[PATCH 0/5] userns: convert some filesystems to kuid/kgid

[PATCH 0/5] userns: convert some filesystems to kuid/kgid

[Aristeu Rozanski]

Hi,
this patchset converts 9p, ADFS, AFFS, AFS and autofs4 to use kuid and kgid.
I plan to work on the other pending filesystems too but wanted some feedback
on the first ones first.

These patches are based on
	git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git

 fs/9p/fid.c            |    3 +-
 fs/9p/v9fs.c           |   16 ++++++++++---
 fs/9p/vfs_inode.c      |   19 +++++++++------
 fs/9p/vfs_inode_dotl.c |   16 ++++++-------
 fs/adfs/inode.c        |   12 ++++++---
 fs/adfs/super.c        |   26 +++++++++++++--------
 fs/affs/inode.c        |   30 +++++++++++++-----------
 fs/affs/super.c        |   60 ++++++++++++++++++++++++++++++++++++++++++-------
 fs/afs/fsclient.c      |    8 +++---
 fs/afs/inode.c         |    8 +++---
 fs/autofs4/inode.c     |   32 ++++++++++++++++++--------
 fs/autofs4/waitq.c     |    4 +--
 init/Kconfig           |    5 ----
 13 files changed, 161 insertions(+), 78 deletions(-)

[PATCH 1/5] userns: Convert 9p to use kuid and kgid where appropriate

[Aristeu Rozanski]

From: Aristeu Rozanski <aris@redhat.com>

Signed-off-by: Aristeu Rozanski <aris@redhat.com>
---
 fs/9p/fid.c            |    3 ++-
 fs/9p/v9fs.c           |   16 +++++++++++++---
 fs/9p/vfs_inode.c      |   19 ++++++++++++-------
 fs/9p/vfs_inode_dotl.c |   16 ++++++++--------
 init/Kconfig           |    1 -
 5 files changed, 35 insertions(+), 20 deletions(-)

diff --git a/fs/9p/fid.c b/fs/9p/fid.c
index da8eefb..6fb7212 100644
--- a/fs/9p/fid.c
+++ b/fs/9p/fid.c
@@ -243,7 +243,8 @@ struct p9_fid *v9fs_fid_lookup(struct dentry *dentry)
 	case V9FS_ACCESS_SINGLE:
 	case V9FS_ACCESS_USER:
 	case V9FS_ACCESS_CLIENT:
-		uid = current_fsuid();
+		uid = from_kuid_munged(current_user_ns(),
+				       current_fsuid());
 		any = 0;
 		break;
 
diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
index b85efa7..d3ff063 100644
--- a/fs/9p/v9fs.c
+++ b/fs/9p/v9fs.c
@@ -110,6 +110,8 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
 {
 	char *options, *tmp_options;
 	substring_t args[MAX_OPT_ARGS];
+	kuid_t kuid;
+	uid_t uid;
 	char *p;
 	int option = 0;
 	char *s, *e;
@@ -161,7 +163,14 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
 				ret = r;
 				continue;
 			}
-			v9ses->dfltuid = option;
+			kuid = make_kuid(current_user_ns(), option);
+			if (!uid_valid(kuid)) {
+				p9_debug(P9_DEBUG_ERROR,
+					"invalid uid: %i\n", option);
+				continue;
+			}
+			uid = from_kuid_munged(&init_user_ns, kuid);
+			v9ses->dfltuid = (unsigned long)uid;
 			break;
 		case Opt_dfltgid:
 			r = match_int(&args[0], &option);
@@ -239,14 +248,15 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
 				v9ses->flags |= V9FS_ACCESS_CLIENT;
 			} else {
 				v9ses->flags |= V9FS_ACCESS_SINGLE;
-				v9ses->uid = simple_strtoul(s, &e, 10);
-				if (*e != '\0') {
+				kuid = make_kuid(current_user_ns(), simple_strtoul(s, &e, 10));
+				if (*e != '\0' || !uid_valid(kuid)) {
 					ret = -EINVAL;
 					pr_info("Unknown access argument %s\n",
 						s);
 					kfree(s);
 					goto free_and_return;
 				}
+				v9ses->uid = from_kuid_munged(&init_user_ns, kuid);
 			}
 
 			kfree(s);
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 014c8dd..5b8758a 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -1111,10 +1111,10 @@ static int v9fs_vfs_setattr(struct dentry *dentry, struct iattr *iattr)
 
 	if (v9fs_proto_dotu(v9ses)) {
 		if (iattr->ia_valid & ATTR_UID)
-			wstat.n_uid = iattr->ia_uid;
+			wstat.n_uid = from_kuid_munged(&init_user_ns, iattr->ia_uid);
 
 		if (iattr->ia_valid & ATTR_GID)
-			wstat.n_gid = iattr->ia_gid;
+			wstat.n_gid = from_kgid_munged(&init_user_ns, iattr->ia_gid);
 	}
 
