[v2] devpts: allow mounting with uid/gid of uint32_t

Message ID	20150829104304.GA2841@posteo.de (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-fsdevel-owner@kernel.org> Date: Sat, 29 Aug 2015 12:43:04 +0200 From: Dongsu Park <dpark@posteo.net> To: Peter Hurley <peter@hurleysoftware.com> Cc: Al Viro <viro@zeniv.linux.org.uk>, Andrew Morton <akpm@linux-foundation.org>, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Josh Triplett <josh@joshtriplett.org>, David Howells <dhowells@redhat.com>, Alban Crequy <alban@endocode.com>, Alexey Dobriyan <adobriyan@gmail.com> Subject: Re: [PATCH v2] devpts: allow mounting with uid/gid of uint32_t Message-ID: <20150829104304.GA2841@posteo.de> References: <882a878038efb5fed381be5d4817ff44d90703d5.1439904209.git.dpark@posteo.net> <692839ff7158dbb96dd20ce8e36c13f85fa64fd7.1439910753.git.dpark@posteo.net> <55E0B786.70101@hurleysoftware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <55E0B786.70101@hurleysoftware.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk

Message ID

20150829104304.GA2841@posteo.de (mailing list archive)

State

New, archived

Headers

Date: Sat, 29 Aug 2015 12:43:04 +0200
From: Dongsu Park <dpark@posteo.net>
To: Peter Hurley <peter@hurleysoftware.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Josh Triplett <josh@joshtriplett.org>,
	David Howells <dhowells@redhat.com>, Alban Crequy <alban@endocode.com>,
	Alexey Dobriyan <adobriyan@gmail.com>
Subject: Re: [PATCH v2] devpts: allow mounting with uid/gid of uint32_t
Message-ID: <20150829104304.GA2841@posteo.de>
References: <882a878038efb5fed381be5d4817ff44d90703d5.1439904209.git.dpark@posteo.net>
	<692839ff7158dbb96dd20ce8e36c13f85fa64fd7.1439910753.git.dpark@posteo.net>
	<55E0B786.70101@hurleysoftware.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <55E0B786.70101@hurleysoftware.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Dongsu Park Aug. 29, 2015, 10:43 a.m. UTC

On 28.08.2015 15:33, Peter Hurley wrote:
> On 08/18/2015 11:18 AM, Dongsu Park wrote:
> > ---
> >  fs/devpts/inode.c | 20 ++++++++++++++++----
> >  1 file changed, 16 insertions(+), 4 deletions(-)
> > 
> > diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
> > index c35ffdc12bba..49272fae40a7 100644
> > --- a/fs/devpts/inode.c
> > +++ b/fs/devpts/inode.c
> > @@ -188,23 +188,35 @@ static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
> >  		token = match_token(p, tokens, args);
> >  		switch (token) {
> >  		case Opt_uid:
> > -			if (match_int(&args[0], &option))
> 
> match_int() => make_kuid/kgid is a widespread pattern in filesystems
> for handling uid/gid mount parameters.
> 
> How about adding a for-purpose string-to-uid/gid function, rather than
> open-coding?

Yeah, that sounds like a good idea.
Do you mean probably something like this? (on top of -mm tree)

Thanks,
Dongsu

----

From ccfa5db398ba5ac31c5e0128e88abca1f6d1e6f5 Mon Sep 17 00:00:00 2001
Message-Id: <ccfa5db398ba5ac31c5e0128e88abca1f6d1e6f5.1440844226.git.dpark@posteo.net>
From: Dongsu Park <dpark@posteo.net>
Date: Sat, 29 Aug 2015 12:35:01 +0200
Subject: [PATCH v3] devpts: allow mounting with uid/gid of uint32_t

To allow devpts to be mounted with options of uid/gid of uint32_t,
we need to make use of general parsing API instead of match_int().
So introduce kstrto{uid,gid}(), wrappers around kstrtouint() as well
as make_k{uid,gid}() calls. And then make devpts parse options only
using kstrto{uid,gid}(). Doing that, mounting devpts with uid or
gid > (2^31 - 1) will work as expected, e.g.:

 # mount -t devpts devpts /tmp/devptsdir -o \
   newinstance,ptmxmode=0666,mode=620,uid=3598450688,gid=3598450693

It was originally by reported on github issue tracker of systemd:
https://github.com/systemd/systemd/issues/956

Comments

Alexey Dobriyan Aug. 29, 2015, 9:44 p.m. UTC | #1

On Sat, Aug 29, 2015 at 12:43:04PM +0200, Dongsu Park wrote:
> > How about adding a for-purpose string-to-uid/gid function, rather than
> > open-coding?

>  		case Opt_uid:
> -			if (match_int(&args[0], &option))
> -				return -EINVAL;
> -			uid = make_kuid(current_user_ns(), option);
> -			if (!uid_valid(uid))
> -				return -EINVAL;
> +			rc = kstrtouid(args[0].from, &uid);
> +			if (rc)
> +				return rc;
> +
>  			opts->uid = uid;

if kstrtouid is doing all the work, value should be put directly into
opts->uid avoiding temporary variables.

>  		case Opt_gid:
> -			if (match_int(&args[0], &option))
> -				return -EINVAL;
> -			gid = make_kgid(current_user_ns(), option);
> -			if (!gid_valid(gid))
> -				return -EINVAL;
> +			rc = kstrtogid(args[0].from, &gid);
> +			if (rc)
> +				return rc;

ditto

> +
>  			opts->gid = gid;
>  			opts->setgid = 1;
>  			break;

> --- a/include/linux/parse-integer.h
> +++ b/include/linux/parse-integer.h
> @@ -2,6 +2,7 @@
>  #define _PARSE_INTEGER_H
>  #include <linux/compiler.h>
>  #include <linux/types.h>
> +#include <linux/uidgid.h>

no, just put the prototypes into uidgid.h
This header is supposed to be small and self contained.

> @@ -155,6 +156,9 @@ static inline int __must_check kstrtos8(const char *s, unsigned int base, s8 *re
>  	return parse_integer(s, base | PARSE_INTEGER_NEWLINE, res);
>  }
>  
> +int __must_check kstrtouid(const char *uidstr, kuid_t *kuid);
> +int __must_check kstrtogid(const char *gidstr, kgid_t *kgid);
> +
>  int __must_check kstrtoull_from_user(const char __user *s, size_t count, unsigned int base, unsigned long long *res);
>  int __must_check kstrtoll_from_user(const char __user *s, size_t count, unsigned int base, long long *res);
>  int __must_check kstrtoul_from_user(const char __user *s, size_t count, unsigned int base, unsigned long *res);

> --- a/lib/kstrtox.c
> +++ b/lib/kstrtox.c
> @@ -17,6 +17,8 @@
>  #include <linux/math64.h>
>  #include <linux/export.h>
>  #include <linux/types.h>
> +#include <linux/sched.h>
> +#include <linux/cred.h>

This is pretty ridiculous for what is supposed to be bunch  of integer
conversion routines. sched.h? come on!

> @@ -81,6 +83,44 @@ int f(const char __user *s, size_t count, unsigned int base, type *res)	\
>  }									\
>  EXPORT_SYMBOL(f)
>  
> +int kstrtouid(const char *uidstr, kuid_t *kuid)
> +{
> +	uid_t uidval;
> +	kuid_t kuidtmp;
> +
> +	int rc = kstrtouint(uidstr, 0, &uidval);
> +
> +	if (rc)
> +		return rc;

and please follow coding style.

> +
> +	kuidtmp = make_kuid(current_user_ns(), uidval);
> +	if (!uid_valid(kuidtmp))
> +		return -EINVAL;
> +
> +	*kuid = kuidtmp;
> +	return 0;
> +}
> +EXPORT_SYMBOL(kstrtouid);
> +
> +int kstrtogid(const char *gidstr, kgid_t *kgid)
> +{
> +	gid_t gidval;
> +	kgid_t kgidtmp;
> +
> +	int rc = kstrtouint(gidstr, 0, &gidval);
> +
> +	if (rc)
> +		return rc;
> +
> +	kgidtmp = make_kgid(current_user_ns(), gidval);
> +	if (!gid_valid(kgidtmp))
> +		return -EINVAL;
> +
> +	*kgid = kgidtmp;
> +	return 0;
> +}
> +EXPORT_SYMBOL(kstrtogid);
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

====
from v2:
 * rebase on top of -mm tree
 * split common parts for parsing uid/gid into kstrto{uid,gid}()
 * fix minor format.
 * continue to use kstrtouint() suggested by Alexey Dobriyan.

from v1: fix patch format correctly

Cc: Alexey Dobriyan <adobriyan@gmail.com>
Reported-by: Alban Crequy <alban@endocode.com>
Suggested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Dongsu Park <dpark@posteo.net>
---
 fs/devpts/inode.c             | 19 +++++++++----------
 include/linux/parse-integer.h |  4 ++++
 lib/kstrtox.c                 | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 10 deletions(-)

diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index c35ffdc12bba..fbbd71005dcb 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -181,6 +181,7 @@  static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
 		substring_t args[MAX_OPT_ARGS];
 		int token;
 		int option;
+		int rc;
 
 		if (!*p)
 			continue;
@@ -188,20 +189,18 @@  static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
 		token = match_token(p, tokens, args);
 		switch (token) {
 		case Opt_uid:
-			if (match_int(&args[0], &option))
-				return -EINVAL;
-			uid = make_kuid(current_user_ns(), option);
-			if (!uid_valid(uid))
-				return -EINVAL;
+			rc = kstrtouid(args[0].from, &uid);
+			if (rc)
+				return rc;
+
 			opts->uid = uid;
 			opts->setuid = 1;
 			break;
 		case Opt_gid:
-			if (match_int(&args[0], &option))
-				return -EINVAL;
-			gid = make_kgid(current_user_ns(), option);
-			if (!gid_valid(gid))
-				return -EINVAL;
+			rc = kstrtogid(args[0].from, &gid);
+			if (rc)
+				return rc;
+
 			opts->gid = gid;
 			opts->setgid = 1;
 			break;
diff --git a/include/linux/parse-integer.h b/include/linux/parse-integer.h
index ba620cdf3df6..2cdc4f418e00 100644
--- a/include/linux/parse-integer.h
+++ b/include/linux/parse-integer.h
@@ -2,6 +2,7 @@ 
 #define _PARSE_INTEGER_H
 #include <linux/compiler.h>
 #include <linux/types.h>
+#include <linux/uidgid.h>
 
 /*
  * int parse_integer(const char *s, unsigned int base, T *val);
@@ -155,6 +156,9 @@  static inline int __must_check kstrtos8(const char *s, unsigned int base, s8 *re
 	return parse_integer(s, base | PARSE_INTEGER_NEWLINE, res);
 }
 
+int __must_check kstrtouid(const char *uidstr, kuid_t *kuid);
+int __must_check kstrtogid(const char *gidstr, kgid_t *kgid);
+
 int __must_check kstrtoull_from_user(const char __user *s, size_t count, unsigned int base, unsigned long long *res);
 int __must_check kstrtoll_from_user(const char __user *s, size_t count, unsigned int base, long long *res);
 int __must_check kstrtoul_from_user(const char __user *s, size_t count, unsigned int base, unsigned long *res);
diff --git a/lib/kstrtox.c b/lib/kstrtox.c
index 1698b286d954..4c376716a72e 100644
--- a/lib/kstrtox.c
+++ b/lib/kstrtox.c
@@ -17,6 +17,8 @@ 
 #include <linux/math64.h>
 #include <linux/export.h>
 #include <linux/types.h>
+#include <linux/sched.h>
+#include <linux/cred.h>
 #include <asm/uaccess.h>
 #include "kstrtox.h"
 
@@ -81,6 +83,44 @@  int f(const char __user *s, size_t count, unsigned int base, type *res)	\
 }									\
 EXPORT_SYMBOL(f)
 
+int kstrtouid(const char *uidstr, kuid_t *kuid)
+{
+	uid_t uidval;
+	kuid_t kuidtmp;
+
+	int rc = kstrtouint(uidstr, 0, &uidval);
+
+	if (rc)
+		return rc;
+
+	kuidtmp = make_kuid(current_user_ns(), uidval);
+	if (!uid_valid(kuidtmp))
+		return -EINVAL;
+
+	*kuid = kuidtmp;
+	return 0;
+}
+EXPORT_SYMBOL(kstrtouid);
+
+int kstrtogid(const char *gidstr, kgid_t *kgid)
+{
+	gid_t gidval;
+	kgid_t kgidtmp;
+
+	int rc = kstrtouint(gidstr, 0, &gidval);
+
+	if (rc)
+		return rc;
+
+	kgidtmp = make_kgid(current_user_ns(), gidval);
+	if (!gid_valid(kgidtmp))
+		return -EINVAL;
+
+	*kgid = kgidtmp;
+	return 0;
+}
+EXPORT_SYMBOL(kstrtogid);
+
 kstrto_from_user(kstrtoull_from_user,	kstrtoull,	unsigned long long);
 kstrto_from_user(kstrtoll_from_user,	kstrtoll,	long long);
 kstrto_from_user(kstrtoul_from_user,	kstrtoul,	unsigned long);

[v2] devpts: allow mounting with uid/gid of uint32_t

Commit Message

Comments

Patch