From: Christian Brauner <christian.brauner@ubuntu.com>
To: Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>
Cc: Vivek Goyal <vgoyal@redhat.com>,
"Darrick J . Wong" <djwong@kernel.org>,
linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH v2 3/4] fs: introduce fsuidgid_has_mapping() helper
Date: Sat, 20 Mar 2021 13:26:23 +0100 [thread overview]
Message-ID: <20210320122623.599086-4-christian.brauner@ubuntu.com> (raw)
In-Reply-To: <20210320122623.599086-1-christian.brauner@ubuntu.com>
Don't open-code the checks and instead move them into a clean little
helper we can call. This also reduces the risk that if we ever change
something we forget to change all locations.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Inspired-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
/* v2 */
- Christoph Hellwig <hch@lst.de>:
- Add kernel docs to helpers.
---
fs/namei.c | 11 +++--------
include/linux/fs.h | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 6b5424d34962..bc03cbc37ba7 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2823,16 +2823,14 @@ static int may_delete(struct user_namespace *mnt_userns, struct inode *dir,
static inline int may_create(struct user_namespace *mnt_userns,
struct inode *dir, struct dentry *child)
{
- struct user_namespace *s_user_ns;
audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
if (child->d_inode)
return -EEXIST;
if (IS_DEADDIR(dir))
return -ENOENT;
- s_user_ns = dir->i_sb->s_user_ns;
- if (!kuid_has_mapping(s_user_ns, mapped_fsuid(mnt_userns)) ||
- !kgid_has_mapping(s_user_ns, mapped_fsgid(mnt_userns)))
+ if (!fsuidgid_has_mapping(dir->i_sb, mnt_userns))
return -EOVERFLOW;
+
return inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC);
}
@@ -3034,14 +3032,11 @@ static int may_o_create(struct user_namespace *mnt_userns,
const struct path *dir, struct dentry *dentry,
umode_t mode)
{
- struct user_namespace *s_user_ns;
int error = security_path_mknod(dir, dentry, mode, 0);
if (error)
return error;
- s_user_ns = dir->dentry->d_sb->s_user_ns;
- if (!kuid_has_mapping(s_user_ns, mapped_fsuid(mnt_userns)) ||
- !kgid_has_mapping(s_user_ns, mapped_fsgid(mnt_userns)))
+ if (!fsuidgid_has_mapping(dir->dentry->d_sb, mnt_userns))
return -EOVERFLOW;
error = inode_permission(mnt_userns, dir->dentry->d_inode,
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c8603969d21f..0e2ce21b2552 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1692,6 +1692,26 @@ static inline kgid_t mapped_fsgid(struct user_namespace *mnt_userns)
return kgid_from_mnt(mnt_userns, current_fsgid());
}
+/**
+ * fsuidgid_has_mapping() - check whether caller's fsuid/fsgid is mapped
+ * @sb: the superblock we want a mapping in
+ * @mnt_userns: user namespace of the relevant mount
+ *
+ * Check whether the caller's fsuid and fsgid have a valid mapping in the
+ * s_user_ns of the superblock @sb. If the caller is on an idmapped mount map
+ * the caller's fsuid and fsgid according to the @mnt_userns first.
+ *
+ * Returns true if fsuid and fsgid is mapped, false if not.
+ */
+static inline bool fsuidgid_has_mapping(struct super_block *sb,
+ struct user_namespace *mnt_userns)
+{
+ struct user_namespace *s_user_ns = sb->s_user_ns;
+
+ return kuid_has_mapping(s_user_ns, mapped_fsuid(mnt_userns)) &&
+ kgid_has_mapping(s_user_ns, mapped_fsgid(mnt_userns));
+}
+
extern struct timespec64 current_time(struct inode *inode);
/*
--
2.27.0
next prev parent reply other threads:[~2021-03-20 12:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-20 12:26 [PATCH v2 0/4] tweak fs mapping helpers Christian Brauner
2021-03-20 12:26 ` [PATCH v2 1/4] fs: document " Christian Brauner
2021-03-22 7:03 ` Christoph Hellwig
2021-03-22 7:35 ` Matthew Wilcox
2021-03-22 8:50 ` Christian Brauner
2021-03-20 12:26 ` [PATCH v2 2/4] fs: document and rename fsid helpers Christian Brauner
2021-03-22 7:04 ` Christoph Hellwig
2021-03-20 12:26 ` Christian Brauner [this message]
2021-03-22 7:04 ` [PATCH v2 3/4] fs: introduce fsuidgid_has_mapping() helper Christoph Hellwig
2021-03-20 12:26 ` [PATCH v2 4/4] fs: introduce two inode i_{u,g}id initialization helpers Christian Brauner
2021-03-22 7:05 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210320122623.599086-4-christian.brauner@ubuntu.com \
--to=christian.brauner@ubuntu.com \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=vgoyal@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.