Commit e8e96157 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Linus Torvalds

fuse: clean up execute permission checking

Define a new function fuse_refresh_attributes() that conditionally refreshes
the attributes based on the validity timeout.

In fuse_permission() only refresh the attributes for checking the execute bits
if necessary.
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c9c9d7df
...@@ -694,6 +694,20 @@ static int fuse_do_getattr(struct inode *inode) ...@@ -694,6 +694,20 @@ static int fuse_do_getattr(struct inode *inode)
return err; return err;
} }
/*
* Check if attributes are still valid, and if not send a GETATTR
* request to refresh them.
*/
static int fuse_refresh_attributes(struct inode *inode)
{
struct fuse_inode *fi = get_fuse_inode(inode);
if (fi->i_time < get_jiffies_64())
return fuse_do_getattr(inode);
else
return 0;
}
/* /*
* Calling into a user-controlled filesystem gives the filesystem * Calling into a user-controlled filesystem gives the filesystem
* daemon ptrace-like capabilities over the requester process. This * daemon ptrace-like capabilities over the requester process. This
...@@ -770,7 +784,6 @@ static int fuse_access(struct inode *inode, int mask) ...@@ -770,7 +784,6 @@ static int fuse_access(struct inode *inode, int mask)
static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd) static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
{ {
struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_conn *fc = get_fuse_conn(inode);
struct fuse_inode *fi = get_fuse_inode(inode);
bool refreshed = false; bool refreshed = false;
int err = 0; int err = 0;
...@@ -778,12 +791,11 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd) ...@@ -778,12 +791,11 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
return -EACCES; return -EACCES;
/* /*
* If attributes are needed, but are stale, refresh them * If attributes are needed, refresh them before proceeding
* before proceeding
*/ */
if (((fc->flags & FUSE_DEFAULT_PERMISSIONS) || (mask & MAY_EXEC)) && if ((fc->flags & FUSE_DEFAULT_PERMISSIONS) ||
fi->i_time < get_jiffies_64()) { ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
err = fuse_do_getattr(inode); err = fuse_refresh_attributes(inode);
if (err) if (err)
return err; return err;
...@@ -806,14 +818,17 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd) ...@@ -806,14 +818,17 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
exist. So if permissions are revoked this won't be exist. So if permissions are revoked this won't be
noticed immediately, only after the attribute noticed immediately, only after the attribute
timeout has expired */ timeout has expired */
} else if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR))) {
} else { err = fuse_access(inode, mask);
int mode = inode->i_mode; } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
if ((mask & MAY_EXEC) && !S_ISDIR(mode) && !(mode & S_IXUGO)) if (!(inode->i_mode & S_IXUGO)) {
return -EACCES; if (refreshed)
return -EACCES;
if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR)))
return fuse_access(inode, mask); err = fuse_do_getattr(inode);
if (!err && !(inode->i_mode & S_IXUGO))
return -EACCES;
}
} }
return err; return err;
} }
...@@ -1046,14 +1061,12 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, ...@@ -1046,14 +1061,12 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry,
struct inode *inode = entry->d_inode; struct inode *inode = entry->d_inode;
struct fuse_inode *fi = get_fuse_inode(inode); struct fuse_inode *fi = get_fuse_inode(inode);
struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_conn *fc = get_fuse_conn(inode);
int err = 0; int err;
if (!fuse_allow_task(fc, current)) if (!fuse_allow_task(fc, current))
return -EACCES; return -EACCES;
if (fi->i_time < get_jiffies_64()) err = fuse_refresh_attributes(inode);
err = fuse_do_getattr(inode);
if (!err) { if (!err) {
generic_fillattr(inode, stat); generic_fillattr(inode, stat);
stat->mode = fi->orig_i_mode; stat->mode = fi->orig_i_mode;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment