace;
1295 struct super_block *sb = dquot->dq_sb; 1295 struct super_block *sb = dquot->dq_sb;
1296 1296
1297 if (!sb_has_quota_limits_enabled(sb, dquot->dq_type) || 1297 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) ||
1298 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1298 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1299 return 0; 1299 return 0;
1300 1300
@@ -1325,7 +1325,7 @@ static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc,
1325 if (!prealloc) { 1325 if (!prealloc) {
1326 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1326 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN);
1327 dquot->dq_dqb.dqb_btime = get_seconds() + 1327 dquot->dq_dqb.dqb_btime = get_seconds() +
1328 sb_dqopt(sb)->info[dquot->dq_type].dqi_bgrace; 1328 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace;
1329 } 1329 }
1330 else 1330 else
1331 /* 1331 /*
@@ -1344,7 +1344,7 @@ static int info_idq_free(struct dquot *dquot, qsize_t inodes)
1344 1344
1345 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1345 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1346 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1346 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit ||
1347 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_type)) 1347 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type))
1348 return QUOTA_NL_NOWARN; 1348 return QUOTA_NL_NOWARN;
1349 1349
1350 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1350 newinodes = dquot->dq_dqb.dqb_curinodes - inodes;
@@ -1390,7 +1390,6 @@ static int dquot_active(const struct inode *inode)
1390 */ 1390 */
1391static void __dquot_initialize(struct inode *inode, int type) 1391static void __dquot_initialize(struct inode *inode, int type)
1392{ 1392{
1393 unsigned int id = 0;
1394 int cnt; 1393 int cnt;
1395 struct dquot *got[MAXQUOTAS]; 1394 struct dquot *got[MAXQUOTAS];
1396 struct super_block *sb = inode->i_sb; 1395 struct super_block *sb = inode->i_sb;
@@ -1403,18 +1402,19 @@ static void __dquot_initialize(struct inode *inode, int type)
1403 1402
1404 /* First get references to structures we might need. */ 1403 /* First get references to structures we might need. */
1405 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1404 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1405 struct kqid qid;
1406 got[cnt] = NULL; 1406 got[cnt] = NULL;
1407 if (type != -1 && cnt != type) 1407 if (type != -1 && cnt != type)
1408 continue; 1408 continue;
1409 switch (cnt) { 1409 switch (cnt) {
1410 case USRQUOTA: 1410 case USRQUOTA:
1411 id = inode->i_uid; 1411 qid = make_kqid_uid(inode->i_uid);
1412 break; 1412 break;
1413 case GRPQUOTA: 1413 case GRPQUOTA:
1414 id = inode->i_gid; 1414 qid = make_kqid_gid(inode->i_gid);
1415 break; 1415 break;
1416 } 1416 }
1417 got[cnt] = dqget(sb, id, cnt); 1417 got[cnt] = dqget(sb, qid);
1418 } 1418 }
1419 1419
1420 down_write(&sb_dqopt(sb)->dqptr_sem); 1420 down_write(&sb_dqopt(sb)->dqptr_sem);
@@ -1897,10 +1897,10 @@ int dquot_transfer(struct inode *inode, struct iattr *iattr)
1897 if (!dquot_active(inode)) 1897 if (!dquot_active(inode))
1898 return 0; 1898 return 0;
1899 1899
1900 if (iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) 1900 if (iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid))
1901 transfer_to[USRQUOTA] = dqget(sb, iattr->ia_uid, USRQUOTA); 1901 transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(iattr->ia_uid));
1902 if (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) 1902 if (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))
1903 transfer_to[GRPQUOTA] = dqget(sb, iattr->ia_gid, GRPQUOTA); 1903 transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(iattr->ia_gid));
1904 1904
1905 ret = __dquot_transfer(inode, transfer_to); 1905 ret = __dquot_transfer(inode, transfer_to);
1906 dqput_all(transfer_to); 1906 dqput_all(transfer_to);
@@ -2360,9 +2360,9 @@ static void do_get_dqblk(struct dquot *dquot, struct fs_disk_quota *di)
2360 2360
2361 memset(di, 0, sizeof(*di)); 2361 memset(di, 0, sizeof(*di));
2362 di->d_version = FS_DQUOT_VERSION; 2362 di->d_version = FS_DQUOT_VERSION;
2363 di->d_flags = dquot->dq_type == USRQUOTA ? 2363 di->d_flags = dquot->dq_id.type == USRQUOTA ?
2364 FS_USER_QUOTA : FS_GROUP_QUOTA; 2364 FS_USER_QUOTA : FS_GROUP_QUOTA;
2365 di->d_id = dquot->dq_id; 2365 di->d_id = from_kqid_munged(current_user_ns(), dquot->dq_id);
2366 2366
2367 spin_lock(&dq_data_lock); 2367 spin_lock(&dq_data_lock);
2368 di->d_blk_hardlimit = stoqb(dm->dqb_bhardlimit); 2368 di->d_blk_hardlimit = stoqb(dm->dqb_bhardlimit);
@@ -2376,12 +2376,12 @@ static void do_get_dqblk(struct dquot *dquot, struct fs_disk_quota *di)
2376 spin_unlock(&dq_data_lock); 2376 spin_unlock(&dq_data_lock);
2377} 2377}
2378 2378
2379int dquot_get_dqblk(struct super_block *sb, int type, qid_t id, 2379int dquot_get_dqblk(struct super_block *sb, struct kqid qid,
2380 struct fs_disk_quota *di) 2380 struct fs_disk_quota *di)
2381{ 2381{
2382 struct dquot *dquot; 2382 struct dquot *dquot;
2383 2383
2384 dquot = dqget(sb, id, type); 2384 dquot = dqget(sb, qid);
2385 if (!dquot) 2385 if (!dquot)
2386 return -ESRCH; 2386 return -ESRCH;
2387 do_get_dqblk(dquot, di); 2387 do_get_dqblk(dquot, di);
@@ -2401,7 +2401,7 @@ static int do_set_dqblk(struct dquot *dquot, struct fs_disk_quota *di)
2401{ 2401{
2402 struct mem_dqblk *dm = &dquot->dq_dqb; 2402 struct mem_dqblk *dm = &dquot->dq_dqb;
2403 int check_blim = 0, check_ilim = 0; 2403 int check_blim = 0, check_ilim = 0;
2404 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_type]; 2404 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
2405 2405
2406 if (di->d_fieldmask & ~VFS_FS_DQ_MASK) 2406 if (di->d_fieldmask & ~VFS_FS_DQ_MASK)
2407 return -EINVAL; 2407 return -EINVAL;
@@ -2488,13 +2488,13 @@ static int do_set_dqblk(struct dquot *dquot, struct fs_disk_quota *di)
2488 return 0; 2488 return 0;
2489} 2489}
2490 2490
2491int dquot_set_dqblk(struct super_block *sb, int type, qid_t id, 2491int dquot_set_dqblk(struct super_block *sb, struct kqid qid,
2492 struct fs_disk_quota *di) 2492 struct fs_disk_quota *di)
2493{ 2493{
2494 struct dquot *dquot; 2494 struct dquot *dquot;
2495 int rc; 2495 int rc;
2496 2496
2497 dquot = dqget(sb, id, type); 2497 dquot = dqget(sb, qid);
2498 if (!dquot) { 2498 if (!dquot) {
2499 rc = -ESRCH; 2499 rc = -ESRCH;
2500 goto out; 2500 goto out;
diff --git a/fs/quota/kqid.c b/fs/quota/kqid.c
new file mode 100644
index 000000000000..2f97b0e2c501
--- /dev/null
+++ b/fs/quota/kqid.c
@@ -0,0 +1,132 @@
1#include <linux/fs.h>
2#include <linux/quota.h>
3#include <linux/export.h>
4
5/**
6 * qid_eq - Test to see if to kquid values are the same
7 * @left: A qid value
8 * @right: Another quid value
9 *
10 * Return true if the two qid values are equal and false otherwise.
11 */
12bool qid_eq(struct kqid left, struct kqid right)
13{
14 if (left.type != right.type)
15 return false;
16 switch(left.type) {
17 case USRQUOTA:
18 return uid_eq(left.uid, right.uid);
19 case GRPQUOTA:
20 return gid_eq(left.gid, right.gid);
21 case PRJQUOTA:
22 return projid_eq(left.projid, right.projid);
23 default:
24 BUG();
25 }
26}
27EXPORT_SYMBOL(qid_eq);
28
29/**
30 * qid_lt - Test to see if one qid value is less than another
31 * @left: The possibly lesser qid value
32 * @right: The possibly greater qid value
33 *
34 * Return true if left is less than right and false otherwise.
35 */
36bool qid_lt(struct kqid left, struct kqid right)
37{
38 if (left.type < right.type)
39 return true;
40 if (left.type > right.type)
41 return false;
42 switch (left.type) {
43 case USRQUOTA:
44 return uid_lt(left.uid, right.uid);
45 case GRPQUOTA:
46 return gid_lt(left.gid, right.gid);
47 case PRJQUOTA:
48 return projid_lt(left.projid, right.projid);
49 default:
50 BUG();
51 }
52}
53EXPORT_SYMBOL(qid_lt);
54
55/**
56 * from_kqid - Create a qid from a kqid user-namespace pair.
57 * @targ: The user namespace we want a qid in.
58 * @kuid: The kernel internal quota identifier to start with.
59 *
60 * Map @kqid into the user-namespace specified by @targ and
61 * return the resulting qid.
62 *
63 * There is always a mapping into the initial user_namespace.
64 *
65 * If @kqid has no mapping in @targ (qid_t)-1 is returned.
66 */
67qid_t from_kqid(struct user_namespace *targ, struct kqid kqid)
68{
69 switch (kqid.type) {
70 case USRQUOTA:
71 return from_kuid(targ, kqid.uid);
72 case GRPQUOTA:
73 return from_kgid(targ, kqid.gid);
74 case PRJQUOTA:
75 return from_kprojid(targ, kqid.projid);
76 default:
77 BUG();
78 }
79}
80EXPORT_SYMBOL(from_kqid);
81
82/**
83 * from_kqid_munged - Create a qid from a kqid user-namespace pair.
84 * @targ: The user namespace we want a qid in.
85 * @kqid: The kernel internal quota identifier to start with.
86 *
87 * Map @kqid into the user-namespace specified by @targ and
88 * return the resulting qid.
89 *
90 * There is always a mapping into the initial user_namespace.
