Message ID | 1462540435-13523-1-git-send-email-tim.gardner@canonical.com |
---|---|
State | New |
Headers | show |
On Fri, May 06, 2016 at 07:13:55AM -0600, tim.gardner@canonical.com wrote: > From: Brian Behlendorf <behlendorf1@llnl.gov> > > BugLink: http://bugs.launchpad.net/bugs/1567558 > > Cherry-picked from 874bd959f4f15b3d4b007160ee7ad3f4111dd341 ('Fix user > namespaces uid/gid mapping') > https://github.com/zfsonlinux/zfs.git > > As described in torvalds/linux@5f3a4a2 the &init_user_ns, and > not the current user_ns, should be passed to posix_acl_from_xattr() > and posix_acl_to_xattr(). Conveniently the init_user_ns is > available through the init credential (kcred). > > Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> > Signed-off-by: Massimo Maggi <me@massimo-maggi.eu> > Closes #4177 > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> I reviewed this change previously. It's a little confusing at first, but CRED and kcred are defined in SPL to be the current credentials and the "kernel" credentials, respectively. The right thing to do for zfs is to translate ids in posix ACL xattrs relative to &init_user_ns rather than current_cred()->user_ns, which is in effect what this patch does. Acked-by: Seth Forshee <seth.forshee@canonical.com>
On 06/05/16 14:13, tim.gardner@canonical.com wrote: > From: Brian Behlendorf <behlendorf1@llnl.gov> > > BugLink: http://bugs.launchpad.net/bugs/1567558 > > Cherry-picked from 874bd959f4f15b3d4b007160ee7ad3f4111dd341 ('Fix user > namespaces uid/gid mapping') > https://github.com/zfsonlinux/zfs.git > > As described in torvalds/linux@5f3a4a2 the &init_user_ns, and > not the current user_ns, should be passed to posix_acl_from_xattr() > and posix_acl_to_xattr(). Conveniently the init_user_ns is > available through the init credential (kcred). > > Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> > Signed-off-by: Massimo Maggi <me@massimo-maggi.eu> > Closes #4177 > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> > --- > zfs/include/linux/xattr_compat.h | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/zfs/include/linux/xattr_compat.h b/zfs/include/linux/xattr_compat.h > index eee6c1f..5e19ea1 100644 > --- a/zfs/include/linux/xattr_compat.h > +++ b/zfs/include/linux/xattr_compat.h > @@ -190,20 +190,20 @@ fn(struct inode *ip, const char *name, const void *buffer, \ > > /* > * Linux 3.7 API change. posix_acl_{from,to}_xattr gained the user_ns > - * parameter. For the HAVE_POSIX_ACL_FROM_XATTR_USERNS version the > - * userns _may_ not be correct because it's used outside the RCU. > + * parameter. All callers are expected to pass the &init_user_ns which > + * is available through the init credential (kcred). > */ > #ifdef HAVE_POSIX_ACL_FROM_XATTR_USERNS > static inline struct posix_acl * > zpl_acl_from_xattr(const void *value, int size) > { > - return (posix_acl_from_xattr(CRED()->user_ns, value, size)); > + return (posix_acl_from_xattr(kcred->user_ns, value, size)); > } > > static inline int > zpl_acl_to_xattr(struct posix_acl *acl, void *value, int size) > { > - return (posix_acl_to_xattr(CRED()->user_ns, acl, value, size)); > + return (posix_acl_to_xattr(kcred->user_ns, acl, value, size)); > } > > #else > Sane fix from the ZFS repo, which also implies it has been tested thoroughly before landing there. Looks good to me. Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/zfs/include/linux/xattr_compat.h b/zfs/include/linux/xattr_compat.h index eee6c1f..5e19ea1 100644 --- a/zfs/include/linux/xattr_compat.h +++ b/zfs/include/linux/xattr_compat.h @@ -190,20 +190,20 @@ fn(struct inode *ip, const char *name, const void *buffer, \ /* * Linux 3.7 API change. posix_acl_{from,to}_xattr gained the user_ns - * parameter. For the HAVE_POSIX_ACL_FROM_XATTR_USERNS version the - * userns _may_ not be correct because it's used outside the RCU. + * parameter. All callers are expected to pass the &init_user_ns which + * is available through the init credential (kcred). */ #ifdef HAVE_POSIX_ACL_FROM_XATTR_USERNS static inline struct posix_acl * zpl_acl_from_xattr(const void *value, int size) { - return (posix_acl_from_xattr(CRED()->user_ns, value, size)); + return (posix_acl_from_xattr(kcred->user_ns, value, size)); } static inline int zpl_acl_to_xattr(struct posix_acl *acl, void *value, int size) { - return (posix_acl_to_xattr(CRED()->user_ns, acl, value, size)); + return (posix_acl_to_xattr(kcred->user_ns, acl, value, size)); } #else