13 files changed, 288 insertions, 64 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index c398cff3dab7..68d56effc328 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -377,6 +377,7 @@ struct cpu_vfs_cap_data {
 #ifdef __KERNEL__
+struct inode;
 struct dentry;
 struct user_namespace;
@@ -551,6 +552,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
 extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
 extern bool nsown_capable(int cap);
+extern bool inode_capable(const struct inode *inode, int cap);
 /* audit system wants to get cap info from files as well */
 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
diff --git a/include/linux/cred.h b/include/linux/cred.h
index adadf71a7327..917dc5aeb1d4 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -17,6 +17,7 @@
 #include <linux/key.h>
 #include <linux/selinux.h>
 #include <linux/atomic.h>
+#include <linux/uidgid.h>
 struct user_struct;
 struct cred;
@@ -26,14 +27,14 @@ struct inode;
 * COW Supplementary groups list
 */
 #define NGROUPS_SMALL           32
-#define NGROUPS_PER_BLOCK       ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
+#define NGROUPS_PER_BLOCK       ((unsigned int)(PAGE_SIZE / sizeof(kgid_t)))
 struct group_info {
        atomic_t        usage;
        int             ngroups;
        int             nblocks;
-        gid_t           small_block[NGROUPS_SMALL];
+        kgid_t          small_block[NGROUPS_SMALL];
-        gid_t           *blocks[0];
+        kgid_t          *blocks[0];
 };
 /**
@@ -66,14 +67,14 @@ extern struct group_info init_groups;
 extern void groups_free(struct group_info *);
 extern int set_current_groups(struct group_info *);
 extern int set_groups(struct cred *, struct group_info *);
-extern int groups_search(const struct group_info *, gid_t);
+extern int groups_search(const struct group_info *, kgid_t);
 /* access the groups "array" with this macro */
 #define GROUP_AT(gi, i) \
        ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK])
-extern int in_group_p(gid_t);
+extern int in_group_p(kgid_t);
-extern int in_egroup_p(gid_t);
+extern int in_egroup_p(kgid_t);
 /*
 * The common credentials for a thread group
@@ -122,14 +123,14 @@ struct cred {
 #define CRED_MAGIC      0x43736564
 #define CRED_MAGIC_DEAD 0x44656144
 #endif
-        uid_t           uid;            /* real UID of the task */
+        kuid_t          uid;            /* real UID of the task */
-        gid_t           gid;            /* real GID of the task */
+        kgid_t          gid;            /* real GID of the task */
-        uid_t           suid;           /* saved UID of the task */
+        kuid_t          suid;           /* saved UID of the task */
-        gid_t           sgid;           /* saved GID of the task */
+        kgid_t          sgid;           /* saved GID of the task */
-        uid_t           euid;           /* effective UID of the task */
+        kuid_t          euid;           /* effective UID of the task */
-        gid_t           egid;           /* effective GID of the task */
+        kgid_t          egid;           /* effective GID of the task */
-        uid_t           fsuid;          /* UID for VFS ops */
+        kuid_t          fsuid;          /* UID for VFS ops */
-        gid_t           fsgid;          /* GID for VFS ops */
+        kgid_t          fsgid;          /* GID for VFS ops */
        unsigned        securebits;     /* SUID-less security management */
        kernel_cap_t    cap_inheritable; /* caps our children can inherit */
        kernel_cap_t    cap_permitted;  /* caps we're permitted */
@@ -146,7 +147,7 @@ struct cred {
        void            *security;      /* subjective LSM security */
 #endif
        struct user_struct *user;       /* real user ID subscription */
-        struct user_namespace *user_ns; /* cached user->user_ns */
+        struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */
        struct group_info *group_info;  /* supplementary groups for euid/fsgid */
        struct rcu_head rcu;            /* RCU deletion hook */
 };
@@ -357,11 +358,11 @@ static inline void put_cred(const struct cred *_cred)
 #define current_user()          (current_cred_xxx(user))
