aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-05-23 20:42:39 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-05-23 20:42:39 -0400
commit644473e9c60c1ff4f6351fed637a6e5551e3dce7 (patch)
tree10316518bedc735a2c6552886658d69dfd9f1eb0 /fs
parentfb827ec68446c83e9e8754fa9b55aed27ecc4661 (diff)
parent4b06a81f1daee668fbd6de85557bfb36dd36078f (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace enhancements from Eric Biederman: "This is a course correction for the user namespace, so that we can reach an inexpensive, maintainable, and reasonably complete implementation. Highlights: - Config guards make it impossible to enable the user namespace and code that has not been converted to be user namespace safe. - Use of the new kuid_t type ensures the if you somehow get past the config guards the kernel will encounter type errors if you enable user namespaces and attempt to compile in code whose permission checks have not been updated to be user namespace safe. - All uids from child user namespaces are mapped into the initial user namespace before they are processed. Removing the need to add an additional check to see if the user namespace of the compared uids remains the same. - With the user namespaces compiled out the performance is as good or better than it is today. - For most operations absolutely nothing changes performance or operationally with the user namespace enabled. - The worst case performance I could come up with was timing 1 billion cache cold stat operations with the user namespace code enabled. This went from 156s to 164s on my laptop (or 156ns to 164ns per stat operation). - (uid_t)-1 and (gid_t)-1 are reserved as an internal error value. Most uid/gid setting system calls treat these value specially anyway so attempting to use -1 as a uid would likely cause entertaining failures in userspace. - If setuid is called with a uid that can not be mapped setuid fails. I have looked at sendmail, login, ssh and every other program I could think of that would call setuid and they all check for and handle the case where setuid fails. - If stat or a similar system call is called from a context in which we can not map a uid we lie and return overflowuid. The LFS experience suggests not lying and returning an error code might be better, but the historical precedent with uids is different and I can not think of anything that would break by lying about a uid we can't map. - Capabilities are localized to the current user namespace making it safe to give the initial user in a user namespace all capabilities. My git tree covers all of the modifications needed to convert the core kernel and enough changes to make a system bootable to runlevel 1." Fix up trivial conflicts due to nearby independent changes in fs/stat.c * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (46 commits) userns: Silence silly gcc warning. cred: use correct cred accessor with regards to rcu read lock userns: Convert the move_pages, and migrate_pages permission checks to use uid_eq userns: Convert cgroup permission checks to use uid_eq userns: Convert tmpfs to use kuid and kgid where appropriate userns: Convert sysfs to use kgid/kuid where appropriate userns: Convert sysctl permission checks to use kuid and kgids. userns: Convert proc to use kuid/kgid where appropriate userns: Convert ext4 to user kuid/kgid where appropriate userns: Convert ext3 to use kuid/kgid where appropriate userns: Convert ext2 to use kuid/kgid where appropriate. userns: Convert devpts to use kuid/kgid where appropriate userns: Convert binary formats to use kuid/kgid where appropriate userns: Add negative depends on entries to avoid building code that is userns unsafe userns: signal remove unnecessary map_cred_ns userns: Teach inode_capable to understand inodes whose uids map to other namespaces. userns: Fail exec for suid and sgid binaries with ids outside our user namespace. userns: Convert stat to return values mapped from kuids and kgids userns: Convert user specfied uids and gids in chown into kuids and kgid userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs ...
Diffstat (limited to 'fs')
-rw-r--r--fs/attr.c8
-rw-r--r--fs/binfmt_elf.c12
-rw-r--r--fs/binfmt_elf_fdpic.c12
-rw-r--r--fs/compat.c4
-rw-r--r--fs/devpts/inode.c24
-rw-r--r--fs/ecryptfs/messaging.c2
-rw-r--r--fs/exec.c15
-rw-r--r--fs/ext2/balloc.c5
-rw-r--r--fs/ext2/ext2.h8
-rw-r--r--fs/ext2/inode.c20
-rw-r--r--fs/ext2/super.c31
-rw-r--r--fs/ext3/balloc.c5
-rw-r--r--fs/ext3/ext3.h8
-rw-r--r--fs/ext3/inode.c32
-rw-r--r--fs/ext3/super.c35
-rw-r--r--fs/ext4/balloc.c4
-rw-r--r--fs/ext4/ext4.h4
-rw-r--r--fs/ext4/ialloc.c4
-rw-r--r--fs/ext4/inode.c34
-rw-r--r--fs/ext4/migrate.c4
-rw-r--r--fs/ext4/super.c38
-rw-r--r--fs/fcntl.c6
-rw-r--r--fs/inode.c10
-rw-r--r--fs/ioprio.c18
-rw-r--r--fs/locks.c2
-rw-r--r--fs/namei.c29
-rw-r--r--fs/nfsd/auth.c5
-rw-r--r--fs/open.c16
-rw-r--r--fs/proc/array.c15
-rw-r--r--fs/proc/base.c93
-rw-r--r--fs/proc/inode.c4
-rw-r--r--fs/proc/proc_sysctl.c4
-rw-r--r--fs/proc/root.c2
-rw-r--r--fs/stat.c12
-rw-r--r--fs/sysfs/inode.c4
35 files changed, 349 insertions, 180 deletions
diff --git a/fs/attr.c b/fs/attr.c
index 73f69a6ce9ed..584620e5dee5 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -47,14 +47,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
47 47
48 /* Make sure a caller can chown. */ 48 /* Make sure a caller can chown. */
49 if ((ia_valid & ATTR_UID) && 49 if ((ia_valid & ATTR_UID) &&
50 (current_fsuid() != inode->i_uid || 50 (!uid_eq(current_fsuid(), inode->i_uid) ||
51 attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) 51 !uid_eq(attr->ia_uid, inode->i_uid)) && !capable(CAP_CHOWN))
52 return -EPERM; 52 return -EPERM;
53 53
54 /* Make sure caller can chgrp. */ 54 /* Make sure caller can chgrp. */
55 if ((ia_valid & ATTR_GID) && 55 if ((ia_valid & ATTR_GID) &&
56 (current_fsuid() != inode->i_uid || 56 (!uid_eq(current_fsuid(), inode->i_uid) ||
57 (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && 57 (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
58 !capable(CAP_CHOWN)) 58 !capable(CAP_CHOWN))
59 return -EPERM; 59 return -EPERM;
60 60
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 16f735417072..e658dd134b95 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -226,10 +226,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
226 NEW_AUX_ENT(AT_BASE, interp_load_addr); 226 NEW_AUX_ENT(AT_BASE, interp_load_addr);
227 NEW_AUX_ENT(AT_FLAGS, 0); 227 NEW_AUX_ENT(AT_FLAGS, 0);
228 NEW_AUX_ENT(AT_ENTRY, exec->e_entry); 228 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
229 NEW_AUX_ENT(AT_UID, cred->uid); 229 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
230 NEW_AUX_ENT(AT_EUID, cred->euid); 230 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
231 NEW_AUX_ENT(AT_GID, cred->gid); 231 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
232 NEW_AUX_ENT(AT_EGID, cred->egid); 232 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
233 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 233 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
234 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); 234 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
235 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 235 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
@@ -1356,8 +1356,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1356 psinfo->pr_flag = p->flags; 1356 psinfo->pr_flag = p->flags;
1357 rcu_read_lock(); 1357 rcu_read_lock();
1358 cred = __task_cred(p); 1358 cred = __task_cred(p);
1359 SET_UID(psinfo->pr_uid, cred->uid); 1359 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1360 SET_GID(psinfo->pr_gid, cred->gid); 1360 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1361 rcu_read_unlock(); 1361 rcu_read_unlock();
1362 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1362 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1363 1363
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index d390a0fffc65..3d77cf81ba3c 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -627,10 +627,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
627 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); 627 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
628 NEW_AUX_ENT(AT_FLAGS, 0); 628 NEW_AUX_ENT(AT_FLAGS, 0);
629 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); 629 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
630 NEW_AUX_ENT(AT_UID, (elf_addr_t) cred->uid); 630 NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid));
631 NEW_AUX_ENT(AT_EUID, (elf_addr_t) cred->euid); 631 NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid));
632 NEW_AUX_ENT(AT_GID, (elf_addr_t) cred->gid); 632 NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid));
633 NEW_AUX_ENT(AT_EGID, (elf_addr_t) cred->egid); 633 NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid));
634 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 634 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
635 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 635 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
636 636
@@ -1421,8 +1421,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1421 psinfo->pr_flag = p->flags; 1421 psinfo->pr_flag = p->flags;
1422 rcu_read_lock(); 1422 rcu_read_lock();
