From: Shaun Tancheff Date: Sun, 4 May 2025 23:41:48 +0000 (-0700) Subject: LU-16667 build: struct mnt_idmap, linux/filelock.h X-Git-Tag: 2.15.7-RC1~18 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=refs%2Fchanges%2F83%2F59083%2F4;p=fs%2Flustre-release.git LU-16667 build: struct mnt_idmap, linux/filelock.h Linux commit v6.2-rc3-9-g5970e15dbcfe filelock: move file locking definitions to separate header file Add configure test for linux/filelock.h and include it where needed. linux kernel v6.2-rc1-4-gb74d24f7a74f fs: port ->getattr() to pass mnt_idmap linux kernel v6.2-rc1-3-gc1632a0f1120 fs: port ->setattr() to pass mnt_idmap Add a configure test for mnt_idmap and fallback to using user_namespace for older kernels. Lustre-change: https://review.whamcloud.com/50420 Lustre-commit: 3011aa564a8c682aafbc6071b9866e266d8a6232 Was-Change-Id: Ib8cbb3157fb11b4f1fc55f1626c2998cb202bd8c LU-16667 build: kernel_cap_t contains u64 linux kernel v6.2-13111-gf122a08b197d capability: just use a 'u64' instead of a 'u32[2]' array Add configure test for kernel_cap_t as u64 and provide and accessor for the least significant 32 bits. As of linux commit v3.6-10973-g607ca46e97a1 lustre implicitly started to ignore some capabilities, see: include/uapi/linux/capability.h The last capability flag was added by: linux commit v5.8-rc5-1-g124ea650d307 The capabilities the Lustre currently ignores are: - CAP_MAC_OVERRIDE - CAP_MAC_ADMIN - CAP_SYSLOG - CAP_WAKE_ALARM - CAP_BLOCK_SUSPEND - CAP_AUDIT_READ - CAP_PERFMON - CAP_BPF - CAP_CHECKPOINT_RESTORE None of which appear to be important to Lustre operations and should be fine to continue ignore. Lustre-change: https://review.whamcloud.com/50421 Lustre-commit: ea9532fb731bbfe041010e2224219479c2c0d71b Was-Change-Id: I48ad7b1a34fff378c260dc73ea91b22aaa0d7469 HPE-bug-id: LUS-11557 Signed-off-by: Shaun Tancheff Change-Id: Ib8cbb3157fb11b4f1fc55f1626c2998cb202bd8c Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/59083 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Alex Deiter Reviewed-by: Oleg Drokin --- diff --git a/libcfs/libcfs/crypto/policy.c b/libcfs/libcfs/crypto/policy.c index 5d094d5..8f09559 100644 --- a/libcfs/libcfs/crypto/policy.c +++ b/libcfs/libcfs/crypto/policy.c @@ -355,7 +355,7 @@ int llcrypt_ioctl_set_policy(struct file *filp, const void __user *arg) } } - if (!inode_owner_or_capable(&init_user_ns, inode)) + if (!inode_owner_or_capable(&nop_mnt_idmap, inode)) return -EACCES; ret = mnt_want_write_file(filp); diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4 index 308e61b..ef06abb 100644 --- a/lustre/autoconf/lustre-core.m4 +++ b/lustre/autoconf/lustre-core.m4 @@ -3639,6 +3639,81 @@ AC_DEFUN([LC_HAVE_DENTRY_D_CHILDREN], [ ]) # LC_HAVE_DENTRY_D_CHILDREN # +# LC_HAVE_U64_CAPABILITY +# +# linux kernel v6.2-13111-gf122a08b197d +# capability: just use a 'u64' instead of a 'u32[2]' array +# +AC_DEFUN([LC_SRC_HAVE_U64_CAPABILITY], [ + LB2_LINUX_TEST_SRC([kernel_cap_t_has_u64_value], [ + #include + #include + ],[ + kernel_cap_t cap __attribute__ ((unused)); + cap.val = 0xffffffffffffffffull; + ],[-Werror]) +]) +AC_DEFUN([LC_HAVE_U64_CAPABILITY], [ + AC_MSG_CHECKING([if 'kernel_cap_t' has u64 val]) + LB2_LINUX_TEST_RESULT([kernel_cap_t_has_u64_value], [ + AC_DEFINE(HAVE_U64_CAPABILITY, 1, + ['kernel_cap_t' has u64 val]) + ]) +]) # LC_HAVE_U64_CAPABILITY + +# +# LC_HAVE_MNT_IDMAP_ARG +# +# linux kernel v6.2-rc1-4-gb74d24f7a74f +# fs: port ->getattr() to pass mnt_idmap +# linux kernel v6.2-rc1-3-gc1632a0f1120 +# fs: port ->setattr() to pass mnt_idmap +# +AC_DEFUN([LC_SRC_HAVE_MNT_IDMAP_ARG], [ + LB2_LINUX_TEST_SRC([inode_ops_getattr_has_mnt_idmap_argument], [ + #include + #include + ],[ + ((struct inode_operations *)1)->getattr((struct mnt_idmap *)NULL, + NULL, NULL, 0, 0); + ],[-Werror]) +]) +AC_DEFUN([LC_HAVE_MNT_IDMAP_ARG], [ + AC_MSG_CHECKING([if 'inode_operations' members have mnt_idmap argument]) + LB2_LINUX_TEST_RESULT([inode_ops_getattr_has_mnt_idmap_argument], [ + AC_DEFINE(HAVE_MNT_IDMAP_ARG, 1, + ['inode_operations' members have mnt_idmap argument]) + AC_DEFINE(HAVE_USER_NAMESPACE_ARG, 1, + [use mnt_idmap in place of user_namespace argument]) + AC_DEFINE(HAVE_DQUOT_TRANSFER_WITH_USER_NS, 1, + [use mnt_idmap with dquot_transfer]) + ]) +]) # LC_HAVE_MNT_IDMAP_ARG + +# +# LC_HAVE_LOCKS_LOCK_FILE_WAIT_IN_FILELOCK +# +# Linux commit v6.2-rc3-9-g5970e15dbcfe +# filelock: move file locking definitions to separate header file +# +AC_DEFUN([LC_SRC_HAVE_LOCKS_LOCK_FILE_WAIT_IN_FILELOCK], [ + LB2_LINUX_TEST_SRC([locks_lock_file_wait_in_filelock], [ + #include + ],[ + locks_lock_file_wait(NULL, NULL); + ]) +]) +AC_DEFUN([LC_HAVE_LOCKS_LOCK_FILE_WAIT_IN_FILELOCK], [ + AC_MSG_CHECKING([if 'locks_lock_file_wait' exists in filelock.h]) + LB2_LINUX_TEST_RESULT([locks_lock_file_wait_in_filelock], [ + AC_DEFINE(HAVE_LOCKS_LOCK_FILE_WAIT, 1, + [kernel has locks_lock_file_wait in filelock.h]) + AC_DEFINE(HAVE_LINUX_FILELOCK_HEADER, 1, + [linux/filelock.h is present]) + ]) +]) # LC_HAVE_LOCKS_LOCK_FILE_WAIT_IN_FILELOCK + +# # LC_PROG_LINUX # # Lustre linux kernel checks @@ -3878,6 +3953,11 @@ AC_DEFUN([LC_PROG_LINUX_SRC], [ # 6.8 LC_SRC_HAVE_DENTRY_D_CHILDREN + # 6.3 + LC_SRC_HAVE_MNT_IDMAP_ARG + LC_SRC_HAVE_LOCKS_LOCK_FILE_WAIT_IN_FILELOCK + LC_SRC_HAVE_U64_CAPABILITY + # kernel patch to extend integrity interface LC_SRC_BIO_INTEGRITY_PREP_FN ]) @@ -4130,6 +4210,11 @@ AC_DEFUN([LC_PROG_LINUX_RESULTS], [ # 6.8 LC_HAVE_DENTRY_D_CHILDREN + # 6.3 + LC_HAVE_MNT_IDMAP_ARG + LC_HAVE_LOCKS_LOCK_FILE_WAIT_IN_FILELOCK + LC_HAVE_U64_CAPABILITY + # kernel patch to extend integrity interface LC_BIO_INTEGRITY_PREP_FN ]) diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h index d7cc6ac..891db55 100644 --- a/lustre/include/lustre_compat.h +++ b/lustre/include/lustre_compat.h @@ -127,6 +127,11 @@ static inline int d_in_lookup(struct dentry *dentry) #define vfs_unlink(ns, dir, de) vfs_unlink(dir, de) #endif +#ifndef HAVE_MNT_IDMAP_ARG +#define mnt_idmap user_namespace +#define nop_mnt_idmap init_user_ns +#endif + static inline int ll_vfs_getattr(struct path *path, struct kstat *st, u32 request_mask, unsigned int flags) { @@ -175,6 +180,18 @@ static inline void truncate_inode_pages_final(struct address_space *map) } #endif +#ifdef HAVE_U64_CAPABILITY +#define ll_capability_u32(kcap) \ + ((kcap).val & 0xFFFFFFFF) +#define ll_set_capability_u32(kcap, val32) \ + ((kcap)->val = ((kcap)->val & 0xffffffff00000000ull) | (val32)) +#else +#define ll_capability_u32(kcap) \ + ((kcap).cap[0]) +#define ll_set_capability_u32(kcap, val32) \ + ((kcap)->cap[0] = val32) +#endif + #ifndef HAVE_PTR_ERR_OR_ZERO static inline int __must_check PTR_ERR_OR_ZERO(__force const void *ptr) { @@ -219,7 +236,9 @@ static inline int __must_check PTR_ERR_OR_ZERO(__force const void *ptr) #ifdef HAVE_IOP_SET_ACL #ifdef CONFIG_LUSTRE_FS_POSIX_ACL -#if !defined(HAVE_USER_NAMESPACE_ARG) && !defined(HAVE_POSIX_ACL_UPDATE_MODE) +#if !defined(HAVE_USER_NAMESPACE_ARG) \ + && !defined(HAVE_POSIX_ACL_UPDATE_MODE) \ + && !defined(HAVE_MNT_IDMAP_ARG) static inline int posix_acl_update_mode(struct inode *inode, umode_t *mode_p, struct posix_acl **acl) { @@ -476,8 +495,8 @@ static inline int ll_vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *value, size_t size) { -#ifdef HAVE_USER_NAMESPACE_ARG - return vfs_getxattr(&init_user_ns, dentry, name, value, size); +#if defined(HAVE_MNT_IDMAP_ARG) || defined(HAVE_USER_NAMESPACE_ARG) + return vfs_getxattr(&nop_mnt_idmap, dentry, name, value, size); #elif defined(HAVE_VFS_SETXATTR) return __vfs_getxattr(dentry, inode, name, value, size); #else @@ -492,8 +511,8 @@ static inline int ll_vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) { -#ifdef HAVE_USER_NAMESPACE_ARG - return vfs_setxattr(&init_user_ns, dentry, name, +#if defined(HAVE_MNT_IDMAP_ARG) || defined(HAVE_USER_NAMESPACE_ARG) + return vfs_setxattr(&nop_mnt_idmap, dentry, name, VFS_SETXATTR_VALUE(value), size, flags); #elif defined(HAVE_VFS_SETXATTR) return __vfs_setxattr(dentry, inode, name, value, size, flags); @@ -508,8 +527,8 @@ static inline int ll_vfs_setxattr(struct dentry *dentry, struct inode *inode, static inline int ll_vfs_removexattr(struct dentry *dentry, struct inode *inode, const char *name) { -#ifdef HAVE_USER_NAMESPACE_ARG - return vfs_removexattr(&init_user_ns, dentry, name); +#if defined(HAVE_MNT_IDMAP_ARG) || defined(HAVE_USER_NAMESPACE_ARG) + return vfs_removexattr(&nop_mnt_idmap, dentry, name); #elif defined(HAVE_VFS_SETXATTR) return __vfs_removexattr(dentry, name); #else @@ -581,7 +600,7 @@ static inline void ll_security_release_secctx(char *secdata, u32 seclen) #endif } -#ifndef HAVE_USER_NAMESPACE_ARG +#if !defined(HAVE_USER_NAMESPACE_ARG) && !defined(HAVE_MNT_IDMAP_ARG) #define posix_acl_update_mode(ns, inode, mode, acl) \ posix_acl_update_mode(inode, mode, acl) #define notify_change(ns, de, attr, inode) notify_change(de, attr, inode) diff --git a/lustre/ldlm/ldlm_flock.c b/lustre/ldlm/ldlm_flock.c index e447378..f538cf9 100644 --- a/lustre/ldlm/ldlm_flock.c +++ b/lustre/ldlm/ldlm_flock.c @@ -52,6 +52,9 @@ #define DEBUG_SUBSYSTEM S_LDLM #include +#ifdef HAVE_LINUX_FILELOCK_HEADER +#include +#endif #include #include #include diff --git a/lustre/llite/acl.c b/lustre/llite/acl.c index 5ae1aab..8304f97 100644 --- a/lustre/llite/acl.c +++ b/lustre/llite/acl.c @@ -62,7 +62,7 @@ struct posix_acl *ll_get_acl(struct inode *inode, int type } #ifdef HAVE_IOP_SET_ACL -int ll_set_acl(struct user_namespace *mnt_userns, struct inode *inode, +int ll_set_acl(struct mnt_idmap *map, struct inode *inode, struct posix_acl *acl, int type) { struct ll_sb_info *sbi = ll_i2sbi(inode); @@ -77,7 +77,7 @@ int ll_set_acl(struct user_namespace *mnt_userns, struct inode *inode, case ACL_TYPE_ACCESS: name = XATTR_NAME_POSIX_ACL_ACCESS; if (acl) - rc = posix_acl_update_mode(mnt_userns, inode, + rc = posix_acl_update_mode(map, inode, &inode->i_mode, &acl); break; diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c index d1b60e9..0116a39 100644 --- a/lustre/llite/dir.c +++ b/lustre/llite/dir.c @@ -2274,7 +2274,7 @@ migrate_free: if (!S_ISREG(inode2->i_mode)) GOTO(out_iput, rc = -EINVAL); - if (!inode_owner_or_capable(&init_user_ns, inode2)) + if (!inode_owner_or_capable(&nop_mnt_idmap, inode2)) GOTO(out_iput, rc = -EPERM); rc = pcc_ioctl_detach(inode2, detach->pccd_opt); diff --git a/lustre/llite/file.c b/lustre/llite/file.c index 9b0ca09..82c7867 100644 --- a/lustre/llite/file.c +++ b/lustre/llite/file.c @@ -44,6 +44,9 @@ #include #include #include +#ifdef HAVE_LINUX_FILELOCK_HEADER +#include +#endif #include #include @@ -1297,8 +1300,8 @@ static int ll_check_swap_layouts_validity(struct inode *inode1, if (!S_ISREG(inode1->i_mode) || !S_ISREG(inode2->i_mode)) return -EINVAL; - if (inode_permission(&init_user_ns, inode1, MAY_WRITE) || - inode_permission(&init_user_ns, inode2, MAY_WRITE)) + if (inode_permission(&nop_mnt_idmap, inode1, MAY_WRITE) || + inode_permission(&nop_mnt_idmap, inode2, MAY_WRITE)) return -EPERM; if (inode1->i_sb != inode2->i_sb) @@ -4440,7 +4443,7 @@ out_ladvise: if (!S_ISREG(inode->i_mode)) GOTO(out_detach_free, rc = -EINVAL); - if (!inode_owner_or_capable(&init_user_ns, inode)) + if (!inode_owner_or_capable(&nop_mnt_idmap, inode)) GOTO(out_detach_free, rc = -EPERM); rc = pcc_ioctl_detach(inode, detach->pccd_opt); @@ -5461,7 +5464,7 @@ fill_attr: } #if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_INODEOPS_ENHANCED_GETATTR) -int ll_getattr(struct user_namespace *mnt_userns, const struct path *path, +int ll_getattr(struct mnt_idmap *map, const struct path *path, struct kstat *stat, u32 request_mask, unsigned int flags) { return ll_getattr_dentry(path->dentry, stat, request_mask, flags, @@ -5627,8 +5630,7 @@ out: return rc; } -int ll_inode_permission(struct user_namespace *mnt_userns, struct inode *inode, - int mask) +int ll_inode_permission(struct mnt_idmap *idmap, struct inode *inode, int mask) { int rc = 0; struct ll_sb_info *sbi; @@ -5684,7 +5686,7 @@ int ll_inode_permission(struct user_namespace *mnt_userns, struct inode *inode, old_cred = override_creds(cred); } - rc = generic_permission(mnt_userns, inode, mask); + rc = generic_permission(idmap, inode, mask); /* restore current process's credentials and FS capability */ if (squash_id) { revert_creds(old_cred); diff --git a/lustre/llite/llite_foreign_symlink.c b/lustre/llite/llite_foreign_symlink.c index b9ee7da..292f554 100644 --- a/lustre/llite/llite_foreign_symlink.c +++ b/lustre/llite/llite_foreign_symlink.c @@ -797,7 +797,7 @@ failed: /* foreign fake-symlink version of ll_getattr() */ #if defined(HAVE_USER_NAMESPACE_ARG) -int ll_foreign_symlink_getattr(struct user_namespace *mnt_userns, +int ll_foreign_symlink_getattr(struct mnt_idmap *map, const struct path *path, struct kstat *stat, u32 request_mask, unsigned int flags) { diff --git a/lustre/llite/llite_internal.h b/lustre/llite/llite_internal.h index 04615f2..6902742 100644 --- a/lustre/llite/llite_internal.h +++ b/lustre/llite/llite_internal.h @@ -1173,7 +1173,7 @@ extern void ll_rw_stats_tally(struct ll_sb_info *sbi, pid_t pid, struct ll_file_data *file, loff_t pos, size_t count, int rw); #if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_INODEOPS_ENHANCED_GETATTR) -int ll_getattr(struct user_namespace *mnt_userns, const struct path *path, +int ll_getattr(struct mnt_idmap *, const struct path *path, struct kstat *stat, u32 request_mask, unsigned int flags); #else int ll_getattr(struct vfsmount *mnt, struct dentry *de, struct kstat *stat); @@ -1186,7 +1186,7 @@ struct posix_acl *ll_get_acl(struct inode *inode, int type , bool rcu #endif /* HAVE_GET_ACL_RCU_ARG */ ); -int ll_set_acl(struct user_namespace *mnt_userns, struct inode *inode, +int ll_set_acl(struct mnt_idmap *mnt_userns, struct inode *inode, struct posix_acl *acl, int type); #else /* !CONFIG_LUSTRE_FS_POSIX_ACL */ #define ll_get_acl NULL @@ -1213,8 +1213,7 @@ int ll_migrate(struct inode *parent, struct file *file, struct lmv_user_md *lum, const char *name, __u32 flags); int ll_get_fid_by_name(struct inode *parent, const char *name, int namelen, struct lu_fid *fid, struct inode **inode); -int ll_inode_permission(struct user_namespace *mnt_userns, struct inode *inode, - int mask); +int ll_inode_permission(struct mnt_idmap *, struct inode *inode, int mask); int ll_ioctl_check_project(struct inode *inode, __u32 xflags, __u32 projid); int ll_ioctl_fsgetxattr(struct inode *inode, unsigned int cmd, unsigned long arg); @@ -1274,8 +1273,7 @@ int volatile_ref_file(const char *volatile_name, int volatile_len, struct file **ref_file); int ll_setattr_raw(struct dentry *dentry, struct iattr *attr, enum op_xvalid xvalid, bool hsm_import); -int ll_setattr(struct user_namespace *mnt_userns, struct dentry *de, - struct iattr *attr); +int ll_setattr(struct mnt_idmap *, struct dentry *de, struct iattr *attr); int ll_statfs(struct dentry *de, struct kstatfs *sfs); int ll_statfs_internal(struct ll_sb_info *sbi, struct obd_statfs *osfs, u32 flags); diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index 64b3e13..23441de 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -1929,7 +1929,7 @@ static int ll_md_setattr(struct dentry *dentry, struct md_op_data *op_data) !S_ISDIR(inode->i_mode)) { ia_valid = op_data->op_attr.ia_valid; op_data->op_attr.ia_valid &= ~TIMES_SET_FLAGS; - rc = simple_setattr(&init_user_ns, dentry, + rc = simple_setattr(&nop_mnt_idmap, dentry, &op_data->op_attr); op_data->op_attr.ia_valid = ia_valid; } @@ -1952,7 +1952,7 @@ static int ll_md_setattr(struct dentry *dentry, struct md_op_data *op_data) op_data->op_attr.ia_valid &= ~(TIMES_SET_FLAGS | ATTR_SIZE); if (S_ISREG(inode->i_mode)) inode_lock(inode); - rc = simple_setattr(&init_user_ns, dentry, &op_data->op_attr); + rc = simple_setattr(&nop_mnt_idmap, dentry, &op_data->op_attr); if (S_ISREG(inode->i_mode)) inode_unlock(inode); op_data->op_attr.ia_valid = ia_valid; @@ -2431,14 +2431,13 @@ out: RETURN(rc); } -int ll_setattr(struct user_namespace *mnt_userns, struct dentry *de, - struct iattr *attr) +int ll_setattr(struct mnt_idmap *map, struct dentry *de, struct iattr *attr) { int mode = de->d_inode->i_mode; enum op_xvalid xvalid = 0; int rc; - rc = setattr_prepare(mnt_userns, de, attr); + rc = setattr_prepare(map, de, attr); if (rc) return rc; diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index a7d772d..f9b2537 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -1112,7 +1112,7 @@ static struct dentry *ll_lookup_nd(struct inode *parent, struct dentry *dentry, * to proceed with lookup. LU-4185 */ if ((flags & LOOKUP_CREATE) && !(flags & LOOKUP_OPEN) && - (inode_permission(&init_user_ns, + (inode_permission(&nop_mnt_idmap, parent, MAY_WRITE | MAY_EXEC) == 0)) return NULL; @@ -1749,7 +1749,7 @@ err_exit: RETURN(err); } -static int ll_mknod(struct user_namespace *mnt_userns, struct inode *dir, +static int ll_mknod(struct mnt_idmap *map, struct inode *dir, struct dentry *dchild, umode_t mode, dev_t rdev) { ktime_t kstart = ktime_get(); @@ -1791,9 +1791,8 @@ static int ll_mknod(struct user_namespace *mnt_userns, struct inode *dir, /* * Plain create. Intent create is handled in atomic_open. */ -static int ll_create_nd(struct user_namespace *mnt_userns, - struct inode *dir, struct dentry *dentry, - umode_t mode, bool want_excl) +static int ll_create_nd(struct mnt_idmap *map, struct inode *dir, + struct dentry *dentry, umode_t mode, bool want_excl) { ktime_t kstart = ktime_get(); int rc; @@ -1806,7 +1805,7 @@ static int ll_create_nd(struct user_namespace *mnt_userns, /* Using mknod(2) to create a regular file is designed to not recognize * volatile file name, so we use ll_mknod() here. */ - rc = ll_mknod(mnt_userns, dir, dentry, mode, 0); + rc = ll_mknod(map, dir, dentry, mode, 0); CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, unhashed %d\n", dentry, d_unhashed(dentry)); @@ -1818,7 +1817,7 @@ static int ll_create_nd(struct user_namespace *mnt_userns, return rc; } -static int ll_symlink(struct user_namespace *mnt_userns, struct inode *dir, +static int ll_symlink(struct mnt_idmap *map, struct inode *dir, struct dentry *dchild, const char *oldpath) { ktime_t kstart = ktime_get(); @@ -1888,7 +1887,7 @@ out: RETURN(err); } -static int ll_mkdir(struct user_namespace *mnt_userns, struct inode *dir, +static int ll_mkdir(struct mnt_idmap *map, struct inode *dir, struct dentry *dchild, umode_t mode) { ktime_t kstart = ktime_get(); @@ -2063,7 +2062,7 @@ out: RETURN(rc); } -static int ll_rename(struct user_namespace *mnt_userns, +static int ll_rename(struct mnt_idmap *map, struct inode *src, struct dentry *src_dchild, struct inode *tgt, struct dentry *tgt_dchild #if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_IOPS_RENAME_WITH_FLAGS) diff --git a/lustre/llite/pcc.c b/lustre/llite/pcc.c index 9f176b5..3363428 100644 --- a/lustre/llite/pcc.c +++ b/lustre/llite/pcc.c @@ -1776,7 +1776,7 @@ int pcc_inode_setattr(struct inode *inode, struct iattr *attr, inode_lock(pcc_dentry->d_inode); old_cred = override_creds(pcc_super_cred(inode->i_sb)); #ifdef HAVE_USER_NAMESPACE_ARG - rc = pcc_dentry->d_inode->i_op->setattr(&init_user_ns, pcc_dentry, + rc = pcc_dentry->d_inode->i_op->setattr(&nop_mnt_idmap, pcc_dentry, &attr2); #else rc = pcc_dentry->d_inode->i_op->setattr(pcc_dentry, &attr2); @@ -2141,7 +2141,7 @@ static int pcc_inode_remove(struct inode *inode, struct dentry *pcc_dentry) { int rc; - rc = vfs_unlink(&init_user_ns, + rc = vfs_unlink(&nop_mnt_idmap, pcc_dentry->d_parent->d_inode, pcc_dentry); if (rc) CWARN("%s: failed to unlink PCC file %pd, rc = %d\n", @@ -2166,7 +2166,7 @@ pcc_mkdir(struct dentry *base, const char *name, umode_t mode) if (d_is_positive(dentry)) goto out; - rc = vfs_mkdir(&init_user_ns, dir, dentry, mode); + rc = vfs_mkdir(&nop_mnt_idmap, dir, dentry, mode); if (rc) { dput(dentry); dentry = ERR_PTR(rc); @@ -2222,7 +2222,7 @@ pcc_create(struct dentry *base, const char *name, umode_t mode) if (d_is_positive(dentry)) goto out; - rc = vfs_create(&init_user_ns, dir, dentry, mode, false); + rc = vfs_create(&nop_mnt_idmap, dir, dentry, mode, false); if (rc) { dput(dentry); dentry = ERR_PTR(rc); @@ -2288,7 +2288,7 @@ int pcc_inode_reset_iattr(struct dentry *dentry, unsigned int valid, attr.ia_size = size; inode_lock(inode); - rc = notify_change(&init_user_ns, dentry, &attr, NULL); + rc = notify_change(&nop_mnt_idmap, dentry, &attr, NULL); inode_unlock(inode); RETURN(rc); @@ -2376,7 +2376,7 @@ void pcc_create_attach_cleanup(struct super_block *sb, int rc; old_cred = override_creds(pcc_super_cred(sb)); - rc = vfs_unlink(&init_user_ns, + rc = vfs_unlink(&nop_mnt_idmap, pca->pca_dentry->d_parent->d_inode, pca->pca_dentry); if (rc) diff --git a/lustre/llite/symlink.c b/lustre/llite/symlink.c index 1a4bf5f..c5a3c86 100644 --- a/lustre/llite/symlink.c +++ b/lustre/llite/symlink.c @@ -282,7 +282,7 @@ static const char *ll_follow_link(struct dentry *dentry, void **cookie) #if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_INODEOPS_ENHANCED_GETATTR) static int ll_getattr_link( #if defined(HAVE_USER_NAMESPACE_ARG) - struct user_namespace *mnt_userns, + struct mnt_idmap *map, #endif const struct path *path, struct kstat *stat, u32 request_mask, unsigned int flags) @@ -293,7 +293,7 @@ static int ll_getattr_link( const char *link; int rc; - rc = ll_getattr(mnt_userns, path, stat, request_mask, flags); + rc = ll_getattr(map, path, stat, request_mask, flags); if (rc || !IS_ENCRYPTED(inode)) return rc; diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c index 9231650..e6a8104 100644 --- a/lustre/llite/xattr.c +++ b/lustre/llite/xattr.c @@ -96,7 +96,7 @@ static int xattr_type_filter(struct ll_sb_info *sbi, #endif static int ll_xattr_set_common(const struct xattr_handler *handler, - struct user_namespace *mnt_userns, + struct mnt_idmap *map, struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) @@ -129,7 +129,7 @@ static int ll_xattr_set_common(const struct xattr_handler *handler, if ((handler->flags == XATTR_ACL_ACCESS_T || handler->flags == XATTR_ACL_DEFAULT_T) && - !inode_owner_or_capable(mnt_userns, inode)) + !inode_owner_or_capable(map, inode)) RETURN(-EPERM); /* b10667: ignore lustre special xattr for now */ @@ -341,7 +341,7 @@ static int ll_setstripe_ea(struct dentry *dentry, struct lov_user_md *lump, #endif static int ll_xattr_set(const struct xattr_handler *handler, - struct user_namespace *mnt_userns, + struct mnt_idmap *map, struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) @@ -375,7 +375,7 @@ static int ll_xattr_set(const struct xattr_handler *handler, le32_to_cpu(LOV_MAGIC_MASK)) == le32_to_cpu(LOV_MAGIC_MAGIC)) lustre_swab_lov_user_md((struct lov_user_md *)value, 0); - return ll_xattr_set_common(handler, mnt_userns, dentry, inode, name, + return ll_xattr_set_common(handler, map, dentry, inode, name, value, size, flags); } diff --git a/lustre/mdc/mdc_lib.c b/lustre/mdc/mdc_lib.c index 1dea486..7586478 100644 --- a/lustre/mdc/mdc_lib.c +++ b/lustre/mdc/mdc_lib.c @@ -54,7 +54,7 @@ static void __mdc_pack_body(struct mdt_body *b, __u32 suppgid) b->mbo_gid = from_kgid(&init_user_ns, current_gid()); b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid()); b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid()); - b->mbo_capability = current_cap().cap[0]; + b->mbo_capability = ll_capability_u32(current_cap()); } void mdc_swap_layouts_pack(struct req_capsule *pill, @@ -208,7 +208,7 @@ void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->cr_opcode = REINT_CREATE; rec->cr_fsuid = uid; rec->cr_fsgid = gid; - rec->cr_cap = cap_effective.cap[0]; + rec->cr_cap = ll_capability_u32(cap_effective); rec->cr_fid1 = op_data->op_fid1; rec->cr_fid2 = op_data->op_fid2; rec->cr_mode = mode; @@ -295,7 +295,7 @@ void mdc_open_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->cr_opcode = REINT_OPEN; rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->cr_cap = current_cap().cap[0]; + rec->cr_cap = ll_capability_u32(current_cap()); rec->cr_mode = mode; cr_flags = mds_pack_open_flags(flags); rec->cr_rdev = rdev; @@ -396,7 +396,7 @@ static void mdc_setattr_pack_rec(struct mdt_rec_setattr *rec, rec->sa_opcode = REINT_SETATTR; rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->sa_cap = current_cap().cap[0]; + rec->sa_cap = ll_capability_u32(current_cap()); rec->sa_suppgid = -1; rec->sa_fid = op_data->op_fid1; @@ -470,7 +470,7 @@ void mdc_unlink_pack(struct req_capsule *pill, struct md_op_data *op_data) REINT_RMENTRY : REINT_UNLINK; rec->ul_fsuid = op_data->op_fsuid; rec->ul_fsgid = op_data->op_fsgid; - rec->ul_cap = op_data->op_cap.cap[0]; + rec->ul_cap = ll_capability_u32(op_data->op_cap); rec->ul_mode = op_data->op_mode; rec->ul_suppgid1 = op_data->op_suppgids[0]; rec->ul_suppgid2 = -1; @@ -497,7 +497,7 @@ void mdc_link_pack(struct req_capsule *pill, struct md_op_data *op_data) rec->lk_opcode = REINT_LINK; rec->lk_fsuid = op_data->op_fsuid; /* current->fsuid; */ rec->lk_fsgid = op_data->op_fsgid; /* current->fsgid; */ - rec->lk_cap = op_data->op_cap.cap[0]; /* current->cap_effective; */ + rec->lk_cap = ll_capability_u32(op_data->op_cap); rec->lk_suppgid1 = op_data->op_suppgids[0]; rec->lk_suppgid2 = op_data->op_suppgids[1]; rec->lk_fid1 = op_data->op_fid1; @@ -570,7 +570,7 @@ void mdc_rename_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->rn_opcode = REINT_RENAME; rec->rn_fsuid = op_data->op_fsuid; rec->rn_fsgid = op_data->op_fsgid; - rec->rn_cap = op_data->op_cap.cap[0]; + rec->rn_cap = ll_capability_u32(op_data->op_cap); rec->rn_suppgid1 = op_data->op_suppgids[0]; rec->rn_suppgid2 = op_data->op_suppgids[1]; rec->rn_fid1 = op_data->op_fid1; @@ -601,7 +601,7 @@ void mdc_migrate_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->rn_opcode = REINT_MIGRATE; rec->rn_fsuid = op_data->op_fsuid; rec->rn_fsgid = op_data->op_fsgid; - rec->rn_cap = op_data->op_cap.cap[0]; + rec->rn_cap = ll_capability_u32(op_data->op_cap); rec->rn_suppgid1 = op_data->op_suppgids[0]; rec->rn_suppgid2 = op_data->op_suppgids[1]; rec->rn_fid1 = op_data->op_fid1; diff --git a/lustre/mdc/mdc_reint.c b/lustre/mdc/mdc_reint.c index 494fbe0..6df67b1 100644 --- a/lustre/mdc/mdc_reint.c +++ b/lustre/mdc/mdc_reint.c @@ -511,7 +511,7 @@ int mdc_file_resync(struct obd_export *exp, struct md_op_data *op_data) rec->rs_opcode = REINT_RESYNC; rec->rs_fsuid = op_data->op_fsuid; rec->rs_fsgid = op_data->op_fsgid; - rec->rs_cap = op_data->op_cap.cap[0]; + rec->rs_cap = ll_capability_u32(op_data->op_cap); rec->rs_fid = op_data->op_fid1; rec->rs_bias = op_data->op_bias; rec->rs_mirror_id = op_data->op_mirror_id; diff --git a/lustre/mdc/mdc_request.c b/lustre/mdc/mdc_request.c index 80bbb66..b71bb81 100644 --- a/lustre/mdc/mdc_request.c +++ b/lustre/mdc/mdc_request.c @@ -419,7 +419,7 @@ static int mdc_xattr_common(struct obd_export *exp,const struct req_format *fmt, rec->sx_opcode = REINT_SETXATTR; rec->sx_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sx_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->sx_cap = current_cap().cap[0]; + rec->sx_cap = ll_capability_u32(current_cap()); rec->sx_suppgid1 = suppgid; rec->sx_suppgid2 = -1; rec->sx_fid = *fid; diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index 33d7d40..4962e6c 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -114,8 +114,8 @@ static int mdt_root_squash(struct mdt_thread_info *info, lnet_nid_t peernid) } CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n", - libcfs_nid2str(peernid), - ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap.cap[0], + libcfs_nid2str(peernid), ucred->uc_fsuid, ucred->uc_fsgid, + (u32)ll_capability_u32(ucred->uc_cap), squash->rsi_uid, squash->rsi_gid, 0); ucred->uc_fsuid = squash->rsi_uid; @@ -318,7 +318,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_cap = CAP_EMPTY_SET; if (!nodemap || ucred->uc_o_uid != nodemap->nm_squash_uid) - ucred->uc_cap.cap[0] = pud->pud_cap; + ll_set_capability_u32(&ucred->uc_cap, pud->pud_cap); ucred->uc_fsuid = pud->pud_fsuid; ucred->uc_fsgid = pud->pud_fsgid; @@ -562,7 +562,7 @@ static int old_init_ucred(struct mdt_thread_info *info, uc->uc_suppgids[1] = -1; uc->uc_ginfo = NULL; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = body->mbo_capability; + ll_set_capability_u32(&uc->uc_cap, body->mbo_capability); rc = old_init_ucred_common(info, nodemap); nodemap_putref(nodemap); @@ -1148,11 +1148,11 @@ static int mdt_setattr_unpack_rec(struct mdt_thread_info *info) uc->uc_fsuid = rec->sa_fsuid; uc->uc_fsgid = rec->sa_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->sa_cap; + ll_set_capability_u32(&uc->uc_cap, rec->sa_cap); uc->uc_suppgids[0] = rec->sa_suppgid; uc->uc_suppgids[1] = -1; - rr->rr_fid1 = &rec->sa_fid; + rr->rr_fid1 = &rec->sa_fid; la->la_valid = mdt_attr_valid_xlate(rec->sa_valid, rr, ma); la->la_mode = rec->sa_mode; la->la_flags = rec->sa_attr_flags; @@ -1311,7 +1311,7 @@ static int mdt_create_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->cr_fsuid; uc->uc_fsgid = rec->cr_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->cr_cap; + ll_set_capability_u32(&uc->uc_cap, rec->cr_cap); uc->uc_suppgids[0] = rec->cr_suppgid1; uc->uc_suppgids[1] = -1; uc->uc_umask = rec->cr_umask; @@ -1399,17 +1399,17 @@ static int mdt_link_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->lk_fsuid; uc->uc_fsgid = rec->lk_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->lk_cap; + ll_set_capability_u32(&uc->uc_cap, rec->lk_cap); uc->uc_suppgids[0] = rec->lk_suppgid1; uc->uc_suppgids[1] = rec->lk_suppgid2; - attr->la_uid = rec->lk_fsuid; - attr->la_gid = rec->lk_fsgid; - rr->rr_fid1 = &rec->lk_fid1; - rr->rr_fid2 = &rec->lk_fid2; - attr->la_ctime = rec->lk_time; - attr->la_mtime = rec->lk_time; - attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME; + attr->la_uid = rec->lk_fsuid; + attr->la_gid = rec->lk_fsgid; + rr->rr_fid1 = &rec->lk_fid1; + rr->rr_fid2 = &rec->lk_fid2; + attr->la_ctime = rec->lk_time; + attr->la_mtime = rec->lk_time; + attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME; rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0); if (rc < 0) @@ -1444,7 +1444,7 @@ static int mdt_unlink_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->ul_fsuid; uc->uc_fsgid = rec->ul_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->ul_cap; + ll_set_capability_u32(&uc->uc_cap, rec->ul_cap); uc->uc_suppgids[0] = rec->ul_suppgid1; uc->uc_suppgids[1] = -1; @@ -1502,7 +1502,7 @@ static int mdt_rename_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->rn_fsuid; uc->uc_fsgid = rec->rn_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->rn_cap; + ll_set_capability_u32(&uc->uc_cap, rec->rn_cap); uc->uc_suppgids[0] = rec->rn_suppgid1; uc->uc_suppgids[1] = rec->rn_suppgid2; @@ -1556,7 +1556,7 @@ static int mdt_migrate_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->rn_fsuid; uc->uc_fsgid = rec->rn_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->rn_cap; + ll_set_capability_u32(&uc->uc_cap, rec->rn_cap); uc->uc_suppgids[0] = rec->rn_suppgid1; uc->uc_suppgids[1] = rec->rn_suppgid2; @@ -1658,7 +1658,7 @@ static int mdt_open_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->cr_fsuid; uc->uc_fsgid = rec->cr_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->cr_cap; + ll_set_capability_u32(&uc->uc_cap, rec->cr_cap); uc->uc_suppgids[0] = rec->cr_suppgid1; uc->uc_suppgids[1] = rec->cr_suppgid2; uc->uc_umask = rec->cr_umask; @@ -1748,40 +1748,40 @@ static int mdt_setxattr_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->sx_fsuid; uc->uc_fsgid = rec->sx_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->sx_cap; + ll_set_capability_u32(&uc->uc_cap, rec->sx_cap); uc->uc_suppgids[0] = rec->sx_suppgid1; uc->uc_suppgids[1] = -1; - rr->rr_opcode = rec->sx_opcode; - rr->rr_fid1 = &rec->sx_fid; - attr->la_valid = rec->sx_valid; - attr->la_ctime = rec->sx_time; - attr->la_size = rec->sx_size; - attr->la_flags = rec->sx_flags; + rr->rr_opcode = rec->sx_opcode; + rr->rr_fid1 = &rec->sx_fid; + attr->la_valid = rec->sx_valid; + attr->la_ctime = rec->sx_time; + attr->la_size = rec->sx_size; + attr->la_flags = rec->sx_flags; rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0); if (rc < 0) RETURN(rc); - if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) { - rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA, - RCL_CLIENT); + if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) { + rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA, + RCL_CLIENT); if (rr->rr_eadatalen > info->mti_mdt->mdt_max_ea_size) RETURN(-E2BIG); - if (rr->rr_eadatalen > 0) { - rr->rr_eadata = req_capsule_client_get(pill, - &RMF_EADATA); - if (rr->rr_eadata == NULL) - RETURN(-EFAULT); - } else { - rr->rr_eadata = NULL; - } - } else if (!