Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: devcgroup_inode_permission: take "is it a device node" checks to inlined wrapper fix comment in generic_permission() kill obsolete comment for follow_down() proc_sys_permission() is OK in RCU mode reiserfs_permission() doesn't need to bail out in RCU mode proc_fd_permission() is doesn't need to bail out in RCU mode nilfs2_permission() doesn't need to bail out in RCU mode logfs doesn't need ->permission() at all coda_ioctl_permission() is safe in RCU mode cifs_permission() doesn't need to bail out in RCU mode bad_inode_permission() is safe from RCU mode ubifs: dereferencing an ERR_PTR in ubifs_mount()
author: Linus Torvalds <torvalds@linux-foundation.org> 2011-06-20 23:09:15 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2011-06-20 23:09:15 -0400
commit: 36698206504fca9198b8563f1fc2c9e38e063e11 (patch)
tree: f02b63c9b35a7962786b5dcdb1af15a63f5de1cf
parent: ef46222e7b56e728e423527d430cb2013c595491 (diff)
parent: 482e0cd3dbaa70f2a2bead4b5f2c0d203ef654ba (diff)
12 files changed, 15 insertions, 44 deletions
diff --git a/fs/bad_inode.c b/fs/bad_inode.c
index 9ad2369d9e35..bfcb18feb1df 100644
--- a/fs/bad_inode.c
+++ b/fs/bad_inode.c
@@ -231,9 +231,6 @@ static int bad_inode_readlink(struct dentry *dentry, char __user *buffer,
 static int bad_inode_permission(struct inode *inode, int mask, unsigned int flags)
 {
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
        return -EIO;
 }
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index e9def996e383..2f0c58646c10 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -257,9 +257,6 @@ static int cifs_permission(struct inode *inode, int mask, unsigned int flags)
 {
        struct cifs_sb_info *cifs_sb;
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
        cifs_sb = CIFS_SB(inode->i_sb);
        if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM) {
diff --git a/fs/coda/pioctl.c b/fs/coda/pioctl.c
index 6cbb3afb36dc..cb140ef293e4 100644
--- a/fs/coda/pioctl.c
+++ b/fs/coda/pioctl.c
@@ -43,8 +43,6 @@ const struct file_operations coda_ioctl_operations = {
 /* the coda pioctl inode ops */
 static int coda_ioctl_permission(struct inode *inode, int mask, unsigned int flags)
 {
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
        return (mask & MAY_EXEC) ? -EACCES : 0;
 }
diff --git a/fs/logfs/dir.c b/fs/logfs/dir.c
index 9ed89d1663f8..1afae26cf236 100644
--- a/fs/logfs/dir.c
+++ b/fs/logfs/dir.c
@@ -555,13 +555,6 @@ static int logfs_symlink(struct inode *dir, struct dentry *dentry,
        return __logfs_create(dir, dentry, inode, target, destlen);
 }
-static int logfs_permission(struct inode *inode, int mask, unsigned int flags)
-{
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
-        return generic_permission(inode, mask, flags, NULL);
-}
 static int logfs_link(struct dentry *old_dentry, struct inode *dir,
                struct dentry *dentry)
 {
@@ -820,7 +813,6 @@ const struct inode_operations logfs_dir_iops = {
        .mknod          = logfs_mknod,
        .rename         = logfs_rename,
        .rmdir          = logfs_rmdir,
-        .permission     = logfs_permission,
        .symlink        = logfs_symlink,
        .unlink         = logfs_unlink,
 };
diff --git a/fs/namei.c b/fs/namei.c
index 9e425e7e6c8f..0223c41fb114 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -238,7 +238,8 @@ int generic_permission(struct inode *inode, int mask, unsigned int flags,
        /*
         * Read/write DACs are always overridable.
-         * Executable DACs are overridable if at least one exec bit is set.
+         * Executable DACs are overridable for all directories and
+         * for non-directories that have least one exec bit set.
         */
        if (!(mask & MAY_EXEC) || execute_ok(inode))
                if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
@@ -1011,9 +1012,6 @@ failed:
 * Follow down to the covering mount currently visible to userspace.  At each
 * point, the filesystem owning that dentry may be queried as to whether the
 * caller is permitted to proceed or not.
