On Sat, 25 Sep 2010 00:46:03 +0530 "Aneesh Kumar K. V" <aneesh.kumar@xxxxxxxxxxxxxxxxxx> wrote: > On Fri, 24 Sep 2010 11:54:23 -0400, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > On Fri, 24 Sep 2010 18:18:11 +0530 > > "Aneesh Kumar K.V" <aneesh.kumar@xxxxxxxxxxxxxxxxxx> wrote: > > > > > From: Andreas Gruenbacher <agruen@xxxxxxx> > > > > > > Some permission models distinguish between the permission to create a > > > non-directory and a directory. Pass this information down to > > > inode_permission() as mask flags > > > > > > Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxx> > > > Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxxxxxxxxxx> > > > --- > > > fs/namei.c | 21 ++++++++++++--------- > > > include/linux/fs.h | 2 ++ > > > 2 files changed, 14 insertions(+), 9 deletions(-) > > > > > > diff --git a/fs/namei.c b/fs/namei.c > > > index b0b8a71..ed786b2 100644 > > > --- a/fs/namei.c > > > +++ b/fs/namei.c > > > @@ -253,7 +253,8 @@ int generic_permission(struct inode *inode, int mask, > > > * for filesystem access without changing the "normal" uids which > > > * are used for other things. > > > * > > > - * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask. > > > + * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR, > > > + * MAY_WRITE must also be set in @mask. > > > */ > > > int inode_permission(struct inode *inode, int mask) > > > { > > > @@ -1337,13 +1338,15 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) > > > * 3. We should have write and exec permissions on dir > > > * 4. We can't do it if dir is immutable (done in permission()) > > > */ > > > -static inline int may_create(struct inode *dir, struct dentry *child) > > > +static inline int may_create(struct inode *dir, struct dentry *child, int isdir) > > ^^^^^ > > nit: maybe saner as a bool? > > > { > > > + int mask = isdir ? MAY_CREATE_DIR : MAY_CREATE_FILE; > > > + > > > if (child->d_inode) > > > return -EEXIST; > > > if (IS_DEADDIR(dir)) > > > return -ENOENT; > > > - return inode_permission(dir, MAY_WRITE | MAY_EXEC); > > > + return inode_permission(dir, MAY_WRITE | MAY_EXEC | mask); > > > } > > > > > > /* > > > @@ -1391,7 +1394,7 @@ void unlock_rename(struct dentry *p1, struct dentry *p2) > > > int vfs_create(struct inode *dir, struct dentry *dentry, int mode, > > > struct nameidata *nd) > > > { > > > - int error = may_create(dir, dentry); > > > + int error = may_create(dir, dentry, 0); > > > > > > if (error) > > > return error; > > > @@ -1953,7 +1956,7 @@ EXPORT_SYMBOL_GPL(lookup_create); > > > > > > int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) > > > { > > > - int error = may_create(dir, dentry); > > > + int error = may_create(dir, dentry, 0); > > > > > > if (error) > > > return error; > > > @@ -2057,7 +2060,7 @@ SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev) > > > > > > int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) > > > { > > > - int error = may_create(dir, dentry); > > > + int error = may_create(dir, dentry, 1); > > > > > > if (error) > > > return error; > > > @@ -2342,7 +2345,7 @@ SYSCALL_DEFINE1(unlink, const char __user *, pathname) > > > > > > int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname) > > > { > > > - int error = may_create(dir, dentry); > > > + int error = may_create(dir, dentry, 0); > > > > > > if (error) > > > return error; > > > @@ -2415,7 +2418,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de > > > if (!inode) > > > return -ENOENT; > > > > > > - error = may_create(dir, new_dentry); > > > + error = may_create(dir, new_dentry, S_ISDIR(inode->i_mode)); > > > > ^^^^ this is a little > > scary, but even if it's > > a directory, it'll get > > kicked out in a later > > check. Would it be > > clearer to move up the > > S_ISDIR() check in this > > function and then pass > > this in as false? > > Can you elaborate on this ? > > -aneesh > Hardlinked directories are a no-no, of course. So when I first saw this patch, it gave me pause. There's a later check in vfs_link though that explicitly rejects hardlinking directories, so the above is harmless. It may be more efficient to go ahead and return error if the target is a directory however and bypass the permission check. OTOH, maybe there's good reason to do it this way or I'm just being excessively nitpicky. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html