userns: Convert group_info values from gid_t to kgid_t.

As a first step to converting struct cred to be all kuid_t and kgid_t
values convert the group values stored in group_info to always be
kgid_t values.   Unless user namespaces are used this change should
have no effect.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman 2011-11-14 15:56:38 -08:00
parent 22d917d80e
commit ae2975bc34
12 changed files with 104 additions and 49 deletions

View file

@ -173,11 +173,14 @@ asmlinkage long sys32_setfsgid16(u16 gid)
static int groups16_to_user(u16 __user *grouplist, struct group_info *group_info) static int groups16_to_user(u16 __user *grouplist, struct group_info *group_info)
{ {
struct user_namespace *user_ns = current_user_ns();
int i; int i;
u16 group; u16 group;
kgid_t kgid;
for (i = 0; i < group_info->ngroups; i++) { for (i = 0; i < group_info->ngroups; i++) {
group = (u16)GROUP_AT(group_info, i); kgid = GROUP_AT(group_info, i);
group = (u16)from_kgid_munged(user_ns, kgid);
if (put_user(group, grouplist+i)) if (put_user(group, grouplist+i))
return -EFAULT; return -EFAULT;
} }
@ -187,13 +190,20 @@ static int groups16_to_user(u16 __user *grouplist, struct group_info *group_info
static int groups16_from_user(struct group_info *group_info, u16 __user *grouplist) static int groups16_from_user(struct group_info *group_info, u16 __user *grouplist)
{ {
struct user_namespace *user_ns = current_user_ns();
int i; int i;
u16 group; u16 group;
kgid_t kgid;
for (i = 0; i < group_info->ngroups; i++) { for (i = 0; i < group_info->ngroups; i++) {
if (get_user(group, grouplist+i)) if (get_user(group, grouplist+i))
return -EFAULT; return -EFAULT;
GROUP_AT(group_info, i) = (gid_t)group;
kgid = make_kgid(user_ns, (gid_t)group);
if (!gid_valid(kgid))
return -EINVAL;
GROUP_AT(group_info, i) = kgid;
} }
return 0; return 0;

View file

@ -1,6 +1,7 @@
/* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */ /* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/user_namespace.h>
#include "nfsd.h" #include "nfsd.h"
#include "auth.h" #include "auth.h"
@ -56,8 +57,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
goto oom; goto oom;
for (i = 0; i < rqgi->ngroups; i++) { for (i = 0; i < rqgi->ngroups; i++) {
if (!GROUP_AT(rqgi, i)) if (gid_eq(GLOBAL_ROOT_GID, GROUP_AT(rqgi, i)))
GROUP_AT(gi, i) = exp->ex_anon_gid; GROUP_AT(gi, i) = make_kgid(&init_user_ns, exp->ex_anon_gid);
else else
GROUP_AT(gi, i) = GROUP_AT(rqgi, i); GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
} }

View file

@ -81,6 +81,7 @@
#include <linux/pid_namespace.h> #include <linux/pid_namespace.h>
#include <linux/ptrace.h> #include <linux/ptrace.h>
#include <linux/tracehook.h> #include <linux/tracehook.h>
#include <linux/user_namespace.h>
#include <asm/pgtable.h> #include <asm/pgtable.h>
#include <asm/processor.h> #include <asm/processor.h>
@ -161,6 +162,7 @@ static inline const char *get_task_state(struct task_struct *tsk)
static inline void task_state(struct seq_file *m, struct pid_namespace *ns, static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *p) struct pid *pid, struct task_struct *p)
{ {
struct user_namespace *user_ns = current_user_ns();
struct group_info *group_info; struct group_info *group_info;
int g; int g;
struct fdtable *fdt = NULL; struct fdtable *fdt = NULL;
@ -205,7 +207,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
task_unlock(p); task_unlock(p);
for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++)
seq_printf(m, "%d ", GROUP_AT(group_info, g)); seq_printf(m, "%d ",
from_kgid_munged(user_ns, GROUP_AT(group_info, g)));
put_cred(cred); put_cred(cred);
seq_putc(m, '\n'); seq_putc(m, '\n');

View file

@ -17,6 +17,7 @@
#include <linux/key.h> #include <linux/key.h>
#include <linux/selinux.h> #include <linux/selinux.h>
#include <linux/atomic.h> #include <linux/atomic.h>
#include <linux/uidgid.h>
struct user_struct; struct user_struct;
struct cred; struct cred;
@ -26,14 +27,14 @@ struct inode;
* COW Supplementary groups list * COW Supplementary groups list
*/ */
#define NGROUPS_SMALL 32 #define NGROUPS_SMALL 32
#define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(kgid_t)))
struct group_info { struct group_info {
atomic_t usage; atomic_t usage;
int ngroups; int ngroups;
int nblocks; int nblocks;
gid_t small_block[NGROUPS_SMALL]; kgid_t small_block[NGROUPS_SMALL];
gid_t *blocks[0]; kgid_t *blocks[0];
}; };
/** /**
@ -66,7 +67,7 @@ extern struct group_info init_groups;
extern void groups_free(struct group_info *); extern void groups_free(struct group_info *);
extern int set_current_groups(struct group_info *); extern int set_current_groups(struct group_info *);
extern int set_groups(struct cred *, struct group_info *); extern int set_groups(struct cred *, struct group_info *);
extern int groups_search(const struct group_info *, gid_t); extern int groups_search(const struct group_info *, kgid_t);
/* access the groups "array" with this macro */ /* access the groups "array" with this macro */
#define GROUP_AT(gi, i) \ #define GROUP_AT(gi, i) \

View file

@ -31,7 +31,7 @@ struct group_info *groups_alloc(int gidsetsize)
group_info->blocks[0] = group_info->small_block; group_info->blocks[0] = group_info->small_block;
else { else {
for (i = 0; i < nblocks; i++) { for (i = 0; i < nblocks; i++) {
gid_t *b; kgid_t *b;
b = (void *)__get_free_page(GFP_USER); b = (void *)__get_free_page(GFP_USER);
if (!b) if (!b)
goto out_undo_partial_alloc; goto out_undo_partial_alloc;
@ -66,18 +66,15 @@ EXPORT_SYMBOL(groups_free);
static int groups_to_user(gid_t __user *grouplist, static int groups_to_user(gid_t __user *grouplist,
const struct group_info *group_info) const struct group_info *group_info)
{ {
struct user_namespace *user_ns = current_user_ns();
int i; int i;
unsigned int count = group_info->ngroups; unsigned int count = group_info->ngroups;
for (i = 0; i < group_info->nblocks; i++) { for (i = 0; i < count; i++) {
unsigned int cp_count = min(NGROUPS_PER_BLOCK, count); gid_t gid;
unsigned int len = cp_count * sizeof(*grouplist); gid = from_kgid_munged(user_ns, GROUP_AT(group_info, i));
if (put_user(gid, grouplist+i))
if (copy_to_user(grouplist, group_info->blocks[i], len))
return -EFAULT; return -EFAULT;
grouplist += NGROUPS_PER_BLOCK;
count -= cp_count;
} }
return 0; return 0;
} }
@ -86,18 +83,21 @@ static int groups_to_user(gid_t __user *grouplist,
static int groups_from_user(struct group_info *group_info, static int groups_from_user(struct group_info *group_info,
gid_t __user *grouplist) gid_t __user *grouplist)
{ {
struct user_namespace *user_ns = current_user_ns();
int i; int i;
unsigned int count = group_info->ngroups; unsigned int count = group_info->ngroups;
for (i = 0; i < group_info->nblocks; i++) { for (i = 0; i < count; i++) {
unsigned int cp_count = min(NGROUPS_PER_BLOCK, count); gid_t gid;
unsigned int len = cp_count * sizeof(*grouplist); kgid_t kgid;
if (get_user(gid, grouplist+i))
if (copy_from_user(group_info->blocks[i], grouplist, len))
return -EFAULT; return -EFAULT;
grouplist += NGROUPS_PER_BLOCK; kgid = make_kgid(user_ns, gid);
count -= cp_count; if (!gid_valid(kgid))
return -EINVAL;
GROUP_AT(group_info, i) = kgid;
} }
return 0; return 0;
} }
@ -117,9 +117,9 @@ static void groups_sort(struct group_info *group_info)
for (base = 0; base < max; base++) { for (base = 0; base < max; base++) {
int left = base; int left = base;
int right = left + stride; int right = left + stride;
gid_t tmp = GROUP_AT(group_info, right); kgid_t tmp = GROUP_AT(group_info, right);
while (left >= 0 && GROUP_AT(group_info, left) > tmp) { while (left >= 0 && gid_gt(GROUP_AT(group_info, left), tmp)) {
GROUP_AT(group_info, right) = GROUP_AT(group_info, right) =
GROUP_AT(group_info, left); GROUP_AT(group_info, left);
right = left; right = left;
@ -132,7 +132,7 @@ static void groups_sort(struct group_info *group_info)
} }
/* a simple bsearch */ /* a simple bsearch */
int groups_search(const struct group_info *group_info, gid_t grp) int groups_search(const struct group_info *group_info, kgid_t grp)
{ {
unsigned int left, right; unsigned int left, right;
@ -143,9 +143,9 @@ int groups_search(const struct group_info *group_info, gid_t grp)
right = group_info->ngroups; right = group_info->ngroups;
while (left < right) { while (left < right) {
unsigned int mid = (left+right)/2; unsigned int mid = (left+right)/2;
if (grp > GROUP_AT(group_info, mid)) if (gid_gt(grp, GROUP_AT(group_info, mid)))
left = mid + 1; left = mid + 1;
else if (grp < GROUP_AT(group_info, mid)) else if (gid_lt(grp, GROUP_AT(group_info, mid)))
right = mid; right = mid;
else else
return 1; return 1;
@ -262,7 +262,8 @@ int in_group_p(gid_t grp)
int retval = 1; int retval = 1;
if (grp != cred->fsgid) if (grp != cred->fsgid)
retval = groups_search(cred->group_info, grp); retval = groups_search(cred->group_info,
make_kgid(cred->user_ns, grp));
return retval; return retval;
} }
@ -274,7 +275,8 @@ int in_egroup_p(gid_t grp)
int retval = 1; int retval = 1;
if (grp != cred->egid) if (grp != cred->egid)
retval = groups_search(cred->group_info, grp); retval = groups_search(cred->group_info,
make_kgid(cred->user_ns, grp));
return retval; return retval;
} }

View file

@ -134,11 +134,14 @@ SYSCALL_DEFINE1(setfsgid16, old_gid_t, gid)
static int groups16_to_user(old_gid_t __user *grouplist, static int groups16_to_user(old_gid_t __user *grouplist,
struct group_info *group_info) struct group_info *group_info)
{ {
struct user_namespace *user_ns = current_user_ns();
int i; int i;
old_gid_t group; old_gid_t group;
kgid_t kgid;
for (i = 0; i < group_info->ngroups; i++) { for (i = 0; i < group_info->ngroups; i++) {
group = high2lowgid(GROUP_AT(group_info, i)); kgid = GROUP_AT(group_info, i);
group = high2lowgid(from_kgid_munged(user_ns, kgid));
if (put_user(group, grouplist+i)) if (put_user(group, grouplist+i))
return -EFAULT; return -EFAULT;
} }
@ -149,13 +152,20 @@ static int groups16_to_user(old_gid_t __user *grouplist,
static int groups16_from_user(struct group_info *group_info, static int groups16_from_user(struct group_info *group_info,
old_gid_t __user *grouplist) old_gid_t __user *grouplist)
{ {
struct user_namespace *user_ns = current_user_ns();
int i; int i;
old_gid_t group; old_gid_t group;
kgid_t kgid;
for (i = 0; i < group_info->ngroups; i++) { for (i = 0; i < group_info->ngroups; i++) {
if (get_user(group, grouplist+i)) if (get_user(group, grouplist+i))
return -EFAULT; return -EFAULT;
GROUP_AT(group_info, i) = low2highgid(group);
kgid = make_kgid(user_ns, low2highgid(group));
if (!gid_valid(kgid))
return -EINVAL;
GROUP_AT(group_info, i) = kgid;
} }
return 0; return 0;

