->permission() sanitizing: don't pass flags to exec_permission()

pass mask instead; kill security_inode_exec_permission() since we can use security_inode_permission() instead. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2011-06-20 19:48:41 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2011-07-20 01:43:29 -0400
commit: eecdd358b467405a084d400d5ec571bbdbfe97a3 (patch)
tree: 357332873b909a19964e77dbae3c4aed5c100dc6 /fs/namei.c
parent: cf1dd1dae851ce5765cda5de16aa965eef7c2dbf (diff)
1 files changed, 7 insertions, 10 deletions
diff --git a/fs/namei.c b/fs/namei.c
index c5c382620a86..21eba95368f2 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -304,7 +304,7 @@ int inode_permission(struct inode *inode, int mask)
 /**
 * exec_permission  -  check for right to do lookups in a given directory
 * @inode:      inode to check permission on
- * @flags:      IPERM_FLAG_ flags.
+ * @mask:       MAY_EXEC and possibly MAY_NOT_BLOCK flags.
 *
 * Short-cut version of inode_permission(), for calling on directories
 * during pathname resolution.  Combines parts of inode_permission()
@@ -314,13 +314,10 @@ int inode_permission(struct inode *inode, int mask)
 * short-cut DAC fails, then call ->permission() to do more
 * complete permission check.
 */
-static inline int exec_permission(struct inode *inode, unsigned int flags)
+static inline int exec_permission(struct inode *inode, int mask)
 {
        int ret;
        struct user_namespace *ns = inode_userns(inode);
-        int mask = MAY_EXEC;
-        if (flags & IPERM_FLAG_RCU)
-                mask |= MAY_NOT_BLOCK;
        if (inode->i_op->permission) {
                ret = inode->i_op->permission(inode, mask);
@@ -338,7 +335,7 @@ static inline int exec_permission(struct inode *inode, unsigned int flags)
        }
        return ret;
 ok:
-        return security_inode_exec_permission(inode, flags);
+        return security_inode_permission(inode, mask);
 }
 /**
@@ -1214,13 +1211,13 @@ retry:
 static inline int may_lookup(struct nameidata *nd)
 {
        if (nd->flags & LOOKUP_RCU) {
-                int err = exec_permission(nd->inode, IPERM_FLAG_RCU);
+                int err = exec_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
                if (err != -ECHILD)
                        return err;
                if (unlazy_walk(nd, NULL))
                        return -ECHILD;
        }
-        return exec_permission(nd->inode, 0);
+        return exec_permission(nd->inode, MAY_EXEC);
 }
 static inline int handle_dots(struct nameidata *nd, int type)
@@ -1495,7 +1492,7 @@ static int path_init(int dfd, const char *name, unsigned int flags,
                        if (!S_ISDIR(dentry->d_inode->i_mode))
                                goto fput_fail;
-                        retval = exec_permission(dentry->d_inode, 0);
+                        retval = exec_permission(dentry->d_inode, MAY_EXEC);
                        if (retval)
                                goto fput_fail;
                }
@@ -1652,7 +1649,7 @@ static struct dentry *__lookup_hash(struct qstr *name,
        struct dentry *dentry;
        int err;
-        err = exec_permission(inode, 0);
+        err = exec_permission(inode, MAY_EXEC);
        if (err)
                return ERR_PTR(err);
author	Al Viro <viro@zeniv.linux.org.uk>	2011-06-20 19:48:41 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2011-07-20 01:43:29 -0400
commit	eecdd358b467405a084d400d5ec571bbdbfe97a3 (patch)
tree	357332873b909a19964e77dbae3c4aed5c100dc6 /fs/namei.c
parent	cf1dd1dae851ce5765cda5de16aa965eef7c2dbf (diff)