From: Herbert Poetzl <herbert@13thfloor.at>
To: viro@parcelfarce.linux.theplanet.co.uk
Cc: Andrew Morton <akpm@osdl.org>,
torvalds@osdl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Bind Mount Extensions 0.04.1 3/5
Date: Fri, 19 Mar 2004 03:52:36 +0100 [thread overview]
Message-ID: <20040319025236.GC31040@MAIL.13thfloor.at> (raw)
In-Reply-To: <20040318122645.GJ31500@parcelfarce.linux.theplanet.co.uk>
On Thu, Mar 18, 2004 at 12:26:45PM +0000, viro@parcelfarce.linux.theplanet.co.uk wrote:
> On Mon, Mar 15, 2004 at 08:58:14AM +0100, Herbert Poetzl wrote:
> > -extern int vfs_permission(struct inode *, int);
> > +extern int vfs_permission(struct inode *, int, struct nameidata *);
>
> Vetoed, along with IS_RDONLY() prototype change.
hmm, that is what I expected ...
> Note that you are doing exactly the opposite of the changes we'll need
> to deal with remount races.
>
> What we need is to push readonly checks _up_ - into callers of fs methods.
> vfs_permission() is default ->permission() - no more, no less. Neither
> it nor other instances have any business touching "this vfsmount is readonly"
> logics - it's not something where fs can override stuff; it's "admin said
> no r/w access here".
>
> IOW, the check for r/w access to file/directory/symlink on a r/o mount should
> be moved into the callers (very few of them) of ->permission() and away from
> the methods themselves.
maybe like this ...
patch can be downloaded at:
http://www.13thfloor.at/patches/patch-2.6.5-rc1-bk3-bme0.04.2-permission.diff
best,
Herbert
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext2/acl.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext2/acl.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext2/acl.c 2004-03-16 10:21:19.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext2/acl.c 2004-03-19 03:17:17.000000000 +0100
@@ -290,13 +290,6 @@ ext2_permission(struct inode *inode, int
{
int mode = inode->i_mode;
- /* Nobody gets write access to a read-only fs */
- if ((mask & MAY_WRITE) && IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
- /* Nobody gets write access to an immutable file */
- if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
- return -EACCES;
if (current->fsuid == inode->i_uid) {
mode >>= 6;
} else if (test_opt(inode->i_sb, POSIX_ACL)) {
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext3/acl.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext3/acl.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext3/acl.c 2004-03-16 10:21:19.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext3/acl.c 2004-03-19 03:17:28.000000000 +0100
@@ -295,13 +295,6 @@ ext3_permission(struct inode *inode, int
{
int mode = inode->i_mode;
- /* Nobody gets write access to a read-only fs */
- if ((mask & MAY_WRITE) && IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
- /* Nobody gets write access to an immutable file */
- if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
- return -EACCES;
if (current->fsuid == inode->i_uid) {
mode >>= 6;
} else if (test_opt(inode->i_sb, POSIX_ACL)) {
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/intermezzo/dir.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/intermezzo/dir.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/intermezzo/dir.c 2004-03-18 22:49:57.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/intermezzo/dir.c 2004-03-19 03:46:49.000000000 +0100
@@ -846,6 +846,16 @@ int presto_permission(struct inode *inod
cache = presto_get_cache(inode);
+ /* Nobody gets write access to a read-only fs */
+ if ((mask & MAY_WRITE) &&
+ (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) &&
+ (IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt))))
+ return -EROFS;
+
+ /* Nobody gets write access to an immutable file */
+ if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
+ return -EACCES;
+
if ( cache ) {
/* we only override the file/dir permission operations */
struct inode_operations *fiops = filter_c2cfiops(cache->cache_filter);
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/jfs/acl.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/jfs/acl.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/jfs/acl.c 2004-03-11 03:55:21.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/jfs/acl.c 2004-03-19 03:18:12.000000000 +0100
@@ -132,21 +132,6 @@ int jfs_permission(struct inode * inode,
umode_t mode = inode->i_mode;
struct jfs_inode_info *ji = JFS_IP(inode);
- if (mask & MAY_WRITE) {
- /*
- * Nobody gets write access to a read-only fs.
- */
- if (IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
-
- /*
- * Nobody gets write access to an immutable file.
- */
- if (IS_IMMUTABLE(inode))
- return -EACCES;
- }
-
if (current->fsuid == inode->i_uid) {
mode >>= 6;
goto check_mode;
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/namei.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/namei.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/namei.c 2004-03-19 01:40:53.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/namei.c 2004-03-19 03:43:38.000000000 +0100
@@ -160,21 +160,6 @@ int vfs_permission(struct inode * inode,
{
umode_t mode = inode->i_mode;
- if (mask & MAY_WRITE) {
- /*
- * Nobody gets write access to a read-only fs.
- */
- if (IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
-
- /*
- * Nobody gets write access to an immutable file.
- */
- if (IS_IMMUTABLE(inode))
- return -EACCES;
- }
-
if (current->fsuid == inode->i_uid)
mode >>= 6;
else if (in_group_p(inode->i_gid))
@@ -207,9 +192,20 @@ int vfs_permission(struct inode * inode,
int permission(struct inode * inode,int mask, struct nameidata *nd)
{
+ int mode = inode->i_mode;
int retval;
int submask;
+ /* Nobody gets write access to a read-only fs */
+ if ((mask & MAY_WRITE) &&
+ (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) &&
+ (IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt))))
+ return -EROFS;
+
+ /* Nobody gets write access to an immutable file */
+ if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
+ return -EACCES;
+
/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/nfs/dir.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/nfs/dir.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/nfs/dir.c 2004-03-16 10:21:20.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/nfs/dir.c 2004-03-19 03:36:11.000000000 +0100
@@ -1503,29 +1503,11 @@ nfs_permission(struct inode *inode, int
{
struct nfs_access_cache *cache = &NFS_I(inode)->cache_access;
struct rpc_cred *cred;
- int mode = inode->i_mode;
int res;
if (mask == 0)
return 0;
- if (mask & MAY_WRITE) {
- /*
- *
- * Nobody gets write access to a read-only fs.
- *
- */
- if (IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
- /*
- *
- * Nobody gets write access to an immutable file.
- *
- */
- if (IS_IMMUTABLE(inode))
- return -EACCES;
- }
/* Are we checking permissions on anything other than lookup/execute? */
if ((mask & MAY_EXEC) == 0) {
/* We only need to check permissions on file open() and access() */
next prev parent reply other threads:[~2004-03-19 2:52 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-15 3:55 [PATCH] Bind Mount Extensions 0.04 (linux-2.6.4) Herbert Poetzl
2004-03-15 4:14 ` Andrew Morton
2004-03-15 4:25 ` Herbert Poetzl
2004-03-15 4:34 ` Andrew Morton
2004-03-15 7:55 ` Herbert Poetzl
2004-03-15 7:56 ` [PATCH] Bind Mount Extensions 0.04.1 1/5 Herbert Poetzl
2004-03-15 7:57 ` [PATCH] Bind Mount Extensions 0.04.1 2/5 Herbert Poetzl
2004-03-18 12:16 ` viro
2004-03-19 1:57 ` Herbert Poetzl
2004-04-02 1:23 ` Herbert Poetzl
2004-03-15 7:58 ` [PATCH] Bind Mount Extensions 0.04.1 3/5 Herbert Poetzl
2004-03-15 22:10 ` Andrew Morton
2004-03-15 23:04 ` Herbert Poetzl
2004-03-15 23:31 ` Andrew Morton
2004-03-16 6:30 ` Herbert Poetzl
2004-03-18 12:26 ` viro
2004-03-19 2:52 ` Herbert Poetzl [this message]
2004-03-19 11:11 ` viro
2004-03-19 13:40 ` Herbert Poetzl
2004-03-19 14:52 ` viro
2004-03-15 7:58 ` [PATCH] Bind Mount Extensions 0.04.1 4/5 Herbert Poetzl
2004-03-15 7:59 ` [PATCH] Bind Mount Extensions 0.04.1 5/5 Herbert Poetzl
2004-03-15 13:25 ` [PATCH] Bind Mount Extensions 0.04 (linux-2.6.4) Marc-Christian Petersen
2004-03-15 18:25 ` Dariush Pietrzak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040319025236.GC31040@MAIL.13thfloor.at \
--to=herbert@13thfloor.at \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).