diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2011-06-20 19:06:22 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-07-20 01:43:19 -0400 |
commit | 9c2c703929e4c41210cfa6e3f599514421bab8dc (patch) | |
tree | 2086738f22755ad18ba18ab2ee0f2b23d651da60 /fs | |
parent | 1fc0f78ca9f311c6277e2f1b7655bb4d43ceb311 (diff) |
->permission() sanitizing: pass MAY_NOT_BLOCK to ->check_acl()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/9p/acl.c | 2 | ||||
-rw-r--r-- | fs/btrfs/acl.c | 3 | ||||
-rw-r--r-- | fs/ext2/acl.c | 2 | ||||
-rw-r--r-- | fs/ext3/acl.c | 2 | ||||
-rw-r--r-- | fs/ext4/acl.c | 2 | ||||
-rw-r--r-- | fs/generic_acl.c | 2 | ||||
-rw-r--r-- | fs/gfs2/acl.c | 2 | ||||
-rw-r--r-- | fs/jffs2/acl.c | 2 | ||||
-rw-r--r-- | fs/jfs/acl.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 4 | ||||
-rw-r--r-- | fs/ocfs2/acl.c | 2 | ||||
-rw-r--r-- | fs/reiserfs/xattr.c | 2 | ||||
-rw-r--r-- | fs/xfs/linux-2.6/xfs_acl.c | 2 |
13 files changed, 14 insertions, 15 deletions
diff --git a/fs/9p/acl.c b/fs/9p/acl.c index 535ab6eccb1a..94af68b092af 100644 --- a/fs/9p/acl.c +++ b/fs/9p/acl.c | |||
@@ -101,7 +101,7 @@ int v9fs_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
101 | struct posix_acl *acl; | 101 | struct posix_acl *acl; |
102 | struct v9fs_session_info *v9ses; | 102 | struct v9fs_session_info *v9ses; |
103 | 103 | ||
104 | if (flags & IPERM_FLAG_RCU) | 104 | if (mask & MAY_NOT_BLOCK) |
105 | return -ECHILD; | 105 | return -ECHILD; |
106 | 106 | ||
107 | v9ses = v9fs_inode2v9ses(inode); | 107 | v9ses = v9fs_inode2v9ses(inode); |
diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c index f66fc9959733..a25a4a2e0df2 100644 --- a/fs/btrfs/acl.c +++ b/fs/btrfs/acl.c | |||
@@ -199,10 +199,9 @@ int btrfs_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
199 | { | 199 | { |
200 | int error = -EAGAIN; | 200 | int error = -EAGAIN; |
201 | 201 | ||
202 | if (flags & IPERM_FLAG_RCU) { | 202 | if (mask & MAY_NOT_BLOCK) { |
203 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 203 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
204 | error = -ECHILD; | 204 | error = -ECHILD; |
205 | |||
206 | } else { | 205 | } else { |
207 | struct posix_acl *acl; | 206 | struct posix_acl *acl; |
208 | acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS); | 207 | acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS); |
diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c index abea5a17c764..6b9442d1be52 100644 --- a/fs/ext2/acl.c +++ b/fs/ext2/acl.c | |||
@@ -236,7 +236,7 @@ ext2_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
236 | { | 236 | { |
237 | struct posix_acl *acl; | 237 | struct posix_acl *acl; |
238 | 238 | ||
239 | if (flags & IPERM_FLAG_RCU) { | 239 | if (mask & MAY_NOT_BLOCK) { |
240 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 240 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
241 | return -ECHILD; | 241 | return -ECHILD; |
242 | return -EAGAIN; | 242 | return -EAGAIN; |
diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c index 9d021c0d472a..0a6940d6c30c 100644 --- a/fs/ext3/acl.c +++ b/fs/ext3/acl.c | |||
@@ -244,7 +244,7 @@ ext3_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
244 | { | 244 | { |
245 | struct posix_acl *acl; | 245 | struct posix_acl *acl; |
246 | 246 | ||
247 | if (flags & IPERM_FLAG_RCU) { | 247 | if (mask & MAY_NOT_BLOCK) { |
248 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 248 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
249 | return -ECHILD; | 249 | return -ECHILD; |
250 | return -EAGAIN; | 250 | return -EAGAIN; |
diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c index 21eacd7b7d79..4f54252e439e 100644 --- a/fs/ext4/acl.c +++ b/fs/ext4/acl.c | |||
@@ -242,7 +242,7 @@ ext4_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
242 | { | 242 | { |
243 | struct posix_acl *acl; | 243 | struct posix_acl *acl; |
244 | 244 | ||
245 | if (flags & IPERM_FLAG_RCU) { | 245 | if (mask & MAY_NOT_BLOCK) { |
246 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 246 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
247 | return -ECHILD; | 247 | return -ECHILD; |
248 | return -EAGAIN; | 248 | return -EAGAIN; |
diff --git a/fs/generic_acl.c b/fs/generic_acl.c index 8f26d1a58912..5976bb1fa4ca 100644 --- a/fs/generic_acl.c +++ b/fs/generic_acl.c | |||
@@ -192,7 +192,7 @@ generic_acl_chmod(struct inode *inode) | |||
192 | int | 192 | int |
193 | generic_check_acl(struct inode *inode, int mask, unsigned int flags) | 193 | generic_check_acl(struct inode *inode, int mask, unsigned int flags) |
194 | { | 194 | { |
195 | if (flags & IPERM_FLAG_RCU) { | 195 | if (mask & MAY_NOT_BLOCK) { |
196 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 196 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
197 | return -ECHILD; | 197 | return -ECHILD; |
198 | } else { | 198 | } else { |
diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c index cbc07155b1a0..4d97352d39a1 100644 --- a/fs/gfs2/acl.c +++ b/fs/gfs2/acl.c | |||
@@ -80,7 +80,7 @@ int gfs2_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
80 | struct posix_acl *acl; | 80 | struct posix_acl *acl; |
81 | int error; | 81 | int error; |
82 | 82 | ||
83 | if (flags & IPERM_FLAG_RCU) { | 83 | if (mask & MAY_NOT_BLOCK) { |
84 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 84 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
85 | return -ECHILD; | 85 | return -ECHILD; |
86 | return -EAGAIN; | 86 | return -EAGAIN; |
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c index 828a0e1ea438..952afb59e6f1 100644 --- a/fs/jffs2/acl.c +++ b/fs/jffs2/acl.c | |||
@@ -264,7 +264,7 @@ int jffs2_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
264 | struct posix_acl *acl; | 264 | struct posix_acl *acl; |
265 | int rc; | 265 | int rc; |
266 | 266 | ||
267 | if (flags & IPERM_FLAG_RCU) | 267 | if (mask & MAY_NOT_BLOCK) |
268 | return -ECHILD; | 268 | return -ECHILD; |
269 | 269 | ||
270 | acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS); | 270 | acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS); |
diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c index e5de9422fa32..859ae5a92166 100644 --- a/fs/jfs/acl.c +++ b/fs/jfs/acl.c | |||
@@ -118,7 +118,7 @@ int jfs_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
118 | { | 118 | { |
119 | struct posix_acl *acl; | 119 | struct posix_acl *acl; |
120 | 120 | ||
121 | if (flags & IPERM_FLAG_RCU) | 121 | if (mask & MAY_NOT_BLOCK) |
122 | return -ECHILD; | 122 | return -ECHILD; |
123 | 123 | ||
124 | acl = jfs_get_acl(inode, ACL_TYPE_ACCESS); | 124 | acl = jfs_get_acl(inode, ACL_TYPE_ACCESS); |
diff --git a/fs/namei.c b/fs/namei.c index 723a3fe4bc40..e0624e2f0bba 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -181,7 +181,7 @@ static int acl_permission_check(struct inode *inode, int mask, unsigned int flag | |||
181 | int (*check_acl)(struct inode *inode, int mask, unsigned int flags); | 181 | int (*check_acl)(struct inode *inode, int mask, unsigned int flags); |
182 | unsigned int mode = inode->i_mode; | 182 | unsigned int mode = inode->i_mode; |
183 | 183 | ||
184 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | 184 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK; |
185 | 185 | ||
186 | if (current_user_ns() != inode_userns(inode)) | 186 | if (current_user_ns() != inode_userns(inode)) |
187 | goto other_perms; | 187 | goto other_perms; |
@@ -204,7 +204,7 @@ other_perms: | |||
204 | /* | 204 | /* |
205 | * If the DACs are ok we don't need any capability check. | 205 | * If the DACs are ok we don't need any capability check. |
206 | */ | 206 | */ |
207 | if ((mask & ~mode) == 0) | 207 | if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0) |
208 | return 0; | 208 | return 0; |
209 | return -EACCES; | 209 | return -EACCES; |
210 | } | 210 | } |
diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c index e913ad130fdd..4b683ccc4506 100644 --- a/fs/ocfs2/acl.c +++ b/fs/ocfs2/acl.c | |||
@@ -297,7 +297,7 @@ int ocfs2_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
297 | struct posix_acl *acl; | 297 | struct posix_acl *acl; |
298 | int ret = -EAGAIN; | 298 | int ret = -EAGAIN; |
299 | 299 | ||
300 | if (flags & IPERM_FLAG_RCU) | 300 | if (mask & MAY_NOT_BLOCK) |
301 | return -ECHILD; | 301 | return -ECHILD; |
302 | 302 | ||
303 | osb = OCFS2_SB(inode->i_sb); | 303 | osb = OCFS2_SB(inode->i_sb); |
diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index ddc5301d2986..6747470ec103 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c | |||
@@ -879,7 +879,7 @@ int reiserfs_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
879 | if (get_inode_sd_version(inode) == STAT_DATA_V1) | 879 | if (get_inode_sd_version(inode) == STAT_DATA_V1) |
880 | return -EAGAIN; | 880 | return -EAGAIN; |
881 | 881 | ||
882 | if (flags & IPERM_FLAG_RCU) | 882 | if (mask & MAY_NOT_BLOCK) |
883 | return -ECHILD; | 883 | return -ECHILD; |
884 | 884 | ||
885 | acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS); | 885 | acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS); |
diff --git a/fs/xfs/linux-2.6/xfs_acl.c b/fs/xfs/linux-2.6/xfs_acl.c index 39f4f809bb68..278e6736135a 100644 --- a/fs/xfs/linux-2.6/xfs_acl.c +++ b/fs/xfs/linux-2.6/xfs_acl.c | |||
@@ -235,7 +235,7 @@ xfs_check_acl(struct inode *inode, int mask, unsigned int flags) | |||
235 | if (!XFS_IFORK_Q(ip)) | 235 | if (!XFS_IFORK_Q(ip)) |
236 | return -EAGAIN; | 236 | return -EAGAIN; |
237 | 237 | ||
238 | if (flags & IPERM_FLAG_RCU) { | 238 | if (mask & MAY_NOT_BLOCK) { |
239 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) | 239 | if (!negative_cached_acl(inode, ACL_TYPE_ACCESS)) |
240 | return -ECHILD; | 240 | return -ECHILD; |
241 | return -EAGAIN; | 241 | return -EAGAIN; |