Revert "(namespace) vfs: Verify acls are valid within superblock's s_user_ns."

BugLink: https://bugs.launchpad.net/bugs/1644165
This reverts commit 392767a8218721745b75fb24d36adba964b92fa6.

The kernel fix for bug #1634964 breaks LXD userspace, in particular the
following commits:

ac7f3f73cb39 (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
ca52383ad6a6 (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs

LXD 2.0.6 will include changes to support these kernel changes, but it isn't
available yet on xenial, so for now we just revert these commits.

Signed-off-by: Luis Henriques <luis.henriques@canonical.com>

diff --git a/drivers/staging/lustre/lustre/mdc/mdc_request.c b/drivers/staging/lustre/lustre/mdc/mdc_request.c
index b0a7b25e0a34b3220b5108bc06a748f0e14bbb4e..16a5a10d371edf11de40f12dcf294bd199614261 100644 (file)
--- a/drivers/staging/lustre/lustre/mdc/mdc_request.c
+++ b/drivers/staging/lustre/lustre/mdc/mdc_request.c
@@ -433,7 +433,7 @@ static int mdc_unpack_acl(struct ptlrpc_request *req, struct lustre_md *md)
                return rc;
        }
 
-       rc = posix_acl_valid(&init_user_ns, acl);
+       rc = posix_acl_valid(acl);
        if (rc) {
                CERROR("validate acl: %d\n", rc);
                posix_acl_release(acl);

diff --git a/fs/9p/acl.c b/fs/9p/acl.c
index f28be23786479eb677803248720ea9508101eb1e..929b618da43bb345cc69699ee96fd00beb358e73 100644 (file)
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -272,7 +272,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler,
                if (IS_ERR(acl))
                        return PTR_ERR(acl);
                else if (acl) {
-                       retval = posix_acl_valid(inode->i_sb->s_user_ns, acl);
+                       retval = posix_acl_valid(acl);
                        if (retval)
                                goto err_out;
                }

diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 93a8b46465c769ccbe9e9e3c94df38a68c82f2fa..a60d3cc5b55d9190539d07e6869206c986d8a6de 100644 (file)
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -171,7 +171,7 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
  * Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
  */
 int
-posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl)
+posix_acl_valid(const struct posix_acl *acl)
 {
        const struct posix_acl_entry *pa, *pe;
        int state = ACL_USER_OBJ;
@@ -191,7 +191,7 @@ posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl)
                        case ACL_USER:
                                if (state != ACL_USER)
                                        return -EINVAL;
-                               if (!kuid_has_mapping(user_ns, pa->e_uid))
+                               if (!uid_valid(pa->e_uid))
                                        return -EINVAL;
                                needs_mask = 1;
                                break;
@@ -206,7 +206,7 @@ posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl)
                        case ACL_GROUP:
                                if (state != ACL_GROUP)
                                        return -EINVAL;
-                               if (!kgid_has_mapping(user_ns, pa->e_gid))
+                               if (!gid_valid(pa->e_gid))
                                        return -EINVAL;
                                needs_mask = 1;
                                break;
@@ -833,7 +833,7 @@ set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
                return -EPERM;
 
        if (acl) {
-               int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl);
+               int ret = posix_acl_valid(acl);
                if (ret)
                        return ret;
        }

diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index d4a33570c786010f6aa2bfb3bbe93d6f5ac13af1..d1a8ad7e5ae450b38c8d83ed2e74327424cfa79f 100644 (file)
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -81,7 +81,7 @@ posix_acl_release(struct posix_acl *acl)
 
 extern void posix_acl_init(struct posix_acl *, int);
 extern struct posix_acl *posix_acl_alloc(int, gfp_t);
-extern int posix_acl_valid(struct user_namespace *, const struct posix_acl *);
+extern int posix_acl_valid(const struct posix_acl *);
 extern int posix_acl_permission(struct inode *, const struct posix_acl *, int);
 extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);
 extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);

diff --git a/zfs/module/zfs/zpl_xattr.c b/zfs/module/zfs/zpl_xattr.c
index d811da71eb82a5266c68ef17476ed088cdc7c5ee..420091953e20fdbba02c05547f7f747be4ecdbe9 100644 (file)
--- a/zfs/module/zfs/zpl_xattr.c
+++ b/zfs/module/zfs/zpl_xattr.c
@@ -1281,7 +1281,7 @@ __zpl_xattr_acl_set_access(struct inode *ip, const char *name,
                if (IS_ERR(acl))
                        return (PTR_ERR(acl));
                else if (acl) {
-                       error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
+                       error = posix_acl_valid(acl);
                        if (error) {
                                zpl_posix_acl_release(acl);
                                return (error);
@@ -1320,7 +1320,7 @@ __zpl_xattr_acl_set_default(struct inode *ip, const char *name,
                if (IS_ERR(acl))
                        return (PTR_ERR(acl));
                else if (acl) {
-                       error = posix_acl_valid(ip->i_sb->s_user_ns, acl);
+                       error = posix_acl_valid(acl);
                        if (error) {
                                zpl_posix_acl_release(acl);
                                return (error);