From patchwork Wed Nov 21 14:25:28 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovsky X-Patchwork-Id: 1781081 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 3A8473FCA5 for ; Wed, 21 Nov 2012 14:25:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754774Ab2KUOZm (ORCPT ); Wed, 21 Nov 2012 09:25:42 -0500 Received: from mail-la0-f46.google.com ([209.85.215.46]:59969 "EHLO mail-la0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753081Ab2KUOZm (ORCPT ); Wed, 21 Nov 2012 09:25:42 -0500 Received: by mail-la0-f46.google.com with SMTP id p5so2868383lag.19 for ; Wed, 21 Nov 2012 06:25:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:message-id:x-mailer:in-reply-to :references; bh=6xV24WVf02KYKxPQFClbOFDbHAT66v1Vev0LIUWjuVU=; b=osZIZ9WdiiiJWgJJzyuXZSQnJFsUOwKTjGqVbxG5W4KLuWgvDq2m35LS1YdTMULRJx GxqbbSDmg9ERG9i9z+DIlJLzL6dzqjf8SD7FzWVqxODZ9f/l9bGw8l82tG1kHroCjlDC VqjspwBz9xXRmqCKGflAJV8WG6m2l8J3m7Dizahc9IxZij2sJr2Yrh9XKYhA3WzqSXdj 3pqa5W9cYIjl9Wd76nbAguB6+KLGg/z/Ztx7rYJHx37LkQ6vbuE6fPDZfaftsSogM56v CVqn7NXEau0+b3CXNoyVrktBmKr3iwZ3/vmzrq1ny+Z5Dz7zpdS7uG1C7rZFs/J56PfI 3Jmg== Received: by 10.112.82.8 with SMTP id e8mr7802968lby.19.1353507940344; Wed, 21 Nov 2012 06:25:40 -0800 (PST) Received: from localhost.localdomain ([95.84.13.152]) by mx.google.com with ESMTPS id pz9sm114246lab.11.2012.11.21.06.25.38 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 21 Nov 2012 06:25:39 -0800 (PST) From: Pavel Shilovsky To: linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Date: Wed, 21 Nov 2012 18:25:28 +0400 Message-Id: <1353507930-10908-2-git-send-email-piastry@etersoft.ru> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1353507930-10908-1-git-send-email-piastry@etersoft.ru> References: <1353507930-10908-1-git-send-email-piastry@etersoft.ru> Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org This patch adds 3 flags: 1) O_DENYREAD that doesn't permit read access 2) O_DENYWRITE that doesn't permit write access 3) O_DENYDELETE that doesn't permit delete or rename Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due security problems (e.g. when a user process can deny root to delete a file). Signed-off-by: Pavel Shilovsky --- fs/fcntl.c | 5 +++-- include/uapi/asm-generic/fcntl.h | 11 +++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/fcntl.c b/fs/fcntl.c index 71a600a..7abce5a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -730,14 +730,15 @@ static int __init fcntl_init(void) * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY * is defined as O_NONBLOCK on some platforms and not on others. */ - BUILD_BUG_ON(19 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( + BUILD_BUG_ON(22 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | O_APPEND | /* O_NONBLOCK | */ __O_SYNC | O_DSYNC | FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | O_NOATIME | O_CLOEXEC | - __FMODE_EXEC | O_PATH + __FMODE_EXEC | O_PATH | O_DENYREAD | + O_DENYWRITE | O_DENYDELETE )); fasync_cache = kmem_cache_create("fasync_cache", diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index a48937d..5ac0d49 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -84,6 +84,17 @@ #define O_PATH 010000000 #endif +#ifndef O_DENYREAD +#define O_DENYREAD 020000000 /* Do not permit read access */ +#endif +#ifndef O_DENYWRITE +#define O_DENYWRITE 040000000 /* Do not permit write access */ +#endif +/* FMODE_NONOTIFY 0100000000 */ +#ifndef O_DENYDELETE +#define O_DENYDELETE 0200000000 /* Do not permit delete or rename */ +#endif + #ifndef O_NDELAY #define O_NDELAY O_NONBLOCK #endif