3 files changed, 30 insertions, 9 deletions
diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
index e01ea4a14a01..5e9a80cfc3d8 100644
--- a/fs/kernfs/file.c
+++ b/fs/kernfs/file.c
@@ -610,6 +610,7 @@ static void kernfs_put_open_node(struct kernfs_node *kn,
 static int kernfs_fop_open(struct inode *inode, struct file *file)
 {
        struct kernfs_node *kn = file->f_path.dentry->d_fsdata;
+        struct kernfs_root *root = kernfs_root(kn);
        const struct kernfs_ops *ops;
        struct kernfs_open_file *of;
        bool has_read, has_write, has_mmap;
@@ -624,14 +625,16 @@ static int kernfs_fop_open(struct inode *inode, struct file *file)
        has_write = ops->write || ops->mmap;
        has_mmap = ops->mmap;
-        /* check perms and supported operations */
+        /* see the flag definition for details */
-        if ((file->f_mode & FMODE_WRITE) &&
+        if (root->flags & KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK) {
-            (!(inode->i_mode & S_IWUGO) || !has_write))
+                if ((file->f_mode & FMODE_WRITE) &&
-                goto err_out;
+                    (!(inode->i_mode & S_IWUGO) || !has_write))
+                        goto err_out;
-        if ((file->f_mode & FMODE_READ) &&
+                if ((file->f_mode & FMODE_READ) &&
-            (!(inode->i_mode & S_IRUGO) || !has_read))
+                    (!(inode->i_mode & S_IRUGO) || !has_read))
-                goto err_out;
+                        goto err_out;
+        }
        /* allocate a kernfs_open_file for the file */
        error = -ENOMEM;
diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c
index a66ad6196f59..8794423f7efb 100644
--- a/fs/sysfs/mount.c
+++ b/fs/sysfs/mount.c
@@ -63,7 +63,8 @@ int __init sysfs_init(void)
 {
        int err;
-        sysfs_root = kernfs_create_root(NULL, 0, NULL);
+        sysfs_root = kernfs_create_root(NULL, KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK,
+                                        NULL);
        if (IS_ERR(sysfs_root))
                return PTR_ERR(sysfs_root);
diff --git a/include/linux/kernfs.h b/include/linux/kernfs.h
index b0122dc6f96a..ca1be5c9136c 100644
--- a/include/linux/kernfs.h
+++ b/include/linux/kernfs.h
@@ -50,7 +50,24 @@ enum kernfs_node_flag {
 /* @flags for kernfs_create_root() */
 enum kernfs_root_flag {
-        KERNFS_ROOT_CREATE_DEACTIVATED = 0x0001,
+        /*
+         * kernfs_nodes are created in the deactivated state and invisible.
+         * They require explicit kernfs_activate() to become visible.  This
+         * can be used to make related nodes become visible atomically
+         * after all nodes are created successfully.
+         */
+        KERNFS_ROOT_CREATE_DEACTIVATED          = 0x0001,
+        /*
+         * For regular flies, if the opener has CAP_DAC_OVERRIDE, open(2)
+         * succeeds regardless of the RW permissions.  sysfs had an extra
+         * layer of enforcement where open(2) fails with -EACCES regardless
+         * of CAP_DAC_OVERRIDE if the permission doesn't have the
+         * respective read or write access at all (none of S_IRUGO or
+         * S_IWUGO) or the respective operation isn't implemented.  The
+         * following flag enables that behavior.
+         */
+        KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK       = 0x0002,
 };
 /* type-specific structures for kernfs_node union members */