[REVIEW][PATCH 00/14] userns: Miscelanous conversions

[REVIEW][PATCH 00/14] userns: Miscelanous conversions

[Eric W. Biederman]

The following patchset contains conversion for basic user namespace
support for the security modules and a few miscelaneous other things.

I am placing these patches up for review before I add them to
linux-next.

Please holler if it looks if you see something scary.

The following patchset is against
git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
which is based on v3.6-rc1

Eric

Eric W. Biederman (14):
      userns: Convert loop to use kuid_t instead of uid_t
      userns: Convert apparmor to use kuid and kgid where appropriate
      userns: Convert tomoyo to use kuid and kgid where appropriate
      userns: Convert selinux to use kuid and kgid where appropriate
      userns: Convert hostfs to use kuid and kgid where appropriate
      userns: Convert EVM to deal with kuids and kgids in it's hmac computation
      userns: Add user namespace support to IMA
      userns: Teach security_path_chown to take kuids and kgids
      userns: Convert binder ipc to use kuids
      userns: Convert s390 hypfs to use kuid and kgid where appropriate
      userns: Convert s390 getting uid and gid system calls to use kuid and kgid
      userns: On ppc convert current_uid from a kuid before printing.
      userns: On ia64 deal with current_uid and current_gid being kuid and kgid
      userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids

 arch/alpha/kernel/osf_sys.c         |    4 +-
 arch/ia64/kernel/mca_drv.c          |    3 +-
 arch/ia64/kernel/perfmon.c          |   32 +++++++++++++++---------------
 arch/ia64/kernel/signal.c           |    4 +-
 arch/powerpc/mm/fault.c             |    2 +-
 arch/s390/hypfs/inode.c             |   20 +++++++++++++-----
 arch/s390/kernel/compat_linux.c     |   36 +++++++++++++++++++++++-----------
 drivers/block/loop.c                |    4 +-
 drivers/staging/android/binder.c    |   14 ++++++------
 fs/hostfs/hostfs_kern.c             |    8 +++---
 fs/open.c                           |    2 +-
 include/linux/loop.h                |    2 +-
 include/linux/security.h            |    6 ++--
 init/Kconfig                        |   15 --------------
 security/apparmor/domain.c          |    4 +-
 security/apparmor/file.c            |   12 ++++++----
 security/apparmor/include/audit.h   |    2 +-
 security/apparmor/include/file.h    |    4 +-
 security/apparmor/lsm.c             |    2 +-
 security/capability.c               |    2 +-
 security/integrity/evm/evm_crypto.c |    4 +-
 security/integrity/ima/ima_audit.c  |    5 ++-
 security/integrity/ima/ima_policy.c |   14 ++++++------
 security/security.c                 |    2 +-
 security/selinux/selinuxfs.c        |    6 ++--
 security/selinux/ss/services.c      |    2 +-
 security/tomoyo/audit.c             |   23 +++++++++++++++------
 security/tomoyo/common.c            |    4 ++-
 security/tomoyo/common.h            |    4 +-
 security/tomoyo/condition.c         |   20 +++++++++---------
 security/tomoyo/tomoyo.c            |   12 ++++++----
 31 files changed, 148 insertions(+), 126 deletions(-)

[PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 drivers/block/loop.c |    4 ++--
 include/linux/loop.h |    2 +-
 init/Kconfig         |    1 -
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 3bba655..e9d594f 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1038,10 +1038,10 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
 {
 	int err;
 	struct loop_func_table *xfer;
-	uid_t uid = current_uid();
+	kuid_t uid = current_uid();
 
 	if (lo->lo_encrypt_key_size &&
-	    lo->lo_key_owner != uid &&
+	    !uid_eq(lo->lo_key_owner, uid) &&
 	    !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 	if (lo->lo_state != Lo_bound)
diff --git a/include/linux/loop.h b/include/linux/loop.h
index 11a41a8..9635116 100644
--- a/include/linux/loop.h
+++ b/include/linux/loop.h
@@ -44,7 +44,7 @@ struct loop_device {
 	int		lo_encrypt_key_size;
 	struct loop_func_table *lo_encryption;
 	__u32           lo_init[2];
-	uid_t		lo_key_owner;	/* Who set the key */
+	kuid_t		lo_key_owner;	/* Who set the key */
 	int		(*ioctl)(struct loop_device *, int cmd, 
 				 unsigned long arg); 
 
diff --git a/init/Kconfig b/init/Kconfig
index f0371a6..f315997 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -960,7 +960,6 @@ config UIDGID_CONVERTED
 	depends on !UML || HOSTFS = n
 
 	# The rare drivers that won't build
-	depends on BLK_DEV_LOOP = n
 	depends on ANDROID_BINDER_IPC = n
 
 	# Security modules
-- 
1.7.5.4

[PATCH 02/14] userns: Convert apparmor to use kuid and kgid where appropriate

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: John Johansen <john.johansen@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 init/Kconfig                      |    1 -
 security/apparmor/domain.c        |    4 ++--
 security/apparmor/file.c          |   12 +++++++-----
 security/apparmor/include/audit.h |    2 +-
 security/apparmor/include/file.h  |    4 ++--
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index f315997..637faf8 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -964,7 +964,6 @@ config UIDGID_CONVERTED
 
 	# Security modules
 	depends on SECURITY_TOMOYO = n
-	depends on SECURITY_APPARMOR = n
 
 config UIDGID_STRICT_TYPE_CHECKS
 	bool "Require conversions between uid/gids and their internal representation"
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index b81ea10..60f0c76 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -721,7 +721,7 @@ audit:
 	if (!permtest)
 		error = aa_audit_file(profile, &perms, GFP_KERNEL,
 				      OP_CHANGE_HAT, AA_MAY_CHANGEHAT, NULL,
-				      target, 0, info, error);
+				      target, GLOBAL_ROOT_UID, info, error);
 
 out:
 	aa_put_profile(hat);
@@ -848,7 +848,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
 audit:
 	if (!permtest)
 		error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request,
-				      name, hname, 0, info, error);
+				      name, hname, GLOBAL_ROOT_UID, info, error);
 
 	aa_put_namespace(ns);
 	aa_put_profile(target);
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index cf19d40..cd21ec5 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -65,7 +65,7 @@ static void audit_file_mask(struct audit_buffer *ab, u32 mask)
 static void file_audit_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
-	uid_t fsuid = current_fsuid();
+	kuid_t fsuid = current_fsuid();
 
 	if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) {
 		audit_log_format(ab, " requested_mask=");
@@ -76,8 +76,10 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
 		audit_file_mask(ab, sa->aad->fs.denied);
 	}
 	if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) {
-		audit_log_format(ab, " fsuid=%d", fsuid);
-		audit_log_format(ab, " ouid=%d", sa->aad->fs.ouid);
+		audit_log_format(ab, " fsuid=%d",
+				 from_kuid(&init_user_ns, fsuid));
+		audit_log_format(ab, " ouid=%d",
+				 from_kuid(&init_user_ns, sa->aad->fs.ouid));
 	}
 
 	if (sa->aad->fs.target) {
@@ -103,7 +105,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
  */
 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
 		  gfp_t gfp, int op, u32 request, const char *name,
-		  const char *target, uid_t ouid, const char *info, int error)
+		  const char *target, kuid_t ouid, const char *info, int error)
 {
 	int type = AUDIT_APPARMOR_AUTO;
 	struct common_audit_data sa;
@@ -201,7 +203,7 @@ static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state,
 	 */
 	perms.kill = 0;
 
-	if (current_fsuid() == cond->uid) {
+	if (uid_eq(current_fsuid(), cond->uid)) {
 		perms.allow = map_old_perms(dfa_user_allow(dfa, state));
 		perms.audit = map_old_perms(dfa_user_audit(dfa, state));
 		perms.quiet = map_old_perms(dfa_user_quiet(dfa, state));
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 4b7e189..69d8cae 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -125,7 +125,7 @@ struct apparmor_audit_data {
 			const char *target;
 			u32 request;
 			u32 denied;
-			uid_t ouid;
+			kuid_t ouid;
 		} fs;
 	};
 };
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index f98fd47..967b2de 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -71,7 +71,7 @@ struct path;
 
 /* need to make conditional which ones are being set */
 struct path_cond {
-	uid_t uid;
+	kuid_t uid;
 	umode_t mode;
 };
 
@@ -146,7 +146,7 @@ static inline u16 dfa_map_xindex(u16 mask)
 
 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
 		  gfp_t gfp, int op, u32 request, const char *name,
-		  const char *target, uid_t ouid, const char *info, int error);
+		  const char *target, kuid_t ouid, const char *info, int error);
 
 /**
  * struct aa_file_rules - components used for file rule permissions
-- 
1.7.5.4

[PATCH 03/14] userns: Convert tomoyo to use kuid and kgid where appropriate

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 init/Kconfig                |    3 ---
 security/tomoyo/audit.c     |   23 ++++++++++++++++-------
 security/tomoyo/common.c    |    4 +++-
 security/tomoyo/common.h    |    4 ++--
 security/tomoyo/condition.c |   20 ++++++++++----------
 5 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index 637faf8..381f765 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -962,9 +962,6 @@ config UIDGID_CONVERTED
 	# The rare drivers that won't build
 	depends on ANDROID_BINDER_IPC = n
 
-	# Security modules
-	depends on SECURITY_TOMOYO = n
-
 config UIDGID_STRICT_TYPE_CHECKS
 	bool "Require conversions between uid/gids and their internal representation"
 	depends on UIDGID_CONVERTED
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 7ef9fa3..c1b0037 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -168,9 +168,14 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
 		       stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile,
 		       tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid,
 		       tomoyo_sys_getpid(), tomoyo_sys_getppid(),
-		       current_uid(), current_gid(), current_euid(),
-		       current_egid(), current_suid(), current_sgid(),
-		       current_fsuid(), current_fsgid());
+		       from_kuid(&init_user_ns, current_uid()),
+		       from_kgid(&init_user_ns, current_gid()),
+		       from_kuid(&init_user_ns, current_euid()),
+		       from_kgid(&init_user_ns, current_egid()),
+		       from_kuid(&init_user_ns, current_suid()),
+		       from_kgid(&init_user_ns, current_sgid()),
+		       from_kuid(&init_user_ns, current_fsuid()),
+		       from_kgid(&init_user_ns, current_fsgid()));
 	if (!obj)
 		goto no_obj_info;
 	if (!obj->validate_done) {
@@ -191,15 +196,19 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
 					tomoyo_buffer_len - 1 - pos,
 					" path%u.parent={ uid=%u gid=%u "
 					"ino=%lu perm=0%o }", (i >> 1) + 1,
-					stat->uid, stat->gid, (unsigned long)
-					stat->ino, stat->mode & S_IALLUGO);
+					from_kuid(&init_user_ns, stat->uid),
+					from_kgid(&init_user_ns, stat->gid),
+					(unsigned long)stat->ino,
+					stat->mode & S_IALLUGO);
 			continue;
 		}
 		pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos,
 				" path%u={ uid=%u gid=%u ino=%lu major=%u"
 				" minor=%u perm=0%o type=%s", (i >> 1) + 1,
-				stat->uid, stat->gid, (unsigned long)
-				stat->ino, MAJOR(dev), MINOR(dev),
+				from_kuid(&init_user_ns, stat->uid),
+				from_kgid(&init_user_ns, stat->gid),
+				(unsigned long)stat->ino,
+				MAJOR(dev), MINOR(dev),
 				mode & S_IALLUGO, tomoyo_filetype(mode));
 		if (S_ISCHR(mode) || S_ISBLK(mode)) {
 			dev = stat->rdev;
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 2e0f12c..f89a033 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -925,7 +925,9 @@ static bool tomoyo_manager(void)
 
 	if (!tomoyo_policy_loaded)
 		return true;
-	if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
+	if (!tomoyo_manage_by_non_root &&
+	    (!uid_eq(task->cred->uid,  GLOBAL_ROOT_UID) ||
+	     !uid_eq(task->cred->euid, GLOBAL_ROOT_UID)))
 		return false;
 	exe = tomoyo_get_exe();
 	if (!exe)
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 75e4dc1..af010b6 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -561,8 +561,8 @@ struct tomoyo_address_group {
 
 /* Subset of "struct stat". Used by conditional ACL and audit logs. */
 struct tomoyo_mini_stat {
-	uid_t uid;
-	gid_t gid;
+	kuid_t uid;
+	kgid_t gid;
 	ino_t ino;
 	umode_t mode;
 	dev_t dev;
diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c
index 986330b..63681e8 100644
--- a/security/tomoyo/condition.c
+++ b/security/tomoyo/condition.c
@@ -813,28 +813,28 @@ bool tomoyo_condition(struct tomoyo_request_info *r,
 			unsigned long value = 0;
 			switch (index) {
 			case TOMOYO_TASK_UID:
-				value = current_uid();
+				value = from_kuid(&init_user_ns, current_uid());
 				break;
 			case TOMOYO_TASK_EUID:
-				value = current_euid();
+				value = from_kuid(&init_user_ns, current_euid());
 				break;
 			case TOMOYO_TASK_SUID:
-				value = current_suid();
+				value = from_kuid(&init_user_ns, current_suid());
 				break;
 			case TOMOYO_TASK_FSUID:
-				value = current_fsuid();
+				value = from_kuid(&init_user_ns, current_fsuid());
 				break;
 			case TOMOYO_TASK_GID:
-				value = current_gid();
+				value = from_kgid(&init_user_ns, current_gid());
 				break;
 			case TOMOYO_TASK_EGID:
-				value = current_egid();
+				value = from_kgid(&init_user_ns, current_egid());
 				break;
 			case TOMOYO_TASK_SGID:
-				value = current_sgid();
+				value = from_kgid(&init_user_ns, current_sgid());
 				break;
 			case TOMOYO_TASK_FSGID:
-				value = current_fsgid();
+				value = from_kgid(&init_user_ns, current_fsgid());
 				break;
 			case TOMOYO_TASK_PID:
 				value = tomoyo_sys_getpid();
@@ -970,13 +970,13 @@ bool tomoyo_condition(struct tomoyo_request_info *r,
 					case TOMOYO_PATH2_UID:
 					case TOMOYO_PATH1_PARENT_UID:
 					case TOMOYO_PATH2_PARENT_UID:
-						value = stat->uid;
+						value = from_kuid(&init_user_ns, stat->uid);
 						break;
 					case TOMOYO_PATH1_GID:
 					case TOMOYO_PATH2_GID:
 					case TOMOYO_PATH1_PARENT_GID:
 					case TOMOYO_PATH2_PARENT_GID:
-						value = stat->gid;
+						value = from_kgid(&init_user_ns, stat->gid);
 						break;
 					case TOMOYO_PATH1_INO:
 					case TOMOYO_PATH2_INO:
-- 
1.7.5.4

[PATCH 04/14] userns: Convert selinux to use kuid and kgid where appropriate

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <james.l.morris@oracle.com>
Cc: Eric Paris <eparis@parisplace.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 security/selinux/selinuxfs.c   |    6 +++---
 security/selinux/ss/services.c |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 298e695..55af8c5 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -174,7 +174,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
 		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
 			"enforcing=%d old_enforcing=%d auid=%u ses=%u",
 			new_value, selinux_enforcing,
-			audit_get_loginuid(current),
+			from_kuid(&init_user_ns, audit_get_loginuid(current)),
 			audit_get_sessionid(current));
 		selinux_enforcing = new_value;
 		if (selinux_enforcing)
@@ -305,7 +305,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
 			goto out;
 		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
 			"selinux=0 auid=%u ses=%u",
-			audit_get_loginuid(current),
+			from_kuid(&init_user_ns, audit_get_loginuid(current)),
 			audit_get_sessionid(current));
 	}
 
@@ -551,7 +551,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
 out1:
 	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
 		"policy loaded auid=%u ses=%u",
-		audit_get_loginuid(current),
+		from_kuid(&init_user_ns, audit_get_loginuid(current)),
 		audit_get_sessionid(current));
 out:
 	mutex_unlock(&sel_mutex);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4321b8f..b4feecc 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2440,7 +2440,7 @@ int security_set_bools(int len, int *values)
 				sym_name(&policydb, SYM_BOOLS, i),
 				!!values[i],
 				policydb.bool_val_to_struct[i]->state,
-				audit_get_loginuid(current),
+				from_kuid(&init_user_ns, audit_get_loginuid(current)),
 				audit_get_sessionid(current));
 		}
 		if (values[i])
-- 
1.7.5.4

[PATCH 05/14] userns: Convert hostfs to use kuid and kgid where appropriate

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 fs/hostfs/hostfs_kern.c |    8 ++++----
 init/Kconfig            |    2 --
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
index 1241465..6c9f3a9 100644
--- a/fs/hostfs/hostfs_kern.c
+++ b/fs/hostfs/hostfs_kern.c
@@ -542,8 +542,8 @@ static int read_name(struct inode *ino, char *name)
 	ino->i_ino = st.ino;
 	ino->i_mode = st.mode;
 	set_nlink(ino, st.nlink);
-	ino->i_uid = st.uid;
-	ino->i_gid = st.gid;
+	i_uid_write(ino, st.uid);
+	i_gid_write(ino, st.gid);
 	ino->i_atime = st.atime;
 	ino->i_mtime = st.mtime;
 	ino->i_ctime = st.ctime;
@@ -808,11 +808,11 @@ int hostfs_setattr(struct dentry *dentry, struct iattr *attr)
 	}
 	if (attr->ia_valid & ATTR_UID) {
 		attrs.ia_valid |= HOSTFS_ATTR_UID;
-		attrs.ia_uid = attr->ia_uid;
+		attrs.ia_uid = from_kuid(&init_user_ns, attr->ia_uid);
 	}
 	if (attr->ia_valid & ATTR_GID) {
 		attrs.ia_valid |= HOSTFS_ATTR_GID;
-		attrs.ia_gid = attr->ia_gid;
+		attrs.ia_gid = from_kgid(&init_user_ns, attr->ia_gid);
 	}
 	if (attr->ia_valid & ATTR_SIZE) {
 		attrs.ia_valid |= HOSTFS_ATTR_SIZE;
diff --git a/init/Kconfig b/init/Kconfig
index 381f765..8450442 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -957,8 +957,6 @@ config UIDGID_CONVERTED
 	depends on UFS_FS = n
 	depends on XFS_FS = n
 
-	depends on !UML || HOSTFS = n
-
 	# The rare drivers that won't build
 	depends on ANDROID_BINDER_IPC = n
 
-- 
1.7.5.4

[PATCH 06/14] userns: Convert EVM to deal with kuids and kgids in it's hmac computation

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 init/Kconfig                        |    1 -
 security/integrity/evm/evm_crypto.c |    4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index 8450442..96ee3f3 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -926,7 +926,6 @@ config UIDGID_CONVERTED
 	# List of kernel pieces that need user namespace work
 	# Features
 	depends on IMA = n
-	depends on EVM = n
 
 	# Networking
 	depends on NET_9P = n
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 49a464f..dfb2691 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -106,8 +106,8 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
 	memset(&hmac_misc, 0, sizeof hmac_misc);
 	hmac_misc.ino = inode->i_ino;
 	hmac_misc.generation = inode->i_generation;
-	hmac_misc.uid = inode->i_uid;
-	hmac_misc.gid = inode->i_gid;
+	hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
+	hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
 	hmac_misc.mode = inode->i_mode;
 	crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc);
 	crypto_shash_final(desc, digest);
-- 
1.7.5.4

[PATCH 07/14] userns: Add user namespace support to IMA

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Use kuid's in the IMA rules.

When reporting the current uid in audit logs use from_kuid
to get a usable value.

Cc: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 init/Kconfig                        |    4 ----
 security/integrity/ima/ima_audit.c  |    5 +++--
 security/integrity/ima/ima_policy.c |   14 +++++++-------
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index 96ee3f3..570cd33 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -923,10 +923,6 @@ config UIDGID_CONVERTED
 	bool
 	default y
 
-	# List of kernel pieces that need user namespace work
-	# Features
-	depends on IMA = n
-
 	# Networking
 	depends on NET_9P = n
 
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index 7a57f67..c586faa 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -39,8 +39,9 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
 
 	ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
 	audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
-			 current->pid, current_cred()->uid,
-			 audit_get_loginuid(current),
+			 current->pid,
+			 from_kuid(&init_user_ns, current_cred()->uid),
+			 from_kuid(&init_user_ns, audit_get_loginuid(current)),
 			 audit_get_sessionid(current));
 	audit_log_task_context(ab);
 	audit_log_format(ab, " op=");
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 1a95830..c84df05 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -39,7 +39,7 @@ struct ima_measure_rule_entry {
 	enum ima_hooks func;
 	int mask;
 	unsigned long fsmagic;
-	uid_t uid;
+	kuid_t uid;
 	struct {
 		void *rule;	/* LSM file metadata specific */
 		int type;	/* audit type */
@@ -71,7 +71,7 @@ static struct ima_measure_rule_entry default_rules[] = {
 	 .flags = IMA_FUNC | IMA_MASK},
 	{.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
 	 .flags = IMA_FUNC | IMA_MASK},
-	{.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = 0,
+	{.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = GLOBAL_ROOT_UID,
 	 .flags = IMA_FUNC | IMA_MASK | IMA_UID},
 };
 
@@ -112,7 +112,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
 	if ((rule->flags & IMA_FSMAGIC)
 	    && rule->fsmagic != inode->i_sb->s_magic)
 		return false;
-	if ((rule->flags & IMA_UID) && rule->uid != cred->uid)
+	if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
 		return false;
 	for (i = 0; i < MAX_LSM_RULES; i++) {
 		int rc = 0;
@@ -277,7 +277,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
 
 	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
 
-	entry->uid = -1;
+	entry->uid = INVALID_UID;
 	entry->action = UNKNOWN;
 	while ((p = strsep(&rule, " \t")) != NULL) {
 		substring_t args[MAX_OPT_ARGS];
@@ -361,15 +361,15 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
 		case Opt_uid:
 			ima_log_string(ab, "uid", args[0].from);
 
-			if (entry->uid != -1) {
+			if (uid_valid(entry->uid)) {
 				result = -EINVAL;
 				break;
 			}
 
 			result = strict_strtoul(args[0].from, 10, &lnum);
 			if (!result) {
-				entry->uid = (uid_t) lnum;
-				if (entry->uid != lnum)
+				entry->uid = make_kuid(current_user_ns(), (uid_t)lnum);
+				if (!uid_valid(entry->uid) || (((uid_t)lnum) != lnum))
 					result = -EINVAL;
 				else
 					entry->flags |= IMA_UID;
-- 
1.7.5.4

[PATCH 08/14] userns: Teach security_path_chown to take kuids and kgids

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Don't make the security modules deal with raw user space uid and
gids instead pass in a kuid_t and a kgid_t so that security modules
only have to deal with internal kernel uids and gids.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Morris <james.l.morris@oracle.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 fs/open.c                |    2 +-
 include/linux/security.h |    6 +++---
 security/apparmor/lsm.c  |    2 +-
 security/capability.c    |    2 +-
 security/security.c      |    2 +-
 security/tomoyo/tomoyo.c |   12 +++++++-----
 6 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index f3d96e7..2b25739 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -534,7 +534,7 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
 		newattrs.ia_valid |=
 			ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
 	mutex_lock(&inode->i_mutex);
-	error = security_path_chown(path, user, group);
+	error = security_path_chown(path, uid, gid);
 	if (!error)
 		error = notify_change(path->dentry, &newattrs);
 	mutex_unlock(&inode->i_mutex);
diff --git a/include/linux/security.h b/include/linux/security.h
index 4e5a73c..ebb92cb 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1437,7 +1437,7 @@ struct security_operations {
 	int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
 			    struct path *new_dir, struct dentry *new_dentry);
 	int (*path_chmod) (struct path *path, umode_t mode);
-	int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
+	int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
 	int (*path_chroot) (struct path *path);
 #endif
 
@@ -2832,7 +2832,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
 			 struct path *new_dir, struct dentry *new_dentry);
 int security_path_chmod(struct path *path, umode_t mode);
-int security_path_chown(struct path *path, uid_t uid, gid_t gid);
+int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
 int security_path_chroot(struct path *path);
 #else	/* CONFIG_SECURITY_PATH */
 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
@@ -2888,7 +2888,7 @@ static inline int security_path_chmod(struct path *path, umode_t mode)
 	return 0;
 }
 
-static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
 {
 	return 0;
 }
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8ea39aa..8c2a7f6 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -352,7 +352,7 @@ static int apparmor_path_chmod(struct path *path, umode_t mode)
 	return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
 }
 
-static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid)
+static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
 {
 	struct path_cond cond =  { path->dentry->d_inode->i_uid,
 				   path->dentry->d_inode->i_mode
diff --git a/security/capability.c b/security/capability.c
index 61095df..a40aac6 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -284,7 +284,7 @@ static int cap_path_chmod(struct path *path, umode_t mode)
 	return 0;
 }
 
-static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
+static int cap_path_chown(struct path *path, kuid_t uid, kgid_t gid)
 {
 	return 0;
 }
diff --git a/security/security.c b/security/security.c
index 860aeb3..f9a2f2e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -434,7 +434,7 @@ int security_path_chmod(struct path *path, umode_t mode)
 	return security_ops->path_chmod(path, mode);
 }
 
-int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
 {
 	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
 		return 0;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index c2d04a5..d88eb3a 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -373,13 +373,15 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode)
  *
  * Returns 0 on success, negative value otherwise.
  */
-static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
+static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
 {
 	int error = 0;
-	if (uid != (uid_t) -1)
-		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);
-	if (!error && gid != (gid_t) -1)
-		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);
+	if (uid_valid(uid))
+		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
+						from_kuid(&init_user_ns, uid));
+	if (!error && gid_valid(gid))
+		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
+						from_kgid(&init_user_ns, gid));
 	return error;
 }
 
-- 
1.7.5.4

[PATCH 09/14] userns: Convert binder ipc to use kuids

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Arve Hjønnevåg <arve@android.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 drivers/staging/android/binder.c |   14 +++++++-------
 init/Kconfig                     |    3 ---
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index 574e992..8e35d4b 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -47,7 +47,7 @@ static HLIST_HEAD(binder_dead_nodes);
 static struct dentry *binder_debugfs_dir_entry_root;
 static struct dentry *binder_debugfs_dir_entry_proc;
 static struct binder_node *binder_context_mgr_node;
-static uid_t binder_context_mgr_uid = -1;
+static kuid_t binder_context_mgr_uid = INVALID_UID;
 static int binder_last_id;
 static struct workqueue_struct *binder_deferred_workqueue;
 
@@ -356,7 +356,7 @@ struct binder_transaction {
 	unsigned int	flags;
 	long	priority;
 	long	saved_priority;
-	uid_t	sender_euid;
+	kuid_t	sender_euid;
 };
 
 static void
@@ -2427,7 +2427,7 @@ retry:
 		}
 		tr.code = t->code;
 		tr.flags = t->flags;
-		tr.sender_euid = t->sender_euid;
+		tr.sender_euid = from_kuid(current_user_ns(), t->sender_euid);
 
 		if (t->from) {
 			struct task_struct *sender = t->from->proc->tsk;
@@ -2705,12 +2705,12 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 			ret = -EBUSY;
 			goto err;
 		}
-		if (binder_context_mgr_uid != -1) {
-			if (binder_context_mgr_uid != current->cred->euid) {
+		if (uid_valid(binder_context_mgr_uid)) {
+			if (!uid_eq(binder_context_mgr_uid, current->cred->euid)) {
 				pr_err("binder: BINDER_SET_"
 				       "CONTEXT_MGR bad uid %d != %d\n",
-				       current->cred->euid,
-				       binder_context_mgr_uid);
+				       from_kuid(&init_user_ns, current->cred->euid),
+				       from_kuid(&init_user_ns, binder_context_mgr_uid));
 				ret = -EPERM;
 				goto err;
 			}
diff --git a/init/Kconfig b/init/Kconfig
index 570cd33..8691098 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -952,9 +952,6 @@ config UIDGID_CONVERTED
 	depends on UFS_FS = n
 	depends on XFS_FS = n
 
-	# The rare drivers that won't build
-	depends on ANDROID_BINDER_IPC = n
-
 config UIDGID_STRICT_TYPE_CHECKS
 	bool "Require conversions between uid/gids and their internal representation"
 	depends on UIDGID_CONVERTED
-- 
1.7.5.4

[PATCH 10/14] userns: Convert s390 hypfs to use kuid and kgid where appropriate

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 arch/s390/hypfs/inode.c |   20 ++++++++++++++------
 1 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c
index 6767b43..124ec1a 100644
--- a/arch/s390/hypfs/inode.c
+++ b/arch/s390/hypfs/inode.c
@@ -31,8 +31,8 @@ static struct dentry *hypfs_create_update_file(struct super_block *sb,
 					       struct dentry *dir);
 
 struct hypfs_sb_info {
-	uid_t uid;			/* uid used for files and dirs */
-	gid_t gid;			/* gid used for files and dirs */
+	kuid_t uid;			/* uid used for files and dirs */
+	kgid_t gid;			/* gid used for files and dirs */
 	struct dentry *update_file;	/* file to trigger update */
 	time_t last_update;		/* last update time in secs since 1970 */
 	struct mutex lock;		/* lock to protect update process */
@@ -229,6 +229,8 @@ static int hypfs_parse_options(char *options, struct super_block *sb)
 {
 	char *str;
 	substring_t args[MAX_OPT_ARGS];
+	kuid_t uid;
+	kgid_t gid;
 
 	if (!options)
 		return 0;
@@ -243,12 +245,18 @@ static int hypfs_parse_options(char *options, struct super_block *sb)
 		case opt_uid:
 			if (match_int(&args[0], &option))
 				return -EINVAL;
-			hypfs_info->uid = option;
+			uid = make_kuid(current_user_ns(), option);
+			if (!uid_valid(uid))
+				return -EINVAL;
+			hypfs_info->uid = uid;
 			break;
 		case opt_gid:
 			if (match_int(&args[0], &option))
 				return -EINVAL;
-			hypfs_info->gid = option;
+			gid = make_kgid(current_user_ns(), option);
+			if (!gid_valid(gid))
+				return -EINVAL;
+			hypfs_info->gid = gid;
 			break;
 		case opt_err:
 		default:
@@ -263,8 +271,8 @@ static int hypfs_show_options(struct seq_file *s, struct dentry *root)
 {
 	struct hypfs_sb_info *hypfs_info = root->d_sb->s_fs_info;
 
-	seq_printf(s, ",uid=%u", hypfs_info->uid);
-	seq_printf(s, ",gid=%u", hypfs_info->gid);
+	seq_printf(s, ",uid=%u", from_kuid_munged(&init_user_ns, hypfs_info->uid));
+	seq_printf(s, ",gid=%u", from_kgid_munged(&init_user_ns, hypfs_info->gid));
 	return 0;
 }
 
-- 
1.7.5.4

[PATCH 11/14] userns: Convert s390 getting uid and gid system calls to use kuid and kgid

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Convert getresuid, getresgid, getuid, geteuid, getgid, getegid

Convert struct cred kuids and kgids into userspace uids and gids when
returning them.

These s390 system calls slipped through the cracks in my first
round of converstions :(

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
 arch/s390/kernel/compat_linux.c |   36 ++++++++++++++++++++++++------------
 1 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
index d122508..73995a7 100644
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -131,13 +131,19 @@ asmlinkage long sys32_setresuid16(u16 ruid, u16 euid, u16 suid)
 		low2highuid(suid));
 }
 
-asmlinkage long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user *suid)
+asmlinkage long sys32_getresuid16(u16 __user *ruidp, u16 __user *euidp, u16 __user *suidp)
 {
+	const struct cred *cred = current_cred();
 	int retval;
+	u16 ruid, euid, suid;
 
-	if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) &&
-	    !(retval = put_user(high2lowuid(current->cred->euid), euid)))
-		retval = put_user(high2lowuid(current->cred->suid), suid);
+	ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid));
+	euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid));
+	suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid));
+
+	if (!(retval   = put_user(ruid, ruidp)) &&
+	    !(retval   = put_user(euid, euidp)))
+		retval = put_user(suid, suidp);
 
 	return retval;
 }
@@ -148,13 +154,19 @@ asmlinkage long sys32_setresgid16(u16 rgid, u16 egid, u16 sgid)
 		low2highgid(sgid));
 }
 
-asmlinkage long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user *sgid)
+asmlinkage long sys32_getresgid16(u16 __user *rgidp, u16 __user *egidp, u16 __user *sgidp)
 {
+	const struct cred *cred = current_cred();
 	int retval;
+	u16 rgid, egid, sgid;
+
+	rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid));
+	egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid));
+	sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid));
 
-	if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) &&
-	    !(retval = put_user(high2lowgid(current->cred->egid), egid)))
-		retval = put_user(high2lowgid(current->cred->sgid), sgid);
+	if (!(retval   = put_user(rgid, rgidp)) &&
+	    !(retval   = put_user(egid, egidp)))
+		retval = put_user(sgid, sgidp);
 
 	return retval;
 }
@@ -258,22 +270,22 @@ asmlinkage long sys32_setgroups16(int gidsetsize, u16 __user *grouplist)
 
 asmlinkage long sys32_getuid16(void)
 {
-	return high2lowuid(current->cred->uid);
+	return high2lowuid(from_kuid_munged(current_user_ns(), current_uid()));
 }
 
 asmlinkage long sys32_geteuid16(void)
 {
-	return high2lowuid(current->cred->euid);
+	return high2lowuid(from_kuid_munged(current_user_ns(), current_euid()));
 }
 
 asmlinkage long sys32_getgid16(void)
 {
-	return high2lowgid(current->cred->gid);
+	return high2lowgid(from_kgid_munged(current_user_ns(), current_gid()));
 }
 
 asmlinkage long sys32_getegid16(void)
 {
-	return high2lowgid(current->cred->egid);
+	return high2lowgid(from_kgid_munged(current_user_ns(), current_egid()));
 }
 
 /*
-- 
1.7.5.4

[PATCH 12/14] userns: On ppc convert current_uid from a kuid before printing.

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 arch/powerpc/mm/fault.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 08ffcf5..e5f028b 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -470,7 +470,7 @@ bad_area_nosemaphore:
 	if (is_exec && (error_code & DSISR_PROTFAULT))
 		printk_ratelimited(KERN_CRIT "kernel tried to execute NX-protected"
 				   " page (%lx) - exploit attempt? (uid: %d)\n",
-				   address, current_uid());
+				   address, from_kuid(&init_user_ns, current_uid()));
 
 	return SIGSEGV;
 
-- 
1.7.5.4

[PATCH 13/14] userns: On ia64 deal with current_uid and current_gid being kuid and kgid

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

These ia64 uses of current_uid and current_gid slipped through the
cracks when I was converting everything to kuids and kgids convert
them now.

Cc: Tony Luck <tony.luck@intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 arch/ia64/kernel/mca_drv.c |    3 ++-
 arch/ia64/kernel/perfmon.c |   32 ++++++++++++++++----------------
 arch/ia64/kernel/signal.c  |    4 ++--
 3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c
index 1c2e894..9392e02 100644
--- a/arch/ia64/kernel/mca_drv.c
+++ b/arch/ia64/kernel/mca_drv.c
@@ -158,7 +158,8 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr)
 	ia64_mlogbuf_dump();
 	printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, "
 		"iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n",
-	       raw_smp_processor_id(), current->pid, current_uid(),
+	       raw_smp_processor_id(), current->pid,
+		from_kuid(&init_user_ns, current_uid()),
 		iip, ipsr, paddr, current->comm);
 
 	spin_lock(&mca_bh_lock);
diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c
index 3fa4bc5..5a5c222 100644
--- a/arch/ia64/kernel/perfmon.c
+++ b/arch/ia64/kernel/perfmon.c
@@ -2380,8 +2380,8 @@ static int
 pfm_bad_permissions(struct task_struct *task)
 {
 	const struct cred *tcred;
-	uid_t uid = current_uid();
-	gid_t gid = current_gid();
+	kuid_t uid = current_uid();
+	kgid_t gid = current_gid();
 	int ret;
 
 	rcu_read_lock();
@@ -2389,20 +2389,20 @@ pfm_bad_permissions(struct task_struct *task)
 
 	/* inspired by ptrace_attach() */
 	DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n",
-		uid,
-		gid,
-		tcred->euid,
-		tcred->suid,
-		tcred->uid,
-		tcred->egid,
-		tcred->sgid));
-
-	ret = ((uid != tcred->euid)
-	       || (uid != tcred->suid)
-	       || (uid != tcred->uid)
-	       || (gid != tcred->egid)
-	       || (gid != tcred->sgid)
-	       || (gid != tcred->gid)) && !capable(CAP_SYS_PTRACE);
+		from_kuid(&init_user_ns, uid),
+		from_kgid(&init_user_ns, gid),
+		from_kuid(&init_user_ns, tcred->euid),
+		from_kuid(&init_user_ns, tcred->suid),
+		from_kuid(&init_user_ns, tcred->uid),
+		from_kgid(&init_user_ns, tcred->egid),
+		from_kgid(&init_user_ns, tcred->sgid)));
+
+	ret = ((!uid_eq(uid, tcred->euid))
+	       || (!uid_eq(uid, tcred->suid))
+	       || (!uid_eq(uid, tcred->uid))
+	       || (!gid_eq(gid, tcred->egid))
+	       || (!gid_eq(gid, tcred->sgid))
+	       || (!gid_eq(gid, tcred->gid))) && !capable(CAP_SYS_PTRACE);
 
 	rcu_read_unlock();
 	return ret;
diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
index a199be1..37dd795 100644
--- a/arch/ia64/kernel/signal.c
+++ b/arch/ia64/kernel/signal.c
@@ -220,7 +220,7 @@ ia64_rt_sigreturn (struct sigscratch *scr)
 	si.si_errno = 0;
 	si.si_code = SI_KERNEL;
 	si.si_pid = task_pid_vnr(current);
-	si.si_uid = current_uid();
+	si.si_uid = from_kuid_munged(current_user_ns(), current_uid());
 	si.si_addr = sc;
 	force_sig_info(SIGSEGV, &si, current);
 	return retval;
@@ -317,7 +317,7 @@ force_sigsegv_info (int sig, void __user *addr)
 	si.si_errno = 0;
 	si.si_code = SI_KERNEL;
 	si.si_pid = task_pid_vnr(current);
-	si.si_uid = current_uid();
+	si.si_uid = from_kuid_munged(current_user_ns(), current_uid());
 	si.si_addr = addr;
 	force_sig_info(SIGSEGV, &si, current);
 	return 0;
-- 
1.7.5.4

[PATCH 14/14] userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids

[Eric W. Biederman]

From: "Eric W. Biederman" <ebiederm@xmission.com>

Silencing build errors and potentially allowing people to use osf
system calls in from processes running in a non-default user namespace.

It seems this stat call was missed in my first round of converting the
stat system calls, bother.

Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 arch/alpha/kernel/osf_sys.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
index 98a1036..32c5f9d 100644
--- a/arch/alpha/kernel/osf_sys.c
+++ b/arch/alpha/kernel/osf_sys.c
@@ -278,8 +278,8 @@ linux_to_osf_stat(struct kstat *lstat, struct osf_stat __user *osf_stat)
 	tmp.st_dev	= lstat->dev;
 	tmp.st_mode	= lstat->mode;
 	tmp.st_nlink	= lstat->nlink;
-	tmp.st_uid	= lstat->uid;
-	tmp.st_gid	= lstat->gid;
+	tmp.st_uid	= from_kuid_munged(current_user_ns(), lstat->uid);
+	tmp.st_gid	= from_kgid_munged(current_user_ns(), lstat->gid);
 	tmp.st_rdev	= lstat->rdev;
 	tmp.st_ldev	= lstat->rdev;
 	tmp.st_size	= lstat->size;
-- 
1.7.5.4

Re: [PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t

[Jens Axboe]

On 2012-09-21 02:28, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
>  drivers/block/loop.c |    4 ++--
>  include/linux/loop.h |    2 +-
>  init/Kconfig         |    1 -
>  3 files changed, 3 insertions(+), 4 deletions(-)

Thanks Eric, queued for 3.7.

-- 
Jens Axboe

Re: [PATCH 09/14] userns: Convert binder ipc to use kuids

[Greg Kroah-Hartman]

On Thu, Sep 20, 2012 at 05:28:45PM -0700, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Cc: Arve Hjønnevåg <arve@android.com>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Re: [PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t

[Eric W. Biederman]

Jens Axboe <jaxboe@fusionio.com> writes:

> On 2012-09-21 02:28, Eric W. Biederman wrote:
>> From: "Eric W. Biederman" <ebiederm@xmission.com>
>> 
>> Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
>> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
>> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
>> ---
>>  drivers/block/loop.c |    4 ++--
>>  include/linux/loop.h |    2 +-
>>  init/Kconfig         |    1 -
>>  3 files changed, 3 insertions(+), 4 deletions(-)
>
> Thanks Eric, queued for 3.7.

Would it be a problem if I also merged throug my user-namespace.git tree?

That was the original plan and it is handy to keep all of the patches
together.

Not that it matters much in this case.

Eric

Re: [PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t

[Jens Axboe]

On 2012-09-21 09:07, Eric W. Biederman wrote:
> Jens Axboe <jaxboe@fusionio.com> writes:
> 
>> On 2012-09-21 02:28, Eric W. Biederman wrote:
>>> From: "Eric W. Biederman" <ebiederm@xmission.com>
>>>
>>> Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
>>> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
>>> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
>>> ---
>>>  drivers/block/loop.c |    4 ++--
>>>  include/linux/loop.h |    2 +-
>>>  init/Kconfig         |    1 -
>>>  3 files changed, 3 insertions(+), 4 deletions(-)
>>
>> Thanks Eric, queued for 3.7.
> 
> Would it be a problem if I also merged throug my user-namespace.git tree?
> 
> That was the original plan and it is handy to keep all of the patches
> together.
> 
> Not that it matters much in this case.

Not at all, go ahead. It'll be trivial to resolve any merge conflict due
to this.

BTW, this:

Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

in your original patch needs fixing up. I'm assuming it's a copy-paste
error and meant to be a Cc, since I haven't signed-off on it.

-- 
Jens Axboe

Re: [PATCH 01/14] userns: Convert loop to use kuid_t instead of uid_t

[Eric W. Biederman]

Jens Axboe <jaxboe@fusionio.com> writes:

> On 2012-09-21 09:07, Eric W. Biederman wrote:
>> Jens Axboe <jaxboe@fusionio.com> writes:
>> 
>>> On 2012-09-21 02:28, Eric W. Biederman wrote:
>>>> From: "Eric W. Biederman" <ebiederm@xmission.com>
>>>>
>>>> Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
>>>> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
>>>> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
>>>> ---
>>>>  drivers/block/loop.c |    4 ++--
>>>>  include/linux/loop.h |    2 +-
>>>>  init/Kconfig         |    1 -
>>>>  3 files changed, 3 insertions(+), 4 deletions(-)
>>>
>>> Thanks Eric, queued for 3.7.
>> 
>> Would it be a problem if I also merged throug my user-namespace.git tree?
>> 
>> That was the original plan and it is handy to keep all of the patches
>> together.
>> 
>> Not that it matters much in this case.
>
> Not at all, go ahead. It'll be trivial to resolve any merge conflict due
> to this.
>
> BTW, this:
>
> Cc: Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
>
> in your original patch needs fixing up. I'm assuming it's a copy-paste
> error and meant to be a Cc, since I haven't signed-off on it.

Doh.  Yes sorry.  It was supposed to just be Cc:

Eric

Re: [PATCH 05/14] userns: Convert hostfs to use kuid and kgid where appropriate

[Richard Weinberger]

[-- Attachment #1: Type: text/plain, Size: 548 bytes --]

Am 21.09.2012 02:28, schrieb Eric W. Biederman:
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Cc: Jeff Dike <jdike@addtoit.com>
> Cc: Richard Weinberger <richard@nod.at>
> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---

Looks sane to me.

Acked-by: Richard Weinberger <richard@nod.at>

BTW: How you do test your user namespace patches?
Is there a generic way to compare/verify uids within a namespace vs. the initial namespace?

Thanks,
//richard


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: [PATCH 05/14] userns: Convert hostfs to use kuid and kgid where appropriate

[Eric W. Biederman]

Richard Weinberger <richard@nod.at> writes:

> Am 21.09.2012 02:28, schrieb Eric W. Biederman:
>> From: "Eric W. Biederman" <ebiederm@xmission.com>
>> 
>> Cc: Jeff Dike <jdike@addtoit.com>
>> Cc: Richard Weinberger <richard@nod.at>
>> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
>> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
>> ---
>
> Looks sane to me.
>
> Acked-by: Richard Weinberger <richard@nod.at>
>
> BTW: How you do test your user namespace patches?
> Is there a generic way to compare/verify uids within a namespace
> vs. the initial namespace?

I start with a well tested set of primites, and a simple design.

Ultimately the goal is to get the conversion functions make_kuid and
from_kuid inserted into the proper locations.

When user namespaces are enabled kuid_t and uid_t are not assignment
compatible so in most places where something needs to be done I get
a compile error.

If the other value is an internal kernel value I change it's type.
If the other value is a userspace or on disk value I insert a conversion
function.

So as a first approximation I can test just by enabling usernamespace
support and compiling the code.

My second line of defense is to keep my patches simple and easily
reviewable.

I impose upon myself the discipline of letting my patches set for a
while so that I review them with a fresh mind before sending them
out to the list.

I am careful when making my patches to actually read the code and
understand what is going on, so hopefully I catch the tricky cases.

With the user namespace support disabled the code performs the same with
except for the conversion functions so things like my conversion of the
core kernel in 3.5 continue to be tested for correctness in general.

Right now for filesystems I am converting them so they will work when
all of the user space interfaces have values coming to the filesystem in
kuid_t and kgid_t, but the values in the filesystem are stored in
the initial user namespace.  So it is trivial to know that I have
useful the correct conversions.

Since my big question is do I have the conversions in all of the
locations needed, compile errors and the discipline of pushing kuid_t
and kgid_t as deep as possible into the kernel data structures as
possible are my primary means of where conversions need to go.

