From: Tim Hockin <thockin@sun.com>
To: Andrew Morton <akpm@osdl.org>
Cc: arjanv@redhat.com, thomas.schlichter@web.de, thoffman@arnor.net,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: 2.6.2-rc2-mm2
Date: Fri, 30 Jan 2004 13:12:56 -0800 [thread overview]
Message-ID: <20040130211256.GZ9155@sun.com> (raw)
In-Reply-To: <20040130123301.70009427.akpm@osdl.org>
On Fri, Jan 30, 2004 at 12:33:01PM -0800, Andrew Morton wrote:
> static long do_setgroups(int gidsetsize, gid_t __user *user_grouplist,
> gid_t *kern_grouplist)
> {
> }
> asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
> {
> return do_setgroups(gidsetsize, grouplist, NULL);
> }
>
> long kern_setgroups(int gidsetsize, gid_t *grouplist)
> {
> return do_setgroups(gidsetsize, NULL, grouplist);
> }
I guess that works. It saves a bit of duplicate code at the cost of said
grubbiness. Is that really preferred over a parallel to sys_setgroups():
int kern_setgroups(int gidsetsize, gid_t *grouplist)
or simpler:
nfsd code:
/* build up the array of SVC_CRED_NGROUPS */
group_info = groups_alloc(SVC_CRED_NGROUPS);
/* error check */
/* copy local array into group_info */
retval = set_current_groups(group_info);
/* error check */
The nfsd code does not need to check CAP_SETGID or > NGROUPS_MAX, really.
Interestingly, nfsd_setuser returns void, so any error checking is moot.
Bad news, there.
set_current_groups() was extracted so that any place in kernel that needs to
set the groups can do so properly. I suggest that I just clean it up as
that, or add a kern_setgroups() that encapsulates the above. It will be
about 12 lines of code.
In fact, here is a rough cut (would need a coupel exported syms, too). The
lack of any way to handle errors bothers me. printk and fail? yeesh.
===== fs/nfsd/auth.c 1.3 vs edited =====
--- 1.3/fs/nfsd/auth.c Thu Jan 29 13:40:50 2004
+++ edited/fs/nfsd/auth.c Fri Jan 30 13:11:21 2004
@@ -10,15 +10,14 @@
#include <linux/sunrpc/svcauth.h>
#include <linux/nfsd/nfsd.h>
-extern asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist);
-
#define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
void
nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
struct svc_cred *cred = &rqstp->rq_cred;
- int i;
+ int i, j;
gid_t groups[SVC_CRED_NGROUPS];
+ struct group_info *group_info;
if (exp->ex_flags & NFSEXP_ALLSQUASH) {
cred->cr_uid = exp->ex_anon_uid;
@@ -48,7 +47,12 @@
break;
groups[i] = group;
}
- sys_setgroups(i, groups);
+ group_info = groups_alloc(i);
+ /* should be error checking, but we can't return ENOMEM! */
+ for (j = 0; j < i; j++)
+ GROUP_AT(group_info, j) = groups[j];
+ if (set_current_groups(group_info))
+ put_group_info(group_info);
if ((cred->cr_uid)) {
cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
--
Tim Hockin
Sun Microsystems, Linux Software Engineering
thockin@sun.com
All opinions are my own, not Sun's
next prev parent reply other threads:[~2004-01-30 21:14 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-30 9:41 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 10:52 ` 2.6.2-rc2-mm2 Helge Hafting
2004-01-30 11:14 ` 2.6.2-rc2-mm2 Zephaniah E. Hull
2004-01-30 16:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 17:25 ` 2.6.2-rc2-mm2 Gene Heskett
2004-01-30 18:58 ` 2.6.2-rc2-mm2 Torrey Hoffman
2004-01-30 19:07 ` 2.6.2-rc2-mm2 Thomas Schlichter
2004-01-30 19:23 ` 2.6.2-rc2-mm2 Arjan van de Ven
2004-01-30 19:47 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 19:55 ` 2.6.2-rc2-mm2 Arjan van de Ven
2004-01-30 20:17 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 20:33 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 21:12 ` Tim Hockin [this message]
2004-01-30 22:00 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 22:31 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:08 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:21 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 23:31 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 23:43 ` 2.6.2-rc2-mm2 Tim Hockin
2004-01-30 21:16 ` 2.6.2-rc2-mm2 John Stoffel
2004-01-30 21:52 ` 2.6.2-rc2-mm2 Tim Hockin
2004-02-01 10:03 ` 2.6.2-rc2-mm2 Michael Neuffer
2004-02-06 23:17 ` of 2.6.2-rc2-mm2 and r8169 Francois Romieu
[not found] <1jDrO-4xh-13@gated-at.bofh.it>
2004-01-30 11:10 ` 2.6.2-rc2-mm2 Ronny V. Vindenes
2004-01-30 17:27 ` 2.6.2-rc2-mm2 Andrew Morton
2004-01-30 18:06 ` 2.6.2-rc2-mm2 Ronny V. Vindenes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040130211256.GZ9155@sun.com \
--to=thockin@sun.com \
--cc=akpm@osdl.org \
--cc=arjanv@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=thoffman@arnor.net \
--cc=thomas.schlichter@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox