[GFS2] don't call permission()

GFS2 calls permission() to verify permissions after locks on the files have been taken. For this it's sufficient to call gfs2_permission() instead. This results in the following changes: - IS_RDONLY() check is not performed - IS_IMMUTABLE() check is not performed - devcgroup_inode_permission() is not called - security_inode_permission() is not called IS_RDONLY() should be unnecessary anyway, as the per-mount read-only flag should provide protection against read-only remounts during operations. do_gfs2_set_flags() has been fixed to perform mnt_want_write()/mnt_drop_write() to protect against remounting read-only. IS_IMMUTABLE has been added to gfs2_permission() Repeating the security checks seems to be pointless, as they don't normally change, and if they do, it's independent of the filesystem state. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
author: Miklos Szeredi <miklos@szeredi.hu> 2008-07-02 15:12:01 -0400
committer: Steven Whitehouse <swhiteho@redhat.com> 2008-07-03 05:22:01 -0400
commit: f58ba889106af60f52af792efbe1973e458a2138 (patch)
tree: f81426c7f611b74dec685cd416d3da8e7fe647d2 /fs/gfs2/inode.c
parent: f17172e00167238cc5e4f61ac4e78c68e5c558ec (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index 09453d057e41..caf409083354 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -504,7 +504,7 @@ struct inode *gfs2_lookupi(struct inode *dir, const struct qstr *name,
        }
        if (!is_root) {
-                error = permission(dir, MAY_EXEC, NULL);
+                error = gfs2_permission(dir, MAY_EXEC);
                if (error)
                        goto out;
        }
@@ -667,7 +667,7 @@ static int create_ok(struct gfs2_inode *dip, const struct qstr *name,
 {
        int error;
-        error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL);
+        error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC);
        if (error)
                return error;
@@ -1134,7 +1134,7 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name,
        if (IS_APPEND(&dip->i_inode))
                return -EPERM;
-        error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL);
+        error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC);
        if (error)
                return error;
author	Miklos Szeredi <miklos@szeredi.hu>	2008-07-02 15:12:01 -0400
committer	Steven Whitehouse <swhiteho@redhat.com>	2008-07-03 05:22:01 -0400
commit	f58ba889106af60f52af792efbe1973e458a2138 (patch)
tree	f81426c7f611b74dec685cd416d3da8e7fe647d2 /fs/gfs2/inode.c
parent	f17172e00167238cc5e4f61ac4e78c68e5c558ec (diff)

diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 09453d057e41..caf409083354 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c
@@ -504,7 +504,7 @@ struct inode gfs2_lookupi(struct inode dir, const struct qstr *name,
504	}	504	}
505		505
506	if (!is_root) {	506	if (!is_root) {
507	error = permission(dir, MAY_EXEC, NULL);	507	error = gfs2_permission(dir, MAY_EXEC);
508	if (error)	508	if (error)
509	goto out;	509	goto out;
510	}	510	}
@@ -667,7 +667,7 @@ static int create_ok(struct gfs2_inode dip, const struct qstr name,
667	{	667	{
668	int error;	668	int error;
669		669
670	error = permission(&dip->i_inode, MAY_WRITE \| MAY_EXEC, NULL);	670	error = gfs2_permission(&dip->i_inode, MAY_WRITE \| MAY_EXEC);
671	if (error)	671	if (error)
672	return error;	672	return error;
673		673
@@ -1134,7 +1134,7 @@ int gfs2_unlink_ok(struct gfs2_inode dip, const struct qstr name,
1134	if (IS_APPEND(&dip->i_inode))	1134	if (IS_APPEND(&dip->i_inode))
1135	return -EPERM;	1135	return -EPERM;
1136		1136
1137	error = permission(&dip->i_inode, MAY_WRITE \| MAY_EXEC, NULL);	1137	error = gfs2_permission(&dip->i_inode, MAY_WRITE \| MAY_EXEC);
1138	if (error)	1138	if (error)
1139	return error;	1139	return error;
1140		1140