static int id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid) { int rc = 0; struct key *sidkey; const struct cred *saved_cred; struct cifs_sid *lsid; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cidlock = &sidgidlock; cidtree = &gidtree; } else return -EINVAL; spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (!psidid) { /* node does not exist, allocate one & attempt adding */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (psidid) { /* node happened to get inserted meanwhile */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; sid_rb_insert(cidtree, cid, &psidid, sidtype == SIDOWNER ? "oi:" : "gi:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* * If we are here, it is safe to access psidid and its fields * since a reference was taken earlier while holding the spinlock. * A reference on the node is put without holding the spinlock * and it is OK to do so in this case, shrinker will not erase * this node until all references are put and we do not access * any fields of the node after a reference is put . */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); psidid->time = jiffies; /* update ts for accessing */ goto id_sid_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) { rc = -EINVAL; goto id_sid_out; } if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; cFYI(1, "%s: Can't map and id to a SID", __func__); } else { lsid = (struct cifs_sid *)sidkey->payload.data; memcpy(&psidid->sid, lsid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); memcpy(ssid, &psidid->sid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); set_bit(SID_ID_MAPPED, &psidid->state); key_put(sidkey); kfree(psidid->sidstr); } psidid->time = jiffies; /* update ts for accessing */ revert_creds(saved_cred); clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); else rc = -EINVAL; } id_sid_out: --psidid->refcount; return rc; }
/* * access() needs to use the real uid/gid, not the effective uid/gid. * We do this by temporarily clearing all FS-related capabilities and * switching the fsuid/fsgid around to the real ones. */ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) { const struct cred *old_cred; struct cred *override_cred; struct path path; struct inode *inode; int res; if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; override_cred = prepare_creds(); if (!override_cred) return -ENOMEM; override_cred->fsuid = override_cred->uid; override_cred->fsgid = override_cred->gid; if (!issecure(SECURE_NO_SETUID_FIXUP)) { /* Clear the capabilities if we switch to a non-root user */ if (override_cred->uid) cap_clear(override_cred->cap_effective); else override_cred->cap_effective = override_cred->cap_permitted; } old_cred = override_creds(override_cred); res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); if (res) goto out; inode = path.dentry->d_inode; if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { /* * MAY_EXEC on regular files is denied if the fs is mounted * with the "noexec" flag. */ res = -EACCES; if (path.mnt->mnt_flags & MNT_NOEXEC) goto out_path_release; } res = inode_permission(inode, mode | MAY_ACCESS); /* SuS v2 requires we report a read only fs too */ if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) goto out_path_release; /* * This is a rare case where using __mnt_is_readonly() * is OK without a mnt_want/drop_write() pair. Since * no actual write to the fs is performed here, we do * not need to telegraph to that to anyone. * * By doing this, we accept that this access is * inherently racy and know that the fs may change * state before we even see this result. */ if (__mnt_is_readonly(path.mnt)) res = -EROFS; out_path_release: path_put(&path); out: revert_creds(old_cred); put_cred(override_cred); return res; }
static int vboxPciLinuxDevReattachHostDriver(PVBOXRAWPCIINS pIns) { struct pci_dev *pPciDev = pIns->pPciDev; if (!pPciDev) return VINF_SUCCESS; if (pIns->szPrevDriver[0]) { char* szCmdBuf; char* szFileBuf; struct file* pFile; int iCmdLen; const int cMaxBuf = 128; const struct cred *pOldCreds; struct cred *pNewCreds; uint8_t uBus = (pIns->HostPciAddress) >> 8; uint8_t uDevFn = (pIns->HostPciAddress) & 0xff; vbpci_printk(KERN_DEBUG, pPciDev, "reattaching old host driver %s\n", pIns->szPrevDriver); /* * Now perform kernel analog of: * * echo -n 0000:03:00.0 > /sys/bus/pci/drivers/pci-stub/unbind * echo -n 0000:03:00.0 > /sys/bus/pci/drivers/nvidia/bind */ szCmdBuf = kmalloc(cMaxBuf, GFP_KERNEL); szFileBuf = kmalloc(cMaxBuf, GFP_KERNEL); if (!szCmdBuf || !szFileBuf) goto done; iCmdLen = RTStrPrintf(szCmdBuf, cMaxBuf, "0000:%02x:%02x.%d", uBus, uDevFn>>3, uDevFn&7); /* Somewhat ugly hack - override current credentials */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29) pNewCreds = prepare_creds(); if (!pNewCreds) goto done; # if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0) pNewCreds->fsuid = GLOBAL_ROOT_UID; # else pNewCreds->fsuid = 0; # endif pOldCreds = override_creds(pNewCreds); #endif RTStrPrintf(szFileBuf, cMaxBuf, "/sys/bus/pci/drivers/%s/unbind", PCI_STUB_MODULE); pFile = vboxPciFileOpen(szFileBuf, O_WRONLY); if (pFile) { /* Don't write trailing \0 */ vboxPciFileWrite(pFile, 0, szCmdBuf, iCmdLen); vboxPciFileClose(pFile); } else printk(KERN_DEBUG "vboxpci: cannot open %s\n", szFileBuf); RTStrPrintf(szFileBuf, cMaxBuf, "/sys/bus/pci/drivers/%s/bind", pIns->szPrevDriver); pFile = vboxPciFileOpen(szFileBuf, O_WRONLY); if (pFile) { /* Don't write trailing \0 */ vboxPciFileWrite(pFile, 0, szCmdBuf, iCmdLen); vboxPciFileClose(pFile); pIns->szPrevDriver[0] = '\0'; } else printk(KERN_DEBUG "vboxpci: cannot open %s\n", szFileBuf); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29) revert_creds(pOldCreds); put_cred(pNewCreds); #endif done: kfree(szCmdBuf); kfree(szFileBuf); }
