From patchwork Mon Sep 5 17:25:30 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Aneesh Kumar K.V" X-Patchwork-Id: 1125302 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p85HXCPA003721 for ; Mon, 5 Sep 2011 17:33:12 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752903Ab1IERcR (ORCPT ); Mon, 5 Sep 2011 13:32:17 -0400 Received: from e28smtp02.in.ibm.com ([122.248.162.2]:33140 "EHLO e28smtp02.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752045Ab1IER1V (ORCPT ); Mon, 5 Sep 2011 13:27:21 -0400 Received: from d28relay05.in.ibm.com (d28relay05.in.ibm.com [9.184.220.62]) by e28smtp02.in.ibm.com (8.14.4/8.13.1) with ESMTP id p85HRI7m018751; Mon, 5 Sep 2011 22:57:18 +0530 Received: from d28av03.in.ibm.com (d28av03.in.ibm.com [9.184.220.65]) by d28relay05.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p85HRItE3363036; Mon, 5 Sep 2011 22:57:18 +0530 Received: from d28av03.in.ibm.com (loopback [127.0.0.1]) by d28av03.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p85HRH76021539; Tue, 6 Sep 2011 03:27:17 +1000 Received: from skywalker.ibm.com ([9.126.239.225]) by d28av03.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p85HR6rP021311; Tue, 6 Sep 2011 03:27:16 +1000 From: "Aneesh Kumar K.V" To: agruen@kernel.org, bfields@fieldses.org, akpm@linux-foundation.org, dhowells@redhat.com Cc: aneesh.kumar@linux.vnet.ibm.com, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH -V6 08/26] vfs: Add new file and directory create permission flags Date: Mon, 5 Sep 2011 22:55:30 +0530 Message-Id: <1315243548-18664-9-git-send-email-aneesh.kumar@linux.vnet.ibm.com> X-Mailer: git-send-email 1.7.4.1 In-Reply-To: <1315243548-18664-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com> References: <1315243548-18664-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com> Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Mon, 05 Sep 2011 17:33:12 +0000 (UTC) From: Andreas Gruenbacher Some permission models distinguish between the permission to create a non-directory and a directory. Pass this information down to inode_permission() as mask flags Signed-off-by: Andreas Gruenbacher Signed-off-by: Aneesh Kumar K.V --- fs/namei.c | 26 +++++++++++++++----------- include/linux/fs.h | 2 ++ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index a7a7ac0..d52a4cd 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -336,7 +336,8 @@ static inline int do_inode_permission(struct inode *inode, int mask) * for filesystem access without changing the "normal" uids which * are used for other things. * - * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask. + * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR, + * MAY_WRITE must also be set in @mask. */ int inode_permission(struct inode *inode, int mask) { @@ -1923,13 +1924,15 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) * 3. We should have write and exec permissions on dir * 4. We can't do it if dir is immutable (done in permission()) */ -static inline int may_create(struct inode *dir, struct dentry *child) +static inline int may_create(struct inode *dir, struct dentry *child, int isdir) { + int mask = isdir ? MAY_CREATE_DIR : MAY_CREATE_FILE; + if (child->d_inode) return -EEXIST; if (IS_DEADDIR(dir)) return -ENOENT; - return inode_permission(dir, MAY_WRITE | MAY_EXEC); + return inode_permission(dir, MAY_WRITE | MAY_EXEC | mask); } /* @@ -1977,7 +1980,7 @@ void unlock_rename(struct dentry *p1, struct dentry *p2) int vfs_create(struct inode *dir, struct dentry *dentry, int mode, struct nameidata *nd) { - int error = may_create(dir, dentry); + int error = may_create(dir, dentry, 0); if (error) return error; @@ -2436,7 +2439,7 @@ EXPORT_SYMBOL(user_path_create); int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { - int error = may_create(dir, dentry); + int error = may_create(dir, dentry, 0); if (error) return error; @@ -2533,7 +2536,7 @@ SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev) int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) { - int error = may_create(dir, dentry); + int error = may_create(dir, dentry, 1); if (error) return error; @@ -2813,7 +2816,7 @@ SYSCALL_DEFINE1(unlink, const char __user *, pathname) int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname) { - int error = may_create(dir, dentry); + int error = may_create(dir, dentry, 0); if (error) return error; @@ -2879,7 +2882,10 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de if (!inode) return -ENOENT; - error = may_create(dir, new_dentry); + if (S_ISDIR(inode->i_mode)) + return -EPERM; + + error = may_create(dir, new_dentry, 0); if (error) return error; @@ -2893,8 +2899,6 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de return -EPERM; if (!dir->i_op->link) return -EPERM; - if (S_ISDIR(inode->i_mode)) - return -EPERM; error = security_inode_link(old_dentry, dir, new_dentry); if (error) @@ -3102,7 +3106,7 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, return error; if (!new_dentry->d_inode) - error = may_create(new_dir, new_dentry); + error = may_create(new_dir, new_dentry, is_dir); else error = may_delete(new_dir, new_dentry, is_dir); if (error) diff --git a/include/linux/fs.h b/include/linux/fs.h index 1ddec24..8707f43 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -67,6 +67,8 @@ struct inodes_stat_t { #define MAY_CHDIR 0x00000040 /* called from RCU mode, don't block */ #define MAY_NOT_BLOCK 0x00000080 +#define MAY_CREATE_FILE 0x00000100 +#define MAY_CREATE_DIR 0x00000200 /* * flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond