[PATCH] r/o bind mounts: prepare for write access checks: collapse if()
We're shortly going to be adding a bunch more permission checks in these functions. That requires adding either a bunch of new if() conditions, or some gotos. This patch collapses existing if()s and uses gotos instead to prepare for the upcoming changes. Signed-off-by: Dave Hansen <haveblue@us.ibm.com> Acked-by: Christoph Hellwig <hch@lst.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
db5fed26b2
commit
6902d925d5
2 changed files with 87 additions and 70 deletions
93
fs/namei.c
93
fs/namei.c
|
@ -1934,30 +1934,32 @@ asmlinkage long sys_mkdirat(int dfd, const char __user *pathname, int mode)
|
||||||
{
|
{
|
||||||
int error = 0;
|
int error = 0;
|
||||||
char * tmp;
|
char * tmp;
|
||||||
|
struct dentry *dentry;
|
||||||
|
struct nameidata nd;
|
||||||
|
|
||||||
tmp = getname(pathname);
|
tmp = getname(pathname);
|
||||||
error = PTR_ERR(tmp);
|
error = PTR_ERR(tmp);
|
||||||
if (!IS_ERR(tmp)) {
|
if (IS_ERR(tmp))
|
||||||
struct dentry *dentry;
|
goto out_err;
|
||||||
struct nameidata nd;
|
|
||||||
|
|
||||||
error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd);
|
error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd);
|
||||||
if (error)
|
if (error)
|
||||||
goto out;
|
goto out;
|
||||||
dentry = lookup_create(&nd, 1);
|
dentry = lookup_create(&nd, 1);
|
||||||
error = PTR_ERR(dentry);
|
error = PTR_ERR(dentry);
|
||||||
if (!IS_ERR(dentry)) {
|
if (IS_ERR(dentry))
|
||||||
if (!IS_POSIXACL(nd.dentry->d_inode))
|
goto out_unlock;
|
||||||
mode &= ~current->fs->umask;
|
|
||||||
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
|
if (!IS_POSIXACL(nd.dentry->d_inode))
|
||||||
dput(dentry);
|
mode &= ~current->fs->umask;
|
||||||
}
|
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
|
||||||
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
dput(dentry);
|
||||||
path_release(&nd);
|
out_unlock:
|
||||||
|
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
||||||
|
path_release(&nd);
|
||||||
out:
|
out:
|
||||||
putname(tmp);
|
putname(tmp);
|
||||||
}
|
out_err:
|
||||||
|
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2056,10 +2058,11 @@ static long do_rmdir(int dfd, const char __user *pathname)
|
||||||
mutex_lock_nested(&nd.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
|
mutex_lock_nested(&nd.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
|
||||||
dentry = lookup_hash(&nd);
|
dentry = lookup_hash(&nd);
|
||||||
error = PTR_ERR(dentry);
|
error = PTR_ERR(dentry);
|
||||||
if (!IS_ERR(dentry)) {
|
if (IS_ERR(dentry))
|
||||||
error = vfs_rmdir(nd.dentry->d_inode, dentry);
|
goto exit2;
|
||||||
dput(dentry);
|
error = vfs_rmdir(nd.dentry->d_inode, dentry);
|
||||||
}
|
dput(dentry);
|
||||||
|
exit2:
|
||||||
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
||||||
exit1:
|
exit1:
|
||||||
path_release(&nd);
|
path_release(&nd);
|
||||||
|
@ -2199,30 +2202,33 @@ asmlinkage long sys_symlinkat(const char __user *oldname,
|
||||||
int error = 0;
|
int error = 0;
|
||||||
char * from;
|
char * from;
|
||||||
char * to;
|
char * to;
|
||||||
|
struct dentry *dentry;
|
||||||
|
struct nameidata nd;
|
||||||
|
|
||||||
from = getname(oldname);
|
from = getname(oldname);
|
||||||
if(IS_ERR(from))
|
if(IS_ERR(from))
|
||||||
return PTR_ERR(from);
|
return PTR_ERR(from);
|
||||||
to = getname(newname);
|
to = getname(newname);
|
||||||
error = PTR_ERR(to);
|
error = PTR_ERR(to);
|
||||||
if (!IS_ERR(to)) {
|
if (IS_ERR(to))
|
||||||
struct dentry *dentry;
|
goto out_putname;
|
||||||
struct nameidata nd;
|
|
||||||
|
|
||||||
error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd);
|
error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd);
|
||||||
if (error)
|
if (error)
|
||||||
goto out;
|
goto out;
|
||||||
dentry = lookup_create(&nd, 0);
|
dentry = lookup_create(&nd, 0);
|
||||||
error = PTR_ERR(dentry);
|
error = PTR_ERR(dentry);
|
||||||
if (!IS_ERR(dentry)) {
|
if (IS_ERR(dentry))
|
||||||
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
|
goto out_unlock;
|
||||||
dput(dentry);
|
|
||||||
}
|
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
|
||||||
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
dput(dentry);
|
||||||
path_release(&nd);
|
out_unlock:
|
||||||
|
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
||||||
|
path_release(&nd);
|
||||||
out:
|
out:
|
||||||
putname(to);
|
putname(to);
|
||||||
}
|
out_putname:
|
||||||
putname(from);
|
putname(from);
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