1423 cred = __task_cred(p); 1423 cred = __task_cred(p);
1424 SET_UID(psinfo->pr_uid, cred->uid); 1424 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1425 SET_GID(psinfo->pr_gid, cred->gid); 1425 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1426 rcu_read_unlock(); 1426 rcu_read_unlock();
1427 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1427 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1428 1428
diff --git a/fs/compat.c b/fs/compat.c
index f2944ace7a7b..0781e619a62a 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -144,8 +144,8 @@ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf)
144 tmp.st_nlink = stat->nlink; 144 tmp.st_nlink = stat->nlink;
145 if (tmp.st_nlink != stat->nlink) 145 if (tmp.st_nlink != stat->nlink)
146 return -EOVERFLOW; 146 return -EOVERFLOW;
147 SET_UID(tmp.st_uid, stat->uid); 147 SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid));
148 SET_GID(tmp.st_gid, stat->gid); 148 SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid));
149 tmp.st_rdev = old_encode_dev(stat->rdev); 149 tmp.st_rdev = old_encode_dev(stat->rdev);
150 if ((u64) stat->size > MAX_NON_LFS) 150 if ((u64) stat->size > MAX_NON_LFS)
151 return -EOVERFLOW; 151 return -EOVERFLOW;
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 10f5e0b484db..979c1e309c73 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -98,8 +98,8 @@ static struct vfsmount *devpts_mnt;
98struct pts_mount_opts { 98struct pts_mount_opts {
99 int setuid; 99 int setuid;
100 int setgid; 100 int setgid;
101 uid_t uid; 101 kuid_t uid;
102 gid_t gid; 102 kgid_t gid;
103 umode_t mode; 103 umode_t mode;
104 umode_t ptmxmode; 104 umode_t ptmxmode;
105 int newinstance; 105 int newinstance;
@@ -158,11 +158,13 @@ static inline struct super_block *pts_sb_from_inode(struct inode *inode)
158static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts) 158static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
159{ 159{
160 char *p; 160 char *p;
161 kuid_t uid;
162 kgid_t gid;
161 163
162 opts->setuid = 0; 164 opts->setuid = 0;
163 opts->setgid = 0; 165 opts->setgid = 0;
164 opts->uid = 0; 166 opts->uid = GLOBAL_ROOT_UID;
165 opts->gid = 0; 167 opts->gid = GLOBAL_ROOT_GID;
166 opts->mode = DEVPTS_DEFAULT_MODE; 168 opts->mode = DEVPTS_DEFAULT_MODE;
167 opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE; 169 opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
168 opts->max = NR_UNIX98_PTY_MAX; 170 opts->max = NR_UNIX98_PTY_MAX;
@@ -184,13 +186,19 @@ static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
184 case Opt_uid: 186 case Opt_uid:
185 if (match_int(&args[0], &option)) 187 if (match_int(&args[0], &option))
186 return -EINVAL; 188 return -EINVAL;
187 opts->uid = option; 189 uid = make_kuid(current_user_ns(), option);
190 if (!uid_valid(uid))
191 return -EINVAL;
192 opts->uid = uid;
188 opts->setuid = 1; 193 opts->setuid = 1;
189 break; 194 break;
190 case Opt_gid: 195 case Opt_gid:
191 if (match_int(&args[0], &option)) 196 if (match_int(&args[0], &option))
192 return -EINVAL; 197 return -EINVAL;
193 opts->gid = option; 198 gid = make_kgid(current_user_ns(), option);
199 if (!gid_valid(gid))
200 return -EINVAL;
201 opts->gid = gid;
194 opts->setgid = 1; 202 opts->setgid = 1;
195 break; 203 break;
196 case Opt_mode: 204 case Opt_mode:
@@ -315,9 +323,9 @@ static int devpts_show_options(struct seq_file *seq, struct dentry *root)
315 struct pts_mount_opts *opts = &fsi->mount_opts; 323 struct pts_mount_opts *opts = &fsi->mount_opts;
316 324
317 if (opts->setuid) 325 if (opts->setuid)
318 seq_printf(seq, ",uid=%u", opts->uid); 326 seq_printf(seq, ",uid=%u", from_kuid_munged(&init_user_ns, opts->uid));
319 if (opts->setgid) 327 if (opts->setgid)
320 seq_printf(seq, ",gid=%u", opts->gid); 328 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, opts->gid));
321 seq_printf(seq, ",mode=%03o", opts->mode); 329 seq_printf(seq, ",mode=%03o", opts->mode);
322#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES 330#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
323 seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode); 331 seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode);
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index ab2248090515..a750f957b145 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -303,7 +303,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
303 mutex_unlock(&ecryptfs_daemon_hash_mux); 303 mutex_unlock(&ecryptfs_daemon_hash_mux);
304 goto wake_up; 304 goto wake_up;
305 } 305 }
306 tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns; 306 tsk_user_ns = __task_cred(msg_ctx->task)->user_ns;
307 ctx_euid = task_euid(msg_ctx->task); 307 ctx_euid = task_euid(msg_ctx->task);
308 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns); 308 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
309 rcu_read_unlock(); 309 rcu_read_unlock();
diff --git a/fs/exec.c b/fs/exec.c
index 1e8efdc80412..52c9e2ff6e6b 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm)
1139 /* This is the point of no return */ 1139 /* This is the point of no return */
1140 current->sas_ss_sp = current->sas_ss_size = 0; 1140 current->sas_ss_sp = current->sas_ss_size = 0;
1141 1141
1142 if (current_euid() == current_uid() && current_egid() == current_gid()) 1142 if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid()))
1143 set_dumpable(current->mm, 1); 1143 set_dumpable(current->mm, 1);
1144 else 1144 else
1145 set_dumpable(current->mm, suid_dumpable); 1145 set_dumpable(current->mm, suid_dumpable);
@@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm)
1153 current->mm->task_size = TASK_SIZE; 1153 current->mm->task_size = TASK_SIZE;
1154 1154
1155 /* install the new credentials */ 1155 /* install the new credentials */
1156 if (bprm->cred->uid != current_euid() || 1156 if (!uid_eq(bprm->cred->uid, current_euid()) ||
1157 bprm->cred->gid != current_egid()) { 1157 !gid_eq(bprm->cred->gid, current_egid())) {
1158 current->pdeath_signal = 0; 1158 current->pdeath_signal = 0;
1159 } else { 1159 } else {
1160 would_dump(bprm, bprm->file); 1160 would_dump(bprm, bprm->file);
@@ -1299,8 +1299,11 @@ int prepare_binprm(struct linux_binprm *bprm)
1299 !current->no_new_privs) { 1299 !current->no_new_privs) {
1300 /* Set-uid? */ 1300 /* Set-uid? */
1301 if (mode & S_ISUID) { 1301 if (mode & S_ISUID) {
1302 if (!kuid_has_mapping(bprm->cred->user_ns, inode->i_uid))
1303 return -EPERM;
1302 bprm->per_clear |= PER_CLEAR_ON_SETID; 1304 bprm->per_clear |= PER_CLEAR_ON_SETID;
1303 bprm->cred->euid = inode->i_uid; 1305 bprm->cred->euid = inode->i_uid;
1306
1304 } 1307 }
1305 1308
1306 /* Set-gid? */ 1309 /* Set-gid? */
@@ -1310,6 +1313,8 @@ int prepare_binprm(struct linux_binprm *bprm)
1310 * executable. 1313 * executable.
1311 */ 1314 */
1312 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { 1315 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1316 if (!kgid_has_mapping(bprm->cred->user_ns, inode->i_gid))
1317 return -EPERM;
1313 bprm->per_clear |= PER_CLEAR_ON_SETID; 1318 bprm->per_clear |= PER_CLEAR_ON_SETID;
1314 bprm->cred->egid = inode->i_gid; 1319 bprm->cred->egid = inode->i_gid;
1315 } 1320 }
@@ -2142,7 +2147,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
2142 if (__get_dumpable(cprm.mm_flags) == 2) { 2147 if (__get_dumpable(cprm.mm_flags) == 2) {
2143 /* Setuid core dump mode */ 2148 /* Setuid core dump mode */
2144 flag = O_EXCL; /* Stop rewrite attacks */ 2149 flag = O_EXCL; /* Stop rewrite attacks */
2145 cred->fsuid = 0; /* Dump root private */ 2150 cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */
2146 } 2151 }
2147 2152
2148 retval = coredump_wait(exit_code, &core_state); 2153 retval = coredump_wait(exit_code, &core_state);
@@ -2243,7 +2248,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
2243 * Dont allow local users get cute and trick others to coredump 2248 * Dont allow local users get cute and trick others to coredump
2244 * into their pre-created files. 2249 * into their pre-created files.
2245 */ 2250 */
2246 if (inode->i_uid != current_fsuid()) 2251 if (!uid_eq(inode->i_uid, current_fsuid()))
2247 goto close_fail; 2252 goto close_fail;
2248 if (!cprm.file->f_op || !cprm.file->f_op->write) 2253 if (!cprm.file->f_op || !cprm.file->f_op->write)
2249 goto close_fail; 2254 goto close_fail;
diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c
index a8cbe1bc6ad4..030c6d277e14 100644
--- a/fs/ext2/balloc.c
+++ b/fs/ext2/balloc.c
@@ -1193,8 +1193,9 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi)
1193 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); 1193 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
1194 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); 1194 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
1195 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && 1195 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
1196 sbi->s_resuid != current_fsuid() && 1196 !uid_eq(sbi->s_resuid, current_fsuid()) &&
1197 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { 1197 (gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) ||
1198 !in_group_p (sbi->s_resgid))) {
1198 return 0; 1199 return 0;
1199 } 1200 }
1200 return 1; 1201 return 1;
diff --git a/fs/ext2/ext2.h b/fs/ext2/ext2.h
index 0b2b4db5bdcd..d9a17d0b124d 100644
--- a/fs/ext2/ext2.h
+++ b/fs/ext2/ext2.h
@@ -82,8 +82,8 @@ struct ext2_sb_info {
82 struct buffer_head ** s_group_desc; 82 struct buffer_head ** s_group_desc;
83 unsigned long s_mount_opt; 83 unsigned long s_mount_opt;
84 unsigned long s_sb_block; 84 unsigned long s_sb_block;
85 uid_t s_resuid; 85 kuid_t s_resuid;
86 gid_t s_resgid; 86 kgid_t s_resgid;
87 unsigned short s_mount_state; 87 unsigned short s_mount_state;
88 unsigned short s_pad; 88 unsigned short s_pad;
89 int s_addr_per_block_bits; 89 int s_addr_per_block_bits;
@@ -637,8 +637,8 @@ static inline void verify_offsets(void)
637 */ 637 */
638struct ext2_mount_options { 638struct ext2_mount_options {
639 unsigned long s_mount_opt; 639 unsigned long s_mount_opt;
640 uid_t s_resuid; 640 kuid_t s_resuid;
641 gid_t s_resgid; 641 kgid_t s_resgid;
642}; 642};
643 643
644/* 644/*
diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c
index 740cad8dcd8d..f9fa95f8443d 100644
--- a/fs/ext2/inode.c
+++ b/fs/ext2/inode.c
@@ -1293,6 +1293,8 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
1293 struct inode *inode; 1293 struct inode *inode;
1294 long ret = -EIO; 1294 long ret = -EIO;
1295 int n; 1295 int n;
1296 uid_t i_uid;
1297 gid_t i_gid;
1296 1298
1297 inode = iget_locked(sb, ino); 1299 inode = iget_locked(sb, ino);
1298 if (!inode) 1300 if (!inode)
@@ -1310,12 +1312,14 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
1310 } 1312 }
1311 1313
1312 inode->i_mode = le16_to_cpu(raw_inode->i_mode); 1314 inode->i_mode = le16_to_cpu(raw_inode->i_mode);
1313 inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low); 1315 i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
1314 inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low); 1316 i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
1315 if (!(test_opt (inode->i_sb, NO_UID32))) { 1317 if (!(test_opt (inode->i_sb, NO_UID32))) {
1316 inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16; 1318 i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
1317 inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16; 1319 i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
1318 } 1320 }
1321 i_uid_write(inode, i_uid);
1322 i_gid_write(inode, i_gid);
1319 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count)); 1323 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
1320 inode->i_size = le32_to_cpu(raw_inode->i_size); 1324 inode->i_size = le32_to_cpu(raw_inode->i_size);
1321 inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime); 1325 inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime);
@@ -1413,8 +1417,8 @@ static int __ext2_write_inode(struct inode *inode, int do_sync)
1413 struct ext2_inode_info *ei = EXT2_I(inode); 1417 struct ext2_inode_info *ei = EXT2_I(inode);
1414 struct super_block *sb = inode->i_sb; 1418 struct super_block *sb = inode->i_sb;
1415 ino_t ino = inode->i_ino; 1419 ino_t ino = inode->i_ino;
1416 uid_t uid = inode->i_uid; 1420 uid_t uid = i_uid_read(inode);
1417 gid_t gid = inode->i_gid; 1421 gid_t gid = i_gid_read(inode);
1418 struct buffer_head * bh; 1422 struct buffer_head * bh;
1419 struct ext2_inode * raw_inode = ext2_get_inode(sb, ino, &bh); 1423 struct ext2_inode * raw_inode = ext2_get_inode(sb, ino, &bh);
1420 int n; 1424 int n;
@@ -1529,8 +1533,8 @@ int ext2_setattr(struct dentry *dentry, struct iattr *iattr)
1529 1533
1530 if (is_quota_modification(inode, iattr)) 1534 if (is_quota_modification(inode, iattr))
1531 dquot_initialize(inode); 1535 dquot_initialize(inode);
1532 if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) || 1536 if ((iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)) ||
1533 (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) { 1537 (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))) {
1534 error = dquot_transfer(inode, iattr); 1538 error = dquot_transfer(inode, iattr);
1535 if (error) 1539 if (error)
1536 return error; 1540 return error;
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index e1025c7a437a..38f816071ddb 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -228,13 +228,15 @@ static int ext2_show_options(struct seq_file *seq, struct dentry *root)
228 seq_puts(seq, ",grpid"); 228 seq_puts(seq, ",grpid");
229 if (!test_opt(sb, GRPID) && (def_mount_opts & EXT2_DEFM_BSDGROUPS)) 229 if (!test_opt(sb, GRPID) && (def_mount_opts & EXT2_DEFM_BSDGROUPS))
230 seq_puts(seq, ",nogrpid"); 230 seq_puts(seq, ",nogrpid");
231 if (sbi->s_resuid != EXT2_DEF_RESUID || 231 if (!uid_eq(sbi->s_resuid, make_kuid(&init_user_ns, EXT2_DEF_RESUID)) ||
232 le16_to_cpu(es->s_def_resuid) != EXT2_DEF_RESUID) { 232 le16_to_cpu(es->s_def_resuid) != EXT2_DEF_RESUID) {
233 seq_printf(seq, ",resuid=%u", sbi->s_resuid); 233 seq_printf(seq, ",resuid=%u",
234 from_kuid_munged(&init_user_ns, sbi->s_resuid));
234 } 235 }
235 if (sbi->s_resgid != EXT2_DEF_RESGID || 236 if (!gid_eq(sbi->s_resgid, make_kgid(&init_user_ns, EXT2_DEF_RESGID)) ||
236 le16_to_cpu(es->s_def_resgid) != EXT2_DEF_RESGID) { 237 le16_to_cpu(es->s_def_resgid) != EXT2_DEF_RESGID) {
237 seq_printf(seq, ",resgid=%u", sbi->s_resgid); 238 seq_printf(seq, ",resgid=%u",
239 from_kgid_munged(&init_user_ns, sbi->s_resgid));
238 } 240 }
239 if (test_opt(sb, ERRORS_RO)) { 241 if (test_opt(sb, ERRORS_RO)) {
240 int def_errors = le16_to_cpu(es->s_errors); 242 int def_errors = le16_to_cpu(es->s_errors);
@@ -436,6 +438,8 @@ static int parse_options(char *options, struct super_block *sb)
436 struct ext2_sb_info *sbi = EXT2_SB(sb); 438 struct ext2_sb_info *sbi = EXT2_SB(sb);
437 substring_t args[MAX_OPT_ARGS]; 439 substring_t args[MAX_OPT_ARGS];
438 int option; 440 int option;
441 kuid_t uid;
442 kgid_t gid;
439 443
440 if (!options) 444 if (!options)
441 return 1; 445 return 1;
@@ -462,12 +466,23 @@ static int parse_options(char *options, struct super_block *sb)
462 case Opt_resuid: 466 case Opt_resuid:
463 if (match_int(&args[0], &option)) 467 if (match_int(&args[0], &option))
464 return 0; 468 return 0;
465 sbi->s_resuid = option; 469 uid = make_kuid(current_user_ns(), option);
470 if (!uid_valid(uid)) {
471 ext2_msg(sb, KERN_ERR, "Invalid uid value %d", option);
472 return -1;
473
474 }
475 sbi->s_resuid = uid;
466 break; 476 break;
467 case Opt_resgid: 477 case Opt_resgid:
468 if (match_int(&args[0], &option)) 478 if (match_int(&args[0], &option))
469 return 0; 479 return 0;
470 sbi->s_resgid = option; 480 gid = make_kgid(current_user_ns(), option);
481 if (!gid_valid(gid)) {
482 ext2_msg(sb, KERN_ERR, "Invalid gid value %d", option);
483 return -1;
484 }
485 sbi->s_resgid = gid;
471 break; 486 break;
472 case Opt_sb: 487 case Opt_sb:
473 /* handled by get_sb_block() instead of here */ 488 /* handled by get_sb_block() instead of here */
@@ -841,8 +856,8 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
841 else 856 else
842 set_opt(sbi->s_mount_opt, ERRORS_RO); 857 set_opt(sbi->s_mount_opt, ERRORS_RO);
843 858
844 sbi->s_resuid = le16_to_cpu(es->s_def_resuid); 859 sbi->s_resuid = make_kuid(&init_user_ns, le16_to_cpu(es->s_def_resuid));
845 sbi->s_resgid = le16_to_cpu(es->s_def_resgid); 860 sbi->s_resgid = make_kgid(&init_user_ns, le16_to_cpu(es->s_def_resgid));
846 861
847 set_opt(sbi->s_mount_opt, RESERVATION); 862 set_opt(sbi->s_mount_opt, RESERVATION);
848 863
diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c
index baac1b129fba..25cd60892116 100644
--- a/fs/ext3/balloc.c
+++ b/fs/ext3/balloc.c
@@ -1439,8 +1439,9 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi, int use_reservation)
1439 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); 1439 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
1440 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); 1440 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
1441 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && 1441 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
1442 !use_reservation && sbi->s_resuid != current_fsuid() && 1442 !use_reservation && !uid_eq(sbi->s_resuid, current_fsuid()) &&
1443 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { 1443 (gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) ||
1444 !in_group_p (sbi->s_resgid))) {
1444 return 0; 1445 return 0;
1445 } 1446 }
1446 return 1; 1447 return 1;
diff --git a/fs/ext3/ext3.h b/fs/ext3/ext3.h
index b6515fd7e56c..7977973a24f0 100644
--- a/fs/ext3/ext3.h
+++ b/fs/ext3/ext3.h
@@ -243,8 +243,8 @@ struct ext3_new_group_data {
243 */ 243 */
244struct ext3_mount_options { 244struct ext3_mount_options {
245 unsigned long s_mount_opt; 245 unsigned long s_mount_opt;
246 uid_t s_resuid; 246 kuid_t s_resuid;
247 gid_t s_resgid; 247 kgid_t s_resgid;
248 unsigned long s_commit_interval; 248 unsigned long s_commit_interval;
249#ifdef CONFIG_QUOTA 249#ifdef CONFIG_QUOTA
250 int s_jquota_fmt; 250 int s_jquota_fmt;
@@ -637,8 +637,8 @@ struct ext3_sb_info {
637 struct buffer_head ** s_group_desc; 637 struct buffer_head ** s_group_desc;
638 unsigned long s_mount_opt; 638 unsigned long s_mount_opt;
639 ext3_fsblk_t s_sb_block; 639 ext3_fsblk_t s_sb_block;
640 uid_t s_resuid; 640 kuid_t s_resuid;
641 gid_t s_resgid; 641 kgid_t s_resgid;
642 unsigned short s_mount_state; 642 unsigned short s_mount_state;
643 unsigned short s_pad; 643 unsigned short s_pad;
644 int s_addr_per_block_bits; 644 int s_addr_per_block_bits;
diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c
