[RFC 03/10] Pass no unnecessary information to iop->permission

From: Andreas Gruenbacher
Date: Wed Aug 08 2007 - 13:20:48 EST

Next message: Andreas Gruenbacher: "[RFC 05/10] Use vfs_permission instead of file_permission in sys_fchdir"
Previous message: Andreas Gruenbacher: "[RFC 04/10] Temporary struct vfs_lookup in file_permission"
In reply to: Andreas Gruenbacher: "Re: [RFC 04/10] Temporary struct vfs_lookup in file_permission"
Next in thread: Andreas Gruenbacher: "[RFC 05/10] Use vfs_permission instead of file_permission in sys_fchdir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The various permission functions and the permission inode operation do
not need a full nameidata. Pass a struct vfs_lookup instead.

Signed-off-by: Andreas Gruenbacher <ag@xxxxxxxxxxx>

---
fs/afs/internal.h | 4 +---
fs/afs/security.c | 2 +-
fs/bad_inode.c | 2 +-
fs/cifs/cifsfs.c | 3 ++-
fs/coda/dir.c | 2 +-
fs/coda/pioctl.c | 4 ++--
fs/ecryptfs/inode.c | 20 ++++++++++----------
fs/exec.c | 4 ++--
fs/ext2/acl.c | 2 +-
fs/ext2/acl.h | 2 +-
fs/ext3/acl.c | 2 +-
fs/ext3/acl.h | 2 +-
fs/ext4/acl.c | 2 +-
fs/ext4/acl.h | 2 +-
fs/fuse/dir.c | 4 ++--
fs/gfs2/ops_inode.c | 4 ++--
fs/hfs/inode.c | 2 +-
fs/hfsplus/inode.c | 2 +-
fs/inotify_user.c | 2 +-
fs/jffs2/acl.c | 2 +-
fs/jffs2/acl.h | 2 +-
fs/jfs/acl.c | 2 +-
fs/jfs/jfs_acl.h | 2 +-
fs/namei.c | 34 +++++++++++++++++-----------------
fs/nfs/dir.c | 8 ++++----
fs/ocfs2/file.c | 2 +-
fs/ocfs2/file.h | 3 +--
fs/open.c | 8 ++++----
fs/proc/base.c | 2 +-
fs/proc/proc_sysctl.c | 7 ++++---
fs/reiserfs/xattr.c | 3 ++-
fs/smbfs/file.c | 2 +-
fs/utimes.c | 2 +-
fs/xfs/linux-2.6/xfs_iops.c | 2 +-
include/linux/coda_linux.h | 2 +-
include/linux/fs.h | 6 +++---
include/linux/nfs_fs.h | 2 +-
include/linux/reiserfs_xattr.h | 4 ++--
include/linux/security.h | 10 +++++-----
include/linux/shmem_fs.h | 2 +-
mm/shmem_acl.c | 2 +-
net/unix/af_unix.c | 2 +-
security/dummy.c | 2 +-
security/selinux/hooks.c | 4 ++--
44 files changed, 92 insertions(+), 92 deletions(-)

--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -469,8 +469,6 @@ extern bool afs_cm_incoming_call(struct
extern const struct inode_operations afs_dir_inode_operations;
extern const struct file_operations afs_dir_file_operations;

-extern int afs_permission(struct inode *, int, struct nameidata *);
-
/*
* file.c
*/
@@ -607,7 +605,7 @@ extern void afs_clear_permits(struct afs
extern void afs_cache_permit(struct afs_vnode *, struct key *, long);
extern void afs_zap_permits(struct rcu_head *);
extern struct key *afs_request_key(struct afs_cell *);
-extern int afs_permission(struct inode *, int, struct nameidata *);
+extern int afs_permission(struct inode *, int, struct vfs_lookup *);

/*
* server.c
--- a/fs/afs/security.c
+++ b/fs/afs/security.c
@@ -284,7 +284,7 @@ static int afs_check_permit(struct afs_v
* - AFS ACLs are attached to directories only, and a file is controlled by its
* parent directory's ACL
*/
-int afs_permission(struct inode *inode, int mask, struct nameidata *nd)
+int afs_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
struct afs_vnode *vnode = AFS_FS_I(inode);
afs_access_t access;
--- a/fs/bad_inode.c
+++ b/fs/bad_inode.c
@@ -244,7 +244,7 @@ static int bad_inode_readlink(struct den
}

static int bad_inode_permission(struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
return -EIO;
}
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -234,7 +234,8 @@ cifs_statfs(struct dentry *dentry, struc
longer available? */
}

-static int cifs_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int cifs_permission(struct inode *inode, int mask,
+ struct vfs_lookup *lookup)
{
struct cifs_sb_info *cifs_sb;

--- a/fs/coda/dir.c
+++ b/fs/coda/dir.c
@@ -137,7 +137,7 @@ exit:
}

-int coda_permission(struct inode *inode, int mask, struct nameidata *nd)
+int coda_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
int error = 0;

--- a/fs/coda/pioctl.c
+++ b/fs/coda/pioctl.c
@@ -25,7 +25,7 @@

/* pioctl ops */
static int coda_ioctl_permission(struct inode *inode, int mask,
- struct nameidata *nd);
+ struct vfs_lookup *lookup);
static int coda_pioctl(struct inode * inode, struct file * filp,
unsigned int cmd, unsigned long user_data);

@@ -43,7 +43,7 @@ const struct file_operations coda_ioctl_

/* the coda pioctl inode ops */
static int coda_ioctl_permission(struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
return 0;
}
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -855,19 +855,19 @@ out:
}

static int
-ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd)
+ecryptfs_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
int rc;

- if (nd) {
- struct vfsmount *vfsmnt_save = nd->lookup.path.mnt;
- struct dentry *dentry_save = nd->lookup.path.dentry;
-
- nd->lookup.path.mnt = ecryptfs_dentry_to_lower_mnt(nd->lookup.path.dentry);
- nd->lookup.path.dentry = ecryptfs_dentry_to_lower(nd->lookup.path.dentry);
- rc = permission(ecryptfs_inode_to_lower(inode), mask, nd);
- nd->lookup.path.mnt = vfsmnt_save;
- nd->lookup.path.dentry = dentry_save;
+ if (lookup) {
+ struct vfsmount *vfsmnt_save = lookup->path.mnt;
+ struct dentry *dentry_save = lookup->path.dentry;
+
+ lookup->path.mnt = ecryptfs_dentry_to_lower_mnt(lookup->path.dentry);
+ lookup->path.dentry = ecryptfs_dentry_to_lower(lookup->path.dentry);
+ rc = permission(ecryptfs_inode_to_lower(inode), mask, lookup);
+ lookup->path.mnt = vfsmnt_save;
+ lookup->path.dentry = dentry_save;
} else
rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL);
return rc;
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -142,7 +142,7 @@ asmlinkage long sys_uselib(const char __
if (!S_ISREG(nd.lookup.path.dentry->d_inode->i_mode))
goto exit;

- error = vfs_permission(&nd, MAY_READ | MAY_EXEC);
+ error = vfs_permission(&nd.lookup, MAY_READ | MAY_EXEC);
if (error)
goto exit;

@@ -683,7 +683,7 @@ struct file *open_exec(const char *name)
file = ERR_PTR(-EACCES);
if (!(nd.lookup.path.mnt->mnt_flags & MNT_NOEXEC) &&
S_ISREG(inode->i_mode)) {
- int err = vfs_permission(&nd, MAY_EXEC);
+ int err = vfs_permission(&nd.lookup, MAY_EXEC);
file = ERR_PTR(err);
if (!err) {
file = nameidata_to_filp(&nd, O_RDONLY);
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -294,7 +294,7 @@ ext2_check_acl(struct inode *inode, int
}

int
-ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
+ext2_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return generic_permission(inode, mask, ext2_check_acl);
}
--- a/fs/ext2/acl.h
+++ b/fs/ext2/acl.h
@@ -58,7 +58,7 @@ static inline int ext2_acl_count(size_t
#define EXT2_ACL_NOT_CACHED ((void *)-1)

/* acl.c */
-extern int ext2_permission (struct inode *, int, struct nameidata *);
+extern int ext2_permission (struct inode *, int, struct vfs_lookup *);
extern int ext2_acl_chmod (struct inode *);
extern int ext2_init_acl (struct inode *, struct inode *);

--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -299,7 +299,7 @@ ext3_check_acl(struct inode *inode, int
}

int
-ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
+ext3_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return generic_permission(inode, mask, ext3_check_acl);
}
--- a/fs/ext3/acl.h
+++ b/fs/ext3/acl.h
@@ -58,7 +58,7 @@ static inline int ext3_acl_count(size_t
#define EXT3_ACL_NOT_CACHED ((void *)-1)

