Re: 2.6.2-rc2-mm2

From: Andrew Morton (akpm_at_osdl.org)
Date: 01/31/04

  • Next message: Esben Stien: "conformance, compliance and compatibility" 
    Date:	Fri, 30 Jan 2004 15:08:19 -0800
To: thockin@sun.com

    Tim Hockin <thockin@sun.com> wrote:
    >
    > On Fri, Jan 30, 2004 at 02:00:24PM -0800, Andrew Morton wrote:
    > > Tim Hockin <thockin@sun.com> wrote:
    > > >
    > > > In fact, here is a rough cut (would need a coupel exported syms, too). The
    > > > lack of any way to handle errors bothers me. printk and fail? yeesh.
    > >
    > > Seems to be a good way to go. It doesn't seem likely that any other parts
    > > of the kernel will want to be setting the group ownership in this way.
    >
    > How's the attached patch?

    OK. But we really should check that error code. I'll see your patch and
    raise you one.

    I think this is right - the NFSEXP_ALLSQUASH case appears to be clearing
    all groups. When this settles down we need to run it all by Neil.

    Do we need to handle the return value from set_current_groups(), or should
    that guy be simply returning void?

    diff -puN fs/nfsd/auth.c~increase-NGROUPS-nfsd-cleanup-checks fs/nfsd/auth.c
    --- 25/fs/nfsd/auth.c~increase-NGROUPS-nfsd-cleanup-checks Fri Jan 30 15:03:55 2004
    +++ 25-akpm/fs/nfsd/auth.c Fri Jan 30 15:06:43 2004
    @@ -11,13 +11,25 @@
     #include <linux/nfsd/nfsd.h>
     
     #define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
    -void
    -nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
    +
    +int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
     {
             struct svc_cred *cred = &rqstp->rq_cred;
    - int i, j;
    - gid_t groups[SVC_CRED_NGROUPS];
    - struct group_info *group_info;
    + struct group_info *group_info = NULL;
    + int ngroups;
    + int i;
    + int ret;
    +
    + ngroups = 0;
    + if (!(exp->ex_flags & NFSEXP_ALLSQUASH)) {
    + for (i = 0; i < SVC_CRED_NGROUPS; i++) {
    + if (cred->cr_groups[i])
    + ngroups++;
    + }
    + }
    + group_info = groups_alloc(ngroups);
    + if (group_info == NULL)
    + return -ENOMEM;
     
             if (exp->ex_flags & NFSEXP_ALLSQUASH) {
                     cred->cr_uid = exp->ex_anon_uid;
    @@ -41,25 +53,24 @@ nfsd_setuser(struct svc_rqst *rqstp, str
                     current->fsgid = cred->cr_gid;
             else
                     current->fsgid = exp->ex_anon_gid;
    +
             for (i = 0; i < SVC_CRED_NGROUPS; i++) {
                     gid_t group = cred->cr_groups[i];
                     if (group == (gid_t) NOGROUP)
                             break;
    - groups[i] = group;
    + GROUP_AT(group_info, i) = group;
             }
    - group_info = groups_alloc(i);
    - /* should be error checking, but we can't return ENOMEM! */
    - for (j = 0; j < i; j++)
    - GROUP_AT(group_info, j) = groups[j];
    - if (set_current_groups(group_info))
    - put_group_info(group_info);
    - /* should be error handling but we return void */
     
    - if ((cred->cr_uid)) {
    - cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
    + ret = set_current_groups(group_info);
    + if (ret == 0) {
    + if ((cred->cr_uid)) {
    + cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
    + } else {
    + cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
    + current->cap_permitted);
    + }
             } else {
    - cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
    - current->cap_permitted);
    + put_group_info(group_info);
             }
    -
    + return ret;
     }
    diff -puN include/linux/nfsd/auth.h~increase-NGROUPS-nfsd-cleanup-checks include/linux/nfsd/auth.h
    --- 25/include/linux/nfsd/auth.h~increase-NGROUPS-nfsd-cleanup-checks Fri Jan 30 15:03:55 2004
    +++ 25-akpm/include/linux/nfsd/auth.h Fri Jan 30 15:03:55 2004
    @@ -21,7 +21,7 @@
      * Set the current process's fsuid/fsgid etc to those of the NFS
      * client user
      */
    -void nfsd_setuser(struct svc_rqst *, struct svc_export *);
    +int nfsd_setuser(struct svc_rqst *, struct svc_export *);
     
     #endif /* __KERNEL__ */
     #endif /* LINUX_NFSD_AUTH_H */

    _

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: Esben Stien: "conformance, compliance and compatibility"

    Relevant Pages

    • Re: Granting some root permissions to certain users
      ... We use a kernel patch called trustees to do just what you're talking ... Unfortunately the patch hasn't really been kept up-to-date. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: RT-V0.7.47-17 build fails
      ... On Monday 06 June 2005 03:41, Ingo Molnar wrote: ... >> I thought maybe I'd exersize this kernel, but a patch I thought ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • RE: [PATCH] 2.6 workaround for Athlon/Opteron prefetch errata
      ... to avoid so we can get this in to the 2.6 kernel ASAP. ... I am pretty certain the patch won't impact the ... > might want to kill the condition depending on the stepping, ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: 2.6.3-rc1-mm1
      ... > This is the first time that anyone told me that it even existed. ... When we're at kernel version 2.6.3! ... without this patch. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: Question re the dot releases such as 2.6.12.3
      ... I'll submit a patch to the ... > kernel from the home page. ... Copyright 2005 by Maurice Eugene Heskett, ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)