diff options
| author | James Morris <jmorris@namei.org> | 2009-02-05 19:01:45 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-02-05 19:01:45 -0500 |
| commit | cb5629b10d64a8006622ce3a52bc887d91057d69 (patch) | |
| tree | 7c06d8f30783115e3384721046258ce615b129c5 /fs/ubifs/io.c | |
| parent | 8920d5ad6ba74ae8ab020e90cc4d976980e68701 (diff) | |
| parent | f01d1d546abb2f4028b5299092f529eefb01253a (diff) | |
Merge branch 'master' into next
Conflicts:
fs/namei.c
Manually merged per:
diff --cc fs/namei.c
index 734f2b5,bbc15c2..0000000
--- a/fs/namei.c
+++ b/fs/namei.c
@@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char
nd->flags |= LOOKUP_CONTINUE;
err = exec_permission_lite(inode);
if (err == -EAGAIN)
- err = vfs_permission(nd, MAY_EXEC);
+ err = inode_permission(nd->path.dentry->d_inode,
+ MAY_EXEC);
+ if (!err)
+ err = ima_path_check(&nd->path, MAY_EXEC);
if (err)
break;
@@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc
flag &= ~O_TRUNC;
}
- error = vfs_permission(nd, acc_mode);
+ error = inode_permission(inode, acc_mode);
if (error)
return error;
+
- error = ima_path_check(&nd->path,
++ error = ima_path_check(path,
+ acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
+ if (error)
+ return error;
/*
* An append-only file must be opened in append mode for writing.
*/
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/ubifs/io.c')
| -rw-r--r-- | fs/ubifs/io.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/fs/ubifs/io.c b/fs/ubifs/io.c index 01682713af69..e8e632a1dcdf 100644 --- a/fs/ubifs/io.c +++ b/fs/ubifs/io.c | |||
| @@ -29,7 +29,7 @@ | |||
| 29 | * would have been wasted for padding to the nearest minimal I/O unit boundary. | 29 | * would have been wasted for padding to the nearest minimal I/O unit boundary. |
| 30 | * Instead, data first goes to the write-buffer and is flushed when the | 30 | * Instead, data first goes to the write-buffer and is flushed when the |
| 31 | * buffer is full or when it is not used for some time (by timer). This is | 31 | * buffer is full or when it is not used for some time (by timer). This is |
| 32 | * similarto the mechanism is used by JFFS2. | 32 | * similar to the mechanism is used by JFFS2. |
| 33 | * | 33 | * |
| 34 | * Write-buffers are defined by 'struct ubifs_wbuf' objects and protected by | 34 | * Write-buffers are defined by 'struct ubifs_wbuf' objects and protected by |
| 35 | * mutexes defined inside these objects. Since sometimes upper-level code | 35 | * mutexes defined inside these objects. Since sometimes upper-level code |
| @@ -75,7 +75,7 @@ void ubifs_ro_mode(struct ubifs_info *c, int err) | |||
| 75 | * @lnum: logical eraseblock number | 75 | * @lnum: logical eraseblock number |
| 76 | * @offs: offset within the logical eraseblock | 76 | * @offs: offset within the logical eraseblock |
| 77 | * @quiet: print no messages | 77 | * @quiet: print no messages |
| 78 | * @chk_crc: indicates whether to always check the CRC | 78 | * @must_chk_crc: indicates whether to always check the CRC |
| 79 | * | 79 | * |
| 80 | * This function checks node magic number and CRC checksum. This function also | 80 | * This function checks node magic number and CRC checksum. This function also |
| 81 | * validates node length to prevent UBIFS from becoming crazy when an attacker | 81 | * validates node length to prevent UBIFS from becoming crazy when an attacker |
| @@ -83,11 +83,17 @@ void ubifs_ro_mode(struct ubifs_info *c, int err) | |||
| 83 | * node length in the common header could cause UBIFS to read memory outside of | 83 | * node length in the common header could cause UBIFS to read memory outside of |
| 84 | * allocated buffer when checking the CRC checksum. | 84 | * allocated buffer when checking the CRC checksum. |
| 85 | * | 85 | * |
| 86 | * This function returns zero in case of success %-EUCLEAN in case of bad CRC | 86 | * This function may skip data nodes CRC checking if @c->no_chk_data_crc is |
| 87 | * or magic. | 87 | * true, which is controlled by corresponding UBIFS mount option. However, if |
| 88 | * @must_chk_crc is true, then @c->no_chk_data_crc is ignored and CRC is | ||
| 89 | * checked. Similarly, if @c->always_chk_crc is true, @c->no_chk_data_crc is | ||
| 90 | * ignored and CRC is checked. | ||
| 91 | * | ||
| 92 | * This function returns zero in case of success and %-EUCLEAN in case of bad | ||
| 93 | * CRC or magic. | ||
| 88 | */ | 94 | */ |
| 89 | int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, | 95 | int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, |
| 90 | int offs, int quiet, int chk_crc) | 96 | int offs, int quiet, int must_chk_crc) |
| 91 | { | 97 | { |
| 92 | int err = -EINVAL, type, node_len; | 98 | int err = -EINVAL, type, node_len; |
| 93 | uint32_t crc, node_crc, magic; | 99 | uint32_t crc, node_crc, magic; |
| @@ -123,9 +129,9 @@ int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, | |||
| 123 | node_len > c->ranges[type].max_len) | 129 | node_len > c->ranges[type].max_len) |
| 124 | goto out_len; | 130 | goto out_len; |
| 125 | 131 | ||
| 126 | if (!chk_crc && type == UBIFS_DATA_NODE && !c->always_chk_crc) | 132 | if (!must_chk_crc && type == UBIFS_DATA_NODE && !c->always_chk_crc && |
| 127 | if (c->no_chk_data_crc) | 133 | c->no_chk_data_crc) |
| 128 | return 0; | 134 | return 0; |
| 129 | 135 | ||
| 130 | crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8); | 136 | crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8); |
| 131 | node_crc = le32_to_cpu(ch->crc); | 137 | node_crc = le32_to_cpu(ch->crc); |