[GFS2] don't call permission()
GFS2 calls permission() to verify permissions after locks on the files have been taken. For this it's sufficient to call gfs2_permission() instead. This results in the following changes: - IS_RDONLY() check is not performed - IS_IMMUTABLE() check is not performed - devcgroup_inode_permission() is not called - security_inode_permission() is not called IS_RDONLY() should be unnecessary anyway, as the per-mount read-only flag should provide protection against read-only remounts during operations. do_gfs2_set_flags() has been fixed to perform mnt_want_write()/mnt_drop_write() to protect against remounting read-only. IS_IMMUTABLE has been added to gfs2_permission() Repeating the security checks seems to be pointless, as they don't normally change, and if they do, it's independent of the filesystem state. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
This commit is contained in:
Miklos Szeredi
committed by
Steven Whitehouse
Steven Whitehouse
parent
f17172e001
commit
f58ba88910
@@ -15,6 +15,7 @@
|
||||
#include <linux/uio.h>
|
||||
#include <linux/blkdev.h>
|
||||
#include <linux/mm.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/fs.h>
|
||||
#include <linux/gfs2_ondisk.h>
|
||||
#include <linux/ext2_fs.h>
|
||||
@@ -220,10 +221,14 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask)
|
||||
int error;
|
||||
u32 new_flags, flags;
|
||||
|
||||
error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);
|
||||
error = mnt_want_write(filp->f_path.mnt);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);
|
||||
if (error)
|
||||
goto out_drop_write;
|
||||
|
||||
flags = ip->i_di.di_flags;
|
||||
new_flags = (flags & ~mask) | (reqflags & mask);
|
||||
if ((new_flags ^ flags) == 0)
|
||||
@@ -242,7 +247,7 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask)
|
||||
!capable(CAP_LINUX_IMMUTABLE))
|
||||
goto out;
|
||||
if (!IS_IMMUTABLE(inode)) {
|
||||
error = permission(inode, MAY_WRITE, NULL);
|
||||
error = gfs2_permission(inode, MAY_WRITE);
|
||||
if (error)
|
||||
goto out;
|
||||
}
|
||||
@@ -272,6 +277,8 @@ out_trans_end:
|
||||
gfs2_trans_end(sdp);
|
||||
out:
|
||||
gfs2_glock_dq_uninit(&gh);
|
||||
out_drop_write:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user