On Wed, May 02, 2018 at 04:12:18PM +0200, Christian Brauner wrote:
> On Wed, Apr 18, 2018 at 11:46:38PM -0300, Marcos Paulo de Souza wrote:
> > Found while inspecting the code that handles the setgroups procfs file.
>
> This is not really improving anything so I unfortunately don't really
> see why we should take this.
Sorry for the late reply. My idea was to make the code more straightforward,
never happened to me this would led to a worse code being generated. So, please
discard the patch.
Thanks,
>
> Christian
>
> >
> > Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@xxxxxxxxx>
> > ---
> > Tested locally setting up a new userns, and setting setgroups as deny and allow,
> > worked as before.
> >
> > kernel/user_namespace.c | 20 +++++++-------------
> > 1 file changed, 7 insertions(+), 13 deletions(-)
> >
> > diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> > index 246d4d4ce5c7..64a01254ac6b 100644
> > --- a/kernel/user_namespace.c
> > +++ b/kernel/user_namespace.c
> > @@ -1142,22 +1142,18 @@ ssize_t proc_setgroups_write(struct file *file, const char __user *buf,
> > struct user_namespace *ns = seq->private;
> > char kbuf[8], *pos;
> > bool setgroups_allowed;
> > - ssize_t ret;
> >
> > /* Only allow a very narrow range of strings to be written */
> > - ret = -EINVAL;
> > if ((*ppos != 0) || (count >= sizeof(kbuf)))
> > - goto out;
> > + return -EINVAL;
> >
> > /* What was written? */
> > - ret = -EFAULT;
> > if (copy_from_user(kbuf, buf, count))
> > - goto out;
> > + return -EFAULT;
> > kbuf[count] = '\0';
> > pos = kbuf;
> >
> > /* What is being requested? */
> > - ret = -EINVAL;
> > if (strncmp(pos, "allow", 5) == 0) {
> > pos += 5;
> > setgroups_allowed = true;
> > @@ -1167,14 +1163,13 @@ ssize_t proc_setgroups_write(struct file *file, const char __user *buf,
> > setgroups_allowed = false;
> > }
> > else
> > - goto out;
> > + return -EINVAL;
> >
> > /* Verify there is not trailing junk on the line */
> > pos = skip_spaces(pos);
> > if (*pos != '\0')
> > - goto out;
> > + return -EINVAL;
> >
> > - ret = -EPERM;
> > mutex_lock(&userns_state_mutex);
> > if (setgroups_allowed) {
> > /* Enabling setgroups after setgroups has been disabled
> > @@ -1194,12 +1189,11 @@ ssize_t proc_setgroups_write(struct file *file, const char __user *buf,
> >
> > /* Report a successful write */
> > *ppos = count;
> > - ret = count;
> > -out:
> > - return ret;
> > + return count;
> > +
> > out_unlock:
> > mutex_unlock(&userns_state_mutex);
> > - goto out;
> > + return -EPERM;
> > }
> >
> > bool userns_may_setgroups(const struct user_namespace *ns)
> > --
> > 2.14.3
> >
--
Thanks,
Marcos
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
