From: David Howells <dhowells@redhat.com>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: dhowells@redhat.com, Stephen Smalley <sds@tycho.nsa.gov>,
"David P. Quigley" <dpquigl@tycho.nsa.gov>,
Greg KH <greg@kroah.com>,
linux-kernel@vger.kernel.org, Greg KH <gregkh@suse.de>,
Jan Blunck <jblunck@suse.de>, James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>
Subject: Re: [patch 00/13] devtmpfs patches
Date: Wed, 13 May 2009 14:20:10 +0100 [thread overview]
Message-ID: <10761.1242220810@redhat.com> (raw)
In-Reply-To: <1242168913.6711.9.camel@poy>
Kay Sievers <kay.sievers@vrfy.org> wrote:
> +static struct cred *kern_cred;
Can I suggest that you call your cred pointer dev_cred rather than kern_cred
so that the naming is consistent with the other globals variables?
> + kern_cred = prepare_kernel_cred(NULL);
If you have no intention of altering the credentials you create, you might
want to use &init_cred instead of kern_cred. That said, you might want to
allocate it and let the security module alter it before you use it.
Also, Stephen is right, you should probably wrap all your accesses to the VFS
in your devtmpfs credentials. For instance, devtmpfs_create_node() calls
vfs_mkdir() with the process's credentials via create_path() and directly with
the kern_cred.
What you probably want is:
int devtmpfs_create_node(struct device *dev)
{
const struct cred *curr_cred;
const char *tmp = NULL;
const char *nodename;
mode_t mode;
struct nameidata nd;
struct dentry *dentry;
int err;
if (!dev_mnt)
return 0;
nodename = device_get_nodename(dev, &tmp);
if (!nodename)
return -ENOMEM;
curr_cred = override_creds(kern_cred);
if (is_blockdev(dev))
mode = S_IFBLK|0600;
else
mode = S_IFCHR|0600;
err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt,
nodename, LOOKUP_PARENT, &nd);
if (err == -ENOENT) {
/* create missing parent directories */
create_path(nodename);
err = vfs_path_lookup(dev_mnt->mnt_root, dev_mnt,
nodename, LOOKUP_PARENT, &nd);
if (err)
goto out_name;
}
dentry = lookup_create(&nd, 0);
if (!IS_ERR(dentry)) {
err = vfs_mknod(nd.path.dentry->d_inode,
dentry, mode, dev->devt);
/* mark as kernel created inode */
if (!err)
dentry->d_inode->i_private = &dev_mnt;
dput(dentry);
} else {
err = PTR_ERR(dentry);
}
mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
path_put(&nd.path);
out_name:
revert_creds(curr_cred);
kfree(tmp);
return err;
}
David
next prev parent reply other threads:[~2009-05-13 13:20 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090509142601.874865281@blue.kroah.org>
2009-05-09 14:37 ` [patch 00/13] devtmpfs patches Greg KH
2009-05-09 14:26 ` [patch 01/13] Driver Core: add nodename callbacks Greg KH
2009-05-10 12:52 ` Stephen Rothwell
2009-05-10 13:19 ` Kay Sievers
2009-05-11 20:51 ` Greg KH
2009-05-09 14:26 ` [patch 02/13] Driver Core: misc: add nodename support for misc devices Greg KH
2009-05-15 19:58 ` Pavel Machek
2009-05-18 14:34 ` Greg KH
2009-05-18 19:59 ` Pavel Machek
2009-05-18 20:28 ` Alan Cox
2009-05-09 14:26 ` [patch 03/13] Driver Core: usb: add nodename support for usb drivers Greg KH
2009-05-09 14:26 ` [patch 04/13] Driver Core: block: add nodename support for block drivers Greg KH
2009-05-09 14:26 ` [patch 05/13] Driver Core: x86: add nodename for cpuid and msr drivers Greg KH
2009-05-09 14:26 ` [patch 06/13] Driver Core: dvb: add nodename for dvb drivers Greg KH
2009-05-09 14:26 ` [patch 07/13] Driver Core: input: add nodename for input drivers Greg KH
