| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Dec 2013 22:11:06 +0100
From: Jan Kara <jack@...e.cz>
To: Christoph Hellwig <hch@...radead.org>
Cc: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-btrfs@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net,
linux-mtd@...ts.infradead.org, Mark Fasheh <mfasheh@...e.com>,
Joel Becker <jlbec@...lplan.org>,
reiserfs-devel@...r.kernel.org, xfs@....sgi.com,
jfs-discussion@...ts.sourceforge.net, cluster-devel@...hat.com,
linux-nfs@...r.kernel.org
Subject: Re: [PATCH 06/18] fs: make posix_acl_create more useful
On Sun 01-12-13 03:59:09, Christoph Hellwig wrote:
> Rename the current posix_acl_created to __posix_acl_create and add
> a fully featured helper to set up the ACLs on file creation that
> uses get_acl().
Looks good, you can add:
Reviewed-by: Jan Kara <jack@...e.cz>
Honza
>
> Signed-off-by: Christoph Hellwig <hch@....de>
> ---
> fs/9p/acl.c | 2 +-
> fs/btrfs/acl.c | 2 +-
> fs/ext2/acl.c | 2 +-
> fs/ext3/acl.c | 2 +-
> fs/ext4/acl.c | 2 +-
> fs/f2fs/acl.c | 2 +-
> fs/generic_acl.c | 2 +-
> fs/gfs2/acl.c | 2 +-
> fs/hfsplus/posix_acl.c | 2 +-
> fs/jffs2/acl.c | 2 +-
> fs/jfs/acl.c | 2 +-
> fs/nfs/nfs3acl.c | 2 +-
> fs/ocfs2/acl.c | 2 +-
> fs/posix_acl.c | 53 +++++++++++++++++++++++++++++++++++++++++++--
> fs/reiserfs/xattr_acl.c | 2 +-
> fs/xfs/xfs_acl.c | 4 ++--
> include/linux/posix_acl.h | 6 ++++-
> 17 files changed, 72 insertions(+), 19 deletions(-)
>
> diff --git a/fs/9p/acl.c b/fs/9p/acl.c
> index f5ce5c5..8482f2d 100644
> --- a/fs/9p/acl.c
> +++ b/fs/9p/acl.c
> @@ -200,7 +200,7 @@ int v9fs_acl_mode(struct inode *dir, umode_t *modep,
> if (acl) {
> if (S_ISDIR(mode))
> *dpacl = posix_acl_dup(acl);
> - retval = posix_acl_create(&acl, GFP_NOFS, &mode);
> + retval = __posix_acl_create(&acl, GFP_NOFS, &mode);
> if (retval < 0)
> return retval;
> if (retval > 0)
> diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c
> index 1af04ff..b56519d 100644
> --- a/fs/btrfs/acl.c
> +++ b/fs/btrfs/acl.c
> @@ -222,7 +222,7 @@ int btrfs_init_acl(struct btrfs_trans_handle *trans,
> if (ret)
> goto failed;
> }
> - ret = posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> + ret = __posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> if (ret < 0)
> return ret;
>
> diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
> index 7006ced..6e842a7 100644
> --- a/fs/ext2/acl.c
> +++ b/fs/ext2/acl.c
> @@ -268,7 +268,7 @@ ext2_init_acl(struct inode *inode, struct inode *dir)
> if (error)
> goto cleanup;
> }
> - error = posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> + error = __posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> if (error < 0)
> return error;
> if (error > 0) {
> diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c
> index 6691a6c..4f3d8fa 100644
> --- a/fs/ext3/acl.c
> +++ b/fs/ext3/acl.c
> @@ -271,7 +271,7 @@ ext3_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
> if (error)
> goto cleanup;
> }
> - error = posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> + error = __posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> if (error < 0)
> return error;
>
> diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
> index 2eebe02..f827f3b 100644
> --- a/fs/ext4/acl.c
> +++ b/fs/ext4/acl.c
> @@ -276,7 +276,7 @@ ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
> if (error)
> goto cleanup;
> }
> - error = posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> + error = __posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> if (error < 0)
> return error;
>
> diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
> index 14c4df0..45e8430 100644
> --- a/fs/f2fs/acl.c
> +++ b/fs/f2fs/acl.c
> @@ -285,7 +285,7 @@ int f2fs_init_acl(struct inode *inode, struct inode *dir, struct page *ipage)
> if (error)
> goto cleanup;
> }
> - error = posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> + error = __posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> if (error < 0)
> return error;
> if (error > 0)
> diff --git a/fs/generic_acl.c b/fs/generic_acl.c
> index 46a5076..4357f39 100644
> --- a/fs/generic_acl.c
> +++ b/fs/generic_acl.c
> @@ -128,7 +128,7 @@ generic_acl_init(struct inode *inode, struct inode *dir)
> if (acl) {
> if (S_ISDIR(inode->i_mode))
> set_cached_acl(inode, ACL_TYPE_DEFAULT, acl);
> - error = posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> + error = __posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> if (error < 0)
> return error;
> if (error > 0)
> diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c
> index 3e200c7..e82e4ac 100644
> --- a/fs/gfs2/acl.c
> +++ b/fs/gfs2/acl.c
> @@ -131,7 +131,7 @@ int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode)
> goto out;
> }
>
> - error = posix_acl_create(&acl, GFP_NOFS, &mode);
> + error = __posix_acl_create(&acl, GFP_NOFS, &mode);
> if (error < 0)
> return error;
>
> diff --git a/fs/hfsplus/posix_acl.c b/fs/hfsplus/posix_acl.c
> index cab5fd6..277942f 100644
> --- a/fs/hfsplus/posix_acl.c
> +++ b/fs/hfsplus/posix_acl.c
> @@ -137,7 +137,7 @@ int hfsplus_init_posix_acl(struct inode *inode, struct inode *dir)
> goto init_acl_cleanup;
> }
>
> - err = posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> + err = __posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> if (unlikely(err < 0))
> return err;
>
> diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
> index 5853969..4d6e31b 100644
> --- a/fs/jffs2/acl.c
> +++ b/fs/jffs2/acl.c
> @@ -295,7 +295,7 @@ int jffs2_init_acl_pre(struct inode *dir_i, struct inode *inode, umode_t *i_mode
> if (S_ISDIR(*i_mode))
> set_cached_acl(inode, ACL_TYPE_DEFAULT, acl);
>
> - rc = posix_acl_create(&acl, GFP_KERNEL, i_mode);
> + rc = __posix_acl_create(&acl, GFP_KERNEL, i_mode);
> if (rc < 0)
> return rc;
> if (rc > 0)
> diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c
> index 9c0fca8..28d529a 100644
> --- a/fs/jfs/acl.c
> +++ b/fs/jfs/acl.c
> @@ -132,7 +132,7 @@ int jfs_init_acl(tid_t tid, struct inode *inode, struct inode *dir)
> if (rc)
> goto cleanup;
> }
> - rc = posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> + rc = __posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode);
> if (rc < 0)
> goto cleanup; /* posix_acl_release(NULL) is no-op */
> if (rc > 0)
> diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
> index 4a1aafb..e859675 100644
> --- a/fs/nfs/nfs3acl.c
> +++ b/fs/nfs/nfs3acl.c
> @@ -428,7 +428,7 @@ int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,
> if (!dfacl)
> return 0;
> acl = posix_acl_dup(dfacl);
> - error = posix_acl_create(&acl, GFP_KERNEL, &mode);
> + error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
> if (error < 0)
> goto out_release_dfacl;
> error = nfs3_proc_setacls(inode, acl, S_ISDIR(inode->i_mode) ?
> diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c
> index 73ccf0e..c0f9d2f 100644
> --- a/fs/ocfs2/acl.c
> +++ b/fs/ocfs2/acl.c
> @@ -401,7 +401,7 @@ int ocfs2_init_acl(handle_t *handle,
> goto cleanup;
> }
> mode = inode->i_mode;
> - ret = posix_acl_create(&acl, GFP_NOFS, &mode);
> + ret = __posix_acl_create(&acl, GFP_NOFS, &mode);
> if (ret < 0)
> return ret;
>
> diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> index 9f76aaa..38d6a49 100644
> --- a/fs/posix_acl.c
> +++ b/fs/posix_acl.c
> @@ -384,7 +384,7 @@ static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode)
> }
>
> int
> -posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
> +__posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
> {
> struct posix_acl *clone = posix_acl_clone(*acl, gfp);
> int err = -ENOMEM;
> @@ -399,7 +399,7 @@ posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
> *acl = clone;
> return err;
> }
> -EXPORT_SYMBOL(posix_acl_create);
> +EXPORT_SYMBOL(__posix_acl_create);
>
> int
> __posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode)
> @@ -443,6 +443,55 @@ posix_acl_chmod(struct inode *inode)
> }
> EXPORT_SYMBOL(posix_acl_chmod);
>
> +int
> +posix_acl_create(struct inode *dir, umode_t *mode,
> + struct posix_acl **default_acl, struct posix_acl **acl)
> +{
> + struct posix_acl *p;
> + int ret;
> +
> + if (S_ISLNK(*mode) || !IS_POSIXACL(dir))
> + goto no_acl;
> +
> + p = get_acl(dir, ACL_TYPE_DEFAULT);
> + if (IS_ERR(p))
> + return PTR_ERR(p);
> +
> + if (!p) {
> + *mode &= ~current_umask();
> + goto no_acl;
> + }
> +
> + *acl = posix_acl_clone(p, GFP_NOFS);
> + if (!*acl)
> + return -ENOMEM;
> +
> + ret = posix_acl_create_masq(*acl, mode);
> + if (ret < 0) {
> + posix_acl_release(*acl);
> + return -ENOMEM;
> + }
> +
> + if (ret == 0) {
> + posix_acl_release(*acl);
> + *acl = NULL;
> + }
> +
> + if (!S_ISDIR(*mode)) {
> + posix_acl_release(p);
> + *default_acl = NULL;
> + } else {
> + *default_acl = p;
> + }
> + return 0;
> +
> +no_acl:
> + *default_acl = NULL;
> + *acl = NULL;
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(posix_acl_create);
> +
> struct posix_acl *get_acl(struct inode *inode, int type)
> {
> struct posix_acl *acl;
> diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
> index ea4e443..d95c959 100644
> --- a/fs/reiserfs/xattr_acl.c
> +++ b/fs/reiserfs/xattr_acl.c
> @@ -378,7 +378,7 @@ reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th,
>
> /* Now we reconcile the new ACL and the mode,
> potentially modifying both */
> - err = posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> + err = __posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
> if (err < 0)
> return err;
>
> diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
> index 4eac105..057ae2d 100644
> --- a/fs/xfs/xfs_acl.c
> +++ b/fs/xfs/xfs_acl.c
> @@ -297,12 +297,12 @@ xfs_inherit_acl(struct inode *inode, struct posix_acl *acl)
> goto out;
> }
>
> - error = posix_acl_create(&acl, GFP_KERNEL, &mode);
> + error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
> if (error < 0)
> return error;
>
> /*
> - * If posix_acl_create returns a positive value we need to
> + * If __posix_acl_create returns a positive value we need to
> * inherit a permission that can't be represented using the Unix
> * mode bits and we actually need to set an ACL.
> */
> diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
> index 8b64e78..9ec6b45 100644
> --- a/include/linux/posix_acl.h
> +++ b/include/linux/posix_acl.h
> @@ -88,14 +88,18 @@ extern int posix_acl_valid(const struct posix_acl *);
> extern int posix_acl_permission(struct inode *, const struct posix_acl *, int);
> extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);
> extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);
> -extern int posix_acl_create(struct posix_acl **, gfp_t, umode_t *);
> +extern int __posix_acl_create(struct posix_acl **, gfp_t, umode_t *);
> extern int __posix_acl_chmod(struct posix_acl **, gfp_t, umode_t);
> +extern int posix_acl_prepare(struct inode *dir, struct inode *inode,
> + umode_t *mode);
>
> extern struct posix_acl *get_posix_acl(struct inode *, int);
> extern int set_posix_acl(struct inode *, int, struct posix_acl *);
>
> #ifdef CONFIG_FS_POSIX_ACL
> extern int posix_acl_chmod(struct inode *);
> +extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
> + struct posix_acl **);
>
> static inline struct posix_acl **acl_by_type(struct inode *inode, int type)
> {
> --
> 1.7.10.4
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Jan Kara <jack@...e.cz>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists