From: Valerie Aurora <vaurora@xxxxxxxxxx> Split inode_permission() into inode and file-system-dependent parts. Create path_permission() to check permission based on the path to the inode. This is for union mounts, in which an inode can be located on a read-only lower layer file system but is still writable, since we will copy it up to the writable top layer file system. So in that case, we want to ignore MS_RDONLY on the lower layer. To make this decision, we must know the path (vfsmount, dentry) of both the target and its parent. XXX - so ugly! --- fs/namei.c | 91 ++++++++++++++++++++++++++++++++++++++++++++-------- include/linux/fs.h | 1 + 2 files changed, 78 insertions(+), 14 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 199d385..ce681ca 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -258,29 +258,20 @@ int generic_permission(struct inode *inode, int mask, unsigned int flags, } /** - * inode_permission - check for access rights to a given inode + * __inode_permission - check for access rights to a given inode * @inode: inode to check permission on * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) * * Used to check for read/write/execute permissions on an inode. - * We use "fsuid" for this, letting us set arbitrary permissions - * for filesystem access without changing the "normal" uids which - * are used for other things. + * + * This does not check for a read-only file system. You probably want + * inode_permission(). */ -int inode_permission(struct inode *inode, int mask) +static int __inode_permission(struct inode *inode, int mask) { int retval; if (mask & MAY_WRITE) { - umode_t mode = inode->i_mode; - - /* - * Nobody gets write access to a read-only fs. - */ - if (IS_RDONLY(inode) && - (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) - return -EROFS; - /* * Nobody gets write access to an immutable file. */ @@ -305,6 +296,78 @@ int inode_permission(struct inode *inode, int mask) } /** + * sb_permission - check superblock-level permissions + * @sb: superblock of inode to check permission on + * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) + * + * Separate out file-system wide checks from inode-specific permission + * checks. In particular, union mounts want to check the read-only + * status of the top-level file system, not the lower. + */ +int sb_permission(struct super_block *sb, struct inode *inode, int mask) +{ + if (mask & MAY_WRITE) { + umode_t mode = inode->i_mode; + + /* + * Nobody gets write access to a read-only fs. + */ + if ((sb->s_flags & MS_RDONLY) && + (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) + return -EROFS; + } + return 0; +} + +/** + * inode_permission - check for access rights to a given inode + * @inode: inode to check permission on + * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) + * + * Used to check for read/write/execute permissions on an inode. + * We use "fsuid" for this, letting us set arbitrary permissions + * for filesystem access without changing the "normal" uids which + * are used for other things. + */ +int inode_permission(struct inode *inode, int mask) +{ + int retval; + + retval = sb_permission(inode->i_sb, inode, mask); + if (retval) + return retval; + return __inode_permission(inode, mask); +} + +/** + * path_permission - check for inode access rights depending on path + * @path: path of inode to check + * @parent_path: path of inode's parent + * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) + * + * Like inode_permission, but used to check for permission when the + * file may potentially be copied up between union layers. + */ +int path_permission(struct path *path, struct path *parent_path, int mask) +{ + struct vfsmount *mnt; + int retval; + + /* Catch some reversal of args */ + BUG_ON(!S_ISDIR(parent_path->dentry->d_inode->i_mode)); + + if (IS_MNT_UNION(parent_path->mnt)) + mnt = parent_path->mnt; + else + mnt = path->mnt; + + retval = sb_permission(mnt->mnt_sb, path->dentry->d_inode, mask); + if (retval) + return retval; + return __inode_permission(path->dentry->d_inode, mask); +} + +/** * file_permission - check for additional access rights to a given file * @file: file to check access rights for * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) diff --git a/include/linux/fs.h b/include/linux/fs.h index 4065898..3665799 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2217,6 +2217,7 @@ extern int notify_change(struct dentry *, struct iattr *); extern int inode_permission(struct inode *, int); extern int generic_permission(struct inode *, int, unsigned int, int (*check_acl)(struct inode *, int, unsigned int)); +extern int path_permission(struct path *, struct path *, int); static inline bool execute_ok(struct inode *inode) { -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html