diff options
| author | Miklos Szeredi <miklos@szeredi.hu> | 2008-07-02 15:12:01 -0400 |
|---|---|---|
| committer | Steven Whitehouse <swhiteho@redhat.com> | 2008-07-03 05:22:01 -0400 |
| commit | f58ba889106af60f52af792efbe1973e458a2138 (patch) | |
| tree | f81426c7f611b74dec685cd416d3da8e7fe647d2 /fs/gfs2/ops_file.c | |
| parent | f17172e00167238cc5e4f61ac4e78c68e5c558ec (diff) | |
[GFS2] don't call permission()
GFS2 calls permission() to verify permissions after locks on the files
have been taken.
For this it's sufficient to call gfs2_permission() instead. This
results in the following changes:
- IS_RDONLY() check is not performed
- IS_IMMUTABLE() check is not performed
- devcgroup_inode_permission() is not called
- security_inode_permission() is not called
IS_RDONLY() should be unnecessary anyway, as the per-mount read-only
flag should provide protection against read-only remounts during
operations. do_gfs2_set_flags() has been fixed to perform
mnt_want_write()/mnt_drop_write() to protect against remounting
read-only.
IS_IMMUTABLE has been added to gfs2_permission()
Repeating the security checks seems to be pointless, as they don't
normally change, and if they do, it's independent of the filesystem
state.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2/ops_file.c')
| -rw-r--r-- | fs/gfs2/ops_file.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/fs/gfs2/ops_file.c b/fs/gfs2/ops_file.c index 0ff512a11925..1737af98a420 100644 --- a/fs/gfs2/ops_file.c +++ b/fs/gfs2/ops_file.c | |||
| @@ -15,6 +15,7 @@ | |||
| 15 | #include <linux/uio.h> | 15 | #include <linux/uio.h> |
| 16 | #include <linux/blkdev.h> | 16 | #include <linux/blkdev.h> |
| 17 | #include <linux/mm.h> | 17 | #include <linux/mm.h> |
| 18 | #include <linux/mount.h> | ||
| 18 | #include <linux/fs.h> | 19 | #include <linux/fs.h> |
| 19 | #include <linux/gfs2_ondisk.h> | 20 | #include <linux/gfs2_ondisk.h> |
| 20 | #include <linux/ext2_fs.h> | 21 | #include <linux/ext2_fs.h> |
| @@ -220,10 +221,14 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) | |||
| 220 | int error; | 221 | int error; |
| 221 | u32 new_flags, flags; | 222 | u32 new_flags, flags; |
| 222 | 223 | ||
| 223 | error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh); | 224 | error = mnt_want_write(filp->f_path.mnt); |
| 224 | if (error) | 225 | if (error) |
| 225 | return error; | 226 | return error; |
| 226 | 227 | ||
| 228 | error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh); | ||
| 229 | if (error) | ||
| 230 | goto out_drop_write; | ||
| 231 | |||
| 227 | flags = ip->i_di.di_flags; | 232 | flags = ip->i_di.di_flags; |
| 228 | new_flags = (flags & ~mask) | (reqflags & mask); | 233 | new_flags = (flags & ~mask) | (reqflags & mask); |
| 229 | if ((new_flags ^ flags) == 0) | 234 | if ((new_flags ^ flags) == 0) |
| @@ -242,7 +247,7 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) | |||
| 242 | !capable(CAP_LINUX_IMMUTABLE)) | 247 | !capable(CAP_LINUX_IMMUTABLE)) |
| 243 | goto out; | 248 | goto out; |
| 244 | if (!IS_IMMUTABLE(inode)) { | 249 | if (!IS_IMMUTABLE(inode)) { |
| 245 | error = permission(inode, MAY_WRITE, NULL); | 250 | error = gfs2_permission(inode, MAY_WRITE); |
| 246 | if (error) | 251 | if (error) |
| 247 | goto out; | 252 | goto out; |
| 248 | } | 253 | } |
| @@ -272,6 +277,8 @@ out_trans_end: | |||
| 272 | gfs2_trans_end(sdp); | 277 | gfs2_trans_end(sdp); |
| 273 | out: | 278 | out: |
| 274 | gfs2_glock_dq_uninit(&gh); | 279 | gfs2_glock_dq_uninit(&gh); |
| 280 | out_drop_write: | ||
| 281 | mnt_drop_write(filp->f_path.mnt); | ||
| 275 | return error; | 282 | return error; |
| 276 | } | 283 | } |
| 277 | 284 | ||