91 *
92 * Unlike from_kqid from_kqid_munged never fails and always
93 * returns a valid projid. This makes from_kqid_munged
94 * appropriate for use in places where failing to provide
95 * a qid_t is not a good option.
96 *
97 * If @kqid has no mapping in @targ the kqid.type specific
98 * overflow identifier is returned.
99 */
100qid_t from_kqid_munged(struct user_namespace *targ, struct kqid kqid)
101{
102 switch (kqid.type) {
103 case USRQUOTA:
104 return from_kuid_munged(targ, kqid.uid);
105 case GRPQUOTA:
106 return from_kgid_munged(targ, kqid.gid);
107 case PRJQUOTA:
108 return from_kprojid_munged(targ, kqid.projid);
109 default:
110 BUG();
111 }
112}
113EXPORT_SYMBOL(from_kqid_munged);
114
115/**
116 * qid_valid - Report if a valid value is stored in a kqid.
117 * @qid: The kernel internal quota identifier to test.
118 */
119bool qid_valid(struct kqid qid)
120{
121 switch (qid.type) {
122 case USRQUOTA:
123 return uid_valid(qid.uid);
124 case GRPQUOTA:
125 return gid_valid(qid.gid);
126 case PRJQUOTA:
127 return projid_valid(qid.projid);
128 default:
129 BUG();
130 }
131}
132EXPORT_SYMBOL(qid_valid);
diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c
index d67908b407d9..16e8abb7709b 100644
--- a/fs/quota/netlink.c
+++ b/fs/quota/netlink.c
@@ -30,7 +30,7 @@ static struct genl_family quota_genl_family = {
30 * 30 *
31 */ 31 */
32 32
33void quota_send_warning(short type, unsigned int id, dev_t dev, 33void quota_send_warning(struct kqid qid, dev_t dev,
34 const char warntype) 34 const char warntype)
35{ 35{
36 static atomic_t seq; 36 static atomic_t seq;
@@ -56,10 +56,11 @@ void quota_send_warning(short type, unsigned int id, dev_t dev,
56 "VFS: Cannot store netlink header in quota warning.\n"); 56 "VFS: Cannot store netlink header in quota warning.\n");
57 goto err_out; 57 goto err_out;
58 } 58 }
59 ret = nla_put_u32(skb, QUOTA_NL_A_QTYPE, type); 59 ret = nla_put_u32(skb, QUOTA_NL_A_QTYPE, qid.type);
60 if (ret) 60 if (ret)
61 goto attr_err_out; 61 goto attr_err_out;
62 ret = nla_put_u64(skb, QUOTA_NL_A_EXCESS_ID, id); 62 ret = nla_put_u64(skb, QUOTA_NL_A_EXCESS_ID,
63 from_kqid_munged(&init_user_ns, qid));
63 if (ret) 64 if (ret)
64 goto attr_err_out; 65 goto attr_err_out;
65 ret = nla_put_u32(skb, QUOTA_NL_A_WARNING, warntype); 66 ret = nla_put_u32(skb, QUOTA_NL_A_WARNING, warntype);
@@ -71,7 +72,8 @@ void quota_send_warning(short type, unsigned int id, dev_t dev,
71 ret = nla_put_u32(skb, QUOTA_NL_A_DEV_MINOR, MINOR(dev)); 72 ret = nla_put_u32(skb, QUOTA_NL_A_DEV_MINOR, MINOR(dev));
72 if (ret) 73 if (ret)
73 goto attr_err_out; 74 goto attr_err_out;
74 ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid()); 75 ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID,
76 from_kuid_munged(&init_user_ns, current_uid()));
75 if (ret) 77 if (ret)
76 goto attr_err_out; 78 goto attr_err_out;
77 genlmsg_end(skb, msg_head); 79 genlmsg_end(skb, msg_head);
diff --git a/fs/quota/quota.c b/fs/quota/quota.c
index 6f155788cbc6..ff0135d6bc51 100644
--- a/fs/quota/quota.c
+++ b/fs/quota/quota.c
@@ -32,8 +32,8 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
32 /* allow to query information for dquots we "own" */ 32 /* allow to query information for dquots we "own" */
33 case Q_GETQUOTA: 33 case Q_GETQUOTA:
34 case Q_XGETQUOTA: 34 case Q_XGETQUOTA:
35 if ((type == USRQUOTA && current_euid() == id) || 35 if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) ||
36 (type == GRPQUOTA && in_egroup_p(id))) 36 (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))))
37 break; 37 break;
38 /*FALLTHROUGH*/ 38 /*FALLTHROUGH*/
39 default: 39 default:
@@ -130,13 +130,17 @@ static void copy_to_if_dqblk(struct if_dqblk *dst, struct fs_disk_quota *src)
130static int quota_getquota(struct super_block *sb, int type, qid_t id, 130static int quota_getquota(struct super_block *sb, int type, qid_t id,
131 void __user *addr) 131 void __user *addr)
132{ 132{
133 struct kqid qid;
133 struct fs_disk_quota fdq; 134 struct fs_disk_quota fdq;
134 struct if_dqblk idq; 135 struct if_dqblk idq;
135 int ret; 136 int ret;
136 137
137 if (!sb->s_qcop->get_dqblk) 138 if (!sb->s_qcop->get_dqblk)
138 return -ENOSYS; 139 return -ENOSYS;
139 ret = sb->s_qcop->get_dqblk(sb, type, id, &fdq); 140 qid = make_kqid(current_user_ns(), type, id);
141 if (!qid_valid(qid))
142 return -EINVAL;
143 ret = sb->s_qcop->get_dqblk(sb, qid, &fdq);
140 if (ret) 144 if (ret)
141 return ret; 145 return ret;
142 copy_to_if_dqblk(&idq, &fdq); 146 copy_to_if_dqblk(&idq, &fdq);
@@ -176,13 +180,17 @@ static int quota_setquota(struct super_block *sb, int type, qid_t id,
176{ 180{
177 struct fs_disk_quota fdq; 181 struct fs_disk_quota fdq;
178 struct if_dqblk idq; 182 struct if_dqblk idq;
183 struct kqid qid;
179 184
180 if (copy_from_user(&idq, addr, sizeof(idq))) 185 if (copy_from_user(&idq, addr, sizeof(idq)))
181 return -EFAULT; 186 return -EFAULT;
182 if (!sb->s_qcop->set_dqblk) 187 if (!sb->s_qcop->set_dqblk)
183 return -ENOSYS; 188 return -ENOSYS;
189 qid = make_kqid(current_user_ns(), type, id);
190 if (!qid_valid(qid))
191 return -EINVAL;
184 copy_from_if_dqblk(&fdq, &idq); 192 copy_from_if_dqblk(&fdq, &idq);
185 return sb->s_qcop->set_dqblk(sb, type, id, &fdq); 193 return sb->s_qcop->set_dqblk(sb, qid, &fdq);
186} 194}
187 195
188static int quota_setxstate(struct super_block *sb, int cmd, void __user *addr) 196static int quota_setxstate(struct super_block *sb, int cmd, void __user *addr)
@@ -213,23 +221,31 @@ static int quota_setxquota(struct super_block *sb, int type, qid_t id,
213 void __user *addr) 221 void __user *addr)
214{ 222{
215 struct fs_disk_quota fdq; 223 struct fs_disk_quota fdq;
224 struct kqid qid;
216 225
217 if (copy_from_user(&fdq, addr, sizeof(fdq))) 226 if (copy_from_user(&fdq, addr, sizeof(fdq)))
218 return -EFAULT; 227 return -EFAULT;
219 if (!sb->s_qcop->set_dqblk) 228 if (!sb->s_qcop->set_dqblk)
220 return -ENOSYS; 229 return -ENOSYS;
221 return sb->s_qcop->set_dqblk(sb, type, id, &fdq); 230 qid = make_kqid(current_user_ns(), type, id);
231 if (!qid_valid(qid))
232 return -EINVAL;
233 return sb->s_qcop->set_dqblk(sb, qid, &fdq);
222} 234}
223 235
224static int quota_getxquota(struct super_block *sb, int type, qid_t id, 236static int quota_getxquota(struct super_block *sb, int type, qid_t id,
225 void __user *addr) 237 void __user *addr)
226{ 238{
227 struct fs_disk_quota fdq; 239 struct fs_disk_quota fdq;
240 struct kqid qid;
228 int ret; 241 int ret;
229 242
230 if (!sb->s_qcop->get_dqblk) 243 if (!sb->s_qcop->get_dqblk)
231 return -ENOSYS; 244 return -ENOSYS;
232 ret = sb->s_qcop->get_dqblk(sb, type, id, &fdq); 245 qid = make_kqid(current_user_ns(), type, id);
246 if (!qid_valid(qid))
247 return -EINVAL;
248 ret = sb->s_qcop->get_dqblk(sb, qid, &fdq);
233 if (!ret && copy_to_user(addr, &fdq, sizeof(fdq))) 249 if (!ret && copy_to_user(addr, &fdq, sizeof(fdq)))
234 return -EFAULT; 250 return -EFAULT;
235 return ret; 251 return ret;
diff --git a/fs/quota/quota_tree.c b/fs/quota/quota_tree.c
index e41c1becf096..d65877fbe8f4 100644
--- a/fs/quota/quota_tree.c
+++ b/fs/quota/quota_tree.c
@@ -22,9 +22,10 @@ MODULE_LICENSE("GPL");
22 22
23#define __QUOTA_QT_PARANOIA 23#define __QUOTA_QT_PARANOIA
24 24
25static int get_index(struct qtree_mem_dqinfo *info, qid_t id, int depth) 25static int get_index(struct qtree_mem_dqinfo *info, struct kqid qid, int depth)
26{ 26{
27 unsigned int epb = info->dqi_usable_bs >> 2; 27 unsigned int epb = info->dqi_usable_bs >> 2;
28 qid_t id = from_kqid(&init_user_ns, qid);
28 29
29 depth = info->dqi_qtree_depth - depth - 1; 30 depth = info->dqi_qtree_depth - depth - 1;
30 while (depth--) 31 while (depth--)
@@ -244,7 +245,7 @@ static uint find_free_dqentry(struct qtree_mem_dqinfo *info,
244 /* This is enough as the block is already zeroed and the entry 245 /* This is enough as the block is already zeroed and the entry
245 * list is empty... */ 246 * list is empty... */
246 info->dqi_free_entry = blk; 247 info->dqi_free_entry = blk;
247 mark_info_dirty(dquot->dq_sb, dquot->dq_type); 248 mark_info_dirty(dquot->dq_sb, dquot->dq_id.type);
248 } 249 }
249 /* Block will be full? */ 250 /* Block will be full? */
250 if (le16_to_cpu(dh->dqdh_entries) + 1 >= qtree_dqstr_in_blk(info)) { 251 if (le16_to_cpu(dh->dqdh_entries) + 1 >= qtree_dqstr_in_blk(info)) {
@@ -357,7 +358,7 @@ static inline int dq_insert_tree(struct qtree_mem_dqinfo *info,
357 */ 358 */
358int qtree_write_dquot(struct qtree_mem_dqinfo *info, struct dquot *dquot) 359int qtree_write_dquot(struct qtree_mem_dqinfo *info, struct dquot *dquot)
359{ 360{
360 int type = dquot->dq_type; 361 int type = dquot->dq_id.type;
361 struct super_block *sb = dquot->dq_sb; 362 struct super_block *sb = dquot->dq_sb;
362 ssize_t ret; 363 ssize_t ret;
363 char *ddquot = getdqbuf(info->dqi_entry_size); 364 char *ddquot = getdqbuf(info->dqi_entry_size);
@@ -538,8 +539,9 @@ static loff_t find_block_dqentry(struct qtree_mem_dqinfo *info,
538 ddquot += info->dqi_entry_size; 539 ddquot += info->dqi_entry_size;
539 } 540 }
540 if (i == qtree_dqstr_in_blk(info)) { 541 if (i == qtree_dqstr_in_blk(info)) {
541 quota_error(dquot->dq_sb, "Quota for id %u referenced " 542 quota_error(dquot->dq_sb,
542 "but not present", dquot->dq_id); 543 "Quota for id %u referenced but not present",
544 from_kqid(&init_user_ns, dquot->dq_id));
543 ret = -EIO; 545 ret = -EIO;
544 goto out_buf; 546 goto out_buf;
545 } else { 547 } else {
@@ -589,7 +591,7 @@ static inline loff_t find_dqentry(struct qtree_mem_dqinfo *info,
589 591
590int qtree_read_dquot(struct qtree_mem_dqinfo *info, struct dquot *dquot) 592int qtree_read_dquot(struct qtree_mem_dqinfo *info, struct dquot *dquot)
591{ 593{
592 int type = dquot->dq_type; 594 int type = dquot->dq_id.type;
593 struct super_block *sb = dquot->dq_sb; 595 struct super_block *sb = dquot->dq_sb;
594 loff_t offset; 596 loff_t offset;
595 char *ddquot; 597 char *ddquot;
@@ -607,8 +609,10 @@ int qtree_read_dquot(struct qtree_mem_dqinfo *info, struct dquot *dquot)
607 offset = find_dqentry(info, dquot); 609 offset = find_dqentry(info, dquot);
608 if (offset <= 0) { /* Entry not present? */ 610 if (offset <= 0) { /* Entry not present? */
609 if (offset < 0) 611 if (offset < 0)
610 quota_error(sb, "Can't read quota structure " 612 quota_error(sb,"Can't read quota structure "
611 "for id %u", dquot->dq_id); 613 "for id %u",
614 from_kqid(&init_user_ns,
615 dquot->dq_id));
612 dquot->dq_off = 0; 616 dquot->dq_off = 0;
613 set_bit(DQ_FAKE_B, &dquot->dq_flags); 617 set_bit(DQ_FAKE_B, &dquot->dq_flags);
614 memset(&dquot->dq_dqb, 0, sizeof(struct mem_dqblk)); 618 memset(&dquot->dq_dqb, 0, sizeof(struct mem_dqblk));
@@ -626,7 +630,7 @@ int qtree_read_dquot(struct qtree_mem_dqinfo *info, struct dquot *dquot)
626 if (ret >= 0) 630 if (ret >= 0)
627 ret = -EIO; 631 ret = -EIO;
628 quota_error(sb, "Error while reading quota structure for id %u", 632 quota_error(sb, "Error while reading quota structure for id %u",
629 dquot->dq_id); 633 from_kqid(&init_user_ns, dquot->dq_id));
630 set_bit(DQ_FAKE_B, &dquot->dq_flags); 634 set_bit(DQ_FAKE_B, &dquot->dq_flags);
631 memset(&dquot->dq_dqb, 0, sizeof(struct mem_dqblk)); 635 memset(&dquot->dq_dqb, 0, sizeof(struct mem_dqblk));
632 kfree(ddquot); 636 kfree(ddquot);
diff --git a/fs/quota/quota_v1.c b/fs/quota/quota_v1.c
index 34b37a67bb16..469c6848b322 100644
--- a/fs/quota/quota_v1.c
+++ b/fs/quota/quota_v1.c
@@ -54,7 +54,7 @@ static void v1_mem2disk_dqblk(struct v1_disk_dqblk *d, struct mem_dqblk *m)
54 54
55static int v1_read_dqblk(struct dquot *dquot) 55static int v1_read_dqblk(struct dquot *dquot)
56{ 56{
57 int type = dquot->dq_type; 57 int type = dquot->dq_id.type;
58 struct v1_disk_dqblk dqblk; 58 struct v1_disk_dqblk dqblk;
59 59
60 if (!sb_dqopt(dquot->dq_sb)->files[type]) 60 if (!sb_dqopt(dquot->dq_sb)->files[type])
@@ -63,7 +63,8 @@ static int v1_read_dqblk(struct dquot *dquot)
63 /* Set structure to 0s in case read fails/is after end of file */ 63 /* Set structure to 0s in case read fails/is after end of file */
64 memset(&dqblk, 0, sizeof(struct v1_disk_dqblk)); 64 memset(&dqblk, 0, sizeof(struct v1_disk_dqblk));
65 dquot->dq_sb->s_op->quota_read(dquot->dq_sb, type, (char *)&dqblk, 65 dquot->dq_sb->s_op->quota_read(dquot->dq_sb, type, (char *)&dqblk,
66 sizeof(struct v1_disk_dqblk), v1_dqoff(dquot->dq_id)); 66 sizeof(struct v1_disk_dqblk),
67 v1_dqoff(from_kqid(&init_user_ns, dquot->dq_id)));
67 68
68 v1_disk2mem_dqblk(&dquot->dq_dqb, &dqblk); 69 v1_disk2mem_dqblk(&dquot->dq_dqb, &dqblk);
69 if (dquot->dq_dqb.dqb_bhardlimit == 0 && 70 if (dquot->dq_dqb.dqb_bhardlimit == 0 &&
@@ -78,12 +79,13 @@ static int v1_read_dqblk(struct dquot *dquot)
78 79
79static int v1_commit_dqblk(struct dquot *dquot) 80static int v1_commit_dqblk(struct dquot *dquot)
80{ 81{
81 short type = dquot->dq_type; 82 short type = dquot->dq_id.type;
82 ssize_t ret; 83 ssize_t ret;
83 struct v1_disk_dqblk dqblk; 84 struct v1_disk_dqblk dqblk;
84 85
85 v1_mem2disk_dqblk(&dqblk, &dquot->dq_dqb); 86 v1_mem2disk_dqblk(&dqblk, &dquot->dq_dqb);
86 if (dquot->dq_id == 0) { 87 if (((type == USRQUOTA) && uid_eq(dquot->dq_id.uid, GLOBAL_ROOT_UID)) ||
88 ((type == GRPQUOTA) && gid_eq(dquot->dq_id.gid, GLOBAL_ROOT_GID))) {
87 dqblk.dqb_btime = 89 dqblk.dqb_btime =
88 sb_dqopt(dquot->dq_sb)->info[type].dqi_bgrace; 90 sb_dqopt(dquot->dq_sb)->info[type].dqi_bgrace;
89 dqblk.dqb_itime = 91 dqblk.dqb_itime =
@@ -93,7 +95,7 @@ static int v1_commit_dqblk(struct dquot *dquot)
93 if (sb_dqopt(dquot->dq_sb)->files[type]) 95 if (sb_dqopt(dquot->dq_sb)->files[type])
94 ret = dquot->dq_sb->s_op->quota_write(dquot->dq_sb, type, 96 ret = dquot->dq_sb->s_op->quota_write(dquot->dq_sb, type,
95 (char *)&dqblk, sizeof(struct v1_disk_dqblk), 97 (char *)&dqblk, sizeof(struct v1_disk_dqblk),
96 v1_dqoff(dquot->dq_id)); 98 v1_dqoff(from_kqid(&init_user_ns, dquot->dq_id)));
97 if (ret != sizeof(struct v1_disk_dqblk)) { 99 if (ret != sizeof(struct v1_disk_dqblk)) {
98 quota_error(dquot->dq_sb, "dquota write failed"); 100 quota_error(dquot->dq_sb, "dquota write failed");
99 if (ret >= 0) 101 if (ret >= 0)
diff --git a/fs/quota/quota_v2.c b/fs/quota/quota_v2.c
index f1ab3604db5a..02751ec695c5 100644
--- a/fs/quota/quota_v2.c
+++ b/fs/quota/quota_v2.c
@@ -196,7 +196,7 @@ static void v2r0_mem2diskdqb(void *dp, struct dquot *dquot)
196 struct v2r0_disk_dqblk *d = dp; 196 struct v2r0_disk_dqblk *d = dp;
197 struct mem_dqblk *m = &dquot->dq_dqb; 197 struct mem_dqblk *m = &dquot->dq_dqb;
198 struct qtree_mem_dqinfo *info = 198 struct qtree_mem_dqinfo *info =
199 sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv; 199 sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv;
200 200
201 d->dqb_ihardlimit = cpu_to_le32(m->dqb_ihardlimit); 201 d->dqb_ihardlimit = cpu_to_le32(m->dqb_ihardlimit);
202 d->dqb_isoftlimit = cpu_to_le32(m->dqb_isoftlimit); 202 d->dqb_isoftlimit = cpu_to_le32(m->dqb_isoftlimit);
@@ -206,7 +206,7 @@ static void v2r0_mem2diskdqb(void *dp, struct dquot *dquot)
206 d->dqb_bsoftlimit = cpu_to_le32(v2_stoqb(m->dqb_bsoftlimit)); 206 d->dqb_bsoftlimit = cpu_to_le32(v2_stoqb(m->dqb_bsoftlimit));
207 d->dqb_curspace = cpu_to_le64(m->dqb_curspace); 207 d->dqb_curspace = cpu_to_le64(m->dqb_curspace);
208 d->dqb_btime = cpu_to_le64(m->dqb_btime); 208 d->dqb_btime = cpu_to_le64(m->dqb_btime);
209 d->dqb_id = cpu_to_le32(dquot->dq_id); 209 d->dqb_id = cpu_to_le32(from_kqid(&init_user_ns, dquot->dq_id));
210 if (qtree_entry_unused(info, dp)) 210 if (qtree_entry_unused(info, dp))
211 d->dqb_itime = cpu_to_le64(1); 211 d->dqb_itime = cpu_to_le64(1);
212} 212}
@@ -215,11 +215,13 @@ static int v2r0_is_id(void *dp, struct dquot *dquot)
215{ 215{
216 struct v2r0_disk_dqblk *d = dp; 216 struct v2r0_disk_dqblk *d = dp;
217 struct qtree_mem_dqinfo *info = 217 struct qtree_mem_dqinfo *info =
218 sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv; 218 sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv;
219 219
220 if (qtree_entry_unused(info, dp)) 220 if (qtree_entry_unused(info, dp))
