From cd7c384f76d2c0f6b12a1c0936d54ae9c5e7cb4c Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn [EMAIL PROTECTED]
Date: Fri, 19 Oct 2007 15:39:10 -0400
Subject: [PATCH RFC] capabilities: fix compilation with strict type checking
(v2)
Since at least 1998 the code under STRICT_CAP_T_TYPECHECKS option has
not been used. (See
http://www.uwsg.iu.edu/hypermail/linux/kernel/9810.2/0705.html)
There are two options - we can remove this option altogether
or, as this patch attempts to do, fix compilation with
STRICT_CAP_T_TYPECHECKS so it can be enabled.
This patch replaces the always-undefined STRICT_CAP_T_TYPECHECKS
with a Kconfig variable (CONFIG_CAP_STRICT_TYPECHECKS), and
hopefully fixes all the places in the code which broke with
that option set. This compiles with capabilities, selinux,
and dummy modules. It passes ltp with capabilities and file
capabilities.
However this patch is only for comment. Much more testing and
proofreading is needed before considering applying. I will
also be sending out the alternative patch which simply removes
the strict typechecking.
Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
---
fs/nfsd/auth.c |2 +-
include/linux/capability.h | 45 +++
kernel/capability.c| 12 ++-
security/Kconfig | 12 +++
security/commoncap.c | 22 +++-
security/dummy.c | 13 +++
6 files changed, 64 insertions(+), 42 deletions(-)
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 2192805..43b3340 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -72,7 +72,7 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export
*exp)
cap_t(current-cap_effective) = ~CAP_NFSD_MASK;
} else {
cap_t(current-cap_effective) |= (CAP_NFSD_MASK
- current-cap_permitted);
+ cap_t(current-cap_permitted));
}
return ret;
}
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 7a8d7ad..f752bed 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -62,28 +62,6 @@ struct vfs_cap_data {
} data[1];
};
-#ifdef __KERNEL__
-
-/* #define STRICT_CAP_T_TYPECHECKS */
-
-#ifdef STRICT_CAP_T_TYPECHECKS
-
-typedef struct kernel_cap_struct {
- __u32 cap;
-} kernel_cap_t;
-
-#else
-
-typedef __u32 kernel_cap_t;
-
-#endif
-
-#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32))
-#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
-
-#endif
-
-
/**
** POSIX-draft defined capabilities.
**/
@@ -315,15 +293,27 @@ typedef __u32 kernel_cap_t;
* Internal kernel functions only
*/
-#ifdef STRICT_CAP_T_TYPECHECKS
+#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32))
+#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
+#define CAP_TO_MASK(x) (1 (x))
+
+#ifdef CONFIG_CAP_STRICT_TYPECHECKS
-#define to_cap_t(x) { x }
+typedef struct kernel_cap_struct {
+ __u32 cap;
+} kernel_cap_t;
+
+#define to_cap_t(x) { .cap = x, }
#define cap_t(x) (x).cap
+#define cap_assign(x, v) { x.cap = v; }
#else
+typedef __u32 kernel_cap_t;
+
#define to_cap_t(x) (x)
#define cap_t(x) (x)
+#define cap_assign(cap, v) { cap = v; }
#endif
@@ -332,7 +322,12 @@ typedef __u32 kernel_cap_t;
#define CAP_INIT_EFF_SETto_cap_t(~0 ~CAP_TO_MASK(CAP_SETPCAP))
#define CAP_INIT_INH_SETto_cap_t(0)
-#define CAP_TO_MASK(x) (1 (x))
+extern kernel_cap_t cap_empty_set;
+extern kernel_cap_t cap_full_set;
+extern kernel_cap_t cap_init_eff_set;
+extern kernel_cap_t cap_init_inh_set;
+extern kernel_cap_t cap_fs_mask_set;
+
#define cap_raise(c, flag) (cap_t(c) |= CAP_TO_MASK(flag))
#define cap_lower(c, flag) (cap_t(c) = ~CAP_TO_MASK(flag))
#define cap_raised(c, flag) (cap_t(c) CAP_TO_MASK(flag))
diff --git a/kernel/capability.c b/kernel/capability.c
index 4a881b8..7094ad9 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -15,6 +15,12 @@
#include linux/pid_namespace.h
#include asm/uaccess.h
+kernel_cap_t cap_empty_set = CAP_EMPTY_SET;
+kernel_cap_t cap_full_set = CAP_FULL_SET;
+kernel_cap_t cap_init_eff_set = CAP_INIT_EFF_SET;
+kernel_cap_t cap_init_inh_set = CAP_INIT_INH_SET;
+kernel_cap_t cap_fs_mask_set = to_cap_t(CAP_FS_MASK);
+
/*
* This lock protects task-cap_* for all tasks including current.
* Locking rule: acquire this prior to tasklist_lock.
@@ -43,6 +49,7 @@ asmlinkage long sys_capget(cap_user_header_t header,
cap_user_data_t dataptr)
__u32 version;
struct task_struct *target;
struct __user_cap_data_struct data;
+ kernel_cap_t pE, pP, pI;
if (get_user(version, header-version))
return -EFAULT;
@@ -71,7 +78,10 @@ asmlinkage long sys_capget(cap_user_header_t header,
cap_user_data_t dataptr)
} else
target = current;
- ret = security_capget(target, data.effective,