From patchwork Thu Dec 6 18:26:29 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovsky X-Patchwork-Id: 1846471 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 789B0DF2F9 for ; Thu, 6 Dec 2012 18:28:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1946588Ab2LFS14 (ORCPT ); Thu, 6 Dec 2012 13:27:56 -0500 Received: from mail-la0-f46.google.com ([209.85.215.46]:39448 "EHLO mail-la0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1946537Ab2LFS0o (ORCPT ); Thu, 6 Dec 2012 13:26:44 -0500 Received: by mail-la0-f46.google.com with SMTP id p5so5511409lag.19 for ; Thu, 06 Dec 2012 10:26:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references; bh=HbfG77Akm9wQ1RiYOhx4kNjevbW5ru/bqyJNK5lm1cE=; b=LQNhs3QnbJ18wVPKDbDkUAkp80nQhJ/S0bk58HCBzm3H1AUMiUWNwRddFsIDFW1zAb trvNUuzxhE0VuRAjdh+daw+gYaBAx1suDhMkPPIyRMwbqrpXb/S0yhzVdmc3sU4RXTNS 6sD8VgZiZI19895oupnbWUONq77eXrg7sHo6GUbj03Of39A3YWecoeEdMTWnOAXoiaHo CTzcsmEVf12/gCgMzVM+FVax1vP6q4Vq1OyIacDl3GklICKJG925ngZ9J8LQtYKpy4lS J3a5u0kYTk6zDpp02jQWAlZKIVKBsf8lFspC3Lij0YalpqCngY1272NgY6YlizNpVVb/ B5Iw== Received: by 10.152.111.131 with SMTP id ii3mr2685122lab.37.1354818402551; Thu, 06 Dec 2012 10:26:42 -0800 (PST) Received: from localhost.localdomain ([79.126.69.151]) by mx.google.com with ESMTPS id v6sm3813970lbf.11.2012.12.06.10.26.40 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 06 Dec 2012 10:26:41 -0800 (PST) From: Pavel Shilovsky To: linux-cifs@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, wine-devel@winehq.org, linux-nfs@vger.kernel.org Subject: [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Date: Thu, 6 Dec 2012 22:26:29 +0400 Message-Id: <1354818391-7968-2-git-send-email-piastry@etersoft.ru> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1354818391-7968-1-git-send-email-piastry@etersoft.ru> References: <1354818391-7968-1-git-send-email-piastry@etersoft.ru> Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org This patch adds 3 flags: 1) O_DENYREAD that doesn't permit read access 2) O_DENYWRITE that doesn't permit write access 3) O_DENYDELETE that doesn't permit delete or rename Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due to security problems (e.g. when a user process can deny root to delete a file). Signed-off-by: Pavel Shilovsky --- fs/fcntl.c | 5 +++-- include/uapi/asm-generic/fcntl.h | 11 +++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/fcntl.c b/fs/fcntl.c index 71a600a..7abce5a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -730,14 +730,15 @@ static int __init fcntl_init(void) * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY * is defined as O_NONBLOCK on some platforms and not on others. */ - BUILD_BUG_ON(19 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( + BUILD_BUG_ON(22 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | O_APPEND | /* O_NONBLOCK | */ __O_SYNC | O_DSYNC | FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | O_NOATIME | O_CLOEXEC | - __FMODE_EXEC | O_PATH + __FMODE_EXEC | O_PATH | O_DENYREAD | + O_DENYWRITE | O_DENYDELETE )); fasync_cache = kmem_cache_create("fasync_cache", diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index a48937d..5ac0d49 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -84,6 +84,17 @@ #define O_PATH 010000000 #endif +#ifndef O_DENYREAD +#define O_DENYREAD 020000000 /* Do not permit read access */ +#endif +#ifndef O_DENYWRITE +#define O_DENYWRITE 040000000 /* Do not permit write access */ +#endif +/* FMODE_NONOTIFY 0100000000 */ +#ifndef O_DENYDELETE +#define O_DENYDELETE 0200000000 /* Do not permit delete or rename */ +#endif + #ifndef O_NDELAY #define O_NDELAY O_NONBLOCK #endif