The patch titled r/o bind mounts: prepare for write access checks: collapse if() has been removed from the -mm tree. Its filename is ro-bind-mounts-prepare-for-write-access-checks-collapse-if.patch This patch was dropped because Viro's comments sounded rather serious ------------------------------------------------------ Subject: r/o bind mounts: prepare for write access checks: collapse if() From: Dave Hansen <haveblue@xxxxxxxxxx> We're shortly going to be adding a bunch more permission checks in these functions. That requires adding either a bunch of new if() conditions, or some gotos. This patch collapses existing if()s and uses gotos instead to prepare for the upcoming changes. Signed-off-by: Dave Hansen <haveblue@xxxxxxxxxx> Cc: Serge Hallyn <serue@xxxxxxxxxx> Cc: Herbert Poetzl <herbert@xxxxxxxxxxxx> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxx> --- fs/namei.c | 93 +++++++++++++++++++++++++++------------------------ fs/open.c | 22 +++++++----- 2 files changed, 64 insertions(+), 51 deletions(-) diff -puN fs/namei.c~ro-bind-mounts-prepare-for-write-access-checks-collapse-if fs/namei.c --- a/fs/namei.c~ro-bind-mounts-prepare-for-write-access-checks-collapse-if +++ a/fs/namei.c @@ -1911,30 +1911,32 @@ asmlinkage long sys_mkdirat(int dfd, con { int error = 0; char * tmp; + struct dentry *dentry; + struct nameidata nd; tmp = getname(pathname); error = PTR_ERR(tmp); - if (!IS_ERR(tmp)) { - struct dentry *dentry; - struct nameidata nd; + if (IS_ERR(tmp)) + goto out_err; - error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd); - if (error) - goto out; - dentry = lookup_create(&nd, 1); - error = PTR_ERR(dentry); - if (!IS_ERR(dentry)) { - if (!IS_POSIXACL(nd.dentry->d_inode)) - mode &= ~current->fs->umask; - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); - dput(dentry); - } - mutex_unlock(&nd.dentry->d_inode->i_mutex); - path_release(&nd); -out: - putname(tmp); - } + error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd); + if (error) + goto out; + dentry = lookup_create(&nd, 1); + error = PTR_ERR(dentry); + if (IS_ERR(dentry)) + goto out_unlock; + if (!IS_POSIXACL(nd.dentry->d_inode)) + mode &= ~current->fs->umask; + error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); + dput(dentry); +out_unlock: + mutex_unlock(&nd.dentry->d_inode->i_mutex); + path_release(&nd); +out: + putname(tmp); +out_err: return error; } @@ -2033,10 +2035,11 @@ static long do_rmdir(int dfd, const char mutex_lock_nested(&nd.dentry->d_inode->i_mutex, I_MUTEX_PARENT); dentry = lookup_hash(&nd); error = PTR_ERR(dentry); - if (!IS_ERR(dentry)) { - error = vfs_rmdir(nd.dentry->d_inode, dentry); - dput(dentry); - } + if (IS_ERR(dentry)) + goto exit2; + error = vfs_rmdir(nd.dentry->d_inode, dentry); + dput(dentry); +exit2: mutex_unlock(&nd.dentry->d_inode->i_mutex); exit1: path_release(&nd); @@ -2176,30 +2179,33 @@ asmlinkage long sys_symlinkat(const char int error = 0; char * from; char * to; + struct dentry *dentry; + struct nameidata nd; from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); to = getname(newname); error = PTR_ERR(to); - if (!IS_ERR(to)) { - struct dentry *dentry; - struct nameidata nd; + if (IS_ERR(to)) + goto out_putname; - error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd); - if (error) - goto out; - dentry = lookup_create(&nd, 0); - error = PTR_ERR(dentry); - if (!IS_ERR(dentry)) { - error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); - dput(dentry); - } - mutex_unlock(&nd.dentry->d_inode->i_mutex); - path_release(&nd); + error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd); + if (error) + goto out; + dentry = lookup_create(&nd, 0); + error = PTR_ERR(dentry); + if (IS_ERR(dentry)) + goto out_unlock; + + error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); + dput(dentry); +out_unlock: + mutex_unlock(&nd.dentry->d_inode->i_mutex); + path_release(&nd); out: - putname(to); - } + putname(to); +out_putname: putname(from); return error; } @@ -2285,10 +2291,11 @@ asmlinkage long sys_linkat(int olddfd, c goto out_release; new_dentry = lookup_create(&nd, 0); error = PTR_ERR(new_dentry); - if (!IS_ERR(new_dentry)) { - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); - dput(new_dentry); - } + if (IS_ERR(new_dentry)) + goto out_unlock; + error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); + dput(new_dentry); +out_unlock: mutex_unlock(&nd.dentry->d_inode->i_mutex); out_release: path_release(&nd); diff -puN fs/open.c~ro-bind-mounts-prepare-for-write-access-checks-collapse-if fs/open.c --- a/fs/open.c~ro-bind-mounts-prepare-for-write-access-checks-collapse-if +++ a/fs/open.c @@ -520,15 +520,21 @@ asmlinkage long sys_faccessat(int dfd, c current->cap_effective = current->cap_permitted; res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd); - if (!res) { - res = vfs_permission(&nd, mode); - /* SuS v2 requires we report a read only fs too */ - if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode) - && !special_file(nd.dentry->d_inode->i_mode)) - res = -EROFS; - path_release(&nd); - } + if (res) + goto out; + + res = vfs_permission(&nd, mode); + /* SuS v2 requires we report a read only fs too */ + if (res || !(mode & S_IWOTH) || + special_file(nd.dentry->d_inode->i_mode)) + goto out_path_release; + if (IS_RDONLY(nd.dentry->d_inode)) + res = -EROFS; + +out_path_release: + path_release(&nd); +out: current->fsuid = old_fsuid; current->fsgid = old_fsgid; current->cap_effective = old_cap; _ Patches currently in -mm which might be from haveblue@xxxxxxxxxx are origin.patch git-acpi.patch ro-bind-mounts-prepare-for-write-access-checks-collapse-if.patch ro-bind-mounts-r-o-bind-mount-prepwork-move-open_nameis-vfs_create.patch ro-bind-mounts-add-vfsmount-writer-count.patch ro-bind-mounts-elevate-mnt-writers-for-callers-of-vfs_mkdir.patch ro-bind-mounts-elevate-write-count-during-entire-ncp_ioctl.patch ro-bind-mounts-elevate-write-count-during-entire-ncp_ioctl-tidy.patch ro-bind-mounts-sys_symlinkat-elevate-write-count-around-vfs_symlink.patch ro-bind-mounts-elevate-mount-count-for-extended-attributes.patch ro-bind-mounts-sys_linkat-elevate-write-count-around-vfs_link.patch ro-bind-mounts-mount_is_safe-add-comment.patch ro-bind-mounts-unix_find_other-elevate-write-count-for-touch_atime.patch ro-bind-mounts-elevate-write-count-over-calls-to-vfs_rename.patch ro-bind-mounts-tricky-elevate-write-count-files-are-opened.patch ro-bind-mounts-elevate-writer-count-for-do_sys_truncate.patch ro-bind-mounts-elevate-write-count-for-do_utimes.patch ro-bind-mounts-elevate-write-count-for-do_sys_utime-and-touch_atime.patch ro-bind-mounts-sys_mknodat-elevate-write-count-for-vfs_mknod-create.patch ro-bind-mounts-elevate-mnt-writers-for-vfs_unlink-callers.patch ro-bind-mounts-do_rmdir-elevate-write-count.patch ro-bind-mounts-elevate-writer-count-for-custom-struct-file.patch ro-bind-mounts-honor-r-w-changes-at-do_remount-time.patch page-owner-tracking-leak-detector.patch x86-e820-debugging.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html