From: Tim Hockin <thockin@sun.com>
To: Andrew Morton <akpm@osdl.org>
Cc: arjanv@redhat.com, thomas.schlichter@web.de, thoffman@arnor.net,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: 2.6.2-rc2-mm2
Date: Fri, 30 Jan 2004 13:12:56 -0800 [thread overview]
Message-ID: <20040130211256.GZ9155@sun.com> (raw)
In-Reply-To: <20040130123301.70009427.akpm@osdl.org>
On Fri, Jan 30, 2004 at 12:33:01PM -0800, Andrew Morton wrote:
> static long do_setgroups(int gidsetsize, gid_t __user *user_grouplist,
> gid_t *kern_grouplist)
> {
> }
> asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
> {
> return do_setgroups(gidsetsize, grouplist, NULL);
> }
>
> long kern_setgroups(int gidsetsize, gid_t *grouplist)
> {
> return do_setgroups(gidsetsize, NULL, grouplist);
> }
I guess that works. It saves a bit of duplicate code at the cost of said
grubbiness. Is that really preferred over a parallel to sys_setgroups():
int kern_setgroups(int gidsetsize, gid_t *grouplist)
or simpler:
nfsd code:
/* build up the array of SVC_CRED_NGROUPS */
group_info = groups_alloc(SVC_CRED_NGROUPS);
/* error check */
/* copy local array into group_info */
retval = set_current_groups(group_info);
/* error check */
The nfsd code does not need to check CAP_SETGID or > NGROUPS_MAX, really.
Interestingly, nfsd_setuser returns void, so any error checking is moot.
Bad news, there.
set_current_groups() was extracted so that any place in kernel that needs to
set the groups can do so properly. I suggest that I just clean it up as
that, or add a kern_setgroups() that encapsulates the above. It will be
about 12 lines of code.
In fact, here is a rough cut (would need a coupel exported syms, too). The
lack of any way to handle errors bothers me. printk and fail? yeesh.
===== fs/nfsd/auth.c 1.3 vs edited =====
--- 1.3/fs/nfsd/auth.c Thu Jan 29 13:40:50 2004
+++ edited/fs/nfsd/auth.c Fri Jan 30 13:11:21 2004
@@ -10,15 +10,14 @@
#include <linux/sunrpc/svcauth.h>
#include <linux/nfsd/nfsd.h>
-extern asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist);
-
#define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
void
nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct svc_cred *cred = &rqstp->rq_cred;
- int i;
+ int i, j;
gid_t groups[SVC_CRED_NGROUPS];
+ struct group_info *group_info;
if (exp->ex_flags & NFSEXP_ALLSQUASH) {
cred->cr_uid = exp->ex_anon_uid;
@@ -48,7 +47,12 @@
break;
groups[i] = group;
}
- sys_setgroups(i, groups);
+ group_info = groups_alloc(i);
+ /* should be error checking, but we can't return ENOMEM! */
+ for (j = 0; j < i; j++)
+ GROUP_AT(group_info, j) = groups[j];
+ if (set_current_groups(group_info))
+ put_group_info(group_info);
if ((cred->cr_uid)) {
cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
--
Tim Hockin
Sun Microsystems, Linux Software Engineering
thockin@sun.com
All opinions are my own, not Sun's
WARNING: multiple messages have this Message-ID (diff)
From: Tim Hockin <thockin@sun.com>
To: Andrew Morton <akpm@osdl.org>
Cc: arjanv@redhat.com, thomas.schlichter@web.de, thoffman@arnor.net,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: 2.6.2-rc2-mm2
Date: Fri, 30 Jan 2004 13:12:56 -0800 [thread overview]
Message-ID: <20040130211256.GZ9155@sun.com> (raw)
In-Reply-To: <20040130123301.70009427.akpm@osdl.org>
On Fri, Jan 30, 2004 at 12:33:01PM -0800, Andrew Morton wrote:
> static long do_setgroups(int gidsetsize, gid_t __user *user_grouplist,
> gid_t *kern_grouplist)
> {
> }
> asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
> {
> return do_setgroups(gidsetsize, grouplist, NULL);
> }
>
> long kern_setgroups(int gidsetsize, gid_t *grouplist)
> {
> return do_setgroups(gidsetsize, NULL, grouplist);
> }
I guess that works. It saves a bit of duplicate code at the cost of said
grubbiness. Is that really preferred over a parallel to sys_setgroups():
int kern_setgroups(int gidsetsize, gid_t *grouplist)
or simpler:
nfsd code:
/* build up the array of SVC_CRED_NGROUPS */
group_info = groups_alloc(SVC_CRED_NGROUPS);
/* error check */
/* copy local array into group_info */
retval = set_current_groups(group_info);
/* error check */
The nfsd code does not need to check CAP_SETGID or > NGROUPS_MAX, really.
Interestingly, nfsd_setuser returns void, so any error checking is moot.
Bad news, there.
set_current_groups() was extracted so that any place in kernel that needs to
set the groups can do so properly. I suggest that I just clean it up as
that, or add a kern_setgroups() that encapsulates the above. It will be
about 12 lines of code.
In fact, here is a rough cut (would need a coupel exported syms, too). The
lack of any way to handle errors bothers me. printk and fail? yeesh.
===== fs/nfsd/auth.c 1.3 vs edited =====
--- 1.3/fs/nfsd/auth.c Thu Jan 29 13:40:50 2004
+++ edited/fs/nfsd/auth.c Fri Jan 30 13:11:21 2004
@@ -10,15 +10,14 @@
#include <linux/sunrpc/svcauth.h>
#include <linux/nfsd/nfsd.h>
-extern asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist);
-
#define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
void
nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct svc_cred *cred = &rqstp->rq_cred;
- int i;
+ int i, j;
gid_t groups[SVC_CRED_NGROUPS];
+ struct group_info *group_info;
if (exp->ex_flags & NFSEXP_ALLSQUASH) {
cred->cr_uid = exp->ex_anon_uid;
@@ -48,7 +47,12 @@
break;
groups[i] = group;
}
- sys_setgroups(i, groups);
+ group_info = groups_alloc(i);
+ /* should be error checking, but we can't return ENOMEM! */
+ for (j = 0; j < i; j++)
+ GROUP_AT(group_info, j) = groups[j];
+ if (set_current_groups(group_info))
+ put_group_info(group_info);
if ((cred->cr_uid)) {
cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
--
Tim Hockin
Sun Microsystems, Linux Software Engineering
thockin@sun.com
All opinions are my own, not Sun's
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
next prev parent reply other threads:[~2004-01-30 21:14 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-30 9:41 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 9:41 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 10:52 ` 2.6.2-rc2-mm2 Helge Hafting
2004-01-30 10:52 ` 2.6.2-rc2-mm2 Helge Hafting
2004-01-30 11:14 ` 2.6.2-rc2-mm2 Zephaniah E. Hull
2004-01-30 16:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 16:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 17:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 17:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 18:58 ` 2.6.2-rc2-mm2 Torrey Hoffman
2004-01-30 18:58 ` 2.6.2-rc2-mm2 Torrey Hoffman
2004-01-30 19:07 ` 2.6.2-rc2-mm2 Thomas Schlichter
2004-01-30 19:23 ` 2.6.2-rc2-mm2 Arjan van de Ven
2004-01-30 19:47 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 19:47 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 19:55 ` 2.6.2-rc2-mm2 Arjan van de Ven
2004-01-30 20:17 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 20:17 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 20:33 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 20:33 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 21:12 ` Tim Hockin [this message]
2004-01-30 21:12 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 22:00 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 22:00 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 22:31 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:08 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:08 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:21 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:21 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:31 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:31 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:43 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:43 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 21:16 ` 2.6.2-rc2-mm2 John Stoffel
2004-01-30 21:16 ` 2.6.2-rc2-mm2 John Stoffel
2004-01-30 21:52 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 21:52 ` 2.6.2-rc2-mm2 Tim Hockin
2004-02-01 10:03 ` 2.6.2-rc2-mm2 Michael Neuffer
2004-02-06 23:17 ` of 2.6.2-rc2-mm2 and r8169 Francois Romieu
[not found] ` <20040207115054.GC5704@neuffer.info>
[not found] ` <20040207132124.A7344@electric-eye.fr.zoreil.com>
[not found] ` <20040208064859.GA29384@neuffer.info>
2004-02-09 23:57 ` [patch] [rft] " Francois Romieu
[not found] <1jDrO-4xh-13@gated-at.bofh.it>
2004-01-30 11:10 ` 2.6.2-rc2-mm2 Ronny V. Vindenes
2004-01-30 17:27 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 18:06 ` 2.6.2-rc2-mm2 Ronny V. Vindenes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040130211256.GZ9155@sun.com \
--to=thockin@sun.com \
--cc=akpm@osdl.org \
--cc=arjanv@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=thoffman@arnor.net \
--cc=thomas.schlichter@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.