@ -2308,10 +2314,11 @@ asmlinkage long sys_linkat(int olddfd, const char __user *oldname,
|
||||||
goto out_release;
|
goto out_release;
|
||||||
new_dentry = lookup_create(&nd, 0);
|
new_dentry = lookup_create(&nd, 0);
|
||||||
error = PTR_ERR(new_dentry);
|
error = PTR_ERR(new_dentry);
|
||||||
if (!IS_ERR(new_dentry)) {
|
if (IS_ERR(new_dentry))
|
||||||
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
|
goto out_unlock;
|
||||||
dput(new_dentry);
|
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
|
||||||
}
|
dput(new_dentry);
|
||||||
|
out_unlock:
|
||||||
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
mutex_unlock(&nd.dentry->d_inode->i_mutex);
|
||||||
out_release:
|
out_release:
|
||||||
path_release(&nd);
|
path_release(&nd);
|
||||||
|
|
64
fs/open.c
64
fs/open.c
|
@ -386,15 +386,21 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
|
||||||
current->cap_effective = current->cap_permitted;
|
current->cap_effective = current->cap_permitted;
|
||||||
|
|
||||||
res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
|
res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
|
||||||
if (!res) {
|
if (res)
|
||||||
res = vfs_permission(&nd, mode);
|
goto out;
|
||||||
/* SuS v2 requires we report a read only fs too */
|
|
||||||
if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
|
|
||||||
&& !special_file(nd.dentry->d_inode->i_mode))
|
|
||||||
res = -EROFS;
|
|
||||||
path_release(&nd);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
res = vfs_permission(&nd, mode);
|
||||||
|
/* SuS v2 requires we report a read only fs too */
|
||||||
|
if(res || !(mode & S_IWOTH) ||
|
||||||
|
special_file(nd.dentry->d_inode->i_mode))
|
||||||
|
goto out_path_release;
|
||||||
|
|
||||||
|
if(IS_RDONLY(nd.dentry->d_inode))
|
||||||
|
res = -EROFS;
|
||||||
|
|
||||||
|
out_path_release:
|
||||||
|
path_release(&nd);
|
||||||
|
out:
|
||||||
current->fsuid = old_fsuid;
|
current->fsuid = old_fsuid;
|
||||||
current->fsgid = old_fsgid;
|
current->fsgid = old_fsgid;
|
||||||
current->cap_effective = old_cap;
|
current->cap_effective = old_cap;
|
||||||
|
@ -603,10 +609,11 @@ asmlinkage long sys_chown(const char __user * filename, uid_t user, gid_t group)
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
error = user_path_walk(filename, &nd);
|
error = user_path_walk(filename, &nd);
|
||||||
if (!error) {
|
if (error)
|
||||||
error = chown_common(nd.dentry, user, group);
|
goto out;
|
||||||
path_release(&nd);
|
error = chown_common(nd.dentry, user, group);
|
||||||
}
|
path_release(&nd);
|
||||||
|
out:
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -622,10 +629,10 @@ asmlinkage long sys_fchownat(int dfd, const char __user *filename, uid_t user,
|
||||||
|
|
||||||
follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
|
follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
|
||||||
error = __user_walk_fd(dfd, filename, follow, &nd);
|
error = __user_walk_fd(dfd, filename, follow, &nd);
|
||||||
if (!error) {
|
if (error)
|
||||||
error = chown_common(nd.dentry, user, group);
|
goto out;
|
||||||
path_release(&nd);
|
error = chown_common(nd.dentry, user, group);
|
||||||
}
|
path_release(&nd);
|
||||||
out:
|
out:
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
@ -636,10 +643,11 @@ asmlinkage long sys_lchown(const char __user * filename, uid_t user, gid_t group
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
error = user_path_walk_link(filename, &nd);
|
error = user_path_walk_link(filename, &nd);
|
||||||
if (!error) {
|
if (error)
|
||||||
error = chown_common(nd.dentry, user, group);
|
goto out;
|
||||||
path_release(&nd);
|
error = chown_common(nd.dentry, user, group);
|
||||||
}
|
path_release(&nd);
|
||||||
|
out:
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -648,15 +656,17 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group)
|
||||||
{
|
{
|
||||||
struct file * file;
|
struct file * file;
|
||||||
int error = -EBADF;
|
int error = -EBADF;
|
||||||
|
struct dentry * dentry;
|
||||||
|
|
||||||
file = fget(fd);
|
file = fget(fd);
|
||||||
if (file) {
|
if (!file)
|
||||||
struct dentry * dentry;
|
goto out;
|
||||||
dentry = file->f_dentry;
|
|
||||||
audit_inode(NULL, dentry->d_inode);
|
dentry = file->f_dentry;
|
||||||
error = chown_common(dentry, user, group);
|
audit_inode(NULL, dentry->d_inode);
|
||||||
fput(file);
|
error = chown_common(dentry, user, group);
|
||||||
}
|
fput(file);
|
||||||
|
out:
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue