SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) { const struct cred *old_cred; struct cred *override_cred; struct path path; struct inode *inode; int res; unsigned int lookup_flags = LOOKUP_FOLLOW; if (mode & ~S_IRWXO) return -EINVAL; override_cred = prepare_creds(); if (!override_cred) return -ENOMEM; override_cred->fsuid = override_cred->uid; override_cred->fsgid = override_cred->gid; if (!issecure(SECURE_NO_SETUID_FIXUP)) { kuid_t root_uid = make_kuid(override_cred->user_ns, 0); if (!uid_eq(override_cred->uid, root_uid)) cap_clear(override_cred->cap_effective); else override_cred->cap_effective = override_cred->cap_permitted; } old_cred = override_creds(override_cred); retry: res = user_path_at(dfd, filename, lookup_flags, &path); if (res) goto out; inode = path.dentry->d_inode; if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { res = -EACCES; if (path.mnt->mnt_flags & MNT_NOEXEC) goto out_path_release; } res = inode_permission(inode, mode | MAY_ACCESS); if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) goto out_path_release; if (__mnt_is_readonly(path.mnt)) res = -EROFS; out_path_release: path_put(&path); if (retry_estale(res, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } out: revert_creds(old_cred); put_cred(override_cred); return res; }
int vboxPciOsDevReattachHostDriver(PVBOXRAWPCIINS pIns) { struct pci_dev *pPciDev = pIns->pPciDev; if (!pPciDev) return VINF_SUCCESS; if (pIns->szPrevDriver[0]) { char* szCmdBuf; char* szFileBuf; struct file* pFile; int iCmdLen; const int cMaxBuf = 128; const struct cred *pOldCreds; struct cred *pNewCreds; uint8_t uBus = (pIns->HostPciAddress) >> 8; uint8_t uDevFn = (pIns->HostPciAddress) & 0xff; printk(KERN_DEBUG "vboxpci: reattaching old host driver %s\n", pIns->szPrevDriver); /* * Now perform kernel analog of: * * echo -n 0000:03:00.0 > /sys/bus/pci/drivers/pci-stub/unbind * echo -n 0000:03:00.0 > /sys/bus/pci/drivers/nvidia/bind */ szCmdBuf = kmalloc(cMaxBuf, GFP_KERNEL); szFileBuf = kmalloc(cMaxBuf, GFP_KERNEL); if (!szCmdBuf || !szFileBuf) goto done; iCmdLen = RTStrPrintf(szCmdBuf, cMaxBuf, "0000:%02x:%02x.%d", uBus, uDevFn>>3, uDevFn&7); /* Somewhat ugly hack - override current credentials */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29) pNewCreds = prepare_creds(); if (!pNewCreds) goto done; pNewCreds->fsuid = 0; pOldCreds = override_creds(pNewCreds); #endif RTStrPrintf(szFileBuf, cMaxBuf, "/sys/bus/pci/drivers/%s/unbind", PCI_STUB_MODULE); pFile = vboxPciFileOpen(szFileBuf, O_WRONLY); if (pFile) { /* Don't write trailing \0 */ vboxPciFileWrite(pFile, 0, szCmdBuf, iCmdLen); vboxPciFileClose(pFile); } else printk(KERN_DEBUG "vboxpci: cannot open %s\n", szFileBuf); RTStrPrintf(szFileBuf, cMaxBuf, "/sys/bus/pci/drivers/%s/bind", pIns->szPrevDriver); pFile = vboxPciFileOpen(szFileBuf, O_WRONLY); if (pFile) { /* Don't write trailing \0 */ vboxPciFileWrite(pFile, 0, szCmdBuf, iCmdLen); vboxPciFileClose(pFile); pIns->szPrevDriver[0] = '\0'; } else printk(KERN_DEBUG "vboxpci: cannot open %s\n", szFileBuf); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29) revert_creds(pOldCreds); put_cred(pNewCreds); #endif done: kfree(szCmdBuf); kfree(szFileBuf); }
static int ovl_do_lookup(struct dentry *dentry) { struct ovl_entry *oe; struct dentry *upperdir; struct dentry *lowerdir; struct dentry *upperdentry = NULL; struct dentry *lowerdentry = NULL; struct inode *inode = NULL; int err; err = -ENOMEM; oe = ovl_alloc_entry(); if (!oe) goto out; upperdir = ovl_dentry_upper(dentry->d_parent); lowerdir = ovl_dentry_lower(dentry->d_parent); if (upperdir) { upperdentry = ovl_lookup_real(upperdir, &dentry->d_name); err = PTR_ERR(upperdentry); if (IS_ERR(upperdentry)) goto out_put_dir; if (lowerdir && upperdentry && (S_ISLNK(upperdentry->d_inode->i_mode) || S_ISDIR(upperdentry->d_inode->i_mode))) { const struct cred *old_cred; struct cred *override_cred; err = -ENOMEM; override_cred = prepare_creds(); if (!override_cred) goto out_dput_upper; /* CAP_SYS_ADMIN needed for getxattr */ cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN); old_cred = override_creds(override_cred); if (ovl_is_opaquedir(upperdentry)) { oe->opaque = true; } else if (ovl_is_whiteout(upperdentry)) { dput(upperdentry); upperdentry = NULL; oe->opaque = true; } revert_creds(old_cred); put_cred(override_cred); } } if (lowerdir && !oe->opaque) { lowerdentry = ovl_lookup_real(lowerdir, &dentry->d_name); err = PTR_ERR(lowerdentry); if (IS_ERR(lowerdentry)) goto out_dput_upper; } if (lowerdentry && upperdentry && (!S_ISDIR(upperdentry->d_inode->i_mode) || !S_ISDIR(lowerdentry->d_inode->i_mode))) { dput(lowerdentry); lowerdentry = NULL; oe->opaque = true; } if (lowerdentry || upperdentry) { struct dentry *realdentry; realdentry = upperdentry ? upperdentry : lowerdentry; err = -ENOMEM; inode = ovl_new_inode(dentry->d_sb, realdentry->d_inode->i_mode, oe); if (!inode) goto out_dput; } if (upperdentry) oe->__upperdentry = dget(upperdentry); if (lowerdentry) oe->lowerdentry = lowerdentry; dentry->d_fsdata = oe; dentry->d_op = &ovl_dentry_operations; d_add(dentry, inode); return 0; out_dput: dput(lowerdentry); out_dput_upper: dput(upperdentry); out_put_dir: kfree(oe); out: return err; }
static int id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid) { int rc = 0; struct key *sidkey; const struct cred *saved_cred; struct cifs_sid *lsid; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cidlock = &sidgidlock; cidtree = &gidtree; } else return -EINVAL; spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (!psidid) { /* node does not exist, allocate one & attempt adding */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (psidid) { /* node happened to get inserted meanwhile */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; sid_rb_insert(cidtree, cid, &psidid, sidtype == SIDOWNER ? "oi:" : "gi:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* * If we are here, it is safe to access psidid and its fields * since a reference was taken earlier while holding the spinlock. * A reference on the node is put without holding the spinlock * and it is OK to do so in this case, shrinker will not erase * this node until all references are put and we do not access * any fields of the node after a reference is put . */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); psidid->time = jiffies; /* update ts for accessing */ goto id_sid_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) { rc = -EINVAL; goto id_sid_out; } if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; cFYI(1, "%s: Can't map and id to a SID", __func__); } else { lsid = (struct cifs_sid *)sidkey->payload.data; memcpy(&psidid->sid, lsid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); memcpy(ssid, &psidid->sid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); set_bit(SID_ID_MAPPED, &psidid->state); key_put(sidkey); kfree(psidid->sidstr); } psidid->time = jiffies; /* update ts for accessing */ revert_creds(saved_cred); clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); else rc = -EINVAL; } id_sid_out: --psidid->refcount; return rc; }
