Commit f58ba889 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Steven Whitehouse
Browse files

[GFS2] don't call permission() 



GFS2 calls permission() to verify permissions after locks on the files
have been taken.

For this it's sufficient to call gfs2_permission() instead.  This
results in the following changes:

  - IS_RDONLY() check is not performed
  - IS_IMMUTABLE() check is not performed
  - devcgroup_inode_permission() is not called
  - security_inode_permission() is not called

IS_RDONLY() should be unnecessary anyway, as the per-mount read-only
flag should provide protection against read-only remounts during
operations.  do_gfs2_set_flags() has been fixed to perform
mnt_want_write()/mnt_drop_write() to protect against remounting
read-only.

IS_IMMUTABLE has been added to gfs2_permission()

Repeating the security checks seems to be pointless, as they don't
normally change, and if they do, it's independent of the filesystem
state.

Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarSteven Whitehouse <swhiteho@redhat.com>
parent f17172e0

fs/gfs2/inode.c

+3 −3
Original line number Original line Diff line number Diff line
@@ -504,7 +504,7 @@ struct inode *gfs2_lookupi(struct inode *dir, const struct qstr *name, 
	}

	}





	if (!is_root) {

	if (!is_root) {

		error = permission(dir, MAY_EXEC, NULL);

		error = gfs2_permission(dir, MAY_EXEC);

		if (error)

		if (error)

			goto out;

			goto out;

	}

	}
@@ -667,7 +667,7 @@ static int create_ok(struct gfs2_inode *dip, const struct qstr *name, 
{

{

	int error;

	int error;





	error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL);

	error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC);

	if (error)

	if (error)

		return error;

		return error;
@@ -1134,7 +1134,7 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, 
	if (IS_APPEND(&dip->i_inode))

	if (IS_APPEND(&dip->i_inode))

		return -EPERM;

		return -EPERM;





	error = permission(&dip->i_inode, MAY_WRITE | MAY_EXEC, NULL);

	error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC);

	if (error)

	if (error)

		return error;

		return error;

fs/gfs2/inode.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -91,6 +91,7 @@ int gfs2_rmdiri(struct gfs2_inode *dip, const struct qstr *name, 
		struct gfs2_inode *ip);

		struct gfs2_inode *ip);

int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name,

int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name,

		   const struct gfs2_inode *ip);

		   const struct gfs2_inode *ip);

int gfs2_permission(struct inode *inode, int mask);

int gfs2_ok_to_move(struct gfs2_inode *this, struct gfs2_inode *to);

int gfs2_ok_to_move(struct gfs2_inode *this, struct gfs2_inode *to);

int gfs2_readlinki(struct gfs2_inode *ip, char **buf, unsigned int *len);

int gfs2_readlinki(struct gfs2_inode *ip, char **buf, unsigned int *len);

int gfs2_glock_nq_atime(struct gfs2_holder *gh);

int gfs2_glock_nq_atime(struct gfs2_holder *gh);

fs/gfs2/ops_file.c

+9 −2
Original line number Original line Diff line number Diff line
@@ -15,6 +15,7 @@ 
#include <linux/uio.h>

#include <linux/uio.h>

#include <linux/blkdev.h>

#include <linux/blkdev.h>

#include <linux/mm.h>

#include <linux/mm.h>

#include <linux/mount.h>

#include <linux/fs.h>

#include <linux/fs.h>

#include <linux/gfs2_ondisk.h>

#include <linux/gfs2_ondisk.h>

#include <linux/ext2_fs.h>

#include <linux/ext2_fs.h>
@@ -220,10 +221,14 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) 
	int error;

	int error;

	u32 new_flags, flags;

	u32 new_flags, flags;





	error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);

	error = mnt_want_write(filp->f_path.mnt);

	if (error)

	if (error)

		return error;

		return error;





	error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);

	if (error)

		goto out_drop_write;



	flags = ip->i_di.di_flags;

	flags = ip->i_di.di_flags;

	new_flags = (flags & ~mask) | (reqflags & mask);

	new_flags = (flags & ~mask) | (reqflags & mask);

	if ((new_flags ^ flags) == 0)

	if ((new_flags ^ flags) == 0)
@@ -242,7 +247,7 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) 
	    !capable(CAP_LINUX_IMMUTABLE))

	    !capable(CAP_LINUX_IMMUTABLE))

		goto out;

		goto out;

	if (!IS_IMMUTABLE(inode)) {

	if (!IS_IMMUTABLE(inode)) {

		error = permission(inode, MAY_WRITE, NULL);

		error = gfs2_permission(inode, MAY_WRITE);

		if (error)

		if (error)

			goto out;

			goto out;

	}

	}
@@ -272,6 +277,8 @@ out_trans_end: 
	gfs2_trans_end(sdp);

	gfs2_trans_end(sdp);

out:

out:

	gfs2_glock_dq_uninit(&gh);

	gfs2_glock_dq_uninit(&gh);

out_drop_write:

	mnt_drop_write(filp->f_path.mnt);

	return error;

	return error;

}

}

fs/gfs2/ops_inode.c

+17 −8
Original line number Original line Diff line number Diff line
@@ -163,7 +163,7 @@ static int gfs2_link(struct dentry *old_dentry, struct inode *dir, 
	if (error)

	if (error)

		goto out;

		goto out;





	error = permission(dir, MAY_WRITE | MAY_EXEC, NULL);

	error = gfs2_permission(dir, MAY_WRITE | MAY_EXEC);

	if (error)

	if (error)

		goto out_gunlock;

		goto out_gunlock;
@@ -669,7 +669,7 @@ static int gfs2_rename(struct inode *odir, struct dentry *odentry, 
			}

			}

		}

		}

	} else {

	} else {

		error = permission(ndir, MAY_WRITE | MAY_EXEC, NULL);

		error = gfs2_permission(ndir, MAY_WRITE | MAY_EXEC);

		if (error)

		if (error)

			goto out_gunlock;

			goto out_gunlock;
@@ -704,7 +704,7 @@ static int gfs2_rename(struct inode *odir, struct dentry *odentry, 
	/* Check out the dir to be renamed */

	/* Check out the dir to be renamed */





	if (dir_rename) {

	if (dir_rename) {

		error = permission(odentry->d_inode, MAY_WRITE, NULL);

		error = gfs2_permission(odentry->d_inode, MAY_WRITE);

		if (error)

		if (error)

			goto out_gunlock;

			goto out_gunlock;

	}

	}
@@ -891,7 +891,7 @@ static void *gfs2_follow_link(struct dentry *dentry, struct nameidata *nd) 
 * Returns: errno

 * Returns: errno

 */

 */





static int gfs2_permission(struct inode *inode, int mask, struct nameidata *nd)

int gfs2_permission(struct inode *inode, int mask)

{

{

	struct gfs2_inode *ip = GFS2_I(inode);

	struct gfs2_inode *ip = GFS2_I(inode);

	struct gfs2_holder i_gh;

	struct gfs2_holder i_gh;
@@ -905,6 +905,9 @@ static int gfs2_permission(struct inode *inode, int mask, struct nameidata *nd) 
		unlock = 1;

		unlock = 1;

	}

	}





	if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))

		error = -EACCES;

	else

		error = generic_permission(inode, mask, gfs2_check_acl);

		error = generic_permission(inode, mask, gfs2_check_acl);

	if (unlock)

	if (unlock)

		gfs2_glock_dq_uninit(&i_gh);

		gfs2_glock_dq_uninit(&i_gh);
@@ -912,6 +915,12 @@ static int gfs2_permission(struct inode *inode, int mask, struct nameidata *nd) 
	return error;

	return error;

}

}





static int gfs2_iop_permission(struct inode *inode, int mask,

			       struct nameidata *nd)

{

	return gfs2_permission(inode, mask);

}



static int setattr_size(struct inode *inode, struct iattr *attr)

static int setattr_size(struct inode *inode, struct iattr *attr)

{

{

	struct gfs2_inode *ip = GFS2_I(inode);

	struct gfs2_inode *ip = GFS2_I(inode);
@@ -1141,7 +1150,7 @@ static int gfs2_removexattr(struct dentry *dentry, const char *name) 
}

}





const struct inode_operations gfs2_file_iops = {

const struct inode_operations gfs2_file_iops = {

	.permission = gfs2_permission,

	.permission = gfs2_iop_permission,

	.setattr = gfs2_setattr,

	.setattr = gfs2_setattr,

	.getattr = gfs2_getattr,

	.getattr = gfs2_getattr,

	.setxattr = gfs2_setxattr,

	.setxattr = gfs2_setxattr,
@@ -1160,7 +1169,7 @@ const struct inode_operations gfs2_dir_iops = { 
	.rmdir = gfs2_rmdir,

	.rmdir = gfs2_rmdir,

	.mknod = gfs2_mknod,

	.mknod = gfs2_mknod,

	.rename = gfs2_rename,

	.rename = gfs2_rename,

	.permission = gfs2_permission,

	.permission = gfs2_iop_permission,

	.setattr = gfs2_setattr,

	.setattr = gfs2_setattr,

	.getattr = gfs2_getattr,

	.getattr = gfs2_getattr,

	.setxattr = gfs2_setxattr,

	.setxattr = gfs2_setxattr,
@@ -1172,7 +1181,7 @@ const struct inode_operations gfs2_dir_iops = { 
const struct inode_operations gfs2_symlink_iops = {

const struct inode_operations gfs2_symlink_iops = {

	.readlink = gfs2_readlink,

	.readlink = gfs2_readlink,

	.follow_link = gfs2_follow_link,

	.follow_link = gfs2_follow_link,

	.permission = gfs2_permission,

	.permission = gfs2_iop_permission,

	.setattr = gfs2_setattr,

	.setattr = gfs2_setattr,

	.getattr = gfs2_getattr,

	.getattr = gfs2_getattr,

	.setxattr = gfs2_setxattr,

	.setxattr = gfs2_setxattr,

CRA Git | Maintained and supported by SUSTech CRA and CCSE