221 return 0; 221 return 0;
222 return le32_to_cpu(d->dqb_id) == dquot->dq_id; 222 return qid_eq(make_kqid(&init_user_ns, dquot->dq_id.type,
223 le32_to_cpu(d->dqb_id)),
224 dquot->dq_id);
223} 225}
224 226
225static void v2r1_disk2memdqb(struct dquot *dquot, void *dp) 227static void v2r1_disk2memdqb(struct dquot *dquot, void *dp)
@@ -247,7 +249,7 @@ static void v2r1_mem2diskdqb(void *dp, struct dquot *dquot)
247 struct v2r1_disk_dqblk *d = dp; 249 struct v2r1_disk_dqblk *d = dp;
248 struct mem_dqblk *m = &dquot->dq_dqb; 250 struct mem_dqblk *m = &dquot->dq_dqb;
249 struct qtree_mem_dqinfo *info = 251 struct qtree_mem_dqinfo *info =
250 sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv; 252 sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv;
251 253
252 d->dqb_ihardlimit = cpu_to_le64(m->dqb_ihardlimit); 254 d->dqb_ihardlimit = cpu_to_le64(m->dqb_ihardlimit);
253 d->dqb_isoftlimit = cpu_to_le64(m->dqb_isoftlimit); 255 d->dqb_isoftlimit = cpu_to_le64(m->dqb_isoftlimit);
@@ -257,7 +259,7 @@ static void v2r1_mem2diskdqb(void *dp, struct dquot *dquot)
257 d->dqb_bsoftlimit = cpu_to_le64(v2_stoqb(m->dqb_bsoftlimit)); 259 d->dqb_bsoftlimit = cpu_to_le64(v2_stoqb(m->dqb_bsoftlimit));
258 d->dqb_curspace = cpu_to_le64(m->dqb_curspace); 260 d->dqb_curspace = cpu_to_le64(m->dqb_curspace);
259 d->dqb_btime = cpu_to_le64(m->dqb_btime); 261 d->dqb_btime = cpu_to_le64(m->dqb_btime);
260 d->dqb_id = cpu_to_le32(dquot->dq_id); 262 d->dqb_id = cpu_to_le32(from_kqid(&init_user_ns, dquot->dq_id));
261 if (qtree_entry_unused(info, dp)) 263 if (qtree_entry_unused(info, dp))
262 d->dqb_itime = cpu_to_le64(1); 264 d->dqb_itime = cpu_to_le64(1);
263} 265}
@@ -266,26 +268,28 @@ static int v2r1_is_id(void *dp, struct dquot *dquot)
266{ 268{
267 struct v2r1_disk_dqblk *d = dp; 269 struct v2r1_disk_dqblk *d = dp;
268 struct qtree_mem_dqinfo *info = 270 struct qtree_mem_dqinfo *info =
269 sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv; 271 sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv;
270 272
271 if (qtree_entry_unused(info, dp)) 273 if (qtree_entry_unused(info, dp))
272 return 0; 274 return 0;
273 return le32_to_cpu(d->dqb_id) == dquot->dq_id; 275 return qid_eq(make_kqid(&init_user_ns, dquot->dq_id.type,
276 le32_to_cpu(d->dqb_id)),
277 dquot->dq_id);
274} 278}
275 279
276static int v2_read_dquot(struct dquot *dquot) 280static int v2_read_dquot(struct dquot *dquot)
277{ 281{
278 return qtree_read_dquot(sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv, dquot); 282 return qtree_read_dquot(sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv, dquot);
279} 283}
280 284
281static int v2_write_dquot(struct dquot *dquot) 285static int v2_write_dquot(struct dquot *dquot)
282{ 286{
283 return qtree_write_dquot(sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv, dquot); 287 return qtree_write_dquot(sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv, dquot);
284} 288}
285 289
286static int v2_release_dquot(struct dquot *dquot) 290static int v2_release_dquot(struct dquot *dquot)
287{ 291{
288 return qtree_release_dquot(sb_dqinfo(dquot->dq_sb, dquot->dq_type)->dqi_priv, dquot); 292 return qtree_release_dquot(sb_dqinfo(dquot->dq_sb, dquot->dq_id.type)->dqi_priv, dquot);
289} 293}
290 294
291static int v2_free_file_info(struct super_block *sb, int type) 295static int v2_free_file_info(struct super_block *sb, int type)
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index 855da58db145..46485557cdc6 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -1155,8 +1155,8 @@ static void init_inode(struct inode *inode, struct treepath *path)
1155 set_inode_sd_version(inode, STAT_DATA_V1); 1155 set_inode_sd_version(inode, STAT_DATA_V1);
1156 inode->i_mode = sd_v1_mode(sd); 1156 inode->i_mode = sd_v1_mode(sd);
1157 set_nlink(inode, sd_v1_nlink(sd)); 1157 set_nlink(inode, sd_v1_nlink(sd));
1158 inode->i_uid = sd_v1_uid(sd); 1158 i_uid_write(inode, sd_v1_uid(sd));
1159 inode->i_gid = sd_v1_gid(sd); 1159 i_gid_write(inode, sd_v1_gid(sd));
1160 inode->i_size = sd_v1_size(sd); 1160 inode->i_size = sd_v1_size(sd);
1161 inode->i_atime.tv_sec = sd_v1_atime(sd); 1161 inode->i_atime.tv_sec = sd_v1_atime(sd);
1162 inode->i_mtime.tv_sec = sd_v1_mtime(sd); 1162 inode->i_mtime.tv_sec = sd_v1_mtime(sd);
@@ -1200,9 +1200,9 @@ static void init_inode(struct inode *inode, struct treepath *path)
1200 1200
1201 inode->i_mode = sd_v2_mode(sd); 1201 inode->i_mode = sd_v2_mode(sd);
1202 set_nlink(inode, sd_v2_nlink(sd)); 1202 set_nlink(inode, sd_v2_nlink(sd));
1203 inode->i_uid = sd_v2_uid(sd); 1203 i_uid_write(inode, sd_v2_uid(sd));
1204 inode->i_size = sd_v2_size(sd); 1204 inode->i_size = sd_v2_size(sd);
1205 inode->i_gid = sd_v2_gid(sd); 1205 i_gid_write(inode, sd_v2_gid(sd));
1206 inode->i_mtime.tv_sec = sd_v2_mtime(sd); 1206 inode->i_mtime.tv_sec = sd_v2_mtime(sd);
1207 inode->i_atime.tv_sec = sd_v2_atime(sd); 1207 inode->i_atime.tv_sec = sd_v2_atime(sd);
1208 inode->i_ctime.tv_sec = sd_v2_ctime(sd); 1208 inode->i_ctime.tv_sec = sd_v2_ctime(sd);
@@ -1258,9 +1258,9 @@ static void inode2sd(void *sd, struct inode *inode, loff_t size)
1258 1258
1259 set_sd_v2_mode(sd_v2, inode->i_mode); 1259 set_sd_v2_mode(sd_v2, inode->i_mode);
1260 set_sd_v2_nlink(sd_v2, inode->i_nlink); 1260 set_sd_v2_nlink(sd_v2, inode->i_nlink);
1261 set_sd_v2_uid(sd_v2, inode->i_uid); 1261 set_sd_v2_uid(sd_v2, i_uid_read(inode));
1262 set_sd_v2_size(sd_v2, size); 1262 set_sd_v2_size(sd_v2, size);
1263 set_sd_v2_gid(sd_v2, inode->i_gid); 1263 set_sd_v2_gid(sd_v2, i_gid_read(inode));
1264 set_sd_v2_mtime(sd_v2, inode->i_mtime.tv_sec); 1264 set_sd_v2_mtime(sd_v2, inode->i_mtime.tv_sec);
1265 set_sd_v2_atime(sd_v2, inode->i_atime.tv_sec); 1265 set_sd_v2_atime(sd_v2, inode->i_atime.tv_sec);
1266 set_sd_v2_ctime(sd_v2, inode->i_ctime.tv_sec); 1266 set_sd_v2_ctime(sd_v2, inode->i_ctime.tv_sec);
@@ -1280,8 +1280,8 @@ static void inode2sd_v1(void *sd, struct inode *inode, loff_t size)
1280 struct stat_data_v1 *sd_v1 = (struct stat_data_v1 *)sd; 1280 struct stat_data_v1 *sd_v1 = (struct stat_data_v1 *)sd;
1281 1281
1282 set_sd_v1_mode(sd_v1, inode->i_mode); 1282 set_sd_v1_mode(sd_v1, inode->i_mode);
1283 set_sd_v1_uid(sd_v1, inode->i_uid); 1283 set_sd_v1_uid(sd_v1, i_uid_read(inode));
1284 set_sd_v1_gid(sd_v1, inode->i_gid); 1284 set_sd_v1_gid(sd_v1, i_gid_read(inode));
1285 set_sd_v1_nlink(sd_v1, inode->i_nlink); 1285 set_sd_v1_nlink(sd_v1, inode->i_nlink);
1286 set_sd_v1_size(sd_v1, size); 1286 set_sd_v1_size(sd_v1, size);
1287 set_sd_v1_atime(sd_v1, inode->i_atime.tv_sec); 1287 set_sd_v1_atime(sd_v1, inode->i_atime.tv_sec);
@@ -1869,7 +1869,7 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th,
1869 goto out_bad_inode; 1869 goto out_bad_inode;
1870 } 1870 }
1871 if (old_format_only(sb)) { 1871 if (old_format_only(sb)) {
1872 if (inode->i_uid & ~0xffff || inode->i_gid & ~0xffff) { 1872 if (i_uid_read(inode) & ~0xffff || i_gid_read(inode) & ~0xffff) {
1873 pathrelse(&path_to_key); 1873 pathrelse(&path_to_key);
1874 /* i_uid or i_gid is too big to be stored in stat data v3.5 */ 1874 /* i_uid or i_gid is too big to be stored in stat data v3.5 */
1875 err = -EINVAL; 1875 err = -EINVAL;
@@ -3140,16 +3140,16 @@ int reiserfs_setattr(struct dentry *dentry, struct iattr *attr)
3140 } 3140 }
3141 } 3141 }
3142 3142
3143 if ((((attr->ia_valid & ATTR_UID) && (attr->ia_uid & ~0xffff)) || 3143 if ((((attr->ia_valid & ATTR_UID) && (from_kuid(&init_user_ns, attr->ia_uid) & ~0xffff)) ||
3144 ((attr->ia_valid & ATTR_GID) && (attr->ia_gid & ~0xffff))) && 3144 ((attr->ia_valid & ATTR_GID) && (from_kgid(&init_user_ns, attr->ia_gid) & ~0xffff))) &&
3145 (get_inode_sd_version(inode) == STAT_DATA_V1)) { 3145 (get_inode_sd_version(inode) == STAT_DATA_V1)) {
3146 /* stat data of format v3.5 has 16 bit uid and gid */ 3146 /* stat data of format v3.5 has 16 bit uid and gid */
3147 error = -EINVAL; 3147 error = -EINVAL;
3148 goto out; 3148 goto out;
3149 } 3149 }
3150 3150
3151 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || 3151 if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
3152 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) { 3152 (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
3153 struct reiserfs_transaction_handle th; 3153 struct reiserfs_transaction_handle th;
3154 int jbegin_count = 3154 int jbegin_count =
3155 2 * 3155 2 *
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
index 44474f9b990d..d7c01ef64eda 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -30,7 +30,7 @@ posix_acl_set(struct dentry *dentry, const char *name, const void *value,
30 return -EPERM; 30 return -EPERM;
31 31
32 if (value) { 32 if (value) {
33 acl = posix_acl_from_xattr(value, size); 33 acl = posix_acl_from_xattr(&init_user_ns, value, size);
34 if (IS_ERR(acl)) { 34 if (IS_ERR(acl)) {
35 return PTR_ERR(acl); 35 return PTR_ERR(acl);
36 } else if (acl) { 36 } else if (acl) {
@@ -77,7 +77,7 @@ posix_acl_get(struct dentry *dentry, const char *name, void *buffer,
77 return PTR_ERR(acl); 77 return PTR_ERR(acl);
78 if (acl == NULL) 78 if (acl == NULL)
79 return -ENODATA; 79 return -ENODATA;
80 error = posix_acl_to_xattr(acl, buffer, size); 80 error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
81 posix_acl_release(acl); 81 posix_acl_release(acl);
82 82
83 return error; 83 return error;
@@ -121,15 +121,23 @@ static struct posix_acl *posix_acl_from_disk(const void *value, size_t size)
121 case ACL_OTHER: 121 case ACL_OTHER:
122 value = (char *)value + 122 value = (char *)value +
123 sizeof(reiserfs_acl_entry_short); 123 sizeof(reiserfs_acl_entry_short);
124 acl->a_entries[n].e_id = ACL_UNDEFINED_ID;
125 break; 124 break;
126 125
127 case ACL_USER: 126 case ACL_USER:
127 value = (char *)value + sizeof(reiserfs_acl_entry);
128 if ((char *)value > end)
129 goto fail;
130 acl->a_entries[n].e_uid =
131 make_kuid(&init_user_ns,
132 le32_to_cpu(entry->e_id));
133 break;
128 case ACL_GROUP: 134 case ACL_GROUP:
129 value = (char *)value + sizeof(reiserfs_acl_entry); 135 value = (char *)value + sizeof(reiserfs_acl_entry);
130 if ((char *)value > end) 136 if ((char *)value > end)
131 goto fail; 137 goto fail;
132 acl->a_entries[n].e_id = le32_to_cpu(entry->e_id); 138 acl->a_entries[n].e_gid =
139 make_kgid(&init_user_ns,
140 le32_to_cpu(entry->e_id));
133 break; 141 break;
134 142
135 default: 143 default:
@@ -164,13 +172,19 @@ static void *posix_acl_to_disk(const struct posix_acl *acl, size_t * size)
164 ext_acl->a_version = cpu_to_le32(REISERFS_ACL_VERSION); 172 ext_acl->a_version = cpu_to_le32(REISERFS_ACL_VERSION);
165 e = (char *)ext_acl + sizeof(reiserfs_acl_header); 173 e = (char *)ext_acl + sizeof(reiserfs_acl_header);
166 for (n = 0; n < acl->a_count; n++) { 174 for (n = 0; n < acl->a_count; n++) {
175 const struct posix_acl_entry *acl_e = &acl->a_entries[n];
167 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) e; 176 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) e;
168 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 177 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag);
169 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 178 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm);
170 switch (acl->a_entries[n].e_tag) { 179 switch (acl->a_entries[n].e_tag) {
171 case ACL_USER: 180 case ACL_USER:
181 entry->e_id = cpu_to_le32(
182 from_kuid(&init_user_ns, acl_e->e_uid));
183 e += sizeof(reiserfs_acl_entry);
184 break;
172 case ACL_GROUP: 185 case ACL_GROUP:
173 entry->e_id = cpu_to_le32(acl->a_entries[n].e_id); 186 entry->e_id = cpu_to_le32(
187 from_kgid(&init_user_ns, acl_e->e_gid));
174 e += sizeof(reiserfs_acl_entry); 188 e += sizeof(reiserfs_acl_entry);
175 break; 189 break;
176 190
diff --git a/fs/seq_file.c b/fs/seq_file.c
index 14cf9de1dbe1..99dffab4c4e4 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -9,6 +9,7 @@
9#include <linux/export.h> 9#include <linux/export.h>
10#include <linux/seq_file.h> 10#include <linux/seq_file.h>
11#include <linux/slab.h> 11#include <linux/slab.h>
12#include <linux/cred.h>
12 13
13#include <asm/uaccess.h> 14#include <asm/uaccess.h>
14#include <asm/page.h> 15#include <asm/page.h>
@@ -56,6 +57,9 @@ int seq_open(struct file *file, const struct seq_operations *op)
56 memset(p, 0, sizeof(*p)); 57 memset(p, 0, sizeof(*p));
57 mutex_init(&p->lock); 58 mutex_init(&p->lock);
58 p->op = op; 59 p->op = op;
60#ifdef CONFIG_USER_NS
61 p->user_ns = file->f_cred->user_ns;
62#endif
59 63
60 /* 64 /*
61 * Wrappers around seq_open(e.g. swaps_open) need to be 65 * Wrappers around seq_open(e.g. swaps_open) need to be
diff --git a/fs/squashfs/inode.c b/fs/squashfs/inode.c
index 81afbccfa843..a1ce5ce60632 100644
--- a/fs/squashfs/inode.c
+++ b/fs/squashfs/inode.c
@@ -56,16 +56,20 @@
56static int squashfs_new_inode(struct super_block *sb, struct inode *inode, 56static int squashfs_new_inode(struct super_block *sb, struct inode *inode,
57 struct squashfs_base_inode *sqsh_ino) 57 struct squashfs_base_inode *sqsh_ino)
58{ 58{
59 uid_t i_uid;
60 gid_t i_gid;
59 int err; 61 int err;
60 62
61 err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &inode->i_uid); 63 err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &i_uid);
62 if (err) 64 if (err)
63 return err; 65 return err;
64 66
65 err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->guid), &inode->i_gid); 67 err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->guid), &i_gid);
66 if (err) 68 if (err)
67 return err; 69 return err;
68 70
71 i_uid_write(inode, i_uid);
72 i_gid_write(inode, i_gid);
69 inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); 73 inode->i_ino = le32_to_cpu(sqsh_ino->inode_number);
70 inode->i_mtime.tv_sec = le32_to_cpu(sqsh_ino->mtime); 74 inode->i_mtime.tv_sec = le32_to_cpu(sqsh_ino->mtime);
71 inode->i_atime.tv_sec = inode->i_mtime.tv_sec; 75 inode->i_atime.tv_sec = inode->i_mtime.tv_sec;
diff --git a/fs/sysv/inode.c b/fs/sysv/inode.c
index 80e1e2b18df1..b23ab736685d 100644
--- a/fs/sysv/inode.c
+++ b/fs/sysv/inode.c
@@ -202,8 +202,8 @@ struct inode *sysv_iget(struct super_block *sb, unsigned int ino)
202 } 202 }
203 /* SystemV FS: kludge permissions if ino==SYSV_ROOT_INO ?? */ 203 /* SystemV FS: kludge permissions if ino==SYSV_ROOT_INO ?? */
204 inode->i_mode = fs16_to_cpu(sbi, raw_inode->i_mode); 204 inode->i_mode = fs16_to_cpu(sbi, raw_inode->i_mode);
205 inode->i_uid = (uid_t)fs16_to_cpu(sbi, raw_inode->i_uid); 205 i_uid_write(inode, (uid_t)fs16_to_cpu(sbi, raw_inode->i_uid));
206 inode->i_gid = (gid_t)fs16_to_cpu(sbi, raw_inode->i_gid); 206 i_gid_write(inode, (gid_t)fs16_to_cpu(sbi, raw_inode->i_gid));
207 set_nlink(inode, fs16_to_cpu(sbi, raw_inode->i_nlink)); 207 set_nlink(inode, fs16_to_cpu(sbi, raw_inode->i_nlink));
208 inode->i_size = fs32_to_cpu(sbi, raw_inode->i_size); 208 inode->i_size = fs32_to_cpu(sbi, raw_inode->i_size);
209 inode->i_atime.tv_sec = fs32_to_cpu(sbi, raw_inode->i_atime); 209 inode->i_atime.tv_sec = fs32_to_cpu(sbi, raw_inode->i_atime);
@@ -256,8 +256,8 @@ static int __sysv_write_inode(struct inode *inode, int wait)
256 } 256 }
257 257
258 raw_inode->i_mode = cpu_to_fs16(sbi, inode->i_mode); 258 raw_inode->i_mode = cpu_to_fs16(sbi, inode->i_mode);
259 raw_inode->i_uid = cpu_to_fs16(sbi, fs_high2lowuid(inode->i_uid)); 259 raw_inode->i_uid = cpu_to_fs16(sbi, fs_high2lowuid(i_uid_read(inode)));
260 raw_inode->i_gid = cpu_to_fs16(sbi, fs_high2lowgid(inode->i_gid)); 260 raw_inode->i_gid = cpu_to_fs16(sbi, fs_high2lowgid(i_gid_read(inode)));
261 raw_inode->i_nlink = cpu_to_fs16(sbi, inode->i_nlink); 261 raw_inode->i_nlink = cpu_to_fs16(sbi, inode->i_nlink);
262 raw_inode->i_size = cpu_to_fs32(sbi, inode->i_size); 262 raw_inode->i_size = cpu_to_fs32(sbi, inode->i_size);
263 raw_inode->i_atime = cpu_to_fs32(sbi, inode->i_atime.tv_sec); 263 raw_inode->i_atime = cpu_to_fs32(sbi, inode->i_atime.tv_sec);
diff --git a/fs/ubifs/budget.c b/fs/ubifs/budget.c
index bc4f94b28706..969489e478bc 100644
--- a/fs/ubifs/budget.c
+++ b/fs/ubifs/budget.c
@@ -272,8 +272,8 @@ long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs)
272 */ 272 */
273static int can_use_rp(struct ubifs_info *c) 273static int can_use_rp(struct ubifs_info *c)
274{ 274{
275 if (current_fsuid() == c->rp_uid || capable(CAP_SYS_RESOURCE) || 275 if (uid_eq(current_fsuid(), c->rp_uid) || capable(CAP_SYS_RESOURCE) ||
276 (c->rp_gid != 0 && in_group_p(c->rp_gid))) 276 (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)))
277 return 1; 277 return 1;
278 return 0; 278 return 0;
279} 279}
diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
index bb3167257aab..340d1afc1302 100644
--- a/fs/ubifs/debug.c
+++ b/fs/ubifs/debug.c
@@ -243,8 +243,8 @@ void ubifs_dump_inode(struct ubifs_info *c, const struct inode *inode)
243 printk(KERN_ERR "\tsize %llu\n", 243 printk(KERN_ERR "\tsize %llu\n",
244 (unsigned long long)i_size_read(inode)); 244 (unsigned long long)i_size_read(inode));
245 printk(KERN_ERR "\tnlink %u\n", inode->i_nlink); 245 printk(KERN_ERR "\tnlink %u\n", inode->i_nlink);
246 printk(KERN_ERR "\tuid %u\n", (unsigned int)inode->i_uid); 246 printk(KERN_ERR "\tuid %u\n", (unsigned int)i_uid_read(inode));
247 printk(KERN_ERR "\tgid %u\n", (unsigned int)inode->i_gid); 247 printk(KERN_ERR "\tgid %u\n", (unsigned int)i_gid_read(inode));
248 printk(KERN_ERR "\tatime %u.%u\n", 248 printk(KERN_ERR "\tatime %u.%u\n",
249 (unsigned int)inode->i_atime.tv_sec, 249 (unsigned int)inode->i_atime.tv_sec,
250 (unsigned int)inode->i_atime.tv_nsec); 250 (unsigned int)inode->i_atime.tv_nsec);
diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c
index 12c0f154ca83..afaad07f3b29 100644
--- a/fs/ubifs/journal.c
+++ b/fs/ubifs/journal.c
@@ -469,8 +469,8 @@ static void pack_inode(struct ubifs_info *c, struct ubifs_ino_node *ino,
469 ino->ctime_nsec = cpu_to_le32(inode->i_ctime.tv_nsec); 469 ino->ctime_nsec = cpu_to_le32(inode->i_ctime.tv_nsec);
470 ino->mtime_sec = cpu_to_le64(inode->i_mtime.tv_sec); 470 ino->mtime_sec = cpu_to_le64(inode->i_mtime.tv_sec);
471 ino->mtime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec); 471 ino->mtime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec);
472 ino->uid = cpu_to_le32(inode->i_uid); 472 ino->uid = cpu_to_le32(i_uid_read(inode));
473 ino->gid = cpu_to_le32(inode->i_gid); 473 ino->gid = cpu_to_le32(i_gid_read(inode));
474 ino->mode = cpu_to_le32(inode->i_mode); 474 ino->mode = cpu_to_le32(inode->i_mode);
475 ino->flags = cpu_to_le32(ui->flags); 475 ino->flags = cpu_to_le32(ui->flags);
476 ino->size = cpu_to_le64(ui->ui_size); 476 ino->size = cpu_to_le64(ui->ui_size);
diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c
index 15e2fc5aa60b..52c21f4190f6 100644
--- a/fs/ubifs/sb.c
+++ b/fs/ubifs/sb.c
@@ -611,8 +611,8 @@ int ubifs_read_superblock(struct ubifs_info *c)
611 c->fanout = le32_to_cpu(sup->fanout); 611 c->fanout = le32_to_cpu(sup->fanout);
612 c->lsave_cnt = le32_to_cpu(sup->lsave_cnt); 612 c->lsave_cnt = le32_to_cpu(sup->lsave_cnt);
613 c->rp_size = le64_to_cpu(sup->rp_size); 613 c->rp_size = le64_to_cpu(sup->rp_size);
614 c->rp_uid = le32_to_cpu(sup->rp_uid); 614 c->rp_uid = make_kuid(&init_user_ns, le32_to_cpu(sup->rp_uid));
615 c->rp_gid = le32_to_cpu(sup->rp_gid); 615 c->rp_gid = make_kgid(&init_user_ns, le32_to_cpu(sup->rp_gid));
616 sup_flags = le32_to_cpu(sup->flags); 616 sup_flags = le32_to_cpu(sup->flags);
617 if (!c->mount_opts.override_compr) 617 if (!c->mount_opts.override_compr)
618 c->default_compr = le16_to_cpu(sup->default_compr); 618 c->default_compr = le16_to_cpu(sup->default_compr);
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 71a197f0f93d..681f3a942444 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -130,8 +130,8 @@ struct inode *ubifs_iget(struct super_block *sb, unsigned long inum)
130 130
131 inode->i_flags |= (S_NOCMTIME | S_NOATIME); 131 inode->i_flags |= (S_NOCMTIME | S_NOATIME);
132 set_nlink(inode, le32_to_cpu(ino->nlink)); 132 set_nlink(inode, le32_to_cpu(ino->nlink));
133 inode->i_uid = le32_to_cpu(ino->uid); 133 i_uid_write(inode, le32_to_cpu(ino->uid));
134 inode->i_gid = le32_to_cpu(ino->gid); 134 i_gid_write(inode, le32_to_cpu(ino->gid));
135 inode->i_atime.tv_sec = (int64_t)le64_to_cpu(ino->atime_sec); 135 inode->i_atime.tv_sec = (int64_t)le64_to_cpu(ino->atime_sec);
136 inode->i_atime.tv_nsec = le32_to_cpu(ino->atime_nsec); 136 inode->i_atime.tv_nsec = le32_to_cpu(ino->atime_nsec);
137 inode->i_mtime.tv_sec = (int64_t)le64_to_cpu(ino->mtime_sec); 137 inode->i_mtime.tv_sec = (int64_t)le64_to_cpu(ino->mtime_sec);
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
index 1e5a08623d11..64f2367c2f4c 100644
--- a/fs/ubifs/ubifs.h
+++ b/fs/ubifs/ubifs.h
@@ -1426,8 +1426,8 @@ struct ubifs_info {
1426 1426
1427 long long rp_size; 1427 long long rp_size;
1428 long long report_rp_size; 1428 long long report_rp_size;
1429 uid_t rp_uid; 1429 kuid_t rp_uid;
1430 gid_t rp_gid; 1430 kgid_t rp_gid;
1431 1431
1432 /* The below fields are used only during mounting and re-mounting */ 1432 /* The below fields are used only during mounting and re-mounting */
1433 unsigned int empty:1; 1433 unsigned int empty:1;
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index aa233469b3c1..287ef9f587b7 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1312,14 +1312,14 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh)
1312 } 1312 }
1313 1313
1314 read_lock(&sbi->s_cred_lock); 1314 read_lock(&sbi->s_cred_lock);
1315 inode->i_uid = le32_to_cpu(fe->uid); 1315 i_uid_write(inode, le32_to_cpu(fe->uid));
1316 if (inode->i_uid == -1 || 1316 if (!uid_valid(inode->i_uid) ||
1317 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_IGNORE) || 1317 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_IGNORE) ||
1318 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_SET)) 1318 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_SET))
1319 inode->i_uid = UDF_SB(inode->i_sb)->s_uid; 1319 inode->i_uid = UDF_SB(inode->i_sb)->s_uid;
1320 1320
1321 inode->i_gid = le32_to_cpu(fe->gid); 1321 i_gid_write(inode, le32_to_cpu(fe->gid));
1322 if (inode->i_gid == -1 || 1322 if (!gid_valid(inode->i_gid) ||
1323 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_IGNORE) || 1323 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_IGNORE) ||
1324 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_SET)) 1324 UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_SET))
1325 inode->i_gid = UDF_SB(inode->i_sb)->s_gid; 1325 inode->i_gid = UDF_SB(inode->i_sb)->s_gid;
@@ -1542,12 +1542,12 @@ static int udf_update_inode(struct inode *inode, int do_sync)
1542 if (UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_FORGET)) 1542 if (UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_FORGET))
1543 fe->uid = cpu_to_le32(-1); 1543 fe->uid = cpu_to_le32(-1);
1544 else 1544 else
1545 fe->uid = cpu_to_le32(inode->i_uid); 1545 fe->uid = cpu_to_le32(i_uid_read(inode));
1546 1546
1547 if (UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_FORGET)) 1547 if (UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_FORGET))
1548 fe->gid = cpu_to_le32(-1); 1548 fe->gid = cpu_to_le32(-1);
1549 else 1549 else
1550 fe->gid = cpu_to_le32(inode->i_gid); 1550 fe->gid = cpu_to_le32(i_gid_read(inode));
1551 1551
1552 udfperms = ((inode->i_mode & S_IRWXO)) | 1552 udfperms = ((inode->i_mode & S_IRWXO)) |
1553 ((inode->i_mode & S_IRWXG) << 2) | 1553 ((inode->i_mode & S_IRWXG) << 2) |
diff --git a/fs/udf/super.c b/fs/udf/super.c
index 18fc038a438d..862741dddf27 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -199,8 +199,8 @@ struct udf_options {
199 unsigned int rootdir; 199 unsigned int rootdir;
200 unsigned int flags; 200 unsigned int flags;
201 umode_t umask; 201 umode_t umask;
202 gid_t gid; 202 kgid_t gid;
203 uid_t uid; 203 kuid_t uid;
204 umode_t fmode; 204 umode_t fmode;
205 umode_t dmode; 205 umode_t dmode;
206 struct nls_table *nls_map; 206 struct nls_table *nls_map;
@@ -335,9 +335,9 @@ static int udf_show_options(struct seq_file *seq, struct dentry *root)
335 if (UDF_QUERY_FLAG(sb, UDF_FLAG_GID_IGNORE)) 335 if (UDF_QUERY_FLAG(sb, UDF_FLAG_GID_IGNORE))
336 seq_puts(seq, ",gid=ignore"); 336 seq_puts(seq, ",gid=ignore");
337 if (UDF_QUERY_FLAG(sb, UDF_FLAG_UID_SET)) 337 if (UDF_QUERY_FLAG(sb, UDF_FLAG_UID_SET))
338 seq_printf(seq, ",uid=%u", sbi->s_uid); 338 seq_printf(seq, ",uid=%u", from_kuid(&init_user_ns, sbi->s_uid));
339 if (UDF_QUERY_FLAG(sb, UDF_FLAG_GID_SET)) 339 if (UDF_QUERY_FLAG(sb, UDF_FLAG_GID_SET))
340 seq_printf(seq, ",gid=%u", sbi->s_gid); 340 seq_printf(seq, ",gid=%u", from_kgid(&init_user_ns, sbi->s_gid));
341 if (sbi->s_umask != 0) 341 if (sbi->s_umask != 0)
342 seq_printf(seq, ",umask=%ho", sbi->s_umask); 342 seq_printf(seq, ",umask=%ho", sbi->s_umask);
343 if (sbi->s_fmode != UDF_INVALID_MODE) 343 if (sbi->s_fmode != UDF_INVALID_MODE)
@@ -516,13 +516,17 @@ static int udf_parse_options(char *options, struct udf_options *uopt,
516 case Opt_gid: 516 case Opt_gid:
517 if (match_int(args, &option)) 517 if (match_int(args, &option))
518 return 0; 518 return 0;
519 uopt->gid = option; 519 uopt->gid = make_kgid(current_user_ns(), option);
520 if (!gid_valid(uopt->gid))
521 return 0;
520 uopt->flags |= (1 << UDF_FLAG_GID_SET); 522 uopt->flags |= (1 << UDF_FLAG_GID_SET);
521 break; 523 break;
522 case Opt_uid: 524 case Opt_uid:
523 if (match_int(args, &option)) 525 if (match_int(args, &option))
524 return 0; 526 return 0;
525 uopt->uid = option; 527 uopt->uid = make_kuid(current_user_ns(), option);
528 if (!uid_valid(uopt->uid))
529 return 0;
526 uopt->flags |= (1 << UDF_FLAG_UID_SET); 530 uopt->flags |= (1 << UDF_FLAG_UID_SET);
527 break; 531 break;
528 case Opt_umask: 532 case Opt_umask:
@@ -1934,8 +1938,8 @@ static int udf_fill_super(struct super_block *sb, void *options, int silent)
1934 struct udf_sb_info *sbi; 1938 struct udf_sb_info *sbi;
1935 1939
1936 uopt.flags = (1 << UDF_FLAG_USE_AD_IN_ICB) | (1 << UDF_FLAG_STRICT); 1940 uopt.flags = (1 << UDF_FLAG_USE_AD_IN_ICB) | (1 << UDF_FLAG_STRICT);
1937 uopt.uid = -1; 1941 uopt.uid = INVALID_UID;
1938 uopt.gid = -1; 1942 uopt.gid = INVALID_GID;
1939 uopt.umask = 0; 1943 uopt.umask = 0;
1940 uopt.fmode = UDF_INVALID_MODE; 1944 uopt.fmode = UDF_INVALID_MODE;
1941 uopt.dmode = UDF_INVALID_MODE; 1945 uopt.dmode = UDF_INVALID_MODE;
diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h
index 42ad69ac9576..5f027227f085 100644
--- a/fs/udf/udf_sb.h
+++ b/fs/udf/udf_sb.h
@@ -128,8 +128,8 @@ struct udf_sb_info {
128 128
129 /* Default permissions */ 129 /* Default permissions */
130 umode_t s_umask; 130 umode_t s_umask;
131 gid_t s_gid; 131 kgid_t s_gid;
132 uid_t s_uid; 132 kuid_t s_uid;
133 umode_t s_fmode; 133 umode_t s_fmode;
134 umode_t s_dmode; 134 umode_t s_dmode;
135 /* Lock protecting consistency of above permission settings */ 135 /* Lock protecting consistency of above permission settings */
diff --git a/fs/ufs/inode.c b/fs/ufs/inode.c
index dd7c89d8a1c1..eb6d0b7dc879 100644
--- a/fs/ufs/inode.c
+++ b/fs/ufs/inode.c
@@ -597,8 +597,8 @@ static int ufs1_read_inode(struct inode *inode, struct ufs_inode *ufs_inode)
597 /* 597 /*
598 * Linux now has 32-bit uid and gid, so we can support EFT. 598 * Linux now has 32-bit uid and gid, so we can support EFT.
599 */ 599 */
600 inode->i_uid = ufs_get_inode_uid(sb, ufs_inode); 600 i_uid_write(inode, ufs_get_inode_uid(sb, ufs_inode));
601 inode->i_gid = ufs_get_inode_gid(sb, ufs_inode); 601 i_gid_write(inode, ufs_get_inode_gid(sb, ufs_inode));
602 602
603 inode->i_size = fs64_to_cpu(sb, ufs_inode->ui_size); 603 inode->i_size = fs64_to_cpu(sb, ufs_inode->ui_size);
604 inode->i_atime.tv_sec = fs32_to_cpu(sb, ufs_inode->ui_atime.tv_sec); 604 inode->i_atime.tv_sec = fs32_to_cpu(sb, ufs_inode->ui_atime.tv_sec);
@@ -645,8 +645,8 @@ static int ufs2_read_inode(struct inode *inode, struct ufs2_inode *ufs2_inode)
645 /* 645 /*
646 * Linux now has 32-bit uid and gid, so we can support EFT. 646 * Linux now has 32-bit uid and gid, so we can support EFT.
647 */ 647 */
648 inode->i_uid = fs32_to_cpu(sb, ufs2_inode->ui_uid); 648 i_uid_write(inode, fs32_to_cpu(sb, ufs2_inode->ui_uid));
649 inode->i_gid = fs32_to_cpu(sb, ufs2_inode->ui_gid); 649 i_gid_write(inode, fs32_to_cpu(sb, ufs2_inode->ui_gid));
650 650
651 inode->i_size = fs64_to_cpu(sb, ufs2_inode->ui_size); 651 inode->i_size = fs64_to_cpu(sb, ufs2_inode->ui_size);
652 inode->i_atime.tv_sec = fs64_to_cpu(sb, ufs2_inode->ui_atime); 652 inode->i_atime.tv_sec = fs64_to_cpu(sb, ufs2_inode->ui_atime);
@@ -745,8 +745,8 @@ static void ufs1_update_inode(struct inode *inode, struct ufs_inode *ufs_inode)
745 ufs_inode->ui_mode = cpu_to_fs16(sb, inode->i_mode); 745 ufs_inode->ui_mode = cpu_to_fs16(sb, inode->i_mode);
746 ufs_inode->ui_nlink = cpu_to_fs16(sb, inode->i_nlink); 746 ufs_inode->ui_nlink = cpu_to_fs16(sb, inode->i_nlink);
747 747
748 ufs_set_inode_uid(sb, ufs_inode, inode->i_uid); 748 ufs_set_inode_uid(sb, ufs_inode, i_uid_read(inode));
749 ufs_set_inode_gid(sb, ufs_inode, inode->i_gid); 749 ufs_set_inode_gid(sb, ufs_inode, i_gid_read(inode));
750 750
751 ufs_inode->ui_size = cpu_to_fs64(sb, inode->i_size); 751 ufs_inode->ui_size = cpu_to_fs64(sb, inode->i_size);
752 ufs_inode->ui_atime.tv_sec = cpu_to_fs32(sb, inode->i_atime.tv_sec); 752 ufs_inode->ui_atime.tv_sec = cpu_to_fs32(sb, inode->i_atime.tv_sec);
@@ -789,8 +789,8 @@ static void ufs2_update_inode(struct inode *inode, struct ufs2_inode *ufs_inode)
789 ufs_inode->ui_mode = cpu_to_fs16(sb, inode->i_mode); 789 ufs_inode->ui_mode = cpu_to_fs16(sb, inode->i_mode);
790 ufs_inode->ui_nlink = cpu_to_fs16(sb, inode->i_nlink); 790 ufs_inode->ui_nlink = cpu_to_fs16(sb, inode->i_nlink);
791 791
792 ufs_inode->ui_uid = cpu_to_fs32(sb, inode->i_uid); 792 ufs_inode->ui_uid = cpu_to_fs32(sb, i_uid_read(inode));
793 ufs_inode->ui_gid = cpu_to_fs32(sb, inode->i_gid); 793 ufs_inode->ui_gid = cpu_to_fs32(sb, i_gid_read(inode));
794 794
795 ufs_inode->ui_size = cpu_to_fs64(sb, inode->i_size); 795 ufs_inode->ui_size = cpu_to_fs64(sb, inode->i_size);
796 ufs_inode->ui_atime = cpu_to_fs64(sb, inode->i_atime.tv_sec); 796 ufs_inode->ui_atime = cpu_to_fs64(sb, inode->i_atime.tv_sec);
diff --git a/fs/xattr.c b/fs/xattr.c
index 014f11321fd9..f7f7f09b0b41 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -20,6 +20,7 @@
20#include <linux/fsnotify.h> 20#include <linux/fsnotify.h>
21#include <linux/audit.h> 21#include <linux/audit.h>
22#include <linux/vmalloc.h> 22#include <linux/vmalloc.h>
23#include <linux/posix_acl_xattr.h>
23 24
24#include <asm/uaccess.h> 25#include <asm/uaccess.h>
25 26
@@ -347,6 +348,9 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
347 error = -EFAULT; 348 error = -EFAULT;
348 goto out; 349 goto out;
349 } 350 }
351 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
352 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
353 posix_acl_fix_xattr_from_user(kvalue, size);
350 } 354 }
351 355
352 error = vfs_setxattr(d, kname, kvalue, size, flags); 356 error = vfs_setxattr(d, kname, kvalue, size, flags);
@@ -450,6 +454,9 @@ getxattr(struct dentry *d, const char __user *name, void __user *value,
450 454
451 error = vfs_getxattr(d, kname, kvalue, size); 455 error = vfs_getxattr(d, kname, kvalue, size);
452 if (error > 0) { 456 if (error > 0) {
457 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
458 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
459 posix_acl_fix_xattr_to_user(kvalue, size);
453 if (size && copy_to_user(value, kvalue, error)) 460 if (size && copy_to_user(value, kvalue, error))
454 error = -EFAULT; 461 error = -EFAULT;
455 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 462 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c
index 69d06b07b169..11efd830b5f5 100644
--- a/fs/xattr_acl.c
+++ b/fs/xattr_acl.c
@@ -9,13 +9,72 @@
9#include <linux/fs.h> 9#include <linux/fs.h>
10#include <linux/posix_acl_xattr.h> 10#include <linux/posix_acl_xattr.h>
11#include <linux/gfp.h> 11#include <linux/gfp.h>
12#include <linux/user_namespace.h>
12 13
14/*
15 * Fix up the uids and gids in posix acl extended attributes in place.
16 */
17static void posix_acl_fix_xattr_userns(
18 struct user_namespace *to, struct user_namespace *from,
19 void *value, size_t size)
20{
21 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
22 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
23 int count;
24 kuid_t uid;
25 kgid_t gid;
26
27 if (!value)
28 return;
29 if (size < sizeof(posix_acl_xattr_header))
30 return;
31 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION))
32 return;
33
34 count = posix_acl_xattr_count(size);
35 if (count < 0)
36 return;
37 if (count == 0)
38 return;
39
40 for (end = entry + count; entry != end; entry++) {
41 switch(le16_to_cpu(entry->e_tag)) {
42 case ACL_USER:
43 uid = make_kuid(from, le32_to_cpu(entry->e_id));
44 entry->e_id = cpu_to_le32(from_kuid(to, uid));
45 break;
46 case ACL_GROUP:
47 gid = make_kgid(from, le32_to_cpu(entry->e_id));
48 entry->e_id = cpu_to_le32(from_kuid(to, uid));
49 break;
50 default:
51 break;
52 }
53 }
54}
55
56void posix_acl_fix_xattr_from_user(void *value, size_t size)
57{
58 struct user_namespace *user_ns = current_user_ns();
59 if (user_ns == &init_user_ns)
60 return;
61 posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size);
62}
63
64void posix_acl_fix_xattr_to_user(void *value, size_t size)
65{
66 struct user_namespace *user_ns = current_user_ns();
67 if (user_ns == &init_user_ns)
68 return;
69 posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size);
70}
13 71
14/* 72/*
15 * Convert from extended attribute to in-memory representation. 73 * Convert from extended attribute to in-memory representation.
16 */ 74 */
17struct posix_acl * 75struct posix_acl *
18posix_acl_from_xattr(const void *value, size_t size) 76posix_acl_from_xattr(struct user_namespace *user_ns,
77 const void *value, size_t size)
19{ 78{
20 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; 79 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
21 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; 80 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
@@ -50,12 +109,21 @@ posix_acl_from_xattr(const void *value, size_t size)
50 case ACL_GROUP_OBJ: 109 case ACL_GROUP_OBJ:
51 case ACL_MASK: 110 case ACL_MASK:
52 case ACL_OTHER: 111 case ACL_OTHER:
53 acl_e->e_id = ACL_UNDEFINED_ID;
54 break; 112 break;
55 113
56 case ACL_USER: 114 case ACL_USER:
115 acl_e->e_uid =
116 make_kuid(user_ns,
117 le32_to_cpu(entry->e_id));
118 if (!uid_valid(acl_e->e_uid))
119 goto fail;
120 break;
57 case ACL_GROUP: 121 case ACL_GROUP:
58 acl_e->e_id = le32_to_cpu(entry->e_id); 122 acl_e->e_gid =
123 make_kgid(user_ns,
124 le32_to_cpu(entry->e_id));
125 if (!gid_valid(acl_e->e_gid))
126 goto fail;
59 break; 127 break;
60 128
61 default: 129 default:
@@ -74,7 +142,8 @@ EXPORT_SYMBOL (posix_acl_from_xattr);
74 * Convert from in-memory to extended attribute representation. 142 * Convert from in-memory to extended attribute representation.
75 */ 143 */
76int 144int
77posix_acl_to_xattr(const struct posix_acl *acl, void *buffer, size_t size) 145posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl,
146 void *buffer, size_t size)
78{ 147{
79 posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer; 148 posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer;
80 posix_acl_xattr_entry *ext_entry = ext_acl->a_entries; 149 posix_acl_xattr_entry *ext_entry = ext_acl->a_entries;
@@ -89,9 +158,22 @@ posix_acl_to_xattr(const struct posix_acl *acl, void *buffer, size_t size)
89 ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); 158 ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION);
90 159
91 for (n=0; n < acl->a_count; n++, ext_entry++) { 160 for (n=0; n < acl->a_count; n++, ext_entry++) {
92 ext_entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 161 const struct posix_acl_entry *acl_e = &acl->a_entries[n];
93 ext_entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 162 ext_entry->e_tag = cpu_to_le16(acl_e->e_tag);
94 ext_entry->e_id = cpu_to_le32(acl->a_entries[n].e_id); 163 ext_entry->e_perm = cpu_to_le16(acl_e->e_perm);
164 switch(acl_e->e_tag) {
165 case ACL_USER:
166 ext_entry->e_id =
167 cpu_to_le32(from_kuid(user_ns, acl_e->e_uid));
168 break;
169 case ACL_GROUP:
170 ext_entry->e_id =
171 cpu_to_le32(from_kgid(user_ns, acl_e->e_gid));
172 break;
173 default:
174 ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID);
175 break;
176 }
95 } 177 }
96 return real_size; 178 return real_size;
97} 179}
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index ac702a6eab9b..1d32f1d52763 100644
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -337,7 +337,7 @@ xfs_xattr_acl_get(struct dentry *dentry, const char *name,
337 if (acl == NULL) 337 if (acl == NULL)
338 return -ENODATA; 338 return -ENODATA;
339 339
340 error = posix_acl_to_xattr(acl, value, size); 340 error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
341 posix_acl_release(acl); 341 posix_acl_release(acl);
342 342
343 return error; 343 return error;
@@ -361,7 +361,7 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name,
361 if (!value) 361 if (!value)
362 goto set_acl; 362 goto set_acl;
363 363
364 acl = posix_acl_from_xattr(value, size); 364 acl = posix_acl_from_xattr(&init_user_ns, value, size);
365 if (!acl) { 365 if (!acl) {
366 /* 366 /*
367 * acl_set_file(3) may request that we set default ACLs with 367 * acl_set_file(3) may request that we set default ACLs with
diff --git a/fs/xfs/xfs_quotaops.c b/fs/xfs/xfs_quotaops.c
index fed504fc2999..71926d630527 100644
--- a/fs/xfs/xfs_quotaops.c
+++ b/fs/xfs/xfs_quotaops.c
@@ -97,8 +97,7 @@ xfs_fs_set_xstate(
97STATIC int 97STATIC int
98xfs_fs_get_dqblk( 98xfs_fs_get_dqblk(
99 struct super_block *sb, 99 struct super_block *sb,
100 int type, 100 struct kqid qid,
101 qid_t id,
102 struct fs_disk_quota *fdq) 101 struct fs_disk_quota *fdq)
103{ 102{
104 struct xfs_mount *mp = XFS_M(sb); 103 struct xfs_mount *mp = XFS_M(sb);
@@ -108,14 +107,14 @@ xfs_fs_get_dqblk(
108 if (!XFS_IS_QUOTA_ON(mp)) 107 if (!XFS_IS_QUOTA_ON(mp))
109 return -ESRCH; 108 return -ESRCH;
110 109
111 return -xfs_qm_scall_getquota(mp, id, xfs_quota_type(type), fdq); 110 return -xfs_qm_scall_getquota(mp, from_kqid(&init_user_ns, qid),
111 xfs_quota_type(qid.type), fdq);
112} 112}
113 113
114STATIC int 114STATIC int
115xfs_fs_set_dqblk( 115xfs_fs_set_dqblk(
116 struct super_block *sb, 116 struct super_block *sb,
117 int type, 117 struct kqid qid,
118 qid_t id,
119 struct fs_disk_quota *fdq) 118 struct fs_disk_quota *fdq)
120{ 119{
121 struct xfs_mount *mp = XFS_M(sb); 120 struct xfs_mount *mp = XFS_M(sb);
@@ -127,7 +126,8 @@ xfs_fs_set_dqblk(
127 if (!XFS_IS_QUOTA_ON(mp)) 126 if (!XFS_IS_QUOTA_ON(mp))
128 return -ESRCH; 127 return -ESRCH;
129 128
130 return -xfs_qm_scall_setqlim(mp, id, xfs_quota_type(type), fdq); 129 return -xfs_qm_scall_setqlim(mp, from_kqid(&init_user_ns, qid),
130 xfs_quota_type(qid.type), fdq);
131} 131}
132 132
133const struct quotactl_ops xfs_quotactl_operations = { 133const struct quotactl_ops xfs_quotactl_operations = {
diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c
index bcb60542fcf1..0c7fa54f309e 100644
--- a/fs/xfs/xfs_trans_dquot.c
+++ b/fs/xfs/xfs_trans_dquot.c
@@ -578,9 +578,11 @@ xfs_quota_warn(
578 /* no warnings for project quotas - we just return ENOSPC later */ 578 /* no warnings for project quotas - we just return ENOSPC later */
579 if (dqp->dq_flags & XFS_DQ_PROJ) 579 if (dqp->dq_flags & XFS_DQ_PROJ)
580 return; 580 return;
581 quota_send_warning((dqp->dq_flags & XFS_DQ_USER) ? USRQUOTA : GRPQUOTA, 581 quota_send_warning(make_kqid(&init_user_ns,
582 be32_to_cpu(dqp->q_core.d_id), mp->m_super->s_dev, 582 (dqp->dq_flags & XFS_DQ_USER) ?
583 type); 583 USRQUOTA : GRPQUOTA,
584 be32_to_cpu(dqp->q_core.d_id)),
585 mp->m_super->s_dev, type);
584} 586}
585 587
586/* 588/*
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-17 12:53:24 -0500