PERFORCE change 147212 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Tue Aug 12 06:13:43 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=147212
Change 147212 by trasz at trasz_traszkan on 2008/08/12 06:12:48
Variable size ACL on-disk storage and some misc fixes.
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_acl.c#11 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#8 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_acl.c#11 (text+ko) ====
@@ -125,9 +125,11 @@
static int
copyin_acl(void *user_acl, struct acl *kernel_acl, acl_type_t type)
{
- int error;
+ int error, acl_length;
struct oldacl old;
+ acl_length = kernel_acl->acl_length;
+
switch (type) {
case ACL_TYPE_ACCESS_OLD:
case ACL_TYPE_DEFAULT_OLD:
@@ -141,6 +143,8 @@
error = copyin(user_acl, kernel_acl, sizeof(struct acl));
}
+ kernel_acl->acl_length = acl_length;
+
return (error);
}
==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#8 (text+ko) ====
@@ -142,26 +142,28 @@
static int
ufs_getacl_nfs4(struct vop_getacl_args *ap)
{
- int error, len;
+ int error, len, acl_length;
struct inode *ip = VTOI(ap->a_vp);
if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
return (EOPNOTSUPP);
- bzero(ap->a_aclp, sizeof(*ap->a_aclp));
+ acl_length = ap->a_aclp->acl_length;
len = sizeof(*ap->a_aclp);
+ bzero(ap->a_aclp, len);
error = vn_extattr_get(ap->a_vp, IO_NODELOCKED,
NFS4_ACL_EXTATTR_NAMESPACE,
NFS4_ACL_EXTATTR_NAME, &len, (char *) ap->a_aclp,
ap->a_td);
-
+ ap->a_aclp->acl_length = acl_length;
if (error == ENOATTR) {
/*
* Legitimately no ACL set on object, purely
* emulate it through the inode.
*/
- error = acl_nfs4_sync_acl_from_mode(ap->a_aclp, ip->i_mode, ip->i_uid);
+ error = acl_nfs4_sync_acl_from_mode(ap->a_aclp, ip->i_mode,
+ ip->i_uid);
return (error);
}
@@ -169,7 +171,7 @@
if (error)
return (error);
- if (len != sizeof(*ap->a_aclp)) {
+ if (len != acl_size_for_cnt(ap->a_aclp->acl_cnt)) {
/*
* A short (or long) read, meaning that for
* some reason the ACL is corrupted. Return
@@ -182,6 +184,20 @@
return (EPERM);
}
+ if (ap->a_aclp->acl_magic != ACL_MAGIC) {
+ printf("ufs_getacl_nfs4(): Loaded invalid ACL "
+ "(wrong acl_magic: 0x%x)\n", ap->a_aclp->acl_magic);
+
+ return (EPERM);
+ }
+
+ if (ap->a_aclp->acl_cnt > ap->a_aclp->acl_length) {
+ printf("ufs_getacl_nfs4(): Loaded invalid ACL "
+ "(wrong acl_cnt: %c)\n", ap->a_aclp->acl_cnt);
+
+ return (EPERM);
+ }
+
return (0);
}
@@ -261,8 +277,8 @@
* EPERM since the object DAC protections
* are unsafe.
*/
- printf("ufs_getacl_posix1e(): Loaded invalid ACL ("
- "%d bytes)\n", len);
+ printf("ufs_getacl_posix1e(): Loaded invalid "
+ "ACL (%d bytes)\n", len);
return (EPERM);
}
@@ -367,7 +383,8 @@
if (ap->a_aclp == NULL)
return (EINVAL);
- error = VOP_ACLCHECK(ap->a_vp, ap->a_type, ap->a_aclp, ap->a_cred, ap->a_td);
+ error = VOP_ACLCHECK(ap->a_vp, ap->a_type, ap->a_aclp, ap->a_cred,
+ ap->a_td);
if (error)
return (error);
@@ -389,9 +406,11 @@
NFS4_ACL_EXTATTR_NAME, ap->a_td);
} else {
+ ap->a_aclp->acl_magic = ACL_MAGIC;
error = vn_extattr_set(ap->a_vp, IO_NODELOCKED,
NFS4_ACL_EXTATTR_NAMESPACE,
- NFS4_ACL_EXTATTR_NAME, sizeof(*ap->a_aclp),
+ NFS4_ACL_EXTATTR_NAME,
+ acl_size_for_cnt(ap->a_aclp->acl_cnt),
(char *) ap->a_aclp, ap->a_td);
}
More information about the p4-projects
mailing list