static int sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, struct cifs_fattr *fattr, uint sidtype) { int rc; unsigned long cid; struct key *idkey; const struct cred *saved_cred; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cid = cifs_sb->mnt_uid; /* */ cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cid = cifs_sb->mnt_gid; /* */ cidlock = &sidgidlock; cidtree = &gidtree; } else return -ENOENT; spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (!psidid) { /* */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (psidid) { /* */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; id_rb_insert(cidtree, psid, &psidid, sidtype == SIDOWNER ? "os:" : "gs:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { cid = psidid->id; psidid->time = jiffies; /* */ goto sid_to_id_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) goto sid_to_id_out; if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); idkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(idkey)) cFYI(1, "%s: Can't map SID to an id", __func__); else { cid = *(unsigned long *)idkey->payload.value; psidid->id = cid; set_bit(SID_ID_MAPPED, &psidid->state); key_put(idkey); kfree(psidid->sidstr); } revert_creds(saved_cred); psidid->time = jiffies; /* */ clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; /* */ return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) cid = psidid->id; } sid_to_id_out: --psidid->refcount; /* */ if (sidtype == SIDOWNER) fattr->cf_uid = cid; else fattr->cf_gid = cid; return 0; }
static int id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid) { int rc = 0; struct key *sidkey; const struct cred *saved_cred; struct cifs_sid *lsid; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cidlock = &sidgidlock; cidtree = &gidtree; } else return -EINVAL; spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (!psidid) { /* */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (psidid) { /* */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; sid_rb_insert(cidtree, cid, &psidid, sidtype == SIDOWNER ? "oi:" : "gi:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); psidid->time = jiffies; /* */ goto id_sid_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) { rc = -EINVAL; goto id_sid_out; } if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; cFYI(1, "%s: Can't map and id to a SID", __func__); } else { lsid = (struct cifs_sid *)sidkey->payload.data; memcpy(&psidid->sid, lsid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); memcpy(ssid, &psidid->sid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); set_bit(SID_ID_MAPPED, &psidid->state); key_put(sidkey); kfree(psidid->sidstr); } psidid->time = jiffies; /* */ revert_creds(saved_cred); clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); else rc = -EINVAL; } id_sid_out: --psidid->refcount; return rc; }
static int sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, struct cifs_fattr *fattr, uint sidtype) { int rc; unsigned long cid; struct key *idkey; const struct cred *saved_cred; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cid = cifs_sb->mnt_uid; /* default uid, in case upcall fails */ cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cid = cifs_sb->mnt_gid; /* default gid, in case upcall fails */ cidlock = &sidgidlock; cidtree = &gidtree; } else return -ENOENT; spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (!psidid) { /* node does not exist, allocate one & attempt adding */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (psidid) { /* node happened to get inserted meanwhile */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; id_rb_insert(cidtree, psid, &psidid, sidtype == SIDOWNER ? "os:" : "gs:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* * If we are here, it is safe to access psidid and its fields * since a reference was taken earlier while holding the spinlock. * A reference on the node is put without holding the spinlock * and it is OK to do so in this case, shrinker will not erase * this node until all references are put and we do not access * any fields of the node after a reference is put . */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { cid = psidid->id; psidid->time = jiffies; /* update ts for accessing */ goto sid_to_id_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) goto sid_to_id_out; if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); idkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(idkey)) cFYI(1, "%s: Can't map SID to an id", __func__); else { cid = *(unsigned long *)idkey->payload.value; psidid->id = cid; set_bit(SID_ID_MAPPED, &psidid->state); key_put(idkey); kfree(psidid->sidstr); } revert_creds(saved_cred); psidid->time = jiffies; /* update ts for accessing */ clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; /* decremented without spinlock */ return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) cid = psidid->id; } sid_to_id_out: --psidid->refcount; /* decremented without spinlock */ if (sidtype == SIDOWNER) fattr->cf_uid = cid; else fattr->cf_gid = cid; return 0; }