On (21/09/07 11:54), Dan Carpenter wrote: > On Tue, Sep 07, 2021 at 05:06:04PM +0900, Sergey Senozhatsky wrote: > > On (21/09/07 10:34), Dan Carpenter wrote: > > > > > > id = le32_to_cpu(psid->sub_auth[psid->num_subauth - 1]); > > > - if (id >= 0) { > > > - /* > > > - * Translate raw sid into kuid in the server's user > > > - * namespace. > > > - */ > > > - uid = make_kuid(&init_user_ns, id); > > > - > > > - /* If this is an idmapped mount, apply the idmapping. */ > > > - uid = kuid_from_mnt(user_ns, uid); > > > - if (uid_valid(uid)) { > > > - fattr->cf_uid = uid; > > > - rc = 0; > > > - } > > > + /* > > > + * Translate raw sid into kuid in the server's user > > > + * namespace. > > > + */ > > > + uid = make_kuid(&init_user_ns, id); > > > > Can make_kuid() return INVALID_UID? IOW, uid_valid(uid) here as well? > > No need to check twice. We're going to check at the end. > > > > > > + > > > + /* If this is an idmapped mount, apply the idmapping. */ > > > + uid = kuid_from_mnt(user_ns, uid); > > > + if (uid_valid(uid)) { > ^^^^^^^^^^^^^^ > The check here is sufficient. My point was more that a potentially invalid UID is passed to kuid_from_mnt() and kgid_from_mnt(). I don't see map_id_up(), for example, checking that passed UID is valid. So decided to double check.