Beyond that I actually run a kernel with all of my patches applied and I
do some spot testing, and I have had my development tree with everything
patched out for a while so that other people can play with it as well.

I also compile test each patch with allyesconfig and with as much
enabled as I can and still leave the usernamespace support enabled,
ensuring each patch is good and safe on it's own (at least compilewise).

So that is how I test.

As to a generic way to compare/verify uids within a namespace vs the
initial namespace hmm.  I don't know that there is a generic tool.  The
mappings are available in /proc/<pid>/uid_maps, and /proc/<pid>/gid_maps
so it isn't hard to look to see if the expected conversion is happening
by looking from outside the namespace. But there isn't a generic tool
that I know of at this point.

Eric

Re: [PATCH 05/14] userns: Convert hostfs to use kuid and kgid where appropriate

[Serge Hallyn]

Quoting Richard Weinberger (richard@nod.at):
> Am 21.09.2012 02:28, schrieb Eric W. Biederman:
> > From: "Eric W. Biederman" <ebiederm@xmission.com>
> > 
> > Cc: Jeff Dike <jdike@addtoit.com>
> > Cc: Richard Weinberger <richard@nod.at>
> > Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> > Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> > ---
> 
> Looks sane to me.
> 
> Acked-by: Richard Weinberger <richard@nod.at>
> 
> BTW: How you do test your user namespace patches?

I've got a few specific tests of the new functionality in the usernstest.c
in the nsexec package at
https://launchpad.net/~serge-hallyn/+archive/userns-natty/+sourcepub/2530252/+listing-archive-extra .
Of course LTP already has a good set of test cases for the regular
functionality.

> Is there a generic way to compare/verify uids within a namespace vs. the initial namespace?

It's good to look at output of 'id' in the task versus 'ps' from the initial ns,
as well as create a file and look at the stat output from both namespaces.

-serge

Re: [PATCH 04/14] userns: Convert selinux to use kuid and kgid where appropriate

[Serge Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Cc: Stephen Smalley <sds@tycho.nsa.gov>
> Cc: James Morris <james.l.morris@oracle.com>
> Cc: Eric Paris <eparis@parisplace.org>

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
>  security/selinux/selinuxfs.c   |    6 +++---
>  security/selinux/ss/services.c |    2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 298e695..55af8c5 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -174,7 +174,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
>  		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>  			"enforcing=%d old_enforcing=%d auid=%u ses=%u",
>  			new_value, selinux_enforcing,
> -			audit_get_loginuid(current),
> +			from_kuid(&init_user_ns, audit_get_loginuid(current)),
>  			audit_get_sessionid(current));
>  		selinux_enforcing = new_value;
>  		if (selinux_enforcing)
> @@ -305,7 +305,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
>  			goto out;
>  		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>  			"selinux=0 auid=%u ses=%u",
> -			audit_get_loginuid(current),
> +			from_kuid(&init_user_ns, audit_get_loginuid(current)),
>  			audit_get_sessionid(current));
>  	}
>  
> @@ -551,7 +551,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
>  out1:
>  	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>  		"policy loaded auid=%u ses=%u",
> -		audit_get_loginuid(current),
> +		from_kuid(&init_user_ns, audit_get_loginuid(current)),
>  		audit_get_sessionid(current));
>  out:
>  	mutex_unlock(&sel_mutex);
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 4321b8f..b4feecc 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2440,7 +2440,7 @@ int security_set_bools(int len, int *values)
>  				sym_name(&policydb, SYM_BOOLS, i),
>  				!!values[i],
>  				policydb.bool_val_to_struct[i]->state,
> -				audit_get_loginuid(current),
> +				from_kuid(&init_user_ns, audit_get_loginuid(current)),
>  				audit_get_sessionid(current));
>  		}
>  		if (values[i])
> -- 
> 1.7.5.4
> 
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers

Re: [PATCH 10/14] userns: Convert s390 hypfs to use kuid and kgid where appropriate

[Serge Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
> Cc: Heiko Carstens <heiko.carstens@de.ibm.com>

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
>  arch/s390/hypfs/inode.c |   20 ++++++++++++++------
>  1 files changed, 14 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c
> index 6767b43..124ec1a 100644
> --- a/arch/s390/hypfs/inode.c
> +++ b/arch/s390/hypfs/inode.c
> @@ -31,8 +31,8 @@ static struct dentry *hypfs_create_update_file(struct super_block *sb,
>  					       struct dentry *dir);
>  
>  struct hypfs_sb_info {
> -	uid_t uid;			/* uid used for files and dirs */
> -	gid_t gid;			/* gid used for files and dirs */
> +	kuid_t uid;			/* uid used for files and dirs */
> +	kgid_t gid;			/* gid used for files and dirs */
>  	struct dentry *update_file;	/* file to trigger update */
>  	time_t last_update;		/* last update time in secs since 1970 */
>  	struct mutex lock;		/* lock to protect update process */
> @@ -229,6 +229,8 @@ static int hypfs_parse_options(char *options, struct super_block *sb)
>  {
>  	char *str;
>  	substring_t args[MAX_OPT_ARGS];
> +	kuid_t uid;
> +	kgid_t gid;
>  
>  	if (!options)
>  		return 0;
> @@ -243,12 +245,18 @@ static int hypfs_parse_options(char *options, struct super_block *sb)
>  		case opt_uid:
>  			if (match_int(&args[0], &option))
>  				return -EINVAL;
> -			hypfs_info->uid = option;
> +			uid = make_kuid(current_user_ns(), option);
> +			if (!uid_valid(uid))
> +				return -EINVAL;
> +			hypfs_info->uid = uid;
>  			break;
>  		case opt_gid:
>  			if (match_int(&args[0], &option))
>  				return -EINVAL;
> -			hypfs_info->gid = option;
> +			gid = make_kgid(current_user_ns(), option);
> +			if (!gid_valid(gid))
> +				return -EINVAL;
> +			hypfs_info->gid = gid;
>  			break;
>  		case opt_err:
>  		default:
> @@ -263,8 +271,8 @@ static int hypfs_show_options(struct seq_file *s, struct dentry *root)
>  {
>  	struct hypfs_sb_info *hypfs_info = root->d_sb->s_fs_info;
>  
> -	seq_printf(s, ",uid=%u", hypfs_info->uid);
> -	seq_printf(s, ",gid=%u", hypfs_info->gid);
> +	seq_printf(s, ",uid=%u", from_kuid_munged(&init_user_ns, hypfs_info->uid));
> +	seq_printf(s, ",gid=%u", from_kgid_munged(&init_user_ns, hypfs_info->gid));
>  	return 0;
>  }
>  
> -- 
> 1.7.5.4
> 
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers

Re: [PATCH 13/14] userns: On ia64 deal with current_uid and current_gid being kuid and kgid

[Serge Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> These ia64 uses of current_uid and current_gid slipped through the
> cracks when I was converting everything to kuids and kgids convert
> them now.
> 
> Cc: Tony Luck <tony.luck@intel.com>
> Cc: Fenghua Yu <fenghua.yu@intel.com>

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
>  arch/ia64/kernel/mca_drv.c |    3 ++-
>  arch/ia64/kernel/perfmon.c |   32 ++++++++++++++++----------------
>  arch/ia64/kernel/signal.c  |    4 ++--
>  3 files changed, 20 insertions(+), 19 deletions(-)
> 
> diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c
> index 1c2e894..9392e02 100644
> --- a/arch/ia64/kernel/mca_drv.c
> +++ b/arch/ia64/kernel/mca_drv.c
> @@ -158,7 +158,8 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr)
>  	ia64_mlogbuf_dump();
>  	printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, "
>  		"iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n",
> -	       raw_smp_processor_id(), current->pid, current_uid(),
> +	       raw_smp_processor_id(), current->pid,
> +		from_kuid(&init_user_ns, current_uid()),
>  		iip, ipsr, paddr, current->comm);
>  
>  	spin_lock(&mca_bh_lock);
> diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c
> index 3fa4bc5..5a5c222 100644
> --- a/arch/ia64/kernel/perfmon.c
> +++ b/arch/ia64/kernel/perfmon.c
> @@ -2380,8 +2380,8 @@ static int
>  pfm_bad_permissions(struct task_struct *task)
>  {
>  	const struct cred *tcred;
> -	uid_t uid = current_uid();
> -	gid_t gid = current_gid();
> +	kuid_t uid = current_uid();
> +	kgid_t gid = current_gid();
>  	int ret;
>  
>  	rcu_read_lock();
> @@ -2389,20 +2389,20 @@ pfm_bad_permissions(struct task_struct *task)
>  
>  	/* inspired by ptrace_attach() */
>  	DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n",
> -		uid,
> -		gid,
> -		tcred->euid,
> -		tcred->suid,
> -		tcred->uid,
> -		tcred->egid,
> -		tcred->sgid));
> -
> -	ret = ((uid != tcred->euid)
> -	       || (uid != tcred->suid)
> -	       || (uid != tcred->uid)
> -	       || (gid != tcred->egid)
> -	       || (gid != tcred->sgid)
> -	       || (gid != tcred->gid)) && !capable(CAP_SYS_PTRACE);
> +		from_kuid(&init_user_ns, uid),
> +		from_kgid(&init_user_ns, gid),
> +		from_kuid(&init_user_ns, tcred->euid),
> +		from_kuid(&init_user_ns, tcred->suid),
> +		from_kuid(&init_user_ns, tcred->uid),
> +		from_kgid(&init_user_ns, tcred->egid),
> +		from_kgid(&init_user_ns, tcred->sgid)));
> +
> +	ret = ((!uid_eq(uid, tcred->euid))
> +	       || (!uid_eq(uid, tcred->suid))
> +	       || (!uid_eq(uid, tcred->uid))
> +	       || (!gid_eq(gid, tcred->egid))
> +	       || (!gid_eq(gid, tcred->sgid))
> +	       || (!gid_eq(gid, tcred->gid))) && !capable(CAP_SYS_PTRACE);
>  
>  	rcu_read_unlock();
>  	return ret;
> diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
> index a199be1..37dd795 100644
> --- a/arch/ia64/kernel/signal.c
> +++ b/arch/ia64/kernel/signal.c
> @@ -220,7 +220,7 @@ ia64_rt_sigreturn (struct sigscratch *scr)
>  	si.si_errno = 0;
>  	si.si_code = SI_KERNEL;
>  	si.si_pid = task_pid_vnr(current);
> -	si.si_uid = current_uid();
> +	si.si_uid = from_kuid_munged(current_user_ns(), current_uid());
>  	si.si_addr = sc;
>  	force_sig_info(SIGSEGV, &si, current);
>  	return retval;
> @@ -317,7 +317,7 @@ force_sigsegv_info (int sig, void __user *addr)
>  	si.si_errno = 0;
>  	si.si_code = SI_KERNEL;
>  	si.si_pid = task_pid_vnr(current);
> -	si.si_uid = current_uid();
> +	si.si_uid = from_kuid_munged(current_user_ns(), current_uid());
>  	si.si_addr = addr;
>  	force_sig_info(SIGSEGV, &si, current);
>  	return 0;
> -- 
> 1.7.5.4
> 
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers

Re: [PATCH 12/14] userns: On ppc convert current_uid from a kuid before printing.

[Serge Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Cc: Paul Mackerras <paulus@samba.org>

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
>  arch/powerpc/mm/fault.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> index 08ffcf5..e5f028b 100644
> --- a/arch/powerpc/mm/fault.c
> +++ b/arch/powerpc/mm/fault.c
> @@ -470,7 +470,7 @@ bad_area_nosemaphore:
>  	if (is_exec && (error_code & DSISR_PROTFAULT))
>  		printk_ratelimited(KERN_CRIT "kernel tried to execute NX-protected"
>  				   " page (%lx) - exploit attempt? (uid: %d)\n",
> -				   address, current_uid());
> +				   address, from_kuid(&init_user_ns, current_uid()));
>  
>  	return SIGSEGV;
>  
> -- 
> 1.7.5.4
> 
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers

Re: [PATCH 11/14] userns: Convert s390 getting uid and gid system calls to use kuid and kgid

[Serge Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> 
> Convert getresuid, getresgid, getuid, geteuid, getgid, getegid
> 
> Convert struct cred kuids and kgids into userspace uids and gids when
> returning them.
> 
> These s390 system calls slipped through the cracks in my first
> round of converstions :(
> 
> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
> Cc: Heiko Carstens <heiko.carstens@de.ibm.com>

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
>  arch/s390/kernel/compat_linux.c |   36 ++++++++++++++++++++++++------------
>  1 files changed, 24 insertions(+), 12 deletions(-)
> 
> diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
> index d122508..73995a7 100644
> --- a/arch/s390/kernel/compat_linux.c
> +++ b/arch/s390/kernel/compat_linux.c
> @@ -131,13 +131,19 @@ asmlinkage long sys32_setresuid16(u16 ruid, u16 euid, u16 suid)
>  		low2highuid(suid));
>  }
>  
> -asmlinkage long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user *suid)
> +asmlinkage long sys32_getresuid16(u16 __user *ruidp, u16 __user *euidp, u16 __user *suidp)
>  {
> +	const struct cred *cred = current_cred();
>  	int retval;
> +	u16 ruid, euid, suid;
>  
> -	if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) &&
> -	    !(retval = put_user(high2lowuid(current->cred->euid), euid)))
> -		retval = put_user(high2lowuid(current->cred->suid), suid);
> +	ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid));
> +	euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid));
> +	suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid));
> +
> +	if (!(retval   = put_user(ruid, ruidp)) &&
> +	    !(retval   = put_user(euid, euidp)))
> +		retval = put_user(suid, suidp);
>  
>  	return retval;
>  }
> @@ -148,13 +154,19 @@ asmlinkage long sys32_setresgid16(u16 rgid, u16 egid, u16 sgid)
>  		low2highgid(sgid));
>  }
>  
> -asmlinkage long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user *sgid)
> +asmlinkage long sys32_getresgid16(u16 __user *rgidp, u16 __user *egidp, u16 __user *sgidp)
>  {
> +	const struct cred *cred = current_cred();
>  	int retval;
> +	u16 rgid, egid, sgid;
> +
> +	rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid));
> +	egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid));
> +	sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid));
>  
> -	if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) &&
> -	    !(retval = put_user(high2lowgid(current->cred->egid), egid)))
> -		retval = put_user(high2lowgid(current->cred->sgid), sgid);
> +	if (!(retval   = put_user(rgid, rgidp)) &&
> +	    !(retval   = put_user(egid, egidp)))
> +		retval = put_user(sgid, sgidp);
>  
>  	return retval;
>  }
> @@ -258,22 +270,22 @@ asmlinkage long sys32_setgroups16(int gidsetsize, u16 __user *grouplist)
>  
>  asmlinkage long sys32_getuid16(void)
>  {
> -	return high2lowuid(current->cred->uid);
> +	return high2lowuid(from_kuid_munged(current_user_ns(), current_uid()));
>  }
>  
>  asmlinkage long sys32_geteuid16(void)
>  {
> -	return high2lowuid(current->cred->euid);
> +	return high2lowuid(from_kuid_munged(current_user_ns(), current_euid()));
>  }
>  
>  asmlinkage long sys32_getgid16(void)
>  {
> -	return high2lowgid(current->cred->gid);
> +	return high2lowgid(from_kgid_munged(current_user_ns(), current_gid()));
>  }
>  
>  asmlinkage long sys32_getegid16(void)
>  {
> -	return high2lowgid(current->cred->egid);
> +	return high2lowgid(from_kgid_munged(current_user_ns(), current_egid()));
>  }
>  
>  /*
> -- 
> 1.7.5.4
> 
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers