From: NeilBrown <neilb@suse.de>
Date: Mon, 1 Mar 2021 14:15:45 +0000 (-0500)
Subject: LU-9859 libcfs: simplify capability dropping.
X-Git-Tag: 2.14.52~158
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=ee06281d89871c46310ee4b0585ee4489d2c2f3f;hp=b6882c8ae4f47e931cc7b49da1c6bffaaf31499b

LU-9859 libcfs: simplify capability dropping.

Lustre has a 'squash credentials' concept similar to the "anon_uid"
for nfsd.  When accessing a file with squashed credentials, we
need to also drop capabilities.
Linux has cap_drop_fs_set() and cap_drop_nfsd_set().  Rather than
taking a completely different approach, this patch changes lustre
to use this same cap_drop_*_set() approach.

With this change we also drop CAP_MKNOD and CAP_MAC_OVERRIDE
which are probably appropriate, and don't drop
CAP_SYS_ADMIN or CAP_SYS_BOOT which should be irrelevant for
file permission checking

Calling both cap_drop_*_set() seems a bit clumsy, but gets
the job done.

Linux-commit: f497115d4cf8a430c5d9902ce35716ba5f9c21ef

Change-Id: I2f4f691bc4ad090f6abaa4e13eb473bf8d904b23
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-on: https://review.whamcloud.com/41957
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/libcfs/include/libcfs/curproc.h b/libcfs/include/libcfs/curproc.h
index 296e2d0..197c0c9 100644
--- a/libcfs/include/libcfs/curproc.h
+++ b/libcfs/include/libcfs/curproc.h
@@ -41,16 +41,6 @@
 
 typedef __u32 cfs_cap_t;
 
-#define CFS_CAP_FS_MASK	(BIT(CAP_CHOWN)			|	\
-			 BIT(CAP_DAC_OVERRIDE)		|	\
-			 BIT(CAP_DAC_READ_SEARCH)	|	\
-			 BIT(CAP_FOWNER)		|	\
-			 BIT(CAP_FSETID)		|	\
-			 BIT(CAP_LINUX_IMMUTABLE)	|	\
-			 BIT(CAP_SYS_ADMIN)		|	\
-			 BIT(CAP_SYS_BOOT)		|	\
-			 BIT(CAP_SYS_RESOURCE))
-
 static inline cfs_cap_t cfs_curproc_cap_pack(void)
 {
 	/* cfs_cap_t is only the first word of kernel_cap_t */
diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index df25d52..0149146 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -5265,7 +5265,6 @@ int ll_inode_permission(struct inode *inode, int mask)
 	struct root_squash_info *squash;
 	struct cred *cred = NULL;
 	const struct cred *old_cred = NULL;
-	cfs_cap_t cap;
 	bool squash_id = false;
 	ktime_t kstart = ktime_get();
 
@@ -5309,10 +5308,9 @@ int ll_inode_permission(struct inode *inode, int mask)
 
 		cred->fsuid = make_kuid(&init_user_ns, squash->rsi_uid);
 		cred->fsgid = make_kgid(&init_user_ns, squash->rsi_gid);
-		for (cap = 0; cap < sizeof(cfs_cap_t) * 8; cap++) {
-			if (BIT(cap) & CFS_CAP_FS_MASK)
-				cap_lower(cred->cap_effective, cap);
-		}
+		cred->cap_effective = cap_drop_nfsd_set(cred->cap_effective);
+		cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
+
 		old_cred = override_creds(cred);
 	}