 #define current_security()      (current_cred_xxx(security))
+extern struct user_namespace init_user_ns;
 #ifdef CONFIG_USER_NS
 #define current_user_ns()       (current_cred_xxx(user_ns))
 #define task_user_ns(task)      (task_cred_xxx((task), user_ns))
 #else
-extern struct user_namespace init_user_ns;
 #define current_user_ns()       (&init_user_ns)
 #define task_user_ns(task)      (&init_user_ns)
 #endif
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 25c40b9f848a..c0e53372b082 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -402,6 +402,7 @@ struct inodes_stat_t {
 #include <linux/atomic.h>
 #include <linux/shrinker.h>
 #include <linux/migrate_mode.h>
+#include <linux/uidgid.h>
 #include <asm/byteorder.h>
@@ -469,8 +470,8 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset,
 struct iattr {
        unsigned int    ia_valid;
        umode_t         ia_mode;
-        uid_t           ia_uid;
+        kuid_t          ia_uid;
-        gid_t           ia_gid;
+        kgid_t          ia_gid;
        loff_t          ia_size;
        struct timespec ia_atime;
        struct timespec ia_mtime;
@@ -761,8 +762,8 @@ struct posix_acl;
 struct inode {
        umode_t                 i_mode;
        unsigned short          i_opflags;
-        uid_t                   i_uid;
+        kuid_t                  i_uid;
-        gid_t                   i_gid;
+        kgid_t                  i_gid;
        unsigned int            i_flags;
 #ifdef CONFIG_FS_POSIX_ACL
@@ -927,6 +928,31 @@ static inline void i_size_write(struct inode *inode, loff_t i_size)
 #endif
 }
+/* Helper functions so that in most cases filesystems will
+ * not need to deal directly with kuid_t and kgid_t and can
+ * instead deal with the raw numeric values that are stored
+ * in the filesystem.
+ */
+static inline uid_t i_uid_read(const struct inode *inode)
+{
+        return from_kuid(&init_user_ns, inode->i_uid);
+}
+static inline gid_t i_gid_read(const struct inode *inode)
+{
+        return from_kgid(&init_user_ns, inode->i_gid);
+}
+static inline void i_uid_write(struct inode *inode, uid_t uid)
+{
+        inode->i_uid = make_kuid(&init_user_ns, uid);
+}
+static inline void i_gid_write(struct inode *inode, gid_t gid)
+{
+        inode->i_gid = make_kgid(&init_user_ns, gid);
+}
 static inline unsigned iminor(const struct inode *inode)
 {
        return MINOR(inode->i_rdev);
@@ -943,7 +969,7 @@ struct fown_struct {
        rwlock_t lock;          /* protects pid, uid, euid fields */
        struct pid *pid;        /* pid or -pgrp where SIGIO should be sent */
        enum pid_type pid_type; /* Kind of process group SIGIO should be sent to */
-        uid_t uid, euid;        /* uid/euid of process setting the owner */
+        kuid_t uid, euid;       /* uid/euid of process setting the owner */
        int signum;             /* posix.1b rt signal to be delivered on IO */
 };
@@ -1527,12 +1553,6 @@ enum {
 #define vfs_check_frozen(sb, level) \
        wait_event((sb)->s_wait_unfrozen, ((sb)->s_frozen < (level)))
-/*
- * until VFS tracks user namespaces for inodes, just make all files
- * belong to init_user_ns
- */
-extern struct user_namespace init_user_ns;
-#define inode_userns(inode) (&init_user_ns)
 extern bool inode_owner_or_capable(const struct inode *inode);
 /* not quite ready to be deprecated, but... */
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index b067bd8c49d0..00474b047145 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -31,7 +31,7 @@ struct pid_namespace {
 #ifdef CONFIG_BSD_PROCESS_ACCT
        struct bsd_acct_struct *bacct;
 #endif
-        gid_t pid_gid;
+        kgid_t pid_gid;
        int hide_pid;
        int reboot;     /* group exit code if this pidns was rebooted */
 };
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 85c507306239..3fd2e871ff1b 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -52,8 +52,8 @@ struct proc_dir_entry {
        unsigned int low_ino;
        umode_t mode;
        nlink_t nlink;
-        uid_t uid;
+        kuid_t uid;
-        gid_t gid;
+        kgid_t gid;
        loff_t size;
        const struct inode_operations *proc_iops;
        /*
diff --git a/include/linux/quotaops.h b/include/linux/quotaops.h
