From: Tim Hockin This version hardwires an upper bound, but wires it at 64k, with a simple constant allowing you to raise that much higher. bk pull http://suncobalt.bkbits.net/ngroups-2.6 New groups infrastructure. task->groups and task->ngroups are replaced by task->group_info. Group)info is a refcounted, dynamic struct with an array of pages. This allows for large numbers of groups. The current limit of 32 groups has been raised to 64k groups. It can be raised more by changing the NGROUPS_MAX constant in limits.h --- 25-akpm/arch/ia64/ia32/sys_ia32.c | 108 ++++++++++--- 25-akpm/arch/mips/kernel/sysirix.c | 2 25-akpm/arch/s390/kernel/compat_linux.c | 90 +++++++++-- 25-akpm/arch/sparc64/kernel/sys_sparc32.c | 90 +++++++++-- 25-akpm/fs/nfsd/auth.c | 11 - 25-akpm/fs/nfsd/nfs4state.c | 2 25-akpm/fs/proc/array.c | 6 25-akpm/include/asm-alpha/param.h | 4 25-akpm/include/asm-arm/param.h | 4 25-akpm/include/asm-arm26/param.h | 4 25-akpm/include/asm-cris/param.h | 4 25-akpm/include/asm-h8300/param.h | 4 25-akpm/include/asm-i386/param.h | 4 25-akpm/include/asm-ia64/param.h | 4 25-akpm/include/asm-m68k/param.h | 4 25-akpm/include/asm-m68knommu/param.h | 4 25-akpm/include/asm-mips/param.h | 4 25-akpm/include/asm-parisc/param.h | 4 25-akpm/include/asm-ppc/param.h | 4 25-akpm/include/asm-ppc64/param.h | 4 25-akpm/include/asm-s390/param.h | 4 25-akpm/include/asm-sh/param.h | 4 25-akpm/include/asm-sparc/param.h | 4 25-akpm/include/asm-sparc64/param.h | 4 25-akpm/include/asm-um/param.h | 4 25-akpm/include/asm-v850/param.h | 4 25-akpm/include/asm-x86_64/param.h | 4 25-akpm/include/linux/init_task.h | 3 25-akpm/include/linux/limits.h | 2 25-akpm/include/linux/sched.h | 30 +++ 25-akpm/include/linux/security.h | 13 - 25-akpm/include/linux/sunrpc/auth.h | 3 25-akpm/include/linux/sunrpc/svcauth.h | 3 25-akpm/kernel/fork.c | 3 25-akpm/kernel/sys.c | 236 +++++++++++++++++++++++++----- 25-akpm/kernel/uid16.c | 97 +++++++++--- 25-akpm/net/sunrpc/auth.c | 35 ++-- 25-akpm/net/sunrpc/auth_unix.c | 8 - 25-akpm/net/sunrpc/svcauth_unix.c | 4 25-akpm/security/dummy.c | 2 25-akpm/security/selinux/hooks.c | 2 41 files changed, 586 insertions(+), 244 deletions(-) diff -puN arch/ia64/ia32/sys_ia32.c~increase-NGROUPS arch/ia64/ia32/sys_ia32.c --- 25/arch/ia64/ia32/sys_ia32.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/arch/ia64/ia32/sys_ia32.c Thu Jan 29 14:16:07 2004 @@ -2413,44 +2413,98 @@ sys32_lseek (unsigned int fd, int offset return sys_lseek(fd, offset, whence); } -extern asmlinkage long sys_getgroups (int gidsetsize, gid_t *grouplist); +static int +groups16_to_user(short *grouplist, struct group_info *group_info) +{ + int i; + short group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_WRITE, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + group = (short)GROUP_AT(group_info, i); + if (__put_user(group, grouplist+i)) + return -EFAULT; + } + + return 0; +} + +static int +groups16_from_user(struct group_info *group_info, short *grouplist) +{ + int i; + short group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_READ, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + if (__get_user(group, grouplist+i)) + return -EFAULT; + GROUP_AT(group_info, i) = (gid_t)group; + } + + return 0; +} asmlinkage long sys32_getgroups16 (int gidsetsize, short *grouplist) { - mm_segment_t old_fs = get_fs(); - gid_t gl[NGROUPS]; - int ret, i; - - set_fs(KERNEL_DS); - ret = sys_getgroups(gidsetsize, gl); - set_fs(old_fs); - - if (gidsetsize && ret > 0 && ret <= NGROUPS) - for (i = 0; i < ret; i++, grouplist++) - if (put_user(gl[i], grouplist)) - return -EFAULT; - return ret; -} + int i; + + if (gidsetsize < 0) + return -EINVAL; -extern asmlinkage long sys_setgroups (int gidsetsize, gid_t *grouplist); + get_group_info(current->group_info); + i = current->group_info->ngroups; + if (gidsetsize) { + if (i > gidsetsize) { + i = -EINVAL; + goto out; + } + if (groups16_to_user(grouplist, current->group_info)) { + i = -EFAULT; + goto out; + } + } +out: + put_group_info(current->group_info); + return i; +} asmlinkage long sys32_setgroups16 (int gidsetsize, short *grouplist) { - mm_segment_t old_fs = get_fs(); - gid_t gl[NGROUPS]; - int ret, i; + struct group_info *group_info; + int retval; - if ((unsigned) gidsetsize > NGROUPS) + if (!capable(CAP_SETGID)) + return -EPERM; + if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; - for (i = 0; i < gidsetsize; i++, grouplist++) - if (get_user(gl[i], grouplist)) - return -EFAULT; - set_fs(KERNEL_DS); - ret = sys_setgroups(gidsetsize, gl); - set_fs(old_fs); - return ret; + + group_info = groups_alloc(gidsetsize); + if (!group_info) + return -ENOMEM; + retval = groups16_from_user(group_info, grouplist); + if (retval) { + put_group_info(group_info); + return retval; + } + + retval = set_current_groups(group_info); + if (retval) + put_group_info(group_info); + + return retval; } asmlinkage long diff -puN arch/mips/kernel/sysirix.c~increase-NGROUPS arch/mips/kernel/sysirix.c --- 25/arch/mips/kernel/sysirix.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/arch/mips/kernel/sysirix.c Thu Jan 29 14:16:07 2004 @@ -368,7 +368,7 @@ asmlinkage int irix_syssgi(struct pt_reg retval = HZ; goto out; case 4: - retval = NGROUPS; + retval = NGROUPS_MAX; goto out; case 5: retval = NR_OPEN; diff -puN arch/s390/kernel/compat_linux.c~increase-NGROUPS arch/s390/kernel/compat_linux.c --- 25/arch/s390/kernel/compat_linux.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/arch/s390/kernel/compat_linux.c Thu Jan 29 14:16:07 2004 @@ -190,40 +190,94 @@ asmlinkage long sys32_setfsgid16(u16 gid return sys_setfsgid((gid_t)gid); } +static int groups16_to_user(u16 *grouplist, struct group_info *group_info) +{ + int i; + u16 group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_WRITE, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + group = (u16)GROUP_AT(group_info, i); + if (__put_user(group, grouplist+i)) + return -EFAULT; + } + + return 0; +} + +static int groups16_from_user(struct group_info *group_info, u16 *grouplist) +{ + int i; + u16 group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_READ, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + if (__get_user(group, grouplist+i)) + return -EFAULT; + GROUP_AT(group_info, i) = (gid_t)group; + } + + return 0; +} + asmlinkage long sys32_getgroups16(int gidsetsize, u16 *grouplist) { - u16 groups[NGROUPS]; - int i,j; + int i; if (gidsetsize < 0) return -EINVAL; - i = current->ngroups; + + get_group_info(current->group_info); + i = current->group_info->ngroups; if (gidsetsize) { - if (i > gidsetsize) - return -EINVAL; - for(j=0;jgroups[j]; - if (copy_to_user(grouplist, groups, sizeof(u16)*i)) - return -EFAULT; + if (i > gidsetsize) { + i = -EINVAL; + goto out; + } + if (groups16_to_user(grouplist, current->group_info)) + i = -EFAULT; + goto out; + } } +out: + put_group_info(current->group_info); return i; } asmlinkage long sys32_setgroups16(int gidsetsize, u16 *grouplist) { - u16 groups[NGROUPS]; - int i; + struct group_info *group_info; + int retval; if (!capable(CAP_SETGID)) return -EPERM; - if ((unsigned) gidsetsize > NGROUPS) + if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; - if (copy_from_user(groups, grouplist, gidsetsize * sizeof(u16))) - return -EFAULT; - for (i = 0 ; i < gidsetsize ; i++) - current->groups[i] = (gid_t)groups[i]; - current->ngroups = gidsetsize; - return 0; + + group_info = groups_alloc(gidsetsize); + if (!group_info) + return -ENOMEM; + retval = groups16_from_user(group_info, grouplist); + if (retval) { + put_group_info(group_info); + return retval; + } + + retval = set_current_groups(group_info); + if (retval) + put_group_info(group_info); + + return retval; } asmlinkage long sys32_getuid16(void) diff -puN arch/sparc64/kernel/sys_sparc32.c~increase-NGROUPS arch/sparc64/kernel/sys_sparc32.c --- 25/arch/sparc64/kernel/sys_sparc32.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/arch/sparc64/kernel/sys_sparc32.c Thu Jan 29 14:16:07 2004 @@ -179,40 +179,94 @@ asmlinkage long sys32_setfsgid16(u16 gid return sys_setfsgid((gid_t)gid); } +static int groups16_to_user(u16 *grouplist, struct group_info *group_info) +{ + int i; + u16 group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_WRITE, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + group = (u16)GROUP_AT(group_info, i); + if (__put_user(group, grouplist+i)) + return -EFAULT; + } + + return 0; +} + +static int groups16_from_user(struct group_info *group_info, u16 *grouplist) +{ + int i; + u16 group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_READ, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + if (__get_user(group, grouplist+i)) + return -EFAULT; + GROUP_AT(group_info, i) = (gid_t)group; + } + + return 0; +} + asmlinkage long sys32_getgroups16(int gidsetsize, u16 *grouplist) { - u16 groups[NGROUPS]; - int i,j; + int i; if (gidsetsize < 0) return -EINVAL; - i = current->ngroups; + + get_group_info(current->group_info); + i = current->group_info->ngroups; if (gidsetsize) { - if (i > gidsetsize) - return -EINVAL; - for(j=0;jgroups[j]; - if (copy_to_user(grouplist, groups, sizeof(u16)*i)) - return -EFAULT; + if (i > gidsetsize) { + i = -EINVAL; + goto out; + } + if (groups16_to_user(grouplist, current->group_info)) { + i = -EFAULT; + goto out; + } } +out: + put_group_info(current->group_info); return i; } asmlinkage long sys32_setgroups16(int gidsetsize, u16 *grouplist) { - u16 groups[NGROUPS]; - int i; + struct group_info *group_info; + int retval; if (!capable(CAP_SETGID)) return -EPERM; - if ((unsigned) gidsetsize > NGROUPS) + if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; - if (copy_from_user(groups, grouplist, gidsetsize * sizeof(u16))) - return -EFAULT; - for (i = 0 ; i < gidsetsize ; i++) - current->groups[i] = (gid_t)groups[i]; - current->ngroups = gidsetsize; - return 0; + + group_info = groups_alloc(gidsetsize); + if (!group_info) + return -ENOMEM; + retval = groups16_from_user(group_info, grouplist); + if (retval) { + put_group_info(group_info); + return retval; + } + + retval = set_current_groups(group_info); + if (retval) + put_group_info(group_info); + + return retval; } asmlinkage long sys32_getuid16(void) diff -puN fs/nfsd/auth.c~increase-NGROUPS fs/nfsd/auth.c --- 25/fs/nfsd/auth.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/fs/nfsd/auth.c Thu Jan 29 14:16:07 2004 @@ -10,12 +10,15 @@ #include #include +extern asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist); + #define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE)) void nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) { struct svc_cred *cred = &rqstp->rq_cred; int i; + gid_t groups[SVC_CRED_NGROUPS]; if (exp->ex_flags & NFSEXP_ALLSQUASH) { cred->cr_uid = exp->ex_anon_uid; @@ -26,7 +29,7 @@ nfsd_setuser(struct svc_rqst *rqstp, str cred->cr_uid = exp->ex_anon_uid; if (!cred->cr_gid) cred->cr_gid = exp->ex_anon_gid; - for (i = 0; i < NGROUPS; i++) + for (i = 0; i < SVC_CRED_NGROUPS; i++) if (!cred->cr_groups[i]) cred->cr_groups[i] = exp->ex_anon_gid; } @@ -39,13 +42,13 @@ nfsd_setuser(struct svc_rqst *rqstp, str current->fsgid = cred->cr_gid; else current->fsgid = exp->ex_anon_gid; - for (i = 0; i < NGROUPS; i++) { + for (i = 0; i < SVC_CRED_NGROUPS; i++) { gid_t group = cred->cr_groups[i]; if (group == (gid_t) NOGROUP) break; - current->groups[i] = group; + groups[i] = group; } - current->ngroups = i; + sys_setgroups(i, groups); if ((cred->cr_uid)) { cap_t(current->cap_effective) &= ~CAP_NFSD_MASK; diff -puN fs/nfsd/nfs4state.c~increase-NGROUPS fs/nfsd/nfs4state.c --- 25/fs/nfsd/nfs4state.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/fs/nfsd/nfs4state.c Thu Jan 29 14:16:07 2004 @@ -244,7 +244,7 @@ copy_cred(struct svc_cred *target, struc target->cr_uid = source->cr_uid; target->cr_gid = source->cr_gid; - for(i = 0; i < NGROUPS; i++) + for(i = 0; i < SVC_CRED_NGROUPS; i++) target->cr_groups[i] = source->cr_groups[i]; } diff -puN fs/proc/array.c~increase-NGROUPS fs/proc/array.c --- 25/fs/proc/array.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/fs/proc/array.c Thu Jan 29 14:16:07 2004 @@ -176,8 +176,10 @@ static inline char * task_state(struct t p->files ? p->files->max_fds : 0); task_unlock(p); - for (g = 0; g < p->ngroups; g++) - buffer += sprintf(buffer, "%d ", p->groups[g]); + get_group_info(p->group_info); + for (g = 0; g < min(p->group_info->ngroups,NGROUPS_SMALL); g++) + buffer += sprintf(buffer, "%d ", GROUP_AT(p->group_info,g)); + put_group_info(p->group_info); buffer += sprintf(buffer, "\n"); return buffer; diff -puN include/asm-alpha/param.h~increase-NGROUPS include/asm-alpha/param.h --- 25/include/asm-alpha/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-alpha/param.h Thu Jan 29 14:16:07 2004 @@ -19,10 +19,6 @@ #define EXEC_PAGESIZE 8192 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-arm26/param.h~increase-NGROUPS include/asm-arm26/param.h --- 25/include/asm-arm26/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-arm26/param.h Thu Jan 29 14:16:07 2004 @@ -22,10 +22,6 @@ # define HZ 100 #endif -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-arm/param.h~increase-NGROUPS include/asm-arm/param.h --- 25/include/asm-arm/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-arm/param.h Thu Jan 29 14:16:07 2004 @@ -26,10 +26,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-cris/param.h~increase-NGROUPS include/asm-cris/param.h --- 25/include/asm-cris/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-cris/param.h Thu Jan 29 14:16:07 2004 @@ -14,10 +14,6 @@ #define EXEC_PAGESIZE 8192 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-h8300/param.h~increase-NGROUPS include/asm-h8300/param.h --- 25/include/asm-h8300/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-h8300/param.h Thu Jan 29 14:16:07 2004 @@ -14,10 +14,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-i386/param.h~increase-NGROUPS include/asm-i386/param.h --- 25/include/asm-i386/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-i386/param.h Thu Jan 29 14:16:07 2004 @@ -13,10 +13,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-ia64/param.h~increase-NGROUPS include/asm-ia64/param.h --- 25/include/asm-ia64/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-ia64/param.h Thu Jan 29 14:16:07 2004 @@ -12,10 +12,6 @@ #define EXEC_PAGESIZE 65536 -#ifndef NGROUPS -# define NGROUPS 32 -#endif - #ifndef NOGROUP # define NOGROUP (-1) #endif diff -puN include/asm-m68knommu/param.h~increase-NGROUPS include/asm-m68knommu/param.h --- 25/include/asm-m68knommu/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-m68knommu/param.h Thu Jan 29 14:16:07 2004 @@ -44,10 +44,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-m68k/param.h~increase-NGROUPS include/asm-m68k/param.h --- 25/include/asm-m68k/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-m68k/param.h Thu Jan 29 14:16:07 2004 @@ -13,10 +13,6 @@ #define EXEC_PAGESIZE 8192 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-mips/param.h~increase-NGROUPS include/asm-mips/param.h --- 25/include/asm-mips/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-mips/param.h Thu Jan 29 14:16:07 2004 @@ -33,10 +33,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-parisc/param.h~increase-NGROUPS include/asm-parisc/param.h --- 25/include/asm-parisc/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-parisc/param.h Thu Jan 29 14:16:07 2004 @@ -18,10 +18,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-ppc64/param.h~increase-NGROUPS include/asm-ppc64/param.h --- 25/include/asm-ppc64/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-ppc64/param.h Thu Jan 29 14:16:07 2004 @@ -20,10 +20,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-ppc/param.h~increase-NGROUPS include/asm-ppc/param.h --- 25/include/asm-ppc/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-ppc/param.h Thu Jan 29 14:16:07 2004 @@ -13,10 +13,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-s390/param.h~increase-NGROUPS include/asm-s390/param.h --- 25/include/asm-s390/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-s390/param.h Thu Jan 29 14:16:07 2004 @@ -21,10 +21,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-sh/param.h~increase-NGROUPS include/asm-sh/param.h --- 25/include/asm-sh/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-sh/param.h Thu Jan 29 14:16:07 2004 @@ -17,10 +17,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-sparc64/param.h~increase-NGROUPS include/asm-sparc64/param.h --- 25/include/asm-sparc64/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-sparc64/param.h Thu Jan 29 14:16:07 2004 @@ -14,10 +14,6 @@ #define EXEC_PAGESIZE 8192 /* Thanks for sun4's we carry baggage... */ -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-sparc/param.h~increase-NGROUPS include/asm-sparc/param.h --- 25/include/asm-sparc/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-sparc/param.h Thu Jan 29 14:16:07 2004 @@ -14,10 +14,6 @@ #define EXEC_PAGESIZE 8192 /* Thanks for sun4's we carry baggage... */ -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-um/param.h~increase-NGROUPS include/asm-um/param.h --- 25/include/asm-um/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-um/param.h Thu Jan 29 14:16:07 2004 @@ -3,10 +3,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-v850/param.h~increase-NGROUPS include/asm-v850/param.h --- 25/include/asm-v850/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-v850/param.h Thu Jan 29 14:16:07 2004 @@ -18,10 +18,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/asm-x86_64/param.h~increase-NGROUPS include/asm-x86_64/param.h --- 25/include/asm-x86_64/param.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/asm-x86_64/param.h Thu Jan 29 14:16:07 2004 @@ -13,10 +13,6 @@ #define EXEC_PAGESIZE 4096 -#ifndef NGROUPS -#define NGROUPS 32 -#endif - #ifndef NOGROUP #define NOGROUP (-1) #endif diff -puN include/linux/init_task.h~increase-NGROUPS include/linux/init_task.h --- 25/include/linux/init_task.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/linux/init_task.h Thu Jan 29 14:16:07 2004 @@ -59,6 +59,8 @@ .siglock = SPIN_LOCK_UNLOCKED, \ } +extern struct group_info init_groups; + /* * INIT_TASK is used to set up the first task table, touch at * your own risk!. Base=0, limit=0x1fffff (=2MB) @@ -90,6 +92,7 @@ .real_timer = { \ .function = it_real_fn \ }, \ + .group_info = &init_groups, \ .cap_effective = CAP_INIT_EFF_SET, \ .cap_inheritable = CAP_INIT_INH_SET, \ .cap_permitted = CAP_FULL_SET, \ diff -puN include/linux/limits.h~increase-NGROUPS include/linux/limits.h --- 25/include/linux/limits.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/linux/limits.h Thu Jan 29 14:16:07 2004 @@ -3,7 +3,7 @@ #define NR_OPEN 1024 -#define NGROUPS_MAX 32 /* supplemental group IDs are available */ +#define NGROUPS_MAX 65536 /* supplemental group IDs are available */ #define ARG_MAX 131072 /* # bytes of args + environ for exec() */ #define CHILD_MAX 999 /* no limit :-) */ #define OPEN_MAX 256 /* # open files a process may have */ diff -puN include/linux/sched.h~increase-NGROUPS include/linux/sched.h --- 25/include/linux/sched.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/linux/sched.h Thu Jan 29 14:16:07 2004 @@ -331,6 +331,33 @@ struct k_itimer { struct io_context; /* See blkdev.h */ void exit_io_context(void); +#define NGROUPS_SMALL 32 +#define NGROUPS_PER_BLOCK ((int)(EXEC_PAGESIZE / sizeof(gid_t))) +struct group_info { + int ngroups; + atomic_t usage; + gid_t small_block[NGROUPS_SMALL]; + int nblocks; + gid_t *blocks[0]; +}; + +#define get_group_info(group_info) do { \ + atomic_inc(&(group_info)->usage); \ +} while (0) + +#define put_group_info(group_info) do { \ + if (atomic_dec_and_test(&(group_info)->usage)) \ + groups_free(group_info); \ +} while (0) + +struct group_info *groups_alloc(int gidsetsize); +void groups_free(struct group_info *group_info); +int set_current_groups(struct group_info *group_info); +/* access the groups "array" with this macro */ +#define GROUP_AT(gi, i) \ + ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK]) + + struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ struct thread_info *thread_info; @@ -405,8 +432,7 @@ struct task_struct { /* process credentials */ uid_t uid,euid,suid,fsuid; gid_t gid,egid,sgid,fsgid; - int ngroups; - gid_t groups[NGROUPS]; + struct group_info *group_info; kernel_cap_t cap_effective, cap_inheritable, cap_permitted; int keep_capabilities:1; struct user_struct *user; diff -puN include/linux/security.h~increase-NGROUPS include/linux/security.h --- 25/include/linux/security.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/linux/security.h Thu Jan 29 14:16:07 2004 @@ -554,9 +554,8 @@ struct swap_info_struct; * Return 0 if permission is granted. * @task_setgroups: * Check permission before setting the supplementary group set of the - * current process to @grouplist. - * @gidsetsize contains the number of elements in @grouplist. - * @grouplist contains the array of gids. + * current process. + * @group_info contains the new group information. * Return 0 if permission is granted. * @task_setnice: * Check permission before setting the nice value of @p to @nice. @@ -1116,7 +1115,7 @@ struct security_operations { int (*task_setpgid) (struct task_struct * p, pid_t pgid); int (*task_getpgid) (struct task_struct * p); int (*task_getsid) (struct task_struct * p); - int (*task_setgroups) (int gidsetsize, gid_t * grouplist); + int (*task_setgroups) (struct group_info *group_info); int (*task_setnice) (struct task_struct * p, int nice); int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); int (*task_setscheduler) (struct task_struct * p, int policy, @@ -1670,9 +1669,9 @@ static inline int security_task_getsid ( return security_ops->task_getsid (p); } -static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist) +static inline int security_task_setgroups (struct group_info *group_info) { - return security_ops->task_setgroups (gidsetsize, grouplist); + return security_ops->task_setgroups (group_info); } static inline int security_task_setnice (struct task_struct *p, int nice) @@ -2299,7 +2298,7 @@ static inline int security_task_getsid ( return 0; } -static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist) +static inline int security_task_setgroups (struct group_info *group_info) { return 0; } diff -puN include/linux/sunrpc/auth.h~increase-NGROUPS include/linux/sunrpc/auth.h --- 25/include/linux/sunrpc/auth.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/linux/sunrpc/auth.h Thu Jan 29 14:16:07 2004 @@ -28,8 +28,7 @@ struct auth_cred { uid_t uid; gid_t gid; - int ngroups; - gid_t *groups; + struct group_info *group_info; }; /* diff -puN include/linux/sunrpc/svcauth.h~increase-NGROUPS include/linux/sunrpc/svcauth.h --- 25/include/linux/sunrpc/svcauth.h~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/include/linux/sunrpc/svcauth.h Thu Jan 29 14:16:07 2004 @@ -16,10 +16,11 @@ #include #include +#define SVC_CRED_NGROUPS 32 struct svc_cred { uid_t cr_uid; gid_t cr_gid; - gid_t cr_groups[NGROUPS]; + gid_t cr_groups[SVC_CRED_NGROUPS]; }; struct svc_rqst; /* forward decl */ diff -puN kernel/fork.c~increase-NGROUPS kernel/fork.c --- 25/kernel/fork.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/kernel/fork.c Thu Jan 29 14:16:07 2004 @@ -86,6 +86,7 @@ void __put_task_struct(struct task_struc security_task_free(tsk); free_uid(tsk->user); + put_group_info(tsk->group_info); free_task(tsk); } @@ -878,6 +879,7 @@ struct task_struct *copy_process(unsigne atomic_inc(&p->user->__count); atomic_inc(&p->user->processes); + get_group_info(p->group_info); /* * If multiple threads are within copy_process(), then this check @@ -1084,6 +1086,7 @@ bad_fork_cleanup: bad_fork_cleanup_put_domain: module_put(p->thread_info->exec_domain->module); bad_fork_cleanup_count: + put_group_info(p->group_info); atomic_dec(&p->user->processes); free_uid(p->user); bad_fork_free: diff -puN kernel/sys.c~increase-NGROUPS kernel/sys.c --- 25/kernel/sys.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/kernel/sys.c Thu Jan 29 14:16:07 2004 @@ -1089,10 +1089,171 @@ out: /* * Supplementary group IDs */ -asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) + +/* init to 2 - one for init_task, one to ensure it is never freed */ +struct group_info init_groups = { .usage = ATOMIC_INIT(2) }; + +struct group_info *groups_alloc(int gidsetsize) +{ + struct group_info *group_info; + int nblocks; + int i; + + nblocks = (gidsetsize/NGROUPS_PER_BLOCK) + + (gidsetsize%NGROUPS_PER_BLOCK?1:0); + group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), + GFP_USER); + if (!group_info) + return NULL; + group_info->ngroups = gidsetsize; + group_info->nblocks = nblocks; + atomic_set(&group_info->usage, 1); + + if (gidsetsize <= NGROUPS_SMALL) { + group_info->blocks[0] = group_info->small_block; + } else { + for (i = 0; i < nblocks; i++) { + gid_t *b; + b = (void *)__get_free_page(GFP_USER); + if (!b) + goto out_undo_partial_alloc; + group_info->blocks[i] = b; + } + } + return group_info; + +out_undo_partial_alloc: + while (--i >= 0) { + free_page((unsigned long)group_info->blocks[i]); + } + kfree(group_info); + return NULL; +} + +void groups_free(struct group_info *group_info) { + if (group_info->ngroups > NGROUPS_SMALL) { + int i; + for (i = 0; i < group_info->nblocks; i++) + free_page((unsigned long)group_info->blocks[i]); + } + kfree(group_info); +} + +/* export the group_info to a user-space array */ +static int groups_to_user(gid_t __user *grouplist, + struct group_info *group_info) +{ + int i; + int count = group_info->ngroups; + + for (i = 0; i < group_info->nblocks; i++) { + int cp_count = min(NGROUPS_PER_BLOCK, count); + int off = i * NGROUPS_PER_BLOCK; + int len = cp_count * sizeof(*grouplist); + + if (copy_to_user(grouplist+off, group_info->blocks[i], len)) + return -EFAULT; + + count -= cp_count; + } + return 0; +} + +/* fill a group_info from a user-space array - it must be allocated already */ +static int groups_from_user(struct group_info *group_info, + gid_t __user *grouplist) + { int i; - + int count = group_info->ngroups; + + for (i = 0; i < group_info->nblocks; i++) { + int cp_count = min(NGROUPS_PER_BLOCK, count); + int off = i * NGROUPS_PER_BLOCK; + int len = cp_count * sizeof(*grouplist); + + if (copy_from_user(group_info->blocks[i], grouplist+off, len)) + return -EFAULT; + + count -= cp_count; + } + return 0; +} + +/* a simple shell-metzner sort */ +static void groups_sort(struct group_info *group_info) +{ + int base, max, stride; + int gidsetsize = group_info->ngroups; + + for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1) + ; /* nothing */ + stride /= 3; + + while (stride) { + max = gidsetsize - stride; + for (base = 0; base < max; base++) { + int left = base; + int right = left + stride; + gid_t tmp = GROUP_AT(group_info, right); + + while (left >= 0 && GROUP_AT(group_info, left) > tmp) { + GROUP_AT(group_info, right) = + GROUP_AT(group_info, left); + right = left; + left -= stride; + } + GROUP_AT(group_info, right) = tmp; + } + stride /= 3; + } +} + +/* a simple bsearch */ +static int groups_search(struct group_info *group_info, gid_t grp) +{ + int left, right; + + if (!group_info) + return 0; + + left = 0; + right = group_info->ngroups; + while (left < right) { + int mid = (left+right)/2; + int cmp = grp - GROUP_AT(group_info, mid); + if (cmp > 0) + left = mid + 1; + else if (cmp < 0) + right = mid; + else + return 1; + } + return 0; +} + +/* validate and set current->group_info */ +int set_current_groups(struct group_info *group_info) +{ + int retval; + struct group_info *old_info; + + retval = security_task_setgroups(group_info); + if (retval) + return retval; + + groups_sort(group_info); + old_info = current->group_info; + current->group_info = group_info; + put_group_info(old_info); + + return 0; +} + +asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) +{ + int i = 0; + /* * SMP: Nobody else can change our grouplist. Thus we are * safe. @@ -1100,54 +1261,53 @@ asmlinkage long sys_getgroups(int gidset if (gidsetsize < 0) return -EINVAL; - i = current->ngroups; + + get_group_info(current->group_info); + i = current->group_info->ngroups; if (gidsetsize) { - if (i > gidsetsize) - return -EINVAL; - if (copy_to_user(grouplist, current->groups, sizeof(gid_t)*i)) - return -EFAULT; + if (i > gidsetsize) { + i = -EINVAL; + goto out; + } + if (groups_to_user(grouplist, current->group_info)) { + i = -EFAULT; + goto out; + } } +out: + put_group_info(current->group_info); return i; } /* - * SMP: Our groups are not shared. We can copy to/from them safely + * SMP: Our groups are copy-on-write. We can set them safely * without another task interfering. */ asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist) { - gid_t groups[NGROUPS]; + struct group_info *group_info; int retval; if (!capable(CAP_SETGID)) return -EPERM; - if ((unsigned) gidsetsize > NGROUPS) + if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; - if (copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t))) - return -EFAULT; - retval = security_task_setgroups(gidsetsize, groups); - if (retval) + + group_info = groups_alloc(gidsetsize); + if (!group_info) + return -ENOMEM; + retval = groups_from_user(group_info, grouplist); + if (retval) { + put_group_info(group_info); return retval; - memcpy(current->groups, groups, gidsetsize * sizeof(gid_t)); - current->ngroups = gidsetsize; - return 0; -} + } -static int supplemental_group_member(gid_t grp) -{ - int i = current->ngroups; + retval = set_current_groups(group_info); + if (retval) + put_group_info(group_info); - if (i) { - gid_t *groups = current->groups; - do { - if (*groups == grp) - return 1; - groups++; - i--; - } while (i); - } - return 0; + return retval; } /* @@ -1156,8 +1316,11 @@ static int supplemental_group_member(gid int in_group_p(gid_t grp) { int retval = 1; - if (grp != current->fsgid) - retval = supplemental_group_member(grp); + if (grp != current->fsgid) { + get_group_info(current->group_info); + retval = groups_search(current->group_info, grp); + put_group_info(current->group_info); + } return retval; } @@ -1166,8 +1329,11 @@ EXPORT_SYMBOL(in_group_p); int in_egroup_p(gid_t grp) { int retval = 1; - if (grp != current->egid) - retval = supplemental_group_member(grp); + if (grp != current->egid) { + get_group_info(current->group_info); + retval = groups_search(current->group_info, grp); + put_group_info(current->group_info); + } return retval; } diff -puN kernel/uid16.c~increase-NGROUPS kernel/uid16.c --- 25/kernel/uid16.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/kernel/uid16.c Thu Jan 29 14:16:07 2004 @@ -107,45 +107,96 @@ asmlinkage long sys_setfsgid16(old_gid_t return sys_setfsgid((gid_t)gid); } +static int groups16_to_user(old_gid_t __user *grouplist, + struct group_info *group_info) +{ + int i; + old_gid_t group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_WRITE, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + group = (old_gid_t)GROUP_AT(group_info, i); + if (__put_user(group, grouplist+i)) + return -EFAULT; + } + + return 0; +} + +static int groups16_from_user(struct group_info *group_info, + old_gid_t __user *grouplist) +{ + int i; + old_gid_t group; + + if (group_info->ngroups > TASK_SIZE/sizeof(group)) + return -EFAULT; + if (!access_ok(VERIFY_READ, grouplist, + group_info->ngroups * sizeof(group))) + return -EFAULT; + + for (i = 0; i < group_info->ngroups; i++) { + if (__get_user(group, grouplist+i)) + return -EFAULT; + GROUP_AT(group_info, i) = (gid_t)group; + } + + return 0; +} + asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) { - old_gid_t groups[NGROUPS]; - int i,j; + int i = 0; if (gidsetsize < 0) return -EINVAL; - i = current->ngroups; + + get_group_info(current->group_info); + i = current->group_info->ngroups; if (gidsetsize) { - if (i > gidsetsize) - return -EINVAL; - for(j=0;jgroups[j]; - if (copy_to_user(grouplist, groups, sizeof(old_gid_t)*i)) - return -EFAULT; + if (i > gidsetsize) { + i = -EINVAL; + goto out; + } + if (groups16_to_user(grouplist, current->group_info)) { + i = -EFAULT; + goto out; + } } +out: + put_group_info(current->group_info); return i; } asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) { - old_gid_t groups[NGROUPS]; - gid_t new_groups[NGROUPS]; - int i; + struct group_info *group_info; + int retval; if (!capable(CAP_SETGID)) return -EPERM; - if ((unsigned) gidsetsize > NGROUPS) + if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; - if (copy_from_user(groups, grouplist, gidsetsize * sizeof(old_gid_t))) - return -EFAULT; - for (i = 0 ; i < gidsetsize ; i++) - new_groups[i] = (gid_t)groups[i]; - i = security_task_setgroups(gidsetsize, new_groups); - if (i) - return i; - memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t)); - current->ngroups = gidsetsize; - return 0; + + group_info = groups_alloc(gidsetsize); + if (!group_info) + return -ENOMEM; + retval = groups16_from_user(group_info, grouplist); + if (retval) { + put_group_info(group_info); + return retval; + } + + retval = set_current_groups(group_info); + if (retval) + put_group_info(group_info); + + return retval; } asmlinkage long sys_getuid16(void) diff -puN net/sunrpc/auth.c~increase-NGROUPS net/sunrpc/auth.c --- 25/net/sunrpc/auth.