Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1fc0f78c authored by Al Viro's avatar Al Viro
Browse files

->permission() sanitizing: MAY_NOT_BLOCK



Duplicate the flags argument into mask bitmap.

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 178ea735
Loading
Loading
Loading
Loading
+5 −2
Original line number Diff line number Diff line
@@ -318,13 +318,16 @@ static inline int exec_permission(struct inode *inode, unsigned int flags)
{
	int ret;
	struct user_namespace *ns = inode_userns(inode);
	int mask = MAY_EXEC;
	if (flags & IPERM_FLAG_RCU)
		mask |= MAY_NOT_BLOCK;

	if (inode->i_op->permission) {
		ret = inode->i_op->permission(inode, MAY_EXEC, flags);
		ret = inode->i_op->permission(inode, mask, flags);
		if (likely(!ret))
			goto ok;
	} else {
		ret = acl_permission_check(inode, MAY_EXEC, flags);
		ret = acl_permission_check(inode, mask, flags);
		if (likely(!ret))
			goto ok;
		if (ret != -EACCES)
+1 −1
Original line number Diff line number Diff line
@@ -316,7 +316,7 @@ static int proc_sys_permission(struct inode *inode, int mask,unsigned int flags)
	if (!table) /* global root - r-xr-xr-x */
		error = mask & MAY_WRITE ? -EACCES : 0;
	else /* Use the permissions on the sysctl table entry */
		error = sysctl_perm(head->root, table, mask);
		error = sysctl_perm(head->root, table, mask & ~MAY_NOT_BLOCK);

	sysctl_head_finish(head);
	return error;
+1 −0
Original line number Diff line number Diff line
@@ -63,6 +63,7 @@ struct inodes_stat_t {
#define MAY_ACCESS 16
#define MAY_OPEN 32
#define MAY_CHDIR 64
#define MAY_NOT_BLOCK 128	/* called from RCU mode, don't block */

/*
 * flags in file.f_mode.  Note that FMODE_READ and FMODE_WRITE must correspond