All of lore.kernel.org
 help / color / mirror / Atom feed
From: Brian Foster <bfoster@redhat.com>
To: Dwight Engen <dwight.engen@oracle.com>
Cc: "Eric W. Biederman" <ebiederm@gmail.com>,
	Serge Hallyn <serge.hallyn@ubuntu.com>,
	xfs@oss.sgi.com
Subject: Re: [PATCH 5/6] create internal eofblocks structure with kuid_t types
Date: Fri, 28 Jun 2013 14:09:34 -0400	[thread overview]
Message-ID: <51CDD15E.5070006@redhat.com> (raw)
In-Reply-To: <20130628111131.3ad961e9@oracle.com>

On 06/28/2013 11:11 AM, Dwight Engen wrote:
> Have eofblocks ioctl convert uid_t to kuid_t into internal structure.
> Update internal filter matching to compare ids with kuid_t types.
> 
> Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
> ---
>  fs/xfs/xfs_fs.h     |  2 +-
>  fs/xfs/xfs_icache.c |  6 +++---
>  fs/xfs/xfs_ioctl.c  | 34 ++++++++++++++++++++++++++++++++--
>  fs/xfs/xfs_linux.h  |  8 ++++++++
>  4 files changed, 44 insertions(+), 6 deletions(-)
> 
...
> diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> index bedf510..487dca5 100644
> --- a/fs/xfs/xfs_ioctl.c
> +++ b/fs/xfs/xfs_ioctl.c
> @@ -1328,6 +1328,31 @@ xfs_ioc_getbmapx(
>  	return 0;
>  }
>  
> +STATIC int
> +xfs_fs_eofblocks_to_internal(
> +	struct xfs_fs_eofblocks		*src,
> +	struct xfs_eofblocks		*dst)
> +{
> +	dst->eof_flags = src->eof_flags;
> +	dst->eof_prid = src->eof_prid;
> +	dst->eof_min_file_size = src->eof_min_file_size;
> +
> +	if (src->eof_flags & XFS_EOF_FLAGS_UID) {
> +		dst->eof_uid = make_kuid(current_user_ns(), src->eof_uid);
> +		if (!uid_valid(dst->eof_uid))
> +			return XFS_ERROR(EINVAL);
> +	}
> +
> +	if (src->eof_flags & XFS_EOF_FLAGS_GID) {
> +		dst->eof_gid = make_kgid(current_user_ns(), src->eof_gid);
> +		if (!gid_valid(dst->eof_gid))
> +			return XFS_ERROR(EINVAL);
> +	}
> +
> +	return 0;
> +}

Is there any harm in removing the policy from this function, storing a
potentially invalid kuid's in the xfs_eofblocks and letting the caller
determine whether an error should be returned? IOW, this function becomes:

inline void
xfs_fs_eofblocks_to_internal(
	struct xfs_fs_eofblocks		*src,
	struct xfs_eofblocks		*dst)
{
	dst->eof_flags = src->eof_flags;
	dst->eof_prid = src->eof_prid;
	dst->eof_min_file_size = src->eof_min_file_size;
	dst->eof_uid = make_kuid(current_user_ns(), src->eof_uid);
	dst->eof_gid = make_kgid(current_user_ns(), src->eof_gid);
}

... and xfs_file_ioctl() can check the XFS_EOF_FLAGS_UID/GID flags and
validity of the value to determine whether an error should be returned.

Also, I suspect xfs_icache.h might be a better home for this function.

> +
> +
>  /*
>   * Note: some of the ioctl's return positive numbers as a
>   * byte count indicating success, such as readlink_by_handle.
> @@ -1610,7 +1635,8 @@ xfs_file_ioctl(
>  		return -error;
>  
>  	case XFS_IOC_FREE_EOFBLOCKS: {
> -		struct xfs_eofblocks eofb;
> +		struct xfs_fs_eofblocks eofb;
> +		struct xfs_eofblocks keofb;
>  
>  		if (copy_from_user(&eofb, arg, sizeof(eofb)))
>  			return -XFS_ERROR(EFAULT);
> @@ -1625,7 +1651,11 @@ xfs_file_ioctl(
>  		    memchr_inv(eofb.pad64, 0, sizeof(eofb.pad64)))
>  			return -XFS_ERROR(EINVAL);
>  
> -		error = xfs_icache_free_eofblocks(mp, &eofb);
> +		error = xfs_fs_eofblocks_to_internal(&eofb, &keofb);
> +		if (error)
> +			return -XFS_ERROR(error);
> +
> +		error = xfs_icache_free_eofblocks(mp, &keofb);
>  		return -error;
>  	}
>  
> diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h
> index 761e4c0..3c2f403 100644
> --- a/fs/xfs/xfs_linux.h
> +++ b/fs/xfs/xfs_linux.h
> @@ -185,6 +185,14 @@ static inline kgid_t xfs_gid_to_kgid(__uint32_t gid)
>  	return make_kgid(&init_user_ns, gid);
>  }
>  
> +struct xfs_eofblocks {
> +	__u32		eof_flags;
> +	kuid_t		eof_uid;
> +	kgid_t		eof_gid;
> +	prid_t		eof_prid;
> +	__u64		eof_min_file_size;
> +};
> +

xfs_icache.h?

Brian

>  /*
>   * Various platform dependent calls that don't fit anywhere else
>   */
> 

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

  reply	other threads:[~2013-06-28 18:12 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-19 15:09 [PATCH] userns: Convert xfs to use kuid/kgid where appropriate Dwight Engen
2013-06-19 20:35 ` Eric W. Biederman
2013-06-20  1:41   ` Dave Chinner
2013-06-20 13:54     ` Dwight Engen
2013-06-20 21:10       ` Dave Chinner
2013-06-20  0:13 ` Dave Chinner
2013-06-20 13:54   ` Dwight Engen
2013-06-20 15:27     ` Brian Foster
2013-06-20 17:39       ` Dwight Engen
2013-06-20 19:12         ` Brian Foster
2013-06-20 22:12           ` Dave Chinner
2013-06-20 22:45           ` Eric W. Biederman
2013-06-20 23:35             ` Dave Chinner
2013-06-20 22:03     ` Dave Chinner
2013-06-21 15:14       ` Dwight Engen
2013-06-24  0:33         ` Dave Chinner
2013-06-24 13:10           ` [PATCH v2 RFC] " Dwight Engen
2013-06-25 16:46             ` Brian Foster
2013-06-25 20:08               ` Dwight Engen
2013-06-25 21:04                 ` Brian Foster
2013-06-26  2:09             ` Dave Chinner
2013-06-26 21:30               ` Dwight Engen
2013-06-26 22:44                 ` Dave Chinner
2013-06-27 13:02                   ` Serge Hallyn
2013-06-28  1:54                     ` Dave Chinner
2013-06-28 15:25                       ` Serge Hallyn
2013-06-28 16:16                         ` Dwight Engen
2013-06-27 20:57                   ` Ben Myers
2013-06-28  1:46                     ` Dave Chinner
2013-06-28 15:15                       ` Serge Hallyn
2013-06-28 14:23               ` Dwight Engen
2013-06-28 15:11               ` [PATCH v3 0/6] " Dwight Engen
2013-06-28 15:11               ` [PATCH 1/6] create wrappers for converting kuid_t to/from uid_t Dwight Engen
2013-06-28 15:11               ` [PATCH 2/6] convert kuid_t to/from uid_t in ACLs Dwight Engen
2013-06-28 15:11               ` [PATCH 3/6] ioctl: check for capabilities in the current user namespace Dwight Engen
2013-06-28 15:11               ` [PATCH 4/6] convert kuid_t to/from uid_t for xfs internal structures Dwight Engen
2013-06-28 15:11               ` [PATCH 5/6] create internal eofblocks structure with kuid_t types Dwight Engen
2013-06-28 18:09                 ` Brian Foster [this message]
2013-06-28 15:11               ` [PATCH 6/6] ioctl eofblocks: require non-privileged users to specify uid/gid match Dwight Engen
2013-06-28 18:50                 ` Brian Foster
2013-06-28 20:28                   ` Dwight Engen
2013-06-28 21:39                     ` Brian Foster
2013-06-28 23:22                       ` Dwight Engen
2013-07-01 12:21                         ` Brian Foster
2013-07-06  4:44             ` [PATCH 1/1] export inode_capable Serge Hallyn
2013-07-08 13:09             ` [PATCH v2 RFC] userns: Convert xfs to use kuid/kgid where appropriate Serge Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51CDD15E.5070006@redhat.com \
    --to=bfoster@redhat.com \
    --cc=dwight.engen@oracle.com \
    --cc=ebiederm@gmail.com \
    --cc=serge.hallyn@ubuntu.com \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.