(attr->la_valid & OBD_MD_FLXATTRRM)) { - CDEBUG(D_INFO, "no xattr data supplied\n"); - RETURN(-EFAULT); - } + if (rr->rr_eadatalen > 0) { + rr->rr_eadata = req_capsule_client_get(pill, + &RMF_EADATA); + if (rr->rr_eadata == NULL) + RETURN(-EFAULT); + } else { + rr->rr_eadata = NULL; + } + } else if (!(attr->la_valid & OBD_MD_FLXATTRRM)) { + CDEBUG(D_INFO, "no xattr data supplied\n"); + RETURN(-EFAULT); + } rc = req_check_sepol(pill); if (rc) @@ -1790,7 +1790,7 @@ static int mdt_setxattr_unpack(struct mdt_thread_info *info) if (mdt_dlmreq_unpack(info) < 0) RETURN(-EPROTO); - RETURN(0); + RETURN(0); } static int mdt_resync_unpack(struct mdt_thread_info *info) @@ -1810,7 +1810,7 @@ static int mdt_resync_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->rs_fsuid; uc->uc_fsgid = rec->rs_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->rs_cap; + ll_set_capability_u32(&uc->uc_cap, rec->rs_cap); rr->rr_fid1 = &rec->rs_fid; rr->rr_mirror_id = rec->rs_mirror_id; diff --git a/lustre/osd-ldiskfs/osd_compat.c b/lustre/osd-ldiskfs/osd_compat.c index 98fb931..a182bc5 100644 --- a/lustre/osd-ldiskfs/osd_compat.c +++ b/lustre/osd-ldiskfs/osd_compat.c @@ -200,7 +200,7 @@ simple_mkdir(const struct lu_env *env, struct osd_device *osd, RETURN(dchild); } - err = vfs_mkdir(&init_user_ns, dir->d_inode, dchild, mode); + err = vfs_mkdir(&nop_mnt_idmap, dir->d_inode, dchild, mode); if (err) GOTO(out_err, err); @@ -1313,7 +1313,7 @@ int osd_obj_map_recover(struct osd_thread_info *info, /* If the src object has never been modified, then remove it. */ if (inode->i_size == 0 && inode->i_mode & S_ISUID && inode->i_mode & S_ISGID) { - rc = vfs_unlink(&init_user_ns, src_parent, src_child); + rc = vfs_unlink(&nop_mnt_idmap, src_parent, src_child); if (unlikely(rc == -ENOENT)) rc = 0; } diff --git a/lustre/osd-ldiskfs/osd_handler.c b/lustre/osd-ldiskfs/osd_handler.c index 379cec4..c471c68 100644 --- a/lustre/osd-ldiskfs/osd_handler.c +++ b/lustre/osd-ldiskfs/osd_handler.c @@ -3127,7 +3127,7 @@ static int osd_quota_transfer(struct inode *inode, const struct lu_attr *attr, iattr.ia_gid = make_kgid(&init_user_ns, attr->la_gid); lock_dquot_transfer(inode); - rc = osd_dquot_transfer(&init_user_ns, inode, &iattr); + rc = osd_dquot_transfer(&nop_mnt_idmap, inode, &iattr); unlock_dquot_transfer(inode); if (rc) { CERROR("%s: quota transfer failed. Is quota enforcement enabled on the ldiskfs filesystem? rc = %d\n", diff --git a/lustre/osd-ldiskfs/osd_oi.c b/lustre/osd-ldiskfs/osd_oi.c index b361796..ac42d93 100644 --- a/lustre/osd-ldiskfs/osd_oi.c +++ b/lustre/osd-ldiskfs/osd_oi.c @@ -349,7 +349,7 @@ static int osd_remove_oi_one(struct osd_device *osd, struct dentry *parent, if (IS_ERR(child)) { rc = PTR_ERR(child); } else { - rc = vfs_unlink(&init_user_ns, parent->d_inode, child); + rc = vfs_unlink(&nop_mnt_idmap, parent->d_inode, child); dput(child); } diff --git a/lustre/ptlrpc/ptlrpc_internal.h b/lustre/ptlrpc/ptlrpc_internal.h index 399ff28..0dff8f3 100644 --- a/lustre/ptlrpc/ptlrpc_internal.h +++ b/lustre/ptlrpc/ptlrpc_internal.h @@ -435,7 +435,7 @@ static inline void do_pack_body(struct ptlrpc_request *req) b->mbo_gid = from_kgid(&init_user_ns, current_gid()); b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid()); b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid()); - b->mbo_capability = current_cap().cap[0]; + b->mbo_capability = ll_capability_u32(current_cap()); } #endif /* PTLRPC_INTERNAL_H */ diff --git a/lustre/ptlrpc/sec.c b/lustre/ptlrpc/sec.c index d126df5..3b9d9c7 100644 --- a/lustre/ptlrpc/sec.c +++ b/lustre/ptlrpc/sec.c @@ -2609,7 +2609,7 @@ int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset) pud->pud_gid = from_kgid(&init_user_ns, current_gid()); pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid()); pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid()); - pud->pud_cap = current_cap().cap[0]; + pud->pud_cap = ll_capability_u32(current_cap()); pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4; task_lock(current);