forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c 
 kernel/mm/shmem.c
....@@ -3424,6 +3424,8 @@
34243424 	unsigned long long size;
34253425 	char *rest;
34263426 	int opt;
3427
+	kuid_t kuid;
3428
+	kgid_t kgid;
34273429 
34283430 	opt = fs_parse(fc, shmem_fs_parameters, param, &result);
34293431 	if (opt < 0)
....@@ -3459,14 +3461,32 @@
34593461 		ctx->mode = result.uint_32 & 07777;
34603462 		break;
34613463 	case Opt_uid:
3462
-		ctx->uid = make_kuid(current_user_ns(), result.uint_32);
3463
-		if (!uid_valid(ctx->uid))
3464
+		kuid = make_kuid(current_user_ns(), result.uint_32);
3465
+		if (!uid_valid(kuid))
34643466 			goto bad_value;
3467
+
3468
+		/*
3469
+		 * The requested uid must be representable in the
3470
+		 * filesystem's idmapping.
3471
+		 */
3472
+		if (!kuid_has_mapping(fc->user_ns, kuid))
3473
+			goto bad_value;
3474
+
3475
+		ctx->uid = kuid;
34653476 		break;
34663477 	case Opt_gid:
3467
-		ctx->gid = make_kgid(current_user_ns(), result.uint_32);
3468
-		if (!gid_valid(ctx->gid))
3478
+		kgid = make_kgid(current_user_ns(), result.uint_32);
3479
+		if (!gid_valid(kgid))
34693480 			goto bad_value;
3481
+
3482
+		/*
3483
+		 * The requested gid must be representable in the
3484
+		 * filesystem's idmapping.
3485
+		 */
3486
+		if (!kgid_has_mapping(fc->user_ns, kgid))
3487
+			goto bad_value;
3488
+
3489
+		ctx->gid = kgid;
34703490 		break;
34713491 	case Opt_huge:
34723492 		ctx->huge = result.uint_32;
....@@ -4100,7 +4120,7 @@
41004120 	.name		= "tmpfs",
41014121 	.init_fs_context = ramfs_init_fs_context,
41024122 	.parameters	= ramfs_fs_parameters,
4103
-	.kill_sb	= kill_litter_super,
4123
+	.kill_sb	= ramfs_kill_sb,
41044124 	.fs_flags	= FS_USERNS_MOUNT,
41054125 };
41064126