[PATCH 03/12] fs: tweak fsuidgid_has_mapping()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christian Brauner <brauner@kernel.org>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Christian Brauner <christian.brauner@ubuntu.com>, stable@vger.kernel.org
Subject: [PATCH 03/12] fs: tweak fsuidgid_has_mapping()
Date: Tue, 28 Jun 2022 14:16:11 +0200	[thread overview]
Message-ID: <20220628121620.188722-4-brauner@kernel.org> (raw)
In-Reply-To: <20220628102244.wymkrob3cfys2h7i@wittgenstein>

From: Christian Brauner <christian.brauner@ubuntu.com>

commit 476860b3eb4a50958243158861d5340066df5af2 upstream.

If the caller's fs{g,u}id aren't mapped in the mount's idmapping we can
return early and skip the check whether the mapped fs{g,u}id also have a
mapping in the filesystem's idmapping. If the fs{g,u}id aren't mapped in
the mount's idmapping they consequently can't be mapped in the
filesystem's idmapping. So there's no point in checking that.

Link: https://lore.kernel.org/r/20211123114227.3124056-4-brauner@kernel.org (v1)
Link: https://lore.kernel.org/r/20211130121032.3753852-4-brauner@kernel.org (v2)
Link: https://lore.kernel.org/r/20211203111707.3901969-4-brauner@kernel.org
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
CC: linux-fsdevel@vger.kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Seth Forshee <sforshee@digitalocean.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---
 include/linux/fs.h | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index b1d446d71c3f..ffc06557618c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1697,10 +1697,18 @@ static inline void inode_fsgid_set(struct inode *inode,
 static inline bool fsuidgid_has_mapping(struct super_block *sb,
 					struct user_namespace *mnt_userns)
 {
-	struct user_namespace *s_user_ns = sb->s_user_ns;
+	struct user_namespace *fs_userns = sb->s_user_ns;
+	kuid_t kuid;
+	kgid_t kgid;
 
-	return kuid_has_mapping(s_user_ns, mapped_fsuid(mnt_userns)) &&
-	       kgid_has_mapping(s_user_ns, mapped_fsgid(mnt_userns));
+	kuid = mapped_fsuid(mnt_userns);
+	if (!uid_valid(kuid))
+		return false;
+	kgid = mapped_fsgid(mnt_userns);
+	if (!gid_valid(kgid))
+		return false;
+	return kuid_has_mapping(fs_userns, kuid) &&
+	       kgid_has_mapping(fs_userns, kgid);
 }
 
 extern struct timespec64 current_time(struct inode *inode);
-- 
2.34.1

next prev parent reply	other threads:[~2022-06-28 12:16 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-20  9:56 FAILED: patch "[PATCH] fs: account for group membership" failed to apply to 5.15-stable tree gregkh
2022-06-27 17:24 ` Christian Brauner
2022-06-28 10:22   ` Christian Brauner
2022-06-28 12:16     ` [PATCH 00/12] attr: group fix backport Christian Brauner
2022-06-30 11:37       ` Greg KH
2022-06-28 12:16     ` [PATCH 01/12] fs: add is_idmapped_mnt() helper Christian Brauner
2022-06-28 12:16     ` [PATCH 02/12] fs: move mapping helpers Christian Brauner
2022-06-28 12:16     ` Christian Brauner [this message]
2022-06-28 12:16     ` [PATCH 04/12] fs: account for filesystem mappings Christian Brauner
2022-06-28 12:16     ` [PATCH 05/12] docs: update mapping documentation Christian Brauner
2022-06-28 12:16     ` [PATCH 06/12] fs: use low-level mapping helpers Christian Brauner
2022-06-28 12:16     ` [PATCH 07/12] fs: remove unused " Christian Brauner
2022-06-28 12:16     ` [PATCH 08/12] fs: port higher-level " Christian Brauner
2022-06-28 12:16     ` [PATCH 09/12] fs: add i_user_ns() helper Christian Brauner
2022-06-28 12:16     ` [PATCH 10/12] fs: support mapped mounts of mapped filesystems Christian Brauner
2022-06-28 12:16     ` [PATCH 11/12] fs: fix acl translation Christian Brauner
2022-06-30 11:36       ` Patch "fs: fix acl translation" has been added to the 5.15-stable tree gregkh
2022-06-28 12:16     ` [PATCH 12/12] fs: account for group membership Christian Brauner

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b1d446d71c3 dfblob:ffc06557618 )
 OR (
bs:"[PATCH 03/12] fs: tweak fsuidgid_has_mapping()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220628121620.188722-4-brauner@kernel.org \
    --to=brauner@kernel.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.