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/net/sunrpc/auth.c Thu Jan 29 14:16:07 2004 @@ -255,34 +255,41 @@ retry: struct rpc_cred * rpcauth_lookupcred(struct rpc_auth *auth, int taskflags) { - struct auth_cred acred = { - .uid = current->fsuid, - .gid = current->fsgid, - .ngroups = current->ngroups, - .groups = current->groups, - }; + struct auth_cred acred; + struct rpc_cred *ret; + + get_group_info(current->group_info); + acred.uid = current->fsuid; + acred.gid = current->fsgid; + acred.group_info = current->group_info; + dprintk("RPC: looking up %s cred\n", auth->au_ops->au_name); - return rpcauth_lookup_credcache(auth, &acred, taskflags); + ret = rpcauth_lookup_credcache(auth, &acred, taskflags); + put_group_info(current->group_info); + return ret; } struct rpc_cred * rpcauth_bindcred(struct rpc_task *task) { struct rpc_auth *auth = task->tk_auth; - struct auth_cred acred = { - .uid = current->fsuid, - .gid = current->fsgid, - .ngroups = current->ngroups, - .groups = current->groups, - }; + struct auth_cred acred; + struct rpc_cred *ret; + + get_group_info(current->group_info); + acred.uid = current->fsuid; + acred.gid = current->fsgid; + acred.group_info = current->group_info; dprintk("RPC: %4d looking up %s cred\n", task->tk_pid, task->tk_auth->au_ops->au_name); task->tk_msg.rpc_cred = rpcauth_lookup_credcache(auth, &acred, task->tk_flags); if (task->tk_msg.rpc_cred == 0) task->tk_status = -ENOMEM; - return task->tk_msg.rpc_cred; + ret = task->tk_msg.rpc_cred; + put_group_info(current->group_info); + return ret; } void diff -puN net/sunrpc/auth_unix.c~increase-NGROUPS net/sunrpc/auth_unix.c --- 25/net/sunrpc/auth_unix.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/net/sunrpc/auth_unix.c Thu Jan 29 14:16:07 2004 @@ -82,7 +82,7 @@ unx_create_cred(struct rpc_auth *auth, s cred->uc_gid = cred->uc_pgid = 0; cred->uc_gids[0] = NOGROUP; } else { - int groups = acred->ngroups; + int groups = acred->group_info->ngroups; if (groups > NFS_NGROUPS) groups = NFS_NGROUPS; @@ -91,7 +91,7 @@ unx_create_cred(struct rpc_auth *auth, s cred->uc_puid = current->uid; cred->uc_pgid = current->gid; for (i = 0; i < groups; i++) - cred->uc_gids[i] = (gid_t) acred->groups[i]; + cred->uc_gids[i] = GROUP_AT(acred->group_info, i); if (i < NFS_NGROUPS) cred->uc_gids[i] = NOGROUP; } @@ -126,11 +126,11 @@ unx_match(struct auth_cred *acred, struc || cred->uc_pgid != current->gid) return 0; - groups = acred->ngroups; + groups = acred->group_info->ngroups; if (groups > NFS_NGROUPS) groups = NFS_NGROUPS; for (i = 0; i < groups ; i++) - if (cred->uc_gids[i] != (gid_t) acred->groups[i]) + if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) return 0; return 1; } diff -puN net/sunrpc/svcauth_unix.c~increase-NGROUPS net/sunrpc/svcauth_unix.c --- 25/net/sunrpc/svcauth_unix.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/net/sunrpc/svcauth_unix.c Thu Jan 29 14:16:07 2004 @@ -434,11 +434,11 @@ svcauth_unix_accept(struct svc_rqst *rqs if (slen > 16 || (len -= (slen + 2)*4) < 0) goto badcred; for (i = 0; i < slen; i++) - if (i < NGROUPS) + if (i < SVC_CRED_NGROUPS) cred->cr_groups[i] = ntohl(svc_getu32(argv)); else svc_getu32(argv); - if (i < NGROUPS) + if (i < SVC_CRED_NGROUPS) cred->cr_groups[i] = NOGROUP; if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) { diff -puN security/dummy.c~increase-NGROUPS security/dummy.c --- 25/security/dummy.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/security/dummy.c Thu Jan 29 14:16:07 2004 @@ -539,7 +539,7 @@ static int dummy_task_getsid (struct tas return 0; } -static int dummy_task_setgroups (int gidsetsize, gid_t * grouplist) +static int dummy_task_setgroups (struct group_info *group_info) { return 0; } diff -puN security/selinux/hooks.c~increase-NGROUPS security/selinux/hooks.c --- 25/security/selinux/hooks.c~increase-NGROUPS Thu Jan 29 14:16:07 2004 +++ 25-akpm/security/selinux/hooks.c Thu Jan 29 14:16:07 2004 @@ -2265,7 +2265,7 @@ static int selinux_task_getsid(struct ta return task_has_perm(current, p, PROCESS__GETSESSION); } -static int selinux_task_setgroups(int gidsetsize, gid_t *grouplist) +static int selinux_task_setgroups(struct group_info *group_info) { /* See the comment for setuid above. */ return 0; _