[PATCH] sanitize ->permission() prototype

* kill nameidata * argument; map the 3 bits in ->flags anybody cares
  about to new MAY_... ones and pass with the mask.
* kill redundant gfs2_iop_permission()
* sanitize ecryptfs_permission()
* fix remaining places where ->permission() instances might barf on new
  MAY_... found in mask.

The obvious next target in that direction is permission(9)

folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2008-07-15 21:03:57 -04:00
parent 1bd5191d9f
commit e6305c43ed
38 changed files with 74 additions and 87 deletions

View file

@ -469,8 +469,6 @@ extern bool afs_cm_incoming_call(struct afs_call *);
extern const struct inode_operations afs_dir_inode_operations;
extern const struct file_operations afs_dir_file_operations;
extern int afs_permission(struct inode *, int, struct nameidata *);
/*
* file.c
*/
@ -605,7 +603,7 @@ extern void afs_clear_permits(struct afs_vnode *);
extern void afs_cache_permit(struct afs_vnode *, struct key *, long);
extern void afs_zap_permits(struct rcu_head *);
extern struct key *afs_request_key(struct afs_cell *);
extern int afs_permission(struct inode *, int, struct nameidata *);
extern int afs_permission(struct inode *, int);
/*
* server.c

View file

@ -284,7 +284,7 @@ static int afs_check_permit(struct afs_vnode *vnode, struct key *key,
* - AFS ACLs are attached to directories only, and a file is controlled by its
* parent directory's ACL
*/
int afs_permission(struct inode *inode, int mask, struct nameidata *nd)
int afs_permission(struct inode *inode, int mask)
{
struct afs_vnode *vnode = AFS_FS_I(inode);
afs_access_t uninitialized_var(access);

View file

@ -243,8 +243,7 @@ static int bad_inode_readlink(struct dentry *dentry, char __user *buffer,
return -EIO;
}
static int bad_inode_permission(struct inode *inode, int mask,
struct nameidata *nd)
static int bad_inode_permission(struct inode *inode, int mask)
{
return -EIO;
}

View file

@ -267,7 +267,7 @@ cifs_statfs(struct dentry *dentry, struct kstatfs *buf)
return 0;
}
static int cifs_permission(struct inode *inode, int mask, struct nameidata *nd)
static int cifs_permission(struct inode *inode, int mask)
{
struct cifs_sb_info *cifs_sb;

View file

@ -137,9 +137,11 @@ static struct dentry *coda_lookup(struct inode *dir, struct dentry *entry, struc
}
int coda_permission(struct inode *inode, int mask, struct nameidata *nd)
int coda_permission(struct inode *inode, int mask)
{
int error = 0;
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (!mask)
return 0;

View file

@ -24,8 +24,7 @@
#include <linux/coda_psdev.h>
/* pioctl ops */
static int coda_ioctl_permission(struct inode *inode, int mask,
struct nameidata *nd);
static int coda_ioctl_permission(struct inode *inode, int mask);
static int coda_pioctl(struct inode * inode, struct file * filp,
unsigned int cmd, unsigned long user_data);
@ -42,8 +41,7 @@ const struct file_operations coda_ioctl_operations = {
};
/* the coda pioctl inode ops */
static int coda_ioctl_permission(struct inode *inode, int mask,
struct nameidata *nd)
static int coda_ioctl_permission(struct inode *inode, int mask)
{
return 0;
}

View file

@ -830,22 +830,9 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
}
static int
ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd)
ecryptfs_permission(struct inode *inode, int mask)
{
int rc;
if (nd) {
struct vfsmount *vfsmnt_save = nd->path.mnt;
struct dentry *dentry_save = nd->path.dentry;
nd->path.mnt = ecryptfs_dentry_to_lower_mnt(nd->path.dentry);
nd->path.dentry = ecryptfs_dentry_to_lower(nd->path.dentry);
rc = permission(ecryptfs_inode_to_lower(inode), mask, nd);
nd->path.mnt = vfsmnt_save;
nd->path.dentry = dentry_save;
} else
rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL);
return rc;
return permission(ecryptfs_inode_to_lower(inode), mask, NULL);
}
/**

View file

@ -294,7 +294,7 @@ ext2_check_acl(struct inode *inode, int mask)
}
int
ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
ext2_permission(struct inode *inode, int mask)
{
return generic_permission(inode, mask, ext2_check_acl);
}

View file

@ -58,7 +58,7 @@ static inline int ext2_acl_count(size_t size)
#define EXT2_ACL_NOT_CACHED ((void *)-1)
/* acl.c */
extern int ext2_permission (struct inode *, int, struct nameidata *);
extern int ext2_permission (struct inode *, int);
extern int ext2_acl_chmod (struct inode *);
extern int ext2_init_acl (struct inode *, struct inode *);

View file

@ -299,7 +299,7 @@ ext3_check_acl(struct inode *inode, int mask)
}
int
ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
ext3_permission(struct inode *inode, int mask)
{
return generic_permission(inode, mask, ext3_check_acl);
}

View file

@ -58,7 +58,7 @@ static inline int ext3_acl_count(size_t size)
#define EXT3_ACL_NOT_CACHED ((void *)-1)
/* acl.c */
extern int ext3_permission (struct inode *, int, struct nameidata *);
extern int ext3_permission (struct inode *, int);
extern int ext3_acl_chmod (struct inode *);
extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);

View file

@ -299,7 +299,7 @@ ext4_check_acl(struct inode *inode, int mask)
}
int
ext4_permission(struct inode *inode, int mask, struct nameidata *nd)
ext4_permission(struct inode *inode, int mask)
{
return generic_permission(inode, mask, ext4_check_acl);
}

View file

@ -58,7 +58,7 @@ static inline int ext4_acl_count(size_t size)
#define EXT4_ACL_NOT_CACHED ((void *)-1)
/* acl.c */
extern int ext4_permission (struct inode *, int, struct nameidata *);
extern int ext4_permission (struct inode *, int);
extern int ext4_acl_chmod (struct inode *);
extern int ext4_init_acl (handle_t *, struct inode *, struct inode *);

View file

@ -898,7 +898,7 @@ static int fuse_access(struct inode *inode, int mask)
return PTR_ERR(req);
memset(&inarg, 0, sizeof(inarg));
inarg.mask = mask;
inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
req->in.h.opcode = FUSE_ACCESS;
req->in.h.nodeid = get_node_id(inode);
req->in.numargs = 1;
@ -927,7 +927,7 @@ static int fuse_access(struct inode *inode, int mask)
* access request is sent. Execute permission is still checked
* locally based on file mode.
*/
static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
static int fuse_permission(struct inode *inode, int mask)
{
struct fuse_conn *fc = get_fuse_conn(inode);
bool refreshed = false;
@ -962,7 +962,7 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
exist. So if permissions are revoked this won't be
noticed immediately, only after the attribute
timeout has expired */
} else if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR))) {
} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
err = fuse_access(inode, mask);
} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
if (!(inode->i_mode & S_IXUGO)) {

View file

@ -915,12 +915,6 @@ int gfs2_permission(struct inode *inode, int mask)
return error;
}
static int gfs2_iop_permission(struct inode *inode, int mask,
struct nameidata *nd)
{
return gfs2_permission(inode, mask);
}
static int setattr_size(struct inode *inode, struct iattr *attr)
{
struct gfs2_inode *ip = GFS2_I(inode);
@ -1150,7 +1144,7 @@ static int gfs2_removexattr(struct dentry *dentry, const char *name)
}
const struct inode_operations gfs2_file_iops = {
.permission = gfs2_iop_permission,
.permission = gfs2_permission,
.setattr = gfs2_setattr,
.getattr = gfs2_getattr,
.setxattr = gfs2_setxattr,
@ -1169,7 +1163,7 @@ const struct inode_operations gfs2_dir_iops = {
.rmdir = gfs2_rmdir,
.mknod = gfs2_mknod,
.rename = gfs2_rename,
.permission = gfs2_iop_permission,
.permission = gfs2_permission,
.setattr = gfs2_setattr,
.getattr = gfs2_getattr,
.setxattr = gfs2_setxattr,
@ -1181,7 +1175,7 @@ const struct inode_operations gfs2_dir_iops = {
const struct inode_operations gfs2_symlink_iops = {
.readlink = gfs2_readlink,
.follow_link = gfs2_follow_link,
.permission = gfs2_iop_permission,
.permission = gfs2_permission,
.setattr = gfs2_setattr,
.getattr = gfs2_getattr,
.setxattr = gfs2_setxattr,

View file

@ -511,8 +511,7 @@ void hfs_clear_inode(struct inode *inode)
}
}
static int hfs_permission(struct inode *inode, int mask,
struct nameidata *nd)
static int hfs_permission(struct inode *inode, int mask)
{
if (S_ISREG(inode->i_mode) && mask & MAY_EXEC)
return 0;

View file

@ -238,7 +238,7 @@ static void hfsplus_set_perms(struct inode *inode, struct hfsplus_perm *perms)
perms->dev = cpu_to_be32(HFSPLUS_I(inode).dev);
}
static int hfsplus_permission(struct inode *inode, int mask, struct nameidata *nd)
static int hfsplus_permission(struct inode *inode, int mask)
{
/* MAY_EXEC is also used for lookup, if no x bit is set allow lookup,
* open_exec has the same test, so it's still not executable, if a x bit

View file

@ -822,7 +822,7 @@ int hostfs_rename(struct inode *from_ino, struct dentry *from,
return err;
}
int hostfs_permission(struct inode *ino, int desired, struct nameidata *nd)
int hostfs_permission(struct inode *ino, int desired)
{
char *name;
int r = 0, w = 0, x = 0, err;

View file

@ -314,7 +314,7 @@ static int jffs2_check_acl(struct inode *inode, int mask)
return -EAGAIN;
}
int jffs2_permission(struct inode *inode, int mask, struct nameidata *nd)
int jffs2_permission(struct inode *inode, int mask)
{
return generic_permission(inode, mask, jffs2_check_acl);
}

View file

@ -28,7 +28,7 @@ struct jffs2_acl_header {
#define JFFS2_ACL_NOT_CACHED ((void *)-1)
extern int jffs2_permission(struct inode *, int, struct nameidata *);
extern int jffs2_permission(struct inode *, int);
extern int jffs2_acl_chmod(struct inode *);
extern int jffs2_init_acl_pre(struct inode *, struct inode *, int *);
extern int jffs2_init_acl_post(struct inode *);

View file

@ -140,7 +140,7 @@ static int jfs_check_acl(struct inode *inode, int mask)
return -EAGAIN;
}
int jfs_permission(struct inode *inode, int mask, struct nameidata *nd)
int jfs_permission(struct inode *inode, int mask)
{
return generic_permission(inode, mask, jfs_check_acl);
}

View file

@ -20,7 +20,7 @@
#ifdef CONFIG_JFS_POSIX_ACL
int jfs_permission(struct inode *, int, struct nameidata *);
int jfs_permission(struct inode *, int);
int jfs_init_acl(tid_t, struct inode *, struct inode *);
int jfs_setattr(struct dentry *, struct iattr *);

View file

@ -185,6 +185,8 @@ int generic_permission(struct inode *inode, int mask,
{
umode_t mode = inode->i_mode;
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (current->fsuid == inode->i_uid)
mode >>= 6;
else {
@ -203,7 +205,7 @@ int generic_permission(struct inode *inode, int mask,
/*
* If the DACs are ok we don't need any capability check.
*/
if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
if ((mask & ~mode) == 0)
return 0;
check_capabilities:
@ -228,7 +230,7 @@ int generic_permission(struct inode *inode, int mask,
int permission(struct inode *inode, int mask, struct nameidata *nd)
{
int retval, submask;
int retval;
struct vfsmount *mnt = NULL;
if (nd)
@ -261,9 +263,17 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
}
/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
if (inode->i_op && inode->i_op->permission) {
retval = inode->i_op->permission(inode, submask, nd);
int extra = 0;
if (nd) {
if (nd->flags & LOOKUP_ACCESS)
extra |= MAY_ACCESS;
if (nd->flags & LOOKUP_CHDIR)
extra |= MAY_CHDIR;
if (nd->flags & LOOKUP_OPEN)
extra |= MAY_OPEN;
}
retval = inode->i_op->permission(inode, mask | extra);
if (!retval) {
/*
* Exec permission on a regular file is denied if none
@ -277,7 +287,7 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
return -EACCES;
}
} else {
retval = generic_permission(inode, submask, NULL);
retval = generic_permission(inode, mask, NULL);
}
if (retval)
return retval;
@ -286,7 +296,8 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
if (retval)
return retval;
return security_inode_permission(inode, mask, nd);
return security_inode_permission(inode,
mask & (MAY_READ|MAY_WRITE|MAY_EXEC), nd);
}
/**

View file

@ -1884,7 +1884,7 @@ static int nfs_do_access(struct inode *inode, struct rpc_cred *cred, int mask)
return status;
nfs_access_add_cache(inode, &cache);
out:
if ((cache.mask & mask) == mask)
if ((mask & ~cache.mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
return 0;
return -EACCES;
}
@ -1907,17 +1907,17 @@ int nfs_may_open(struct inode *inode, struct rpc_cred *cred, int openflags)
return nfs_do_access(inode, cred, nfs_open_permission_mask(openflags));
}
int nfs_permission(struct inode *inode, int mask, struct nameidata *nd)
int nfs_permission(struct inode *inode, int mask)
{
struct rpc_cred *cred;
int res = 0;
nfs_inc_stats(inode, NFSIOS_VFSACCESS);
if (mask == 0)
if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
goto out;
/* Is this sys_access() ? */
if (nd != NULL && (nd->flags & LOOKUP_ACCESS))
if (mask & MAY_ACCESS)
goto force_lookup;
switch (inode->i_mode & S_IFMT) {
@ -1926,8 +1926,7 @@ int nfs_permission(struct inode *inode, int mask, struct nameidata *nd)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
&& nd != NULL
&& (nd->flags & LOOKUP_OPEN))
&& (mask & MAY_OPEN))
goto out;
break;
case S_IFDIR:

View file

@ -1176,7 +1176,7 @@ int ocfs2_getattr(struct vfsmount *mnt,
return err;
}
int ocfs2_permission(struct inode *inode, int mask, struct nameidata *nd)
int ocfs2_permission(struct inode *inode, int mask)
{
int ret;

View file

@ -62,8 +62,7 @@ int ocfs2_lock_allocators(struct inode *inode, struct ocfs2_dinode *di,
int ocfs2_setattr(struct dentry *dentry, struct iattr *attr);
int ocfs2_getattr(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat);
int ocfs2_permission(struct inode *inode, int mask,
struct nameidata *nd);
int ocfs2_permission(struct inode *inode, int mask);
int ocfs2_should_update_atime(struct inode *inode,
struct vfsmount *vfsmnt);

View file

@ -1859,8 +1859,7 @@ static const struct file_operations proc_fd_operations = {
* /proc/pid/fd needs a special permission handler so that a process can still
* access /proc/self/fd after it has executed a setuid().
*/
static int proc_fd_permission(struct inode *inode, int mask,
struct nameidata *nd)
static int proc_fd_permission(struct inode *inode, int mask)
{
int rv;

View file

@ -292,7 +292,7 @@ static int proc_sys_readdir(struct file *filp, void *dirent, filldir_t filldir)
return ret;
}
static int proc_sys_permission(struct inode *inode, int mask, struct nameidata *nd)
static int proc_sys_permission(struct inode *inode, int mask)
{
/*
* sysctl entries that are not writeable,

View file

@ -1250,7 +1250,7 @@ static int reiserfs_check_acl(struct inode *inode, int mask)
return error;
}
int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd)
int reiserfs_permission(struct inode *inode, int mask)
{
/*
* We don't do permission checks on the internal objects.

View file

@ -408,7 +408,7 @@ smb_file_release(struct inode *inode, struct file * file)
* privileges, so we need our own check for this.
*/
static int
smb_file_permission(struct inode *inode, int mask, struct nameidata *nd)
smb_file_permission(struct inode *inode, int mask)
{
int mode = inode->i_mode;
int error = 0;
@ -417,7 +417,7 @@ smb_file_permission(struct inode *inode, int mask, struct nameidata *nd)
/* Look at user permissions */
mode >>= 6;
if ((mode & 7 & mask) != mask)
if (mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC))
error = -EACCES;
return error;
}

View file

@ -589,8 +589,7 @@ xfs_check_acl(
STATIC int
xfs_vn_permission(
struct inode *inode,
int mask,
struct nameidata *nd)
int mask)
{
return generic_permission(inode, mask, xfs_check_acl);
}

View file

@ -37,7 +37,7 @@ extern const struct file_operations coda_ioctl_operations;
/* operations shared over more than one file */
int coda_open(struct inode *i, struct file *f);
int coda_release(struct inode *i, struct file *f);
int coda_permission(struct inode *inode, int mask, struct nameidata *nd);
int coda_permission(struct inode *inode, int mask);
int coda_revalidate_inode(struct dentry *);
int coda_getattr(struct vfsmount *, struct dentry *, struct kstat *);
int coda_setattr(struct dentry *, struct iattr *);

View file

@ -60,6 +60,9 @@ extern int dir_notify_enable;
#define MAY_WRITE 2
#define MAY_READ 4
#define MAY_APPEND 8
#define MAY_ACCESS 16
#define MAY_CHDIR 32
#define MAY_OPEN 64
#define FMODE_READ 1
#define FMODE_WRITE 2
@ -1272,7 +1275,7 @@ struct inode_operations {
void * (*follow_link) (struct dentry *, struct nameidata *);
void (*put_link) (struct dentry *, struct nameidata *, void *);
void (*truncate) (struct inode *);
int (*permission) (struct inode *, int, struct nameidata *);
int (*permission) (struct inode *, int);
int (*setattr) (struct dentry *, struct iattr *);
int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);

View file

@ -332,7 +332,7 @@ extern int nfs_refresh_inode(struct inode *, struct nfs_fattr *);
extern int nfs_post_op_update_inode(struct inode *inode, struct nfs_fattr *fattr);
extern int nfs_post_op_update_inode_force_wcc(struct inode *inode, struct nfs_fattr *fattr);
extern int nfs_getattr(struct vfsmount *, struct dentry *, struct kstat *);
extern int nfs_permission(struct inode *, int, struct nameidata *);
extern int nfs_permission(struct inode *, int);
extern int nfs_open(struct inode *, struct file *);
extern int nfs_release(struct inode *, struct file *);
extern int nfs_attribute_timeout(struct inode *inode);

View file

@ -55,7 +55,7 @@ int reiserfs_removexattr(struct dentry *dentry, const char *name);
int reiserfs_delete_xattrs(struct inode *inode);
int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs);
int reiserfs_xattr_init(struct super_block *sb, int mount_flags);
int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd);
int reiserfs_permission(struct inode *inode, int mask);
int reiserfs_xattr_del(struct inode *, const char *);
int reiserfs_xattr_get(const struct inode *, const char *, void *, size_t);

View file

@ -43,7 +43,7 @@ static inline struct shmem_inode_info *SHMEM_I(struct inode *inode)
}
#ifdef CONFIG_TMPFS_POSIX_ACL
int shmem_permission(struct inode *, int, struct nameidata *);
int shmem_permission(struct inode *, int);
int shmem_acl_init(struct inode *, struct inode *);
void shmem_acl_destroy_inode(struct inode *);

View file

@ -1516,9 +1516,9 @@ static int do_sysctl_strategy(struct ctl_table_root *root,
int op = 0, rc;
if (oldval)
op |= 004;
op |= MAY_READ;
if (newval)
op |= 002;
op |= MAY_WRITE;
if (sysctl_perm(root, table, op))
return -EPERM;
@ -1560,7 +1560,7 @@ static int parse_table(int __user *name, int nlen,
if (n == table->ctl_name) {
int error;
if (table->child) {
if (sysctl_perm(root, table, 001))
if (sysctl_perm(root, table, MAY_EXEC))
return -EPERM;
name++;
nlen--;
@ -1635,7 +1635,7 @@ static int test_perm(int mode, int op)
mode >>= 6;
else if (in_egroup_p(0))
mode >>= 3;
if ((mode & op & 0007) == op)
if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
return 0;
return -EACCES;
}
@ -1645,7 +1645,7 @@ int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
int error;
int mode;
error = security_sysctl(table, op);
error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
if (error)
return error;

View file

@ -191,7 +191,7 @@ shmem_check_acl(struct inode *inode, int mask)
* shmem_permission - permission() inode operation
*/
int
shmem_permission(struct inode *inode, int mask, struct nameidata *nd)
shmem_permission(struct inode *inode, int mask)
{
return generic_permission(inode, mask, shmem_check_acl);
}