tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
[PATCH] sanitize ->permission() prototype
* kill nameidata * argument; map the 3 bits in ->flags anybody cares
about to new MAY_... ones and pass with the mask.
* kill redundant gfs2_iop_permission()
* sanitize ecryptfs_permission()
* fix remaining places where ->permission() instances might barf on new
MAY_... found in mask.
The obvious next target in that direction is permission(9)
folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+74
-87
+1
-3
fs/afs/internal.h
+1
-3
fs/afs/internal.h
···
469
469
extern const struct inode_operations afs_dir_inode_operations;
470
470
extern const struct file_operations afs_dir_file_operations;
471
471
472
-
extern int afs_permission(struct inode *, int, struct nameidata *);
473
-
474
472
/*
475
473
* file.c
476
474
*/
···
603
605
extern void afs_cache_permit(struct afs_vnode *, struct key *, long);
604
606
extern void afs_zap_permits(struct rcu_head *);
605
607
extern struct key *afs_request_key(struct afs_cell *);
606
-
extern int afs_permission(struct inode *, int, struct nameidata *);
608
+
extern int afs_permission(struct inode *, int);
607
609
608
610
/*
609
611
* server.c
+1
-1
fs/afs/security.c
+1
-1
fs/afs/security.c
···
284
284
* - AFS ACLs are attached to directories only, and a file is controlled by its
285
285
* parent directory's ACL
286
286
*/
287
-
int afs_permission(struct inode *inode, int mask, struct nameidata *nd)
287
+
int afs_permission(struct inode *inode, int mask)
288
288
{
289
289
struct afs_vnode *vnode = AFS_FS_I(inode);
290
290
afs_access_t uninitialized_var(access);
+1
-2
fs/bad_inode.c
+1
-2
fs/bad_inode.c
+1
-1
fs/cifs/cifsfs.c
+1
-1
fs/cifs/cifsfs.c
+3
-1
fs/coda/dir.c
+3
-1
fs/coda/dir.c
+2
-4
fs/coda/pioctl.c
+2
-4
fs/coda/pioctl.c
···
24
24
#include <linux/coda_psdev.h>
25
25
26
26
/* pioctl ops */
27
-
static int coda_ioctl_permission(struct inode *inode, int mask,
28
-
struct nameidata *nd);
27
+
static int coda_ioctl_permission(struct inode *inode, int mask);
29
28
static int coda_pioctl(struct inode * inode, struct file * filp,
30
29
unsigned int cmd, unsigned long user_data);
31
30
···
41
42
};
42
43
43
44
/* the coda pioctl inode ops */
44
-
static int coda_ioctl_permission(struct inode *inode, int mask,
45
-
struct nameidata *nd)
45
+
static int coda_ioctl_permission(struct inode *inode, int mask)
46
46
{
47
47
return 0;
48
48
}
+2
-15
fs/ecryptfs/inode.c
+2
-15
fs/ecryptfs/inode.c
···
830
830
}
831
831
832
832
static int
833
-
ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd)
833
+
ecryptfs_permission(struct inode *inode, int mask)
834
834
{
835
-
int rc;
836
-
837
-
if (nd) {
838
-
struct vfsmount *vfsmnt_save = nd->path.mnt;
839
-
struct dentry *dentry_save = nd->path.dentry;
840
-
841
-
nd->path.mnt = ecryptfs_dentry_to_lower_mnt(nd->path.dentry);
842
-
nd->path.dentry = ecryptfs_dentry_to_lower(nd->path.dentry);
843
-
rc = permission(ecryptfs_inode_to_lower(inode), mask, nd);
844
-
nd->path.mnt = vfsmnt_save;
845
-
nd->path.dentry = dentry_save;
846
-
} else
847
-
rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL);
848
-
return rc;
835
+
return permission(ecryptfs_inode_to_lower(inode), mask, NULL);
849
836
}
850
837
851
838
/**
+1
-1
fs/ext2/acl.c
+1
-1
fs/ext2/acl.c
+1
-1
fs/ext2/acl.h
+1
-1
fs/ext2/acl.h
···
58
58
#define EXT2_ACL_NOT_CACHED ((void *)-1)
59
59
60
60
/* acl.c */
61
-
extern int ext2_permission (struct inode *, int, struct nameidata *);
61
+
extern int ext2_permission (struct inode *, int);
62
62
extern int ext2_acl_chmod (struct inode *);
63
63
extern int ext2_init_acl (struct inode *, struct inode *);
64
64
+1
-1
fs/ext3/acl.c
+1
-1
fs/ext3/acl.c
+1
-1
fs/ext3/acl.h
+1
-1
fs/ext3/acl.h
···
58
58
#define EXT3_ACL_NOT_CACHED ((void *)-1)
59
59
60
60
/* acl.c */
61
-
extern int ext3_permission (struct inode *, int, struct nameidata *);
61
+
extern int ext3_permission (struct inode *, int);
62
62
extern int ext3_acl_chmod (struct inode *);
63
63
extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);
64
64
+1
-1
fs/ext4/acl.c
+1
-1
fs/ext4/acl.c
+1
-1
fs/ext4/acl.h
+1
-1
fs/ext4/acl.h
···
58
58
#define EXT4_ACL_NOT_CACHED ((void *)-1)
59
59
60
60
/* acl.c */
61
-
extern int ext4_permission (struct inode *, int, struct nameidata *);
61
+
extern int ext4_permission (struct inode *, int);
62
62
extern int ext4_acl_chmod (struct inode *);
63
63
extern int ext4_init_acl (handle_t *, struct inode *, struct inode *);
64
64
+3
-3
fs/fuse/dir.c
+3
-3
fs/fuse/dir.c
···
898
898
return PTR_ERR(req);
899
899
900
900
memset(&inarg, 0, sizeof(inarg));
901
-
inarg.mask = mask;
901
+
inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
902
902
req->in.h.opcode = FUSE_ACCESS;
903
903
req->in.h.nodeid = get_node_id(inode);
904
904
req->in.numargs = 1;
···
927
927
* access request is sent. Execute permission is still checked
928
928
* locally based on file mode.
929
929
*/
930
-
static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
930
+
static int fuse_permission(struct inode *inode, int mask)
931
931
{
932
932
struct fuse_conn *fc = get_fuse_conn(inode);
933
933
bool refreshed = false;
···
962
962
exist. So if permissions are revoked this won't be
963
963
noticed immediately, only after the attribute
964
964
timeout has expired */
965
-
} else if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR))) {
965
+
} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
966
966
err = fuse_access(inode, mask);
967
967
} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
968
968
if (!(inode->i_mode & S_IXUGO)) {
+3
-9
fs/gfs2/ops_inode.c
+3
-9
fs/gfs2/ops_inode.c
···
915
915
return error;
916
916
}
917
917
918
-
static int gfs2_iop_permission(struct inode *inode, int mask,
919
-
struct nameidata *nd)
920
-
{
921
-
return gfs2_permission(inode, mask);
922
-
}
923
-
924
918
static int setattr_size(struct inode *inode, struct iattr *attr)
925
919
{
926
920
struct gfs2_inode *ip = GFS2_I(inode);
···
1144
1150
}
1145
1151
1146
1152
const struct inode_operations gfs2_file_iops = {
1147
-
.permission = gfs2_iop_permission,
1153
+
.permission = gfs2_permission,
1148
1154
.setattr = gfs2_setattr,
1149
1155
.getattr = gfs2_getattr,
1150
1156
.setxattr = gfs2_setxattr,
···
1163
1169
.rmdir = gfs2_rmdir,
1164
1170
.mknod = gfs2_mknod,
1165
1171
.rename = gfs2_rename,
1166
-
.permission = gfs2_iop_permission,
1172
+
.permission = gfs2_permission,
1167
1173
.setattr = gfs2_setattr,
1168
1174
.getattr = gfs2_getattr,
1169
1175
.setxattr = gfs2_setxattr,
···
1175
1181
const struct inode_operations gfs2_symlink_iops = {
1176
1182
.readlink = gfs2_readlink,
1177
1183
.follow_link = gfs2_follow_link,
1178
-
.permission = gfs2_iop_permission,
1184
+
.permission = gfs2_permission,
1179
1185
.setattr = gfs2_setattr,
1180
1186
.getattr = gfs2_getattr,
1181
1187
.setxattr = gfs2_setxattr,
+1
-2
fs/hfs/inode.c
+1
-2
fs/hfs/inode.c
+1
-1
fs/hfsplus/inode.c
+1
-1
fs/hfsplus/inode.c
···
238
238
perms->dev = cpu_to_be32(HFSPLUS_I(inode).dev);
239
239
}
240
240
241
-
static int hfsplus_permission(struct inode *inode, int mask, struct nameidata *nd)
241
+
static int hfsplus_permission(struct inode *inode, int mask)
242
242
{
243
243
/* MAY_EXEC is also used for lookup, if no x bit is set allow lookup,
244
244
* open_exec has the same test, so it's still not executable, if a x bit
+1
-1
fs/hostfs/hostfs_kern.c
+1
-1
fs/hostfs/hostfs_kern.c
+1
-1
fs/jffs2/acl.c
+1
-1
fs/jffs2/acl.c
+1
-1
fs/jffs2/acl.h
+1
-1
fs/jffs2/acl.h
···
28
28
29
29
#define JFFS2_ACL_NOT_CACHED ((void *)-1)
30
30
31
-
extern int jffs2_permission(struct inode *, int, struct nameidata *);
31
+
extern int jffs2_permission(struct inode *, int);
32
32
extern int jffs2_acl_chmod(struct inode *);
33
33
extern int jffs2_init_acl_pre(struct inode *, struct inode *, int *);
34
34
extern int jffs2_init_acl_post(struct inode *);
+1
-1
fs/jfs/acl.c
+1
-1
fs/jfs/acl.c
+1
-1
fs/jfs/jfs_acl.h
+1
-1
fs/jfs/jfs_acl.h
+17
-6
fs/namei.c
+17
-6
fs/namei.c
···
185
185
{
186
186
umode_t mode = inode->i_mode;
187
187
188
+
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
189
+
188
190
if (current->fsuid == inode->i_uid)
189
191
mode >>= 6;
190
192
else {
···
205
203
/*
206
204
* If the DACs are ok we don't need any capability check.
207
205
*/
208
-
if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
206
+
if ((mask & ~mode) == 0)
209
207
return 0;
210
208
211
209
check_capabilities:
···
230
228
231
229
int permission(struct inode *inode, int mask, struct nameidata *nd)
232
230
{
233
-
int retval, submask;
231
+
int retval;
234
232
struct vfsmount *mnt = NULL;
235
233
236
234
if (nd)
···
263
261
}
264
262
265
263
/* Ordinary permission routines do not understand MAY_APPEND. */
266
-
submask = mask & ~MAY_APPEND;
267
264
if (inode->i_op && inode->i_op->permission) {
268
-
retval = inode->i_op->permission(inode, submask, nd);
265
+
int extra = 0;
266
+
if (nd) {
267
+
if (nd->flags & LOOKUP_ACCESS)
268
+
extra |= MAY_ACCESS;
269
+
if (nd->flags & LOOKUP_CHDIR)
270
+
extra |= MAY_CHDIR;
271
+
if (nd->flags & LOOKUP_OPEN)
272
+
extra |= MAY_OPEN;
273
+
}
274
+
retval = inode->i_op->permission(inode, mask | extra);
269
275
if (!retval) {
270
276
/*
271
277
* Exec permission on a regular file is denied if none
···
287
277
return -EACCES;
288
278
}
289
279
} else {
290
-
retval = generic_permission(inode, submask, NULL);
280
+
retval = generic_permission(inode, mask, NULL);
291
281
}
292
282
if (retval)
293
283
return retval;
···
296
286
if (retval)
297
287
return retval;
298
288
299
-
return security_inode_permission(inode, mask, nd);
289
+
return security_inode_permission(inode,
290
+
mask & (MAY_READ|MAY_WRITE|MAY_EXEC), nd);
300
291
}
301
292
302
293
/**
+5
-6
fs/nfs/dir.c
+5
-6
fs/nfs/dir.c
···
1884
1884
return status;
1885
1885
nfs_access_add_cache(inode, &cache);
1886
1886
out:
1887
-
if ((cache.mask & mask) == mask)
1887
+
if ((mask & ~cache.mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
1888
1888
return 0;
1889
1889
return -EACCES;
1890
1890
}
···
1907
1907
return nfs_do_access(inode, cred, nfs_open_permission_mask(openflags));
1908
1908
}
1909
1909
1910
-
int nfs_permission(struct inode *inode, int mask, struct nameidata *nd)
1910
+
int nfs_permission(struct inode *inode, int mask)
1911
1911
{
1912
1912
struct rpc_cred *cred;
1913
1913
int res = 0;
1914
1914
1915
1915
nfs_inc_stats(inode, NFSIOS_VFSACCESS);
1916
1916
1917
-
if (mask == 0)
1917
+
if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
1918
1918
goto out;
1919
1919
/* Is this sys_access() ? */
1920
-
if (nd != NULL && (nd->flags & LOOKUP_ACCESS))
1920
+
if (mask & MAY_ACCESS)
1921
1921
goto force_lookup;
1922
1922
1923
1923
switch (inode->i_mode & S_IFMT) {
···
1926
1926
case S_IFREG:
1927
1927
/* NFSv4 has atomic_open... */
1928
1928
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
1929
-
&& nd != NULL
1930
-
&& (nd->flags & LOOKUP_OPEN))
1929
+
&& (mask & MAY_OPEN))
1931
1930
goto out;
1932
1931
break;
1933
1932
case S_IFDIR:
+1
-1
fs/ocfs2/file.c
+1
-1
fs/ocfs2/file.c
+1
-2
fs/ocfs2/file.h
+1
-2
fs/ocfs2/file.h
···
62
62
int ocfs2_setattr(struct dentry *dentry, struct iattr *attr);
63
63
int ocfs2_getattr(struct vfsmount *mnt, struct dentry *dentry,
64
64
struct kstat *stat);
65
-
int ocfs2_permission(struct inode *inode, int mask,
66
-
struct nameidata *nd);
65
+
int ocfs2_permission(struct inode *inode, int mask);
67
66
68
67
int ocfs2_should_update_atime(struct inode *inode,
69
68
struct vfsmount *vfsmnt);
+1
-2
fs/proc/base.c
+1
-2
fs/proc/base.c
···
1859
1859
* /proc/pid/fd needs a special permission handler so that a process can still
1860
1860
* access /proc/self/fd after it has executed a setuid().
1861
1861
*/
1862
-
static int proc_fd_permission(struct inode *inode, int mask,
1863
-
struct nameidata *nd)
1862
+
static int proc_fd_permission(struct inode *inode, int mask)
1864
1863
{
1865
1864
int rv;
1866
1865
+1
-1
fs/proc/proc_sysctl.c
+1
-1
fs/proc/proc_sysctl.c
+1
-1
fs/reiserfs/xattr.c
+1
-1
fs/reiserfs/xattr.c
+2
-2
fs/smbfs/file.c
+2
-2
fs/smbfs/file.c
···
408
408
* privileges, so we need our own check for this.
409
409
*/
410
410
static int
411
-
smb_file_permission(struct inode *inode, int mask, struct nameidata *nd)
411
+
smb_file_permission(struct inode *inode, int mask)
412
412
{
413
413
int mode = inode->i_mode;
414
414
int error = 0;
···
417
417
418
418
/* Look at user permissions */
419
419
mode >>= 6;
420
-
if ((mode & 7 & mask) != mask)
420
+
if (mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC))
421
421
error = -EACCES;
422
422
return error;
423
423
}
+1
-2
fs/xfs/linux-2.6/xfs_iops.c
+1
-2
fs/xfs/linux-2.6/xfs_iops.c
+1
-1
include/linux/coda_linux.h
+1
-1
include/linux/coda_linux.h
···
37
37
/* operations shared over more than one file */
38
38
int coda_open(struct inode *i, struct file *f);
39
39
int coda_release(struct inode *i, struct file *f);
40
-
int coda_permission(struct inode *inode, int mask, struct nameidata *nd);
40
+
int coda_permission(struct inode *inode, int mask);
41
41
int coda_revalidate_inode(struct dentry *);
42
42
int coda_getattr(struct vfsmount *, struct dentry *, struct kstat *);
43
43
int coda_setattr(struct dentry *, struct iattr *);
+4
-1
include/linux/fs.h
+4
-1
include/linux/fs.h
···
60
60
#define MAY_WRITE 2
61
61
#define MAY_READ 4
62
62
#define MAY_APPEND 8
63
+
#define MAY_ACCESS 16
64
+
#define MAY_CHDIR 32
65
+
#define MAY_OPEN 64
63
66
64
67
#define FMODE_READ 1
65
68
#define FMODE_WRITE 2
···
1275
1272
void * (*follow_link) (struct dentry *, struct nameidata *);
1276
1273
void (*put_link) (struct dentry *, struct nameidata *, void *);
1277
1274
void (*truncate) (struct inode *);
1278
-
int (*permission) (struct inode *, int, struct nameidata *);
1275
+
int (*permission) (struct inode *, int);
1279
1276
int (*setattr) (struct dentry *, struct iattr *);
1280
1277
int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
1281
1278
int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
+1
-1
include/linux/nfs_fs.h
+1
-1
include/linux/nfs_fs.h
···
332
332
extern int nfs_post_op_update_inode(struct inode *inode, struct nfs_fattr *fattr);
333
333
extern int nfs_post_op_update_inode_force_wcc(struct inode *inode, struct nfs_fattr *fattr);
334
334
extern int nfs_getattr(struct vfsmount *, struct dentry *, struct kstat *);
335
-
extern int nfs_permission(struct inode *, int, struct nameidata *);
335
+
extern int nfs_permission(struct inode *, int);
336
336
extern int nfs_open(struct inode *, struct file *);
337
337
extern int nfs_release(struct inode *, struct file *);
338
338
extern int nfs_attribute_timeout(struct inode *inode);
+1
-1
include/linux/reiserfs_xattr.h
+1
-1
include/linux/reiserfs_xattr.h
···
55
55
int reiserfs_delete_xattrs(struct inode *inode);
56
56
int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs);
57
57
int reiserfs_xattr_init(struct super_block *sb, int mount_flags);
58
-
int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd);
58
+
int reiserfs_permission(struct inode *inode, int mask);
59
59
60
60
int reiserfs_xattr_del(struct inode *, const char *);
61
61
int reiserfs_xattr_get(const struct inode *, const char *, void *, size_t);
+1
-1
include/linux/shmem_fs.h
+1
-1
include/linux/shmem_fs.h
+5
-5
kernel/sysctl.c
+5
-5
kernel/sysctl.c
···
1516
1516
int op = 0, rc;
1517
1517
1518
1518
if (oldval)
1519
-
op |= 004;
1519
+
op |= MAY_READ;
1520
1520
if (newval)
1521
-
op |= 002;
1521
+
op |= MAY_WRITE;
1522
1522
if (sysctl_perm(root, table, op))
1523
1523
return -EPERM;
1524
1524
···
1560
1560
if (n == table->ctl_name) {
1561
1561
int error;
1562
1562
if (table->child) {
1563
-
if (sysctl_perm(root, table, 001))
1563
+
if (sysctl_perm(root, table, MAY_EXEC))
1564
1564
return -EPERM;
1565
1565
name++;
1566
1566
nlen--;
···
1635
1635
mode >>= 6;
1636
1636
else if (in_egroup_p(0))
1637
1637
mode >>= 3;
1638
-
if ((mode & op & 0007) == op)
1638
+
if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
1639
1639
return 0;
1640
1640
return -EACCES;
1641
1641
}
···
1645
1645
int error;
1646
1646
int mode;
1647
1647
1648
-
error = security_sysctl(table, op);
1648
+
error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
1649
1649
if (error)
1650
1650
return error;
1651
1651
+1
-1
mm/shmem_acl.c
+1
-1
mm/shmem_acl.c