 	/* Write all dirty data */
@@ -1154,6 +1154,8 @@ v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode,
 	unsigned int i_nlink;
 	struct v9fs_session_info *v9ses = sb->s_fs_info;
 	struct v9fs_inode *v9inode = V9FS_I(inode);
+	uid_t uid;
+	gid_t gid;
 
 	set_nlink(inode, 1);
 
@@ -1161,13 +1163,16 @@ v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode,
 	inode->i_mtime.tv_sec = stat->mtime;
 	inode->i_ctime.tv_sec = stat->mtime;
 
-	inode->i_uid = v9ses->dfltuid;
-	inode->i_gid = v9ses->dfltgid;
-
 	if (v9fs_proto_dotu(v9ses)) {
-		inode->i_uid = stat->n_uid;
-		inode->i_gid = stat->n_gid;
+		uid = (uid_t)stat->n_uid;
+		gid = (gid_t)stat->n_gid;
+	} else {
+		uid = (uid_t)v9ses->dfltuid;
+		gid = (gid_t)v9ses->dfltgid;
 	}
+	i_uid_write(inode, uid);
+	i_gid_write(inode, gid);
+
 	if ((S_ISREG(inode->i_mode)) || (S_ISDIR(inode->i_mode))) {
 		if (v9fs_proto_dotu(v9ses) && (stat->extension[0] != '\0')) {
 			/*
diff --git a/fs/9p/vfs_inode_dotl.c b/fs/9p/vfs_inode_dotl.c
index a1e6c99..b2e8a45 100644
--- a/fs/9p/vfs_inode_dotl.c
+++ b/fs/9p/vfs_inode_dotl.c
@@ -63,9 +63,9 @@ static gid_t v9fs_get_fsgid_for_create(struct inode *dir_inode)
 
 	if (dir_inode->i_mode & S_ISGID) {
 		/* set_gid bit is set.*/
-		return dir_inode->i_gid;
+		return from_kgid_munged(current_user_ns(), dir_inode->i_gid);
 	}
-	return current_fsgid();
+	return from_kgid_munged(current_user_ns(), current_fsgid());
 }
 
 /**
@@ -584,8 +584,8 @@ int v9fs_vfs_setattr_dotl(struct dentry *dentry, struct iattr *iattr)
 
 	p9attr.valid = v9fs_mapped_iattr_valid(iattr->ia_valid);
 	p9attr.mode = iattr->ia_mode;
-	p9attr.uid = iattr->ia_uid;
-	p9attr.gid = iattr->ia_gid;
+	p9attr.uid = from_kuid_munged(&init_user_ns, iattr->ia_uid);
+	p9attr.gid = from_kgid_munged(&init_user_ns, iattr->ia_gid);
 	p9attr.size = iattr->ia_size;
 	p9attr.atime_sec = iattr->ia_atime.tv_sec;
 	p9attr.atime_nsec = iattr->ia_atime.tv_nsec;
@@ -643,8 +643,8 @@ v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode)
 		inode->i_mtime.tv_nsec = stat->st_mtime_nsec;
 		inode->i_ctime.tv_sec = stat->st_ctime_sec;
 		inode->i_ctime.tv_nsec = stat->st_ctime_nsec;
-		inode->i_uid = stat->st_uid;
-		inode->i_gid = stat->st_gid;
+		i_uid_write(inode, stat->st_uid);
+		i_gid_write(inode, stat->st_gid);
 		set_nlink(inode, stat->st_nlink);
 
 		mode = stat->st_mode & S_IALLUGO;
@@ -667,9 +667,9 @@ v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode)
 			inode->i_ctime.tv_nsec = stat->st_ctime_nsec;
 		}
 		if (stat->st_result_mask & P9_STATS_UID)
-			inode->i_uid = stat->st_uid;
+			i_uid_write(inode, stat->st_uid);
 		if (stat->st_result_mask & P9_STATS_GID)
-			inode->i_gid = stat->st_gid;
+			i_gid_write(inode, stat->st_gid);
 		if (stat->st_result_mask & P9_STATS_NLINK)
 			set_nlink(inode, stat->st_nlink);
 		if (stat->st_result_mask & P9_STATS_MODE) {
diff --git a/init/Kconfig b/init/Kconfig
index b5dff4d..589d558 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -909,7 +909,6 @@ config UIDGID_CONVERTED
 	depends on DEVTMPFS = n
 	depends on XENFS = n
 
-	depends on 9P_FS = n
 	depends on ADFS_FS = n
 	depends on AFFS_FS = n
 	depends on AFS_FS = n
-- 
1.7.1

[PATCH 2/5] userns: Convert ADFS to use kuid and kgid where appropriate

[Aristeu Rozanski]

From: Aristeu Rozanski <aris@redhat.com>

Signed-off-by: Aristeu Rozanski <aris@redhat.com>
---
 fs/adfs/inode.c |   12 ++++++++----
 fs/adfs/super.c |   26 +++++++++++++++++---------
 init/Kconfig    |    1 -
 3 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/fs/adfs/inode.c b/fs/adfs/inode.c
index 1dab6a1..4a2acea 100644
--- a/fs/adfs/inode.c
+++ b/fs/adfs/inode.c
@@ -243,8 +243,8 @@ adfs_iget(struct super_block *sb, struct object_info *obj)
 	if (!inode)
 		goto out;
 
-	inode->i_uid	 = ADFS_SB(sb)->s_uid;
-	inode->i_gid	 = ADFS_SB(sb)->s_gid;
+	i_uid_write(inode, ADFS_SB(sb)->s_uid);
+	i_gid_write(inode, ADFS_SB(sb)->s_gid);
 	inode->i_ino	 = obj->file_id;
 	inode->i_size	 = obj->size;
 	set_nlink(inode, 2);
@@ -297,6 +297,8 @@ adfs_notify_change(struct dentry *dentry, struct iattr *attr)
 	struct super_block *sb = inode->i_sb;
 	unsigned int ia_valid = attr->ia_valid;
 	int error;
+	kuid_t kuid;
+	kgid_t kgid;
 	
 	error = inode_change_ok(inode, attr);
 
@@ -304,8 +306,10 @@ adfs_notify_change(struct dentry *dentry, struct iattr *attr)
 	 * we can't change the UID or GID of any file -
 	 * we have a global UID/GID in the superblock
 	 */
-	if ((ia_valid & ATTR_UID && attr->ia_uid != ADFS_SB(sb)->s_uid) ||
-	    (ia_valid & ATTR_GID && attr->ia_gid != ADFS_SB(sb)->s_gid))
+	kuid = make_kuid(&init_user_ns, ADFS_SB(sb)->s_uid);
+	kgid = make_kgid(&init_user_ns, ADFS_SB(sb)->s_gid);
+	if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, kuid)) ||
+	    (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, kgid)))
 		error = -EPERM;
 
 	if (error)
diff --git a/fs/adfs/super.c b/fs/adfs/super.c
index 06fdcc9..2e27e82 100644
--- a/fs/adfs/super.c
+++ b/fs/adfs/super.c
@@ -129,11 +129,15 @@ static void adfs_put_super(struct super_block *sb)
 static int adfs_show_options(struct seq_file *seq, struct dentry *root)
 {
 	struct adfs_sb_info *asb = ADFS_SB(root->d_sb);
-
-	if (asb->s_uid != 0)
-		seq_printf(seq, ",uid=%u", asb->s_uid);
-	if (asb->s_gid != 0)
-		seq_printf(seq, ",gid=%u", asb->s_gid);
+	kuid_t kuid = make_kuid(&init_user_ns, asb->s_uid);
+	kgid_t kgid = make_kgid(&init_user_ns, asb->s_gid);
+
+	if (!uid_eq(kuid, GLOBAL_ROOT_UID))
+		seq_printf(seq, ",uid=%u", from_kuid_munged(current_user_ns(),
+							    kuid));
+	if (!gid_eq(kgid, GLOBAL_ROOT_GID))
+		seq_printf(seq, ",gid=%u", from_kgid_munged(current_user_ns(),
+							    kgid));
 	if (asb->s_owner_mask != ADFS_DEFAULT_OWNER_MASK)
 		seq_printf(seq, ",ownmask=%o", asb->s_owner_mask);
 	if (asb->s_other_mask != ADFS_DEFAULT_OTHER_MASK)
@@ -160,6 +164,8 @@ static int parse_options(struct super_block *sb, char *options)
 	char *p;
 	struct adfs_sb_info *asb = ADFS_SB(sb);
 	int option;
+	kuid_t kuid;
+	kgid_t kgid;
 