- *
- * Care must be taken as namespace_sem may be held (indicated by mounting_here
- * being true).
 */
 int follow_down(struct path *path)
 {
diff --git a/fs/nilfs2/inode.c b/fs/nilfs2/inode.c
index b954878ad6ce..b9b45fc2903e 100644
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -801,12 +801,7 @@ out_err:
 int nilfs_permission(struct inode *inode, int mask, unsigned int flags)
 {
-        struct nilfs_root *root;
+        struct nilfs_root *root = NILFS_I(inode)->i_root;
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
-        root = NILFS_I(inode)->i_root;
        if ((mask & MAY_WRITE) && root &&
            root->cno != NILFS_CPTREE_CURRENT_CNO)
                return -EROFS; /* snapshot is not writable */
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 14def991d9dd..8a84210ca080 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2169,11 +2169,7 @@ static const struct file_operations proc_fd_operations = {
 */
 static int proc_fd_permission(struct inode *inode, int mask, unsigned int flags)
 {
-        int rv;
+        int rv = generic_permission(inode, mask, flags, NULL);
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
-        rv = generic_permission(inode, mask, flags, NULL);
        if (rv == 0)
                return 0;
        if (task_pid(current) == proc_pid(inode))
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index f50133c11c24..d167de365a8d 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -304,9 +304,6 @@ static int proc_sys_permission(struct inode *inode, int mask,unsigned int flags)
        struct ctl_table *table;
        int error;
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
        /* Executable files are not allowed under /proc/sys/ */
        if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))
                return -EACCES;
diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
index e8a62f41b458..d78089690965 100644
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -954,8 +954,6 @@ static int xattr_mount_check(struct super_block *s)
 int reiserfs_permission(struct inode *inode, int mask, unsigned int flags)
 {
-        if (flags & IPERM_FLAG_RCU)
-                return -ECHILD;
        /*
         * We don't do permission checks on the internal objects.
         * Permissions are determined by the "owning" object.
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 8c892c2d5300..529be0582029 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -2146,6 +2146,7 @@ static struct dentry *ubifs_mount(struct file_system_type *fs_type, int flags,
        if (IS_ERR(sb)) {
                err = PTR_ERR(sb);
                kfree(c);
+                goto out_close;
        }
        if (sb->s_root) {
diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h
index 0b0d9c39ed67..7aad1f440867 100644
--- a/include/linux/device_cgroup.h
+++ b/include/linux/device_cgroup.h
@@ -2,8 +2,16 @@
 #include <linux/fs.h>
 #ifdef CONFIG_CGROUP_DEVICE
-extern int devcgroup_inode_permission(struct inode *inode, int mask);
+extern int __devcgroup_inode_permission(struct inode *inode, int mask);
 extern int devcgroup_inode_mknod(int mode, dev_t dev);
+static inline int devcgroup_inode_permission(struct inode *inode, int mask)
+{
+        if (likely(!inode->i_rdev))
+                return 0;
+        if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode))
+                return 0;
+        return __devcgroup_inode_permission(inode, mask);
+}
 #else
 static inline int devcgroup_inode_permission(struct inode *inode, int mask)
 { return 0; }
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index cd1f779fa51d..1be68269e1c2 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -474,17 +474,11 @@ struct cgroup_subsys devices_subsys = {
        .subsys_id = devices_subsys_id,
 };
-int devcgroup_inode_permission(struct inode *inode, int mask)
+int __devcgroup_inode_permission(struct inode *inode, int mask)
 {
        struct dev_cgroup *dev_cgroup;
        struct dev_whitelist_item *wh;
-        dev_t device = inode->i_rdev;
-        if (!device)
-                return 0;
-        if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode))
-                return 0;
        rcu_read_lock();
        dev_cgroup = task_devcgroup(current);
author	Linus Torvalds <torvalds@linux-foundation.org>	2011-06-20 23:09:15 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2011-06-20 23:09:15 -0400
commit	36698206504fca9198b8563f1fc2c9e38e063e11 (patch)
tree	f02b63c9b35a7962786b5dcdb1af15a63f5de1cf
parent	ef46222e7b56e728e423527d430cb2013c595491 (diff)
parent	482e0cd3dbaa70f2a2bead4b5f2c0d203ef654ba (diff)