1. 23 6月, 2008 5 次提交
    • M
      [patch for 2.6.26 4/4] vfs: utimensat(): fix write access check for futimens() · c70f8441
      Michael Kerrisk 提交于
      The POSIX.1 draft spec for futimens()/utimensat() says:
      
              Only a process with the effective user ID equal to the
              user ID of the file, *or with write access to the file*,
              or with appropriate privileges may use futimens() or
              utimensat() with a null pointer as the times argument
              or with both tv_nsec fields set to the special value
              UTIME_NOW.
      
      The important piece here is "with write access to the file", and
      this matters for futimens(), which deals with an argument that
      is a file descriptor referring to the file whose timestamps are
      being updated,  The standard is saying that the "writability"
      check is based on the file permissions, not the access mode with
      which the file is opened.  (This behavior is consistent with the
      semantics of FreeBSD's futimes().)  However, Linux is currently
      doing the latter -- futimens(fd, times) is a library
      function implemented as
      
             utimensat(fd, NULL, times, 0)
      
      and within the utimensat() implementation we have the code:
      
                      f = fget(dfd);  // dfd is 'fd'
                      ...
                      if (f) {
                              if (!(f->f_mode & FMODE_WRITE))
                                      goto mnt_drop_write_and_out;
      
      The check should instead be based on the file permissions.
      
      Thanks to Miklos for pointing out how to do this check.
      Miklos also pointed out a simplification that could be
      made to my first version of this patch, since the checks
      for the pathname and file descriptor cases can now be
      conflated.
      Acked-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: NMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      c70f8441
    • M
      [patch for 2.6.26 3/4] vfs: utimensat(): fix error checking for {UTIME_NOW,UTIME_OMIT} case · 4cca9226
      Michael Kerrisk 提交于
      The POSIX.1 draft spec for utimensat() says:
      
          Only a process with the effective user ID equal to the
          user ID of the file or with appropriate privileges may use
          futimens() or utimensat() with a non-null times argument
          that does not have both tv_nsec fields set to UTIME_NOW
          and does not have both tv_nsec fields set to UTIME_OMIT.
      
      If this condition is violated, then the error EPERM should result.
      However, the current implementation does not generate EPERM if
      one tv_nsec field is UTIME_NOW while the other is UTIME_OMIT.
      It should give this error for that case.
      
      This patch:
      
      a) Repairs that problem.
      b) Removes the now unneeded nsec_special() helper function.
      c) Adds some comments to explain the checks that are being
         performed.
      
      Thanks to Miklos, who provided comments on the previous iteration
      of this patch.  As a result, this version is a little simpler and
      and its logic is better structured.
      
      Miklos suggested an alternative idea, migrating the
      is_owner_or_cap() checks into fs/attr.c:inode_change_ok() via
      the use of an ATTR_OWNER_CHECK flag.  Maybe we could do that
      later, but for now I've gone with this version, which is
      IMO simpler, and can be more easily read as being correct.
      Acked-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: NMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      4cca9226
    • M
      [patch for 2.6.26 1/4] vfs: utimensat(): ignore tv_sec if tv_nsec == UTIME_OMIT or UTIME_NOW · 94c70b9b
      Michael Kerrisk 提交于
      The POSIX.1 draft spec for utimensat() says that if a times[n].tv_nsec
      field is UTIME_OMIT or UTIME_NOW, then the value in the corresponding
      tv_sec field is ignored.  See the last sentence of this para, from
      the spec:
      
          If the tv_nsec field of a timespec structure has
          the special value UTIME_NOW, the file's relevant
          timestamp shall be set to the greatest value
          supported by the file system that is not greater than
          the current time. If the tv_nsec field has the
          special value UTIME_OMIT, the file's relevant
          timestamp shall not be changed. In either case,
          the tv_sec field shall be ignored.
      
      However the current Linux implementation requires the tv_sec value to be
      zero (or the EINVAL error results). This requirement should be removed.
      Acked-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: NMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      94c70b9b
    • M
      [patch for 2.6.26 2/4] vfs: utimensat(): be consistent with utime() for... · 12fd0d30
      Michael Kerrisk 提交于
      [patch for 2.6.26 2/4] vfs: utimensat(): be consistent with utime() for immutable and append-only files
      
      This patch fixes utimensat() to make its behavior consistent
      with that of utime()/utimes() when dealing with files marked
      immutable and append-only.
      
      The current utimensat() implementation also returns EPERM if
      'times' is non-NULL and the tv_nsec fields are both UTIME_NOW.
      For consistency, the
      
      (times != NULL && times[0].tv_nsec == UTIME_NOW &&
                        times[1].tv_nsec == UTIME_NOW)
      
      case should be treated like the traditional utimes() case where
      'times' is NULL.  That is, the call should succeed for a file
      marked append-only and should give the error EACCES if the file
      is marked as immutable.
      
      The simple way to do this is to set 'times' to NULL
      if (times[0].tv_nsec == UTIME_NOW && times[1].tv_nsec == UTIME_NOW).
      
      This is also the natural approach, since POSIX.1 semantics consider the
      times == {{x, UTIME_NOW}, {y, UTIME_NOW}}
      to be exactly equivalent to the case for
      times == NULL.
      
      (Thanks to Miklos for pointing this out.)
      
      Patch 3 in this series relies on the simplification provided
      by this patch.
      Acked-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: NMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      12fd0d30
    • A
      [PATCH] fix cgroup-inflicted breakage in block_dev.c · fe6e9c1f
      Al Viro 提交于
      devcgroup_inode_permission() expects MAY_FOO, not FMODE_FOO; kindly
      keep your misdesign consistent if you positively have to inflict it
      on the kernel.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      fe6e9c1f
  2. 22 6月, 2008 4 次提交
  3. 21 6月, 2008 29 次提交
  4. 20 6月, 2008 2 次提交