| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Feb 2014 17:43:05 +0800
From: Peng Tao <bergwolf@...il.com>
To: "Dilger, Andreas" <andreas.dilger@...el.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 6/6] staging/lustre/libcfs: remove cfs_capable
On Sat, Jan 25, 2014 at 2:50 AM, Dilger, Andreas
<andreas.dilger@...el.com> wrote:
> On 2014/01/22, 6:47 AM, "Peng Tao" <bergwolf@...il.com> wrote:
>>diff --git a/drivers/staging/lustre/lustre/libcfs/linux/linux-curproc.c
>>b/drivers/staging/lustre/lustre/libcfs/linux/linux-curproc.c
>>index 8b3af7f..6d0bd22 100644
>>--- a/drivers/staging/lustre/lustre/libcfs/linux/linux-curproc.c
>>+++ b/drivers/staging/lustre/lustre/libcfs/linux/linux-curproc.c
>>@@ -96,11 +96,6 @@ cfs_cap_t cfs_curproc_cap_pack(void)
>> return cap;
>> }
>>
>>-int cfs_capable(cfs_cap_t cap)
>>-{
>>- return capable(cap);
>>-}
>
> If you're replacing cfs_capable() with capable() you should also replace
> the use of CFS_CAP_* at the callers with CAP_* for consistency. The
> CFS_CAP_* constants could also be removed at that point.
>
Andreas,
Sorry I missed this one while I was on vacation. Actually I tried to
remove CFS_CAP_* flags in Lustre master and the commit got reverted
later because Shadow pointed out that Lustre cannot wrap all Linux cap
bits into its wire protocol. Only a few bits are defined to use in
order to make the wire protocol extensible.
(https://jira.hpdd.intel.com/browse/LU-1346?focusedCommentId=67801&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-67801).
Thanks,
Tao
> Cheers, Andreas
>
>> static int cfs_access_process_vm(struct task_struct *tsk, unsigned long
>>addr,
>> void *buf, int len, int write)
>> {
>>@@ -257,7 +252,6 @@ EXPORT_SYMBOL(cfs_cap_raise);
>> EXPORT_SYMBOL(cfs_cap_lower);
>> EXPORT_SYMBOL(cfs_cap_raised);
>> EXPORT_SYMBOL(cfs_curproc_cap_pack);
>>-EXPORT_SYMBOL(cfs_capable);
>>
>> /*
>> * Local variables:
>>diff --git a/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
>>b/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
>>index 55296a3..e6eae06 100644
>>--- a/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
>>+++ b/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
>>@@ -150,12 +150,12 @@ static long libcfs_ioctl(struct file *file,
>> /* Handle platform-dependent IOC requests */
>> switch (cmd) {
>> case IOC_LIBCFS_PANIC:
>>- if (!cfs_capable(CFS_CAP_SYS_BOOT))
>>+ if (!capable(CFS_CAP_SYS_BOOT))
>> return (-EPERM);
>> panic("debugctl-invoked panic");
>> return (0);
>> case IOC_LIBCFS_MEMHOG:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> return -EPERM;
>> /* go thought */
>> }
>>diff --git a/drivers/staging/lustre/lustre/llite/dir.c
>>b/drivers/staging/lustre/lustre/llite/dir.c
>>index 1b217c8..a6860e8 100644
>>--- a/drivers/staging/lustre/lustre/llite/dir.c
>>+++ b/drivers/staging/lustre/lustre/llite/dir.c
>>@@ -1085,7 +1085,7 @@ static int quotactl_ioctl(struct ll_sb_info *sbi,
>>struct if_quotactl *qctl)
>> case Q_QUOTAOFF:
>> case Q_SETQUOTA:
>> case Q_SETINFO:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN) ||
>>+ if (!capable(CFS_CAP_SYS_ADMIN) ||
>> sbi->ll_flags & LL_SBI_RMT_CLIENT)
>> return -EPERM;
>> break;
>>@@ -1094,7 +1094,7 @@ static int quotactl_ioctl(struct ll_sb_info *sbi,
>>struct if_quotactl *qctl)
>> uid_eq(current_euid(), make_kuid(&init_user_ns, id))) ||
>> (type == GRPQUOTA &&
>> !in_egroup_p(make_kgid(&init_user_ns, id)))) &&
>>- (!cfs_capable(CFS_CAP_SYS_ADMIN) ||
>>+ (!capable(CFS_CAP_SYS_ADMIN) ||
>> sbi->ll_flags & LL_SBI_RMT_CLIENT))
>> return -EPERM;
>> break;
>>@@ -1602,7 +1602,7 @@ out_rmdir:
>> struct obd_quotactl *oqctl;
>> int error = 0;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN) ||
>>+ if (!capable(CFS_CAP_SYS_ADMIN) ||
>> sbi->ll_flags & LL_SBI_RMT_CLIENT)
>> return -EPERM;
>>
>>@@ -1626,7 +1626,7 @@ out_rmdir:
>> case OBD_IOC_POLL_QUOTACHECK: {
>> struct if_quotacheck *check;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN) ||
>>+ if (!capable(CFS_CAP_SYS_ADMIN) ||
>> sbi->ll_flags & LL_SBI_RMT_CLIENT)
>> return -EPERM;
>>
>>diff --git a/drivers/staging/lustre/lustre/llite/file.c
>>b/drivers/staging/lustre/lustre/llite/file.c
>>index c12821a..19125d5 100644
>>--- a/drivers/staging/lustre/lustre/llite/file.c
>>+++ b/drivers/staging/lustre/lustre/llite/file.c
>>@@ -1340,7 +1340,7 @@ static int ll_lov_recreate_obj(struct inode *inode,
>>unsigned long arg)
>> struct ll_recreate_obj ucreat;
>> struct ost_id oi;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> return -EPERM;
>>
>> if (copy_from_user(&ucreat, (struct ll_recreate_obj *)arg,
>>@@ -1358,7 +1358,7 @@ static int ll_lov_recreate_fid(struct inode *inode,
>>unsigned long arg)
>> struct ost_id oi;
>> obd_count ost_idx;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> return -EPERM;
>>
>> if (copy_from_user(&fid, (struct lu_fid *)arg, sizeof(fid)))
>>@@ -1497,7 +1497,7 @@ static int ll_lov_setea(struct inode *inode, struct
>>file *file,
>> sizeof(struct lov_user_ost_data);
>> int rc;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> return -EPERM;
>>
>> OBD_ALLOC_LARGE(lump, lum_size);
>>@@ -1747,7 +1747,7 @@ int ll_fid2path(struct inode *inode, void *arg)
>> struct getinfo_fid2path *gfout, *gfin;
>> int outsize, rc;
>>
>>- if (!cfs_capable(CFS_CAP_DAC_READ_SEARCH) &&
>>+ if (!capable(CFS_CAP_DAC_READ_SEARCH) &&
>> !(ll_i2sbi(inode)->ll_flags & LL_SBI_USER_FID2PATH))
>> return -EPERM;
>>
>>@@ -2093,7 +2093,7 @@ static int ll_hsm_state_set(struct inode *inode,
>>struct hsm_state_set *hss)
>> /* Non-root users are forbidden to set or clear flags which are
>> * NOT defined in HSM_USER_MASK. */
>> if (((hss->hss_setmask | hss->hss_clearmask) & ~HSM_USER_MASK) &&
>>- !cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ !capable(CFS_CAP_SYS_ADMIN))
>> return -EPERM;
>>
>> op_data = ll_prep_md_op_data(NULL, inode, NULL, NULL, 0, 0,
>>diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c
>>b/drivers/staging/lustre/lustre/llite/llite_lib.c
>>index b0b6941..85c01e1 100644
>>--- a/drivers/staging/lustre/lustre/llite/llite_lib.c
>>+++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
>>@@ -1403,7 +1403,7 @@ int ll_setattr_raw(struct dentry *dentry, struct
>>iattr *attr, bool hsm_import)
>> /* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */
>> if (attr->ia_valid & TIMES_SET_FLAGS) {
>> if ((!uid_eq(current_fsuid(), inode->i_uid)) &&
>>- !cfs_capable(CFS_CAP_FOWNER))
>>+ !capable(CFS_CAP_FOWNER))
>> return -EPERM;
>> }
>>
>>diff --git a/drivers/staging/lustre/lustre/llite/xattr.c
>>b/drivers/staging/lustre/lustre/llite/xattr.c
>>index 3a7d03c..af83580 100644
>>--- a/drivers/staging/lustre/lustre/llite/xattr.c
>>+++ b/drivers/staging/lustre/lustre/llite/xattr.c
>>@@ -95,7 +95,7 @@ int xattr_type_filter(struct ll_sb_info *sbi, int
>>xattr_type)
>>
>> if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
>> return -EOPNOTSUPP;
>>- if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (xattr_type == XATTR_TRUSTED_T && !capable(CFS_CAP_SYS_ADMIN))
>> return -EPERM;
>> if (xattr_type == XATTR_OTHER_T)
>> return -EOPNOTSUPP;
>>diff --git a/drivers/staging/lustre/lustre/obdclass/linux/linux-module.c
>>b/drivers/staging/lustre/lustre/obdclass/linux/linux-module.c
>>index 121a856..ba20776 100644
>>--- a/drivers/staging/lustre/lustre/obdclass/linux/linux-module.c
>>+++ b/drivers/staging/lustre/lustre/obdclass/linux/linux-module.c
>>@@ -184,7 +184,7 @@ static long obd_class_ioctl(struct file *filp,
>>unsigned int cmd,
>> int err = 0;
>>
>> /* Allow non-root access for OBD_IOC_PING_TARGET - used by lfs check */
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN) && (cmd != OBD_IOC_PING_TARGET))
>>+ if (!capable(CFS_CAP_SYS_ADMIN) && (cmd != OBD_IOC_PING_TARGET))
>> return err = -EACCES;
>> if ((cmd & 0xffffff00) == ((int)'T') << 8) /* ignore all tty ioctls */
>> return err = -ENOTTY;
>>diff --git a/drivers/staging/lustre/lustre/obdclass/obdo.c
>>b/drivers/staging/lustre/lustre/obdclass/obdo.c
>>index 7099764..e9cd6db 100644
>>--- a/drivers/staging/lustre/lustre/obdclass/obdo.c
>>+++ b/drivers/staging/lustre/lustre/obdclass/obdo.c
>>@@ -233,7 +233,7 @@ void obdo_from_iattr(struct obdo *oa, struct iattr
>>*attr, unsigned int ia_valid)
>> oa->o_mode = attr->ia_mode;
>> oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE;
>> if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) &&
>>- !cfs_capable(CFS_CAP_FSETID))
>>+ !capable(CFS_CAP_FSETID))
>> oa->o_mode &= ~S_ISGID;
>> }
>> if (ia_valid & ATTR_UID) {
>>@@ -282,7 +282,7 @@ void iattr_from_obdo(struct iattr *attr, struct obdo
>>*oa, obd_flag valid)
>> attr->ia_mode = (attr->ia_mode & S_IFMT)|(oa->o_mode & ~S_IFMT);
>> attr->ia_valid |= ATTR_MODE;
>> if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) &&
>>- !cfs_capable(CFS_CAP_FSETID))
>>+ !capable(CFS_CAP_FSETID))
>> attr->ia_mode &= ~S_ISGID;
>> }
>> if (valid & OBD_MD_FLUID) {
>>diff --git a/drivers/staging/lustre/lustre/obdecho/echo_client.c
>>b/drivers/staging/lustre/lustre/obdecho/echo_client.c
>>index 9b2dea2..268a202 100644
>>--- a/drivers/staging/lustre/lustre/obdecho/echo_client.c
>>+++ b/drivers/staging/lustre/lustre/obdecho/echo_client.c
>>@@ -2764,7 +2764,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>>
>> switch (cmd) {
>> case OBD_IOC_CREATE: /* may create echo object */
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO (out, rc = -EPERM);
>>
>> rc = echo_create_object(env, ed, 1, oa, data->ioc_pbuf1,
>>@@ -2778,7 +2778,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> int dirlen;
>> __u64 id;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO(out, rc = -EPERM);
>>
>> count = data->ioc_count;
>>@@ -2806,7 +2806,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> __u64 seq;
>> int max_count;
>>
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO(out, rc = -EPERM);
>>
>> cl_env = cl_env_get(&refcheck);
>>@@ -2838,7 +2838,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> GOTO(out, rc);
>> }
>> case OBD_IOC_DESTROY:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO (out, rc = -EPERM);
>>
>> rc = echo_get_object(&eco, ed, oa);
>>@@ -2863,7 +2863,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> GOTO(out, rc);
>>
>> case OBD_IOC_SETATTR:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO (out, rc = -EPERM);
>>
>> rc = echo_get_object(&eco, ed, oa);
>>@@ -2878,7 +2878,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> GOTO(out, rc);
>>
>> case OBD_IOC_BRW_WRITE:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO (out, rc = -EPERM);
>>
>> rw = OBD_BRW_WRITE;
>>@@ -2897,7 +2897,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> GOTO(out, rc);
>>
>> case ECHO_IOC_SET_STRIPE:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO (out, rc = -EPERM);
>>
>> if (data->ioc_pbuf1 == NULL) { /* unset */
>>@@ -2914,7 +2914,7 @@ echo_client_iocontrol(unsigned int cmd, struct
>>obd_export *exp, int len,
>> GOTO (out, rc);
>>
>> case ECHO_IOC_ENQUEUE:
>>- if (!cfs_capable(CFS_CAP_SYS_ADMIN))
>>+ if (!capable(CFS_CAP_SYS_ADMIN))
>> GOTO (out, rc = -EPERM);
>>
>> rc = echo_client_enqueue(exp, oa,
>>diff --git a/drivers/staging/lustre/lustre/osc/osc_cache.c
>>b/drivers/staging/lustre/lustre/osc/osc_cache.c
>>index be4511e..b92a02e 100644
>>--- a/drivers/staging/lustre/lustre/osc/osc_cache.c
>>+++ b/drivers/staging/lustre/lustre/osc/osc_cache.c
>>@@ -2146,7 +2146,7 @@ int osc_prep_async_page(struct osc_object *osc,
>>struct osc_page *ops,
>> oap->oap_obj_off = offset;
>> LASSERT(!(offset & ~CFS_PAGE_MASK));
>>
>>- if (!client_is_remote(exp) && cfs_capable(CFS_CAP_SYS_RESOURCE))
>>+ if (!client_is_remote(exp) && capable(CFS_CAP_SYS_RESOURCE))
>> oap->oap_brw_flags = OBD_BRW_NOQUOTA;
>>
>> INIT_LIST_HEAD(&oap->oap_pending_item);
>>@@ -2186,7 +2186,7 @@ int osc_queue_async_io(const struct lu_env *env,
>>struct cl_io *io,
>> /* Set the OBD_BRW_SRVLOCK before the page is queued. */
>> brw_flags |= ops->ops_srvlock ? OBD_BRW_SRVLOCK : 0;
>> if (!client_is_remote(osc_export(osc)) &&
>>- cfs_capable(CFS_CAP_SYS_RESOURCE)) {
>>+ capable(CFS_CAP_SYS_RESOURCE)) {
>> brw_flags |= OBD_BRW_NOQUOTA;
>> cmd |= OBD_BRW_NOQUOTA;
>> }
>>diff --git a/drivers/staging/lustre/lustre/osc/osc_io.c
>>b/drivers/staging/lustre/lustre/osc/osc_io.c
>>index 681d60a..777ae24 100644
>>--- a/drivers/staging/lustre/lustre/osc/osc_io.c
>>+++ b/drivers/staging/lustre/lustre/osc/osc_io.c
>>@@ -297,7 +297,7 @@ static int osc_io_commit_write(const struct lu_env
>>*env,
>> */
>> osc_page_touch(env, cl2osc_page(slice), to);
>> if (!client_is_remote(osc_export(obj)) &&
>>- cfs_capable(CFS_CAP_SYS_RESOURCE))
>>+ capable(CFS_CAP_SYS_RESOURCE))
>> oap->oap_brw_flags |= OBD_BRW_NOQUOTA;
>>
>> if (oio->oi_lockless)
>>diff --git a/drivers/staging/lustre/lustre/osc/osc_page.c
>>b/drivers/staging/lustre/lustre/osc/osc_page.c
>>index 4909e486..96cb6e2 100644
>>--- a/drivers/staging/lustre/lustre/osc/osc_page.c
>>+++ b/drivers/staging/lustre/lustre/osc/osc_page.c
>>@@ -561,7 +561,7 @@ void osc_page_submit(const struct lu_env *env, struct
>>osc_page *opg,
>> oap->oap_brw_flags = OBD_BRW_SYNC | brw_flags;
>>
>> if (!client_is_remote(osc_export(obj)) &&
>>- cfs_capable(CFS_CAP_SYS_RESOURCE)) {
>>+ capable(CFS_CAP_SYS_RESOURCE)) {
>> oap->oap_brw_flags |= OBD_BRW_NOQUOTA;
>> oap->oap_cmd |= OBD_BRW_NOQUOTA;
>> }
>>--
>>1.7.9.5
>>
>>
>
>
> Cheers, Andreas
> --
> Andreas Dilger
>
> Lustre Software Architect
> Intel High Performance Data Division
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists