11 Oct, 2016
1 commit
-
Pull more vfs updates from Al Viro:
">rename2() work from Miklos + current_time() from Deepa"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fs: Replace current_fs_time() with current_time()
fs: Replace CURRENT_TIME_SEC with current_time() for inode timestamps
fs: Replace CURRENT_TIME with current_time() for inode timestamps
fs: proc: Delete inode time initializations in proc_alloc_inode()
vfs: Add current_time() api
vfs: add note about i_op->rename changes to porting
fs: rename "rename2" i_op to "rename"
vfs: remove unused i_op->rename
fs: make remaining filesystems use .rename2
libfs: support RENAME_NOREPLACE in simple_rename()
fs: support RENAME_NOREPLACE for local filesystems
ncpfs: fix unused variable warning
28 Sep, 2016
1 commit
-
CURRENT_TIME_SEC is not y2038 safe. current_time() will
be transitioned to use 64 bit time along with vfs in a
separate patch.
There is no plan to transistion CURRENT_TIME_SEC to use
y2038 safe time interfaces.current_time() will also be extended to use superblock
range checking parameters when range checking is introduced.This works because alloc_super() fills in the the s_time_gran
in super block to NSEC_PER_SEC.Signed-off-by: Deepa Dinamani
Acked-by: Jan Kara
Signed-off-by: Al Viro
22 Sep, 2016
1 commit
-
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2). Fix that.References: CVE-2016-7097
Reviewed-by: Christoph Hellwig
Reviewed-by: Jeff Layton
Signed-off-by: Jan Kara
Signed-off-by: Andreas Gruenbacher
31 Mar, 2016
1 commit
-
When get_acl() is called for an inode whose ACL is not cached yet, the
get_acl inode operation is called to fetch the ACL from the filesystem.
The inode operation is responsible for updating the cached acl with
set_cached_acl(). This is done without locking at the VFS level, so
another task can call set_cached_acl() or forget_cached_acl() before the
get_acl inode operation gets to calling set_cached_acl(), and then
get_acl's call to set_cached_acl() results in caching an outdate ACL.Prevent this from happening by setting the cached ACL pointer to a
task-specific sentinel value before calling the get_acl inode operation.
Move the responsibility for updating the cached ACL from the get_acl
inode operations to get_acl(). There, only set the cached ACL if the
sentinel value hasn't changed.The sentinel values are chosen to have odd values. Likewise, the value
of ACL_NOT_CACHED is odd. In contrast, ACL object pointers always have
an even value (ACLs are aligned in memory). This allows to distinguish
uncached ACLs values from ACL objects.In addition, switch from guarding inode->i_acl and inode->i_default_acl
upates by the inode->i_lock spinlock to using xchg() and cmpxchg().Filesystems that do not want ACLs returned from their get_acl inode
operations to be cached must call forget_cached_acl() to prevent the VFS
from doing so.(Patch written by Al Viro and Andreas Gruenbacher.)
Signed-off-by: Andreas Gruenbacher
Signed-off-by: Al Viro
03 Jul, 2014
1 commit
-
Fix checkpatch warning:
WARNING: kfree(NULL) is safe this check is probably not requiredCc: David Woodhouse
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Fabian Frederick
Signed-off-by: Brian Norris
26 Jan, 2014
3 commits
-
Also don't bother to set up a .get_acl method for symlinks as we do not
support access control (ACLs or even mode bits) for symlinks in Linux.Signed-off-by: Christoph Hellwig
Signed-off-by: Al Viro -
Rename the current posix_acl_created to __posix_acl_create and add
a fully featured helper to set up the ACLs on file creation that
uses get_acl().Signed-off-by: Christoph Hellwig
Reviewed-by: Jan Kara
Signed-off-by: Al Viro -
Rename the current posix_acl_chmod to __posix_acl_chmod and add
a fully featured ACL chmod helper that uses the ->set_acl inode
operation.Signed-off-by: Christoph Hellwig
Reviewed-by: Jan Kara
Signed-off-by: Al Viro
21 Sep, 2012
1 commit
-
- General routine uid/gid conversion work
- When storing posix acls treat ACL_USER and ACL_GROUP separately
so I can call from_kuid or from_kgid as appropriate.
- When reading posix acls treat ACL_USER and ACL_GROUP separately
so I can call make_kuid or make_kgid as appropriate.Cc: David Woodhouse
Signed-off-by: Eric W. Biederman
18 Sep, 2012
1 commit
-
- Pass the user namespace the uid and gid values in the xattr are stored
in into posix_acl_from_xattr.- Pass the user namespace kuid and kgid values should be converted into
when storing uid and gid values in an xattr in posix_acl_to_xattr.- Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to
pass in &init_user_ns.In the short term this change is not strictly needed but it makes the
code clearer. In the longer term this change is necessary to be able to
mount filesystems outside of the initial user namespace that natively
store posix acls in the linux xattr format.Cc: Theodore Tso
Cc: Andrew Morton
Cc: Andreas Dilger
Cc: Jan Kara
Cc: Al Viro
Signed-off-by: "Eric W. Biederman"
27 Mar, 2012
1 commit
-
Use pr_fmt to prefix KBUILD_MODNAME to appropriate logging messages.
Remove now unnecessary internal prefixes from formats.
Signed-off-by: Joe Perches
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
01 Aug, 2011
2 commits
-
... so that &inode->i_mode could be passed to it
Signed-off-by: Al Viro
-
so we can pass &inode->i_mode to it
Signed-off-by: Al Viro
26 Jul, 2011
4 commits
-
Replace the ->check_acl method with a ->get_acl method that simply reads an
ACL from disk after having a cache miss. This means we can replace the ACL
checking boilerplate code with a single implementation in namei.c.Signed-off-by: Christoph Hellwig
Signed-off-by: Al Viro -
new helper: posix_acl_create(&acl, gfp, mode_p). Replaces acl with
modified clone, on failure releases acl and replaces with NULL.
Returns 0 or -ve on error. All callers of posix_acl_create_masq()
switched.Signed-off-by: Al Viro
-
new helper: posix_acl_chmod(&acl, gfp, mode). Replaces acl with modified
clone or with NULL if that has failed; returns 0 or -ve on error. All
callers of posix_acl_chmod_masq() switched to that - they'd been doing
exactly the same thing.Signed-off-by: Al Viro
-
This moves logic for checking the cached ACL values from low-level
filesystems into generic code. The end result is a streamlined ACL
check that doesn't need to load the inode->i_op->check_acl pointer at
all for the common cached case.The filesystems also don't need to check for a non-blocking RCU walk
case in their acl_check() functions, because that is all handled at a
VFS layer.Signed-off-by: Linus Torvalds
Signed-off-by: Al Viro
24 Jul, 2011
1 commit
-
casting int * to mode_t * is not a good thing - on a *lot* of big-endian
architectures mode_t happens to be smaller than int and there it breaks
quite spectaculary...Fucked-up-by: commit cfc8dc6f6f69ede939e09c2af06a01adee577285
Signed-off-by: Al Viro
20 Jul, 2011
2 commits
-
not used in the instances anymore.
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
24 Mar, 2011
1 commit
-
And give it a kernel-doc comment.
[akpm@linux-foundation.org: btrfs changed in linux-next]
Signed-off-by: Serge E. Hallyn
Cc: "Eric W. Biederman"
Cc: Daniel Lezcano
Acked-by: David Howells
Cc: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Jan, 2011
1 commit
-
Signed-off-by: Nick Piggin
08 Jun, 2010
1 commit
-
* git://git.infradead.org/~dwmw2/mtd-2.6.35:
jffs2: update ctime when changing the file's permission by setfacl
jffs2: Fix NFS race by using insert_inode_locked()
jffs2: Fix in-core inode leaks on error paths
mtd: Fix NAND submenu
mtd/r852: update card detect early.
mtd/r852: Fixes in case of DMA timeout
mtd/r852: register IRQ as last step
drivers/mtd: Use memdup_user
docbook: make mtd nand module init static
06 Jun, 2010
1 commit
-
jffs2 didn't update the ctime of the file when its permission was changed.
Steps to reproduce:
# touch aaa
# stat -c %Z aaa
1275289822
# setfacl -m 'u::x,g::x,o::x' aaa
# stat -c %Z aaa
1275289822 .Signed-off-by: Jan Kara
Signed-off-by: David Woodhouse
22 May, 2010
1 commit
-
Signed-off-by: Stephen Hemminger
Signed-off-by: Al Viro
17 Dec, 2009
1 commit
-
Add a flags argument to struct xattr_handler and pass it to all xattr
handler methods. This allows using the same methods for multiple
handlers, e.g. for the ACL methods which perform exactly the same action
for the access and default ACLs, just using a different underlying
attribute. With a little more groundwork it'll also allow sharing the
methods for the regular user/trusted/secure handlers in extN, ocfs2 and
jffs2 like it's already done for xfs in this patch.Also change the inode argument to the handlers to a dentry to allow
using the handlers mechnism for filesystems that require it later,
e.g. cifs.[with GFS2 bits updated by Steven Whitehouse ]
Signed-off-by: Christoph Hellwig
Reviewed-by: James Morris
Acked-by: Joel Becker
Signed-off-by: Al Viro
09 Sep, 2009
1 commit
-
This avoids an indirect call in the VFS for each path component lookup.
Well, at least as long as you own the directory in question, and the ACL
check is unnecessary.Reviewed-by: James Morris
Acked-by: Serge Hallyn
Signed-off-by: Linus Torvalds
25 Jun, 2009
1 commit
-
Signed-off-by: Al Viro
24 Jun, 2009
2 commits
-
helpers: get_cached_acl(inode, type), set_cached_acl(inode, type, acl),
forget_cached_acl(inode, type).ubifs/xattr.c needed includes reordered, the rest is a plain switchover.
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
07 Apr, 2009
1 commit
-
* git://git.infradead.org/mtd-2.6: (53 commits)
[MTD] struct device - replace bus_id with dev_name(), dev_set_name()
[MTD] [NOR] Fixup for Numonyx M29W128 chips
[MTD] mtdpart: Make ecc_stats more realistic.
powerpc/85xx: TQM8548: Update DTS file for multi-chip support
powerpc: NAND: FSL UPM: document new bindings
[MTD] [NAND] FSL-UPM: Add wait flags to support board/chip specific delays
[MTD] [NAND] FSL-UPM: add multi chip support
[MTD] [NOR] Add device parent info to physmap_of
[MTD] [NAND] Add support for NAND on the Socrates board
[MTD] [NAND] Add support for 4KiB pages.
[MTD] sysfs support should not depend on CONFIG_PROC_FS
[MTD] [NAND] Add parent info for CAFÉ controller
[MTD] support driver model updates
[MTD] driver model updates (part 2)
[MTD] driver model updates
[MTD] [NAND] move gen_nand's probe function to .devinit.text
[MTD] [MAPS] move sa1100 flash's probe function to .devinit.text
[MTD] fix use after free in register_mtd_blktrans
[MTD] [MAPS] Drop now unused sharpsl-flash map
[MTD] ofpart: Check name property to determine partition nodes.
...Manually fix trivial conflict in drivers/mtd/maps/Makefile
01 Apr, 2009
1 commit
-
current->fs->umask is what most of fs_struct users are doing.
Put that into a helper function.Signed-off-by: Al Viro
20 Mar, 2009
1 commit
-
size_t s is unsigned and cannot be less than 0.
Signed-off-by: Roel Kluin
Signed-off-by: Andrew Morton
Signed-off-by: David Woodhouse
27 Jul, 2008
1 commit
-
* kill nameidata * argument; map the 3 bits in ->flags anybody cares
about to new MAY_... ones and pass with the mask.
* kill redundant gfs2_iop_permission()
* sanitize ecryptfs_permission()
* fix remaining places where ->permission() instances might barf on new
MAY_... found in mask.The obvious next target in that direction is permission(9)
folded fix for nfs_permission() breakage from Miklos Szeredi
Signed-off-by: Al Viro
08 Jan, 2008
1 commit
-
posix_acl_clone does a memory allocation and sets a reference count, so
posix_acl_release is needed afterwards to free it.The problem was fixed using the following semantic patch.
(http://www.emn.fr/x-info/coccinelle/)//
@@
type T;
identifier E;
expression E1, E2;
int ret;
statement S;
@@T E;
//Signed-off-by: Julia Lawall
Acked-by: KaiGai Kohei
Signed-off-by: David Woodhouse
06 Nov, 2007
1 commit
-
jffs2_get_acl() can now become static again.
Signed-off-by: Adrian Bunk
Acked-by: KaiGai Kohei
Signed-off-by: Andrew Morton
Signed-off-by: David Woodhouse
27 Oct, 2007
1 commit
-
Spotted by the Coverity checker, and pointed out by Adrian Bunk.
Signed-off-by: David Woodhouse
20 Oct, 2007
1 commit
-
[In commit 9ed437c50d89eabae763dd422579f73fdebf288d we fixed a problem
with standard permissions on newly-created inodes, when POSIX ACLs are
enabled. This cleans it up...]The attached patch separate jffs2_init_acl() into two parts.
The one is jffs2_init_acl_pre() called from jffs2_new_inode().
It compute ACL oriented inode->i_mode bits, and allocate in-memory ACL
objects associated with the new inode just before when inode meta
infomation is written to the medium.The other is jffs2_init_acl_post() called from jffs2_symlink(),
jffs2_mkdir(), jffs2_mknod() and jffs2_do_create().
It actually writes in-memory ACL objects into the medium next to
the success of writing meta-information.In the current implementation, we have to write a same inode meta
infomation twice when inode->i_mode is updated by the default ACL.
However, we can avoid the behavior by putting an updated i_mode
before it is written at first, as jffs2_init_acl_pre() doing.Signed-off-by: KaiGai Kohei
Signed-off-by: David Woodhouse
22 Aug, 2007
1 commit
-
When POSIX ACL support was enabled, we weren't writing correct
legacy modes to the medium on inode creation, or when the ACL was set.
This meant that the permissions would be incorrect after the file system
was remounted.Signed-off-by: David Woodhouse
18 Jul, 2007
1 commit
-
Introduce is_owner_or_cap() macro in fs.h, and convert over relevant
users to it. This is done because we want to avoid bugs in the future
where we check for only effective fsuid of the current task against a
file's owning uid, without simultaneously checking for CAP_FOWNER as
well, thus violating its semantics.
[ XFS uses special macros and structures, and in general looked ...
untouchable, so we leave it alone -- but it has been looked over. ]The (current->fsuid != inode->i_uid) check in generic_permission() and
exec_permission_lite() is left alone, because those operations are
covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations
falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.Signed-off-by: Satyam Sharma
Cc: Al Viro
Acked-by: Serge E. Hallyn
Signed-off-by: Linus Torvalds