2009-05-09 14:26 ` [patch 08/13] Driver Core: sound: add nodename for sound drivers Greg KH
2009-05-09 14:26 ` [patch 09/13] Driver Core: raw: add nodename for raw devices Greg KH
2009-05-09 14:26 ` [patch 10/13] Driver Core: drm: add nodename for drm devices Greg KH
2009-05-09 14:26 ` [patch 11/13] Driver Core: aoe: add nodename for aoe devices Greg KH
2009-05-09 14:26 ` [patch 12/13] Driver Core: bsg: add nodename for bsg driver Greg KH
2009-05-09 14:26 ` [patch 13/13] Driver Core: devtmpfs - driver core maintained /dev tmpfs Greg KH
2009-05-09 15:10 ` [patch 00/13] devtmpfs patches Fabio Comolli
2009-05-09 15:08 ` Greg KH
2009-05-09 15:22 ` Arjan van de Ven
2009-05-09 16:19 ` Greg KH
2009-05-09 19:09 ` Arjan van de Ven
2009-05-10 4:34 ` Arjan van de Ven
2009-05-10 7:48 ` Eric W. Biederman
2009-05-10 14:56 ` Eric W. Biederman
2009-05-10 5:34 ` Andrew Morton
2009-05-10 15:20 ` Greg KH
2009-05-10 15:59 ` Arjan van de Ven
2009-05-10 18:31 ` Peter Zijlstra
2009-05-10 21:19 ` Alan Cox
2009-05-10 23:47 ` Kay Sievers
2009-05-11 0:00 ` Arjan van de Ven
[not found] ` <ac3eb2510905101822t7fde14b3nf2c689621f69c925@mail.gmail.com>
2009-05-11 2:36 ` Eric W. Biederman
2009-05-11 10:46 ` Kay Sievers
2009-05-11 10:55 ` Alan Cox
2009-05-11 11:34 ` Kay Sievers
2009-05-11 13:05 ` [patch 00/13] devtmpfs Arjan van de Ven
2009-05-11 13:28 ` Kay Sievers
2009-05-11 13:49 ` Arjan van de Ven
2009-05-11 14:59 ` Kay Sievers
2009-05-11 13:10 ` [patch 00/13] devtmpfs patches Alan Cox
2009-05-11 14:14 ` Kay Sievers
2009-05-11 14:30 ` Arjan van de Ven
2009-05-11 14:42 ` Kay Sievers
2009-05-11 15:53 ` Alan Cox
2009-05-11 16:28 ` Kay Sievers
2009-05-11 16:41 ` Arjan van de Ven
2009-05-11 17:32 ` Kay Sievers
2009-05-11 17:55 ` Alan Cox
2009-05-11 18:04 ` Kay Sievers
2009-05-11 18:40 ` Alan Cox
2009-05-11 16:56 ` Alan Cox
2009-05-11 18:13 ` Eric W. Biederman
2009-05-11 3:55 ` Arjan van de Ven
2009-05-11 11:49 ` Fabio Comolli
2009-05-11 17:47 ` Greg KH
2009-05-11 16:40 ` Eric W. Biederman
2009-05-11 17:16 ` Kay Sievers
2009-05-11 21:13 ` Eric W. Biederman
2009-05-11 1:00 ` Andrew Morton
2009-05-11 3:58 ` Arjan van de Ven
2009-05-11 17:45 ` Greg KH
2009-05-09 16:46 ` Kay Sievers
2009-05-09 17:11 ` Alan Cox
2009-05-09 18:09 ` Kay Sievers
2009-05-11 17:40 ` David P. Quigley
2009-05-11 17:56 ` Greg KH
2009-05-11 20:41 ` David P. Quigley
2009-05-11 21:05 ` Kay Sievers
2009-05-11 21:19 ` Alan Cox
2009-05-11 21:27 ` Kay Sievers
2009-05-12 12:45 ` Stephen Smalley
2009-05-12 15:10 ` Kay Sievers
2009-05-12 15:35 ` Stephen Smalley
2009-05-12 15:54 ` Kay Sievers
2009-05-12 22:55 ` Kay Sievers
2009-05-12 23:22 ` David P. Quigley
2009-05-12 23:34 ` Kay Sievers
2009-05-12 23:50 ` Greg KH
2009-05-13 12:22 ` Stephen Smalley
2009-05-13 12:58 ` Kay Sievers
2009-05-13 12:57 ` Stephen Smalley
2009-05-13 13:09 ` Kay Sievers
2009-05-13 12:59 ` Alan Cox
2009-05-13 13:20 ` David Howells [this message]
2009-05-13 13:34 ` Kay Sievers
2009-05-13 14:20 ` Kay Sievers
2009-05-13 14:35 ` Stephen Smalley
2009-05-13 16:45 ` Kay Sievers
2009-05-13 22:43 ` Eric W. Biederman
2009-05-13 23:10 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10761.1242220810@redhat.com \
--to=dhowells@redhat.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=eparis@parisplace.org \
--cc=greg@kroah.com \
--cc=gregkh@suse.de \
--cc=jblunck@suse.de \
--cc=jmorris@namei.org \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox