summaryrefslogtreecommitdiffstats
path: root/fs/jfs/xattr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'jfs-6.11' of github.com:kleikamp/linux-shaggyLinus Torvalds2024-07-241-4/+19
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull jfs updates from David Kleikamp: "Folio conversion from Matthew Wilcox and a few various fixes" * tag 'jfs-6.11' of github.com:kleikamp/linux-shaggy: jfs: don't walk off the end of ealist jfs: Fix shift-out-of-bounds in dbDiscardAG jfs: Fix array-index-out-of-bounds in diFree jfs: fix null ptr deref in dtInsertEntry jfs: Remove use of folio error flag fs: Remove i_blocks_per_page jfs: Change metapage->page to metapage->folio jfs: Convert force_metapage to use a folio jfs: Convert inc_io to take a folio jfs: Convert page_to_mp to folio_to_mp jfs; Convert __invalidate_metapages to use a folio jfs: Convert dec_io to take a folio jfs: Convert drop_metapage and remove_metapage to take a folio jfs; Convert release_metapage to use a folio jfs: Convert insert_metapage() to take a folio jfs: Convert __get_metapage to use a folio jfs: Convert metapage_writepage to metapage_write_folio jfs: Convert metapage_read_folio to use folio APIs
| * jfs: don't walk off the end of ealistlei lu2024-06-271-4/+19
| | | | | | | | | | | | | | | | Add a check before visiting the members of ea to make sure each ea stays within the ealist. Signed-off-by: lei lu <llfamsec@gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
* | jfs: xattr: fix buffer overflow for invalid xattrGreg Kroah-Hartman2024-06-041-1/+3
|/ | | | | | | | | | | | | | | When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log. Reported-by: syzbot+9dfe490c8176301c1d06@syzkaller.appspotmail.com Cc: Dave Kleikamp <shaggy@kernel.org> Link: https://lore.kernel.org/r/2024051433-slider-cloning-98f9@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* jfs: move jfs_xattr_handlers to .rodataWedson Almeida Filho2023-10-091-1/+1
| | | | | | | | | | | | This makes it harder for accidental or malicious changes to jfs_xattr_handlers at runtime. Cc: Dave Kleikamp <shaggy@kernel.org> Cc: jfs-discussion@lists.sourceforge.net Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com> Link: https://lore.kernel.org/r/20230930050033.41174-17-wedsonaf@gmail.com Reviewed-by: Dave Kleikamp <dave.kleikamp@oracle.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
* jfs: convert to ctime accessor functionsJeff Layton2023-07-241-1/+1
| | | | | | | | | | | | In later patches, we're going to change how the inode's ctime field is used. Switch to using accessor functions instead of raw accesses of inode->i_ctime. Acked-by: Dave Kleikamp <dave.kleikamp@oracle.com> Signed-off-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: Jan Kara <jack@suse.cz> Message-Id: <20230705190309.579783-53-jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>
* fs: drop unused posix acl handlersChristian Brauner2023-03-061-4/+0
| | | | | | | | | | | Remove struct posix_acl_{access,default}_handler for all filesystems that don't depend on the xattr handler in their inode->i_op->listxattr() method in any way. There's nothing more to do than to simply remove the handler. It's been effectively unused ever since we introduced the new posix acl api. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
* fs: port xattr to mnt_idmapChristian Brauner2023-01-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
* acl: handle idmapped mountsChristian Brauner2021-01-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The posix acl permission checking helpers determine whether a caller is privileged over an inode according to the acls associated with the inode. Add helpers that make it possible to handle acls on idmapped mounts. The vfs and the filesystems targeted by this first iteration make use of posix_acl_fix_xattr_from_user() and posix_acl_fix_xattr_to_user() to translate basic posix access and default permissions such as the ACL_USER and ACL_GROUP type according to the initial user namespace (or the superblock's user namespace) to and from the caller's current user namespace. Adapt these two helpers to handle idmapped mounts whereby we either map from or into the mount's user namespace depending on in which direction we're translating. Similarly, cap_convert_nscap() is used by the vfs to translate user namespace and non-user namespace aware filesystem capabilities from the superblock's user namespace to the caller's user namespace. Enable it to handle idmapped mounts by accounting for the mount's user namespace. In addition the fileystems targeted in the first iteration of this patch series make use of the posix_acl_chmod() and, posix_acl_update_mode() helpers. Both helpers perform permission checks on the target inode. Let them handle idmapped mounts. These two helpers are called when posix acls are set by the respective filesystems to handle this case we extend the ->set() method to take an additional user namespace argument to pass the mount's user namespace down. Link: https://lore.kernel.org/r/20210121131959.646623-9-christian.brauner@ubuntu.com Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156Thomas Gleixner2019-05-301-14/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1334 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* jfs: Fix inconsistency between memory allocation and ea_buf->max_sizeShankara Pailoor2018-06-051-4/+6
| | | | | | | | The code is assuming the buffer is max_size length, but we weren't allocating enough space for it. Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
* fs: Replace CURRENT_TIME with current_time() for inode timestampsDeepa Dinamani2016-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | CURRENT_TIME macro is not appropriate for filesystems as it doesn't use the right granularity for filesystem timestamps. Use current_time() instead. CURRENT_TIME is also not y2038 safe. This is also in preparation for the patch that transitions vfs timestamps to use 64 bit time and hence make them y2038 safe. As part of the effort current_time() will be extended to do range checks. Hence, it is necessary for all file system timestamps to use current_time(). Also, current_time() will be transitioned along with vfs to be y2038 safe. Note that whenever a single call to current_time() is used to change timestamps in different inodes, it is because they share the same time granularity. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Felipe Balbi <balbi@kernel.org> Acked-by: Steven Whitehouse <swhiteho@redhat.com> Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Acked-by: David Sterba <dsterba@suse.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* switch xattr_handler->set() to passing dentry and inode separatelyAl Viro2016-05-271-8/+6
| | | | | | | preparation for similar switch in ->setxattr() (see the next commit for rationale). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* jfs: Switch to generic xattr handlersAndreas Gruenbacher2016-05-131-100/+70
| | | | | | | | | | | | | This is mostly the same as on other filesystems except for attribute names with an "os2." prefix: for those, the prefix is not stored on disk, and on-attribute names without a prefix have "os2." added. As on several other filesystems, the underlying function for setting/removing xattrs (__jfs_setxattr) removes attributes when the value is NULL, so the set xattr handlers will work as expected. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* jfs: Clean up xattr name mappingAndreas Gruenbacher2016-05-131-55/+25
| | | | | | | | | Instead of stripping "os2." prefixes in __jfs_setxattr, make callers strip them, as __jfs_getxattr already does. With that change, use the same name mapping function in jfs_{get,set,remove}xattr. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* ->getxattr(): pass dentry and inode as separate argumentsAl Viro2016-04-111-4/+4
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* VFS: normal filesystems (and lustre): d_inode() annotationsDavid Howells2015-04-151-6/+6
| | | | | | | that's the bulk of filesystem drivers dealing with inodes of their own Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* jfs: fix generic posix ACL regressionDave Kleikamp2014-02-081-7/+7
| | | | | | | | | | I missed a couple errors in reviewing the patches converting jfs to use the generic posix ACL function. Setting ACL's currently fails with -EOPNOTSUPP. Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> Reported-by: Michael L. Semon <mlsemon35@gmail.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
* Merge tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggyLinus Torvalds2014-01-311-1/+14
|\ | | | | | | | | | | | | | | Pull jfs fix from David Kleikamp: "Minor bug fix for linux-3.14" * tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy: jfs: fix xattr value size overflow in __jfs_setxattr
| * jfs: fix xattr value size overflow in __jfs_setxattrJie Liu2014-01-021-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a potential overflow if the specified EA value size is greater than USHRT_MAX because the size of value is limited by the on-disk format (i.e, __le16), this issue could be reflected via the tests below: # touch /jfs/testfile # setfattr -n user.comment -v `perl -e 'print "A"x65536'` /jfs/testfile setfattr: /jfs/testfile: Invalid argument Syslog: ... jfs_xsetattr: xattr_size = 21, new_size = 65557 This patch add pre-checkups of EA value size against USHRT_MAX to avoid this problem, and return -E2BIG which is consistent with the VFS setxattr interface. Moreover, fix the debug code to print the correct function name. With this fix: setfattr: /jfs/testfile: Argument list too long Signed-off-by: Jie Liu <jeff.liu@oracle.com> Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
* | jfs: use generic posix ACL infrastructureChristoph Hellwig2014-01-261-70/+38
|/ | | | | | | | | Copy the scheme I introduced to btrfs many years ago to only use the xattr handler for ACLs, but pass plain attrs straight through. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Dave Kleikamp <dave.kleikamp@oracle.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* jfs: Update jfs_errorJoe Perches2013-06-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | Use a more current logging style. Add __printf format and argument verification. Remove embedded function names from formats. Add %pf, __builtin_return_address(0) to jfs_error. Add newlines to formats for kernel style consistency. (One format already had an erroneous newline) Coalesce formats and align arguments. Object size reduced ~1KiB. $ size fs/jfs/built-in.o* text data bss dec hex filename 201891 35488 63936 301315 49903 fs/jfs/built-in.o.new 202821 35488 64192 302501 49da5 fs/jfs/built-in.o.old Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
* jfs: fix sparse warning in fs/jfs/xattr.cDave Kleikamp2013-06-051-2/+2
| | | | | | | CHECK fs/jfs/xattr.c fs/jfs/xattr.c:1092:5: warning: symbol 'jfs_initxattrs' was not declared. Should it be static? Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
* userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattrEric W. Biederman2012-09-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | - Pass the user namespace the uid and gid values in the xattr are stored in into posix_acl_from_xattr. - Pass the user namespace kuid and kgid values should be converted into when storing uid and gid values in an xattr in posix_acl_to_xattr. - Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to pass in &init_user_ns. In the short term this change is not strictly needed but it makes the code clearer. In the longer term this change is necessary to be able to mount filesystems outside of the initial user namespace that natively store posix acls in the linux xattr format. Cc: Theodore Tso <tytso@mit.edu> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* Merge branch 'next-evm' of ↵James Morris2011-08-091-29/+28
|\ | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next Conflicts: fs/attr.c Resolve conflict manually. Signed-off-by: James Morris <jmorris@namei.org>
| * security: new security_inode_init_security API adds function callbackMimi Zohar2011-07-181-29/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch changes the security_inode_init_security API by adding a filesystem specific callback to write security extended attributes. This change is in preparation for supporting the initialization of multiple LSM xattrs and the EVM xattr. Initially the callback function walks an array of xattrs, writing each xattr separately, but could be optimized to write multiple xattrs at once. For existing security_inode_init_security() calls, which have not yet been converted to use the new callback function, such as those in reiserfs and ocfs2, this patch defines security_old_inode_init_security(). Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
* | switch posix_acl_equiv_mode() to umode_t *Al Viro2011-08-011-3/+1
|/ | | | | | ... so that &inode->i_mode could be passed to it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* userns: rename is_owner_or_cap to inode_owner_or_capableSerge E. Hallyn2011-03-241-1/+1
| | | | | | | | | | | | | And give it a kernel-doc comment. [akpm@linux-foundation.org: btrfs changed in linux-next] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* fs/vfs/security: pass last path component to LSM on inode creationEric Paris2011-02-011-2/+4
| | | | | | | | | | | | | | | | | | | SELinux would like to implement a new labeling behavior of newly created inodes. We currently label new inodes based on the parent and the creating process. This new behavior would also take into account the name of the new object when deciding the new label. This is not the (supposed) full path, just the last component of the path. This is very useful because creating /etc/shadow is different than creating /etc/passwd but the kernel hooks are unable to differentiate these operations. We currently require that userspace realize it is doing some difficult operation like that and than userspace jumps through SELinux hoops to get things set up correctly. This patch does not implement new behavior, that is obviously contained in a seperate SELinux patch, but it does pass the needed name down to the correct LSM hook. If no such name exists it is fine to pass NULL. Signed-off-by: Eric Paris <eparis@redhat.com>
* jfs: don't allow os2 xattr namespace overlap with othersDave Kleikamp2010-08-111-49/+38
| | | | | | | | | | | | | It's currently possible to bypass xattr namespace access rules by prefixing valid xattr names with "os2.", since the os2 namespace stores extended attributes in a legacy format with no prefix. This patch adds checking to deny access to any valid namespace prefix following "os2.". Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Reported-by: Sergey Vlasov <vsu@altlinux.ru> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* include cleanup: Update gfp.h and slab.h includes to prepare for breaking ↵Tejun Heo2010-03-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo <tj@kernel.org> Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
* dquot: cleanup space allocation / freeing routinesChristoph Hellwig2010-03-051-8/+9
| | | | | | | | | | | | | | | | Get rid of the alloc_space, free_space, reserve_space, claim_space and release_rsv dquot operations - they are always called from the filesystem and if a filesystem really needs their own (which none currently does) it can just call into it's own routine directly. Move shared logic into the common __dquot_alloc_space, dquot_claim_space_nodirty and __dquot_free_space low-level methods, and rationalize the wrappers around it to move as much as possible code into the common block for CONFIG_QUOTA vs not. Also rename all these helpers to be named dquot_* instead of vfs_dq_*. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz>
* helpers for acl caching + switch to thoseAl Viro2009-06-241-8/+2
| | | | | | | | | helpers: get_cached_acl(inode, type), set_cached_acl(inode, type, acl), forget_cached_acl(inode, type). ubifs/xattr.c needed includes reordered, the rest is a plain switchover. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* switch jfs to inode->i_aclAl Viro2009-06-241-6/+6
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* jfs: Use lowercase names of quota functionsJan Kara2009-03-261-6/+6
| | | | | | | Use lowercase names of quota functions instead of old uppercase ones. Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Dave Kleikamp <shaggy@austin.ibm.com>
* Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid checkSatyam Sharma2007-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | Introduce is_owner_or_cap() macro in fs.h, and convert over relevant users to it. This is done because we want to avoid bugs in the future where we check for only effective fsuid of the current task against a file's owning uid, without simultaneously checking for CAP_FOWNER as well, thus violating its semantics. [ XFS uses special macros and structures, and in general looked ... untouchable, so we leave it alone -- but it has been looked over. ] The (current->fsuid != inode->i_uid) check in generic_permission() and exec_permission_lite() is left alone, because those operations are covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone. Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in> Cc: Al Viro <viro@ftp.linux.org.uk> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* JFS: Update print_hex_dump() syntaxDave Kleikamp2007-06-131-2/+2
| | | | Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
* JFS: use print_hex_dump() rather than private dump_mem() functionDave Kleikamp2007-06-061-1/+2
| | | | Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
* JFS: Whitespace cleanup and remove some dead codeDave Kleikamp2007-06-061-3/+3
| | | | Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
* JFS: Remove redundant xattr permission checkingDave Kleikamp2006-11-021-4/+5
| | | | | | | | The vfs handles most permissions for setting and retrieving xattrs. This patch removes a redundant and wrong check so that it won't override the correct behavior which is being fixed in the vfs. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
* JFS: White space cleanupDave Kleikamp2006-10-021-19/+19
| | | | | | | | Removed trailing spaces & tabs, and spaces preceding tabs. Also a couple very minor comment cleanups. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> (cherry picked from f74156539964d7b3d5164fdf8848e6a682f75b97 commit)
* [PATCH] fs/jfs: Conversion to generic booleanRichard Knutsson2006-10-011-5/+5
| | | | | | | | | Conversion of booleans to: generic-boolean.patch (2006-08-23) Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se> Cc: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* JFS: semaphore to mutex conversion.Ingo Molnar2006-01-241-4/+4
| | | | | | | | | | the conversion was generated via scripts, and the result was validated automatically via a script as well. build and boot tested. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
* [PATCH] capable/capability.h (fs/)Randy Dunlap2006-01-121-0/+1
| | | | | | | | | fs: Use <linux/capability.h> where capable() is used. Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Acked-by: Tim Schmielau <tim@physik3.uni-rostock.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] remove jfs xattr permission checksChristoph Hellwig2006-01-101-42/+9
| | | | | | | | remove checks now in the VFS Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] move xattr permission checks into the VFSakpm@osdl.org2006-01-101-15/+0
| | | | | | | | | | | | | | | | | | | | ) From: Christoph Hellwig <hch@lst.de> The xattr code has rather complex permission checks because the rules are very different for different attribute namespaces. This patch moves as much as we can into the generic code. Currently all the major disk based filesystems duplicate these checks, while many minor filesystems or network filesystems lack some or all of them. To do this we need defines for the extended attribute names in common code, I moved them up from JFS which had the nicest defintions. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* JFS: Implement jfs_init_securityDave Kleikamp2005-09-011-0/+36
| | | | | | This atomically initializes the security xattr when an object is created Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
* JFS: allow extended attributes to be set within a existing transactionDave Kleikamp2005-09-011-17/+41
| | | | Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
* JFS: Need to be root to create files with security contextIan Dall2005-07-131-2/+2
| | | | | | It turns out this is due to some inverted logic in xattr.c Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
* JFS: Allow security.* xattrs to be set on symlinksDave Kleikamp2005-07-131-1/+1
| | | | | | | | | All of the different xattr namespaces have different rules. user.* and ACL's are not allowed on symlinks, and since these were the first xattrs implemented, I assumed there was no need to support xattrs on symlinks. This one-line patch should fix it. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
* [PATCH] remove <linux/xattr_acl.h>Christoph Hellwig2005-06-231-3/+4
| | | | | | | | | This file duplicates <linux/posix_acl_xattr.h>, using slightly different names. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>