mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-24 07:20:50 +07:00
->permission() sanitizing: don't pass flags to exec_permission()
pass mask instead; kill security_inode_exec_permission() since we can use security_inode_permission() instead. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
cf1dd1dae8
commit
eecdd358b4
17
fs/namei.c
17
fs/namei.c
@ -304,7 +304,7 @@ int inode_permission(struct inode *inode, int mask)
|
|||||||
/**
|
/**
|
||||||
* exec_permission - check for right to do lookups in a given directory
|
* exec_permission - check for right to do lookups in a given directory
|
||||||
* @inode: inode to check permission on
|
* @inode: inode to check permission on
|
||||||
* @flags: IPERM_FLAG_ flags.
|
* @mask: MAY_EXEC and possibly MAY_NOT_BLOCK flags.
|
||||||
*
|
*
|
||||||
* Short-cut version of inode_permission(), for calling on directories
|
* Short-cut version of inode_permission(), for calling on directories
|
||||||
* during pathname resolution. Combines parts of inode_permission()
|
* during pathname resolution. Combines parts of inode_permission()
|
||||||
@ -314,13 +314,10 @@ int inode_permission(struct inode *inode, int mask)
|
|||||||
* short-cut DAC fails, then call ->permission() to do more
|
* short-cut DAC fails, then call ->permission() to do more
|
||||||
* complete permission check.
|
* complete permission check.
|
||||||
*/
|
*/
|
||||||
static inline int exec_permission(struct inode *inode, unsigned int flags)
|
static inline int exec_permission(struct inode *inode, int mask)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
struct user_namespace *ns = inode_userns(inode);
|
struct user_namespace *ns = inode_userns(inode);
|
||||||
int mask = MAY_EXEC;
|
|
||||||
if (flags & IPERM_FLAG_RCU)
|
|
||||||
mask |= MAY_NOT_BLOCK;
|
|
||||||
|
|
||||||
if (inode->i_op->permission) {
|
if (inode->i_op->permission) {
|
||||||
ret = inode->i_op->permission(inode, mask);
|
ret = inode->i_op->permission(inode, mask);
|
||||||
@ -338,7 +335,7 @@ static inline int exec_permission(struct inode *inode, unsigned int flags)
|
|||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
ok:
|
ok:
|
||||||
return security_inode_exec_permission(inode, flags);
|
return security_inode_permission(inode, mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1214,13 +1211,13 @@ static int do_lookup(struct nameidata *nd, struct qstr *name,
|
|||||||
static inline int may_lookup(struct nameidata *nd)
|
static inline int may_lookup(struct nameidata *nd)
|
||||||
{
|
{
|
||||||
if (nd->flags & LOOKUP_RCU) {
|
if (nd->flags & LOOKUP_RCU) {
|
||||||
int err = exec_permission(nd->inode, IPERM_FLAG_RCU);
|
int err = exec_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
|
||||||
if (err != -ECHILD)
|
if (err != -ECHILD)
|
||||||
return err;
|
return err;
|
||||||
if (unlazy_walk(nd, NULL))
|
if (unlazy_walk(nd, NULL))
|
||||||
return -ECHILD;
|
return -ECHILD;
|
||||||
}
|
}
|
||||||
return exec_permission(nd->inode, 0);
|
return exec_permission(nd->inode, MAY_EXEC);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int handle_dots(struct nameidata *nd, int type)
|
static inline int handle_dots(struct nameidata *nd, int type)
|
||||||
@ -1495,7 +1492,7 @@ static int path_init(int dfd, const char *name, unsigned int flags,
|
|||||||
if (!S_ISDIR(dentry->d_inode->i_mode))
|
if (!S_ISDIR(dentry->d_inode->i_mode))
|
||||||
goto fput_fail;
|
goto fput_fail;
|
||||||
|
|
||||||
retval = exec_permission(dentry->d_inode, 0);
|
retval = exec_permission(dentry->d_inode, MAY_EXEC);
|
||||||
if (retval)
|
if (retval)
|
||||||
goto fput_fail;
|
goto fput_fail;
|
||||||
}
|
}
|
||||||
@ -1652,7 +1649,7 @@ static struct dentry *__lookup_hash(struct qstr *name,
|
|||||||
struct dentry *dentry;
|
struct dentry *dentry;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
err = exec_permission(inode, 0);
|
err = exec_permission(inode, MAY_EXEC);
|
||||||
if (err)
|
if (err)
|
||||||
return ERR_PTR(err);
|
return ERR_PTR(err);
|
||||||
|
|
||||||
|
@ -1720,7 +1720,6 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
|
|||||||
int security_inode_readlink(struct dentry *dentry);
|
int security_inode_readlink(struct dentry *dentry);
|
||||||
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
|
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
|
||||||
int security_inode_permission(struct inode *inode, int mask);
|
int security_inode_permission(struct inode *inode, int mask);
|
||||||
int security_inode_exec_permission(struct inode *inode, unsigned int flags);
|
|
||||||
int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
|
int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
|
||||||
int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
|
int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
|
||||||
int security_inode_setxattr(struct dentry *dentry, const char *name,
|
int security_inode_setxattr(struct dentry *dentry, const char *name,
|
||||||
@ -2113,12 +2112,6 @@ static inline int security_inode_permission(struct inode *inode, int mask)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_inode_exec_permission(struct inode *inode,
|
|
||||||
unsigned int flags)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline int security_inode_setattr(struct dentry *dentry,
|
static inline int security_inode_setattr(struct dentry *dentry,
|
||||||
struct iattr *attr)
|
struct iattr *attr)
|
||||||
{
|
{
|
||||||
|
@ -521,16 +521,6 @@ int security_inode_permission(struct inode *inode, int mask)
|
|||||||
return security_ops->inode_permission(inode, mask);
|
return security_ops->inode_permission(inode, mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_inode_exec_permission(struct inode *inode, unsigned int flags)
|
|
||||||
{
|
|
||||||
int mask = MAY_EXEC;
|
|
||||||
if (unlikely(IS_PRIVATE(inode)))
|
|
||||||
return 0;
|
|
||||||
if (flags)
|
|
||||||
mask |= MAY_NOT_BLOCK;
|
|
||||||
return security_ops->inode_permission(inode, mask);
|
|
||||||
}
|
|
||||||
|
|
||||||
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
|
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(dentry->d_inode)))
|
if (unlikely(IS_PRIVATE(dentry->d_inode)))
|
||||||
|
Loading…
Reference in New Issue
Block a user