Commit 5f3a4a28 authored by Eric W. Biederman's avatar Eric W. Biederman

userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr

 - Pass the user namespace the uid and gid values in the xattr are stored
   in into posix_acl_from_xattr.

 - Pass the user namespace kuid and kgid values should be converted into
   when storing uid and gid values in an xattr in posix_acl_to_xattr.

- Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to
  pass in &init_user_ns.

In the short term this change is not strictly needed but it makes the
code clearer.  In the longer term this change is necessary to be able to
mount filesystems outside of the initial user namespace that natively
store posix acls in the linux xattr format.

Cc: Theodore Tso <tytso@mit.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 2f6f0654
...@@ -37,7 +37,7 @@ static struct posix_acl *__v9fs_get_acl(struct p9_fid *fid, char *name) ...@@ -37,7 +37,7 @@ static struct posix_acl *__v9fs_get_acl(struct p9_fid *fid, char *name)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
size = v9fs_fid_xattr_get(fid, name, value, size); size = v9fs_fid_xattr_get(fid, name, value, size);
if (size > 0) { if (size > 0) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
goto err_out; goto err_out;
} }
...@@ -131,7 +131,7 @@ static int v9fs_set_acl(struct dentry *dentry, int type, struct posix_acl *acl) ...@@ -131,7 +131,7 @@ static int v9fs_set_acl(struct dentry *dentry, int type, struct posix_acl *acl)
buffer = kmalloc(size, GFP_KERNEL); buffer = kmalloc(size, GFP_KERNEL);
if (!buffer) if (!buffer)
return -ENOMEM; return -ENOMEM;
retval = posix_acl_to_xattr(acl, buffer, size); retval = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
if (retval < 0) if (retval < 0)
goto err_free_out; goto err_free_out;
switch (type) { switch (type) {
...@@ -251,7 +251,7 @@ static int v9fs_xattr_get_acl(struct dentry *dentry, const char *name, ...@@ -251,7 +251,7 @@ static int v9fs_xattr_get_acl(struct dentry *dentry, const char *name,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -304,7 +304,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name, ...@@ -304,7 +304,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
return -EPERM; return -EPERM;
if (value) { if (value) {
/* update the cached acl value */ /* update the cached acl value */
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
else if (acl) { else if (acl) {
......
...@@ -61,7 +61,7 @@ struct posix_acl *btrfs_get_acl(struct inode *inode, int type) ...@@ -61,7 +61,7 @@ struct posix_acl *btrfs_get_acl(struct inode *inode, int type)
size = __btrfs_getxattr(inode, name, value, size); size = __btrfs_getxattr(inode, name, value, size);
} }
if (size > 0) { if (size > 0) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
} else if (size == -ENOENT || size == -ENODATA || size == 0) { } else if (size == -ENOENT || size == -ENODATA || size == 0) {
/* FIXME, who returns -ENOENT? I think nobody */ /* FIXME, who returns -ENOENT? I think nobody */
acl = NULL; acl = NULL;
...@@ -91,7 +91,7 @@ static int btrfs_xattr_acl_get(struct dentry *dentry, const char *name, ...@@ -91,7 +91,7 @@ static int btrfs_xattr_acl_get(struct dentry *dentry, const char *name,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
ret = posix_acl_to_xattr(acl, value, size); ret = posix_acl_to_xattr(&init_user_ns, acl, value, size);
posix_acl_release(acl); posix_acl_release(acl);
return ret; return ret;
...@@ -141,7 +141,7 @@ static int btrfs_set_acl(struct btrfs_trans_handle *trans, ...@@ -141,7 +141,7 @@ static int btrfs_set_acl(struct btrfs_trans_handle *trans,
goto out; goto out;
} }
ret = posix_acl_to_xattr(acl, value, size); ret = posix_acl_to_xattr(&init_user_ns, acl, value, size);
if (ret < 0) if (ret < 0)
goto out; goto out;
} }
...@@ -169,7 +169,7 @@ static int btrfs_xattr_acl_set(struct dentry *dentry, const char *name, ...@@ -169,7 +169,7 @@ static int btrfs_xattr_acl_set(struct dentry *dentry, const char *name,
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
......
...@@ -350,7 +350,7 @@ ext2_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer, ...@@ -350,7 +350,7 @@ ext2_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -371,7 +371,7 @@ ext2_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, ...@@ -371,7 +371,7 @@ ext2_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
else if (acl) { else if (acl) {
......
...@@ -369,7 +369,7 @@ ext3_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer, ...@@ -369,7 +369,7 @@ ext3_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -392,7 +392,7 @@ ext3_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, ...@@ -392,7 +392,7 @@ ext3_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
else if (acl) { else if (acl) {
......
...@@ -374,7 +374,7 @@ ext4_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer, ...@@ -374,7 +374,7 @@ ext4_xattr_get_acl(struct dentry *dentry, const char *name, void *buffer,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -397,7 +397,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, ...@@ -397,7 +397,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
else if (acl) { else if (acl) {
......
...@@ -56,7 +56,7 @@ generic_acl_get(struct dentry *dentry, const char *name, void *buffer, ...@@ -56,7 +56,7 @@ generic_acl_get(struct dentry *dentry, const char *name, void *buffer,
acl = get_cached_acl(dentry->d_inode, type); acl = get_cached_acl(dentry->d_inode, type);
if (!acl) if (!acl)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -77,7 +77,7 @@ generic_acl_set(struct dentry *dentry, const char *name, const void *value, ...@@ -77,7 +77,7 @@ generic_acl_set(struct dentry *dentry, const char *name, const void *value,
if (!inode_owner_or_capable(inode)) if (!inode_owner_or_capable(inode))
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
} }
......
...@@ -63,7 +63,7 @@ struct posix_acl *gfs2_get_acl(struct inode *inode, int type) ...@@ -63,7 +63,7 @@ struct posix_acl *gfs2_get_acl(struct inode *inode, int type)
if (len == 0) if (len == 0)
return NULL; return NULL;
acl = posix_acl_from_xattr(data, len); acl = posix_acl_from_xattr(&init_user_ns, data, len);
kfree(data); kfree(data);
return acl; return acl;
} }
...@@ -88,13 +88,13 @@ static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl) ...@@ -88,13 +88,13 @@ static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl)
const char *name = gfs2_acl_name(type); const char *name = gfs2_acl_name(type);
BUG_ON(name == NULL); BUG_ON(name == NULL);
len = posix_acl_to_xattr(acl, NULL, 0); len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0);
if (len == 0) if (len == 0)
return 0; return 0;
data = kmalloc(len, GFP_NOFS); data = kmalloc(len, GFP_NOFS);
if (data == NULL) if (data == NULL)
return -ENOMEM; return -ENOMEM;
error = posix_acl_to_xattr(acl, data, len); error = posix_acl_to_xattr(&init_user_ns, acl, data, len);
if (error < 0) if (error < 0)
goto out; goto out;
error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS); error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS);
...@@ -166,12 +166,12 @@ int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) ...@@ -166,12 +166,12 @@ int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr)
if (error) if (error)
return error; return error;
len = posix_acl_to_xattr(acl, NULL, 0); len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0);
data = kmalloc(len, GFP_NOFS); data = kmalloc(len, GFP_NOFS);
error = -ENOMEM; error = -ENOMEM;
if (data == NULL) if (data == NULL)
goto out; goto out;
posix_acl_to_xattr(acl, data, len); posix_acl_to_xattr(&init_user_ns, acl, data, len);
error = gfs2_xattr_acl_chmod(ip, attr, data); error = gfs2_xattr_acl_chmod(ip, attr, data);
kfree(data); kfree(data);
set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl); set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl);
...@@ -212,7 +212,7 @@ static int gfs2_xattr_system_get(struct dentry *dentry, const char *name, ...@@ -212,7 +212,7 @@ static int gfs2_xattr_system_get(struct dentry *dentry, const char *name,
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -245,7 +245,7 @@ static int gfs2_xattr_system_set(struct dentry *dentry, const char *name, ...@@ -245,7 +245,7 @@ static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,
if (!value) if (!value)
goto set_acl; goto set_acl;
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (!acl) { if (!acl) {
/* /*
* acl_set_file(3) may request that we set default ACLs with * acl_set_file(3) may request that we set default ACLs with
......
...@@ -363,7 +363,7 @@ static int jffs2_acl_getxattr(struct dentry *dentry, const char *name, ...@@ -363,7 +363,7 @@ static int jffs2_acl_getxattr(struct dentry *dentry, const char *name,
return PTR_ERR(acl); return PTR_ERR(acl);
if (!acl) if (!acl)
return -ENODATA; return -ENODATA;
rc = posix_acl_to_xattr(acl, buffer, size); rc = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return rc; return rc;
...@@ -381,7 +381,7 @@ static int jffs2_acl_setxattr(struct dentry *dentry, const char *name, ...@@ -381,7 +381,7 @@ static int jffs2_acl_setxattr(struct dentry *dentry, const char *name,
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl) { if (acl) {
......
...@@ -64,7 +64,7 @@ struct posix_acl *jfs_get_acl(struct inode *inode, int type) ...@@ -64,7 +64,7 @@ struct posix_acl *jfs_get_acl(struct inode *inode, int type)
else else
acl = ERR_PTR(size); acl = ERR_PTR(size);
} else { } else {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
} }
kfree(value); kfree(value);
if (!IS_ERR(acl)) if (!IS_ERR(acl))
...@@ -100,7 +100,7 @@ static int jfs_set_acl(tid_t tid, struct inode *inode, int type, ...@@ -100,7 +100,7 @@ static int jfs_set_acl(tid_t tid, struct inode *inode, int type,
value = kmalloc(size, GFP_KERNEL); value = kmalloc(size, GFP_KERNEL);
if (!value) if (!value)
return -ENOMEM; return -ENOMEM;
rc = posix_acl_to_xattr(acl, value, size); rc = posix_acl_to_xattr(&init_user_ns, acl, value, size);
if (rc < 0) if (rc < 0)
goto out; goto out;
} }
......
...@@ -685,7 +685,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name, ...@@ -685,7 +685,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
* POSIX_ACL_XATTR_ACCESS is tied to i_mode * POSIX_ACL_XATTR_ACCESS is tied to i_mode
*/ */
if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) { if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) {
acl = posix_acl_from_xattr(value, value_len); acl = posix_acl_from_xattr(&init_user_ns, value, value_len);
if (IS_ERR(acl)) { if (IS_ERR(acl)) {
rc = PTR_ERR(acl); rc = PTR_ERR(acl);
printk(KERN_ERR "posix_acl_from_xattr returned %d\n", printk(KERN_ERR "posix_acl_from_xattr returned %d\n",
...@@ -710,7 +710,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name, ...@@ -710,7 +710,7 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
return 0; return 0;
} else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) { } else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) {
acl = posix_acl_from_xattr(value, value_len); acl = posix_acl_from_xattr(&init_user_ns, value, value_len);
if (IS_ERR(acl)) { if (IS_ERR(acl)) {
rc = PTR_ERR(acl); rc = PTR_ERR(acl);
printk(KERN_ERR "posix_acl_from_xattr returned %d\n", printk(KERN_ERR "posix_acl_from_xattr returned %d\n",
......
...@@ -70,7 +70,7 @@ ssize_t nfs3_getxattr(struct dentry *dentry, const char *name, ...@@ -70,7 +70,7 @@ ssize_t nfs3_getxattr(struct dentry *dentry, const char *name,
if (type == ACL_TYPE_ACCESS && acl->a_count == 0) if (type == ACL_TYPE_ACCESS && acl->a_count == 0)
error = -ENODATA; error = -ENODATA;
else else
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
} else } else
error = -ENODATA; error = -ENODATA;
...@@ -92,7 +92,7 @@ int nfs3_setxattr(struct dentry *dentry, const char *name, ...@@ -92,7 +92,7 @@ int nfs3_setxattr(struct dentry *dentry, const char *name,
else else
return -EOPNOTSUPP; return -EOPNOTSUPP;
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
error = nfs3_proc_setacl(inode, type, acl); error = nfs3_proc_setacl(inode, type, acl);
......
...@@ -480,7 +480,7 @@ set_nfsv4_acl_one(struct dentry *dentry, struct posix_acl *pacl, char *key) ...@@ -480,7 +480,7 @@ set_nfsv4_acl_one(struct dentry *dentry, struct posix_acl *pacl, char *key)
if (buf == NULL) if (buf == NULL)
goto out; goto out;
len = posix_acl_to_xattr(pacl, buf, buflen); len = posix_acl_to_xattr(&init_user_ns, pacl, buf, buflen);
if (len < 0) { if (len < 0) {
error = len; error = len;
goto out; goto out;
...@@ -549,7 +549,7 @@ _get_posix_acl(struct dentry *dentry, char *key) ...@@ -549,7 +549,7 @@ _get_posix_acl(struct dentry *dentry, char *key)
if (buflen <= 0) if (buflen <= 0)
return ERR_PTR(buflen); return ERR_PTR(buflen);
pacl = posix_acl_from_xattr(buf, buflen); pacl = posix_acl_from_xattr(&init_user_ns, buf, buflen);
kfree(buf); kfree(buf);
return pacl; return pacl;
} }
...@@ -2264,7 +2264,7 @@ nfsd_get_posix_acl(struct svc_fh *fhp, int type) ...@@ -2264,7 +2264,7 @@ nfsd_get_posix_acl(struct svc_fh *fhp, int type)
if (size < 0) if (size < 0)
return ERR_PTR(size); return ERR_PTR(size);
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
kfree(value); kfree(value);
return acl; return acl;
} }
...@@ -2297,7 +2297,7 @@ nfsd_set_posix_acl(struct svc_fh *fhp, int type, struct posix_acl *acl) ...@@ -2297,7 +2297,7 @@ nfsd_set_posix_acl(struct svc_fh *fhp, int type, struct posix_acl *acl)
value = kmalloc(size, GFP_KERNEL); value = kmalloc(size, GFP_KERNEL);
if (!value) if (!value)
return -ENOMEM; return -ENOMEM;
error = posix_acl_to_xattr(acl, value, size); error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
if (error < 0) if (error < 0)
goto getout; goto getout;
size = error; size = error;
......
...@@ -452,7 +452,7 @@ static int ocfs2_xattr_get_acl(struct dentry *dentry, const char *name, ...@@ -452,7 +452,7 @@ static int ocfs2_xattr_get_acl(struct dentry *dentry, const char *name,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
ret = posix_acl_to_xattr(acl, buffer, size); ret = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return ret; return ret;
...@@ -475,7 +475,7 @@ static int ocfs2_xattr_set_acl(struct dentry *dentry, const char *name, ...@@ -475,7 +475,7 @@ static int ocfs2_xattr_set_acl(struct dentry *dentry, const char *name,
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) if (IS_ERR(acl))
return PTR_ERR(acl); return PTR_ERR(acl);
else if (acl) { else if (acl) {
......
...@@ -30,7 +30,7 @@ posix_acl_set(struct dentry *dentry, const char *name, const void *value, ...@@ -30,7 +30,7 @@ posix_acl_set(struct dentry *dentry, const char *name, const void *value,
return -EPERM; return -EPERM;
if (value) { if (value) {
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl)) { if (IS_ERR(acl)) {
return PTR_ERR(acl); return PTR_ERR(acl);
} else if (acl) { } else if (acl) {
...@@ -77,7 +77,7 @@ posix_acl_get(struct dentry *dentry, const char *name, void *buffer, ...@@ -77,7 +77,7 @@ posix_acl_get(struct dentry *dentry, const char *name, void *buffer,
return PTR_ERR(acl); return PTR_ERR(acl);
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, buffer, size); error = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
......
...@@ -73,7 +73,8 @@ void posix_acl_fix_xattr_to_user(void *value, size_t size) ...@@ -73,7 +73,8 @@ void posix_acl_fix_xattr_to_user(void *value, size_t size)
* Convert from extended attribute to in-memory representation. * Convert from extended attribute to in-memory representation.
*/ */
struct posix_acl * struct posix_acl *
posix_acl_from_xattr(const void *value, size_t size) posix_acl_from_xattr(struct user_namespace *user_ns,
const void *value, size_t size)
{ {
posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
...@@ -112,14 +113,14 @@ posix_acl_from_xattr(const void *value, size_t size) ...@@ -112,14 +113,14 @@ posix_acl_from_xattr(const void *value, size_t size)
case ACL_USER: case ACL_USER:
acl_e->e_uid = acl_e->e_uid =
make_kuid(&init_user_ns, make_kuid(user_ns,
le32_to_cpu(entry->e_id)); le32_to_cpu(entry->e_id));
if (!uid_valid(acl_e->e_uid)) if (!uid_valid(acl_e->e_uid))
goto fail; goto fail;
break; break;
case ACL_GROUP: case ACL_GROUP:
acl_e->e_gid = acl_e->e_gid =
make_kgid(&init_user_ns, make_kgid(user_ns,
le32_to_cpu(entry->e_id)); le32_to_cpu(entry->e_id));
if (!gid_valid(acl_e->e_gid)) if (!gid_valid(acl_e->e_gid))
goto fail; goto fail;
...@@ -141,7 +142,8 @@ EXPORT_SYMBOL (posix_acl_from_xattr); ...@@ -141,7 +142,8 @@ EXPORT_SYMBOL (posix_acl_from_xattr);
* Convert from in-memory to extended attribute representation. * Convert from in-memory to extended attribute representation.
*/ */
int int
posix_acl_to_xattr(const struct posix_acl *acl, void *buffer, size_t size) posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl,
void *buffer, size_t size)
{ {
posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer; posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer;
posix_acl_xattr_entry *ext_entry = ext_acl->a_entries; posix_acl_xattr_entry *ext_entry = ext_acl->a_entries;
...@@ -162,11 +164,11 @@ posix_acl_to_xattr(const struct posix_acl *acl, void *buffer, size_t size) ...@@ -162,11 +164,11 @@ posix_acl_to_xattr(const struct posix_acl *acl, void *buffer, size_t size)
switch(acl_e->e_tag) { switch(acl_e->e_tag) {
case ACL_USER: case ACL_USER:
ext_entry->e_id = ext_entry->e_id =
cpu_to_le32(from_kuid(&init_user_ns, acl_e->e_uid)); cpu_to_le32(from_kuid(user_ns, acl_e->e_uid));
break; break;
case ACL_GROUP: case ACL_GROUP:
ext_entry->e_id = ext_entry->e_id =
cpu_to_le32(from_kgid(&init_user_ns, acl_e->e_gid)); cpu_to_le32(from_kgid(user_ns, acl_e->e_gid));
break; break;
default: default:
ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID);
......
...@@ -337,7 +337,7 @@ xfs_xattr_acl_get(struct dentry *dentry, const char *name, ...@@ -337,7 +337,7 @@ xfs_xattr_acl_get(struct dentry *dentry, const char *name,
if (acl == NULL) if (acl == NULL)
return -ENODATA; return -ENODATA;
error = posix_acl_to_xattr(acl, value, size); error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
posix_acl_release(acl); posix_acl_release(acl);
return error; return error;
...@@ -361,7 +361,7 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name, ...@@ -361,7 +361,7 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name,
if (!value) if (!value)
goto set_acl; goto set_acl;
acl = posix_acl_from_xattr(value, size); acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (!acl) { if (!acl) {
/* /*
* acl_set_file(3) may request that we set default ACLs with * acl_set_file(3) may request that we set default ACLs with
......
...@@ -64,7 +64,9 @@ static inline void posix_acl_fix_xattr_to_user(void *value, size_t size) ...@@ -64,7 +64,9 @@ static inline void posix_acl_fix_xattr_to_user(void *value, size_t size)
} }
#endif #endif
struct posix_acl *posix_acl_from_xattr(const void *value, size_t size); struct posix_acl *posix_acl_from_xattr(struct user_namespace *user_ns,
int posix_acl_to_xattr(const struct posix_acl *acl, void *buffer, size_t size); const void *value, size_t size);
int posix_acl_to_xattr(struct user_namespace *user_ns,
const struct posix_acl *acl, void *buffer, size_t size);
#endif /* _POSIX_ACL_XATTR_H */ #endif /* _POSIX_ACL_XATTR_H */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment