Commit c2132c1b authored by Anatol Pomozov's avatar Anatol Pomozov Committed by Miklos Szeredi

Do not use RCU for current process credentials

Commit c69e8d9c added rcu lock to fuse/dir.c It was assuming
that 'task' is some other process but in fact this parameter always
equals to 'current'. Inline this parameter to make it more readable
and remove RCU lock as it is not needed when access current process
credentials.
Signed-off-by: default avatarAnatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
parent fb05f41f
...@@ -985,7 +985,7 @@ int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid, ...@@ -985,7 +985,7 @@ int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid,
/* /*
* Calling into a user-controlled filesystem gives the filesystem * Calling into a user-controlled filesystem gives the filesystem
* daemon ptrace-like capabilities over the requester process. This * daemon ptrace-like capabilities over the current process. This
* means, that the filesystem daemon is able to record the exact * means, that the filesystem daemon is able to record the exact
* filesystem operations performed, and can also control the behavior * filesystem operations performed, and can also control the behavior
* of the requester process in otherwise impossible ways. For example * of the requester process in otherwise impossible ways. For example
...@@ -996,27 +996,23 @@ int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid, ...@@ -996,27 +996,23 @@ int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid,
* for which the owner of the mount has ptrace privilege. This * for which the owner of the mount has ptrace privilege. This
* excludes processes started by other users, suid or sgid processes. * excludes processes started by other users, suid or sgid processes.
*/ */
int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) int fuse_allow_current_process(struct fuse_conn *fc)
{ {
const struct cred *cred; const struct cred *cred;
int ret;
if (fc->flags & FUSE_ALLOW_OTHER) if (fc->flags & FUSE_ALLOW_OTHER)
return 1; return 1;
rcu_read_lock(); cred = current_cred();
ret = 0;
cred = __task_cred(task);
if (uid_eq(cred->euid, fc->user_id) && if (uid_eq(cred->euid, fc->user_id) &&
uid_eq(cred->suid, fc->user_id) && uid_eq(cred->suid, fc->user_id) &&
uid_eq(cred->uid, fc->user_id) && uid_eq(cred->uid, fc->user_id) &&
gid_eq(cred->egid, fc->group_id) && gid_eq(cred->egid, fc->group_id) &&
gid_eq(cred->sgid, fc->group_id) && gid_eq(cred->sgid, fc->group_id) &&
gid_eq(cred->gid, fc->group_id)) gid_eq(cred->gid, fc->group_id))
ret = 1; return 1;
rcu_read_unlock();
return ret; return 0;
} }
static int fuse_access(struct inode *inode, int mask) static int fuse_access(struct inode *inode, int mask)
...@@ -1077,7 +1073,7 @@ static int fuse_permission(struct inode *inode, int mask) ...@@ -1077,7 +1073,7 @@ static int fuse_permission(struct inode *inode, int mask)
bool refreshed = false; bool refreshed = false;
int err = 0; int err = 0;
if (!fuse_allow_task(fc, current)) if (!fuse_allow_current_process(fc))
return -EACCES; return -EACCES;
/* /*
...@@ -1544,7 +1540,7 @@ static int fuse_do_setattr(struct dentry *entry, struct iattr *attr, ...@@ -1544,7 +1540,7 @@ static int fuse_do_setattr(struct dentry *entry, struct iattr *attr,
loff_t oldsize; loff_t oldsize;
int err; int err;
if (!fuse_allow_task(fc, current)) if (!fuse_allow_current_process(fc))
return -EACCES; return -EACCES;
if (!(fc->flags & FUSE_DEFAULT_PERMISSIONS)) if (!(fc->flags & FUSE_DEFAULT_PERMISSIONS))
...@@ -1653,7 +1649,7 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, ...@@ -1653,7 +1649,7 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry,
struct inode *inode = entry->d_inode; struct inode *inode = entry->d_inode;
struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_conn *fc = get_fuse_conn(inode);
if (!fuse_allow_task(fc, current)) if (!fuse_allow_current_process(fc))
return -EACCES; return -EACCES;
return fuse_update_attributes(inode, stat, NULL, NULL); return fuse_update_attributes(inode, stat, NULL, NULL);
...@@ -1756,7 +1752,7 @@ static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) ...@@ -1756,7 +1752,7 @@ static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size)
struct fuse_getxattr_out outarg; struct fuse_getxattr_out outarg;
ssize_t ret; ssize_t ret;
if (!fuse_allow_task(fc, current)) if (!fuse_allow_current_process(fc))
return -EACCES; return -EACCES;
if (fc->no_listxattr) if (fc->no_listxattr)
......
...@@ -2082,7 +2082,7 @@ long fuse_ioctl_common(struct file *file, unsigned int cmd, ...@@ -2082,7 +2082,7 @@ long fuse_ioctl_common(struct file *file, unsigned int cmd,
struct inode *inode = file->f_dentry->d_inode; struct inode *inode = file->f_dentry->d_inode;
struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_conn *fc = get_fuse_conn(inode);
if (!fuse_allow_task(fc, current)) if (!fuse_allow_current_process(fc))
return -EACCES; return -EACCES;
if (is_bad_inode(inode)) if (is_bad_inode(inode))
......
...@@ -774,9 +774,9 @@ void fuse_ctl_remove_conn(struct fuse_conn *fc); ...@@ -774,9 +774,9 @@ void fuse_ctl_remove_conn(struct fuse_conn *fc);
int fuse_valid_type(int m); int fuse_valid_type(int m);
/** /**
* Is task allowed to perform filesystem operation? * Is current process allowed to perform filesystem operation?
*/ */
int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task); int fuse_allow_current_process(struct fuse_conn *fc);
u64 fuse_lock_owner_id(struct fuse_conn *fc, fl_owner_t id); u64 fuse_lock_owner_id(struct fuse_conn *fc, fl_owner_t id);
......
...@@ -408,7 +408,7 @@ static int fuse_statfs(struct dentry *dentry, struct kstatfs *buf) ...@@ -408,7 +408,7 @@ static int fuse_statfs(struct dentry *dentry, struct kstatfs *buf)
struct fuse_statfs_out outarg; struct fuse_statfs_out outarg;
int err; int err;
if (!fuse_allow_task(fc, current)) { if (!fuse_allow_current_process(fc)) {
buf->f_type = FUSE_SUPER_MAGIC; buf->f_type = FUSE_SUPER_MAGIC;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment