Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2683139imu; Tue, 6 Nov 2018 20:14:22 -0800 (PST) X-Google-Smtp-Source: AJdET5ekvuIsxwrFRx2PMSz5JO8ocMi75tFGdtsjDUvAIFbxzbckjdj3wHYK2AATeSrgfRYUdEmx X-Received: by 2002:a65:4208:: with SMTP id c8-v6mr286320pgq.335.1541564062851; Tue, 06 Nov 2018 20:14:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541564062; cv=none; d=google.com; s=arc-20160816; b=LYIyzMbzOgmZBMOo695Iv2K8tp6TjWj8Y5NZQo3vztiaCYW5MdCEFKOuTtFixBSIZS jvC49jrq0fccQ3S0HSqPe4FeuMqfF5Puq5687cFCpCcaeqDvlRrJXucEC1QWIk+E6xU5 TRj+AJDEG9nRw9UaynzglyY5y/O5gRLKQOuewARqvQEJ0lpvD16OOU1V2ACTzksNmkZP 2IXAWoWHgc/mJ6GIOknFRSotxAol/swAYCppSW8JaVE6k+KUOcDAlImCYFk9mw0vKkuB oYamHLjKyI8m0CBP6fVLu+DfEhajGKehwqLEwnWBrnReX8ZNCiMmtVeQ/HwKV7RwnjeG K+Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:cc:subject:date:to :from; bh=eXdCxbndrLjJPLDBoOcebeeEQjeAhy4igKDbFXU8FFE=; b=r7yJkRnaGCqKjs1onbZDLt2s2onCj3LVB1rT3ENYzuIZF92WIuO5VfXDeaUr+Xfjfj jYFz25yRDJt5T5THNPr3tFPi8Qk0pCdLrOuZdar8nyheNvMzaZYKQ3YTMQuiG2J9/wiX PbGTLzVSIQ1Nwhwk4Uk+PmxUhdzdoU2Vb9Q9d5E50PkMKexpgoQzmcaC5jIS3caq1OIi hSGF+4OJabiLJu/D897wFSXV0vr+a7pUbdVTkiVhLWoWu1Ho7Fte5mzxmdSVcwVXxl5j g/tE9eYAVbw9r+LLu/tAzzI/p5b4jtKmgUE117PNhwr2+ZUfqxDZO9D6vo26AEXi/7OX mTQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o14-v6si44964709pgi.52.2018.11.06.20.14.07; Tue, 06 Nov 2018 20:14:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730888AbeKGNmM (ORCPT + 99 others); Wed, 7 Nov 2018 08:42:12 -0500 Received: from mx2.suse.de ([195.135.220.15]:56198 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726552AbeKGNmM (ORCPT ); Wed, 7 Nov 2018 08:42:12 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 4F58EB176; Wed, 7 Nov 2018 04:13:35 +0000 (UTC) From: NeilBrown To: "J. Bruce Fields" , Chuck Lever , Jeff Layton , Trond Myklebust , Anna Schumaker Date: Wed, 07 Nov 2018 15:12:30 +1100 Subject: [PATCH 01/23] cred: add cred_fscmp() for comparing creds. Cc: Linux NFS Mailing List , linux-kernel@vger.kernel.org Message-ID: <154156395073.24086.13167286538519045802.stgit@noble> In-Reply-To: <154156285766.24086.14262073575778354276.stgit@noble> References: <154156285766.24086.14262073575778354276.stgit@noble> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org NFS needs to compare to credentials, to see if they can be treated the same w.r.t. filesystem access. Sometimes an ordering is needed when credentials are used as a key to an rbtree. NFS currently has its own private credential management from before 'struct cred' existed. To move it over to more consistent use of 'struct cred' we need a comparison function. This patch adds that function. Signed-off-by: NeilBrown --- include/linux/cred.h | 1 + kernel/cred.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/include/linux/cred.h b/include/linux/cred.h index 7eed6101c791..f1085767e1b3 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -169,6 +169,7 @@ extern int change_create_files_as(struct cred *, struct inode *); extern int set_security_override(struct cred *, u32); extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); +extern int cred_fscmp(const struct cred *, const struct cred *); extern void __init cred_init(void); /* diff --git a/kernel/cred.c b/kernel/cred.c index ecf03657e71c..0b3ac72bd717 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -19,6 +19,7 @@ #include #include #include +#include #if 0 #define kdebug(FMT, ...) \ @@ -564,6 +565,60 @@ void revert_creds(const struct cred *old) } EXPORT_SYMBOL(revert_creds); +/** + * cred_fscmp - Compare two credentials with respect to filesystem access. + * @a: The first credential + * @b: The second credential + * + * cred_cmp() will return zero if both credentials have the same + * fsuid, fsgid, and supplementary groups. That is, if they will both + * provide the same access to files based on mode/uid/gid. + * If the credentials are different, then either -1 or 1 will + * be returned depending on whether @a comes before or after @b + * respectively in an arbitrary, but stable, ordering of credentials. + * + * Return: -1, 0, or 1 depending on comparison + */ +int cred_fscmp(const struct cred *a, const struct cred *b) +{ + struct group_info *ga, *gb; + int g; + + if (a == b) + return 0; + if (uid_lt(a->fsuid, b->fsuid)) + return -1; + if (uid_gt(a->fsuid, b->fsuid)) + return 1; + + if (gid_lt(a->fsgid, b->fsgid)) + return -1; + if (gid_gt(a->fsgid, b->fsgid)) + return 1; + + ga = a->group_info; + gb = b->group_info; + if (ga == gb) + return 0; + if (ga == NULL) + return -1; + if (gb == NULL) + return 1; + if (ga->ngroups < gb->ngroups) + return -1; + if (ga->ngroups > gb->ngroups) + return 1; + + for (g = 0; g < ga->ngroups; g++) { + if (gid_lt(ga->gid[g], gb->gid[g])) + return -1; + if (gid_gt(ga->gid[g], gb->gid[g])) + return 1; + } + return 0; +} +EXPORT_SYMBOL(cred_fscmp); + /* * initialise the credentials stuff */