From: Mr. NeilBrown Date: Wed, 14 Jul 2021 16:15:26 +0000 (-0400) Subject: LU-9859 libcfs: discard cfs_cap_t, use kernel_cap_t X-Git-Tag: 2.14.54~29 X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=0a6beb2a50f7a4f953a258b63c2ea1fbfd373092 LU-9859 libcfs: discard cfs_cap_t, use kernel_cap_t lustre only sends 32bits of capabilities in on-the-wire RPC calls. It current strips off higher bits and uses a 32bit cfs_cap_t throughout. Though there is a small memory cost, it is cleaner to use kernel_cap_t throughout and only truncate when marshalling data for RPC calls. So this patch replaces cfs_cap_t with kernel_cap_t throughout, and where a cfs_cap_t was previous stored in a __u32, we now store cap.cap[0] instead. With this, we can remove include/linux/libcfs/curproc.h Linux-commit: 18f92a6e3d6bd00941ddfb5837835348f72d39dc Change-Id: If7dd7a16c218dfc0d520e189f021ed6bda3b93fd Signed-off-by: Mr. NeilBrown Signed-off-by: Greg Kroah-Hartman Reviewed-on: https://review.whamcloud.com/43171 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Yang Sheng Reviewed-by: Arshad Hussain Reviewed-by: Oleg Drokin --- diff --git a/libcfs/include/libcfs/Makefile.am b/libcfs/include/libcfs/Makefile.am index 1e65107..be29cfb 100644 --- a/libcfs/include/libcfs/Makefile.am +++ b/libcfs/include/libcfs/Makefile.am @@ -7,7 +7,6 @@ libcfsdir = $(includedir)/libcfs EXTRA_DIST = \ bitmap.h \ - curproc.h \ libcfs.h \ libcfs_cpu.h \ libcfs_crypto.h \ diff --git a/libcfs/include/libcfs/curproc.h b/libcfs/include/libcfs/curproc.h deleted file mode 100644 index e41385c..0000000 --- a/libcfs/include/libcfs/curproc.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * GPL HEADER START - * - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 only, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License version 2 for more details (a copy is included - * in the LICENSE file that accompanied this code). - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; If not, see - * http://www.gnu.org/licenses/gpl-2.0.html - * - * GPL HEADER END - */ -/* - * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. - * Use is subject to license terms. - * - * Copyright (c) 2012, 2014, Intel Corporation. - */ -/* - * This file is part of Lustre, http://www.lustre.org/ - * - * libcfs/include/libcfs/curproc.h - * - * Lustre curproc API declaration - * - * Author: Nikita Danilov - */ - -#ifndef __LIBCFS_CURPROC_H__ -#define __LIBCFS_CURPROC_H__ - -typedef __u32 cfs_cap_t; - -static inline cfs_cap_t cfs_curproc_cap_pack(void) -{ - /* cfs_cap_t is only the first word of kernel_cap_t */ - return (cfs_cap_t)(current_cap().cap[0]); -} - -/* __LIBCFS_CURPROC_H__ */ -#endif -/* - * Local variables: - * c-indentation-style: "K&R" - * c-basic-offset: 8 - * tab-width: 8 - * fill-column: 80 - * scroll-step: 1 - * End: - */ diff --git a/libcfs/include/libcfs/libcfs.h b/libcfs/include/libcfs/libcfs.h index 862c404..0556b6e 100644 --- a/libcfs/include/libcfs/libcfs.h +++ b/libcfs/include/libcfs/libcfs.h @@ -54,7 +54,6 @@ #include #include #include -#include "curproc.h" #define LIBCFS_VERSION "0.7.1" diff --git a/lustre/include/md_object.h b/lustre/include/md_object.h index abab785..f449f93 100644 --- a/lustre/include/md_object.h +++ b/lustre/include/md_object.h @@ -710,7 +710,7 @@ struct lu_ucred { __u32 uc_fsuid; __u32 uc_fsgid; __u32 uc_suppgids[2]; - cfs_cap_t uc_cap; + kernel_cap_t uc_cap; __u32 uc_umask; struct group_info *uc_ginfo; struct md_identity *uc_identity; @@ -729,16 +729,10 @@ int lu_ucred_global_init(void); void lu_ucred_global_fini(void); -#define md_cap_t(x) (x) - -#define MD_CAP_TO_MASK(x) BIT(x) - -#define md_cap_raised(c, flag) (md_cap_t(c) & MD_CAP_TO_MASK(flag)) - /* capable() is copied from linux kernel! */ -static inline int md_capable(struct lu_ucred *uc, cfs_cap_t cap) +static inline int md_capable(struct lu_ucred *uc, int cap) { - if (md_cap_raised(uc->uc_cap, cap)) + if (cap_raised(uc->uc_cap, cap)) return 1; return 0; } diff --git a/lustre/include/obd.h b/lustre/include/obd.h index 1eacd53..9bc1b13 100644 --- a/lustre/include/obd.h +++ b/lustre/include/obd.h @@ -889,7 +889,7 @@ struct md_op_data { __u32 op_suppgids[2]; __u32 op_fsuid; __u32 op_fsgid; - cfs_cap_t op_cap; + kernel_cap_t op_cap; void *op_data; size_t op_data_size; @@ -1124,7 +1124,7 @@ struct md_ops { int (*m_create)(struct obd_export *, struct md_op_data *, const void *, size_t, umode_t, uid_t, gid_t, - cfs_cap_t, __u64, struct ptlrpc_request **); + kernel_cap_t, __u64, struct ptlrpc_request **); int (*m_enqueue)(struct obd_export *, struct ldlm_enqueue_info *, const union ldlm_policy_data *, struct md_op_data *, diff --git a/lustre/include/obd_class.h b/lustre/include/obd_class.h index 093682f..ee7ea9d 100644 --- a/lustre/include/obd_class.h +++ b/lustre/include/obd_class.h @@ -1389,7 +1389,7 @@ static inline int md_close(struct obd_export *exp, struct md_op_data *op_data, static inline int md_create(struct obd_export *exp, struct md_op_data *op_data, const void *data, size_t datalen, umode_t mode, - uid_t uid, gid_t gid, cfs_cap_t cap_effective, + uid_t uid, gid_t gid, kernel_cap_t cap_effective, __u64 rdev, struct ptlrpc_request **request) { int rc; diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c index 4212db0..e9805e7 100644 --- a/lustre/llite/dir.c +++ b/lustre/llite/dir.c @@ -507,7 +507,7 @@ static int ll_dir_setdirstripe(struct dentry *dparent, struct lmv_user_md *lump, err = md_create(sbi->ll_md_exp, op_data, lump, len, mode, from_kuid(&init_user_ns, current_fsuid()), from_kgid(&init_user_ns, current_fsgid()), - cfs_curproc_cap_pack(), 0, &request); + current_cap(), 0, &request); if (err) GOTO(out_request, err); diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index 651ce89..2f9cf59 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -3154,7 +3154,7 @@ struct md_op_data *ll_prep_md_op_data(struct md_op_data *op_data, op_data->op_mod_time = ktime_get_real_seconds(); op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid()); op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid()); - op_data->op_cap = cfs_curproc_cap_pack(); + op_data->op_cap = current_cap(); op_data->op_mds = 0; if ((opc == LUSTRE_OPC_CREATE) && (name != NULL) && filename_is_volatile(name, namelen, &op_data->op_mds)) { diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index 9409c66..3d17ade 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -1567,7 +1567,7 @@ again: err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode, from_kuid(&init_user_ns, current_fsuid()), from_kgid(&init_user_ns, current_fsgid()), - cfs_curproc_cap_pack(), rdev, &request); + current_cap(), rdev, &request); #if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(2, 14, 58, 0) /* * server < 2.12.58 doesn't pack default LMV in intent_getattr reply, diff --git a/lustre/lmv/lmv_obd.c b/lustre/lmv/lmv_obd.c index d1330f0..96b6b5d 100644 --- a/lustre/lmv/lmv_obd.c +++ b/lustre/lmv/lmv_obd.c @@ -1824,7 +1824,7 @@ lmv_op_default_specific_mkdir(const struct md_op_data *op_data) int lmv_create(struct obd_export *exp, struct md_op_data *op_data, const void *data, size_t datalen, umode_t mode, uid_t uid, - gid_t gid, cfs_cap_t cap_effective, __u64 rdev, + gid_t gid, kernel_cap_t cap_effective, __u64 rdev, struct ptlrpc_request **request) { struct obd_device *obd = exp->exp_obd; @@ -2085,7 +2085,7 @@ static int lmv_link(struct obd_export *exp, struct md_op_data *op_data, op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid()); op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid()); - op_data->op_cap = cfs_curproc_cap_pack(); + op_data->op_cap = current_cap(); tgt = lmv_locate_tgt2(lmv, op_data); if (IS_ERR(tgt)) @@ -2129,7 +2129,7 @@ static int lmv_migrate(struct obd_export *exp, struct md_op_data *op_data, op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid()); op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid()); - op_data->op_cap = cfs_curproc_cap_pack(); + op_data->op_cap = current_cap(); parent_tgt = lmv_fid2tgt(lmv, &op_data->op_fid1); if (IS_ERR(parent_tgt)) @@ -2283,7 +2283,7 @@ static int lmv_rename(struct obd_export *exp, struct md_op_data *op_data, op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid()); op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid()); - op_data->op_cap = cfs_curproc_cap_pack(); + op_data->op_cap = current_cap(); op_data->op_name = new; op_data->op_namelen = newlen; @@ -2876,7 +2876,7 @@ static int lmv_unlink(struct obd_export *exp, struct md_op_data *op_data, op_data->op_fsuid = from_kuid(&init_user_ns, current_fsuid()); op_data->op_fsgid = from_kgid(&init_user_ns, current_fsgid()); - op_data->op_cap = cfs_curproc_cap_pack(); + op_data->op_cap = current_cap(); retry: parent_tgt = lmv_locate_tgt(lmv, op_data); diff --git a/lustre/mdc/mdc_internal.h b/lustre/mdc/mdc_internal.h index ab94861..20a81bf 100644 --- a/lustre/mdc/mdc_internal.h +++ b/lustre/mdc/mdc_internal.h @@ -48,7 +48,7 @@ void mdc_setattr_pack(struct req_capsule *pill, struct md_op_data *op_data, void *ea, size_t ealen); void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data, const void *data, size_t datalen, umode_t mode, - uid_t uid, gid_t gid, cfs_cap_t capability, __u64 rdev); + uid_t uid, gid_t gid, kernel_cap_t capability, u64 rdev); void mdc_open_pack(struct req_capsule *pill, struct md_op_data *op_data, umode_t mode, __u64 rdev, __u64 flags, const void *data, size_t datalen); @@ -110,7 +110,7 @@ void mdc_replay_open(struct ptlrpc_request *req); int mdc_create(struct obd_export *exp, struct md_op_data *op_data, const void *data, size_t datalen, umode_t mode, uid_t uid, gid_t gid, - cfs_cap_t capability, __u64 rdev, + kernel_cap_t capability, __u64 rdev, struct ptlrpc_request **request); int mdc_link(struct obd_export *exp, struct md_op_data *op_data, struct ptlrpc_request **request); diff --git a/lustre/mdc/mdc_lib.c b/lustre/mdc/mdc_lib.c index 8c3fafe..40f2349 100644 --- a/lustre/mdc/mdc_lib.c +++ b/lustre/mdc/mdc_lib.c @@ -54,7 +54,7 @@ static void __mdc_pack_body(struct mdt_body *b, __u32 suppgid) b->mbo_gid = from_kgid(&init_user_ns, current_gid()); b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid()); b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid()); - b->mbo_capability = cfs_curproc_cap_pack(); + b->mbo_capability = current_cap().cap[0]; } void mdc_swap_layouts_pack(struct req_capsule *pill, @@ -192,7 +192,7 @@ void mdc_readdir_pack(struct req_capsule *pill, __u64 pgoff, size_t size, /* packing of MDS records */ void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data, const void *data, size_t datalen, umode_t mode, - uid_t uid, gid_t gid, cfs_cap_t cap_effective, __u64 rdev) + uid_t uid, gid_t gid, kernel_cap_t cap_effective, u64 rdev) { struct mdt_rec_create *rec; char *tmp; @@ -205,7 +205,7 @@ void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->cr_opcode = REINT_CREATE; rec->cr_fsuid = uid; rec->cr_fsgid = gid; - rec->cr_cap = cap_effective; + rec->cr_cap = cap_effective.cap[0]; rec->cr_fid1 = op_data->op_fid1; rec->cr_fid2 = op_data->op_fid2; rec->cr_mode = mode; @@ -292,7 +292,7 @@ void mdc_open_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->cr_opcode = REINT_OPEN; rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->cr_cap = cfs_curproc_cap_pack(); + rec->cr_cap = current_cap().cap[0]; rec->cr_mode = mode; cr_flags = mds_pack_open_flags(flags); rec->cr_rdev = rdev; @@ -393,7 +393,7 @@ static void mdc_setattr_pack_rec(struct mdt_rec_setattr *rec, rec->sa_opcode = REINT_SETATTR; rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->sa_cap = cfs_curproc_cap_pack(); + rec->sa_cap = current_cap().cap[0]; rec->sa_suppgid = -1; rec->sa_fid = op_data->op_fid1; @@ -467,7 +467,7 @@ void mdc_unlink_pack(struct req_capsule *pill, struct md_op_data *op_data) REINT_RMENTRY : REINT_UNLINK; rec->ul_fsuid = op_data->op_fsuid; rec->ul_fsgid = op_data->op_fsgid; - rec->ul_cap = op_data->op_cap; + rec->ul_cap = op_data->op_cap.cap[0]; rec->ul_mode = op_data->op_mode; rec->ul_suppgid1 = op_data->op_suppgids[0]; rec->ul_suppgid2 = -1; @@ -494,7 +494,7 @@ void mdc_link_pack(struct req_capsule *pill, struct md_op_data *op_data) rec->lk_opcode = REINT_LINK; rec->lk_fsuid = op_data->op_fsuid; /* current->fsuid; */ rec->lk_fsgid = op_data->op_fsgid; /* current->fsgid; */ - rec->lk_cap = op_data->op_cap; /* current->cap_effective; */ + rec->lk_cap = op_data->op_cap.cap[0]; /* current->cap_effective; */ rec->lk_suppgid1 = op_data->op_suppgids[0]; rec->lk_suppgid2 = op_data->op_suppgids[1]; rec->lk_fid1 = op_data->op_fid1; @@ -567,7 +567,7 @@ void mdc_rename_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->rn_opcode = REINT_RENAME; rec->rn_fsuid = op_data->op_fsuid; rec->rn_fsgid = op_data->op_fsgid; - rec->rn_cap = op_data->op_cap; + rec->rn_cap = op_data->op_cap.cap[0]; rec->rn_suppgid1 = op_data->op_suppgids[0]; rec->rn_suppgid2 = op_data->op_suppgids[1]; rec->rn_fid1 = op_data->op_fid1; @@ -598,7 +598,7 @@ void mdc_migrate_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->rn_opcode = REINT_MIGRATE; rec->rn_fsuid = op_data->op_fsuid; rec->rn_fsgid = op_data->op_fsgid; - rec->rn_cap = op_data->op_cap; + rec->rn_cap = op_data->op_cap.cap[0]; rec->rn_suppgid1 = op_data->op_suppgids[0]; rec->rn_suppgid2 = op_data->op_suppgids[1]; rec->rn_fid1 = op_data->op_fid1; diff --git a/lustre/mdc/mdc_reint.c b/lustre/mdc/mdc_reint.c index 1a7a270..f75d559 100644 --- a/lustre/mdc/mdc_reint.c +++ b/lustre/mdc/mdc_reint.c @@ -160,7 +160,7 @@ int mdc_setattr(struct obd_export *exp, struct md_op_data *op_data, int mdc_create(struct obd_export *exp, struct md_op_data *op_data, const void *data, size_t datalen, umode_t mode, uid_t uid, gid_t gid, - cfs_cap_t cap_effective, __u64 rdev, + kernel_cap_t cap_effective, __u64 rdev, struct ptlrpc_request **request) { struct ptlrpc_request *req; @@ -514,7 +514,7 @@ int mdc_file_resync(struct obd_export *exp, struct md_op_data *op_data) rec->rs_opcode = REINT_RESYNC; rec->rs_fsuid = op_data->op_fsuid; rec->rs_fsgid = op_data->op_fsgid; - rec->rs_cap = op_data->op_cap; + rec->rs_cap = op_data->op_cap.cap[0]; rec->rs_fid = op_data->op_fid1; rec->rs_bias = op_data->op_bias; rec->rs_mirror_id = op_data->op_mirror_id; diff --git a/lustre/mdc/mdc_request.c b/lustre/mdc/mdc_request.c index 3df0523..7629a00 100644 --- a/lustre/mdc/mdc_request.c +++ b/lustre/mdc/mdc_request.c @@ -385,7 +385,7 @@ static int mdc_xattr_common(struct obd_export *exp,const struct req_format *fmt, rec->sx_opcode = REINT_SETXATTR; rec->sx_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sx_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->sx_cap = cfs_curproc_cap_pack(); + rec->sx_cap = current_cap().cap[0]; rec->sx_suppgid1 = suppgid; rec->sx_suppgid2 = -1; rec->sx_fid = *fid; diff --git a/lustre/mdt/mdt_coordinator.c b/lustre/mdt/mdt_coordinator.c index 1420cb1..2dbcebc 100644 --- a/lustre/mdt/mdt_coordinator.c +++ b/lustre/mdt/mdt_coordinator.c @@ -922,8 +922,6 @@ static int mdt_hsm_pending_restore(struct mdt_thread_info *mti) int hsm_init_ucred(struct lu_ucred *uc) { - kernel_cap_t kcap = cap_combine(CAP_FS_SET, CAP_NFSD_SET); - ENTRY; uc->uc_valid = UCRED_OLD; uc->uc_o_uid = 0; @@ -936,7 +934,7 @@ int hsm_init_ucred(struct lu_ucred *uc) uc->uc_fsgid = 0; uc->uc_suppgids[0] = -1; uc->uc_suppgids[1] = -1; - uc->uc_cap = kcap.cap[0]; + uc->uc_cap = cap_combine(CAP_FS_SET, CAP_NFSD_SET); uc->uc_umask = 0777; uc->uc_ginfo = NULL; uc->uc_identity = NULL; diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 77ced3e..a54cef4 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -2363,7 +2363,7 @@ static int mdt_rmfid_check_permission(struct mdt_thread_info *info, if (la->la_flags & LUSTRE_IMMUTABLE_FL) rc = -EACCES; - if (md_capable(uc, CAP_DAC_OVERRIDE)) + if (cap_raised(uc->uc_cap, CAP_DAC_OVERRIDE)) RETURN(0); if (uc->uc_fsuid == la->la_uid) { if ((la->la_mode & S_IWUSR) == 0) diff --git a/lustre/mdt/mdt_hsm.c b/lustre/mdt/mdt_hsm.c index 84b7c2f..6617277 100644 --- a/lustre/mdt/mdt_hsm.c +++ b/lustre/mdt/mdt_hsm.c @@ -91,7 +91,7 @@ static inline bool mdt_hsm_is_admin(struct mdt_thread_info *info) if (rc < 0) return false; - is_admin = md_capable(mdt_ucred(info), CAP_SYS_ADMIN); + is_admin = cap_raised(mdt_ucred(info)->uc_cap, CAP_SYS_ADMIN); mdt_exit_ucred(info); @@ -318,7 +318,7 @@ int mdt_hsm_state_set(struct tgt_session_info *tsi) /* Non-root users are forbidden to set or clear flags which are * NOT defined in HSM_USER_MASK. */ if (((hss->hss_setmask | hss->hss_clearmask) & ~HSM_USER_MASK) && - !md_capable(mdt_ucred(info), CAP_SYS_ADMIN)) { + !cap_raised(mdt_ucred(info)->uc_cap, CAP_SYS_ADMIN)) { CDEBUG(D_HSM, "Incompatible masks provided (set %#llx" ", clear %#llx) vs unprivileged set (%#x).\n", hss->hss_setmask, hss->hss_clearmask, HSM_USER_MASK); diff --git a/lustre/mdt/mdt_hsm_cdt_client.c b/lustre/mdt/mdt_hsm_cdt_client.c index ac5ff93..9f78796 100644 --- a/lustre/mdt/mdt_hsm_cdt_client.c +++ b/lustre/mdt/mdt_hsm_cdt_client.c @@ -239,7 +239,7 @@ hsm_action_permission(struct mdt_thread_info *mti, if (hsma != HSMA_RESTORE && mdt_rdonly(mti->mti_exp)) RETURN(-EROFS); - if (md_capable(uc, CAP_SYS_ADMIN)) + if (cap_raised(uc->uc_cap, CAP_SYS_ADMIN)) RETURN(0); ma->ma_need = MA_INODE; @@ -313,7 +313,7 @@ static int mdt_hsm_register_hal(struct mdt_thread_info *mti, /* In case of REMOVE and CANCEL a Lustre file * is not mandatory, but restrict this * exception to admins. */ - if (md_capable(mdt_ucred(mti), CAP_SYS_ADMIN) && + if (cap_raised(mdt_ucred(mti)->uc_cap, CAP_SYS_ADMIN) && (hai->hai_action == HSMA_REMOVE || hai->hai_action == HSMA_CANCEL)) goto record; diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index 17305cb..4e09c2a 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -1411,7 +1411,7 @@ static inline bool mdt_is_rootadmin(struct mdt_thread_info *info) uc = mdt_ucred(info); is_admin = (uc->uc_uid == 0 && uc->uc_gid == 0 && - md_capable(uc, CAP_SYS_ADMIN)); + cap_raised(uc->uc_cap, CAP_SYS_ADMIN)); mdt_exit_ucred(info); diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index f88bce3..76a80aa 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -115,12 +115,12 @@ static int mdt_root_squash(struct mdt_thread_info *info, lnet_nid_t peernid) CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n", libcfs_nid2str(peernid), - ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap, + ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap.cap[0], squash->rsi_uid, squash->rsi_gid, 0); ucred->uc_fsuid = squash->rsi_uid; ucred->uc_fsgid = squash->rsi_gid; - ucred->uc_cap = 0; + ucred->uc_cap = CAP_EMPTY_SET; ucred->uc_suppgids[0] = -1; ucred->uc_suppgids[1] = -1; @@ -315,11 +315,10 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_uid = pud->pud_uid; ucred->uc_gid = pud->pud_gid; - if (nodemap && ucred->uc_o_uid == nodemap->nm_squash_uid) { - ucred->uc_cap = 0; - } else { - ucred->uc_cap = pud->pud_cap; - } + ucred->uc_cap = CAP_EMPTY_SET; + if (!nodemap || ucred->uc_o_uid != nodemap->nm_squash_uid) + ucred->uc_cap.cap[0] = pud->pud_cap; + ucred->uc_fsuid = pud->pud_fsuid; ucred->uc_fsgid = pud->pud_fsgid; @@ -470,7 +469,7 @@ static int old_init_ucred_common(struct mdt_thread_info *info, if (nodemap->nmf_deny_unknown) RETURN(-EACCES); - uc->uc_cap = 0; + uc->uc_cap = CAP_EMPTY_SET; uc->uc_suppgids[0] = -1; uc->uc_suppgids[1] = -1; } @@ -479,12 +478,9 @@ static int old_init_ucred_common(struct mdt_thread_info *info, identity = mdt_identity_get(mdt->mdt_identity_cache, uc->uc_fsuid); if (IS_ERR(identity)) { - kernel_cap_t kcap = cap_combine(CAP_FS_SET, - CAP_NFSD_SET); - u32 cap_mask = kcap.cap[0]; - if (unlikely(PTR_ERR(identity) == -EREMCHG || - uc->uc_cap & cap_mask)) { + cap_raised(uc->uc_cap, + CAP_DAC_READ_SEARCH))) { identity = NULL; } else { CDEBUG(D_SEC, "Deny access without identity: " @@ -538,7 +534,8 @@ static int old_init_ucred(struct mdt_thread_info *info, uc->uc_suppgids[0] = body->mbo_suppgid; uc->uc_suppgids[1] = -1; uc->uc_ginfo = NULL; - uc->uc_cap = body->mbo_capability; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = body->mbo_capability; rc = old_init_ucred_common(info, nodemap); nodemap_putref(nodemap); @@ -611,11 +608,8 @@ int mdt_init_ucred_reint(struct mdt_thread_info *info) /* LU-5564: for normal close request, skip permission check */ if (lustre_msg_get_opc(req->rq_reqmsg) == MDS_CLOSE && !(ma->ma_attr_flags & (MDS_HSM_RELEASE | MDS_CLOSE_LAYOUT_SWAP))) { - kernel_cap_t kcap = { { uc->uc_cap, } }; - - kcap = cap_raise_nfsd_set(kcap, CAP_FULL_SET); - kcap = cap_raise_fs_set(kcap, CAP_FULL_SET); - uc->uc_cap = kcap.cap[0]; + cap_raise_nfsd_set(uc->uc_cap, CAP_FULL_SET); + cap_raise_fs_set(uc->uc_cap, CAP_FULL_SET); } mdt_exit_ucred(info); @@ -1126,7 +1120,8 @@ static int mdt_setattr_unpack_rec(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->sa_fsuid; uc->uc_fsgid = rec->sa_fsgid; - uc->uc_cap = rec->sa_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->sa_cap; uc->uc_suppgids[0] = rec->sa_suppgid; uc->uc_suppgids[1] = -1; @@ -1287,7 +1282,8 @@ static int mdt_create_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->cr_fsuid; uc->uc_fsgid = rec->cr_fsgid; - uc->uc_cap = rec->cr_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->cr_cap; uc->uc_suppgids[0] = rec->cr_suppgid1; uc->uc_suppgids[1] = -1; uc->uc_umask = rec->cr_umask; @@ -1371,7 +1367,8 @@ static int mdt_link_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->lk_fsuid; uc->uc_fsgid = rec->lk_fsgid; - uc->uc_cap = rec->lk_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->lk_cap; uc->uc_suppgids[0] = rec->lk_suppgid1; uc->uc_suppgids[1] = rec->lk_suppgid2; @@ -1415,7 +1412,8 @@ static int mdt_unlink_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->ul_fsuid; uc->uc_fsgid = rec->ul_fsgid; - uc->uc_cap = rec->ul_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->ul_cap; uc->uc_suppgids[0] = rec->ul_suppgid1; uc->uc_suppgids[1] = -1; @@ -1468,7 +1466,8 @@ static int mdt_rename_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->rn_fsuid; uc->uc_fsgid = rec->rn_fsgid; - uc->uc_cap = rec->rn_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->rn_cap; uc->uc_suppgids[0] = rec->rn_suppgid1; uc->uc_suppgids[1] = rec->rn_suppgid2; @@ -1521,7 +1520,8 @@ static int mdt_migrate_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->rn_fsuid; uc->uc_fsgid = rec->rn_fsgid; - uc->uc_cap = rec->rn_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->rn_cap; uc->uc_suppgids[0] = rec->rn_suppgid1; uc->uc_suppgids[1] = rec->rn_suppgid2; @@ -1621,7 +1621,8 @@ static int mdt_open_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->cr_fsuid; uc->uc_fsgid = rec->cr_fsgid; - uc->uc_cap = rec->cr_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->cr_cap; uc->uc_suppgids[0] = rec->cr_suppgid1; uc->uc_suppgids[1] = rec->cr_suppgid2; uc->uc_umask = rec->cr_umask; @@ -1710,7 +1711,8 @@ static int mdt_setxattr_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->sx_fsuid; uc->uc_fsgid = rec->sx_fsgid; - uc->uc_cap = rec->sx_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->sx_cap; uc->uc_suppgids[0] = rec->sx_suppgid1; uc->uc_suppgids[1] = -1; @@ -1771,7 +1773,8 @@ static int mdt_resync_unpack(struct mdt_thread_info *info) /* This prior initialization is needed for old_init_ucred_reint() */ uc->uc_fsuid = rec->rs_fsuid; uc->uc_fsgid = rec->rs_fsgid; - uc->uc_cap = rec->rs_cap; + uc->uc_cap = CAP_EMPTY_SET; + uc->uc_cap.cap[0] = rec->rs_cap; rr->rr_fid1 = &rec->rs_fid; rr->rr_mirror_id = rec->rs_mirror_id; diff --git a/lustre/mdt/mdt_open.c b/lustre/mdt/mdt_open.c index f7c2d55..e211d36 100644 --- a/lustre/mdt/mdt_open.c +++ b/lustre/mdt/mdt_open.c @@ -1668,7 +1668,7 @@ static struct mdt_object *mdt_orphan_open(struct mdt_thread_info *info, .ln_namelen = sizeof("i_am_nobody") - 1, }; struct lu_ucred *uc; - cfs_cap_t uc_cap_save; + kernel_cap_t uc_cap_save; int rc; ENTRY; @@ -1697,7 +1697,7 @@ static struct mdt_object *mdt_orphan_open(struct mdt_thread_info *info, uc = lu_ucred(env); uc_cap_save = uc->uc_cap; - uc->uc_cap |= BIT(CAP_DAC_OVERRIDE); + cap_raise(uc->uc_cap, CAP_DAC_OVERRIDE); rc = mdo_create(env, mdt_object_child(local_root), &lname, mdt_object_child(obj), spec, attr); uc->uc_cap = uc_cap_save; @@ -1776,7 +1776,7 @@ static int mdt_hsm_release(struct mdt_thread_info *info, struct mdt_object *o, struct mdt_object *orphan; struct md_attr *orp_ma; struct lu_buf *buf; - cfs_cap_t cap; + kernel_cap_t cap; bool lease_broken; int rc; int rc2; @@ -1969,7 +1969,7 @@ static int mdt_hsm_release(struct mdt_thread_info *info, struct mdt_object *o, /* The orphan has root ownership so we need to raise * CAP_FOWNER to set the HSM attributes. */ cap = uc->uc_cap; - uc->uc_cap |= MD_CAP_TO_MASK(CAP_FOWNER); + cap_raise(uc->uc_cap, CAP_FOWNER); rc = mo_xattr_set(info->mti_env, mdt_object_child(orphan), buf, XATTR_NAME_HSM, 0); uc->uc_cap = cap; diff --git a/lustre/mdt/mdt_reint.c b/lustre/mdt/mdt_reint.c index 8053bb2..82a3bf1 100644 --- a/lustre/mdt/mdt_reint.c +++ b/lustre/mdt/mdt_reint.c @@ -541,7 +541,7 @@ static int mdt_create(struct mdt_thread_info *info) LMV_HASH_TYPE_CRUSH) RETURN(-EPROTO); - if (!md_capable(uc, CAP_SYS_ADMIN) && + if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) RETURN(-EPERM); @@ -763,7 +763,7 @@ int mdt_add_dirty_flag(struct mdt_thread_info *info, struct mdt_object *mo, struct md_attr *ma) { struct lu_ucred *uc = mdt_ucred(info); - cfs_cap_t cap_saved; + kernel_cap_t cap_saved; int rc; ENTRY; @@ -785,7 +785,7 @@ int mdt_add_dirty_flag(struct mdt_thread_info *info, struct mdt_object *mo, * set the HSM state to dirty. */ cap_saved = uc->uc_cap; - uc->uc_cap |= MD_CAP_TO_MASK(CAP_FOWNER); + cap_raise(uc->uc_cap, CAP_FOWNER); rc = mdt_hsm_attr_set(info, mo, &ma->ma_hsm); uc->uc_cap = cap_saved; if (rc) @@ -922,7 +922,7 @@ static int mdt_reint_setattr(struct mdt_thread_info *info, !mdt->mdt_enable_striped_dir) GOTO(out_put, rc = -EPERM); - if (!md_capable(uc, CAP_SYS_ADMIN) && + if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) GOTO(out_put, rc = -EPERM); @@ -1155,7 +1155,7 @@ relock: /* Return -ENOTSUPP for old client */ GOTO(put_child, rc = -ENOTSUPP); - if (!md_capable(uc, CAP_SYS_ADMIN)) + if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN)) GOTO(put_child, rc = -EPERM); ma->ma_need = MA_INODE; @@ -2193,7 +2193,7 @@ int mdt_reint_migrate(struct mdt_thread_info *info, if (!mdt->mdt_enable_remote_dir || !mdt->mdt_enable_dir_migration) RETURN(-EPERM); - if (uc && !md_capable(uc, CAP_SYS_ADMIN) && + if (uc && !cap_raised(uc->uc_cap, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) RETURN(-EPERM); diff --git a/lustre/mdt/mdt_restripe.c b/lustre/mdt/mdt_restripe.c index e62f070..22559f5 100644 --- a/lustre/mdt/mdt_restripe.c +++ b/lustre/mdt/mdt_restripe.c @@ -884,7 +884,6 @@ static int mdt_restriper_main(void *arg) int mdt_restriper_start(struct mdt_device *mdt) { struct mdt_dir_restriper *restriper = &mdt->mdt_restriper; - kernel_cap_t kcap = cap_combine(CAP_FS_SET, CAP_NFSD_SET); struct task_struct *task; struct mdt_thread_info *info; struct lu_ucred *uc; @@ -932,7 +931,7 @@ int mdt_restriper_start(struct mdt_device *mdt) uc->uc_fsgid = 0; uc->uc_suppgids[0] = -1; uc->uc_suppgids[1] = -1; - uc->uc_cap = kcap.cap[0]; + uc->uc_cap = cap_combine(CAP_FS_SET, CAP_NFSD_SET); uc->uc_umask = 0644; uc->uc_ginfo = NULL; uc->uc_identity = NULL; diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c index 077363d..59b3374 100644 --- a/lustre/mdt/mdt_xattr.c +++ b/lustre/mdt/mdt_xattr.c @@ -346,7 +346,7 @@ int mdt_dir_layout_update(struct mdt_thread_info *info) if (!mdt->mdt_enable_dir_migration) RETURN(-EPERM); - if (!md_capable(uc, CAP_SYS_ADMIN) && + if (!cap_raised(uc->uc_cap, CAP_SYS_ADMIN) && uc->uc_gid != mdt->mdt_enable_remote_dir_gid && mdt->mdt_enable_remote_dir_gid != -1) RETURN(-EPERM); @@ -578,7 +578,7 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, } } - if (!md_capable(mdt_ucred(info), CAP_SYS_ADMIN)) + if (!cap_raised(mdt_ucred(info)->uc_cap, CAP_SYS_ADMIN)) GOTO(out, rc = -EPERM); if (strcmp(xattr_name, XATTR_NAME_LOV) == 0 || diff --git a/lustre/obdecho/echo_client.c b/lustre/obdecho/echo_client.c index 4042fe5..500358c 100644 --- a/lustre/obdecho/echo_client.c +++ b/lustre/obdecho/echo_client.c @@ -2260,14 +2260,14 @@ static void echo_ucred_init(struct lu_env *env) from_kuid(&init_user_ns, current_fsuid()); ucred->uc_fsgid = ucred->uc_o_fsgid = from_kgid(&init_user_ns, current_fsgid()); - ucred->uc_cap = cfs_curproc_cap_pack(); + ucred->uc_cap = current_cap(); /* remove fs privilege for non-root user. */ if (ucred->uc_fsuid) { kcap = cap_drop_nfsd_set(kcap); kcap = cap_drop_fs_set(kcap); } - ucred->uc_cap = kcap.cap[0]; + ucred->uc_cap = kcap; ucred->uc_valid = UCRED_NEW; } diff --git a/lustre/ptlrpc/ptlrpc_internal.h b/lustre/ptlrpc/ptlrpc_internal.h index 8c38908..b120031 100644 --- a/lustre/ptlrpc/ptlrpc_internal.h +++ b/lustre/ptlrpc/ptlrpc_internal.h @@ -433,7 +433,7 @@ static inline void do_pack_body(struct ptlrpc_request *req) b->mbo_gid = from_kgid(&init_user_ns, current_gid()); b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid()); b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid()); - b->mbo_capability = cfs_curproc_cap_pack(); + b->mbo_capability = current_cap().cap[0]; } #endif /* PTLRPC_INTERNAL_H */ diff --git a/lustre/ptlrpc/sec.c b/lustre/ptlrpc/sec.c index 85e31a7..848688b 100644 --- a/lustre/ptlrpc/sec.c +++ b/lustre/ptlrpc/sec.c @@ -2605,7 +2605,7 @@ int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset) pud->pud_gid = from_kgid(&init_user_ns, current_gid()); pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid()); pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid()); - pud->pud_cap = cfs_curproc_cap_pack(); + pud->pud_cap = current_cap().cap[0]; pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4; task_lock(current);