1. 10 Dec, 2012 2 commits
  2. 09 Dec, 2012 5 commits
    • Jeff Layton's avatar
      cifs: deal with id_to_sid embedded sid reply corner case · 1f630680
      Jeff Layton authored
      A SID could potentially be embedded inside of payload.value if there are
      no subauthorities, and the arch has 8 byte pointers. Allow for that
      possibility there.
      
      While we're at it, rephrase the "embedding" check in terms of
      key->payload to allow for the possibility that the union might change
      size in the future.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      1f630680
    • Jeff Layton's avatar
      cifs: fix hardcoded default security descriptor length · 7ee0b4c6
      Jeff Layton authored
      It was hardcoded to 192 bytes, which was not enough when the max number
      of subauthorities went to 15. Redefine this constant in terms of sizeof
      the structs involved, and rename it for better clarity.
      
      While we're at it, remove a couple more unused constants from cifsacl.h.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      7ee0b4c6
    • Jeff Layton's avatar
      cifs: extra sanity checking for cifs.idmap keys · 2ae03025
      Jeff Layton authored
      Now that we aren't so rigid about the length of the key being passed
      in, we need to be a bit more rigorous about checking the length of
      the actual data against the claimed length (a'la num_subauths field).
      
      Check for the case where userspace sends us a seemingly valid key
      with a num_subauths field that goes beyond the end of the array. If
      that happens, return -EIO and invalidate the key.
      
      Also change the other places where we check for malformed keys in this
      code to invalidate the key as well.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      2ae03025
    • Jeff Layton's avatar
      cifs: avoid extra allocation for small cifs.idmap keys · 41a9f1f6
      Jeff Layton authored
      The cifs.idmap keytype always allocates memory to hold the payload from
      userspace. In the common case where we're translating a SID to a UID or
      GID, we're allocating memory to hold something that's less than or equal
      to the size of a pointer.
      
      When the payload is the same size as a pointer or smaller, just store
      it in the payload.value union member instead. That saves us an extra
      allocation on the sid_to_id upcall.
      
      Note that we have to take extra care to check the datalen when we
      go to dereference the .data pointer in the union, but the callers
      now check that as a matter of course anyway.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      41a9f1f6
    • Jeff Layton's avatar
      cifs: simplify id_to_sid and sid_to_id mapping code · faa65f07
      Jeff Layton authored
      The cifs.idmap handling code currently causes the kernel to cache the
      data from userspace twice. It first looks in a rbtree to see if there is
      a matching entry for the given id. If there isn't then it calls
      request_key which then checks its cache and then calls out to userland
      if it doesn't have one. If the userland program establishes a mapping
      and downcalls with that info, it then gets cached in the keyring and in
      this rbtree.
      
      Aside from the double memory usage and the performance penalty in doing
      all of these extra copies, there are some nasty bugs in here too. The
      code declares four rbtrees and spinlocks to protect them, but only seems
      to use two of them. The upshot is that the same tree is used to hold
      (eg) uid:sid and sid:uid mappings. The comparitors aren't equipped to
      deal with that.
      
      I think we'd be best off to remove a layer of caching in this code. If
      this was originally done for performance reasons, then that really seems
      like a premature optimization.
      
      This patch does that -- it removes the rbtrees and the locks that
      protect them and simply has the code do a request_key call on each call
      into sid_to_id and id_to_sid. This greatly simplifies this code and
      should roughly halve the memory utilization from using the idmapping
      code.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      faa65f07
  3. 07 Dec, 2012 2 commits
  4. 05 Dec, 2012 30 commits
  5. 04 Dec, 2012 1 commit