mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-07 22:42:04 +00:00
->permission() sanitizing: pass MAY_NOT_BLOCK to ->check_acl()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
1fc0f78ca9
commit
9c2c703929
@ -101,7 +101,7 @@ int v9fs_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
struct posix_acl *acl;
|
||||
struct v9fs_session_info *v9ses;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU)
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
v9ses = v9fs_inode2v9ses(inode);
|
||||
|
@ -199,10 +199,9 @@ int btrfs_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
{
|
||||
int error = -EAGAIN;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
error = -ECHILD;
|
||||
|
||||
} else {
|
||||
struct posix_acl *acl;
|
||||
acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
|
@ -236,7 +236,7 @@ ext2_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
|
@ -244,7 +244,7 @@ ext3_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
|
@ -242,7 +242,7 @@ ext4_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
|
@ -192,7 +192,7 @@ generic_acl_chmod(struct inode *inode)
|
||||
int
|
||||
generic_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
{
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
} else {
|
||||
|
@ -80,7 +80,7 @@ int gfs2_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
struct posix_acl *acl;
|
||||
int error;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
|
@ -264,7 +264,7 @@ int jffs2_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
struct posix_acl *acl;
|
||||
int rc;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU)
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
|
@ -118,7 +118,7 @@ int jfs_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
{
|
||||
struct posix_acl *acl;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU)
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
|
@ -181,7 +181,7 @@ static int acl_permission_check(struct inode *inode, int mask, unsigned int flag
|
||||
int (*check_acl)(struct inode *inode, int mask, unsigned int flags);
|
||||
unsigned int mode = inode->i_mode;
|
||||
|
||||
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
|
||||
mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
|
||||
|
||||
if (current_user_ns() != inode_userns(inode))
|
||||
goto other_perms;
|
||||
@ -204,7 +204,7 @@ static int acl_permission_check(struct inode *inode, int mask, unsigned int flag
|
||||
/*
|
||||
* If the DACs are ok we don't need any capability check.
|
||||
*/
|
||||
if ((mask & ~mode) == 0)
|
||||
if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
|
||||
return 0;
|
||||
return -EACCES;
|
||||
}
|
||||
|
@ -297,7 +297,7 @@ int ocfs2_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
struct posix_acl *acl;
|
||||
int ret = -EAGAIN;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU)
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
osb = OCFS2_SB(inode->i_sb);
|
||||
|
@ -879,7 +879,7 @@ int reiserfs_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
if (get_inode_sd_version(inode) == STAT_DATA_V1)
|
||||
return -EAGAIN;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU)
|
||||
if (mask & MAY_NOT_BLOCK)
|
||||
return -ECHILD;
|
||||
|
||||
acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS);
|
||||
|
@ -235,7 +235,7 @@ xfs_check_acl(struct inode *inode, int mask, unsigned int flags)
|
||||
if (!XFS_IFORK_Q(ip))
|
||||
return -EAGAIN;
|
||||
|
||||
if (flags & IPERM_FLAG_RCU) {
|
||||
if (mask & MAY_NOT_BLOCK) {
|
||||
if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
|
||||
return -ECHILD;
|
||||
return -EAGAIN;
|
||||
|
Loading…
Reference in New Issue
Block a user