[PATCH review 25/85] ocfs2: Compare kuids and kgids using uid_eq and gid_eq

Joel Becker jlbec at evilplan.org
Thu Feb 14 08:37:49 UTC 2013 

On Wed, Feb 13, 2013 at 09:51:14AM -0800, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm at xmission.com>
> 
> Cc: Mark Fasheh <mfasheh at suse.com>
> Cc: Joel Becker <jlbec at evilplan.org>
> Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
> ---
>  fs/ocfs2/file.c         |    8 ++++----
>  fs/ocfs2/refcounttree.c |    2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
> index 8ee9332..0a2924a 100644
> --- a/fs/ocfs2/file.c
> +++ b/fs/ocfs2/file.c
> @@ -1175,14 +1175,14 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
>  		}
>  	}
>  
> -	if ((attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
> -	    (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
> +	if ((attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
> +	    (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {

Will the code work if built just before this patch?  IOW, does the
original comparison (attr->ia_gid != inode->i_gid) work when the system
is in the init_user_namespace?  If not, then the previous patches are
not leaving a functional filesystem.

Joel

>  		/*
>  		 * Gather pointers to quota structures so that allocation /
>  		 * freeing of quota structures happens here and not inside
>  		 * dquot_transfer() where we have problems with lock ordering
>  		 */
> -		if (attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid
> +		if (attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)
>  		    && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
>  		    OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) {
>  			transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(attr->ia_uid));
> @@ -1191,7 +1191,7 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
>  				goto bail_unlock;
>  			}
>  		}
> -		if (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid
> +		if (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)
>  		    && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
>  		    OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) {
>  			transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(attr->ia_gid));
> diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
> index 30a0550..934a4ac 100644
> --- a/fs/ocfs2/refcounttree.c
> +++ b/fs/ocfs2/refcounttree.c
> @@ -4407,7 +4407,7 @@ static int ocfs2_vfs_reflink(struct dentry *old_dentry, struct inode *dir,
>  	 * rights to do so.
>  	 */
>  	if (preserve) {
> -		if ((current_fsuid() != inode->i_uid) && !capable(CAP_CHOWN))
> +		if (!uid_eq(current_fsuid(), inode->i_uid) && !capable(CAP_CHOWN))
>  			return -EPERM;
>  		if (!in_group_p(inode->i_gid) && !capable(CAP_CHOWN))
>  			return -EPERM;
> -- 
> 1.7.5.4
> 

-- 

"Where are my angels?
 Where's my golden one?
 And where is my hope
 Now that my heroes are gone?"

			http://www.jlbec.org/
			jlbec at evilplan.org

More information about the Containers mailing list