View file

@ -205,17 +205,22 @@ static int ping_init_sock(struct sock *sk)
gid_t range[2]; gid_t range[2];
struct group_info *group_info = get_current_groups(); struct group_info *group_info = get_current_groups();
int i, j, count = group_info->ngroups; int i, j, count = group_info->ngroups;
kgid_t low, high;
inet_get_ping_group_range_net(net, range, range+1); inet_get_ping_group_range_net(net, range, range+1);
low = make_kgid(&init_user_ns, range[0]);
high = make_kgid(&init_user_ns, range[1]);
if (!gid_valid(low) || !gid_valid(high) || gid_lt(high, low))
return -EACCES;
if (range[0] <= group && group <= range[1]) if (range[0] <= group && group <= range[1])
return 0; return 0;
for (i = 0; i < group_info->nblocks; i++) { for (i = 0; i < group_info->nblocks; i++) {
int cp_count = min_t(int, NGROUPS_PER_BLOCK, count); int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
for (j = 0; j < cp_count; j++) { for (j = 0; j < cp_count; j++) {
group = group_info->blocks[i][j]; kgid_t gid = group_info->blocks[i][j];
if (range[0] <= group && group <= range[1]) if (gid_lte(low, gid) && gid_lte(gid, high))
return 0; return 0;
} }

View file

@ -160,8 +160,8 @@ generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags)
if (gcred->acred.group_info->ngroups != acred->group_info->ngroups) if (gcred->acred.group_info->ngroups != acred->group_info->ngroups)
goto out_nomatch; goto out_nomatch;
for (i = 0; i < gcred->acred.group_info->ngroups; i++) { for (i = 0; i < gcred->acred.group_info->ngroups; i++) {
if (GROUP_AT(gcred->acred.group_info, i) != if (!gid_eq(GROUP_AT(gcred->acred.group_info, i),
GROUP_AT(acred->group_info, i)) GROUP_AT(acred->group_info, i)))
goto out_nomatch; goto out_nomatch;
} }
out_match: out_match:

View file

@ -41,6 +41,7 @@
#include <linux/types.h> #include <linux/types.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/pagemap.h> #include <linux/pagemap.h>
#include <linux/user_namespace.h>
#include <linux/sunrpc/auth_gss.h> #include <linux/sunrpc/auth_gss.h>
#include <linux/sunrpc/gss_err.h> #include <linux/sunrpc/gss_err.h>
@ -470,9 +471,13 @@ static int rsc_parse(struct cache_detail *cd,
status = -EINVAL; status = -EINVAL;
for (i=0; i<N; i++) { for (i=0; i<N; i++) {
gid_t gid; gid_t gid;
kgid_t kgid;
if (get_int(&mesg, &gid)) if (get_int(&mesg, &gid))
goto out; goto out;
GROUP_AT(rsci.cred.cr_group_info, i) = gid; kgid = make_kgid(&init_user_ns, gid);
if (!gid_valid(kgid))
goto out;
GROUP_AT(rsci.cred.cr_group_info, i) = kgid;
} }
/* mech name */ /* mech name */

View file

@ -12,6 +12,7 @@
#include <linux/module.h> #include <linux/module.h>
#include <linux/sunrpc/clnt.h> #include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/auth.h> #include <linux/sunrpc/auth.h>
#include <linux/user_namespace.h>
#define NFS_NGROUPS 16 #define NFS_NGROUPS 16
@ -78,8 +79,11 @@ unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
groups = NFS_NGROUPS; groups = NFS_NGROUPS;
cred->uc_gid = acred->gid; cred->uc_gid = acred->gid;
for (i = 0; i < groups; i++) for (i = 0; i < groups; i++) {
cred->uc_gids[i] = GROUP_AT(acred->group_info, i); gid_t gid;
gid = from_kgid(&init_user_ns, GROUP_AT(acred->group_info, i));
cred->uc_gids[i] = gid;
}
if (i < NFS_NGROUPS) if (i < NFS_NGROUPS)
cred->uc_gids[i] = NOGROUP; cred->uc_gids[i] = NOGROUP;
@ -126,9 +130,12 @@ unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags)
groups = acred->group_info->ngroups; groups = acred->group_info->ngroups;
if (groups > NFS_NGROUPS) if (groups > NFS_NGROUPS)
groups = NFS_NGROUPS; groups = NFS_NGROUPS;
for (i = 0; i < groups ; i++) for (i = 0; i < groups ; i++) {
if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) gid_t gid;
gid = from_kgid(&init_user_ns, GROUP_AT(acred->group_info, i));
if (cred->uc_gids[i] != gid)
return 0; return 0;
}
if (groups < NFS_NGROUPS && if (groups < NFS_NGROUPS &&
cred->uc_gids[groups] != NOGROUP) cred->uc_gids[groups] != NOGROUP)
return 0; return 0;

View file

@ -14,6 +14,7 @@
#include <net/sock.h> #include <net/sock.h>
#include <net/ipv6.h> #include <net/ipv6.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/user_namespace.h>
#define RPCDBG_FACILITY RPCDBG_AUTH #define RPCDBG_FACILITY RPCDBG_AUTH
#include <linux/sunrpc/clnt.h> #include <linux/sunrpc/clnt.h>
@ -530,11 +531,15 @@ static int unix_gid_parse(struct cache_detail *cd,
for (i = 0 ; i < gids ; i++) { for (i = 0 ; i < gids ; i++) {
int gid; int gid;
kgid_t kgid;
rv = get_int(&mesg, &gid); rv = get_int(&mesg, &gid);
err = -EINVAL; err = -EINVAL;
if (rv) if (rv)
goto out; goto out;
GROUP_AT(ug.gi, i) = gid; kgid = make_kgid(&init_user_ns, gid);
if (!gid_valid(kgid))
goto out;
GROUP_AT(ug.gi, i) = kgid;
} }
ugp = unix_gid_lookup(cd, uid); ugp = unix_gid_lookup(cd, uid);
@ -563,6 +568,7 @@ static int unix_gid_show(struct seq_file *m,
struct cache_detail *cd, struct cache_detail *cd,
struct cache_head *h) struct cache_head *h)
{ {
struct user_namespace *user_ns = current_user_ns();
struct unix_gid *ug; struct unix_gid *ug;
int i; int i;
int glen; int glen;
@ -580,7 +586,7 @@ static int unix_gid_show(struct seq_file *m,
seq_printf(m, "%u %d:", ug->uid, glen); seq_printf(m, "%u %d:", ug->uid, glen);
for (i = 0; i < glen; i++) for (i = 0; i < glen; i++)
seq_printf(m, " %d", GROUP_AT(ug->gi, i)); seq_printf(m, " %d", from_kgid_munged(user_ns, GROUP_AT(ug->gi, i)));
seq_printf(m, "\n"); seq_printf(m, "\n");
return 0; return 0;
} }
@ -831,8 +837,12 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
cred->cr_group_info = groups_alloc(slen); cred->cr_group_info = groups_alloc(slen);
if (cred->cr_group_info == NULL) if (cred->cr_group_info == NULL)
return SVC_CLOSE; return SVC_CLOSE;
for (i = 0; i < slen; i++) for (i = 0; i < slen; i++) {
GROUP_AT(cred->cr_group_info, i) = svc_getnl(argv); kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
if (!gid_valid(kgid))
goto badcred;
GROUP_AT(cred->cr_group_info, i) = kgid;
}
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
*authp = rpc_autherr_badverf; *authp = rpc_autherr_badverf;
return SVC_DENIED; return SVC_DENIED;

View file

@ -53,7 +53,8 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
goto use_these_perms; goto use_these_perms;
} }
ret = groups_search(cred->group_info, key->gid); ret = groups_search(cred->group_info,
make_kgid(current_user_ns(), key->gid));
if (ret) { if (ret) {
kperm = key->perm >> 8; kperm = key->perm >> 8;
goto use_these_perms; goto use_these_perms;