diff mbox

[Xenial,SRU] UBUNTU: zfs: Fix user namespaces uid/gid mapping

Message ID 1462540435-13523-1-git-send-email-tim.gardner@canonical.com
State New
Headers show

Commit Message

Tim Gardner May 6, 2016, 1:13 p.m. UTC 
From: Brian Behlendorf <behlendorf1@llnl.gov>

BugLink: http://bugs.launchpad.net/bugs/1567558

Cherry-picked from 874bd959f4f15b3d4b007160ee7ad3f4111dd341 ('Fix user
namespaces uid/gid mapping')
https://github.com/zfsonlinux/zfs.git

As described in torvalds/linux@5f3a4a2 the &init_user_ns, and
not the current user_ns, should be passed to posix_acl_from_xattr()
and posix_acl_to_xattr().  Conveniently the init_user_ns is
available through the init credential (kcred).

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Massimo Maggi <me@massimo-maggi.eu>
Closes #4177
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 zfs/include/linux/xattr_compat.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Seth Forshee May 6, 2016, 1:24 p.m. UTC | #1 
On Fri, May 06, 2016 at 07:13:55AM -0600, tim.gardner@canonical.com wrote:
> From: Brian Behlendorf <behlendorf1@llnl.gov>
> 
> BugLink: http://bugs.launchpad.net/bugs/1567558
> 
> Cherry-picked from 874bd959f4f15b3d4b007160ee7ad3f4111dd341 ('Fix user
> namespaces uid/gid mapping')
> https://github.com/zfsonlinux/zfs.git
> 
> As described in torvalds/linux@5f3a4a2 the &init_user_ns, and
> not the current user_ns, should be passed to posix_acl_from_xattr()
> and posix_acl_to_xattr().  Conveniently the init_user_ns is
> available through the init credential (kcred).
> 
> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
> Signed-off-by: Massimo Maggi <me@massimo-maggi.eu>
> Closes #4177
> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

I reviewed this change previously. It's a little confusing at first, but
CRED and kcred are defined in SPL to be the current credentials and the
"kernel" credentials, respectively. The right thing to do for zfs is to
translate ids in posix ACL xattrs relative to &init_user_ns rather than
current_cred()->user_ns, which is in effect what this patch does.

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Colin Ian King May 6, 2016, 1:26 p.m. UTC | #2 
On 06/05/16 14:13, tim.gardner@canonical.com wrote:
> From: Brian Behlendorf <behlendorf1@llnl.gov>
> 
> BugLink: http://bugs.launchpad.net/bugs/1567558
> 
> Cherry-picked from 874bd959f4f15b3d4b007160ee7ad3f4111dd341 ('Fix user
> namespaces uid/gid mapping')
> https://github.com/zfsonlinux/zfs.git
> 
> As described in torvalds/linux@5f3a4a2 the &init_user_ns, and
> not the current user_ns, should be passed to posix_acl_from_xattr()
> and posix_acl_to_xattr().  Conveniently the init_user_ns is
> available through the init credential (kcred).
> 
> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
> Signed-off-by: Massimo Maggi <me@massimo-maggi.eu>
> Closes #4177
> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
> ---
>  zfs/include/linux/xattr_compat.h | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/zfs/include/linux/xattr_compat.h b/zfs/include/linux/xattr_compat.h
> index eee6c1f..5e19ea1 100644
> --- a/zfs/include/linux/xattr_compat.h
> +++ b/zfs/include/linux/xattr_compat.h
> @@ -190,20 +190,20 @@ fn(struct inode *ip, const char *name, const void *buffer,		\
>  
>  /*
>   * Linux 3.7 API change. posix_acl_{from,to}_xattr gained the user_ns
> - * parameter.  For the HAVE_POSIX_ACL_FROM_XATTR_USERNS version the
> - * userns _may_ not be correct because it's used outside the RCU.
> + * parameter.  All callers are expected to pass the &init_user_ns which
> + * is available through the init credential (kcred).
>   */
>  #ifdef HAVE_POSIX_ACL_FROM_XATTR_USERNS
>  static inline struct posix_acl *
>  zpl_acl_from_xattr(const void *value, int size)
>  {
> -	return (posix_acl_from_xattr(CRED()->user_ns, value, size));
> +	return (posix_acl_from_xattr(kcred->user_ns, value, size));
>  }
>  
>  static inline int
>  zpl_acl_to_xattr(struct posix_acl *acl, void *value, int size)
>  {
> -	return (posix_acl_to_xattr(CRED()->user_ns, acl, value, size));
> +	return (posix_acl_to_xattr(kcred->user_ns, acl, value, size));
>  }
>  
>  #else
> 
Sane fix from the ZFS repo, which also implies it has been tested
thoroughly before landing there.

Looks good to me.

Acked-by: Colin Ian King <colin.king@canonical.com>
Kamal Mostafa May 6, 2016, 8:23 p.m. UTC | #3
Kamal Mostafa May 6, 2016, 8:28 p.m. UTC | #4
diff mbox

Patch

diff --git a/zfs/include/linux/xattr_compat.h b/zfs/include/linux/xattr_compat.h
index eee6c1f..5e19ea1 100644
--- a/zfs/include/linux/xattr_compat.h
+++ b/zfs/include/linux/xattr_compat.h
@@ -190,20 +190,20 @@  fn(struct inode *ip, const char *name, const void *buffer,		\
 
 /*
  * Linux 3.7 API change. posix_acl_{from,to}_xattr gained the user_ns
- * parameter.  For the HAVE_POSIX_ACL_FROM_XATTR_USERNS version the
- * userns _may_ not be correct because it's used outside the RCU.
+ * parameter.  All callers are expected to pass the &init_user_ns which
+ * is available through the init credential (kcred).
  */
 #ifdef HAVE_POSIX_ACL_FROM_XATTR_USERNS
 static inline struct posix_acl *
 zpl_acl_from_xattr(const void *value, int size)
 {
-	return (posix_acl_from_xattr(CRED()->user_ns, value, size));
+	return (posix_acl_from_xattr(kcred->user_ns, value, size));
 }
 
 static inline int
 zpl_acl_to_xattr(struct posix_acl *acl, void *value, int size)
 {
-	return (posix_acl_to_xattr(CRED()->user_ns, acl, value, size));
+	return (posix_acl_to_xattr(kcred->user_ns, acl, value, size));
 }
 
 #else