From: Serge Hallyn <serge.hallyn@canonical.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-security-module@vger.kernel.org,
Fenghua Yu <fenghua.yu@intel.com>,
Tony Luck <tony.luck@intel.com>,
Linux Containers <containers@lists.linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 13/14] userns: On ia64 deal with current_uid and current_gid being kuid and kgid
Date: Wed, 26 Sep 2012 12:55:34 -0500 [thread overview]
Message-ID: <20120926175534.GD30620@sergelap> (raw)
In-Reply-To: <1348187330-6616-13-git-send-email-ebiederm@xmission.com>
Quoting Eric W. Biederman (ebiederm@xmission.com):
> From: "Eric W. Biederman" <ebiederm@xmission.com>
>
> These ia64 uses of current_uid and current_gid slipped through the
> cracks when I was converting everything to kuids and kgids convert
> them now.
>
> Cc: Tony Luck <tony.luck@intel.com>
> Cc: Fenghua Yu <fenghua.yu@intel.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
> arch/ia64/kernel/mca_drv.c | 3 ++-
> arch/ia64/kernel/perfmon.c | 32 ++++++++++++++++----------------
> arch/ia64/kernel/signal.c | 4 ++--
> 3 files changed, 20 insertions(+), 19 deletions(-)
>
> diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c
> index 1c2e894..9392e02 100644
> --- a/arch/ia64/kernel/mca_drv.c
> +++ b/arch/ia64/kernel/mca_drv.c
> @@ -158,7 +158,8 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr)
> ia64_mlogbuf_dump();
> printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, "
> "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n",
> - raw_smp_processor_id(), current->pid, current_uid(),
> + raw_smp_processor_id(), current->pid,
> + from_kuid(&init_user_ns, current_uid()),
> iip, ipsr, paddr, current->comm);
>
> spin_lock(&mca_bh_lock);
> diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c
> index 3fa4bc5..5a5c222 100644
> --- a/arch/ia64/kernel/perfmon.c
> +++ b/arch/ia64/kernel/perfmon.c
> @@ -2380,8 +2380,8 @@ static int
> pfm_bad_permissions(struct task_struct *task)
> {
> const struct cred *tcred;
> - uid_t uid = current_uid();
> - gid_t gid = current_gid();
> + kuid_t uid = current_uid();
> + kgid_t gid = current_gid();
> int ret;
>
> rcu_read_lock();
> @@ -2389,20 +2389,20 @@ pfm_bad_permissions(struct task_struct *task)
>
> /* inspired by ptrace_attach() */
> DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n",
> - uid,
> - gid,
> - tcred->euid,
> - tcred->suid,
> - tcred->uid,
> - tcred->egid,
> - tcred->sgid));
> -
> - ret = ((uid != tcred->euid)
> - || (uid != tcred->suid)
> - || (uid != tcred->uid)
> - || (gid != tcred->egid)
> - || (gid != tcred->sgid)
> - || (gid != tcred->gid)) && !capable(CAP_SYS_PTRACE);
> + from_kuid(&init_user_ns, uid),
> + from_kgid(&init_user_ns, gid),
> + from_kuid(&init_user_ns, tcred->euid),
> + from_kuid(&init_user_ns, tcred->suid),
> + from_kuid(&init_user_ns, tcred->uid),
> + from_kgid(&init_user_ns, tcred->egid),
> + from_kgid(&init_user_ns, tcred->sgid)));
> +
> + ret = ((!uid_eq(uid, tcred->euid))
> + || (!uid_eq(uid, tcred->suid))
> + || (!uid_eq(uid, tcred->uid))
> + || (!gid_eq(gid, tcred->egid))
> + || (!gid_eq(gid, tcred->sgid))
> + || (!gid_eq(gid, tcred->gid))) && !capable(CAP_SYS_PTRACE);
>
> rcu_read_unlock();
> return ret;
> diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
> index a199be1..37dd795 100644
> --- a/arch/ia64/kernel/signal.c
> +++ b/arch/ia64/kernel/signal.c
> @@ -220,7 +220,7 @@ ia64_rt_sigreturn (struct sigscratch *scr)
> si.si_errno = 0;
> si.si_code = SI_KERNEL;
> si.si_pid = task_pid_vnr(current);
> - si.si_uid = current_uid();
> + si.si_uid = from_kuid_munged(current_user_ns(), current_uid());
> si.si_addr = sc;
> force_sig_info(SIGSEGV, &si, current);
> return retval;
> @@ -317,7 +317,7 @@ force_sigsegv_info (int sig, void __user *addr)
> si.si_errno = 0;
> si.si_code = SI_KERNEL;
> si.si_pid = task_pid_vnr(current);
> - si.si_uid = current_uid();
> + si.si_uid = from_kuid_munged(current_user_ns(), current_uid());
> si.si_addr = addr;
> force_sig_info(SIGSEGV, &si, current);
> return 0;
> --
> 1.7.5.4
>
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
next prev parent reply other threads:[~2012-09-26 17:55 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-21 0:26 [REVIEW][PATCH 00/14] userns: Miscelanous conversions Eric W. Biederman
[not found] ` <87k3vote43.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-21 0:28 ` [PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
[not found] ` <1348187330-6616-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-21 0:28 ` [PATCH 02/14] userns: Convert apparmor to use kuid and kgid where appropriate Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-21 0:28 ` [PATCH 03/14] userns: Convert tomoyo " Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-21 0:28 ` [PATCH 04/14] userns: Convert selinux " Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-26 17:51 ` Serge Hallyn
[not found] ` <1348187330-6616-4-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-26 17:51 ` Serge Hallyn
2012-09-21 0:28 ` [PATCH 05/14] userns: Convert hostfs " Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-23 21:59 ` Richard Weinberger
2012-09-24 2:39 ` Eric W. Biederman
[not found] ` <505F864C.2000103-/L3Ra7n9ekc@public.gmane.org>
2012-09-24 2:39 ` Eric W. Biederman
2012-09-24 14:55 ` Serge Hallyn
2012-09-24 14:55 ` Serge Hallyn
[not found] ` <1348187330-6616-5-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-23 21:59 ` Richard Weinberger
2012-09-21 0:28 ` [PATCH 06/14] userns: Convert EVM to deal with kuids and kgids in it's hmac computation Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-21 0:28 ` [PATCH 07/14] userns: Add user namespace support to IMA Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-21 0:28 ` [PATCH 08/14] userns: Teach security_path_chown to take kuids and kgids Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-21 0:28 ` [PATCH 09/14] userns: Convert binder ipc to use kuids Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
[not found] ` <1348187330-6616-9-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-21 6:44 ` Greg Kroah-Hartman
2012-09-21 6:44 ` Greg Kroah-Hartman
2012-09-21 0:28 ` [PATCH 10/14] userns: Convert s390 hypfs to use kuid and kgid where appropriate Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
[not found] ` <1348187330-6616-10-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-26 17:52 ` Serge Hallyn
2012-09-26 17:52 ` Serge Hallyn
2012-09-21 0:28 ` [PATCH 11/14] userns: Convert s390 getting uid and gid system calls to use kuid and kgid Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-26 17:59 ` Serge Hallyn
[not found] ` <1348187330-6616-11-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-26 17:59 ` Serge Hallyn
2012-09-21 0:28 ` [PATCH 12/14] userns: On ppc convert current_uid from a kuid before printing Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
[not found] ` <1348187330-6616-12-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-26 17:56 ` Serge Hallyn
2012-09-26 17:56 ` Serge Hallyn
2012-09-21 0:28 ` [PATCH 13/14] userns: On ia64 deal with current_uid and current_gid being kuid and kgid Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-26 17:55 ` Serge Hallyn [this message]
[not found] ` <1348187330-6616-13-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-25 9:15 ` Zhao Hongjiang
[not found] ` <50617630.1050709-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-09-25 9:58 ` Eric W. Biederman
2012-09-26 17:55 ` Serge Hallyn
2012-09-21 0:28 ` [PATCH 14/14] userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids Eric W. Biederman
2012-09-21 0:28 ` Eric W. Biederman
2012-09-21 6:07 ` [PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t Jens Axboe
2012-09-21 6:07 ` Jens Axboe
[not found] ` <505C0438.9060907-5c4llco8/ftWk0Htik3J/w@public.gmane.org>
2012-09-21 7:07 ` Eric W. Biederman
2012-09-21 7:07 ` Eric W. Biederman
[not found] ` <87sjabsvkx.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-21 7:11 ` Jens Axboe
2012-09-21 7:11 ` Jens Axboe
[not found] ` <505C1331.8050907-5c4llco8/ftWk0Htik3J/w@public.gmane.org>
2012-09-21 7:19 ` Eric W. Biederman
2012-09-21 7:19 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120926175534.GD30620@sergelap \
--to=serge.hallyn@canonical.com \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=fenghua.yu@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.