linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Herbert Poetzl <herbert@13thfloor.at>
To: viro@parcelfarce.linux.theplanet.co.uk
Cc: Andrew Morton <akpm@osdl.org>,
	torvalds@osdl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Bind Mount Extensions 0.04.1 3/5
Date: Fri, 19 Mar 2004 03:52:36 +0100	[thread overview]
Message-ID: <20040319025236.GC31040@MAIL.13thfloor.at> (raw)
In-Reply-To: <20040318122645.GJ31500@parcelfarce.linux.theplanet.co.uk>

On Thu, Mar 18, 2004 at 12:26:45PM +0000, viro@parcelfarce.linux.theplanet.co.uk wrote:
> On Mon, Mar 15, 2004 at 08:58:14AM +0100, Herbert Poetzl wrote:
> > -extern int vfs_permission(struct inode *, int);
> > +extern int vfs_permission(struct inode *, int, struct nameidata *);
> 
> Vetoed, along with IS_RDONLY() prototype change.

hmm, that is what I expected ...

> Note that you are doing exactly the opposite of the changes we'll need
> to deal with remount races.
> 
> What we need is to push readonly checks _up_ - into callers of fs methods.
> vfs_permission() is default ->permission() - no more, no less.  Neither
> it nor other instances have any business touching "this vfsmount is readonly"
> logics - it's not something where fs can override stuff; it's "admin said
> no r/w access here".
> 
> IOW, the check for r/w access to file/directory/symlink on a r/o mount should
> be moved into the callers (very few of them) of ->permission() and away from
> the methods themselves.

maybe like this ...

patch can be downloaded at:
http://www.13thfloor.at/patches/patch-2.6.5-rc1-bk3-bme0.04.2-permission.diff

best,
Herbert


diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext2/acl.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext2/acl.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext2/acl.c	2004-03-16 10:21:19.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext2/acl.c	2004-03-19 03:17:17.000000000 +0100
@@ -290,13 +290,6 @@ ext2_permission(struct inode *inode, int
 {
 	int mode = inode->i_mode;
 
-	/* Nobody gets write access to a read-only fs */
-	if ((mask & MAY_WRITE) && IS_RDONLY(inode) &&
-	    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
-		return -EROFS;
-	/* Nobody gets write access to an immutable file */
-	if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
-	    return -EACCES;
 	if (current->fsuid == inode->i_uid) {
 		mode >>= 6;
 	} else if (test_opt(inode->i_sb, POSIX_ACL)) {
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext3/acl.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext3/acl.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/ext3/acl.c	2004-03-16 10:21:19.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/ext3/acl.c	2004-03-19 03:17:28.000000000 +0100
@@ -295,13 +295,6 @@ ext3_permission(struct inode *inode, int
 {
 	int mode = inode->i_mode;
 
-	/* Nobody gets write access to a read-only fs */
-	if ((mask & MAY_WRITE) && IS_RDONLY(inode) &&
-	    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
-		return -EROFS;
-	/* Nobody gets write access to an immutable file */
-	if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
-	    return -EACCES;
 	if (current->fsuid == inode->i_uid) {
 		mode >>= 6;
 	} else if (test_opt(inode->i_sb, POSIX_ACL)) {
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/intermezzo/dir.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/intermezzo/dir.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/intermezzo/dir.c	2004-03-18 22:49:57.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/intermezzo/dir.c	2004-03-19 03:46:49.000000000 +0100
@@ -846,6 +846,16 @@ int presto_permission(struct inode *inod
 
         cache = presto_get_cache(inode);
 
+        /* Nobody gets write access to a read-only fs */
+        if ((mask & MAY_WRITE) &&
+                (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) &&
+                (IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt))))
+                return -EROFS;
+
+        /* Nobody gets write access to an immutable file */
+        if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
+                return -EACCES;
+
         if ( cache ) {
                 /* we only override the file/dir permission operations */
                 struct inode_operations *fiops = filter_c2cfiops(cache->cache_filter);
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/jfs/acl.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/jfs/acl.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/jfs/acl.c	2004-03-11 03:55:21.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/jfs/acl.c	2004-03-19 03:18:12.000000000 +0100
@@ -132,21 +132,6 @@ int jfs_permission(struct inode * inode,
 	umode_t mode = inode->i_mode;
 	struct jfs_inode_info *ji = JFS_IP(inode);
 
-	if (mask & MAY_WRITE) {
-		/*
-		 * Nobody gets write access to a read-only fs.
-		 */
-		if (IS_RDONLY(inode) &&
-		    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
-			return -EROFS;
-
-		/*
-		 * Nobody gets write access to an immutable file.
-		 */
-		if (IS_IMMUTABLE(inode))
-			return -EACCES;
-	}
-
 	if (current->fsuid == inode->i_uid) {
 		mode >>= 6;
 		goto check_mode;
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/namei.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/namei.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/namei.c	2004-03-19 01:40:53.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/namei.c	2004-03-19 03:43:38.000000000 +0100
@@ -160,21 +160,6 @@ int vfs_permission(struct inode * inode,
 {
 	umode_t			mode = inode->i_mode;
 
-	if (mask & MAY_WRITE) {
-		/*
-		 * Nobody gets write access to a read-only fs.
-		 */
-		if (IS_RDONLY(inode) &&
-		    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
-			return -EROFS;
-
-		/*
-		 * Nobody gets write access to an immutable file.
-		 */
-		if (IS_IMMUTABLE(inode))
-			return -EACCES;
-	}
-
 	if (current->fsuid == inode->i_uid)
 		mode >>= 6;
 	else if (in_group_p(inode->i_gid))
@@ -207,9 +192,20 @@ int vfs_permission(struct inode * inode,
 
 int permission(struct inode * inode,int mask, struct nameidata *nd)
 {
+	int mode = inode->i_mode;
 	int retval;
 	int submask;
 
+	/* Nobody gets write access to a read-only fs */
+	if ((mask & MAY_WRITE) &&
+		(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) &&
+		(IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt))))
+		return -EROFS;
+
+	/* Nobody gets write access to an immutable file */
+	if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
+		return -EACCES;
+
 	/* Ordinary permission routines do not understand MAY_APPEND. */
 	submask = mask & ~MAY_APPEND;
 
diff -NurpP --minimal linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/nfs/dir.c linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/nfs/dir.c
--- linux-2.6.5-rc1-bk3-bme0.04.2-atime/fs/nfs/dir.c	2004-03-16 10:21:20.000000000 +0100
+++ linux-2.6.5-rc1-bk3-bme0.04.2-permission/fs/nfs/dir.c	2004-03-19 03:36:11.000000000 +0100
@@ -1503,29 +1503,11 @@ nfs_permission(struct inode *inode, int 
 {
 	struct nfs_access_cache *cache = &NFS_I(inode)->cache_access;
 	struct rpc_cred *cred;
-	int mode = inode->i_mode;
 	int res;
 
 	if (mask == 0)
 		return 0;
-	if (mask & MAY_WRITE) {
-		/*
-		 *
-		 * Nobody gets write access to a read-only fs.
-		 *
-		 */
-		if (IS_RDONLY(inode) &&
-		    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
-			return -EROFS;
 
-		/*
-		 *
-		 * Nobody gets write access to an immutable file.
-		 *
-		 */
-		if (IS_IMMUTABLE(inode))
-			return -EACCES;
-	}
 	/* Are we checking permissions on anything other than lookup/execute? */
 	if ((mask & MAY_EXEC) == 0) {
 		/* We only need to check permissions on file open() and access() */

  reply	other threads:[~2004-03-19  2:52 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-15  3:55 [PATCH] Bind Mount Extensions 0.04 (linux-2.6.4) Herbert Poetzl
2004-03-15  4:14 ` Andrew Morton
2004-03-15  4:25   ` Herbert Poetzl
2004-03-15  4:34     ` Andrew Morton
2004-03-15  7:55       ` Herbert Poetzl
2004-03-15  7:56       ` [PATCH] Bind Mount Extensions 0.04.1 1/5 Herbert Poetzl
2004-03-15  7:57       ` [PATCH] Bind Mount Extensions 0.04.1 2/5 Herbert Poetzl
2004-03-18 12:16         ` viro
2004-03-19  1:57           ` Herbert Poetzl
2004-04-02  1:23           ` Herbert Poetzl
2004-03-15  7:58       ` [PATCH] Bind Mount Extensions 0.04.1 3/5 Herbert Poetzl
2004-03-15 22:10         ` Andrew Morton
2004-03-15 23:04           ` Herbert Poetzl
2004-03-15 23:31             ` Andrew Morton
2004-03-16  6:30               ` Herbert Poetzl
2004-03-18 12:26         ` viro
2004-03-19  2:52           ` Herbert Poetzl [this message]
2004-03-19 11:11             ` viro
2004-03-19 13:40               ` Herbert Poetzl
2004-03-19 14:52                 ` viro
2004-03-15  7:58       ` [PATCH] Bind Mount Extensions 0.04.1 4/5 Herbert Poetzl
2004-03-15  7:59       ` [PATCH] Bind Mount Extensions 0.04.1 5/5 Herbert Poetzl
2004-03-15 13:25   ` [PATCH] Bind Mount Extensions 0.04 (linux-2.6.4) Marc-Christian Petersen
2004-03-15 18:25     ` Dariush Pietrzak

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040319025236.GC31040@MAIL.13thfloor.at \
    --to=herbert@13thfloor.at \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@osdl.org \
    --cc=viro@parcelfarce.linux.theplanet.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).