diff options
author | Miklos Szeredi <miklos@szeredi.hu> | 2008-07-02 15:12:01 -0400 |
---|---|---|
committer | Steven Whitehouse <swhiteho@redhat.com> | 2008-07-03 05:22:01 -0400 |
commit | f58ba889106af60f52af792efbe1973e458a2138 (patch) | |
tree | f81426c7f611b74dec685cd416d3da8e7fe647d2 /fs | |
parent | f17172e00167238cc5e4f61ac4e78c68e5c558ec (diff) |
[GFS2] don't call permission()
GFS2 calls permission() to verify permissions after locks on the files
have been taken.
For this it's sufficient to call gfs2_permission() instead. This
results in the following changes:
- IS_RDONLY() check is not performed
- IS_IMMUTABLE() check is not performed
- devcgroup_inode_permission() is not called
- security_inode_permission() is not called
IS_RDONLY() should be unnecessary anyway, as the per-mount read-only
flag should provide protection against read-only remounts during
operations. do_gfs2_set_flags() has been fixed to perform
mnt_want_write()/mnt_drop_write() to protect against remounting
read-only.
IS_IMMUTABLE has been added to gfs2_permission()
Repeating the security checks seems to be pointless, as they don't
normally change, and if they do, it's independent of the filesystem
state.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/gfs2/inode.c | 6 | ||||
-rw-r--r-- | fs/gfs2/inode.h | 1 | ||||
-rw-r--r-- | fs/gfs2/ops_file.c | 11 | ||||
-rw-r--r-- | fs/gfs2/ops_inode.c | 25 |
4 files changed, 30 insertions, 13 deletions
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 09453d057e41..caf409083354 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c | |||
@@ -504,7 +504,7 @@ struct inode *gfs2_lookupi(struct inode *dir, const struct qstr *name, | |||
504 | } | 504 | } |
505 | 505 | ||
506 | if (!is_root) { | 506 | if (!is_root) { |
507 | error = permission(dir, MAY_EXEC, NULL); | 507 | error = gfs2_permission(dir, MAY_EXEC); |
508 | if (error) | 508 | if (error) |
509 | goto out; | 509 | goto out; |
510 | } | 510 | } |
@@ -667,7 +667,7 @@ static int create_ok(struct gfs2_inode *dip, const struct qstr *name, | |||
667 | { | 667 | { |
668 | int error; | 668 | int error; |
669 | 669 | ||
670 | error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL); | 670 | error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC); |
671 | if (error) | 671 | if (error) |
672 | return error; | 672 | return error; |
673 | 673 | ||
@@ -1134,7 +1134,7 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, | |||
1134 | if (IS_APPEND(&dip->i_inode)) | 1134 | if (IS_APPEND(&dip->i_inode)) |
1135 | return -EPERM; | 1135 | return -EPERM; |
1136 | 1136 | ||
1137 | error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL); | 1137 | error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC); |
1138 | if (error) | 1138 | if (error) |
1139 | return error; | 1139 | return error; |
1140 | 1140 | ||
diff --git a/fs/gfs2/inode.h b/fs/gfs2/inode.h index 580da454b38f..04e9fef3f99a 100644 --- a/fs/gfs2/inode.h +++ b/fs/gfs2/inode.h | |||
@@ -91,6 +91,7 @@ int gfs2_rmdiri(struct gfs2_inode *dip, const struct qstr *name, | |||
91 | struct gfs2_inode *ip); | 91 | struct gfs2_inode *ip); |
92 | int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, | 92 | int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, |
93 | const struct gfs2_inode *ip); | 93 | const struct gfs2_inode *ip); |
94 | int gfs2_permission(struct inode *inode, int mask); | ||
94 | int gfs2_ok_to_move(struct gfs2_inode *this, struct gfs2_inode *to); | 95 | int gfs2_ok_to_move(struct gfs2_inode *this, struct gfs2_inode *to); |
95 | int gfs2_readlinki(struct gfs2_inode *ip, char **buf, unsigned int *len); | 96 | int gfs2_readlinki(struct gfs2_inode *ip, char **buf, unsigned int *len); |
96 | int gfs2_glock_nq_atime(struct gfs2_holder *gh); | 97 | int gfs2_glock_nq_atime(struct gfs2_holder *gh); |
diff --git a/fs/gfs2/ops_file.c b/fs/gfs2/ops_file.c index 0ff512a11925..1737af98a420 100644 --- a/fs/gfs2/ops_file.c +++ b/fs/gfs2/ops_file.c | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/uio.h> | 15 | #include <linux/uio.h> |
16 | #include <linux/blkdev.h> | 16 | #include <linux/blkdev.h> |
17 | #include <linux/mm.h> | 17 | #include <linux/mm.h> |
18 | #include <linux/mount.h> | ||
18 | #include <linux/fs.h> | 19 | #include <linux/fs.h> |
19 | #include <linux/gfs2_ondisk.h> | 20 | #include <linux/gfs2_ondisk.h> |
20 | #include <linux/ext2_fs.h> | 21 | #include <linux/ext2_fs.h> |
@@ -220,10 +221,14 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) | |||
220 | int error; | 221 | int error; |
221 | u32 new_flags, flags; | 222 | u32 new_flags, flags; |
222 | 223 | ||
223 | error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh); | 224 | error = mnt_want_write(filp->f_path.mnt); |
224 | if (error) | 225 | if (error) |
225 | return error; | 226 | return error; |
226 | 227 | ||
228 | error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh); | ||
229 | if (error) | ||
230 | goto out_drop_write; | ||
231 | |||
227 | flags = ip->i_di.di_flags; | 232 | flags = ip->i_di.di_flags; |
228 | new_flags = (flags & ~mask) | (reqflags & mask); | 233 | new_flags = (flags & ~mask) | (reqflags & mask); |
229 | if ((new_flags ^ flags) == 0) | 234 | if ((new_flags ^ flags) == 0) |
@@ -242,7 +247,7 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) | |||
242 | !capable(CAP_LINUX_IMMUTABLE)) | 247 | !capable(CAP_LINUX_IMMUTABLE)) |
243 | goto out; | 248 | goto out; |
244 | if (!IS_IMMUTABLE(inode)) { | 249 | if (!IS_IMMUTABLE(inode)) { |
245 | error = permission(inode, MAY_WRITE, NULL); | 250 | error = gfs2_permission(inode, MAY_WRITE); |
246 | if (error) | 251 | if (error) |
247 | goto out; | 252 | goto out; |
248 | } | 253 | } |
@@ -272,6 +277,8 @@ out_trans_end: | |||
272 | gfs2_trans_end(sdp); | 277 | gfs2_trans_end(sdp); |
273 | out: | 278 | out: |
274 | gfs2_glock_dq_uninit(&gh); | 279 | gfs2_glock_dq_uninit(&gh); |
280 | out_drop_write: | ||
281 | mnt_drop_write(filp->f_path.mnt); | ||
275 | return error; | 282 | return error; |
276 | } | 283 | } |
277 | 284 | ||
diff --git a/fs/gfs2/ops_inode.c b/fs/gfs2/ops_inode.c index 2686ad4c0029..1e252dfc5294 100644 --- a/fs/gfs2/ops_inode.c +++ b/fs/gfs2/ops_inode.c | |||
@@ -163,7 +163,7 @@ static int gfs2_link(struct dentry *old_dentry, struct inode *dir, | |||
163 | if (error) | 163 | if (error) |
164 | goto out; | 164 | goto out; |
165 | 165 | ||
166 | error = permission(dir, MAY_WRITE | MAY_EXEC, NULL); | 166 | error = gfs2_permission(dir, MAY_WRITE | MAY_EXEC); |
167 | if (error) | 167 | if (error) |
168 | goto out_gunlock; | 168 | goto out_gunlock; |
169 | 169 | ||
@@ -669,7 +669,7 @@ static int gfs2_rename(struct inode *odir, struct dentry *odentry, | |||
669 | } | 669 | } |
670 | } | 670 | } |
671 | } else { | 671 | } else { |
672 | error = permission(ndir, MAY_WRITE | MAY_EXEC, NULL); | 672 | error = gfs2_permission(ndir, MAY_WRITE | MAY_EXEC); |
673 | if (error) | 673 | if (error) |
674 | goto out_gunlock; | 674 | goto out_gunlock; |
675 | 675 | ||
@@ -704,7 +704,7 @@ static int gfs2_rename(struct inode *odir, struct dentry *odentry, | |||
704 | /* Check out the dir to be renamed */ | 704 | /* Check out the dir to be renamed */ |
705 | 705 | ||
706 | if (dir_rename) { | 706 | if (dir_rename) { |
707 | error = permission(odentry->d_inode, MAY_WRITE, NULL); | 707 | error = gfs2_permission(odentry->d_inode, MAY_WRITE); |
708 | if (error) | 708 | if (error) |
709 | goto out_gunlock; | 709 | goto out_gunlock; |
710 | } | 710 | } |
@@ -891,7 +891,7 @@ static void *gfs2_follow_link(struct dentry *dentry, struct nameidata *nd) | |||
891 | * Returns: errno | 891 | * Returns: errno |
892 | */ | 892 | */ |
893 | 893 | ||
894 | static int gfs2_permission(struct inode *inode, int mask, struct nameidata *nd) | 894 | int gfs2_permission(struct inode *inode, int mask) |
895 | { | 895 | { |
896 | struct gfs2_inode *ip = GFS2_I(inode); | 896 | struct gfs2_inode *ip = GFS2_I(inode); |
897 | struct gfs2_holder i_gh; | 897 | struct gfs2_holder i_gh; |
@@ -905,13 +905,22 @@ static int gfs2_permission(struct inode *inode, int mask, struct nameidata *nd) | |||
905 | unlock = 1; | 905 | unlock = 1; |
906 | } | 906 | } |
907 | 907 | ||
908 | error = generic_permission(inode, mask, gfs2_check_acl); | 908 | if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode)) |
909 | error = -EACCES; | ||
910 | else | ||
911 | error = generic_permission(inode, mask, gfs2_check_acl); | ||
909 | if (unlock) | 912 | if (unlock) |
910 | gfs2_glock_dq_uninit(&i_gh); | 913 | gfs2_glock_dq_uninit(&i_gh); |
911 | 914 | ||
912 | return error; | 915 | return error; |
913 | } | 916 | } |
914 | 917 | ||
918 | static int gfs2_iop_permission(struct inode *inode, int mask, | ||
919 | struct nameidata *nd) | ||
920 | { | ||
921 | return gfs2_permission(inode, mask); | ||
922 | } | ||
923 | |||
915 | static int setattr_size(struct inode *inode, struct iattr *attr) | 924 | static int setattr_size(struct inode *inode, struct iattr *attr) |
916 | { | 925 | { |
917 | struct gfs2_inode *ip = GFS2_I(inode); | 926 | struct gfs2_inode *ip = GFS2_I(inode); |
@@ -1141,7 +1150,7 @@ static int gfs2_removexattr(struct dentry *dentry, const char *name) | |||
1141 | } | 1150 | } |
1142 | 1151 | ||
1143 | const struct inode_operations gfs2_file_iops = { | 1152 | const struct inode_operations gfs2_file_iops = { |
1144 | .permission = gfs2_permission, | 1153 | .permission = gfs2_iop_permission, |
1145 | .setattr = gfs2_setattr, | 1154 | .setattr = gfs2_setattr, |
1146 | .getattr = gfs2_getattr, | 1155 | .getattr = gfs2_getattr, |
1147 | .setxattr = gfs2_setxattr, | 1156 | .setxattr = gfs2_setxattr, |
@@ -1160,7 +1169,7 @@ const struct inode_operations gfs2_dir_iops = { | |||
1160 | .rmdir = gfs2_rmdir, | 1169 | .rmdir = gfs2_rmdir, |
1161 | .mknod = gfs2_mknod, | 1170 | .mknod = gfs2_mknod, |
1162 | .rename = gfs2_rename, | 1171 | .rename = gfs2_rename, |
1163 | .permission = gfs2_permission, | 1172 | .permission = gfs2_iop_permission, |
1164 | .setattr = gfs2_setattr, | 1173 | .setattr = gfs2_setattr, |
1165 | .getattr = gfs2_getattr, | 1174 | .getattr = gfs2_getattr, |
1166 | .setxattr = gfs2_setxattr, | 1175 | .setxattr = gfs2_setxattr, |
@@ -1172,7 +1181,7 @@ const struct inode_operations gfs2_dir_iops = { | |||
1172 | const struct inode_operations gfs2_symlink_iops = { | 1181 | const struct inode_operations gfs2_symlink_iops = { |
1173 | .readlink = gfs2_readlink, | 1182 | .readlink = gfs2_readlink, |
1174 | .follow_link = gfs2_follow_link, | 1183 | .follow_link = gfs2_follow_link, |
1175 | .permission = gfs2_permission, | 1184 | .permission = gfs2_iop_permission, |
1176 | .setattr = gfs2_setattr, | 1185 | .setattr = gfs2_setattr, |
1177 | .getattr = gfs2_getattr, | 1186 | .getattr = gfs2_getattr, |
1178 | .setxattr = gfs2_setxattr, | 1187 | .setxattr = gfs2_setxattr, |