[AppArmor 21/47] Add a struct vfsmount parameter to vfs_setxattr()

From: John
Date: Thu Dec 20 2007 - 09:21:29 EST

The vfsmount will be passed down to the LSM hook so that LSMs can compute
pathnames.

Signed-off-by: Tony Jones <tonyj@xxxxxxx>
Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxx>
Signed-off-by: John Johansen <jjohansen@xxxxxxx>

---
fs/nfsd/vfs.c | 16 +++++++++++-----
fs/unionfs/copyup.c | 18 ++++++++++++------
fs/unionfs/xattr.c | 7 +++++--
fs/xattr.c | 16 ++++++++--------
include/linux/xattr.h | 3 ++-
5 files changed, 38 insertions(+), 22 deletions(-)

--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -426,7 +426,8 @@ static ssize_t nfsd_getxattr(struct dent

#if defined(CONFIG_NFSD_V4)
static int
-set_nfsv4_acl_one(struct dentry *dentry, struct posix_acl *pacl, char *key)
+set_nfsv4_acl_one(struct dentry *dentry, struct vfsmount *mnt,
+ struct posix_acl *pacl, char *key)
{
int len;
size_t buflen;
@@ -445,7 +446,7 @@ set_nfsv4_acl_one(struct dentry *dentry,
goto out;
}

- error = vfs_setxattr(dentry, key, buf, len, 0);
+ error = vfs_setxattr(dentry, mnt, key, buf, len, 0);
out:
kfree(buf);
return error;
@@ -458,6 +459,7 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqst
__be32 error;
int host_error;
struct dentry *dentry;
+ struct vfsmount *mnt;
struct inode *inode;
struct posix_acl *pacl = NULL, *dpacl = NULL;
unsigned int flags = 0;
@@ -468,6 +470,7 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqst
return error;

dentry = fhp->fh_dentry;
+ mnt = fhp->fh_export->ex_path.mnt;
inode = dentry->d_inode;
if (S_ISDIR(inode->i_mode))
flags = NFS4_ACL_DIR;
@@ -478,12 +481,14 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqst
} else if (host_error < 0)
goto out_nfserr;

- host_error = set_nfsv4_acl_one(dentry, pacl, POSIX_ACL_XATTR_ACCESS);
+ host_error = set_nfsv4_acl_one(dentry, mnt, pacl,
+ POSIX_ACL_XATTR_ACCESS);
if (host_error < 0)
goto out_release;

if (S_ISDIR(inode->i_mode))
- host_error = set_nfsv4_acl_one(dentry, dpacl, POSIX_ACL_XATTR_DEFAULT);
+ host_error = set_nfsv4_acl_one(dentry, mnt, dpacl,
+ POSIX_ACL_XATTR_DEFAULT);

out_release:
posix_acl_release(pacl);
@@ -2057,7 +2062,8 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i
size = 0;

if (size)
- error = vfs_setxattr(fhp->fh_dentry, name, value, size, 0);
+ error = vfs_setxattr(fhp->fh_dentry, fhp->fh_export->ex_path.mnt,
+ name, value, size,0);
else {
if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT)
error = 0;
--- a/fs/unionfs/copyup.c
+++ b/fs/unionfs/copyup.c
@@ -26,7 +26,9 @@
#ifdef CONFIG_UNION_FS_XATTR
/* copyup all extended attrs for a given dentry */
static int copyup_xattrs(struct dentry *old_lower_dentry,
- struct dentry *new_lower_dentry)
+ struct vfsmount *old_lower_mnt,
+ struct dentry *new_lower_dentry,
+ struct vfsmount *new_lower_mnt)
{
int err = 0;
ssize_t list_size = -1;
@@ -82,8 +84,8 @@ static int copyup_xattrs(struct dentry *
goto out;
}
/* Don't lock here since vfs_setxattr does it for us. */
- err = vfs_setxattr(new_lower_dentry, name_list, attr_value,
- size, 0);
+ err = vfs_setxattr(new_lower_dentry, new_lower_mnt, name_list,
+ attr_value, size, 0);
/*
* Selinux depends on "security.*" xattrs, so to maintain
* the security of copied-up files, if Selinux is active,
@@ -93,8 +95,8 @@ static int copyup_xattrs(struct dentry *
*/
if (err == -EPERM && !capable(CAP_FOWNER)) {
cap_raise(current->cap_effective, CAP_FOWNER);
- err = vfs_setxattr(new_lower_dentry, name_list,
- attr_value, size, 0);
+ err = vfs_setxattr(new_lower_dentry, new_lower_mnt,
+ name_list, attr_value, size, 0);
cap_lower(current->cap_effective, CAP_FOWNER);
}
if (err < 0)
@@ -380,6 +382,7 @@ int copyup_dentry(struct inode *dir, str
struct dentry *new_lower_dentry;
struct vfsmount *new_lower_mnt;
struct dentry *old_lower_dentry = NULL;
+ struct vfsmount *old_lower_mnt;
struct super_block *sb;
int err = 0;
int old_bindex;
@@ -413,6 +416,8 @@ int copyup_dentry(struct inode *dir, str
}

old_lower_dentry = unionfs_lower_dentry_idx(dentry, old_bindex);
+ old_lower_mnt = unionfs_lower_mnt_idx(dentry, old_bindex);
+
/* we conditionally dput this old_lower_dentry at end of function */
dget(old_lower_dentry);

@@ -474,7 +479,8 @@ int copyup_dentry(struct inode *dir, str

#ifdef CONFIG_UNION_FS_XATTR
/* Selinux uses extended attributes for permissions. */
- err = copyup_xattrs(old_lower_dentry, new_lower_dentry);
+ err = copyup_xattrs(old_lower_dentry, old_lower_mnt,
+ new_lower_dentry, new_lower_mnt);
if (err)
goto out_unlink;
#endif /* CONFIG_UNION_FS_XATTR */
--- a/fs/unionfs/xattr.c
+++ b/fs/unionfs/xattr.c
@@ -72,6 +72,8 @@ int unionfs_setxattr(struct dentry *dent
const void *value, size_t size, int flags)
{
struct dentry *lower_dentry = NULL;
+ struct vfsmount *lower_mnt;
+
int err = -EOPNOTSUPP;

unionfs_read_lock(dentry->d_sb);
@@ -83,9 +85,10 @@ int unionfs_setxattr(struct dentry *dent
}

lower_dentry = unionfs_lower_dentry(dentry);
+ lower_mnt = unionfs_lower_mnt(dentry);

- err = vfs_setxattr(lower_dentry, (char *) name, (void *) value,
- size, flags);
+ err = vfs_setxattr(lower_dentry, lower_mnt, (char *) name,
+ (void *) value, size, flags);

out:
unionfs_check_dentry(dentry);
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -67,8 +67,8 @@ xattr_permission(struct inode *inode, co
}

int
-vfs_setxattr(struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
+vfs_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
+ void *value, size_t size, int flags)
{
struct inode *inode = dentry->d_inode;
int error;
@@ -218,8 +218,8 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
* Extended attribute SET operations
*/
static long
-setxattr(struct dentry *d, char __user *name, void __user *value,
- size_t size, int flags)
+setxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name,
+ void __user *value, size_t size, int flags)
{
int error;
void *kvalue = NULL;
@@ -246,7 +246,7 @@ setxattr(struct dentry *d, char __user *
}
}

- error = vfs_setxattr(d, kname, kvalue, size, flags);
+ error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags);
kfree(kvalue);
return error;
}
@@ -264,7 +264,7 @@ sys_setxattr(char __user *path, char __u
error = mnt_want_write(nd.path.mnt);
if (error)
return error;
- error = setxattr(nd.path.dentry, name, value, size, flags);
+ error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags);
mnt_drop_write(nd.path.mnt);
path_put(&nd.path);
return error;
@@ -283,7 +283,7 @@ sys_lsetxattr(char __user *path, char __
error = mnt_want_write(nd.path.mnt);
if (error)
return error;
- error = setxattr(nd.path.dentry, name, value, size, flags);
+ error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags);
mnt_drop_write(nd.path.mnt);
path_put(&nd.path);
return error;
@@ -305,7 +305,7 @@ sys_fsetxattr(int fd, char __user *name,
goto out_fput;
dentry = f->f_path.dentry;
audit_inode(NULL, dentry);
- error = setxattr(dentry, name, value, size, flags);
+ error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags);
mnt_drop_write(f->f_vfsmnt);
out_fput:
fput(f);
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -49,7 +49,8 @@ struct xattr_handler {
ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
ssize_t vfs_getxattr(struct dentry *, char *, void *, size_t);
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
-int vfs_setxattr(struct dentry *, char *, void *, size_t, int);
+int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t,
+ int);
int vfs_removexattr(struct dentry *, char *);

ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size);

--

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/