index 10d7812f6021..a09790a412b1 100644
--- a/fs/ext3/inode.c
+++ b/fs/ext3/inode.c
@@ -2891,6 +2891,8 @@ struct inode *ext3_iget(struct super_block *sb, unsigned long ino)
2891 transaction_t *transaction; 2891 transaction_t *transaction;
2892 long ret; 2892 long ret;
2893 int block; 2893 int block;
2894 uid_t i_uid;
2895 gid_t i_gid;
2894 2896
2895 inode = iget_locked(sb, ino); 2897 inode = iget_locked(sb, ino);
2896 if (!inode) 2898 if (!inode)
@@ -2907,12 +2909,14 @@ struct inode *ext3_iget(struct super_block *sb, unsigned long ino)
2907 bh = iloc.bh; 2909 bh = iloc.bh;
2908 raw_inode = ext3_raw_inode(&iloc); 2910 raw_inode = ext3_raw_inode(&iloc);
2909 inode->i_mode = le16_to_cpu(raw_inode->i_mode); 2911 inode->i_mode = le16_to_cpu(raw_inode->i_mode);
2910 inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low); 2912 i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
2911 inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low); 2913 i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
2912 if(!(test_opt (inode->i_sb, NO_UID32))) { 2914 if(!(test_opt (inode->i_sb, NO_UID32))) {
2913 inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16; 2915 i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2914 inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16; 2916 i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2915 } 2917 }
2918 i_uid_write(inode, i_uid);
2919 i_gid_write(inode, i_gid);
2916 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count)); 2920 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
2917 inode->i_size = le32_to_cpu(raw_inode->i_size); 2921 inode->i_size = le32_to_cpu(raw_inode->i_size);
2918 inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime); 2922 inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime);
@@ -3068,6 +3072,8 @@ static int ext3_do_update_inode(handle_t *handle,
3068 struct ext3_inode_info *ei = EXT3_I(inode); 3072 struct ext3_inode_info *ei = EXT3_I(inode);
3069 struct buffer_head *bh = iloc->bh; 3073 struct buffer_head *bh = iloc->bh;
3070 int err = 0, rc, block; 3074 int err = 0, rc, block;
3075 uid_t i_uid;
3076 gid_t i_gid;
3071 3077
3072again: 3078again:
3073 /* we can't allow multiple procs in here at once, its a bit racey */ 3079 /* we can't allow multiple procs in here at once, its a bit racey */
@@ -3080,27 +3086,29 @@ again:
3080 3086
3081 ext3_get_inode_flags(ei); 3087 ext3_get_inode_flags(ei);
3082 raw_inode->i_mode = cpu_to_le16(inode->i_mode); 3088 raw_inode->i_mode = cpu_to_le16(inode->i_mode);
3089 i_uid = i_uid_read(inode);
3090 i_gid = i_gid_read(inode);
3083 if(!(test_opt(inode->i_sb, NO_UID32))) { 3091 if(!(test_opt(inode->i_sb, NO_UID32))) {
3084 raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid)); 3092 raw_inode->i_uid_low = cpu_to_le16(low_16_bits(i_uid));
3085 raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid)); 3093 raw_inode->i_gid_low = cpu_to_le16(low_16_bits(i_gid));
3086/* 3094/*
3087 * Fix up interoperability with old kernels. Otherwise, old inodes get 3095 * Fix up interoperability with old kernels. Otherwise, old inodes get
3088 * re-used with the upper 16 bits of the uid/gid intact 3096 * re-used with the upper 16 bits of the uid/gid intact
3089 */ 3097 */
3090 if(!ei->i_dtime) { 3098 if(!ei->i_dtime) {
3091 raw_inode->i_uid_high = 3099 raw_inode->i_uid_high =
3092 cpu_to_le16(high_16_bits(inode->i_uid)); 3100 cpu_to_le16(high_16_bits(i_uid));
3093 raw_inode->i_gid_high = 3101 raw_inode->i_gid_high =
3094 cpu_to_le16(high_16_bits(inode->i_gid)); 3102 cpu_to_le16(high_16_bits(i_gid));
3095 } else { 3103 } else {
3096 raw_inode->i_uid_high = 0; 3104 raw_inode->i_uid_high = 0;
3097 raw_inode->i_gid_high = 0; 3105 raw_inode->i_gid_high = 0;
3098 } 3106 }
3099 } else { 3107 } else {
3100 raw_inode->i_uid_low = 3108 raw_inode->i_uid_low =
3101 cpu_to_le16(fs_high2lowuid(inode->i_uid)); 3109 cpu_to_le16(fs_high2lowuid(i_uid));
3102 raw_inode->i_gid_low = 3110 raw_inode->i_gid_low =
3103 cpu_to_le16(fs_high2lowgid(inode->i_gid)); 3111 cpu_to_le16(fs_high2lowgid(i_gid));
3104 raw_inode->i_uid_high = 0; 3112 raw_inode->i_uid_high = 0;
3105 raw_inode->i_gid_high = 0; 3113 raw_inode->i_gid_high = 0;
3106 } 3114 }
@@ -3262,8 +3270,8 @@ int ext3_setattr(struct dentry *dentry, struct iattr *attr)
3262 3270
3263 if (is_quota_modification(inode, attr)) 3271 if (is_quota_modification(inode, attr))
3264 dquot_initialize(inode); 3272 dquot_initialize(inode);
3265 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || 3273 if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
3266 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) { 3274 (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
3267 handle_t *handle; 3275 handle_t *handle;
3268 3276
3269 /* (user+group)*(old+new) structure, inode write (sb, 3277 /* (user+group)*(old+new) structure, inode write (sb,
diff --git a/fs/ext3/super.c b/fs/ext3/super.c
index cf0b5921cf0f..94ef7e616129 100644
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -617,13 +617,15 @@ static int ext3_show_options(struct seq_file *seq, struct dentry *root)
617 seq_puts(seq, ",grpid"); 617 seq_puts(seq, ",grpid");
618 if (!test_opt(sb, GRPID) && (def_mount_opts & EXT3_DEFM_BSDGROUPS)) 618 if (!test_opt(sb, GRPID) && (def_mount_opts & EXT3_DEFM_BSDGROUPS))
619 seq_puts(seq, ",nogrpid"); 619 seq_puts(seq, ",nogrpid");
620 if (sbi->s_resuid != EXT3_DEF_RESUID || 620 if (!uid_eq(sbi->s_resuid, make_kuid(&init_user_ns, EXT3_DEF_RESUID)) ||
621 le16_to_cpu(es->s_def_resuid) != EXT3_DEF_RESUID) { 621 le16_to_cpu(es->s_def_resuid) != EXT3_DEF_RESUID) {
622 seq_printf(seq, ",resuid=%u", sbi->s_resuid); 622 seq_printf(seq, ",resuid=%u",
623 from_kuid_munged(&init_user_ns, sbi->s_resuid));
623 } 624 }
624 if (sbi->s_resgid != EXT3_DEF_RESGID || 625 if (!gid_eq(sbi->s_resgid, make_kgid(&init_user_ns, EXT3_DEF_RESGID)) ||
625 le16_to_cpu(es->s_def_resgid) != EXT3_DEF_RESGID) { 626 le16_to_cpu(es->s_def_resgid) != EXT3_DEF_RESGID) {
626 seq_printf(seq, ",resgid=%u", sbi->s_resgid); 627 seq_printf(seq, ",resgid=%u",
628 from_kgid_munged(&init_user_ns, sbi->s_resgid));
627 } 629 }
628 if (test_opt(sb, ERRORS_RO)) { 630 if (test_opt(sb, ERRORS_RO)) {
629 int def_errors = le16_to_cpu(es->s_errors); 631 int def_errors = le16_to_cpu(es->s_errors);
@@ -967,6 +969,8 @@ static int parse_options (char *options, struct super_block *sb,
967 substring_t args[MAX_OPT_ARGS]; 969 substring_t args[MAX_OPT_ARGS];
968 int data_opt = 0; 970 int data_opt = 0;
969 int option; 971 int option;
972 kuid_t uid;
973 kgid_t gid;
970#ifdef CONFIG_QUOTA 974#ifdef CONFIG_QUOTA
971 int qfmt; 975 int qfmt;
972#endif 976#endif
@@ -1000,12 +1004,23 @@ static int parse_options (char *options, struct super_block *sb,
1000 case Opt_resuid: 1004 case Opt_resuid:
1001 if (match_int(&args[0], &option)) 1005 if (match_int(&args[0], &option))
1002 return 0; 1006 return 0;
1003 sbi->s_resuid = option; 1007 uid = make_kuid(current_user_ns(), option);
1008 if (!uid_valid(uid)) {
1009 ext3_msg(sb, KERN_ERR, "Invalid uid value %d", option);
1010 return -1;
1011
1012 }
1013 sbi->s_resuid = uid;
1004 break; 1014 break;
1005 case Opt_resgid: 1015 case Opt_resgid:
1006 if (match_int(&args[0], &option)) 1016 if (match_int(&args[0], &option))
1007 return 0; 1017 return 0;
1008 sbi->s_resgid = option; 1018 gid = make_kgid(current_user_ns(), option);
1019 if (!gid_valid(gid)) {
1020 ext3_msg(sb, KERN_ERR, "Invalid gid value %d", option);
1021 return -1;
1022 }
1023 sbi->s_resgid = gid;
1009 break; 1024 break;
1010 case Opt_sb: 1025 case Opt_sb:
1011 /* handled by get_sb_block() instead of here */ 1026 /* handled by get_sb_block() instead of here */
@@ -1651,8 +1666,8 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent)
1651 } 1666 }
1652 sb->s_fs_info = sbi; 1667 sb->s_fs_info = sbi;
1653 sbi->s_mount_opt = 0; 1668 sbi->s_mount_opt = 0;
1654 sbi->s_resuid = EXT3_DEF_RESUID; 1669 sbi->s_resuid = make_kuid(&init_user_ns, EXT3_DEF_RESUID);
1655 sbi->s_resgid = EXT3_DEF_RESGID; 1670 sbi->s_resgid = make_kgid(&init_user_ns, EXT3_DEF_RESGID);
1656 sbi->s_sb_block = sb_block; 1671 sbi->s_sb_block = sb_block;
1657 1672
1658 blocksize = sb_min_blocksize(sb, EXT3_MIN_BLOCK_SIZE); 1673 blocksize = sb_min_blocksize(sb, EXT3_MIN_BLOCK_SIZE);
@@ -1716,8 +1731,8 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent)
1716 else 1731 else
1717 set_opt(sbi->s_mount_opt, ERRORS_RO); 1732 set_opt(sbi->s_mount_opt, ERRORS_RO);
1718 1733
1719 sbi->s_resuid = le16_to_cpu(es->s_def_resuid); 1734 sbi->s_resuid = make_kuid(&init_user_ns, le16_to_cpu(es->s_def_resuid));
1720 sbi->s_resgid = le16_to_cpu(es->s_def_resgid); 1735 sbi->s_resgid = make_kgid(&init_user_ns, le16_to_cpu(es->s_def_resgid));
1721 1736
1722 /* enable barriers by default */ 1737 /* enable barriers by default */
1723 set_opt(sbi->s_mount_opt, BARRIER); 1738 set_opt(sbi->s_mount_opt, BARRIER);
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index 4bbd07a6fa18..c45c41129a35 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -461,8 +461,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
461 return 1; 461 return 1;
462 462
463 /* Hm, nope. Are (enough) root reserved clusters available? */ 463 /* Hm, nope. Are (enough) root reserved clusters available? */
464 if (sbi->s_resuid == current_fsuid() || 464 if (uid_eq(sbi->s_resuid, current_fsuid()) ||
465 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || 465 (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
466 capable(CAP_SYS_RESOURCE) || 466 capable(CAP_SYS_RESOURCE) ||
467 (flags & EXT4_MB_USE_ROOT_BLOCKS)) { 467 (flags & EXT4_MB_USE_ROOT_BLOCKS)) {
468 468
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 0e01e90add8b..c21b1de51afb 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1153,8 +1153,8 @@ struct ext4_sb_info {
1153 unsigned int s_mount_flags; 1153 unsigned int s_mount_flags;
1154 unsigned int s_def_mount_opt; 1154 unsigned int s_def_mount_opt;
1155 ext4_fsblk_t s_sb_block; 1155 ext4_fsblk_t s_sb_block;
1156 uid_t s_resuid; 1156 kuid_t s_resuid;
1157 gid_t s_resgid; 1157 kgid_t s_resgid;
1158 unsigned short s_mount_state; 1158 unsigned short s_mount_state;
1159 unsigned short s_pad; 1159 unsigned short s_pad;
1160 int s_addr_per_block_bits; 1160 int s_addr_per_block_bits;
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 409c2ee7750a..9f9acac6c43f 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -808,8 +808,8 @@ got:
808 } 808 }
809 if (owner) { 809 if (owner) {
810 inode->i_mode = mode; 810 inode->i_mode = mode;
811 inode->i_uid = owner[0]; 811 i_uid_write(inode, owner[0]);
812 inode->i_gid = owner[1]; 812 i_gid_write(inode, owner[1]);
813 } else if (test_opt(sb, GRPID)) { 813 } else if (test_opt(sb, GRPID)) {
814 inode->i_mode = mode; 814 inode->i_mode = mode;
815 inode->i_uid = current_fsuid(); 815 inode->i_uid = current_fsuid();
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index c77b0bd2c711..07eaf565fdcb 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3630,6 +3630,8 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino)
3630 journal_t *journal = EXT4_SB(sb)->s_journal; 3630 journal_t *journal = EXT4_SB(sb)->s_journal;
3631 long ret; 3631 long ret;
3632 int block; 3632 int block;
3633 uid_t i_uid;
3634 gid_t i_gid;
3633 3635
3634 inode = iget_locked(sb, ino); 3636 inode = iget_locked(sb, ino);
3635 if (!inode) 3637 if (!inode)
@@ -3645,12 +3647,14 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino)
3645 goto bad_inode; 3647 goto bad_inode;
3646 raw_inode = ext4_raw_inode(&iloc); 3648 raw_inode = ext4_raw_inode(&iloc);
3647 inode->i_mode = le16_to_cpu(raw_inode->i_mode); 3649 inode->i_mode = le16_to_cpu(raw_inode->i_mode);
3648 inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low); 3650 i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
3649 inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low); 3651 i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
3650 if (!(test_opt(inode->i_sb, NO_UID32))) { 3652 if (!(test_opt(inode->i_sb, NO_UID32))) {
3651 inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16; 3653 i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
3652 inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16; 3654 i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
3653 } 3655 }
3656 i_uid_write(inode, i_uid);
3657 i_gid_write(inode, i_gid);
3654 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count)); 3658 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
3655 3659
3656 ext4_clear_state_flags(ei); /* Only relevant on 32-bit archs */ 3660 ext4_clear_state_flags(ei); /* Only relevant on 32-bit archs */
@@ -3870,6 +3874,8 @@ static int ext4_do_update_inode(handle_t *handle,
3870 struct ext4_inode_info *ei = EXT4_I(inode); 3874 struct ext4_inode_info *ei = EXT4_I(inode);
3871 struct buffer_head *bh = iloc->bh; 3875 struct buffer_head *bh = iloc->bh;
3872 int err = 0, rc, block; 3876 int err = 0, rc, block;
3877 uid_t i_uid;
3878 gid_t i_gid;
3873 3879
3874 /* For fields not not tracking in the in-memory inode, 3880 /* For fields not not tracking in the in-memory inode,
3875 * initialise them to zero for new inodes. */ 3881 * initialise them to zero for new inodes. */
@@ -3878,27 +3884,27 @@ static int ext4_do_update_inode(handle_t *handle,
3878 3884
3879 ext4_get_inode_flags(ei); 3885 ext4_get_inode_flags(ei);
3880 raw_inode->i_mode = cpu_to_le16(inode->i_mode); 3886 raw_inode->i_mode = cpu_to_le16(inode->i_mode);
3887 i_uid = i_uid_read(inode);
3888 i_gid = i_gid_read(inode);
3881 if (!(test_opt(inode->i_sb, NO_UID32))) { 3889 if (!(test_opt(inode->i_sb, NO_UID32))) {
3882 raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid)); 3890 raw_inode->i_uid_low = cpu_to_le16(low_16_bits(i_uid));
3883 raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid)); 3891 raw_inode->i_gid_low = cpu_to_le16(low_16_bits(i_gid));
3884/* 3892/*
3885 * Fix up interoperability with old kernels. Otherwise, old inodes get 3893 * Fix up interoperability with old kernels. Otherwise, old inodes get
3886 * re-used with the upper 16 bits of the uid/gid intact 3894 * re-used with the upper 16 bits of the uid/gid intact
3887 */ 3895 */
3888 if (!ei->i_dtime) { 3896 if (!ei->i_dtime) {
3889 raw_inode->i_uid_high = 3897 raw_inode->i_uid_high =
3890 cpu_to_le16(high_16_bits(inode->i_uid)); 3898 cpu_to_le16(high_16_bits(i_uid));
3891 raw_inode->i_gid_high = 3899 raw_inode->i_gid_high =
3892 cpu_to_le16(high_16_bits(inode->i_gid)); 3900 cpu_to_le16(high_16_bits(i_gid));
3893 } else { 3901 } else {
3894 raw_inode->i_uid_high = 0; 3902 raw_inode->i_uid_high = 0;
3895 raw_inode->i_gid_high = 0; 3903 raw_inode->i_gid_high = 0;
3896 } 3904 }
3897 } else { 3905 } else {
3898 raw_inode->i_uid_low = 3906 raw_inode->i_uid_low = cpu_to_le16(fs_high2lowuid(i_uid));
3899 cpu_to_le16(fs_high2lowuid(inode->i_uid)); 3907 raw_inode->i_gid_low = cpu_to_le16(fs_high2lowgid(i_gid));
3900 raw_inode->i_gid_low =
3901 cpu_to_le16(fs_high2lowgid(inode->i_gid));
3902 raw_inode->i_uid_high = 0; 3908 raw_inode->i_uid_high = 0;
3903 raw_inode->i_gid_high = 0; 3909 raw_inode->i_gid_high = 0;
3904 } 3910 }
@@ -4084,8 +4090,8 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr)
4084 4090
4085 if (is_quota_modification(inode, attr)) 4091 if (is_quota_modification(inode, attr))
4086 dquot_initialize(inode); 4092 dquot_initialize(inode);
4087 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || 4093 if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
4088 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) { 4094 (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
4089 handle_t *handle; 4095 handle_t *handle;
4090 4096
4091 /* (user+group)*(old+new) structure, inode write (sb, 4097 /* (user+group)*(old+new) structure, inode write (sb,
diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c
index f39f80f8f2c5..f1bb32ec0169 100644
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c
@@ -466,8 +466,8 @@ int ext4_ext_migrate(struct inode *inode)
466 } 466 }
467 goal = (((inode->i_ino - 1) / EXT4_INODES_PER_GROUP(inode->i_sb)) * 467 goal = (((inode->i_ino - 1) / EXT4_INODES_PER_GROUP(inode->i_sb)) *
468 EXT4_INODES_PER_GROUP(inode->i_sb)) + 1; 468 EXT4_INODES_PER_GROUP(inode->i_sb)) + 1;
469 owner[0] = inode->i_uid; 469 owner[0] = i_uid_read(inode);
470 owner[1] = inode->i_gid; 470 owner[1] = i_gid_read(inode);
471 tmp_inode = ext4_new_inode(handle, inode->i_sb->s_root->d_inode, 471 tmp_inode = ext4_new_inode(handle, inode->i_sb->s_root->d_inode,
472 S_IFREG, NULL, goal, owner); 472 S_IFREG, NULL, goal, owner);
473 if (IS_ERR(tmp_inode)) { 473 if (IS_ERR(tmp_inode)) {
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index e1fb1d5de58e..436b4223df66 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1448,6 +1448,8 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
1448{ 1448{
1449 struct ext4_sb_info *sbi = EXT4_SB(sb); 1449 struct ext4_sb_info *sbi = EXT4_SB(sb);
1450 const struct mount_opts *m; 1450 const struct mount_opts *m;
1451 kuid_t uid;
1452 kgid_t gid;
1451 int arg = 0; 1453 int arg = 0;
1452 1454
1453#ifdef CONFIG_QUOTA 1455#ifdef CONFIG_QUOTA
@@ -1474,10 +1476,20 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
1474 "Ignoring removed %s option", opt); 1476 "Ignoring removed %s option", opt);
1475 return 1; 1477 return 1;
1476 case Opt_resuid: 1478 case Opt_resuid:
1477 sbi->s_resuid = arg; 1479 uid = make_kuid(current_user_ns(), arg);
1480 if (!uid_valid(uid)) {
1481 ext4_msg(sb, KERN_ERR, "Invalid uid value %d", arg);
1482 return -1;
1483 }
1484 sbi->s_resuid = uid;
1478 return 1; 1485 return 1;
1479 case Opt_resgid: 1486 case Opt_resgid:
1480 sbi->s_resgid = arg; 1487 gid = make_kgid(current_user_ns(), arg);
1488 if (!gid_valid(gid)) {
1489 ext4_msg(sb, KERN_ERR, "Invalid gid value %d", arg);
1490 return -1;
1491 }
1492 sbi->s_resgid = gid;
1481 return 1; 1493 return 1;
1482 case Opt_abort: 1494 case Opt_abort:
1483 sbi->s_mount_flags |= EXT4_MF_FS_ABORTED; 1495 sbi->s_mount_flags |= EXT4_MF_FS_ABORTED;
@@ -1732,12 +1744,14 @@ static int _ext4_show_options(struct seq_file *seq, struct super_block *sb,
1732 SEQ_OPTS_PRINT("%s", token2str(m->token)); 1744 SEQ_OPTS_PRINT("%s", token2str(m->token));
1733 } 1745 }
1734 1746
1735 if (nodefs || sbi->s_resuid != EXT4_DEF_RESUID || 1747 if (nodefs || !uid_eq(sbi->s_resuid, make_kuid(&init_user_ns, EXT4_DEF_RESUID)) ||
1736 le16_to_cpu(es->s_def_resuid) != EXT4_DEF_RESUID) 1748 le16_to_cpu(es->s_def_resuid) != EXT4_DEF_RESUID)
1737 SEQ_OPTS_PRINT("resuid=%u", sbi->s_resuid); 1749 SEQ_OPTS_PRINT("resuid=%u",
1738 if (nodefs || sbi->s_resgid != EXT4_DEF_RESGID || 1750 from_kuid_munged(&init_user_ns, sbi->s_resuid));
1751 if (nodefs || !gid_eq(sbi->s_resgid, make_kgid(&init_user_ns, EXT4_DEF_RESGID)) ||
1739 le16_to_cpu(es->s_def_resgid) != EXT4_DEF_RESGID) 1752 le16_to_cpu(es->s_def_resgid) != EXT4_DEF_RESGID)
1740 SEQ_OPTS_PRINT("resgid=%u", sbi->s_resgid); 1753 SEQ_OPTS_PRINT("resgid=%u",
1754 from_kgid_munged(&init_user_ns, sbi->s_resgid));
1741 def_errors = nodefs ? -1 : le16_to_cpu(es->s_errors); 1755 def_errors = nodefs ? -1 : le16_to_cpu(es->s_errors);
1742 if (test_opt(sb, ERRORS_RO) && def_errors != EXT4_ERRORS_RO) 1756 if (test_opt(sb, ERRORS_RO) && def_errors != EXT4_ERRORS_RO)
1743 SEQ_OPTS_PUTS("errors=remount-ro"); 1757 SEQ_OPTS_PUTS("errors=remount-ro");
@@ -2980,8 +2994,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
2980 } 2994 }
2981 sb->s_fs_info = sbi; 2995 sb->s_fs_info = sbi;
2982 sbi->s_mount_opt = 0; 2996 sbi->s_mount_opt = 0;
2983 sbi->s_resuid = EXT4_DEF_RESUID; 2997 sbi->s_resuid = make_kuid(&init_user_ns, EXT4_DEF_RESUID);
2984 sbi->s_resgid = EXT4_DEF_RESGID; 2998 sbi->s_resgid = make_kgid(&init_user_ns, EXT4_DEF_RESGID);
2985 sbi->s_inode_readahead_blks = EXT4_DEF_INODE_READAHEAD_BLKS; 2999 sbi->s_inode_readahead_blks = EXT4_DEF_INODE_READAHEAD_BLKS;
2986 sbi->s_sb_block = sb_block; 3000 sbi->s_sb_block = sb_block;
2987 if (sb->s_bdev->bd_part) 3001 if (sb->s_bdev->bd_part)
@@ -3060,8 +3074,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
3060 if (def_mount_opts & EXT4_DEFM_DISCARD) 3074 if (def_mount_opts & EXT4_DEFM_DISCARD)
3061 set_opt(sb, DISCARD); 3075 set_opt(sb, DISCARD);
3062 3076
3063 sbi->s_resuid = le16_to_cpu(es->s_def_resuid); 3077 sbi->s_resuid = make_kuid(&init_user_ns, le16_to_cpu(es->s_def_resuid));
3064 sbi->s_resgid = le16_to_cpu(es->s_def_resgid); 3078 sbi->s_resgid = make_kgid(&init_user_ns, le16_to_cpu(es->s_def_resgid));
3065 sbi->s_commit_interval = JBD2_DEFAULT_MAX_COMMIT_AGE * HZ; 3079 sbi->s_commit_interval = JBD2_DEFAULT_MAX_COMMIT_AGE * HZ;
3066 sbi->s_min_batch_time = EXT4_DEF_MIN_BATCH_TIME; 3080 sbi->s_min_batch_time = EXT4_DEF_MIN_BATCH_TIME;
3067 sbi->s_max_batch_time = EXT4_DEF_MAX_BATCH_TIME; 3081 sbi->s_max_batch_time = EXT4_DEF_MAX_BATCH_TIME;
@@ -4213,8 +4227,8 @@ static int ext4_unfreeze(struct super_block *sb)
4213struct ext4_mount_options { 4227struct ext4_mount_options {
4214 unsigned long s_mount_opt; 4228 unsigned long s_mount_opt;
4215 unsigned long s_mount_opt2; 4229 unsigned long s_mount_opt2;
4216 uid_t s_resuid; 4230 kuid_t s_resuid;
4217 gid_t s_resgid; 4231 kgid_t s_resgid;
4218 unsigned long s_commit_interval; 4232 unsigned long s_commit_interval;
4219 u32 s_min_batch_time, s_max_batch_time; 4233 u32 s_min_batch_time, s_max_batch_time;
4220#ifdef CONFIG_QUOTA 4234#ifdef CONFIG_QUOTA
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 75e7c1f3a080..d078b75572a7 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -532,9 +532,9 @@ static inline int sigio_perm(struct task_struct *p,
532 532
533 rcu_read_lock(); 533 rcu_read_lock();
534 cred = __task_cred(p); 534 cred = __task_cred(p);
535 ret = ((fown->euid == 0 || 535 ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) ||
536 fown->euid == cred->suid || fown->euid == cred->uid || 536 uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) ||
537 fown->uid == cred->suid || fown->uid == cred->uid) && 537 uid_eq(fown->uid, cred->suid) || uid_eq(fown->uid, cred->uid)) &&
538 !security_file_send_sigiotask(p, fown, sig)); 538 !security_file_send_sigiotask(p, fown, sig));
539 rcu_read_unlock(); 539 rcu_read_unlock();
540 return ret; 540 return ret;
diff --git a/fs/inode.c b/fs/inode.c
index 9f4f5fecc096..deb72f6c2b4f 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -135,8 +135,8 @@ int inode_init_always(struct super_block *sb, struct inode *inode)
135 inode->i_fop = &empty_fops; 135 inode->i_fop = &empty_fops;
136 inode->__i_nlink = 1; 136 inode->__i_nlink = 1;
137 inode->i_opflags = 0; 137 inode->i_opflags = 0;
138 inode->i_uid = 0; 138 i_uid_write(inode, 0);
139 inode->i_gid = 0; 139 i_gid_write(inode, 0);
140 atomic_set(&inode->i_writecount, 0); 140 atomic_set(&inode->i_writecount, 0);
141 inode->i_size = 0; 141 inode->i_size = 0;
142 inode->i_blocks = 0; 142 inode->i_blocks = 0;
@@ -1732,11 +1732,9 @@ EXPORT_SYMBOL(inode_init_owner);
1732 */ 1732 */
1733bool inode_owner_or_capable(const struct inode *inode) 1733bool inode_owner_or_capable(const struct inode *inode)
1734{ 1734{
1735 struct user_namespace *ns = inode_userns(inode); 1735 if (uid_eq(current_fsuid(), inode->i_uid))
1736
1737 if (current_user_ns() == ns && current_fsuid() == inode->i_uid)
1738 return true; 1736 return true;
1739 if (ns_capable(ns, CAP_FOWNER)) 1737 if (inode_capable(inode, CAP_FOWNER))
1740 return true; 1738 return true;
1741 return false; 1739 return false;
1742} 1740}
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 0f1b9515213b..5e6dbe8958fc 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -37,8 +37,8 @@ int set_task_ioprio(struct task_struct *task, int ioprio)
37 37
38 rcu_read_lock(); 38 rcu_read_lock();
39 tcred = __task_cred(task); 39 tcred = __task_cred(task);
40 if (tcred->uid != cred->euid && 40 if (!uid_eq(tcred->uid, cred->euid) &&
41 tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { 41 !uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) {
42 rcu_read_unlock(); 42 rcu_read_unlock();
43 return -EPERM; 43 return -EPERM;
44 } 44 }
@@ -65,6 +65,7 @@ SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio)
65 struct task_struct *p, *g; 65 struct task_struct *p, *g;
66 struct user_struct *user; 66 struct user_struct *user;
67 struct pid *pgrp; 67 struct pid *pgrp;
68 kuid_t uid;
68 int ret; 69 int ret;
69 70
70 switch (class) { 71 switch (class) {
@@ -110,16 +111,19 @@ SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio)
110 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 111 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
111 break; 112 break;
112 case IOPRIO_WHO_USER: 113 case IOPRIO_WHO_USER:
114 uid = make_kuid(current_user_ns(), who);
115 if (!uid_valid(uid))
116 break;
113 if (!who) 117 if (!who)
114 user = current_user(); 118 user = current_user();
115 else 119 else
116 user = find_user(who); 120 user = find_user(uid);
117 121
118 if (!user) 122 if (!user)
119 break; 123 break;
120 124
121 do_each_thread(g, p) { 125 do_each_thread(g, p) {
122 if (__task_cred(p)->uid != who) 126 if (!uid_eq(task_uid(p), uid))
123 continue; 127 continue;
124 ret = set_task_ioprio(p, ioprio); 128 ret = set_task_ioprio(p, ioprio);
125 if (ret) 129 if (ret)
@@ -174,6 +178,7 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
174 struct task_struct *g, *p; 178 struct task_struct *g, *p;
175 struct user_struct *user; 179 struct user_struct *user;
176 struct pid *pgrp; 180 struct pid *pgrp;
181 kuid_t uid;
177 int ret = -ESRCH; 182 int ret = -ESRCH;
178 int tmpio; 183 int tmpio;
179 184
@@ -203,16 +208,17 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
203 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 208 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
204 break; 209 break;
205 case IOPRIO_WHO_USER: 210 case IOPRIO_WHO_USER:
211 uid = make_kuid(current_user_ns(), who);
206 if (!who) 212 if (!who)
207 user = current_user(); 213 user = current_user();
208 else 214 else
209 user = find_user(who); 215 user = find_user(uid);
210 216
211 if (!user) 217 if (!user)
212 break; 218 break;
213 219
214 do_each_thread(g, p) { 220 do_each_thread(g, p) {
215 if (__task_cred(p)->uid != user->uid) 221 if (!uid_eq(task_uid(p), user->uid))
216 continue; 222 continue;
217 tmpio = get_task_ioprio(p); 223 tmpio = get_task_ioprio(p);
218 if (tmpio < 0) 224 if (tmpio < 0)
diff --git a/fs/locks.c b/fs/locks.c
index 0d68f1f81799..4f441e46cef4 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1446,7 +1446,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
1446 struct inode *inode = dentry->d_inode; 1446 struct inode *inode = dentry->d_inode;
1447 int error; 1447 int error;
1448 1448
1449 if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE)) 1449 if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
1450 return -EACCES; 1450 return -EACCES;
1451 if (!S_ISREG(inode->i_mode)) 1451 if (!S_ISREG(inode->i_mode))
1452 return -EINVAL; 1452 return -EINVAL;
diff --git a/fs/namei.c b/fs/namei.c
index f9e883c1b856..e70ebab9624b 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -218,10 +218,7 @@ static int acl_permission_check(struct inode *inode, int mask)
218{ 218{
219 unsigned int mode = inode->i_mode; 219 unsigned int mode = inode->i_mode;
220 220
221 if (current_user_ns() != inode_userns(inode)) 221 if (likely(uid_eq(current_fsuid(), inode->i_uid)))
222 goto other_perms;
223
224 if (likely(current_fsuid() == inode->i_uid))
225 mode >>= 6; 222 mode >>= 6;
226 else { 223 else {
227 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) { 224 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
@@ -234,7 +231,6 @@ static int acl_permission_check(struct inode *inode, int mask)
234 mode >>= 3; 231 mode >>= 3;
235 } 232 }
236 233
237other_perms:
238 /* 234 /*
239 * If the DACs are ok we don't need any capability check. 235 * If the DACs are ok we don't need any capability check.
240 */ 236 */
@@ -270,10 +266,10 @@ int generic_permission(struct inode *inode, int mask)
270 266
271 if (S_ISDIR(inode->i_mode)) { 267 if (S_ISDIR(inode->i_mode)) {
272 /* DACs are overridable for directories */ 268 /* DACs are overridable for directories */
273 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) 269 if (inode_capable(inode, CAP_DAC_OVERRIDE))
274 return 0; 270 return 0;
275 if (!(mask & MAY_WRITE)) 271 if (!(mask & MAY_WRITE))
276 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) 272 if (inode_capable(inode, CAP_DAC_READ_SEARCH))
277 return 0; 273 return 0;
278 return -EACCES; 274 return -EACCES;
279 } 275 }
@@ -283,7 +279,7 @@ int generic_permission(struct inode *inode, int mask)
283 * at least one exec bit set. 279 * at least one exec bit set.
284 */ 280 */
285 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) 281 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
286 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) 282 if (inode_capable(inode, CAP_DAC_OVERRIDE))
287 return 0; 283 return 0;
288 284
289 /* 285 /*
@@ -291,7 +287,7 @@ int generic_permission(struct inode *inode, int mask)
291 */ 287 */
292 mask &= MAY_READ | MAY_WRITE | MAY_EXEC; 288 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
293 if (mask == MAY_READ) 289 if (mask == MAY_READ)
294 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) 290 if (inode_capable(inode, CAP_DAC_READ_SEARCH))
295 return 0; 291 return 0;
296 292
297 return -EACCES; 293 return -EACCES;
@@ -1934,19 +1930,15 @@ static int user_path_parent(int dfd, const char __user *path,
1934 */ 1930 */
1935static inline int check_sticky(struct inode *dir, struct inode *inode) 1931static inline int check_sticky(struct inode *dir, struct inode *inode)
1936{ 1932{
1937 uid_t fsuid = current_fsuid(); 1933 kuid_t fsuid = current_fsuid();
1938 1934
1939 if (!(dir->i_mode & S_ISVTX)) 1935 if (!(dir->i_mode & S_ISVTX))
1940 return 0; 1936 return 0;
1941 if (current_user_ns() != inode_userns(inode)) 1937 if (uid_eq(inode->i_uid, fsuid))
1942 goto other_userns;
1943 if (inode->i_uid == fsuid)
1944 return 0; 1938 return 0;
1945 if (dir->i_uid == fsuid) 1939 if (uid_eq(dir->i_uid, fsuid))
1946 return 0; 1940 return 0;
1947 1941 return !inode_capable(inode, CAP_FOWNER);
1948other_userns:
1949 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1950} 1942}
1951 1943
1952/* 1944/*
@@ -2534,8 +2526,7 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2534 if (error) 2526 if (error)
2535 return error; 2527 return error;
2536 2528
2537 if ((S_ISCHR(mode) || S_ISBLK(mode)) && 2529 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
2538 !ns_capable(inode_userns(dir), CAP_MKNOD))
2539 return -EPERM; 2530 return -EPERM;
2540 2531
2541 if (!dir->i_op->mknod) 2532 if (!dir->i_op->mknod)
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 79717a40daba..204438cc914e 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -1,6 +1,7 @@
1/* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */ 1/* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
2 2
3#include <linux/sched.h> 3#include <linux/sched.h>
4#include <linux/user_namespace.h>
4#include "nfsd.h" 5#include "nfsd.h"
5#include "auth.h" 6#include "auth.h"
6 7
@@ -56,8 +57,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
56 goto oom; 57 goto oom;
57 58
58 for (i = 0; i < rqgi->ngroups; i++) { 59 for (i = 0; i < rqgi->ngroups; i++) {
59 if (!GROUP_AT(rqgi, i)) 60 if (gid_eq(GLOBAL_ROOT_GID, GROUP_AT(rqgi, i)))
60 GROUP_AT(gi, i) = exp->ex_anon_gid; 61 GROUP_AT(gi, i) = make_kgid(&init_user_ns, exp->ex_anon_gid);
61 else 62 else
62 GROUP_AT(gi, i) = GROUP_AT(rqgi, i); 63 GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
63 } 64 }
diff --git a/fs/open.c b/fs/open.c
index 5eccdcea2d1b..d54301219d04 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -316,7 +316,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
316 316
317 if (!issecure(SECURE_NO_SETUID_FIXUP)) { 317 if (!issecure(SECURE_NO_SETUID_FIXUP)) {
318 /* Clear the capabilities if we switch to a non-root user */ 318 /* Clear the capabilities if we switch to a non-root user */
319 if (override_cred->uid) 319 kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
320 if (!uid_eq(override_cred->uid, root_uid))
320 cap_clear(override_cred->cap_effective); 321 cap_clear(override_cred->cap_effective);
321 else 322 else
322 override_cred->cap_effective = 323 override_cred->cap_effective =
@@ -505,15 +506,24 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
505 struct inode *inode = path->dentry->d_inode; 506 struct inode *inode = path->dentry->d_inode;
506 int error; 507 int error;
507 struct iattr newattrs; 508 struct iattr newattrs;
509 kuid_t uid;
510 kgid_t gid;
511
512 uid = make_kuid(current_user_ns(), user);
513 gid = make_kgid(current_user_ns(), group);
508 514
509 newattrs.ia_valid = ATTR_CTIME; 515 newattrs.ia_valid = ATTR_CTIME;
510 if (user != (uid_t) -1) { 516 if (user != (uid_t) -1) {
517 if (!uid_valid(uid))
518 return -EINVAL;
511 newattrs.ia_valid |= ATTR_UID; 519 newattrs.ia_valid |= ATTR_UID;
512 newattrs.ia_uid = user; 520 newattrs.ia_uid = uid;
513 } 521 }
514 if (group != (gid_t) -1) { 522 if (group != (gid_t) -1) {
523 if (!gid_valid(gid))
524 return -EINVAL;
515 newattrs.ia_valid |= ATTR_GID; 525 newattrs.ia_valid |= ATTR_GID;
516 newattrs.ia_gid = group; 526 newattrs.ia_gid = gid;
517 } 527 }
518 if (!S_ISDIR(inode->i_mode)) 528 if (!S_ISDIR(inode->i_mode))
519 newattrs.ia_valid |= 529 newattrs.ia_valid |=
diff --git a/fs/proc/array.c b/fs/proc/array.c
index f9bd395b3473..dc4c5a7b9ece 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -81,6 +81,7 @@
81#include <linux/pid_namespace.h> 81#include <linux/pid_namespace.h>
82#include <linux/ptrace.h> 82#include <linux/ptrace.h>
83#include <linux/tracehook.h> 83#include <linux/tracehook.h>
84#include <linux/user_namespace.h>
84 85
85#include <asm/pgtable.h> 86#include <asm/pgtable.h>
86#include <asm/processor.h> 87#include <asm/processor.h>
@@ -161,6 +162,7 @@ static inline const char *get_task_state(struct task_struct *tsk)
161static inline void task_state(struct seq_file *m, struct pid_namespace *ns, 162static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
162 struct pid *pid, struct task_struct *p) 163 struct pid *pid, struct task_struct *p)
163{ 164{
165 struct user_namespace *user_ns = current_user_ns();
164 struct group_info *group_info; 166 struct group_info *group_info;
165 int g; 167 int g;
166 struct fdtable *fdt = NULL; 168 struct fdtable *fdt = NULL;
@@ -189,8 +191,14 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
189 task_tgid_nr_ns(p, ns), 191 task_tgid_nr_ns(p, ns),
190 pid_nr_ns(pid, ns), 192 pid_nr_ns(pid, ns),
191 ppid, tpid, 193 ppid, tpid,
192 cred->uid, cred->euid, cred->suid, cred->fsuid, 194 from_kuid_munged(user_ns, cred->uid),
193 cred->gid, cred->egid, cred->sgid, cred->fsgid); 195 from_kuid_munged(user_ns, cred->euid),
196 from_kuid_munged(user_ns, cred->suid),
197 from_kuid_munged(user_ns, cred->fsuid),
198 from_kgid_munged(user_ns, cred->gid),
199 from_kgid_munged(user_ns, cred->egid),
200 from_kgid_munged(user_ns, cred->sgid),
201 from_kgid_munged(user_ns, cred->fsgid));
194 202
195 task_lock(p); 203 task_lock(p);
196 if (p->files) 204 if (p->files)
@@ -205,7 +213,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
205 task_unlock(p); 213 task_unlock(p);
206 214
207 for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) 215 for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++)
208 seq_printf(m, "%d ", GROUP_AT(group_info, g)); 216 seq_printf(m, "%d ",
217 from_kgid_munged(user_ns, GROUP_AT(group_info, g)));
209 put_cred(cred); 218 put_cred(cred);
210 219
211 seq_putc(m, '\n'); 220 seq_putc(m, '\n');
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 57b8159f26f3..d2d3108a611c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -81,6 +81,7 @@
81#include <linux/oom.h> 81#include <linux/oom.h>
82#include <linux/elf.h> 82#include <linux/elf.h>
83#include <linux/pid_namespace.h> 83#include <linux/pid_namespace.h>
84#include <linux/user_namespace.h>
84#include <linux/fs_struct.h> 85#include <linux/fs_struct.h>
85#include <linux/slab.h> 86#include <linux/slab.h>
86#include <linux/flex_array.h> 87#include <linux/flex_array.h>
@@ -1561,8 +1562,8 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
1561 generic_fillattr(inode, stat); 1562 generic_fillattr(inode, stat);
1562 1563
1563 rcu_read_lock(); 1564 rcu_read_lock();
1564 stat->uid = 0; 1565 stat->uid = GLOBAL_ROOT_UID;
1565 stat->gid = 0; 1566 stat->gid = GLOBAL_ROOT_GID;
1566 task = pid_task(proc_pid(inode), PIDTYPE_PID); 1567 task = pid_task(proc_pid(inode), PIDTYPE_PID);
1567 if (task) { 1568 if (task) {
1568 if (!has_pid_permissions(pid, task, 2)) { 1569 if (!has_pid_permissions(pid, task, 2)) {
@@ -1622,8 +1623,8 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
1622 inode->i_gid = cred->egid; 1623 inode->i_gid = cred->egid;
1623 rcu_read_unlock(); 1624 rcu_read_unlock();
1624 } else { 1625 } else {
1625 inode->i_uid = 0; 1626 inode->i_uid = GLOBAL_ROOT_UID;
1626 inode->i_gid = 0; 1627 inode->i_gid = GLOBAL_ROOT_GID;
1627 } 1628 }
1628 inode->i_mode &= ~(S_ISUID | S_ISGID); 1629 inode->i_mode &= ~(S_ISUID | S_ISGID);
1629 security_task_to_inode(task, inode); 1630 security_task_to_inode(task, inode);
@@ -1815,8 +1816,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
1815 inode->i_gid = cred->egid; 1816 inode->i_gid = cred->egid;
1816 rcu_read_unlock(); 1817 rcu_read_unlock();
1817 } else { 1818 } else {
1818 inode->i_uid = 0; 1819 inode->i_uid = GLOBAL_ROOT_UID;
1819 inode->i_gid = 0; 1820 inode->i_gid = GLOBAL_ROOT_GID;
1820 } 1821 }
1821 1822
1822 i_mode = S_IFLNK; 1823 i_mode = S_IFLNK;
@@ -2045,8 +2046,8 @@ static int map_files_d_revalidate(struct dentry *dentry, struct nameidata *nd)
2045 inode->i_gid = cred->egid; 2046 inode->i_gid = cred->egid;
2046 rcu_read_unlock(); 2047 rcu_read_unlock();
2047 } else { 2048 } else {
2048 inode->i_uid = 0; 2049 inode->i_uid = GLOBAL_ROOT_UID;
2049 inode->i_gid = 0; 2050 inode->i_gid = GLOBAL_ROOT_GID;
2050 } 2051 }
2051 security_task_to_inode(task, inode); 2052 security_task_to_inode(task, inode);
2052 status = 1; 2053 status = 1;
@@ -2924,6 +2925,74 @@ static int proc_tgid_io_accounting(struct task_struct *task, char *buffer)
2924} 2925}
2925#endif /* CONFIG_TASK_IO_ACCOUNTING */ 2926#endif /* CONFIG_TASK_IO_ACCOUNTING */
2926 2927
2928#ifdef CONFIG_USER_NS
2929static int proc_id_map_open(struct inode *inode, struct file *file,
2930 struct seq_operations *seq_ops)
2931{
2932 struct user_namespace *ns = NULL;
2933 struct task_struct *task;
2934 struct seq_file *seq;
2935 int ret = -EINVAL;
2936
2937 task = get_proc_task(inode);
2938 if (task) {
2939 rcu_read_lock();
2940 ns = get_user_ns(task_cred_xxx(task, user_ns));
2941 rcu_read_unlock();
2942 put_task_struct(task);
2943 }
2944 if (!ns)
2945 goto err;
2946
2947 ret = seq_open(file, seq_ops);
2948 if (ret)
2949 goto err_put_ns;
2950
2951 seq = file->private_data;
2952 seq->private = ns;
2953
2954 return 0;
2955err_put_ns:
2956 put_user_ns(ns);
2957err:
2958 return ret;
2959}
2960
2961static int proc_id_map_release(struct inode *inode, struct file *file)
2962{
2963 struct seq_file *seq = file->private_data;
2964 struct user_namespace *ns = seq->private;
2965 put_user_ns(ns);
2966 return seq_release(inode, file);
2967}
2968
2969static int proc_uid_map_open(struct inode *inode, struct file *file)
2970{
2971 return proc_id_map_open(inode, file, &proc_uid_seq_operations);
2972}
2973
2974static int proc_gid_map_open(struct inode *inode, struct file *file)
2975{
2976 return proc_id_map_open(inode, file, &proc_gid_seq_operations);
2977}
2978
2979static const struct file_operations proc_uid_map_operations = {
2980 .open = proc_uid_map_open,
2981 .write = proc_uid_map_write,
2982 .read = seq_read,
2983 .llseek = seq_lseek,
2984 .release = proc_id_map_release,
2985};
2986
2987static const struct file_operations proc_gid_map_operations = {
2988 .open = proc_gid_map_open,
2989 .write = proc_gid_map_write,
2990 .read = seq_read,
2991 .llseek = seq_lseek,
2992 .release = proc_id_map_release,
2993};
2994#endif /* CONFIG_USER_NS */
2995
2927static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, 2996static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns,
2928 struct pid *pid, struct task_struct *task) 2997 struct pid *pid, struct task_struct *task)
2929{ 2998{
@@ -3026,6 +3095,10 @@ static const struct pid_entry tgid_base_stuff[] = {
3026#ifdef CONFIG_HARDWALL 3095#ifdef CONFIG_HARDWALL
3027 INF("hardwall", S_IRUGO, proc_pid_hardwall), 3096 INF("hardwall", S_IRUGO, proc_pid_hardwall),
3028#endif 3097#endif
3098#ifdef CONFIG_USER_NS
3099 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
3100 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
3101#endif
3029}; 3102};
3030 3103
3031static int proc_tgid_base_readdir(struct file * filp, 3104static int proc_tgid_base_readdir(struct file * filp,
@@ -3381,6 +3454,10 @@ static const struct pid_entry tid_base_stuff[] = {
3381#ifdef CONFIG_HARDWALL 3454#ifdef CONFIG_HARDWALL
3382 INF("hardwall", S_IRUGO, proc_pid_hardwall), 3455 INF("hardwall", S_IRUGO, proc_pid_hardwall),
3383#endif 3456#endif
3457#ifdef CONFIG_USER_NS
3458 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
3459 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
3460#endif
3384}; 3461};
3385 3462
3386static int proc_tid_base_readdir(struct file * filp, 3463static int proc_tid_base_readdir(struct file * filp,
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 205c92280838..554ecc54799f 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -108,8 +108,8 @@ static int proc_show_options(struct seq_file *seq, struct dentry *root)
108 struct super_block *sb = root->d_sb; 108 struct super_block *sb = root->d_sb;
109 struct pid_namespace *pid = sb->s_fs_info; 109 struct pid_namespace *pid = sb->s_fs_info;
110 110
111 if (pid->pid_gid) 111 if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID))
112 seq_printf(seq, ",gid=%lu", (unsigned long)pid->pid_gid); 112 seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid));
113 if (pid->hide_pid != 0) 113 if (pid->hide_pid != 0)
114 seq_printf(seq, ",hidepid=%u", pid->hide_pid); 114 seq_printf(seq, ",hidepid=%u", pid->hide_pid);
115 115
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 21d836f40292..3476bca8f7af 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -371,9 +371,9 @@ void register_sysctl_root(struct ctl_table_root *root)
371 371
372static int test_perm(int mode, int op) 372static int test_perm(int mode, int op)
373{ 373{
374 if (!current_euid()) 374 if (uid_eq(current_euid(), GLOBAL_ROOT_UID))
375 mode >>= 6; 375 mode >>= 6;
376 else if (in_egroup_p(0)) 376 else if (in_egroup_p(GLOBAL_ROOT_GID))
377 mode >>= 3; 377 mode >>= 3;
378 if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0) 378 if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
379 return 0; 379 return 0;
diff --git a/fs/proc/root.c b/fs/proc/root.c
index eed44bfc85db..7c30fce037c0 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -67,7 +67,7 @@ static int proc_parse_options(char *options, struct pid_namespace *pid)
67 case Opt_gid: 67 case Opt_gid:
68 if (match_int(&args[0], &option)) 68 if (match_int(&args[0], &option))
69 return 0; 69 return 0;
70 pid->pid_gid = option; 70 pid->pid_gid = make_kgid(current_user_ns(), option);
71 break; 71 break;
72 case Opt_hidepid: 72 case Opt_hidepid:
73 if (match_int(&args[0], &option)) 73 if (match_int(&args[0], &option))
diff --git a/fs/stat.c b/fs/stat.c
index 0cef3366a919..b6ff11825fc8 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -138,8 +138,8 @@ static int cp_old_stat(struct kstat *stat, struct __old_kernel_stat __user * sta
138 tmp.st_nlink = stat->nlink; 138 tmp.st_nlink = stat->nlink;
139 if (tmp.st_nlink != stat->nlink) 139 if (tmp.st_nlink != stat->nlink)
140 return -EOVERFLOW; 140 return -EOVERFLOW;
141 SET_UID(tmp.st_uid, stat->uid); 141 SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid));
142 SET_GID(tmp.st_gid, stat->gid); 142 SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid));
143 tmp.st_rdev = old_encode_dev(stat->rdev); 143 tmp.st_rdev = old_encode_dev(stat->rdev);
144#if BITS_PER_LONG == 32 144#if BITS_PER_LONG == 32
145 if (stat->size > MAX_NON_LFS) 145 if (stat->size > MAX_NON_LFS)
@@ -224,8 +224,8 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf)
224 tmp.st_nlink = stat->nlink; 224 tmp.st_nlink = stat->nlink;
225 if (tmp.st_nlink != stat->nlink) 225 if (tmp.st_nlink != stat->nlink)
226 return -EOVERFLOW; 226 return -EOVERFLOW;
227 SET_UID(tmp.st_uid, stat->uid); 227 SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid));
228 SET_GID(tmp.st_gid, stat->gid); 228 SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid));
229 tmp.st_rdev = encode_dev(stat->rdev); 229 tmp.st_rdev = encode_dev(stat->rdev);
230 tmp.st_size = stat->size; 230 tmp.st_size = stat->size;
231 tmp.st_atime = stat->atime.tv_sec; 231 tmp.st_atime = stat->atime.tv_sec;
@@ -355,8 +355,8 @@ static long cp_new_stat64(struct kstat *stat, struct stat64 __user *statbuf)
355#endif 355#endif
356 tmp.st_mode = stat->mode; 356 tmp.st_mode = stat->mode;
357 tmp.st_nlink = stat->nlink; 357 tmp.st_nlink = stat->nlink;
358 tmp.st_uid = stat->uid; 358 tmp.st_uid = from_kuid_munged(current_user_ns(), stat->uid);
359 tmp.st_gid = stat->gid; 359 tmp.st_gid = from_kgid_munged(current_user_ns(), stat->gid);
360 tmp.st_atime = stat->atime.tv_sec; 360 tmp.st_atime = stat->atime.tv_sec;
361 tmp.st_atime_nsec = stat->atime.tv_nsec; 361 tmp.st_atime_nsec = stat->atime.tv_nsec;
362 tmp.st_mtime = stat->mtime.tv_sec; 362 tmp.st_mtime = stat->mtime.tv_sec;
diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c
index feb2d69396cf..907c2b3af758 100644
--- a/fs/sysfs/inode.c
+++ b/fs/sysfs/inode.c
@@ -62,8 +62,8 @@ static struct sysfs_inode_attrs *sysfs_init_inode_attrs(struct sysfs_dirent *sd)
62 62
63 /* assign default attributes */ 63 /* assign default attributes */
64 iattrs->ia_mode = sd->s_mode; 64 iattrs->ia_mode = sd->s_mode;
65 iattrs->ia_uid = 0; 65 iattrs->ia_uid = GLOBAL_ROOT_UID;
66 iattrs->ia_gid = 0; 66 iattrs->ia_gid = GLOBAL_ROOT_GID;
67 iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME; 67 iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME;
68 68
69 return attrs; 69 return attrs;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-11 08:29:50 -0500