index d93f95e6177c..17b977304a09 100644
--- a/include/linux/quotaops.h
+++ b/include/linux/quotaops.h
@@ -22,8 +22,8 @@ static inline struct quota_info *sb_dqopt(struct super_block *sb)
 static inline bool is_quota_modification(struct inode *inode, struct iattr *ia)
 {
        return (ia->ia_valid & ATTR_SIZE && ia->ia_size != inode->i_size) ||
-                (ia->ia_valid & ATTR_UID && ia->ia_uid != inode->i_uid) ||
+                (ia->ia_valid & ATTR_UID && !uid_eq(ia->ia_uid, inode->i_uid)) ||
-                (ia->ia_valid & ATTR_GID && ia->ia_gid != inode->i_gid);
+                (ia->ia_valid & ATTR_GID && !gid_eq(ia->ia_gid, inode->i_gid));
 }
 #if defined(CONFIG_QUOTA)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 28fa9d02fd59..5ea8baea9387 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -90,6 +90,7 @@ struct sched_param {
 #include <linux/latencytop.h>
 #include <linux/cred.h>
 #include <linux/llist.h>
+#include <linux/uidgid.h>
 #include <asm/processor.h>
@@ -728,8 +729,7 @@ struct user_struct {
        /* Hash table maintenance information */
        struct hlist_node uidhash_node;
-        uid_t uid;
+        kuid_t uid;
-        struct user_namespace *user_ns;
 #ifdef CONFIG_PERF_EVENTS
        atomic_long_t locked_vm;
@@ -738,7 +738,7 @@ struct user_struct {
 extern int uids_sysfs_init(void);
-extern struct user_struct *find_user(uid_t);
+extern struct user_struct *find_user(kuid_t);
 extern struct user_struct root_user;
 #define INIT_USER (&root_user)
@@ -2142,14 +2142,13 @@ extern struct task_struct *find_task_by_pid_ns(pid_t nr,
 extern void __set_special_pids(struct pid *pid);
 /* per-UID process charging. */
-extern struct user_struct * alloc_uid(struct user_namespace *, uid_t);
+extern struct user_struct * alloc_uid(kuid_t);
 static inline struct user_struct *get_uid(struct user_struct *u)
 {
        atomic_inc(&u->__count);
        return u;
 }
 extern void free_uid(struct user_struct *);
-extern void release_uids(struct user_namespace *ns);
 #include <asm/current.h>
diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h
index 79ab2555b3b0..bef2cf00b3be 100644
--- a/include/linux/shmem_fs.h
+++ b/include/linux/shmem_fs.h
@@ -28,8 +28,8 @@ struct shmem_sb_info {
        unsigned long max_inodes;   /* How many inodes are allowed */
        unsigned long free_inodes;  /* How many are left for allocation */
        spinlock_t stat_lock;       /* Serialize shmem_sb_info changes */
-        uid_t uid;                  /* Mount uid for root directory */
+        kuid_t uid;                 /* Mount uid for root directory */
-        gid_t gid;                  /* Mount gid for root directory */
+        kgid_t gid;                 /* Mount gid for root directory */
        umode_t mode;               /* Mount mode for root directory */
        struct mempolicy *mpol;     /* default memory policy for mappings */
 };
diff --git a/include/linux/stat.h b/include/linux/stat.h
index 611c398dab72..46132409a3f7 100644
--- a/include/linux/stat.h
+++ b/include/linux/stat.h
@@ -58,14 +58,15 @@
 #include <linux/types.h>
 #include <linux/time.h>
+#include <linux/uidgid.h>
 struct kstat {
        u64             ino;
        dev_t           dev;
        umode_t         mode;
        unsigned int    nlink;
-        uid_t           uid;
+        kuid_t          uid;
-        gid_t           gid;
+        kgid_t          gid;
        dev_t           rdev;
        loff_t          size;
        struct timespec  atime;
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
new file mode 100644
index 000000000000..8e522cbcef29
--- /dev/null
+++ b/include/linux/uidgid.h
@@ -0,0 +1,200 @@
+#ifndef _LINUX_UIDGID_H
+#define _LINUX_UIDGID_H
+/*
+ * A set of types for the internal kernel types representing uids and gids.
+ *
+ * The types defined in this header allow distinguishing which uids and gids in
+ * the kernel are values used by userspace and which uid and gid values are
+ * the internal kernel values.  With the addition of user namespaces the values
+ * can be different.  Using the type system makes it possible for the compiler
+ * to detect when we overlook these differences.
+ *
+ */
+#include <linux/types.h>
+#include <linux/highuid.h>
+struct user_namespace;
+extern struct user_namespace init_user_ns;
+#ifdef CONFIG_UIDGID_STRICT_TYPE_CHECKS
+typedef struct {
+        uid_t val;
+} kuid_t;
+typedef struct {
+        gid_t val;
+} kgid_t;
+#define KUIDT_INIT(value) (kuid_t){ value }
+#define KGIDT_INIT(value) (kgid_t){ value }
+static inline uid_t __kuid_val(kuid_t uid)
+{
+        return uid.val;
+}
+static inline gid_t __kgid_val(kgid_t gid)
+{
+        return gid.val;
+}
+#else
+typedef uid_t kuid_t;
+typedef gid_t kgid_t;
+static inline uid_t __kuid_val(kuid_t uid)
+{
+        return uid;
+}
+static inline gid_t __kgid_val(kgid_t gid)
+{
+        return gid;
+}
+#define KUIDT_INIT(value) ((kuid_t) value )
+#define KGIDT_INIT(value) ((kgid_t) value )
+#endif
+#define GLOBAL_ROOT_UID KUIDT_INIT(0)
+#define GLOBAL_ROOT_GID KGIDT_INIT(0)
+#define INVALID_UID KUIDT_INIT(-1)
+#define INVALID_GID KGIDT_INIT(-1)
+static inline bool uid_eq(kuid_t left, kuid_t right)
+{
+        return __kuid_val(left) == __kuid_val(right);
+}
+static inline bool gid_eq(kgid_t left, kgid_t right)
+{
+        return __kgid_val(left) == __kgid_val(right);
+}
+static inline bool uid_gt(kuid_t left, kuid_t right)
+{
+        return __kuid_val(left) > __kuid_val(right);
+}
+static inline bool gid_gt(kgid_t left, kgid_t right)
+{
+        return __kgid_val(left) > __kgid_val(right);
+}
+static inline bool uid_gte(kuid_t left, kuid_t right)
+{
+        return __kuid_val(left) >= __kuid_val(right);
+}
+static inline bool gid_gte(kgid_t left, kgid_t right)
+{
+        return __kgid_val(left) >= __kgid_val(right);
+}
+static inline bool uid_lt(kuid_t left, kuid_t right)
+{
+        return __kuid_val(left) < __kuid_val(right);
+}
+static inline bool gid_lt(kgid_t left, kgid_t right)
+{
+        return __kgid_val(left) < __kgid_val(right);
+}
+static inline bool uid_lte(kuid_t left, kuid_t right)
+{
+        return __kuid_val(left) <= __kuid_val(right);
+}
+static inline bool gid_lte(kgid_t left, kgid_t right)
+{
+        return __kgid_val(left) <= __kgid_val(right);
+}
+static inline bool uid_valid(kuid_t uid)
+{
+        return !uid_eq(uid, INVALID_UID);
+}
+static inline bool gid_valid(kgid_t gid)
+{
+        return !gid_eq(gid, INVALID_GID);
+}
+#ifdef CONFIG_USER_NS
+extern kuid_t make_kuid(struct user_namespace *from, uid_t uid);
+extern kgid_t make_kgid(struct user_namespace *from, gid_t gid);
+extern uid_t from_kuid(struct user_namespace *to, kuid_t uid);
+extern gid_t from_kgid(struct user_namespace *to, kgid_t gid);
+extern uid_t from_kuid_munged(struct user_namespace *to, kuid_t uid);
+extern gid_t from_kgid_munged(struct user_namespace *to, kgid_t gid);
+static inline bool kuid_has_mapping(struct user_namespace *ns, kuid_t uid)
+{
+        return from_kuid(ns, uid) != (uid_t) -1;
+}
+static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
+{
+        return from_kgid(ns, gid) != (gid_t) -1;
+}
+#else
+static inline kuid_t make_kuid(struct user_namespace *from, uid_t uid)
+{
+        return KUIDT_INIT(uid);
+}
+static inline kgid_t make_kgid(struct user_namespace *from, gid_t gid)
+{
+        return KGIDT_INIT(gid);
+}
+static inline uid_t from_kuid(struct user_namespace *to, kuid_t kuid)
+{
+        return __kuid_val(kuid);
+}
+static inline gid_t from_kgid(struct user_namespace *to, kgid_t kgid)
+{
+        return __kgid_val(kgid);
+}
+static inline uid_t from_kuid_munged(struct user_namespace *to, kuid_t kuid)
+{
+        uid_t uid = from_kuid(to, kuid);
+        if (uid == (uid_t)-1)
+                uid = overflowuid;
+        return uid;
+}
+static inline gid_t from_kgid_munged(struct user_namespace *to, kgid_t kgid)
+{
+        gid_t gid = from_kgid(to, kgid);
+        if (gid == (gid_t)-1)
+                gid = overflowgid;
+        return gid;
+}
+static inline bool kuid_has_mapping(struct user_namespace *ns, kuid_t uid)
+{
+        return true;
+}
+static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
+{
+        return true;
+}
+#endif /* CONFIG_USER_NS */
+#endif /* _LINUX_UIDGID_H */
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index faf467944baf..4e72922e5a75 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -6,14 +6,24 @@
 #include <linux/sched.h>
 #include <linux/err.h>
-#define UIDHASH_BITS    (CONFIG_BASE_SMALL ? 3 : 7)
+#define UID_GID_MAP_MAX_EXTENTS 5
-#define UIDHASH_SZ      (1 << UIDHASH_BITS)
+struct uid_gid_map {    /* 64 bytes -- 1 cache line */
+        u32 nr_extents;
+        struct uid_gid_extent {
+                u32 first;
+                u32 lower_first;
+                u32 count;
+        } extent[UID_GID_MAP_MAX_EXTENTS];
+};
 struct user_namespace {
+        struct uid_gid_map      uid_map;
+        struct uid_gid_map      gid_map;
        struct kref             kref;
-        struct hlist_head       uidhash_table[UIDHASH_SZ];
+        struct user_namespace   *parent;
-        struct user_struct      *creator;
+        kuid_t                  owner;
-        struct work_struct      destroyer;
+        kgid_t                  group;
 };
 extern struct user_namespace init_user_ns;
@@ -36,9 +46,11 @@ static inline void put_user_ns(struct user_namespace *ns)
                kref_put(&ns->kref, free_user_ns);
 }
-uid_t user_ns_map_uid(struct user_namespace *to, const struct cred *cred, uid_t uid);
+struct seq_operations;
-gid_t user_ns_map_gid(struct user_namespace *to, const struct cred *cred, gid_t gid);
+extern struct seq_operations proc_uid_seq_operations;
+extern struct seq_operations proc_gid_seq_operations;
+extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
+extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
 #else
 static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
@@ -55,17 +67,6 @@ static inline void put_user_ns(struct user_namespace *ns)
 {
 }
-static inline uid_t user_ns_map_uid(struct user_namespace *to,
-        const struct cred *cred, uid_t uid)
-{
-        return uid;
-}
-static inline gid_t user_ns_map_gid(struct user_namespace *to,
-        const struct cred *cred, gid_t gid)
-{
-        return gid;
-}
 #endif
 #endif /* _LINUX_USER_H */
diff --git a/include/trace/events/ext3.h b/include/trace/events/ext3.h
index 7b53c0573dc9..15d11a39be47 100644
--- a/include/trace/events/ext3.h
+++ b/include/trace/events/ext3.h
@@ -24,8 +24,8 @@ TRACE_EVENT(ext3_free_inode,
                __entry->dev    = inode->i_sb->s_dev;
                __entry->ino    = inode->i_ino;
                __entry->mode   = inode->i_mode;
-                __entry->uid    = inode->i_uid;
+                __entry->uid    = i_uid_read(inode);
-                __entry->gid    = inode->i_gid;
+                __entry->gid    = i_gid_read(inode);
                __entry->blocks = inode->i_blocks;
        ),
diff --git a/include/trace/events/ext4.h b/include/trace/events/ext4.h
index 319538bf17d2..69d8a69ea831 100644
--- a/include/trace/events/ext4.h
+++ b/include/trace/events/ext4.h
@@ -36,8 +36,8 @@ TRACE_EVENT(ext4_free_inode,
                __entry->dev    = inode->i_sb->s_dev;
                __entry->ino    = inode->i_ino;
                __entry->mode   = inode->i_mode;
-                __entry->uid    = inode->i_uid;
+                __entry->uid    = i_uid_read(inode);
-                __entry->gid    = inode->i_gid;
+                __entry->gid    = i_gid_read(inode);
                __entry->blocks = inode->i_blocks;
        ),