summaryrefslogtreecommitdiffstats
path: root/fs/jffs2/acl.c
Commit message (Collapse)AuthorAgeFilesLines
* posix_acl: Inode acl caching fixesAndreas Gruenbacher2016-03-311-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When get_acl() is called for an inode whose ACL is not cached yet, the get_acl inode operation is called to fetch the ACL from the filesystem. The inode operation is responsible for updating the cached acl with set_cached_acl(). This is done without locking at the VFS level, so another task can call set_cached_acl() or forget_cached_acl() before the get_acl inode operation gets to calling set_cached_acl(), and then get_acl's call to set_cached_acl() results in caching an outdate ACL. Prevent this from happening by setting the cached ACL pointer to a task-specific sentinel value before calling the get_acl inode operation. Move the responsibility for updating the cached ACL from the get_acl inode operations to get_acl(). There, only set the cached ACL if the sentinel value hasn't changed. The sentinel values are chosen to have odd values. Likewise, the value of ACL_NOT_CACHED is odd. In contrast, ACL object pointers always have an even value (ACLs are aligned in memory). This allows to distinguish uncached ACLs values from ACL objects. In addition, switch from guarding inode->i_acl and inode->i_default_acl upates by the inode->i_lock spinlock to using xchg() and cmpxchg(). Filesystems that do not want ACLs returned from their get_acl inode operations to be cached must call forget_cached_acl() to prevent the VFS from doing so. (Patch written by Al Viro and Andreas Gruenbacher.) Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* fs/jffs2/acl.c: remove null test before kfreeFabian Frederick2014-07-021-2/+1
| | | | | | | | | | Fix checkpatch warning: WARNING: kfree(NULL) is safe this check is probably not required Cc: David Woodhouse <dwmw2@infradead.org> Cc: linux-mtd@lists.infradead.org Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* jffs2: use generic posix ACL infrastructureChristoph Hellwig2014-01-251-130/+11
| | | | | | | | Also don't bother to set up a .get_acl method for symlinks as we do not support access control (ACLs or even mode bits) for symlinks in Linux. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* fs: make posix_acl_create more usefulChristoph Hellwig2014-01-251-1/+1
| | | | | | | | | | Rename the current posix_acl_created to __posix_acl_create and add a fully featured helper to set up the ACLs on file creation that uses get_acl(). Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* fs: make posix_acl_chmod more usefulChristoph Hellwig2014-01-251-1/+1
| | | | | | | | | | Rename the current posix_acl_chmod to __posix_acl_chmod and add a fully featured ACL chmod helper that uses the ->set_acl inode operation. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* userns: Convert jffs2 to use kuid and kgid where appropriateEric W. Biederman2012-09-211-6/+20
| | | | | | | | | | | - General routine uid/gid conversion work - When storing posix acls treat ACL_USER and ACL_GROUP separately so I can call from_kuid or from_kgid as appropriate. - When reading posix acls treat ACL_USER and ACL_GROUP separately so I can call make_kuid or make_kgid as appropriate. Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
* userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattrEric W. Biederman2012-09-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | - Pass the user namespace the uid and gid values in the xattr are stored in into posix_acl_from_xattr. - Pass the user namespace kuid and kgid values should be converted into when storing uid and gid values in an xattr in posix_acl_to_xattr. - Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to pass in &init_user_ns. In the short term this change is not strictly needed but it makes the code clearer. In the longer term this change is necessary to be able to mount filesystems outside of the initial user namespace that natively store posix acls in the linux xattr format. Cc: Theodore Tso <tytso@mit.edu> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* jffs2: Use pr_fmt and remove jffs: from formatsJoe Perches2012-03-271-0/+2
| | | | | | | | | | Use pr_fmt to prefix KBUILD_MODNAME to appropriate logging messages. Remove now unnecessary internal prefixes from formats. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* switch posix_acl_equiv_mode() to umode_t *Al Viro2011-08-011-1/+1
| | | | | | ... so that &inode->i_mode could be passed to it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* switch posix_acl_create() to umode_t *Al Viro2011-08-011-1/+1
| | | | | | so we can pass &inode->i_mode to it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* fs: take the ACL checks to common codeChristoph Hellwig2011-07-251-17/+1
| | | | | | | | | Replace the ->check_acl method with a ->get_acl method that simply reads an ACL from disk after having a cache miss. This means we can replace the ACL checking boilerplate code with a single implementation in namei.c. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* kill boilerplates around posix_acl_create_masq()Al Viro2011-07-251-10/+5
| | | | | | | | | new helper: posix_acl_create(&acl, gfp, mode_p). Replaces acl with modified clone, on failure releases acl and replaces with NULL. Returns 0 or -ve on error. All callers of posix_acl_create_masq() switched. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* kill boilerplate around posix_acl_chmod_masq()Al Viro2011-07-251-8/+5
| | | | | | | | | new helper: posix_acl_chmod(&acl, gfp, mode). Replaces acl with modified clone or with NULL if that has failed; returns 0 or -ve on error. All callers of posix_acl_chmod_masq() switched to that - they'd been doing exactly the same thing. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* vfs: move ACL cache lookup into generic codeLinus Torvalds2011-07-251-3/+0
| | | | | | | | | | | | | | This moves logic for checking the cached ACL values from low-level filesystems into generic code. The end result is a streamlined ACL check that doesn't need to load the inode->i_op->check_acl pointer at all for the common cached case. The filesystems also don't need to check for a non-blocking RCU walk case in their acl_check() functions, because that is all handled at a VFS layer. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* fix jffs2 ACLs on big-endian with 16bit mode_tAl Viro2011-07-241-2/+2
| | | | | | | | | casting int * to mode_t * is not a good thing - on a *lot* of big-endian architectures mode_t happens to be smaller than int and there it breaks quite spectaculary... Fucked-up-by: commit cfc8dc6f6f69ede939e09c2af06a01adee577285 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* ->permission() sanitizing: don't pass flags to ->check_acl()Al Viro2011-07-201-1/+1
| | | | | | not used in the instances anymore. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* ->permission() sanitizing: pass MAY_NOT_BLOCK to ->check_acl()Al Viro2011-07-201-1/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* userns: rename is_owner_or_cap to inode_owner_or_capableSerge E. Hallyn2011-03-231-1/+1
| | | | | | | | | | | | | And give it a kernel-doc comment. [akpm@linux-foundation.org: btrfs changed in linux-next] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* fs: provide rcu-walk aware permission i_opsNick Piggin2011-01-071-1/+4
| | | | Signed-off-by: Nick Piggin <npiggin@kernel.dk>
* Merge git://git.infradead.org/~dwmw2/mtd-2.6.35Linus Torvalds2010-06-071-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | * git://git.infradead.org/~dwmw2/mtd-2.6.35: jffs2: update ctime when changing the file's permission by setfacl jffs2: Fix NFS race by using insert_inode_locked() jffs2: Fix in-core inode leaks on error paths mtd: Fix NAND submenu mtd/r852: update card detect early. mtd/r852: Fixes in case of DMA timeout mtd/r852: register IRQ as last step drivers/mtd: Use memdup_user docbook: make mtd nand module init static
| * jffs2: update ctime when changing the file's permission by setfaclJan Kara2010-06-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | jffs2 didn't update the ctime of the file when its permission was changed. Steps to reproduce: # touch aaa # stat -c %Z aaa 1275289822 # setfacl -m 'u::x,g::x,o::x' aaa # stat -c %Z aaa 1275289822 <- unchanged But, according to the spec of the ctime, jffs2 must update it. Port of ext3 patch by Miao Xie <miaox@cn.fujitsu.com>. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* | jffs2: constify xattr_handlerStephen Hemminger2010-05-211-2/+2
|/ | | | | Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* sanitize xattr handler prototypesChristoph Hellwig2009-12-161-43/+22
| | | | | | | | | | | | | | | | | | | | | Add a flags argument to struct xattr_handler and pass it to all xattr handler methods. This allows using the same methods for multiple handlers, e.g. for the ACL methods which perform exactly the same action for the access and default ACLs, just using a different underlying attribute. With a little more groundwork it'll also allow sharing the methods for the regular user/trusted/secure handlers in extN, ocfs2 and jffs2 like it's already done for xfs in this patch. Also change the inode argument to the handlers to a dentry to allow using the handlers mechnism for filesystems that require it later, e.g. cifs. [with GFS2 bits updated by Steven Whitehouse <swhiteho@redhat.com>] Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* jffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()'Linus Torvalds2009-09-081-6/+1
| | | | | | | | | | | This avoids an indirect call in the VFS for each path component lookup. Well, at least as long as you own the directory in question, and the ACL check is unnecessary. Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Get "no acls for this inode" right, fix shmem breakageAl Viro2009-06-241-2/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* helpers for acl caching + switch to thoseAl Viro2009-06-241-49/+11
| | | | | | | | | helpers: get_cached_acl(inode, type), set_cached_acl(inode, type, acl), forget_cached_acl(inode, type). ubifs/xattr.c needed includes reordered, the rest is a plain switchover. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* switch jffs2 to inode->i_aclAl Viro2009-06-241-35/+19
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* Merge git://git.infradead.org/mtd-2.6Linus Torvalds2009-04-061-2/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.infradead.org/mtd-2.6: (53 commits) [MTD] struct device - replace bus_id with dev_name(), dev_set_name() [MTD] [NOR] Fixup for Numonyx M29W128 chips [MTD] mtdpart: Make ecc_stats more realistic. powerpc/85xx: TQM8548: Update DTS file for multi-chip support powerpc: NAND: FSL UPM: document new bindings [MTD] [NAND] FSL-UPM: Add wait flags to support board/chip specific delays [MTD] [NAND] FSL-UPM: add multi chip support [MTD] [NOR] Add device parent info to physmap_of [MTD] [NAND] Add support for NAND on the Socrates board [MTD] [NAND] Add support for 4KiB pages. [MTD] sysfs support should not depend on CONFIG_PROC_FS [MTD] [NAND] Add parent info for CAFÉ controller [MTD] support driver model updates [MTD] driver model updates (part 2) [MTD] driver model updates [MTD] [NAND] move gen_nand's probe function to .devinit.text [MTD] [MAPS] move sa1100 flash's probe function to .devinit.text [MTD] fix use after free in register_mtd_blktrans [MTD] [MAPS] Drop now unused sharpsl-flash map [MTD] ofpart: Check name property to determine partition nodes. ... Manually fix trivial conflict in drivers/mtd/maps/Makefile
| * [JFFS2] jffs2_acl_count() tests < 0 on unsignedRoel Kluin2009-03-201-2/+2
| | | | | | | | | | | | | | | | size_t s is unsigned and cannot be less than 0. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* | New helper - current_umask()Al Viro2009-03-311-1/+1
|/ | | | | | | current->fs->umask is what most of fs_struct users are doing. Put that into a helper function. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [PATCH] sanitize ->permission() prototypeAl Viro2008-07-261-1/+1
| | | | | | | | | | | | | | | * kill nameidata * argument; map the 3 bits in ->flags anybody cares about to new MAY_... ones and pass with the mask. * kill redundant gfs2_iop_permission() * sanitize ecryptfs_permission() * fix remaining places where ->permission() instances might barf on new MAY_... found in mask. The obvious next target in that direction is permission(9) folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [JFFS2] Add missing call to posix_acl_releaseJulia Lawall2008-01-081-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | posix_acl_clone does a memory allocation and sets a reference count, so posix_acl_release is needed afterwards to free it. The problem was fixed using the following semantic patch. (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ type T; identifier E; expression E1, E2; int ret; statement S; @@ T E; <+... ( E = \(posix_acl_clone\|posix_acl_alloc\|posix_acl_dup\)(...); if (E == NULL) S | if ((E = \(posix_acl_clone\|posix_acl_alloc\|posix_acl_dup\)(...)) == NULL) S ) ... when != E2 = E when strict ( posix_acl_release(E); | E1 = E; | + posix_acl_release(E); return; | + posix_acl_release(E); return ret; ) ...+> // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Acked-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [JFFS2] make jffs2_get_acl() staticAdrian Bunk2007-11-061-1/+1
| | | | | | | | | jffs2_get_acl() can now become static again. Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [JFFS2] Prevent return of initialised variable in jffs2_init_acl_post()David Woodhouse2007-10-271-1/+1
| | | | | | Spotted by the Coverity checker, and pointed out by Adrian Bunk. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [JFFS2] Tidy up fix for ACL/permissions problem.KaiGai Kohei2007-10-201-36/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | [In commit 9ed437c50d89eabae763dd422579f73fdebf288d we fixed a problem with standard permissions on newly-created inodes, when POSIX ACLs are enabled. This cleans it up...] The attached patch separate jffs2_init_acl() into two parts. The one is jffs2_init_acl_pre() called from jffs2_new_inode(). It compute ACL oriented inode->i_mode bits, and allocate in-memory ACL objects associated with the new inode just before when inode meta infomation is written to the medium. The other is jffs2_init_acl_post() called from jffs2_symlink(), jffs2_mkdir(), jffs2_mknod() and jffs2_do_create(). It actually writes in-memory ACL objects into the medium next to the success of writing meta-information. In the current implementation, we have to write a same inode meta infomation twice when inode->i_mode is updated by the default ACL. However, we can avoid the behavior by putting an updated i_mode before it is written at first, as jffs2_init_acl_pre() doing. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [JFFS2] Fix ACL vs. mode handling.David Woodhouse2007-08-221-12/+11
| | | | | | | | | When POSIX ACL support was enabled, we weren't writing correct legacy modes to the medium on inode creation, or when the ACL was set. This meant that the permissions would be incorrect after the file system was remounted. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid checkSatyam Sharma2007-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | Introduce is_owner_or_cap() macro in fs.h, and convert over relevant users to it. This is done because we want to avoid bugs in the future where we check for only effective fsuid of the current task against a file's owning uid, without simultaneously checking for CAP_FOWNER as well, thus violating its semantics. [ XFS uses special macros and structures, and in general looked ... untouchable, so we leave it alone -- but it has been looked over. ] The (current->fsuid != inode->i_uid) check in generic_permission() and exec_permission_lite() is left alone, because those operations are covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone. Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in> Cc: Al Viro <viro@ftp.linux.org.uk> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [JFFS2] Tidy up licensing/copyright boilerplate.David Woodhouse2007-04-251-1/+2
| | | | | | | | | | | | | | In particular, remove the bit in the LICENCE file about contacting Red Hat for alternative arrangements. Their errant IS department broke that arrangement a long time ago -- the policy of collecting copyright assignments from contributors came to an end when the plug was pulled on the servers hosting the project, without notice or reason. We do still dual-license it for use with eCos, with the GPL+exception licence approved by the FSF as being GPL-compatible. It's just that nobody has the right to license it differently. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [PATCH] severing fs.h, radix-tree.h -> sched.hAl Viro2006-12-041-0/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [JFFS2][XATTR] Fix memory leak in POSIX-ACL supportKaiGai Kohei2006-07-021-3/+1
| | | | | | | | | | | | jffs2_clear_acl() which releases acl caches allocated by kmalloc() was defined but it was never called. Thus, we faced to the risk of memory leaking. This patch plugs jffs2_clear_acl() into jffs2_do_clear_inode(). It ensures to release acl cache when inode is cleared. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [JFFS2][XATTR] Fix ACL bug when updating null xattr by null ACL.KaiGai Kohei2006-06-271-0/+2
| | | | | | | | | | | | | This patch enable to handle the case when updating null xattr by null ACL. When we try to set NULL into NULL xattr, xattr subsystem returns -ENODATA. This patch enables to handle this error code. [2/3] jffs2-xattr-v6-02-fix_posixacl_bug.patch Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* [JFFS2][XATTR] remove redundant pointer cast in acl.cKaiGai Kohei2006-05-131-20/+21
| | | | | | | | remove redundant pointer cast in acl.c. [10/10] jffs2-xattr-v5.1-10-remove_pointer_cast.patch Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
* [JFFS2][XATTR] Unify each file header part with any jffs2 file.KaiGai Kohei2006-05-131-7/+8
| | | | | | | | Unify each file header part with any jffs2 file. [7/10] jffs2-xattr-v5.1-07-unify_file_header.patch Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
* [JFFS2][XATTR] remove typedef from posix_acl related definition.KaiGai Kohei2006-05-131-26/+26
| | | | | | | | | jffs2_acl_header, jffs2_acl_entry and jffs2_acl_entry_short were redefined with using 'struct' instead of 'typedef' in kernel implementation. [1/10] jffs2-xattr-v5.1-01-remove_typedef_kernel.patch Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
* [JFFS2][XATTR] XATTR support on JFFS2 (version. 5)KaiGai Kohei2006-05-131-0/+483
This attached patches provide xattr support including POSIX-ACL and SELinux support on JFFS2 (version.5). There are some significant differences from previous version posted at last December. The biggest change is addition of EBS(Erase Block Summary) support. Currently, both kernel and usermode utility (sumtool) can recognize xattr nodes which have JFFS2_NODETYPE_XATTR/_XREF nodetype. In addition, some bugs are fixed. - A potential race condition was fixed. - Unexpected fail when updating a xattr by same name/value pair was fixed. - A bug when removing xattr name/value pair was fixed. The fundamental structures (such as using two new nodetypes and exclusion mechanism by rwsem) are unchanged. But most of implementation were reviewed and updated if necessary. Espacially, we had to change several internal implementations related to load_xattr_datum() to avoid a potential race condition. [1/2] xattr_on_jffs2.kernel.version-5.patch [2/2] xattr_on_jffs2.utils.version-5.patch Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
OpenPOWER on IntegriCloud