static int sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, struct cifs_fattr *fattr, uint sidtype) { int rc; unsigned long cid; struct key *idkey; const struct cred *saved_cred; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cid = cifs_sb->mnt_uid; /* default uid, in case upcall fails */ cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cid = cifs_sb->mnt_gid; /* default gid, in case upcall fails */ cidlock = &sidgidlock; cidtree = &gidtree; } else return -ENOENT; spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (!psidid) { /* node does not exist, allocate one & attempt adding */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (psidid) { /* node happened to get inserted meanwhile */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; id_rb_insert(cidtree, psid, &psidid, sidtype == SIDOWNER ? "os:" : "gs:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* * If we are here, it is safe to access psidid and its fields * since a reference was taken earlier while holding the spinlock. * A reference on the node is put without holding the spinlock * and it is OK to do so in this case, shrinker will not erase * this node until all references are put and we do not access * any fields of the node after a reference is put . */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { cid = psidid->id; psidid->time = jiffies; /* update ts for accessing */ goto sid_to_id_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) goto sid_to_id_out; if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); idkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(idkey)) cFYI(1, "%s: Can't map SID to an id", __func__); else { cid = *(unsigned long *)idkey->payload.value; psidid->id = cid; set_bit(SID_ID_MAPPED, &psidid->state); key_put(idkey); kfree(psidid->sidstr); } revert_creds(saved_cred); psidid->time = jiffies; /* update ts for accessing */ clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; /* decremented without spinlock */ return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) cid = psidid->id; } sid_to_id_out: --psidid->refcount; /* decremented without spinlock */ if (sidtype == SIDOWNER) fattr->cf_uid = cid; else fattr->cf_gid = cid; return 0; }
static int sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, struct cifs_fattr *fattr, uint sidtype) { int rc; unsigned long cid; struct key *idkey; const struct cred *saved_cred; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cid = cifs_sb->mnt_uid; /* */ cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cid = cifs_sb->mnt_gid; /* */ cidlock = &sidgidlock; cidtree = &gidtree; } else return -ENOENT; spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (!psidid) { /* */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = id_rb_search(cidtree, psid); if (psidid) { /* */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; id_rb_insert(cidtree, psid, &psidid, sidtype == SIDOWNER ? "os:" : "gs:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { cid = psidid->id; psidid->time = jiffies; /* */ goto sid_to_id_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) goto sid_to_id_out; if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); idkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(idkey)) cFYI(1, "%s: Can't map SID to an id", __func__); else { cid = *(unsigned long *)idkey->payload.value; psidid->id = cid; set_bit(SID_ID_MAPPED, &psidid->state); key_put(idkey); kfree(psidid->sidstr); } revert_creds(saved_cred); psidid->time = jiffies; /* */ clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; /* */ return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) cid = psidid->id; } sid_to_id_out: --psidid->refcount; /* */ if (sidtype == SIDOWNER) fattr->cf_uid = cid; else fattr->cf_gid = cid; return 0; }
/** * dns_query - Query the DNS * @type: Query type (or NULL for straight host->IP lookup) * @name: Name to look up * @namelen: Length of name * @options: Request options (or NULL if no options) * @_result: Where to place the returned data. * @_expiry: Where to store the result expiry time (or NULL) * * The data will be returned in the pointer at *result, and the caller is * responsible for freeing it. * * The description should be of the form "[<query_type>:]<domain_name>", and * the options need to be appropriate for the query type requested. If no * query_type is given, then the query is a straight hostname to IP address * lookup. * * The DNS resolution lookup is performed by upcalling to userspace by way of * requesting a key of type dns_resolver. * * Returns the size of the result on success, -ve error code otherwise. */ int dns_query(const char *type, const char *name, size_t namelen, const char *options, char **_result, time_t *_expiry) { struct key *rkey; struct user_key_payload *upayload; const struct cred *saved_cred; size_t typelen, desclen; char *desc, *cp; int ret, len; kenter("%s,%*.*s,%zu,%s", type, (int)namelen, (int)namelen, name, namelen, options); if (!name || namelen == 0 || !_result) return -EINVAL; /* construct the query key description as "[<type>:]<name>" */ typelen = 0; desclen = 0; if (type) { typelen = strlen(type); if (typelen < 1) return -EINVAL; desclen += typelen + 1; } if (!namelen) namelen = strnlen(name, 256); if (namelen < 3 || namelen > 255) return -EINVAL; desclen += namelen + 1; desc = kmalloc(desclen, GFP_KERNEL); if (!desc) return -ENOMEM; cp = desc; if (type) { memcpy(cp, type, typelen); cp += typelen; *cp++ = ':'; } memcpy(cp, name, namelen); cp += namelen; *cp = '\0'; if (!options) options = ""; kdebug("call request_key(,%s,%s)", desc, options); /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ saved_cred = override_creds(dns_resolver_cache); rkey = request_key(&key_type_dns_resolver, desc, options); revert_creds(saved_cred); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); goto out; } down_read(&rkey->sem); rkey->perm |= KEY_USR_VIEW; ret = key_validate(rkey); if (ret < 0) goto put; /* If the DNS server gave an error, return that to the caller */ ret = rkey->type_data.x[0]; if (ret) goto put; upayload = rcu_dereference_protected(rkey->payload.data, lockdep_is_held(&rkey->sem)); len = upayload->datalen; ret = -ENOMEM; *_result = kmalloc(len + 1, GFP_KERNEL); if (!*_result) goto put; memcpy(*_result, upayload->data, len); *_result[len] = '\0'; if (_expiry) *_expiry = rkey->expiry; ret = len; put: up_read(&rkey->sem); key_put(rkey); out: kleave(" = %d", ret); return ret; }
int devtmpfs_delete_node(struct device *dev) { const char *tmp = NULL; const char *nodename; const struct cred *curr_cred; struct nameidata nd; struct dentry *dentry; struct kstat stat; int deleted = 1; int err; if (!dev_mnt) return 0; nodename = device_get_devnode(dev, NULL, &tmp); if (!nodename) return -ENOMEM; curr_cred = override_creds(&init_cred); err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt, nodename, LOOKUP_PARENT, &nd); if (err) goto out; mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT); dentry = lookup_one_len(nd.last.name, nd.path.dentry, nd.last.len); if (!IS_ERR(dentry)) { if (dentry->d_inode) { err = vfs_getattr(nd.path.mnt, dentry, &stat); if (!err && dev_mynode(dev, dentry->d_inode, &stat)) { struct iattr newattrs; /* * before unlinking this node, reset permissions * of possible references like hardlinks */ newattrs.ia_uid = 0; newattrs.ia_gid = 0; newattrs.ia_mode = stat.mode & ~0777; newattrs.ia_valid = ATTR_UID|ATTR_GID|ATTR_MODE; mutex_lock(&dentry->d_inode->i_mutex); notify_change(dentry, &newattrs); mutex_unlock(&dentry->d_inode->i_mutex); err = vfs_unlink(nd.path.dentry->d_inode, dentry); if (!err || err == -ENOENT) deleted = 1; } } else { err = -ENOENT; } dput(dentry); } else { err = PTR_ERR(dentry); } mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); if (deleted && strchr(nodename, '/')) delete_path(nodename); out: kfree(tmp); revert_creds(curr_cred); return err; }
/* Resolves server name to ip address. * input: * unc - server UNC * output: * *ip_addr - pointer to server ip, caller responcible for freeing it. * return 0 on success */ int dns_resolve_server_name_to_ip(const char *unc, char **ip_addr) { const struct cred *saved_cred; int rc = -EAGAIN; struct key *rkey = ERR_PTR(-EAGAIN); char *name; char *data = NULL; int len; if (!ip_addr || !unc) return -EINVAL; /* search for server name delimiter */ len = strlen(unc); if (len < 3) { cFYI(1, "%s: unc is too short: %s", __func__, unc); return -EINVAL; } len -= 2; name = memchr(unc+2, '\\', len); if (!name) { cFYI(1, "%s: probably server name is whole unc: %s", __func__, unc); } else { len = (name - unc) - 2/* leading // */; } name = kmalloc(len+1, GFP_KERNEL); if (!name) { rc = -ENOMEM; return rc; } memcpy(name, unc+2, len); name[len] = 0; if (is_ip(name)) { cFYI(1, "%s: it is IP, skipping dns upcall: %s", __func__, name); data = name; goto skip_upcall; } saved_cred = override_creds(dns_resolver_cache); rkey = request_key(&key_type_dns_resolver, name, ""); revert_creds(saved_cred); if (!IS_ERR(rkey)) { if (!(rkey->perm & KEY_USR_VIEW)) { down_read(&rkey->sem); rkey->perm |= KEY_USR_VIEW; up_read(&rkey->sem); } len = rkey->type_data.x[0]; data = rkey->payload.data; } else { cERROR(1, "%s: unable to resolve: %s", __func__, name); goto out; } skip_upcall: if (data) { *ip_addr = kmalloc(len + 1, GFP_KERNEL); if (*ip_addr) { memcpy(*ip_addr, data, len + 1); if (!IS_ERR(rkey)) cFYI(1, "%s: resolved: %s to %s", __func__, name, *ip_addr ); rc = 0; } else { rc = -ENOMEM; } if (!IS_ERR(rkey)) key_put(rkey); } out: kfree(name); return rc; }
void ftfs_override_creds(const struct cred **saved) { *saved = override_creds(ftfs_cred); }
int devtmpfs_create_node(struct device *dev) { const char *tmp = NULL; const char *nodename; const struct cred *curr_cred; mode_t mode = 0; struct nameidata nd; struct dentry *dentry; int err; if (!dev_mnt) return 0; nodename = device_get_devnode(dev, &mode, &tmp); if (!nodename) return -ENOMEM; if (mode == 0) mode = 0600; if (is_blockdev(dev)) mode |= S_IFBLK; else mode |= S_IFCHR; curr_cred = override_creds(&init_cred); err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt, nodename, LOOKUP_PARENT, &nd); if (err == -ENOENT) { create_path(nodename); err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt, nodename, LOOKUP_PARENT, &nd); } if (err) goto out; dentry = lookup_create(&nd, 0); if (!IS_ERR(dentry)) { err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, dev->devt); if (!err) { struct iattr newattrs; /* fixup possibly umasked mode */ newattrs.ia_mode = mode; newattrs.ia_valid = ATTR_MODE; mutex_lock(&dentry->d_inode->i_mutex); notify_change(dentry, &newattrs); mutex_unlock(&dentry->d_inode->i_mutex); /* mark as kernel-created inode */ dentry->d_inode->i_private = &dev_mnt; } dput(dentry); } else { err = PTR_ERR(dentry); } mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); out: kfree(tmp); revert_creds(curr_cred); return err; }
static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, struct kstat *stat, const char *link, struct dentry *hardlink) { struct dentry *workdir = ovl_workdir(dentry); struct inode *wdir = workdir->d_inode; struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); struct inode *udir = upperdir->d_inode; struct dentry *upper; struct dentry *newdentry; int err; if (WARN_ON(!workdir)) return -EROFS; err = ovl_lock_rename_workdir(workdir, upperdir); if (err) goto out; newdentry = ovl_lookup_temp(workdir, dentry); err = PTR_ERR(newdentry); if (IS_ERR(newdentry)) goto out_unlock; upper = lookup_one_len(dentry->d_name.name, upperdir, dentry->d_name.len); err = PTR_ERR(upper); if (IS_ERR(upper)) goto out_dput; err = ovl_create_real(wdir, newdentry, stat, link, hardlink, true); if (err) goto out_dput2; /* * mode could have been mutilated due to umask (e.g. sgid directory) */ if (!hardlink && !S_ISLNK(stat->mode) && newdentry->d_inode->i_mode != stat->mode) { struct iattr attr = { .ia_valid = ATTR_MODE, .ia_mode = stat->mode, }; inode_lock(newdentry->d_inode); err = notify_change(newdentry, &attr, NULL); inode_unlock(newdentry->d_inode); if (err) goto out_cleanup; } if (!hardlink && S_ISDIR(stat->mode)) { err = ovl_set_opaque(newdentry); if (err) goto out_cleanup; err = ovl_do_rename(wdir, newdentry, udir, upper, RENAME_EXCHANGE); if (err) goto out_cleanup; ovl_cleanup(wdir, upper); } else { err = ovl_do_rename(wdir, newdentry, udir, upper, 0); if (err) goto out_cleanup; } ovl_instantiate(dentry, inode, newdentry, !!hardlink); newdentry = NULL; out_dput2: dput(upper); out_dput: dput(newdentry); out_unlock: unlock_rename(workdir, upperdir); out: return err; out_cleanup: ovl_cleanup(wdir, newdentry); goto out_dput2; } static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, struct kstat *stat, const char *link, struct dentry *hardlink) { int err; const struct cred *old_cred; struct cred *override_cred; err = ovl_copy_up(dentry->d_parent); if (err) return err; old_cred = ovl_override_creds(dentry->d_sb); err = -ENOMEM; override_cred = prepare_creds(); if (override_cred) { override_cred->fsuid = inode->i_uid; override_cred->fsgid = inode->i_gid; put_cred(override_creds(override_cred)); put_cred(override_cred); if (!ovl_dentry_is_opaque(dentry)) err = ovl_create_upper(dentry, inode, stat, link, hardlink); else err = ovl_create_over_whiteout(dentry, inode, stat, link, hardlink); } revert_creds(old_cred); if (!err) { struct inode *realinode = d_inode(ovl_dentry_upper(dentry)); WARN_ON(inode->i_mode != realinode->i_mode); WARN_ON(!uid_eq(inode->i_uid, realinode->i_uid)); WARN_ON(!gid_eq(inode->i_gid, realinode->i_gid)); } return err; }
int devtmpfs_create_node(struct device *dev) { const char *tmp = NULL; const char *nodename; const struct cred *curr_cred; struct user_beancounter *curr_ub; mode_t mode = 0; struct nameidata nd; struct dentry *dentry; int err; struct vfsmount *dev_mnt = ve_devmnt(); if (!dev_mnt) return 0; nodename = device_get_devnode(dev, &mode, &tmp); if (!nodename) return -ENOMEM; if (mode == 0) mode = 0600; if (is_blockdev(dev)) mode |= S_IFBLK; else mode |= S_IFCHR; curr_ub = set_exec_ub(&ub0); curr_cred = override_creds(&init_cred); err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt, nodename, LOOKUP_PARENT, &nd); if (err == -ENOENT) { /* create missing parent directories */ create_path(nodename); err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt, nodename, LOOKUP_PARENT, &nd); if (err) goto out; } dentry = lookup_create(&nd, 0); if (!IS_ERR(dentry)) { int umask; umask = sys_umask(0000); err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, dev->devt); sys_umask(umask); /* mark as kernel created inode */ if (!err) dentry->d_inode->i_private = &dev_mnt; dput(dentry); } else { err = PTR_ERR(dentry); } mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); out: kfree(tmp); revert_creds(curr_cred); (void)set_exec_ub(curr_ub); return err; }
static int sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid, struct cifs_fattr *fattr, uint sidtype) { int rc; struct key *sidkey; char *sidstr; const struct cred *saved_cred; kuid_t fuid = cifs_sb->mnt_uid; kgid_t fgid = cifs_sb->mnt_gid; /* * If we have too many subauthorities, then something is really wrong. * Just return an error. */ if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { cifs_dbg(FYI, "%s: %u subauthorities is too many!\n", __func__, psid->num_subauth); return -EIO; } sidstr = sid_to_key_str(psid, sidtype); if (!sidstr) return -ENOMEM; saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", __func__, sidstr, sidtype == SIDOWNER ? 'u' : 'g'); goto out_revert_creds; } /* * FIXME: Here we assume that uid_t and gid_t are same size. It's * probably a safe assumption but might be better to check based on * sidtype. */ BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t)); if (sidkey->datalen != sizeof(uid_t)) { rc = -EIO; cifs_dbg(FYI, "%s: Downcall contained malformed key (datalen=%hu)\n", __func__, sidkey->datalen); key_invalidate(sidkey); goto out_key_put; } if (sidtype == SIDOWNER) { kuid_t uid; uid_t id; memcpy(&id, &sidkey->payload.value, sizeof(uid_t)); uid = make_kuid(&init_user_ns, id); if (uid_valid(uid)) fuid = uid; } else { kgid_t gid; gid_t id; memcpy(&id, &sidkey->payload.value, sizeof(gid_t)); gid = make_kgid(&init_user_ns, id); if (gid_valid(gid)) fgid = gid; } out_key_put: key_put(sidkey); out_revert_creds: revert_creds(saved_cred); kfree(sidstr); /* * Note that we return 0 here unconditionally. If the mapping * fails then we just fall back to using the mnt_uid/mnt_gid. */ if (sidtype == SIDOWNER) fattr->cf_uid = fuid; else fattr->cf_gid = fgid; return 0; }
const struct cred *ovl_override_creds(struct super_block *sb) { struct ovl_fs *ofs = sb->s_fs_info; return override_creds(ofs->creator_cred); }
static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry) { int err; struct dentry *newdentry; const struct cred *old_cred; struct cred *override_cred; /* FIXME: recheck lower dentry to see if whiteout is really needed */ err = -ENOMEM; override_cred = prepare_creds(); if (!override_cred) goto out; /* * CAP_SYS_ADMIN for setxattr * CAP_DAC_OVERRIDE for symlink creation * CAP_FOWNER for unlink in sticky directory */ cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN); cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE); cap_raise(override_cred->cap_effective, CAP_FOWNER); override_cred->fsuid = GLOBAL_ROOT_UID; override_cred->fsgid = GLOBAL_ROOT_GID; old_cred = override_creds(override_cred); newdentry = lookup_one_len(dentry->d_name.name, upperdir, dentry->d_name.len); err = PTR_ERR(newdentry); if (IS_ERR(newdentry)) goto out_put_cred; /* Just been removed within the same locked region */ WARN_ON(newdentry->d_inode); err = vfs_symlink(upperdir->d_inode, newdentry, ovl_whiteout_symlink); if (err) goto out_dput; ovl_dentry_version_inc(dentry->d_parent); err = vfs_setxattr(newdentry, ovl_whiteout_xattr, "y", 1, 0); if (err) vfs_unlink(upperdir->d_inode, newdentry); out_dput: dput(newdentry); out_put_cred: revert_creds(old_cred); put_cred(override_cred); out: if (err) { /* * There's no way to recover from failure to whiteout. * What should we do? Log a big fat error and... ? */ pr_err("overlayfs: ERROR - failed to whiteout '%s'\n", dentry->d_name.name); } return err; }
/* * access() needs to use the real uid/gid, not the effective uid/gid. * We do this by temporarily clearing all FS-related capabilities and * switching the fsuid/fsgid around to the real ones. */ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) { const struct cred *old_cred; struct cred *override_cred; struct path path; struct inode *inode; int res; unsigned int lookup_flags = LOOKUP_FOLLOW; if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; override_cred = prepare_creds(); if (!override_cred) return -ENOMEM; override_cred->fsuid = override_cred->uid; override_cred->fsgid = override_cred->gid; if (!issecure(SECURE_NO_SETUID_FIXUP)) { /* Clear the capabilities if we switch to a non-root user */ kuid_t root_uid = make_kuid(override_cred->user_ns, 0); if (!uid_eq(override_cred->uid, root_uid)) cap_clear(override_cred->cap_effective); else override_cred->cap_effective = override_cred->cap_permitted; } old_cred = override_creds(override_cred); retry: res = user_path_at(dfd, filename, lookup_flags, &path); if (res) goto out; inode = path.dentry->d_inode; if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { /* * MAY_EXEC on regular files is denied if the fs is mounted * with the "noexec" flag. */ res = -EACCES; if (path.mnt->mnt_flags & MNT_NOEXEC) goto out_path_release; } res = inode_permission(inode, mode | MAY_ACCESS); /* SuS v2 requires we report a read only fs too */ if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) goto out_path_release; /* * This is a rare case where using __mnt_is_readonly() * is OK without a mnt_want/drop_write() pair. Since * no actual write to the fs is performed here, we do * not need to telegraph to that to anyone. * * By doing this, we accept that this access is * inherently racy and know that the fs may change * state before we even see this result. */ if (__mnt_is_readonly(path.mnt)) res = -EROFS; out_path_release: path_put(&path); if (retry_estale(res, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } out: revert_creds(old_cred); put_cred(override_cred); return res; }
static int id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid) { int rc = 0; struct key *sidkey; const struct cred *saved_cred; struct cifs_sid *lsid; struct cifs_sid_id *psidid, *npsidid; struct rb_root *cidtree; spinlock_t *cidlock; if (sidtype == SIDOWNER) { cidlock = &siduidlock; cidtree = &uidtree; } else if (sidtype == SIDGROUP) { cidlock = &sidgidlock; cidtree = &gidtree; } else return -EINVAL; spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (!psidid) { /* */ spin_unlock(cidlock); npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL); if (!npsidid) return -ENOMEM; npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL); if (!npsidid->sidstr) { kfree(npsidid); return -ENOMEM; } spin_lock(cidlock); psidid = sid_rb_search(cidtree, cid); if (psidid) { /* */ ++psidid->refcount; spin_unlock(cidlock); kfree(npsidid->sidstr); kfree(npsidid); } else { psidid = npsidid; sid_rb_insert(cidtree, cid, &psidid, sidtype == SIDOWNER ? "oi:" : "gi:"); ++psidid->refcount; spin_unlock(cidlock); } } else { ++psidid->refcount; spin_unlock(cidlock); } /* */ if (test_bit(SID_ID_MAPPED, &psidid->state)) { memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); psidid->time = jiffies; /* */ goto id_sid_out; } if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) { rc = -EINVAL; goto id_sid_out; } if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) { saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, psidid->sidstr, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; cFYI(1, "%s: Can't map and id to a SID", __func__); } else { lsid = (struct cifs_sid *)sidkey->payload.data; memcpy(&psidid->sid, lsid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); memcpy(ssid, &psidid->sid, sidkey->datalen < sizeof(struct cifs_sid) ? sidkey->datalen : sizeof(struct cifs_sid)); set_bit(SID_ID_MAPPED, &psidid->state); key_put(sidkey); kfree(psidid->sidstr); } psidid->time = jiffies; /* */ revert_creds(saved_cred); clear_bit(SID_ID_PENDING, &psidid->state); wake_up_bit(&psidid->state, SID_ID_PENDING); } else { rc = wait_on_bit(&psidid->state, SID_ID_PENDING, sidid_pending_wait, TASK_INTERRUPTIBLE); if (rc) { cFYI(1, "%s: sidid_pending_wait interrupted %d", __func__, rc); --psidid->refcount; return rc; } if (test_bit(SID_ID_MAPPED, &psidid->state)) memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid)); else rc = -EINVAL; } id_sid_out: --psidid->refcount; return rc; }