Skip to content

L
linux
Commit dd2fa29b authored by Nathan Scott's avatar Nathan Scott
Browse files
Options

[XFS] Remove xfs_iaccess checks on security namespace, needs to be 

done outside XFS.

SGI Modid: xfs-linux:xfs-kern:170861a
parent 143b1a17
Hide whitespace changes
Inline Side-by-side
Showing with 34 additions and 45 deletions
fs/xfs/xfs_acl.c
View file @ dd2fa29b
...@@ -340,7 +340,6 @@ xfs_acl_vset( ...@@ -340,7 +340,6 @@ xfs_acl_vset(
xfs_acl_vremove(vp, _ACL_TYPE_ACCESS); xfs_acl_vremove(vp, _ACL_TYPE_ACCESS);
} }
out: out:
VN_RELE(vp); VN_RELE(vp);
_ACL_FREE(xfs_acl); _ACL_FREE(xfs_acl);
...@@ -354,13 +353,15 @@ xfs_acl_iaccess( ...@@ -354,13 +353,15 @@ xfs_acl_iaccess(
cred_t *cr) cred_t *cr)
{ {
xfs_acl_t *acl; xfs_acl_t *acl;
int error; int rval;
if (!(_ACL_ALLOC(acl))) if (!(_ACL_ALLOC(acl)))
return -1; return -1;
/* If the file has no ACL return -1. */ /* If the file has no ACL return -1. */
if (xfs_attr_fetch(ip, SGI_ACL_FILE, (char *)acl, sizeof(xfs_acl_t))) { rval = sizeof(xfs_acl_t);
if (xfs_attr_fetch(ip, SGI_ACL_FILE, SGI_ACL_FILE_SIZE,
(char *)acl, &rval, ATTR_ROOT | ATTR_KERNACCESS, cr)) {
_ACL_FREE(acl); _ACL_FREE(acl);
return -1; return -1;
} }
...@@ -375,9 +376,9 @@ xfs_acl_iaccess( ...@@ -375,9 +376,9 @@ xfs_acl_iaccess(
/* Synchronize ACL with mode bits */ /* Synchronize ACL with mode bits */
xfs_acl_sync_mode(ip->i_d.di_mode, acl); xfs_acl_sync_mode(ip->i_d.di_mode, acl);
error = xfs_acl_access(ip->i_d.di_uid, ip->i_d.di_gid, acl, mode, cr); rval = xfs_acl_access(ip->i_d.di_uid, ip->i_d.di_gid, acl, mode, cr);
_ACL_FREE(acl); _ACL_FREE(acl);
return error; return rval;
} }
STATIC int STATIC int
......
fs/xfs/xfs_attr.c
View file @ dd2fa29b
...@@ -115,20 +115,12 @@ ktrace_t *xfs_attr_trace_buf; ...@@ -115,20 +115,12 @@ ktrace_t *xfs_attr_trace_buf;
* Overall external interface routines. * Overall external interface routines.
*========================================================================*/ *========================================================================*/
/*ARGSUSED*/ int
STATIC int xfs_attr_fetch(xfs_inode_t *ip, char *name, int namelen,
xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp, char *value, int *valuelenp, int flags, struct cred *cred)
int flags, int lock, struct cred *cred)
{ {
xfs_da_args_t args; xfs_da_args_t args;
int error; int error;
int namelen;
ASSERT(MAXNAMELEN-1 <= 0xff); /* length is stored in uint8 */
namelen = strlen(name);
if (namelen >= MAXNAMELEN)
return(EFAULT); /* match IRIX behaviour */
XFS_STATS_INC(xs_attr_get);
if (XFS_FORCED_SHUTDOWN(ip->i_mount)) if (XFS_FORCED_SHUTDOWN(ip->i_mount))
return(EIO); return(EIO);
...@@ -138,12 +130,11 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp, ...@@ -138,12 +130,11 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp,
ip->i_d.di_anextents == 0)) ip->i_d.di_anextents == 0))
return(ENOATTR); return(ENOATTR);
if (lock) { if (!(flags & ATTR_KERNACCESS)) {
xfs_ilock(ip, XFS_ILOCK_SHARED); xfs_ilock(ip, XFS_ILOCK_SHARED);
/*
* Do we answer them, or ignore them? if (!(flags & ATTR_SECURE) &&
*/ ((error = xfs_iaccess(ip, S_IRUSR, cred)))) {
if ((error = xfs_iaccess(ip, S_IRUSR, cred))) {
xfs_iunlock(ip, XFS_ILOCK_SHARED); xfs_iunlock(ip, XFS_ILOCK_SHARED);
return(XFS_ERROR(error)); return(XFS_ERROR(error));
} }
...@@ -161,7 +152,6 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp, ...@@ -161,7 +152,6 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp,
args.hashval = xfs_da_hashname(args.name, args.namelen); args.hashval = xfs_da_hashname(args.name, args.namelen);
args.dp = ip; args.dp = ip;
args.whichfork = XFS_ATTR_FORK; args.whichfork = XFS_ATTR_FORK;
args.trans = NULL;
/* /*
* Decide on what work routines to call based on the inode size. * Decide on what work routines to call based on the inode size.
...@@ -178,7 +168,7 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp, ...@@ -178,7 +168,7 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp,
error = xfs_attr_node_get(&args); error = xfs_attr_node_get(&args);
} }
if (lock) if (!(flags & ATTR_KERNACCESS))
xfs_iunlock(ip, XFS_ILOCK_SHARED); xfs_iunlock(ip, XFS_ILOCK_SHARED);
/* /*
...@@ -191,21 +181,22 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp, ...@@ -191,21 +181,22 @@ xfs_attr_get_int(xfs_inode_t *ip, char *name, char *value, int *valuelenp,
return(error); return(error);
} }
int
xfs_attr_fetch(xfs_inode_t *ip, char *name, char *value, int valuelen)
{
return xfs_attr_get_int(ip, name, value, &valuelen, ATTR_ROOT, 0, NULL);
}
int int
xfs_attr_get(bhv_desc_t *bdp, char *name, char *value, int *valuelenp, xfs_attr_get(bhv_desc_t *bdp, char *name, char *value, int *valuelenp,
int flags, struct cred *cred) int flags, struct cred *cred)
{ {
xfs_inode_t *ip = XFS_BHVTOI(bdp); xfs_inode_t *ip = XFS_BHVTOI(bdp);
int namelen;
XFS_STATS_INC(xs_attr_get);
if (!name) if (!name)
return(EINVAL); return(EINVAL);
return xfs_attr_get_int(ip, name, value, valuelenp, flags, 1, cred); namelen = strlen(name);
if (namelen >= MAXNAMELEN)
return(EFAULT); /* match IRIX behaviour */
return xfs_attr_fetch(ip, name, namelen, value, valuelenp, flags, cred);
} }
/*ARGSUSED*/ /*ARGSUSED*/
...@@ -224,22 +215,20 @@ xfs_attr_set(bhv_desc_t *bdp, char *name, char *value, int valuelen, int flags, ...@@ -224,22 +215,20 @@ xfs_attr_set(bhv_desc_t *bdp, char *name, char *value, int valuelen, int flags,
int rsvd = (flags & ATTR_ROOT) != 0; int rsvd = (flags & ATTR_ROOT) != 0;
int namelen; int namelen;
ASSERT(MAXNAMELEN-1 <= 0xff); /* length is stored in uint8 */
namelen = strlen(name); namelen = strlen(name);
if (namelen >= MAXNAMELEN) if (namelen >= MAXNAMELEN)
return EFAULT; /* match irix behaviour */ return EFAULT; /* match IRIX behaviour */
XFS_STATS_INC(xs_attr_set); XFS_STATS_INC(xs_attr_set);
/*
* Do we answer them, or ignore them?
*/
dp = XFS_BHVTOI(bdp); dp = XFS_BHVTOI(bdp);
mp = dp->i_mount; mp = dp->i_mount;
if (XFS_FORCED_SHUTDOWN(mp)) if (XFS_FORCED_SHUTDOWN(mp))
return (EIO); return (EIO);
xfs_ilock(dp, XFS_ILOCK_SHARED); xfs_ilock(dp, XFS_ILOCK_SHARED);
if ((error = xfs_iaccess(dp, S_IWUSR, cred))) { if (!(flags & ATTR_SECURE) &&
(error = xfs_iaccess(dp, S_IWUSR, cred))) {
xfs_iunlock(dp, XFS_ILOCK_SHARED); xfs_iunlock(dp, XFS_ILOCK_SHARED);
return(XFS_ERROR(error)); return(XFS_ERROR(error));
} }
...@@ -489,16 +478,14 @@ xfs_attr_remove(bhv_desc_t *bdp, char *name, int flags, struct cred *cred) ...@@ -489,16 +478,14 @@ xfs_attr_remove(bhv_desc_t *bdp, char *name, int flags, struct cred *cred)
XFS_STATS_INC(xs_attr_remove); XFS_STATS_INC(xs_attr_remove);
/*
* Do we answer them, or ignore them?
*/
dp = XFS_BHVTOI(bdp); dp = XFS_BHVTOI(bdp);
mp = dp->i_mount; mp = dp->i_mount;
if (XFS_FORCED_SHUTDOWN(mp)) if (XFS_FORCED_SHUTDOWN(mp))
return (EIO); return (EIO);
xfs_ilock(dp, XFS_ILOCK_SHARED); xfs_ilock(dp, XFS_ILOCK_SHARED);
if ((error = xfs_iaccess(dp, S_IWUSR, cred))) { if (!(flags & ATTR_SECURE) &&
(error = xfs_iaccess(dp, S_IWUSR, cred))) {
xfs_iunlock(dp, XFS_ILOCK_SHARED); xfs_iunlock(dp, XFS_ILOCK_SHARED);
return(XFS_ERROR(error)); return(XFS_ERROR(error));
} else if (XFS_IFORK_Q(dp) == 0 || } else if (XFS_IFORK_Q(dp) == 0 ||
...@@ -683,11 +670,10 @@ xfs_attr_list(bhv_desc_t *bdp, char *buffer, int bufsize, int flags, ...@@ -683,11 +670,10 @@ xfs_attr_list(bhv_desc_t *bdp, char *buffer, int bufsize, int flags,
if (XFS_FORCED_SHUTDOWN(dp->i_mount)) if (XFS_FORCED_SHUTDOWN(dp->i_mount))
return (EIO); return (EIO);
/*
* Do they have permission?
*/
xfs_ilock(dp, XFS_ILOCK_SHARED); xfs_ilock(dp, XFS_ILOCK_SHARED);
if ((error = xfs_iaccess(dp, S_IRUSR, cred))) { if (!(flags & ATTR_SECURE) &&
(error = xfs_iaccess(dp, S_IRUSR, cred))) {
xfs_iunlock(dp, XFS_ILOCK_SHARED); xfs_iunlock(dp, XFS_ILOCK_SHARED);
return(XFS_ERROR(error)); return(XFS_ERROR(error));
} }
......
fs/xfs/xfs_attr.h
View file @ dd2fa29b
...@@ -92,6 +92,7 @@ extern int attr_generic_list(struct vnode *, void *, size_t, int, ssize_t *); ...@@ -92,6 +92,7 @@ extern int attr_generic_list(struct vnode *, void *, size_t, int, ssize_t *);
#define ATTR_REPLACE 0x0020 /* pure set: fail if attr does not exist */ #define ATTR_REPLACE 0x0020 /* pure set: fail if attr does not exist */
#define ATTR_SYSTEM 0x0100 /* use attrs in system (pseudo) namespace */ #define ATTR_SYSTEM 0x0100 /* use attrs in system (pseudo) namespace */
#define ATTR_KERNACCESS 0x0400 /* [kernel] iaccess, inode held io-locked */
#define ATTR_KERNOTIME 0x1000 /* [kernel] don't update inode timestamps */ #define ATTR_KERNOTIME 0x1000 /* [kernel] don't update inode timestamps */
#define ATTR_KERNOVAL 0x2000 /* [kernel] get attr size only, not value */ #define ATTR_KERNOVAL 0x2000 /* [kernel] get attr size only, not value */
#define ATTR_KERNAMELS 0x4000 /* [kernel] list attr names (simple list) */ #define ATTR_KERNAMELS 0x4000 /* [kernel] list attr names (simple list) */
...@@ -186,6 +187,7 @@ int xfs_attr_inactive(struct xfs_inode *dp); ...@@ -186,6 +187,7 @@ int xfs_attr_inactive(struct xfs_inode *dp);
int xfs_attr_node_get(struct xfs_da_args *); int xfs_attr_node_get(struct xfs_da_args *);
int xfs_attr_leaf_get(struct xfs_da_args *); int xfs_attr_leaf_get(struct xfs_da_args *);
int xfs_attr_shortform_getvalue(struct xfs_da_args *); int xfs_attr_shortform_getvalue(struct xfs_da_args *);
int xfs_attr_fetch(struct xfs_inode *, char *, char *, int); int xfs_attr_fetch(struct xfs_inode *, char *, int,
char *, int *, int, struct cred *);
#endif /* __XFS_ATTR_H__ */ #endif /* __XFS_ATTR_H__ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7