Commit e6305c43eda10ebfd2ad9e35d6e172ccc7bb3695
1 parent
1bd5191d9f
Exists in
master
and in
20 other branches
[PATCH] sanitize ->permission() prototype
* kill nameidata * argument; map the 3 bits in ->flags anybody cares about to new MAY_... ones and pass with the mask. * kill redundant gfs2_iop_permission() * sanitize ecryptfs_permission() * fix remaining places where ->permission() instances might barf on new MAY_... found in mask. The obvious next target in that direction is permission(9) folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 38 changed files with 74 additions and 87 deletions Side-by-side Diff
- fs/afs/internal.h
- fs/afs/security.c
- fs/bad_inode.c
- fs/cifs/cifsfs.c
- fs/coda/dir.c
- fs/coda/pioctl.c
- fs/ecryptfs/inode.c
- fs/ext2/acl.c
- fs/ext2/acl.h
- fs/ext3/acl.c
- fs/ext3/acl.h
- fs/ext4/acl.c
- fs/ext4/acl.h
- fs/fuse/dir.c
- fs/gfs2/ops_inode.c
- fs/hfs/inode.c
- fs/hfsplus/inode.c
- fs/hostfs/hostfs_kern.c
- fs/jffs2/acl.c
- fs/jffs2/acl.h
- fs/jfs/acl.c
- fs/jfs/jfs_acl.h
- fs/namei.c
- fs/nfs/dir.c
- fs/ocfs2/file.c
- fs/ocfs2/file.h
- fs/proc/base.c
- fs/proc/proc_sysctl.c
- fs/reiserfs/xattr.c
- fs/smbfs/file.c
- fs/xfs/linux-2.6/xfs_iops.c
- include/linux/coda_linux.h
- include/linux/fs.h
- include/linux/nfs_fs.h
- include/linux/reiserfs_xattr.h
- include/linux/shmem_fs.h
- kernel/sysctl.c
- mm/shmem_acl.c
fs/afs/internal.h
... | ... | @@ -469,8 +469,6 @@ |
469 | 469 | extern const struct inode_operations afs_dir_inode_operations; |
470 | 470 | extern const struct file_operations afs_dir_file_operations; |
471 | 471 | |
472 | -extern int afs_permission(struct inode *, int, struct nameidata *); | |
473 | - | |
474 | 472 | /* |
475 | 473 | * file.c |
476 | 474 | */ |
... | ... | @@ -605,7 +603,7 @@ |
605 | 603 | extern void afs_cache_permit(struct afs_vnode *, struct key *, long); |
606 | 604 | extern void afs_zap_permits(struct rcu_head *); |
607 | 605 | extern struct key *afs_request_key(struct afs_cell *); |
608 | -extern int afs_permission(struct inode *, int, struct nameidata *); | |
606 | +extern int afs_permission(struct inode *, int); | |
609 | 607 | |
610 | 608 | /* |
611 | 609 | * server.c |
fs/afs/security.c
... | ... | @@ -284,7 +284,7 @@ |
284 | 284 | * - AFS ACLs are attached to directories only, and a file is controlled by its |
285 | 285 | * parent directory's ACL |
286 | 286 | */ |
287 | -int afs_permission(struct inode *inode, int mask, struct nameidata *nd) | |
287 | +int afs_permission(struct inode *inode, int mask) | |
288 | 288 | { |
289 | 289 | struct afs_vnode *vnode = AFS_FS_I(inode); |
290 | 290 | afs_access_t uninitialized_var(access); |
fs/bad_inode.c
fs/cifs/cifsfs.c
fs/coda/dir.c
... | ... | @@ -137,9 +137,11 @@ |
137 | 137 | } |
138 | 138 | |
139 | 139 | |
140 | -int coda_permission(struct inode *inode, int mask, struct nameidata *nd) | |
140 | +int coda_permission(struct inode *inode, int mask) | |
141 | 141 | { |
142 | 142 | int error = 0; |
143 | + | |
144 | + mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | |
143 | 145 | |
144 | 146 | if (!mask) |
145 | 147 | return 0; |
fs/coda/pioctl.c
... | ... | @@ -24,8 +24,7 @@ |
24 | 24 | #include <linux/coda_psdev.h> |
25 | 25 | |
26 | 26 | /* pioctl ops */ |
27 | -static int coda_ioctl_permission(struct inode *inode, int mask, | |
28 | - struct nameidata *nd); | |
27 | +static int coda_ioctl_permission(struct inode *inode, int mask); | |
29 | 28 | static int coda_pioctl(struct inode * inode, struct file * filp, |
30 | 29 | unsigned int cmd, unsigned long user_data); |
31 | 30 | |
... | ... | @@ -42,8 +41,7 @@ |
42 | 41 | }; |
43 | 42 | |
44 | 43 | /* the coda pioctl inode ops */ |
45 | -static int coda_ioctl_permission(struct inode *inode, int mask, | |
46 | - struct nameidata *nd) | |
44 | +static int coda_ioctl_permission(struct inode *inode, int mask) | |
47 | 45 | { |
48 | 46 | return 0; |
49 | 47 | } |
fs/ecryptfs/inode.c
... | ... | @@ -830,22 +830,9 @@ |
830 | 830 | } |
831 | 831 | |
832 | 832 | static int |
833 | -ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd) | |
833 | +ecryptfs_permission(struct inode *inode, int mask) | |
834 | 834 | { |
835 | - int rc; | |
836 | - | |
837 | - if (nd) { | |
838 | - struct vfsmount *vfsmnt_save = nd->path.mnt; | |
839 | - struct dentry *dentry_save = nd->path.dentry; | |
840 | - | |
841 | - nd->path.mnt = ecryptfs_dentry_to_lower_mnt(nd->path.dentry); | |
842 | - nd->path.dentry = ecryptfs_dentry_to_lower(nd->path.dentry); | |
843 | - rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); | |
844 | - nd->path.mnt = vfsmnt_save; | |
845 | - nd->path.dentry = dentry_save; | |
846 | - } else | |
847 | - rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); | |
848 | - return rc; | |
835 | + return permission(ecryptfs_inode_to_lower(inode), mask, NULL); | |
849 | 836 | } |
850 | 837 | |
851 | 838 | /** |
fs/ext2/acl.c
fs/ext2/acl.h
... | ... | @@ -58,7 +58,7 @@ |
58 | 58 | #define EXT2_ACL_NOT_CACHED ((void *)-1) |
59 | 59 | |
60 | 60 | /* acl.c */ |
61 | -extern int ext2_permission (struct inode *, int, struct nameidata *); | |
61 | +extern int ext2_permission (struct inode *, int); | |
62 | 62 | extern int ext2_acl_chmod (struct inode *); |
63 | 63 | extern int ext2_init_acl (struct inode *, struct inode *); |
64 | 64 |
fs/ext3/acl.c
fs/ext3/acl.h
... | ... | @@ -58,7 +58,7 @@ |
58 | 58 | #define EXT3_ACL_NOT_CACHED ((void *)-1) |
59 | 59 | |
60 | 60 | /* acl.c */ |
61 | -extern int ext3_permission (struct inode *, int, struct nameidata *); | |
61 | +extern int ext3_permission (struct inode *, int); | |
62 | 62 | extern int ext3_acl_chmod (struct inode *); |
63 | 63 | extern int ext3_init_acl (handle_t *, struct inode *, struct inode *); |
64 | 64 |
fs/ext4/acl.c
fs/ext4/acl.h
... | ... | @@ -58,7 +58,7 @@ |
58 | 58 | #define EXT4_ACL_NOT_CACHED ((void *)-1) |
59 | 59 | |
60 | 60 | /* acl.c */ |
61 | -extern int ext4_permission (struct inode *, int, struct nameidata *); | |
61 | +extern int ext4_permission (struct inode *, int); | |
62 | 62 | extern int ext4_acl_chmod (struct inode *); |
63 | 63 | extern int ext4_init_acl (handle_t *, struct inode *, struct inode *); |
64 | 64 |
fs/fuse/dir.c
... | ... | @@ -898,7 +898,7 @@ |
898 | 898 | return PTR_ERR(req); |
899 | 899 | |
900 | 900 | memset(&inarg, 0, sizeof(inarg)); |
901 | - inarg.mask = mask; | |
901 | + inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC); | |
902 | 902 | req->in.h.opcode = FUSE_ACCESS; |
903 | 903 | req->in.h.nodeid = get_node_id(inode); |
904 | 904 | req->in.numargs = 1; |
... | ... | @@ -927,7 +927,7 @@ |
927 | 927 | * access request is sent. Execute permission is still checked |
928 | 928 | * locally based on file mode. |
929 | 929 | */ |
930 | -static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd) | |
930 | +static int fuse_permission(struct inode *inode, int mask) | |
931 | 931 | { |
932 | 932 | struct fuse_conn *fc = get_fuse_conn(inode); |
933 | 933 | bool refreshed = false; |
... | ... | @@ -962,7 +962,7 @@ |
962 | 962 | exist. So if permissions are revoked this won't be |
963 | 963 | noticed immediately, only after the attribute |
964 | 964 | timeout has expired */ |
965 | - } else if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR))) { | |
965 | + } else if (mask & (MAY_ACCESS | MAY_CHDIR)) { | |
966 | 966 | err = fuse_access(inode, mask); |
967 | 967 | } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { |
968 | 968 | if (!(inode->i_mode & S_IXUGO)) { |
fs/gfs2/ops_inode.c
... | ... | @@ -915,12 +915,6 @@ |
915 | 915 | return error; |
916 | 916 | } |
917 | 917 | |
918 | -static int gfs2_iop_permission(struct inode *inode, int mask, | |
919 | - struct nameidata *nd) | |
920 | -{ | |
921 | - return gfs2_permission(inode, mask); | |
922 | -} | |
923 | - | |
924 | 918 | static int setattr_size(struct inode *inode, struct iattr *attr) |
925 | 919 | { |
926 | 920 | struct gfs2_inode *ip = GFS2_I(inode); |
... | ... | @@ -1150,7 +1144,7 @@ |
1150 | 1144 | } |
1151 | 1145 | |
1152 | 1146 | const struct inode_operations gfs2_file_iops = { |
1153 | - .permission = gfs2_iop_permission, | |
1147 | + .permission = gfs2_permission, | |
1154 | 1148 | .setattr = gfs2_setattr, |
1155 | 1149 | .getattr = gfs2_getattr, |
1156 | 1150 | .setxattr = gfs2_setxattr, |
... | ... | @@ -1169,7 +1163,7 @@ |
1169 | 1163 | .rmdir = gfs2_rmdir, |
1170 | 1164 | .mknod = gfs2_mknod, |
1171 | 1165 | .rename = gfs2_rename, |
1172 | - .permission = gfs2_iop_permission, | |
1166 | + .permission = gfs2_permission, | |
1173 | 1167 | .setattr = gfs2_setattr, |
1174 | 1168 | .getattr = gfs2_getattr, |
1175 | 1169 | .setxattr = gfs2_setxattr, |
... | ... | @@ -1181,7 +1175,7 @@ |
1181 | 1175 | const struct inode_operations gfs2_symlink_iops = { |
1182 | 1176 | .readlink = gfs2_readlink, |
1183 | 1177 | .follow_link = gfs2_follow_link, |
1184 | - .permission = gfs2_iop_permission, | |
1178 | + .permission = gfs2_permission, | |
1185 | 1179 | .setattr = gfs2_setattr, |
1186 | 1180 | .getattr = gfs2_getattr, |
1187 | 1181 | .setxattr = gfs2_setxattr, |
fs/hfs/inode.c
fs/hfsplus/inode.c
... | ... | @@ -238,7 +238,7 @@ |
238 | 238 | perms->dev = cpu_to_be32(HFSPLUS_I(inode).dev); |
239 | 239 | } |
240 | 240 | |
241 | -static int hfsplus_permission(struct inode *inode, int mask, struct nameidata *nd) | |
241 | +static int hfsplus_permission(struct inode *inode, int mask) | |
242 | 242 | { |
243 | 243 | /* MAY_EXEC is also used for lookup, if no x bit is set allow lookup, |
244 | 244 | * open_exec has the same test, so it's still not executable, if a x bit |
fs/hostfs/hostfs_kern.c
fs/jffs2/acl.c
fs/jffs2/acl.h
... | ... | @@ -28,7 +28,7 @@ |
28 | 28 | |
29 | 29 | #define JFFS2_ACL_NOT_CACHED ((void *)-1) |
30 | 30 | |
31 | -extern int jffs2_permission(struct inode *, int, struct nameidata *); | |
31 | +extern int jffs2_permission(struct inode *, int); | |
32 | 32 | extern int jffs2_acl_chmod(struct inode *); |
33 | 33 | extern int jffs2_init_acl_pre(struct inode *, struct inode *, int *); |
34 | 34 | extern int jffs2_init_acl_post(struct inode *); |
fs/jfs/acl.c
fs/jfs/jfs_acl.h
... | ... | @@ -20,7 +20,7 @@ |
20 | 20 | |
21 | 21 | #ifdef CONFIG_JFS_POSIX_ACL |
22 | 22 | |
23 | -int jfs_permission(struct inode *, int, struct nameidata *); | |
23 | +int jfs_permission(struct inode *, int); | |
24 | 24 | int jfs_init_acl(tid_t, struct inode *, struct inode *); |
25 | 25 | int jfs_setattr(struct dentry *, struct iattr *); |
26 | 26 |
fs/namei.c
... | ... | @@ -185,6 +185,8 @@ |
185 | 185 | { |
186 | 186 | umode_t mode = inode->i_mode; |
187 | 187 | |
188 | + mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | |
189 | + | |
188 | 190 | if (current->fsuid == inode->i_uid) |
189 | 191 | mode >>= 6; |
190 | 192 | else { |
... | ... | @@ -203,7 +205,7 @@ |
203 | 205 | /* |
204 | 206 | * If the DACs are ok we don't need any capability check. |
205 | 207 | */ |
206 | - if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask)) | |
208 | + if ((mask & ~mode) == 0) | |
207 | 209 | return 0; |
208 | 210 | |
209 | 211 | check_capabilities: |
... | ... | @@ -228,7 +230,7 @@ |
228 | 230 | |
229 | 231 | int permission(struct inode *inode, int mask, struct nameidata *nd) |
230 | 232 | { |
231 | - int retval, submask; | |
233 | + int retval; | |
232 | 234 | struct vfsmount *mnt = NULL; |
233 | 235 | |
234 | 236 | if (nd) |
235 | 237 | |
... | ... | @@ -261,9 +263,17 @@ |
261 | 263 | } |
262 | 264 | |
263 | 265 | /* Ordinary permission routines do not understand MAY_APPEND. */ |
264 | - submask = mask & ~MAY_APPEND; | |
265 | 266 | if (inode->i_op && inode->i_op->permission) { |
266 | - retval = inode->i_op->permission(inode, submask, nd); | |
267 | + int extra = 0; | |
268 | + if (nd) { | |
269 | + if (nd->flags & LOOKUP_ACCESS) | |
270 | + extra |= MAY_ACCESS; | |
271 | + if (nd->flags & LOOKUP_CHDIR) | |
272 | + extra |= MAY_CHDIR; | |
273 | + if (nd->flags & LOOKUP_OPEN) | |
274 | + extra |= MAY_OPEN; | |
275 | + } | |
276 | + retval = inode->i_op->permission(inode, mask | extra); | |
267 | 277 | if (!retval) { |
268 | 278 | /* |
269 | 279 | * Exec permission on a regular file is denied if none |
... | ... | @@ -277,7 +287,7 @@ |
277 | 287 | return -EACCES; |
278 | 288 | } |
279 | 289 | } else { |
280 | - retval = generic_permission(inode, submask, NULL); | |
290 | + retval = generic_permission(inode, mask, NULL); | |
281 | 291 | } |
282 | 292 | if (retval) |
283 | 293 | return retval; |
... | ... | @@ -286,7 +296,8 @@ |
286 | 296 | if (retval) |
287 | 297 | return retval; |
288 | 298 | |
289 | - return security_inode_permission(inode, mask, nd); | |
299 | + return security_inode_permission(inode, | |
300 | + mask & (MAY_READ|MAY_WRITE|MAY_EXEC), nd); | |
290 | 301 | } |
291 | 302 | |
292 | 303 | /** |
fs/nfs/dir.c
... | ... | @@ -1884,7 +1884,7 @@ |
1884 | 1884 | return status; |
1885 | 1885 | nfs_access_add_cache(inode, &cache); |
1886 | 1886 | out: |
1887 | - if ((cache.mask & mask) == mask) | |
1887 | + if ((mask & ~cache.mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0) | |
1888 | 1888 | return 0; |
1889 | 1889 | return -EACCES; |
1890 | 1890 | } |
1891 | 1891 | |
1892 | 1892 | |
... | ... | @@ -1907,17 +1907,17 @@ |
1907 | 1907 | return nfs_do_access(inode, cred, nfs_open_permission_mask(openflags)); |
1908 | 1908 | } |
1909 | 1909 | |
1910 | -int nfs_permission(struct inode *inode, int mask, struct nameidata *nd) | |
1910 | +int nfs_permission(struct inode *inode, int mask) | |
1911 | 1911 | { |
1912 | 1912 | struct rpc_cred *cred; |
1913 | 1913 | int res = 0; |
1914 | 1914 | |
1915 | 1915 | nfs_inc_stats(inode, NFSIOS_VFSACCESS); |
1916 | 1916 | |
1917 | - if (mask == 0) | |
1917 | + if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0) | |
1918 | 1918 | goto out; |
1919 | 1919 | /* Is this sys_access() ? */ |
1920 | - if (nd != NULL && (nd->flags & LOOKUP_ACCESS)) | |
1920 | + if (mask & MAY_ACCESS) | |
1921 | 1921 | goto force_lookup; |
1922 | 1922 | |
1923 | 1923 | switch (inode->i_mode & S_IFMT) { |
... | ... | @@ -1926,8 +1926,7 @@ |
1926 | 1926 | case S_IFREG: |
1927 | 1927 | /* NFSv4 has atomic_open... */ |
1928 | 1928 | if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN) |
1929 | - && nd != NULL | |
1930 | - && (nd->flags & LOOKUP_OPEN)) | |
1929 | + && (mask & MAY_OPEN)) | |
1931 | 1930 | goto out; |
1932 | 1931 | break; |
1933 | 1932 | case S_IFDIR: |
fs/ocfs2/file.c
fs/ocfs2/file.h
... | ... | @@ -62,8 +62,7 @@ |
62 | 62 | int ocfs2_setattr(struct dentry *dentry, struct iattr *attr); |
63 | 63 | int ocfs2_getattr(struct vfsmount *mnt, struct dentry *dentry, |
64 | 64 | struct kstat *stat); |
65 | -int ocfs2_permission(struct inode *inode, int mask, | |
66 | - struct nameidata *nd); | |
65 | +int ocfs2_permission(struct inode *inode, int mask); | |
67 | 66 | |
68 | 67 | int ocfs2_should_update_atime(struct inode *inode, |
69 | 68 | struct vfsmount *vfsmnt); |
fs/proc/base.c
... | ... | @@ -1859,8 +1859,7 @@ |
1859 | 1859 | * /proc/pid/fd needs a special permission handler so that a process can still |
1860 | 1860 | * access /proc/self/fd after it has executed a setuid(). |
1861 | 1861 | */ |
1862 | -static int proc_fd_permission(struct inode *inode, int mask, | |
1863 | - struct nameidata *nd) | |
1862 | +static int proc_fd_permission(struct inode *inode, int mask) | |
1864 | 1863 | { |
1865 | 1864 | int rv; |
1866 | 1865 |
fs/proc/proc_sysctl.c
fs/reiserfs/xattr.c
... | ... | @@ -1250,7 +1250,7 @@ |
1250 | 1250 | return error; |
1251 | 1251 | } |
1252 | 1252 | |
1253 | -int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd) | |
1253 | +int reiserfs_permission(struct inode *inode, int mask) | |
1254 | 1254 | { |
1255 | 1255 | /* |
1256 | 1256 | * We don't do permission checks on the internal objects. |
fs/smbfs/file.c
... | ... | @@ -408,7 +408,7 @@ |
408 | 408 | * privileges, so we need our own check for this. |
409 | 409 | */ |
410 | 410 | static int |
411 | -smb_file_permission(struct inode *inode, int mask, struct nameidata *nd) | |
411 | +smb_file_permission(struct inode *inode, int mask) | |
412 | 412 | { |
413 | 413 | int mode = inode->i_mode; |
414 | 414 | int error = 0; |
... | ... | @@ -417,7 +417,7 @@ |
417 | 417 | |
418 | 418 | /* Look at user permissions */ |
419 | 419 | mode >>= 6; |
420 | - if ((mode & 7 & mask) != mask) | |
420 | + if (mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) | |
421 | 421 | error = -EACCES; |
422 | 422 | return error; |
423 | 423 | } |
fs/xfs/linux-2.6/xfs_iops.c
include/linux/coda_linux.h
... | ... | @@ -37,7 +37,7 @@ |
37 | 37 | /* operations shared over more than one file */ |
38 | 38 | int coda_open(struct inode *i, struct file *f); |
39 | 39 | int coda_release(struct inode *i, struct file *f); |
40 | -int coda_permission(struct inode *inode, int mask, struct nameidata *nd); | |
40 | +int coda_permission(struct inode *inode, int mask); | |
41 | 41 | int coda_revalidate_inode(struct dentry *); |
42 | 42 | int coda_getattr(struct vfsmount *, struct dentry *, struct kstat *); |
43 | 43 | int coda_setattr(struct dentry *, struct iattr *); |
include/linux/fs.h
... | ... | @@ -60,6 +60,9 @@ |
60 | 60 | #define MAY_WRITE 2 |
61 | 61 | #define MAY_READ 4 |
62 | 62 | #define MAY_APPEND 8 |
63 | +#define MAY_ACCESS 16 | |
64 | +#define MAY_CHDIR 32 | |
65 | +#define MAY_OPEN 64 | |
63 | 66 | |
64 | 67 | #define FMODE_READ 1 |
65 | 68 | #define FMODE_WRITE 2 |
... | ... | @@ -1272,7 +1275,7 @@ |
1272 | 1275 | void * (*follow_link) (struct dentry *, struct nameidata *); |
1273 | 1276 | void (*put_link) (struct dentry *, struct nameidata *, void *); |
1274 | 1277 | void (*truncate) (struct inode *); |
1275 | - int (*permission) (struct inode *, int, struct nameidata *); | |
1278 | + int (*permission) (struct inode *, int); | |
1276 | 1279 | int (*setattr) (struct dentry *, struct iattr *); |
1277 | 1280 | int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *); |
1278 | 1281 | int (*setxattr) (struct dentry *, const char *,const void *,size_t,int); |
include/linux/nfs_fs.h
... | ... | @@ -332,7 +332,7 @@ |
332 | 332 | extern int nfs_post_op_update_inode(struct inode *inode, struct nfs_fattr *fattr); |
333 | 333 | extern int nfs_post_op_update_inode_force_wcc(struct inode *inode, struct nfs_fattr *fattr); |
334 | 334 | extern int nfs_getattr(struct vfsmount *, struct dentry *, struct kstat *); |
335 | -extern int nfs_permission(struct inode *, int, struct nameidata *); | |
335 | +extern int nfs_permission(struct inode *, int); | |
336 | 336 | extern int nfs_open(struct inode *, struct file *); |
337 | 337 | extern int nfs_release(struct inode *, struct file *); |
338 | 338 | extern int nfs_attribute_timeout(struct inode *inode); |
include/linux/reiserfs_xattr.h
... | ... | @@ -55,7 +55,7 @@ |
55 | 55 | int reiserfs_delete_xattrs(struct inode *inode); |
56 | 56 | int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs); |
57 | 57 | int reiserfs_xattr_init(struct super_block *sb, int mount_flags); |
58 | -int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd); | |
58 | +int reiserfs_permission(struct inode *inode, int mask); | |
59 | 59 | |
60 | 60 | int reiserfs_xattr_del(struct inode *, const char *); |
61 | 61 | int reiserfs_xattr_get(const struct inode *, const char *, void *, size_t); |
include/linux/shmem_fs.h
... | ... | @@ -43,7 +43,7 @@ |
43 | 43 | } |
44 | 44 | |
45 | 45 | #ifdef CONFIG_TMPFS_POSIX_ACL |
46 | -int shmem_permission(struct inode *, int, struct nameidata *); | |
46 | +int shmem_permission(struct inode *, int); | |
47 | 47 | int shmem_acl_init(struct inode *, struct inode *); |
48 | 48 | void shmem_acl_destroy_inode(struct inode *); |
49 | 49 |
kernel/sysctl.c
... | ... | @@ -1516,9 +1516,9 @@ |
1516 | 1516 | int op = 0, rc; |
1517 | 1517 | |
1518 | 1518 | if (oldval) |
1519 | - op |= 004; | |
1519 | + op |= MAY_READ; | |
1520 | 1520 | if (newval) |
1521 | - op |= 002; | |
1521 | + op |= MAY_WRITE; | |
1522 | 1522 | if (sysctl_perm(root, table, op)) |
1523 | 1523 | return -EPERM; |
1524 | 1524 | |
... | ... | @@ -1560,7 +1560,7 @@ |
1560 | 1560 | if (n == table->ctl_name) { |
1561 | 1561 | int error; |
1562 | 1562 | if (table->child) { |
1563 | - if (sysctl_perm(root, table, 001)) | |
1563 | + if (sysctl_perm(root, table, MAY_EXEC)) | |
1564 | 1564 | return -EPERM; |
1565 | 1565 | name++; |
1566 | 1566 | nlen--; |
... | ... | @@ -1635,7 +1635,7 @@ |
1635 | 1635 | mode >>= 6; |
1636 | 1636 | else if (in_egroup_p(0)) |
1637 | 1637 | mode >>= 3; |
1638 | - if ((mode & op & 0007) == op) | |
1638 | + if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0) | |
1639 | 1639 | return 0; |
1640 | 1640 | return -EACCES; |
1641 | 1641 | } |
... | ... | @@ -1645,7 +1645,7 @@ |
1645 | 1645 | int error; |
1646 | 1646 | int mode; |
1647 | 1647 | |
1648 | - error = security_sysctl(table, op); | |
1648 | + error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC)); | |
1649 | 1649 | if (error) |
1650 | 1650 | return error; |
1651 | 1651 |
mm/shmem_acl.c
... | ... | @@ -191,7 +191,7 @@ |
191 | 191 | * shmem_permission - permission() inode operation |
192 | 192 | */ |
193 | 193 | int |
194 | -shmem_permission(struct inode *inode, int mask, struct nameidata *nd) | |
194 | +shmem_permission(struct inode *inode, int mask) | |
195 | 195 | { |
196 | 196 | return generic_permission(inode, mask, shmem_check_acl); |
197 | 197 | } |