 	if (!options)
 		return 0;
@@ -175,12 +181,14 @@ static int parse_options(struct super_block *sb, char *options)
 		case Opt_uid:
 			if (match_int(args, &option))
 				return -EINVAL;
-			asb->s_uid = option;
+			kuid = make_kuid(current_user_ns(), option);
+			asb->s_uid = from_kuid_munged(&init_user_ns, kuid);
 			break;
 		case Opt_gid:
 			if (match_int(args, &option))
 				return -EINVAL;
-			asb->s_gid = option;
+			kgid = make_kgid(current_user_ns(), option);
+			asb->s_gid = from_kgid_munged(&init_user_ns, kgid);
 			break;
 		case Opt_ownmask:
 			if (match_octal(args, &option))
@@ -370,8 +378,8 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent)
 	sb->s_fs_info = asb;
 
 	/* set default options */
-	asb->s_uid = 0;
-	asb->s_gid = 0;
+	asb->s_uid = from_kuid_munged(&init_user_ns, GLOBAL_ROOT_UID);
+	asb->s_gid = from_kgid_munged(&init_user_ns, GLOBAL_ROOT_GID);
 	asb->s_owner_mask = ADFS_DEFAULT_OWNER_MASK;
 	asb->s_other_mask = ADFS_DEFAULT_OTHER_MASK;
 	asb->s_ftsuffix = 0;
diff --git a/init/Kconfig b/init/Kconfig
index 589d558..4d8d44d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -909,7 +909,6 @@ config UIDGID_CONVERTED
 	depends on DEVTMPFS = n
 	depends on XENFS = n
 
-	depends on ADFS_FS = n
 	depends on AFFS_FS = n
 	depends on AFS_FS = n
 	depends on AUTOFS4_FS = n
-- 
1.7.1

[PATCH 3/5] userns: Convert AFFS to use kuid and kgid where appropriate

[Aristeu Rozanski]

From: Aristeu Rozanski <aris@redhat.com>

Signed-off-by: Aristeu Rozanski <aris@redhat.com>
---
 fs/affs/inode.c |   30 ++++++++++++++------------
 fs/affs/super.c |   60 +++++++++++++++++++++++++++++++++++++++++++++++-------
 init/Kconfig    |    1 -
 3 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/fs/affs/inode.c b/fs/affs/inode.c
index 88a4b0b..04eba35 100644
--- a/fs/affs/inode.c
+++ b/fs/affs/inode.c
@@ -78,24 +78,24 @@ struct inode *affs_iget(struct super_block *sb, unsigned long ino)
 
 	id = be16_to_cpu(tail->uid);
 	if (id == 0 || sbi->s_flags & SF_SETUID)
-		inode->i_uid = sbi->s_uid;
+		i_uid_write(inode, sbi->s_uid);
 	else if (id == 0xFFFF && sbi->s_flags & SF_MUFS)
-		inode->i_uid = 0;
+		inode->i_uid = GLOBAL_ROOT_UID;
 	else
-		inode->i_uid = id;
+		i_uid_write(inode, id);
 
 	id = be16_to_cpu(tail->gid);
 	if (id == 0 || sbi->s_flags & SF_SETGID)
-		inode->i_gid = sbi->s_gid;
+		i_gid_write(inode, sbi->s_gid);
 	else if (id == 0xFFFF && sbi->s_flags & SF_MUFS)
-		inode->i_gid = 0;
+		inode->i_gid = GLOBAL_ROOT_GID;
 	else
-		inode->i_gid = id;
+		i_gid_write(inode, id);
 
 	switch (be32_to_cpu(tail->stype)) {
 	case ST_ROOT:
-		inode->i_uid = sbi->s_uid;
-		inode->i_gid = sbi->s_gid;
+		i_uid_write(inode, sbi->s_uid);
+		i_gid_write(inode, sbi->s_gid);
 		/* fall through */
 	case ST_USERDIR:
 		if (be32_to_cpu(tail->stype) == ST_USERDIR ||
@@ -193,13 +193,15 @@ affs_write_inode(struct inode *inode, struct writeback_control *wbc)
 		tail->size = cpu_to_be32(inode->i_size);
 		secs_to_datestamp(inode->i_mtime.tv_sec,&tail->change);
 		if (!(inode->i_ino == AFFS_SB(sb)->s_root_block)) {
-			uid = inode->i_uid;
-			gid = inode->i_gid;
+			uid = from_kuid_munged(&init_user_ns, inode->i_uid);
+			gid = from_kgid_munged(&init_user_ns, inode->i_gid);
 			if (AFFS_SB(sb)->s_flags & SF_MUFS) {
-				if (inode->i_uid == 0 || inode->i_uid == 0xFFFF)
-					uid = inode->i_uid ^ ~0;
-				if (inode->i_gid == 0 || inode->i_gid == 0xFFFF)
-					gid = inode->i_gid ^ ~0;
+				if (uid_eq(inode->i_uid, GLOBAL_ROOT_UID) ||
+				    uid == 0xFFFF)
+					uid ^= ~0;
+				if (gid_eq(inode->i_gid, GLOBAL_ROOT_GID) ||
+				    gid == 0xFFFF)
+					gid ^= ~0;
 			}
 			if (!(AFFS_SB(sb)->s_flags & SF_SETUID))
 				tail->uid = cpu_to_be16(uid);
diff --git a/fs/affs/super.c b/fs/affs/super.c
index 0782653..49d6e3e 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -176,11 +176,13 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
 {
 	char *p;
 	substring_t args[MAX_OPT_ARGS];
+	kuid_t kuid;
+	kgid_t kgid;
 
 	/* Fill in defaults */
 
-	*uid        = current_uid();
-	*gid        = current_gid();
+	*uid        = from_kuid_munged(&init_user_ns, current_uid());
+	*gid        = from_kgid_munged(&init_user_ns, current_gid());
 	*reserved   = 2;
 	*root       = -1;
 	*blocksize  = -1;
@@ -236,13 +238,23 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
 		case Opt_setgid:
 			if (match_int(&args[0], &option))
 				return 0;
-			*gid = option;
+			kgid = make_kgid(current_user_ns(), option);
+			if (!gid_valid(kgid)) {
+				printk(KERN_INFO "AFFS: invalid GID\n");
+				return 0;
+			}
+			*gid = from_kgid_munged(&init_user_ns, kgid);
 			*mount_opts |= SF_SETGID;
 			break;
 		case Opt_setuid:
 			if (match_int(&args[0], &option))
 				return 0;
-			*uid = option;
+			kuid = make_kuid(current_user_ns(), option);
+			if (!uid_valid(kuid)) {
+				printk(KERN_INFO "AFFS: invalid UID\n");
+				return 0;
+			}
+			*uid = from_kuid_munged(&init_user_ns, kuid);
 			*mount_opts |= SF_SETUID;
 			break;
 		case Opt_verbose:
@@ -291,6 +303,8 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
 	int			 tmp_flags;	/* fix remount prototype... */
 	u8			 sig[4];
 	int			 ret = -EINVAL;
+	kuid_t			 kuid;
+	kgid_t			 kgid;
 
 	save_mount_options(sb, data);
 
@@ -318,10 +332,24 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
 	}
 	/* N.B. after this point s_prefix must be released */
 
+	kuid = make_kuid(current_user_ns(), uid);
+	if (!uid_valid(kuid)) {
+		printk(KERN_ERR "AFFS: Invalid UID\n");
+		kfree(sbi->s_prefix);
+		kfree(sbi);
+		return -EINVAL;
+	}
+	kgid = make_kgid(current_user_ns(), gid);
+	if (!gid_valid(kgid)) {
+		printk(KERN_ERR "AFFS: Invalid GID\n");
+		kfree(sbi->s_prefix);
+		kfree(sbi);
+		return -EINVAL;
+	}
 	sbi->s_flags   = mount_flags;
 	sbi->s_mode    = i;
-	sbi->s_uid     = uid;
-	sbi->s_gid     = gid;
+	sbi->s_uid     = from_kuid_munged(&init_user_ns, kuid);
+	sbi->s_gid     = from_kgid_munged(&init_user_ns, kgid);
 	sbi->s_reserved= reserved;
 
 	/* Get the size of the device in 512-byte blocks.
@@ -517,6 +545,8 @@ affs_remount(struct super_block *sb, int *flags, char *data)
 	char			*new_opts = kstrdup(data, GFP_KERNEL);
 	char			 volume[32];
 	char			*prefix = NULL;
+	kuid_t			 kuid;
+	kgid_t			 kgid;
 
 	pr_debug("AFFS: remount(flags=0x%x,opts=\"%s\")\n",*flags,data);
 
@@ -533,10 +563,24 @@ affs_remount(struct super_block *sb, int *flags, char *data)
 
 	replace_mount_options(sb, new_opts);
 
+	kuid = make_kuid(current_user_ns(), uid);
+	if (!uid_valid(kuid)) {
+		printk(KERN_ERR "AFFS: Invalid UID\n");
+		kfree(prefix);
+		kfree(new_opts);
+		return -EINVAL;
+	}
+	kgid = make_kgid(current_user_ns(), gid);
+	if (!gid_valid(kgid)) {
+		printk(KERN_ERR "AFFS: Invalid GID\n");
+		kfree(prefix);
+		kfree(new_opts);
+		return -EINVAL;
+	}
 	sbi->s_flags = mount_flags;
 	sbi->s_mode  = mode;
-	sbi->s_uid   = uid;
-	sbi->s_gid   = gid;
+	sbi->s_uid   = from_kuid_munged(&init_user_ns, kuid);
+	sbi->s_gid   = from_kgid_munged(&init_user_ns, kgid);
 	/* protect against readers */
 	spin_lock(&sbi->symlink_lock);
 	if (prefix) {
diff --git a/init/Kconfig b/init/Kconfig
index 4d8d44d..52a3736 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -909,7 +909,6 @@ config UIDGID_CONVERTED
 	depends on DEVTMPFS = n
 	depends on XENFS = n
 
-	depends on AFFS_FS = n
 	depends on AFS_FS = n
 	depends on AUTOFS4_FS = n
 	depends on BEFS_FS = n
-- 
1.7.1

[PATCH 4/5] userns: Convert AFS to use kuid and kgid where appropriate

[Aristeu Rozanski]

From: Aristeu Rozanski <aris@redhat.com>

Signed-off-by: Aristeu Rozanski <aris@redhat.com>
---
 fs/afs/fsclient.c |    8 ++++----
 fs/afs/inode.c    |    8 ++++----
 init/Kconfig      |    1 -
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/fs/afs/fsclient.c b/fs/afs/fsclient.c
index b960ff0..daac5b3 100644
--- a/fs/afs/fsclient.c
+++ b/fs/afs/fsclient.c
@@ -87,8 +87,8 @@ static void xdr_decode_AFSFetchStatus(const __be32 **_bp,
 		if (changed && !test_bit(AFS_VNODE_UNSET, &vnode->flags)) {
 			_debug("vnode changed");
 			i_size_write(&vnode->vfs_inode, size);
-			vnode->vfs_inode.i_uid = status->owner;
-			vnode->vfs_inode.i_gid = status->group;
+			i_uid_write(&vnode->vfs_inode, status->owner);
+			i_gid_write(&vnode->vfs_inode, status->group);
 			vnode->vfs_inode.i_generation = vnode->fid.unique;
 			set_nlink(&vnode->vfs_inode, status->nlink);
 
@@ -181,12 +181,12 @@ static void xdr_encode_AFS_StoreStatus(__be32 **_bp, struct iattr *attr)
 
 	if (attr->ia_valid & ATTR_UID) {
 		mask |= AFS_SET_OWNER;
-		owner = attr->ia_uid;
+		owner = from_kuid_munged(current_user_ns(), attr->ia_uid);
 	}
 
 	if (attr->ia_valid & ATTR_GID) {
 		mask |= AFS_SET_GROUP;
-		group = attr->ia_gid;
+		group = from_kgid_munged(current_user_ns(), attr->ia_gid);
 	}
 
 	if (attr->ia_valid & ATTR_MODE) {
diff --git a/fs/afs/inode.c b/fs/afs/inode.c
index d890ae3..1e6f1c8 100644
--- a/fs/afs/inode.c
+++ b/fs/afs/inode.c
@@ -68,8 +68,8 @@ static int afs_inode_map_status(struct afs_vnode *vnode, struct key *key)
 #endif
 
 	set_nlink(inode, vnode->status.nlink);
-	inode->i_uid		= vnode->status.owner;
-	inode->i_gid		= 0;
+	i_uid_write(inode, vnode->status.owner);
+	inode->i_gid = GLOBAL_ROOT_GID;
 	inode->i_size		= vnode->status.size;
 	inode->i_ctime.tv_sec	= vnode->status.mtime_server;
 	inode->i_ctime.tv_nsec	= 0;
@@ -175,8 +175,8 @@ struct inode *afs_iget_autocell(struct inode *dir, const char *dev_name,
 	inode->i_mode		= S_IFDIR | S_IRUGO | S_IXUGO;
 	inode->i_op		= &afs_autocell_inode_operations;
 	set_nlink(inode, 2);
-	inode->i_uid		= 0;
-	inode->i_gid		= 0;
+	inode->i_uid = GLOBAL_ROOT_UID;
+	inode->i_gid = GLOBAL_ROOT_GID;
 	inode->i_ctime.tv_sec	= get_seconds();
 	inode->i_ctime.tv_nsec	= 0;
 	inode->i_atime		= inode->i_mtime = inode->i_ctime;
diff --git a/init/Kconfig b/init/Kconfig
index 52a3736..2ab57ca 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -909,7 +909,6 @@ config UIDGID_CONVERTED
 	depends on DEVTMPFS = n
 	depends on XENFS = n
 
-	depends on AFS_FS = n
 	depends on AUTOFS4_FS = n
 	depends on BEFS_FS = n
 	depends on BFS_FS = n
-- 
1.7.1

[PATCH 5/5] userns: Convert autofs4 to use kuid and kgid where appropriate

[Aristeu Rozanski]

From: Aristeu Rozanski <aris@redhat.com>

Signed-off-by: Aristeu Rozanski <aris@redhat.com>
---
 fs/autofs4/inode.c |   32 +++++++++++++++++++++++---------
 fs/autofs4/waitq.c |    4 ++--
 init/Kconfig       |    1 -
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
index d8dc002..f30b73a 100644
--- a/fs/autofs4/inode.c
+++ b/fs/autofs4/inode.c
@@ -37,8 +37,8 @@ struct autofs_info *autofs4_new_ino(struct autofs_sb_info *sbi)
 
 void autofs4_clean_ino(struct autofs_info *ino)
 {
-	ino->uid = 0;
-	ino->gid = 0;
+	ino->uid = from_kuid_munged(&init_user_ns, GLOBAL_ROOT_UID);
+	ino->gid = from_kgid_munged(&init_user_ns, GLOBAL_ROOT_GID);
 	ino->last_used = jiffies;
 }
 
@@ -80,10 +80,12 @@ static int autofs4_show_options(struct seq_file *m, struct dentry *root)
 		return 0;
 
 	seq_printf(m, ",fd=%d", sbi->pipefd);
-	if (root_inode->i_uid != 0)
-		seq_printf(m, ",uid=%u", root_inode->i_uid);
-	if (root_inode->i_gid != 0)
-		seq_printf(m, ",gid=%u", root_inode->i_gid);
+	if (!uid_eq(root_inode->i_uid, GLOBAL_ROOT_UID))
+		seq_printf(m, ",uid=%u", from_kuid_munged(current_user_ns(),
+							  root_inode->i_uid));
+	if (!gid_eq(root_inode->i_gid, GLOBAL_ROOT_GID))
+		seq_printf(m, ",gid=%u", from_kgid_munged(current_user_ns(),
+							  root_inode->i_gid));
 	seq_printf(m, ",pgrp=%d", sbi->oz_pgrp);
 	seq_printf(m, ",timeout=%lu", sbi->exp_timeout/HZ);
 	seq_printf(m, ",minproto=%d", sbi->min_proto);
@@ -127,12 +129,14 @@ static const match_table_t tokens = {
 	{Opt_err, NULL}
 };
 
-static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid,
+static int parse_options(char *options, int *pipefd, kuid_t *uid, kgid_t *gid,
 		pid_t *pgrp, unsigned int *type, int *minproto, int *maxproto)
 {
 	char *p;
 	substring_t args[MAX_OPT_ARGS];
 	int option;
+	kuid_t kuid;
+	kgid_t kgid;
 
 	*uid = current_uid();
 	*gid = current_gid();
@@ -160,12 +164,22 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid,
 		case Opt_uid:
 			if (match_int(args, &option))
 				return 1;
-			*uid = option;
+			kuid = make_kuid(current_user_ns(), option);
+			if (!uid_valid(kuid)) {
+				printk(KERN_INFO "autofs: invalid uid\n");
+				return 1;
+			}
+			*uid = kuid;
 			break;
 		case Opt_gid:
 			if (match_int(args, &option))
 				return 1;
-			*gid = option;
+			kgid = make_kgid(current_user_ns(), option);
+			if (!gid_valid(kgid)) {
+				printk(KERN_INFO "autofs: invalid gid\n");
+				return 1;
+			}
+			*gid = kgid;
 			break;
 		case Opt_pgrp:
 			if (match_int(args, &option))
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 9c098db..30a16f0 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -439,8 +439,8 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
 		memcpy(&wq->name, &qstr, sizeof(struct qstr));
 		wq->dev = autofs4_get_dev(sbi);
 		wq->ino = autofs4_get_ino(sbi);
-		wq->uid = current_uid();
-		wq->gid = current_gid();
+		wq->uid = from_kuid_munged(&init_user_ns, current_uid());
+		wq->gid = from_kgid_munged(&init_user_ns, current_gid());
 		wq->pid = current->pid;
 		wq->tgid = current->tgid;
 		wq->status = -EINTR; /* Status return if interrupted */
diff --git a/init/Kconfig b/init/Kconfig
index 2ab57ca..3f104e3 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -909,7 +909,6 @@ config UIDGID_CONVERTED
 	depends on DEVTMPFS = n
 	depends on XENFS = n
 
-	depends on AUTOFS4_FS = n
 	depends on BEFS_FS = n
 	depends on BFS_FS = n
 	depends on BTRFS_FS = n
-- 
1.7.1

Re: [PATCH 0/5] userns: convert some filesystems to kuid/kgid

[Aristeu Rozanski]

Hi Eric,
On Wed, Jul 11, 2012 at 03:01:17PM -0400, Aristeu Rozanski wrote:
> Hi,
> this patchset converts 9p, ADFS, AFFS, AFS and autofs4 to use kuid and kgid.
> I plan to work on the other pending filesystems too but wanted some feedback
> on the first ones first.

had any chance to look at these?

--
Aristeu

Re: [PATCH 0/5] userns: convert some filesystems to kuid/kgid

[Eric W. Biederman]

Aristeu Rozanski <aris@ruivo.org> writes:

> Hi Eric,
> On Wed, Jul 11, 2012 at 03:01:17PM -0400, Aristeu Rozanski wrote:
>> Hi,
>> this patchset converts 9p, ADFS, AFFS, AFS and autofs4 to use kuid and kgid.
>> I plan to work on the other pending filesystems too but wanted some feedback
>> on the first ones first.
>
> had any chance to look at these?

Sorry no.  I have unfortunately been a bit out of it for the last few
weeks and I have patches to address this already in my development tree.

Eric

Re: [PATCH 0/5] userns: convert some filesystems to kuid/kgid

[Aristeu Rozanski]

Hi Eric,
On Wed, Jul 25, 2012 at 04:14:41PM -0700, Eric W. Biederman wrote:
> Sorry no.  I have unfortunately been a bit out of it for the last few
> weeks and I have patches to address this already in my development tree.

what's the tree you're using for development? ebiederm/user-namespace.git at
kernel.org doesn't have those changes.

Thanks

-- 
Aristeu

Re: [PATCH 0/5] userns: convert some filesystems to kuid/kgid

[Eric W. Biederman]

Aristeu Rozanski <aris@ruivo.org> writes:

> Hi Eric,
> On Wed, Jul 25, 2012 at 04:14:41PM -0700, Eric W. Biederman wrote:
>> Sorry no.  I have unfortunately been a bit out of it for the last few
>> weeks and I have patches to address this already in my development tree.
>
> what's the tree you're using for development? ebiederm/user-namespace.git at
> kernel.org doesn't have those changes.

Please see my userns-always-map-user-v41 branch.

Eric

Re: [PATCH 0/5] userns: convert some filesystems to kuid/kgid

[Aristeu Rozanski]

On Thu, Jul 26, 2012 at 10:24:41AM -0700, Eric W. Biederman wrote:
> Please see my userns-always-map-user-v41 branch.

d'oh. thanks Eric

-- 
Aristeu