/* acl.c */
-extern int ext3_permission (struct inode *, int, struct nameidata *);
+extern int ext3_permission (struct inode *, int, struct vfs_lookup *);
extern int ext3_acl_chmod (struct inode *);
extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);

--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -299,7 +299,7 @@ ext4_check_acl(struct inode *inode, int
}

int
-ext4_permission(struct inode *inode, int mask, struct nameidata *nd)
+ext4_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return generic_permission(inode, mask, ext4_check_acl);
}
--- a/fs/ext4/acl.h
+++ b/fs/ext4/acl.h
@@ -58,7 +58,7 @@ static inline int ext4_acl_count(size_t
#define EXT4_ACL_NOT_CACHED ((void *)-1)

/* acl.c */
-extern int ext4_permission (struct inode *, int, struct nameidata *);
+extern int ext4_permission (struct inode *, int, struct vfs_lookup *);
extern int ext4_acl_chmod (struct inode *);
extern int ext4_init_acl (handle_t *, struct inode *, struct inode *);

--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -792,7 +792,7 @@ static int fuse_access(struct inode *ino
* access request is sent. Execute permission is still checked
* locally based on file mode.
*/
-static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int fuse_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
struct fuse_conn *fc = get_fuse_conn(inode);

@@ -821,7 +821,7 @@ static int fuse_permission(struct inode
if ((mask & MAY_EXEC) && !S_ISDIR(mode) && !(mode & S_IXUGO))
return -EACCES;

- if (nd && (nd->lookup.flags & (LOOKUP_ACCESS | LOOKUP_CHDIR)))
+ if (lookup && (lookup->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR)))
return fuse_access(inode, mask);
return 0;
}
--- a/fs/gfs2/ops_inode.c
+++ b/fs/gfs2/ops_inode.c
@@ -861,7 +861,7 @@ static void *gfs2_follow_link(struct den
* gfs2_permission -
* @inode:
* @mask:
- * @nd: passed from Linux VFS, ignored by us
+ * @lookup: passed from Linux VFS, ignored by us
*
* This may be called from the VFS directly, or from within GFS2 with the
* inode locked, so we look to see if the glock is already locked and only
@@ -870,7 +870,7 @@ static void *gfs2_follow_link(struct den
* Returns: errno
*/

-static int gfs2_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int gfs2_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
struct gfs2_inode *ip = GFS2_I(inode);
struct gfs2_holder i_gh;
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -508,7 +508,7 @@ void hfs_clear_inode(struct inode *inode
}

static int hfs_permission(struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
if (S_ISREG(inode->i_mode) && mask & MAY_EXEC)
return 0;
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -232,7 +232,7 @@ static void hfsplus_set_perms(struct ino
perms->dev = cpu_to_be32(HFSPLUS_I(inode).dev);
}

-static int hfsplus_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int hfsplus_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
/* MAY_EXEC is also used for lookup, if no x bit is set allow lookup,
* open_exec has the same test, so it's still not executable, if a x bit
--- a/fs/inotify_user.c
+++ b/fs/inotify_user.c
@@ -349,7 +349,7 @@ static int find_inode(const char __user
if (error)
return error;
/* you can only watch an inode if you have read permissions on it */
- error = vfs_permission(nd, MAY_READ);
+ error = vfs_permission(nd.lookup, MAY_READ);
if (error)
path_release(nd);
return error;
--- a/fs/jffs2/acl.c
+++ b/fs/jffs2/acl.c
@@ -302,7 +302,7 @@ static int jffs2_check_acl(struct inode
return -EAGAIN;
}

-int jffs2_permission(struct inode *inode, int mask, struct nameidata *nd)
+int jffs2_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return generic_permission(inode, mask, jffs2_check_acl);
}
--- a/fs/jffs2/acl.h
+++ b/fs/jffs2/acl.h
@@ -28,7 +28,7 @@ struct jffs2_acl_header {

#define JFFS2_ACL_NOT_CACHED ((void *)-1)

-extern int jffs2_permission(struct inode *, int, struct nameidata *);
+extern int jffs2_permission(struct inode *, int, struct vfs_lookup *);
extern int jffs2_acl_chmod(struct inode *);
extern int jffs2_init_acl(struct inode *, struct inode *);
extern void jffs2_clear_acl(struct jffs2_inode_info *);
--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -140,7 +140,7 @@ static int jfs_check_acl(struct inode *i
return -EAGAIN;
}

-int jfs_permission(struct inode *inode, int mask, struct nameidata *nd)
+int jfs_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return generic_permission(inode, mask, jfs_check_acl);
}
--- a/fs/jfs/jfs_acl.h
+++ b/fs/jfs/jfs_acl.h
@@ -20,7 +20,7 @@

#ifdef CONFIG_JFS_POSIX_ACL

-int jfs_permission(struct inode *, int, struct nameidata *);
+int jfs_permission(struct inode *, int, struct vfs_lookup *);
int jfs_init_acl(tid_t, struct inode *, struct inode *);
int jfs_setattr(struct dentry *, struct iattr *);

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -226,7 +226,7 @@ int generic_permission(struct inode *ino
return -EACCES;
}

-int permission(struct inode *inode, int mask, struct nameidata *nd)
+int permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
umode_t mode = inode->i_mode;
int retval, submask;
@@ -254,24 +254,25 @@ int permission(struct inode *inode, int
* the fs is mounted with the "noexec" flag.
*/
if ((mask & MAY_EXEC) && S_ISREG(mode) && (!(mode & S_IXUGO) ||
- (nd && nd->lookup.path.mnt && (nd->lookup.path.mnt->mnt_flags & MNT_NOEXEC))))
+ (lookup && lookup->path.mnt &&
+ (lookup->path.mnt->mnt_flags & MNT_NOEXEC))))
return -EACCES;

/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
if (inode->i_op && inode->i_op->permission)
- retval = inode->i_op->permission(inode, submask, nd);
+ retval = inode->i_op->permission(inode, submask, lookup);
else
retval = generic_permission(inode, submask, NULL);
if (retval)
return retval;

- return security_inode_permission(inode, mask, nd);
+ return security_inode_permission(inode, mask, lookup);
}

/**
* vfs_permission - check for access rights to a given path
- * @nd: lookup result that describes the path
+ * @lookup: lookup result that describes the path
* @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
*
* Used to check for read/write/execute permissions on a path.
@@ -279,9 +280,9 @@ int permission(struct inode *inode, int
* for filesystem access without changing the "normal" uids which
* are used for other things.
*/
-int vfs_permission(struct nameidata *nd, int mask)
+int vfs_permission(struct vfs_lookup *lookup, int mask)
{
- return permission(nd->lookup.path.dentry->d_inode, mask, nd);
+ return permission(lookup->path.dentry->d_inode, mask, lookup);
}

/**
@@ -429,8 +430,7 @@ static struct dentry * cached_lookup(str
* short-cut DAC fails, then call permission() to do more
* complete permission check.
*/
-static int exec_permission_lite(struct inode *inode,
- struct nameidata *nd)
+static int exec_permission_lite(struct inode *inode, struct vfs_lookup *lookup)
{
umode_t mode = inode->i_mode;

@@ -456,7 +456,7 @@ static int exec_permission_lite(struct i

return -EACCES;
ok:
- return security_inode_permission(inode, MAY_EXEC, nd);
+ return security_inode_permission(inode, MAY_EXEC, lookup);
}

/*
@@ -831,9 +831,9 @@ static fastcall int __link_path_walk(con
unsigned int c;

nd->lookup.flags |= LOOKUP_CONTINUE;
- err = exec_permission_lite(inode, nd);
+ err = exec_permission_lite(inode, &nd->lookup);
if (err == -EAGAIN)
- err = vfs_permission(nd, MAY_EXEC);
+ err = vfs_permission(&nd->lookup, MAY_EXEC);
if (err)
break;

@@ -1321,7 +1321,7 @@ static inline struct dentry * __lookup_h

inode = base->d_inode;

- err = permission(inode, MAY_EXEC, nd);
+ err = permission(inode, MAY_EXEC, &nd->lookup);
dentry = ERR_PTR(err);
if (err)
goto out;
@@ -1473,13 +1473,13 @@ static int may_delete(struct inode *dir,
* 4. We can't do it if dir is immutable (done in permission())
*/
static inline int may_create(struct inode *dir, struct dentry *child,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
if (child->d_inode)
return -EEXIST;
if (IS_DEADDIR(dir))
return -ENOENT;
- return permission(dir,MAY_WRITE | MAY_EXEC, nd);
+ return permission(dir,MAY_WRITE | MAY_EXEC, lookup);
}

/*
@@ -1545,7 +1545,7 @@ void unlock_rename(struct dentry *p1, st
int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
struct nameidata *nd)
{
- int error = may_create(dir, dentry, nd);
+ int error = may_create(dir, dentry, &nd->lookup);

if (error)
return error;
@@ -1579,7 +1579,7 @@ int may_open(struct nameidata *nd, int a
if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
return -EISDIR;

- error = vfs_permission(nd, acc_mode);
+ error = vfs_permission(&nd->lookup, acc_mode);
if (error)
return error;

--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1955,7 +1955,7 @@ out:
return -EACCES;
}

-int nfs_permission(struct inode *inode, int mask, struct nameidata *nd)
+int nfs_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
struct rpc_cred *cred;
int res = 0;
@@ -1965,7 +1965,7 @@ int nfs_permission(struct inode *inode,
if (mask == 0)
goto out;
/* Is this sys_access() ? */
- if (nd != NULL && (nd->lookup.flags & LOOKUP_ACCESS))
+ if (lookup && (lookup->flags & LOOKUP_ACCESS))
goto force_lookup;

switch (inode->i_mode & S_IFMT) {
@@ -1974,8 +1974,8 @@ int nfs_permission(struct inode *inode,
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && nd != NULL
- && (nd->lookup.flags & LOOKUP_OPEN))
+ && lookup
+ && (lookup->flags & LOOKUP_OPEN))
goto out;
break;
case S_IFDIR:
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -1091,7 +1091,7 @@ bail:
return err;
}

-int ocfs2_permission(struct inode *inode, int mask, struct nameidata *nd)
+int ocfs2_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
int ret;

--- a/fs/ocfs2/file.h
+++ b/fs/ocfs2/file.h
@@ -54,8 +54,7 @@ int ocfs2_lock_allocators(struct inode *
int ocfs2_setattr(struct dentry *dentry, struct iattr *attr);
int ocfs2_getattr(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat);
-int ocfs2_permission(struct inode *inode, int mask,
- struct nameidata *nd);
+int ocfs2_permission(struct inode *inode, int mask, struct vfs_lookup *lookup);

int ocfs2_should_update_atime(struct inode *inode,
struct vfsmount *vfsmnt);
--- a/fs/open.c
+++ b/fs/open.c
@@ -244,7 +244,7 @@ static long do_sys_truncate(const char _
if (!S_ISREG(inode->i_mode))
goto dput_and_out;

- error = vfs_permission(&nd, MAY_WRITE);
+ error = vfs_permission(&nd.lookup, MAY_WRITE);
if (error)
goto dput_and_out;

@@ -452,7 +452,7 @@ asmlinkage long sys_faccessat(int dfd, c
if (res)
goto out;

- res = vfs_permission(&nd, mode);
+ res = vfs_permission(&nd.lookup, mode);
/* SuS v2 requires we report a read only fs too */
if(res || !(mode & S_IWOTH) ||
special_file(nd.lookup.path.dentry->d_inode->i_mode))
@@ -486,7 +486,7 @@ asmlinkage long sys_chdir(const char __u
if (error)
goto out;

- error = vfs_permission(&nd, MAY_EXEC);
+ error = vfs_permission(&nd.lookup, MAY_EXEC);
if (error)
goto dput_and_out;

@@ -537,7 +537,7 @@ asmlinkage long sys_chroot(const char __
if (error)
goto out;

- error = vfs_permission(&nd, MAY_EXEC);
+ error = vfs_permission(&nd.lookup, MAY_EXEC);
if (error)
goto dput_and_out;

--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1479,7 +1479,7 @@ static const struct file_operations proc
* access /proc/self/fd after it has executed a setuid().
*/
static int proc_fd_permission(struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
int rv;

--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -369,7 +369,8 @@ out:
return ret;
}

-static int proc_sys_permission(struct inode *inode, int mask, struct nameidata *nd)
+static int proc_sys_permission(struct inode *inode, int mask,
+ struct vfs_lookup *lookup)
{
/*
* sysctl entries that are not writeable,
@@ -402,10 +403,10 @@ static int proc_sys_permission(struct in
/* If we can't get a sysctl table entry the permission
* checks on the cached mode will have to be enough.
*/
- if (!nd || !depth)
+ if (!lookup || !depth)
goto out;

