kuid/kgid: fix building error when trying Docker
Bryan Wu [Fri, 24 Jun 2016 21:59:52 +0000 (14:59 -0700)]
Docker requires CONFIG_UIDGID_STRICT_TYPE_CHECKS which will refine kuid
and kgid struct. Some old code needs to change to use
__kuid_val/__kgid_val, KUIDT_INIT()/KUIDT_INIT() and uid_eq(), otherwise
kernel will building fail.

Bug 1767148

Change-Id: I81f2b9c165ff85604566ee1aa719673fbbd93011
Signed-off-by: Bryan Wu <pengw@nvidia.com>
Reviewed-on: http://git-master/r/1171276
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/misc/tegra-profiler/main.c
include/net/route.h
kernel/cgroup.c
net/ipv4/route.c
net/netfilter/xt_IDLETIMER.c
net/netfilter/xt_qtaguid.c
net/netfilter/xt_quota2.c

index 80a2b73..c696923 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * drivers/misc/tegra-profiler/main.c
  *
- * Copyright (c) 2013-2015, NVIDIA CORPORATION.  All rights reserved.
+ * Copyright (c) 2013-2016, NVIDIA CORPORATION.  All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms and conditions of the GNU General Public License,
@@ -209,8 +209,8 @@ set_parameters(struct quadd_parameters *p)
                return -ESRCH;
        }
 
-       current_uid = current_fsuid();
-       task_uid = task_uid(task);
+       current_uid = __kuid_val(current_fsuid());
+       task_uid = __kuid_val(task_uid(task));
        pr_info("owner/task uids: %u/%u\n", current_uid, task_uid);
 
        if (!capable(CAP_SYS_ADMIN)) {
index 647bb2a..cbf7864 100644 (file)
@@ -142,7 +142,8 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct flowi
        flowi4_init_output(fl4, oif, sk ? sk->sk_mark : 0, tos,
                           RT_SCOPE_UNIVERSE, proto,
                           sk ? inet_sk_flowi_flags(sk) : 0,
-                          daddr, saddr, dport, sport, sk ? sock_i_uid(sk) : 0);
+                          daddr, saddr, dport, sport,
+                          sk ? sock_i_uid(sk) : KUIDT_INIT(0));
        if (sk)
                security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
        return ip_route_output_flow(net, fl4, sk);
index 7f26b05..b898200 100644 (file)
@@ -2135,8 +2135,8 @@ int subsys_cgroup_allow_attach(struct cgroup *cgrp, struct cgroup_taskset *tset)
        cgroup_taskset_for_each(task, cgrp, tset) {
                tcred = __task_cred(task);
 
-               if (current != task && cred->euid != tcred->uid &&
-                   cred->euid != tcred->suid)
+               if (current != task && !uid_eq(cred->euid, tcred->uid) &&
+                   !uid_eq(cred->euid, tcred->suid))
                        return -EACCES;
        }
 
index 52fceb0..5dd586c 100644 (file)
@@ -532,7 +532,7 @@ static void __build_flow_key(struct flowi4 *fl4, struct sock *sk,
                           RT_SCOPE_UNIVERSE, prot,
                           flow_flags,
                           iph->daddr, iph->saddr, 0, 0,
-                          sk ? sock_i_uid(sk) : 0);
+                          sk ? sock_i_uid(sk) : KUIDT_INIT(0));
 }
 
 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,
index ddf77f7..369b160 100644 (file)
@@ -357,7 +357,9 @@ static void reset_timer(const struct idletimer_tg_info *info,
                        read_lock_bh(&sk->sk_callback_lock);
                        if ((sk->sk_socket) && (sk->sk_socket->file) &&
                    (sk->sk_socket->file->f_cred))
-                               timer->uid = sk->sk_socket->file->f_cred->uid;
+                               timer->uid = __kuid_val(
+                                               sk->sk_socket->file->f_cred->uid
+                                               );
                        read_unlock_bh(&sk->sk_callback_lock);
                }
 
index bcc622e..dc14cf6 100644 (file)
@@ -145,22 +145,24 @@ static bool can_manipulate_uids(void)
 {
        /* root pwnd */
        return in_egroup_p(xt_qtaguid_ctrl_file->gid)
-               || unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_limited)
-               || unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
+               || unlikely(!__kuid_val(current_fsuid()))
+               || unlikely(!proc_ctrl_write_limited)
+               || unlikely(uid_eq(current_fsuid(), xt_qtaguid_ctrl_file->uid));
 }
 
 static bool can_impersonate_uid(uid_t uid)
 {
-       return uid == current_fsuid() || can_manipulate_uids();
+       return uid ==  __kuid_val(current_fsuid()) || can_manipulate_uids();
 }
 
 static bool can_read_other_uid_stats(uid_t uid)
 {
        /* root pwnd */
        return in_egroup_p(xt_qtaguid_stats_file->gid)
-               || unlikely(!current_fsuid()) || uid == current_fsuid()
+               || unlikely(!__kuid_val(current_fsuid()))
+               || uid == __kuid_val(current_fsuid())
                || unlikely(!proc_stats_readall_limited)
-               || unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
+               || unlikely(uid_eq(current_fsuid(), xt_qtaguid_ctrl_file->uid));
 }
 
 static inline void dc_add_byte_packets(struct data_counters *counters, int set,
@@ -542,7 +544,8 @@ static void put_utd_entry(struct uid_tag_data *utd_entry)
                         "erase utd_entry=%p uid=%u "
                         "by pid=%u tgid=%u uid=%u\n", __func__,
                         utd_entry, utd_entry->uid,
-                        current->pid, current->tgid, current_fsuid());
+                        current->pid, current->tgid,
+                        __kuid_val(current_fsuid()));
                BUG_ON(utd_entry->num_active_tags);
                rb_erase(&utd_entry->node, &uid_tag_data_tree);
                kfree(utd_entry);
@@ -744,7 +747,7 @@ static int iface_stat_fmt_proc_show(struct seq_file *m, void *v)
 
 
        CT_DEBUG("qtaguid:proc iface_stat_fmt pid=%u tgid=%u uid=%u\n",
-                current->pid, current->tgid, current_fsuid());
+                current->pid, current->tgid, __kuid_val(current_fsuid()));
 
        iface_entry = list_entry(v, struct iface_stat, list);
 
@@ -1723,7 +1726,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
                        sk->sk_socket ? sk->sk_socket->file : (void *)-1LL);
                filp = sk->sk_socket ? sk->sk_socket->file : NULL;
                MT_DEBUG("qtaguid[%d]: filp...uid=%u\n",
-                       par->hooknum, filp ? filp->f_cred->fsuid : -1);
+                       par->hooknum, filp ?
+                       __kuid_val(filp->f_cred->fsuid) : -1);
        }
 
        if (sk == NULL || sk->sk_socket == NULL) {
@@ -1758,7 +1762,7 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
                atomic64_inc(&qtu_events.match_no_sk_file);
                goto put_sock_ret_res;
        }
-       sock_uid = filp->f_cred->fsuid;
+       sock_uid = __kuid_val(filp->f_cred->fsuid);
        /*
         * TODO: unhack how to force just accounting.
         * For now we only do iface stats when the uid-owner is not requested
@@ -1773,8 +1777,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
         * Thus (!a && b) || (a && !b) == a ^ b
         */
        if (info->match & XT_QTAGUID_UID)
-               if ((filp->f_cred->fsuid >= info->uid_min &&
-                    filp->f_cred->fsuid <= info->uid_max) ^
+               if ((__kuid_val(filp->f_cred->fsuid) >= info->uid_min &&
+                    __kuid_val(filp->f_cred->fsuid) <= info->uid_max) ^
                    !(info->invert & XT_QTAGUID_UID)) {
                        MT_DEBUG("qtaguid[%d]: leaving uid not matching\n",
                                 par->hooknum);
@@ -1782,9 +1786,9 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
                        goto put_sock_ret_res;
                }
        if (info->match & XT_QTAGUID_GID)
-               if ((filp->f_cred->fsgid >= info->gid_min &&
-                               filp->f_cred->fsgid <= info->gid_max) ^
-                       !(info->invert & XT_QTAGUID_GID)) {
+               if ((__kgid_val(filp->f_cred->fsgid) >= info->gid_min &&
+                    __kgid_val(filp->f_cred->fsgid) <= info->gid_max) ^
+                   !(info->invert & XT_QTAGUID_GID)) {
                        MT_DEBUG("qtaguid[%d]: leaving gid not matching\n",
                                par->hooknum);
                        res = false;
@@ -1924,7 +1928,7 @@ static int qtaguid_ctrl_proc_show(struct seq_file *m, void *v)
        long f_count;
 
        CT_DEBUG("qtaguid: proc ctrl pid=%u tgid=%u uid=%u\n",
-                current->pid, current->tgid, current_fsuid());
+                current->pid, current->tgid, __kuid_val(current_fsuid()));
 
        if (sock_tag_entry != SEQ_START_TOKEN) {
                uid = get_uid_from_tag(sock_tag_entry->tag);
@@ -2010,11 +2014,12 @@ static int ctrl_cmd_delete(const char *input)
                goto err;
        }
        if (argc < 3) {
-               uid = current_fsuid();
+               uid = __kuid_val(current_fsuid());
        } else if (!can_impersonate_uid(uid)) {
                pr_info("qtaguid: ctrl_delete(%s): "
                        "insufficient priv from pid=%u tgid=%u uid=%u\n",
-                       input, current->pid, current->tgid, current_fsuid());
+                       input, current->pid, current->tgid,
+                       __kuid_val(current_fsuid()));
                res = -EPERM;
                goto err;
        }
@@ -2165,7 +2170,8 @@ static int ctrl_cmd_counter_set(const char *input)
        if (!can_manipulate_uids()) {
                pr_info("qtaguid: ctrl_counterset(%s): "
                        "insufficient priv from pid=%u tgid=%u uid=%u\n",
-                       input, current->pid, current->tgid, current_fsuid());
+                       input, current->pid, current->tgid,
+                       __kuid_val(current_fsuid()));
                res = -EPERM;
                goto err;
        }
@@ -2226,7 +2232,7 @@ static int ctrl_cmd_tag(const char *input)
                pr_info("qtaguid: ctrl_tag(%s): failed to lookup"
                        " sock_fd=%d err=%d pid=%u tgid=%u uid=%u\n",
                        input, sock_fd, res, current->pid, current->tgid,
-                       current_fsuid());
+                       __kuid_val(current_fsuid()));
                goto err;
        }
        CT_DEBUG("qtaguid: ctrl_tag(%s): socket->...->f_count=%ld ->sk=%p\n",
@@ -2242,17 +2248,20 @@ static int ctrl_cmd_tag(const char *input)
        CT_DEBUG("qtaguid: ctrl_tag(%s): "
                 "pid=%u tgid=%u uid=%u euid=%u fsuid=%u "
                 "ctrl.gid=%u in_group()=%d in_egroup()=%d\n",
-                input, current->pid, current->tgid, current_uid(),
-                current_euid(), current_fsuid(),
-                xt_qtaguid_ctrl_file->gid,
+                input, current->pid, current->tgid,
+                __kuid_val(current_uid()),
+                __kuid_val(current_euid()),
+                __kuid_val(current_fsuid()),
+                __kgid_val(xt_qtaguid_ctrl_file->gid),
                 in_group_p(xt_qtaguid_ctrl_file->gid),
                 in_egroup_p(xt_qtaguid_ctrl_file->gid));
        if (argc < 4) {
-               uid = current_fsuid();
+               uid = __kuid_val(current_fsuid());
        } else if (!can_impersonate_uid(uid)) {
                pr_info("qtaguid: ctrl_tag(%s): "
                        "insufficient priv from pid=%u tgid=%u uid=%u\n",
-                       input, current->pid, current->tgid, current_fsuid());
+                       input, current->pid, current->tgid,
+                       __kuid_val(current_fsuid()));
                res = -EPERM;
                goto err_put;
        }
@@ -2319,7 +2328,7 @@ static int ctrl_cmd_tag(const char *input)
                                "User space forgot to open /dev/xt_qtaguid? "
                                "pid=%u tgid=%u uid=%u\n", __func__,
                                current->pid, current->tgid,
-                               current_fsuid());
+                               __kuid_val(current_fsuid()));
                else
                        list_add(&sock_tag_entry->list,
                                 &pqd_entry->sock_tag_list);
@@ -2374,7 +2383,7 @@ static int ctrl_cmd_untag(const char *input)
                pr_info("qtaguid: ctrl_untag(%s): failed to lookup"
                        " sock_fd=%d err=%d pid=%u tgid=%u uid=%u\n",
                        input, sock_fd, res, current->pid, current->tgid,
-                       current_fsuid());
+                       __kuid_val(current_fsuid()));
                goto err;
        }
        CT_DEBUG("qtaguid: ctrl_untag(%s): socket->...->f_count=%ld ->sk=%p\n",
@@ -2408,7 +2417,8 @@ static int ctrl_cmd_untag(const char *input)
                pr_warn_once("qtaguid: %s(): "
                             "User space forgot to open /dev/xt_qtaguid? "
                             "pid=%u tgid=%u uid=%u\n", __func__,
-                            current->pid, current->tgid, current_fsuid());
+                            current->pid, current->tgid,
+                            __kuid_val(current_fsuid()));
        else
                list_del(&sock_tag_entry->list);
        spin_unlock_bh(&uid_tag_data_tree_lock);
@@ -2451,7 +2461,8 @@ static ssize_t qtaguid_ctrl_parse(const char *input, size_t count)
        ssize_t res;
 
        CT_DEBUG("qtaguid: ctrl(%s): pid=%u tgid=%u uid=%u\n",
-                input, current->pid, current->tgid, current_fsuid());
+                input, current->pid, current->tgid,
+                __kuid_val(current_fsuid()));
 
        cmd = input[0];
        /* Collect params for commands */
@@ -2539,8 +2550,9 @@ static int pp_stats_line(struct seq_file *m, struct tag_stat *ts_entry,
                         "from pid=%u tgid=%u uid=%u stats.gid=%u\n",
                         ppi->iface_entry->ifname,
                         get_atag_from_tag(tag), stat_uid,
-                        current->pid, current->tgid, current_fsuid(),
-                        xt_qtaguid_stats_file->gid);
+                        current->pid, current->tgid,
+                        __kuid_val(current_fsuid()),
+                        __kgid_val(xt_qtaguid_stats_file->gid));
                return 0;
        }
        ppi->item_index++;
@@ -2742,12 +2754,12 @@ static int qtudev_open(struct inode *inode, struct file *file)
                return 0;
 
        DR_DEBUG("qtaguid: qtudev_open(): pid=%u tgid=%u uid=%u\n",
-                current->pid, current->tgid, current_fsuid());
+                current->pid, current->tgid, __kuid_val(current_fsuid()));
 
        spin_lock_bh(&uid_tag_data_tree_lock);
 
        /* Look for existing uid data, or alloc one. */
-       utd_entry = get_uid_data(current_fsuid(), &utd_entry_found);
+       utd_entry = get_uid_data(__kuid_val(current_fsuid()), &utd_entry_found);
        if (IS_ERR_OR_NULL(utd_entry)) {
                res = PTR_ERR(utd_entry);
                goto err_unlock;
@@ -2759,7 +2771,7 @@ static int qtudev_open(struct inode *inode, struct file *file)
        if (pqd_entry) {
                pr_err("qtaguid: qtudev_open(): %u/%u %u "
                       "%s already opened\n",
-                      current->pid, current->tgid, current_fsuid(),
+                      current->pid, current->tgid, __kuid_val(current_fsuid()),
                       QTU_DEV_NAME);
                res = -EBUSY;
                goto err_unlock_free_utd;
@@ -2769,7 +2781,8 @@ static int qtudev_open(struct inode *inode, struct file *file)
        if (!new_pqd_entry) {
                pr_err("qtaguid: qtudev_open(): %u/%u %u: "
                       "proc data alloc failed\n",
-                      current->pid, current->tgid, current_fsuid());
+                      current->pid, current->tgid,
+                      __kuid_val(current_fsuid()));
                res = -ENOMEM;
                goto err_unlock_free_utd;
        }
@@ -2783,7 +2796,7 @@ static int qtudev_open(struct inode *inode, struct file *file)
 
        spin_unlock_bh(&uid_tag_data_tree_lock);
        DR_DEBUG("qtaguid: tracking data for uid=%u in pqd=%p\n",
-                current_fsuid(), new_pqd_entry);
+                __kuid_val(current_fsuid()), new_pqd_entry);
        file->private_data = new_pqd_entry;
        return 0;
 
index 4328562..7ec4a5e 100644 (file)
@@ -231,7 +231,8 @@ q2_get_counter(const struct xt_quota_mtinfo2 *q)
                spin_unlock_bh(&counter_list_lock);
                goto out;
        }
-       proc_set_user(p, quota_list_uid, quota_list_gid);
+       proc_set_user(p, KUIDT_INIT(quota_list_uid),
+                       KGIDT_INIT(quota_list_gid));
        return e;
 
  out: