->permission() sanitizing: pass MAY_NOT_BLOCK to ->check_acl()

Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>

->permission() sanitizing: pass MAY_NOT_BLOCK to ->check_acl()
Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>
9c2c7039 · Al Viro · 1fc0f78c · 9c2c7039 · 9c2c7039 · 9c2c7039
13 changed file
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -101,7 +101,7 @@ int v9fs_check_acl(struct inode *inode, int mask, unsigned int flags)
 	struct posix_acl *acl;
 	struct v9fs_session_info *v9ses;

-	if (flags & IPERM_FLAG_RCU)
+	if (mask & MAY_NOT_BLOCK)
 		return -ECHILD;

 	v9ses = v9fs_inode2v9ses(inode);

--- a/fs/btrfs/acl.c
+++ b/fs/btrfs/acl.c
@@ -199,10 +199,9 @@ int btrfs_check_acl(struct inode *inode, int mask, unsigned int flags)
 {
 	int error = -EAGAIN;

-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			error = -ECHILD;
-
 	} else {
 		struct posix_acl *acl;
 		acl = btrfs_get_acl(inode, ACL_TYPE_ACCESS);

--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -236,7 +236,7 @@ ext2_check_acl(struct inode *inode, int mask, unsigned int flags)
 {
 	struct posix_acl *acl;

-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			return -ECHILD;
 		return -EAGAIN;

--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -244,7 +244,7 @@ ext3_check_acl(struct inode *inode, int mask, unsigned int flags)
 {
 	struct posix_acl *acl;

-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			return -ECHILD;
 		return -EAGAIN;

--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -242,7 +242,7 @@ ext4_check_acl(struct inode *inode, int mask, unsigned int flags)
 {
 	struct posix_acl *acl;

-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			return -ECHILD;
 		return -EAGAIN;

--- a/fs/generic_acl.c
+++ b/fs/generic_acl.c
@@ -192,7 +192,7 @@ generic_acl_chmod(struct inode *inode)
 int
 generic_check_acl(struct inode *inode, int mask, unsigned int flags)
 {
-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			return -ECHILD;
 	} else {

--- a/fs/gfs2/acl.c
+++ b/fs/gfs2/acl.c
@@ -80,7 +80,7 @@ int gfs2_check_acl(struct inode *inode, int mask, unsigned int flags)
 	struct posix_acl *acl;
 	int error;

-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			return -ECHILD;
 		return -EAGAIN;

--- a/fs/jffs2/acl.c
+++ b/fs/jffs2/acl.c
@@ -264,7 +264,7 @@ int jffs2_check_acl(struct inode *inode, int mask, unsigned int flags)
 	struct posix_acl *acl;
 	int rc;

-	if (flags & IPERM_FLAG_RCU)
+	if (mask & MAY_NOT_BLOCK)
 		return -ECHILD;

 	acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);

--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -118,7 +118,7 @@ int jfs_check_acl(struct inode *inode, int mask, unsigned int flags)
 {
 	struct posix_acl *acl;

-	if (flags & IPERM_FLAG_RCU)
+	if (mask & MAY_NOT_BLOCK)
 		return -ECHILD;

 	acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -181,7 +181,7 @@ static int acl_permission_check(struct inode *inode, int mask, unsigned int flag
 	int (*check_acl)(struct inode *inode, int mask, unsigned int flags);
 	unsigned int mode = inode->i_mode;

-	mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
+	mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;

 	if (current_user_ns() != inode_userns(inode))
 		goto other_perms;
@@ -204,7 +204,7 @@ static int acl_permission_check(struct inode *inode, int mask, unsigned int flag
 	/*
 	 * If the DACs are ok we don't need any capability check.
 	 */
-	if ((mask & ~mode) == 0)
+	if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
 		return 0;
 	return -EACCES;
 }

--- a/fs/ocfs2/acl.c
+++ b/fs/ocfs2/acl.c
@@ -297,7 +297,7 @@ int ocfs2_check_acl(struct inode *inode, int mask, unsigned int flags)
 	struct posix_acl *acl;
 	int ret = -EAGAIN;

-	if (flags & IPERM_FLAG_RCU)
+	if (mask & MAY_NOT_BLOCK)
 		return -ECHILD;

 	osb = OCFS2_SB(inode->i_sb);

--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -879,7 +879,7 @@ int reiserfs_check_acl(struct inode *inode, int mask, unsigned int flags)
 	if (get_inode_sd_version(inode) == STAT_DATA_V1)
 		return -EAGAIN;

-	if (flags & IPERM_FLAG_RCU)
+	if (mask & MAY_NOT_BLOCK)
 		return -ECHILD;

 	acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS);

--- a/fs/xfs/linux-2.6/xfs_acl.c
+++ b/fs/xfs/linux-2.6/xfs_acl.c
@@ -235,7 +235,7 @@ xfs_check_acl(struct inode *inode, int mask, unsigned int flags)
 	if (!XFS_IFORK_Q(ip))
 		return -EAGAIN;

-	if (flags & IPERM_FLAG_RCU) {
+	if (mask & MAY_NOT_BLOCK) {
 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
 			return -ECHILD;
 		return -EAGAIN;