- dentry = nd->lookup.path.dentry;
+ dentry = lookup->path.dentry;
table = do_proc_sys_lookup(dentry->d_parent, &dentry->d_name, &head);

/* If the entry does not exist deny permission */
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -1294,7 +1294,8 @@ static int reiserfs_check_acl(struct ino
return error;
}

-int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd)
+int reiserfs_permission(struct inode *inode, int mask,
+ struct vfs_lookup *lookup)
{
/*
* We don't do permission checks on the internal objects.
--- a/fs/smbfs/file.c
+++ b/fs/smbfs/file.c
@@ -391,7 +391,7 @@ smb_file_release(struct inode *inode, st
* privileges, so we need our own check for this.
*/
static int
-smb_file_permission(struct inode *inode, int mask, struct nameidata *nd)
+smb_file_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
int mode = inode->i_mode;
int error = 0;
--- a/fs/utimes.c
+++ b/fs/utimes.c
@@ -111,7 +111,7 @@ long do_utimes(int dfd, char __user *fil
if (!(f->f_mode & FMODE_WRITE))
goto dput_and_out;
} else {
- error = vfs_permission(&nd, MAY_WRITE);
+ error = vfs_permission(&nd.lookup, MAY_WRITE);
if (error)
goto dput_and_out;
}
--- a/fs/xfs/linux-2.6/xfs_iops.c
+++ b/fs/xfs/linux-2.6/xfs_iops.c
@@ -605,7 +605,7 @@ STATIC int
xfs_vn_permission(
struct inode *inode,
int mode,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
return -bhv_vop_access(vn_from_inode(inode), mode << 6, NULL);
}
--- a/include/linux/coda_linux.h
+++ b/include/linux/coda_linux.h
@@ -37,7 +37,7 @@ extern const struct file_operations coda
/* operations shared over more than one file */
int coda_open(struct inode *i, struct file *f);
int coda_release(struct inode *i, struct file *f);
-int coda_permission(struct inode *inode, int mask, struct nameidata *nd);
+int coda_permission(struct inode *inode, int mask, struct vfs_lookup *lookup);
int coda_revalidate_inode(struct dentry *);
int coda_getattr(struct vfsmount *, struct dentry *, struct kstat *);
int coda_setattr(struct dentry *, struct iattr *);
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1008,7 +1008,7 @@ extern void unlock_super(struct super_bl
/*
* VFS helper functions..
*/
-extern int vfs_permission(struct nameidata *, int);
+extern int vfs_permission(struct vfs_lookup *, int);
extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *);
extern int vfs_mkdir(struct inode *, struct dentry *, int);
extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t);
@@ -1147,7 +1147,7 @@ struct inode_operations {
void * (*follow_link) (struct dentry *, struct nameidata *);
void (*put_link) (struct dentry *, struct nameidata *, void *);
void (*truncate) (struct inode *);
- int (*permission) (struct inode *, int, struct nameidata *);
+ int (*permission) (struct inode *, int, struct vfs_lookup *);
int (*setattr) (struct dentry *, struct iattr *);
int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
@@ -1562,7 +1562,7 @@ extern int do_remount_sb(struct super_bl
extern sector_t bmap(struct inode *, sector_t);
#endif
extern int notify_change(struct dentry *, struct iattr *);
-extern int permission(struct inode *, int, struct nameidata *);
+extern int permission(struct inode *, int, struct vfs_lookup *);
extern int generic_permission(struct inode *, int,
int (*check_acl)(struct inode *, int));

--- a/include/linux/nfs_fs.h
+++ b/include/linux/nfs_fs.h
@@ -288,7 +288,7 @@ extern struct inode *nfs_fhget(struct su
extern int nfs_refresh_inode(struct inode *, struct nfs_fattr *);
extern int nfs_post_op_update_inode(struct inode *inode, struct nfs_fattr *fattr);
extern int nfs_getattr(struct vfsmount *, struct dentry *, struct kstat *);
-extern int nfs_permission(struct inode *, int, struct nameidata *);
+extern int nfs_permission(struct inode *, int, struct vfs_lookup *);
extern int nfs_access_get_cached(struct inode *, struct rpc_cred *, struct nfs_access_entry *);
extern void nfs_access_add_cache(struct inode *, struct nfs_access_entry *);
extern void nfs_access_zap_cache(struct inode *inode);
--- a/include/linux/reiserfs_xattr.h
+++ b/include/linux/reiserfs_xattr.h
@@ -55,8 +55,8 @@ int reiserfs_removexattr(struct dentry *
int reiserfs_delete_xattrs(struct inode *inode);
int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs);
int reiserfs_xattr_init(struct super_block *sb, int mount_flags);
-int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd);
-
+int reiserfs_permission(struct inode *inode, int mask,
+ struct vfs_lookup *lookup);
int reiserfs_xattr_del(struct inode *, const char *);
int reiserfs_xattr_get(const struct inode *, const char *, void *, size_t);
int reiserfs_xattr_set(struct inode *, const char *, const void *, size_t, int);
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -350,7 +350,7 @@ struct request_sock;
* called when the actual read/write operations are performed.
* @inode contains the inode structure to check.
* @mask contains the permission mask.
- * @nd contains the nameidata (may be NULL).
+ * @lookup contains the vfs_lookup (may be NULL).
* Return 0 if permission is granted.
* @inode_setattr:
* Check permission before setting file attributes. Note that the kernel
@@ -1220,7 +1220,7 @@ struct security_operations {
struct inode *new_dir, struct dentry *new_dentry);
int (*inode_readlink) (struct dentry *dentry);
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
- int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
+ int (*inode_permission) (struct inode *inode, int mask, struct vfs_lookup *lookup);
int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
void (*inode_delete) (struct inode *inode);
@@ -1700,11 +1700,11 @@ static inline int security_inode_follow_
}

static inline int security_inode_permission (struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
if (unlikely (IS_PRIVATE (inode)))
return 0;
- return security_ops->inode_permission (inode, mask, nd);
+ return security_ops->inode_permission (inode, mask, lookup);
}

static inline int security_inode_setattr (struct dentry *dentry,
@@ -2408,7 +2408,7 @@ static inline int security_inode_follow_
}

static inline int security_inode_permission (struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
return 0;
}
--- a/include/linux/shmem_fs.h
+++ b/include/linux/shmem_fs.h
@@ -41,7 +41,7 @@ static inline struct shmem_inode_info *S
}

#ifdef CONFIG_TMPFS_POSIX_ACL
-int shmem_permission(struct inode *, int, struct nameidata *);
+int shmem_permission(struct inode *, int, struct vfs_lookup *);
int shmem_acl_init(struct inode *, struct inode *);
void shmem_acl_destroy_inode(struct inode *);

--- a/mm/shmem_acl.c
+++ b/mm/shmem_acl.c
@@ -191,7 +191,7 @@ shmem_check_acl(struct inode *inode, int
* shmem_permission - permission() inode operation
*/
int
-shmem_permission(struct inode *inode, int mask, struct nameidata *nd)
+shmem_permission(struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return generic_permission(inode, mask, shmem_check_acl);
}
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -729,7 +729,7 @@ static struct sock *unix_find_other(stru
err = path_lookup(sunname->sun_path, LOOKUP_FOLLOW, &nd);
if (err)
goto fail;
- err = vfs_permission(&nd, MAY_WRITE);
+ err = vfs_permission(&nd.lookup, MAY_WRITE);
if (err)
goto put_fail;

--- a/security/dummy.c
+++ b/security/dummy.c
@@ -323,7 +323,7 @@ static int dummy_inode_follow_link (stru
return 0;
}

-static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd)
+static int dummy_inode_permission (struct inode *inode, int mask, struct vfs_lookup *lookup)
{
return 0;
}
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2250,11 +2250,11 @@ static int selinux_inode_follow_link(str
}

static int selinux_inode_permission(struct inode *inode, int mask,
- struct nameidata *nd)
+ struct vfs_lookup *lookup)
{
int rc;

- rc = secondary_ops->inode_permission(inode, mask, nd);
+ rc = secondary_ops->inode_permission(inode, mask, lookup);
if (rc)
return rc;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andreas Gruenbacher: "[RFC 05/10] Use vfs_permission instead of file_permission in sys_fchdir"
Previous message: Andreas Gruenbacher: "[RFC 04/10] Temporary struct vfs_lookup in file_permission"
In reply to: Andreas Gruenbacher: "Re: [RFC 04/10] Temporary struct vfs_lookup in file_permission"
Next in thread: Andreas Gruenbacher: "[RFC 05/10] Use vfs_permission instead of file_permission in sys_fchdir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]