[PATCH] remove xfs xattr permission checks

remove checks now in the VFS XFS has an additional xattr interface through obscure ioctl. it requires raised capabilities but we need to add some read-only/immutable checks anyway Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Nathan Scott <nathans@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] remove xfs xattr permission checks
remove checks now in the VFS XFS has an additional xattr interface through obscure ioctl. it requires raised capabilities but we need to add some read-only/immutable checks anyway Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Nathan Scott <nathans@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
3542c6e1 · Christoph Hellwig · Linus Torvalds · b98932cb · 3542c6e1 · 3542c6e1
Commit 3542c6e1 authored Jan 09, 2006 by Christoph Hellwig Committed by Linus Torvalds Jan 10, 2006
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 26 deletions

fs/xfs/linux-2.6/xfs_ioctl.c fs/xfs/linux-2.6/xfs_ioctl.c +5 -0

fs/xfs/xfs_attr.c fs/xfs/xfs_attr.c +3 -26

No files found.
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -530,6 +530,8 @@ xfs_attrmulti_attr_set(
 	char			*kbuf;
 	int			error = EFAULT;
+	if (IS_RDONLY(&vp->v_inode))
+		return -EROFS;
 	if (IS_IMMUTABLE(&vp->v_inode) || IS_APPEND(&vp->v_inode))
 		return EPERM;
 	if (len > XATTR_SIZE_MAX)
@@ -557,6 +559,9 @@ xfs_attrmulti_attr_remove(
 {
 	int			error;
+	if (IS_RDONLY(&vp->v_inode))
+		return -EROFS;
 	if (IS_IMMUTABLE(&vp->v_inode) || IS_APPEND(&vp->v_inode))
 		return EPERM;

--- a/fs/xfs/xfs_attr.c
+++ b/fs/xfs/xfs_attr.c
@@ -117,11 +117,6 @@ xfs_attr_fetch(xfs_inode_t *ip, const char *name, int namelen,
 	     ip->i_d.di_anextents == 0))
 		return(ENOATTR);
-	if (!(flags & (ATTR_KERNACCESS|ATTR_SECURE))) {
-		if ((error = xfs_iaccess(ip, S_IRUSR, cred)))
-			return(XFS_ERROR(error));
-	}
 	/*
 	 * Fill in the arg structure for this request.
 	 */
@@ -425,7 +420,7 @@ xfs_attr_set(bhv_desc_t *bdp, const char *name, char *value, int valuelen, int f
 	     struct cred *cred)
 {
 	xfs_inode_t	*dp;
-	int             namelen, error;
+	int             namelen;
 	namelen = strlen(name);
 	if (namelen >= MAXNAMELEN)
@@ -437,14 +432,6 @@ xfs_attr_set(bhv_desc_t *bdp, const char *name, char *value, int valuelen, int f
 	if (XFS_FORCED_SHUTDOWN(dp->i_mount))
 		return (EIO);
-	xfs_ilock(dp, XFS_ILOCK_SHARED);
-	if (!(flags & ATTR_SECURE) &&
-	     (error = xfs_iaccess(dp, S_IWUSR, cred))) {
-		xfs_iunlock(dp, XFS_ILOCK_SHARED);
-		return(XFS_ERROR(error));
-	}
-	xfs_iunlock(dp, XFS_ILOCK_SHARED);
 	return xfs_attr_set_int(dp, name, namelen, value, valuelen, flags);
 }
@@ -579,7 +566,7 @@ int
 xfs_attr_remove(bhv_desc_t *bdp, const char *name, int flags, struct cred *cred)
 {
 	xfs_inode_t         *dp;
-	int                 namelen, error;
+	int                 namelen;
 	namelen = strlen(name);
 	if (namelen >= MAXNAMELEN)
@@ -592,11 +579,7 @@ xfs_attr_remove(bhv_desc_t *bdp, const char *name, int flags, struct cred *cred)
 		return (EIO);
 	xfs_ilock(dp, XFS_ILOCK_SHARED);
-	if (!(flags & ATTR_SECURE) &&
+	if (XFS_IFORK_Q(dp) == 0 ||
-	     (error = xfs_iaccess(dp, S_IWUSR, cred))) {
-		xfs_iunlock(dp, XFS_ILOCK_SHARED);
-		return(XFS_ERROR(error));
-	} else if (XFS_IFORK_Q(dp) == 0 ||
 		   (dp->i_d.di_aformat == XFS_DINODE_FMT_EXTENTS &&
 		    dp->i_d.di_anextents == 0)) {
 		xfs_iunlock(dp, XFS_ILOCK_SHARED);
@@ -668,12 +651,6 @@ xfs_attr_list(bhv_desc_t *bdp, char *buffer, int bufsize, int flags,
 		return (EIO);
 	xfs_ilock(dp, XFS_ILOCK_SHARED);
-	if (!(flags & ATTR_SECURE) &&
-	     (error = xfs_iaccess(dp, S_IRUSR, cred))) {
-		xfs_iunlock(dp, XFS_ILOCK_SHARED);
-		return(XFS_ERROR(error));
-	}
 	/*
 	 * Decide on what work routines to call based on the inode size.
 	 */