[PATCH] remove xfs xattr permission checks
Christoph Hellwig [Tue, 10 Jan 2006 04:52:00 +0000 (20:52 -0800)]
remove checks now in the VFS

XFS has an additional xattr interface through obscure ioctl.  it requires
raised capabilities but we need to add some read-only/immutable checks anyway

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Nathan Scott <nathans@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/xfs/linux-2.6/xfs_ioctl.c
fs/xfs/xfs_attr.c

index b78b5eb..f98c5be 100644 (file)
@@ -530,6 +530,8 @@ xfs_attrmulti_attr_set(
        char                    *kbuf;
        int                     error = EFAULT;
 
+       if (IS_RDONLY(&vp->v_inode))
+               return -EROFS;
        if (IS_IMMUTABLE(&vp->v_inode) || IS_APPEND(&vp->v_inode))
                return EPERM;
        if (len > XATTR_SIZE_MAX)
@@ -557,6 +559,9 @@ xfs_attrmulti_attr_remove(
 {
        int                     error;
 
+
+       if (IS_RDONLY(&vp->v_inode))
+               return -EROFS;
        if (IS_IMMUTABLE(&vp->v_inode) || IS_APPEND(&vp->v_inode))
                return EPERM;
 
index 5484eeb..1a11c2b 100644 (file)
@@ -117,11 +117,6 @@ xfs_attr_fetch(xfs_inode_t *ip, const char *name, int namelen,
             ip->i_d.di_anextents == 0))
                return(ENOATTR);
 
-       if (!(flags & (ATTR_KERNACCESS|ATTR_SECURE))) {
-               if ((error = xfs_iaccess(ip, S_IRUSR, cred)))
-                       return(XFS_ERROR(error));
-       }
-
        /*
         * Fill in the arg structure for this request.
         */
@@ -425,7 +420,7 @@ xfs_attr_set(bhv_desc_t *bdp, const char *name, char *value, int valuelen, int f
             struct cred *cred)
 {
        xfs_inode_t     *dp;
-       int             namelen, error;
+       int             namelen;
 
        namelen = strlen(name);
        if (namelen >= MAXNAMELEN)
@@ -437,14 +432,6 @@ xfs_attr_set(bhv_desc_t *bdp, const char *name, char *value, int valuelen, int f
        if (XFS_FORCED_SHUTDOWN(dp->i_mount))
                return (EIO);
 
-       xfs_ilock(dp, XFS_ILOCK_SHARED);
-       if (!(flags & ATTR_SECURE) &&
-            (error = xfs_iaccess(dp, S_IWUSR, cred))) {
-               xfs_iunlock(dp, XFS_ILOCK_SHARED);
-               return(XFS_ERROR(error));
-       }
-       xfs_iunlock(dp, XFS_ILOCK_SHARED);
-
        return xfs_attr_set_int(dp, name, namelen, value, valuelen, flags);
 }
 
@@ -579,7 +566,7 @@ int
 xfs_attr_remove(bhv_desc_t *bdp, const char *name, int flags, struct cred *cred)
 {
        xfs_inode_t         *dp;
-       int                 namelen, error;
+       int                 namelen;
 
        namelen = strlen(name);
        if (namelen >= MAXNAMELEN)
@@ -592,11 +579,7 @@ xfs_attr_remove(bhv_desc_t *bdp, const char *name, int flags, struct cred *cred)
                return (EIO);
 
        xfs_ilock(dp, XFS_ILOCK_SHARED);
-       if (!(flags & ATTR_SECURE) &&
-            (error = xfs_iaccess(dp, S_IWUSR, cred))) {
-               xfs_iunlock(dp, XFS_ILOCK_SHARED);
-               return(XFS_ERROR(error));
-       } else if (XFS_IFORK_Q(dp) == 0 ||
+       if (XFS_IFORK_Q(dp) == 0 ||
                   (dp->i_d.di_aformat == XFS_DINODE_FMT_EXTENTS &&
                    dp->i_d.di_anextents == 0)) {
                xfs_iunlock(dp, XFS_ILOCK_SHARED);
@@ -668,12 +651,6 @@ xfs_attr_list(bhv_desc_t *bdp, char *buffer, int bufsize, int flags,
                return (EIO);
 
        xfs_ilock(dp, XFS_ILOCK_SHARED);
-       if (!(flags & ATTR_SECURE) &&
-            (error = xfs_iaccess(dp, S_IRUSR, cred))) {
-               xfs_iunlock(dp, XFS_ILOCK_SHARED);
-               return(XFS_ERROR(error));
-       }
-
        /*
         * Decide on what work routines to call based on the inode size.
         */