From: Miklos Szeredi <mszeredi@redhat.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Subject: [PATCH 08/12] vfs: allow unprivileged whiteout creation
Date: Thu, 28 Nov 2019 16:59:36 +0100 [thread overview]
Message-ID: <20191128155940.17530-9-mszeredi@redhat.com> (raw)
In-Reply-To: <20191128155940.17530-1-mszeredi@redhat.com>
Whiteouts are special, but unlike real device nodes they should not require
privileges to create.
The 0 char device number should already be reserved, but make this explicit
in cdev_add() to be on the safe side.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
fs/char_dev.c | 3 +++
fs/namei.c | 17 ++++-------------
include/linux/device_cgroup.h | 3 +++
3 files changed, 10 insertions(+), 13 deletions(-)
diff --git a/fs/char_dev.c b/fs/char_dev.c
index 00dfe17871ac..8bf66f40e5e0 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -483,6 +483,9 @@ int cdev_add(struct cdev *p, dev_t dev, unsigned count)
p->dev = dev;
p->count = count;
+ if (WARN_ON(dev == WHITEOUT_DEV))
+ return -EBUSY;
+
error = kobj_map(cdev_map, dev, count, NULL,
exact_match, exact_lock, p);
if (error)
diff --git a/fs/namei.c b/fs/namei.c
index 671c3c1a3425..05ca98595b62 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3687,12 +3687,14 @@ EXPORT_SYMBOL(user_path_create);
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
+ bool is_whiteout = S_ISCHR(mode) && dev == WHITEOUT_DEV;
int error = may_create(dir, dentry);
if (error)
return error;
- if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
+ if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD) &&
+ !is_whiteout)
return -EPERM;
if (!dir->i_op->mknod)
@@ -4527,9 +4529,6 @@ static int do_renameat2(int olddfd, const char __user *oldname, int newdfd,
(flags & RENAME_EXCHANGE))
return -EINVAL;
- if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD))
- return -EPERM;
-
if (flags & RENAME_EXCHANGE)
target_flags = 0;
@@ -4667,15 +4666,7 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_whiteout(struct inode *dir, struct dentry *dentry)
{
- int error = may_create(dir, dentry);
- if (error)
- return error;
-
- if (!dir->i_op->mknod)
- return -EPERM;
-
- return dir->i_op->mknod(dir, dentry,
- S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
+ return vfs_mknod(dir, dentry, S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
}
EXPORT_SYMBOL(vfs_whiteout);
diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h
index 8557efe096dc..fc989487c273 100644
--- a/include/linux/device_cgroup.h
+++ b/include/linux/device_cgroup.h
@@ -62,6 +62,9 @@ static inline int devcgroup_inode_mknod(int mode, dev_t dev)
if (!S_ISBLK(mode) && !S_ISCHR(mode))
return 0;
+ if (S_ISCHR(mode) && dev == WHITEOUT_DEV)
+ return 0;
+
if (S_ISBLK(mode))
type = DEVCG_DEV_BLOCK;
else
--
2.21.0
next prev parent reply other threads:[~2019-11-28 16:00 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-28 15:59 [PATCH 00/12] various vfs patches Miklos Szeredi
2019-11-28 15:59 ` [PATCH 01/12] aio: fix async fsync creds Miklos Szeredi
2019-12-13 9:32 ` Miklos Szeredi
2020-05-04 8:05 ` Avi Kivity
2019-11-28 15:59 ` [PATCH 02/12] fs_parse: fix fs_param_v_optional handling Miklos Szeredi
2019-11-29 11:31 ` Andrew Price
2019-11-29 14:43 ` Miklos Szeredi
2019-11-29 15:56 ` Andrew Price
2019-12-16 23:28 ` Al Viro
2019-12-17 1:18 ` Al Viro
2019-12-17 3:27 ` Al Viro
2019-11-28 15:59 ` [PATCH 03/12] vfs: verify param type in vfs_parse_sb_flag() Miklos Szeredi
2019-11-28 15:59 ` [PATCH 04/12] uapi: deprecate STATX_ALL Miklos Szeredi
2019-11-28 15:59 ` [PATCH 05/12] statx: don't clear STATX_ATIME on SB_RDONLY Miklos Szeredi
2019-11-28 15:59 ` [PATCH 06/12] utimensat: AT_EMPTY_PATH support Miklos Szeredi
2019-11-28 15:59 ` [PATCH 07/12] f*xattr: allow O_PATH descriptors Miklos Szeredi
2019-12-03 9:20 ` [LTP] [f*xattr] f4cecda4a3: ltp.open13.fail kernel test robot
2019-12-03 9:20 ` kernel test robot
2019-11-28 15:59 ` Miklos Szeredi [this message]
2019-12-17 3:51 ` [PATCH 08/12] vfs: allow unprivileged whiteout creation Al Viro
2019-12-17 4:22 ` Miklos Szeredi
2019-11-28 15:59 ` [PATCH 09/12] fs_parser: "string" with missing value is a "flag" Miklos Szeredi
2019-12-17 17:32 ` Al Viro
2019-12-17 18:31 ` Al Viro
2019-11-28 15:59 ` [PATCH 10/12] vfs: don't parse forbidden flags Miklos Szeredi
2019-11-28 15:59 ` [PATCH 11/12] vfs: don't parse "posixacl" option Miklos Szeredi
2019-12-17 3:42 ` Al Viro
2019-12-17 4:18 ` Miklos Szeredi
2019-12-17 4:28 ` Al Viro
2019-11-28 15:59 ` [PATCH 12/12] vfs: don't parse "silent" option Miklos Szeredi
2019-12-17 3:37 ` Al Viro
2019-12-17 4:12 ` Miklos Szeredi
2019-12-17 4:16 ` Miklos Szeredi
2019-12-17 4:19 ` Al Viro
2019-12-17 4:23 ` Miklos Szeredi
2019-12-17 4:28 ` Miklos Szeredi
2019-12-17 4:17 ` Al Viro
2019-12-13 9:33 ` [PATCH 00/12] various vfs patches Miklos Szeredi
2019-12-16 23:13 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191128155940.17530-9-mszeredi@redhat.com \
--to=mszeredi@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.