D22224.id.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D22224.id.diff
View Options

	Index: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zfs_acl.h
	===================================================================
	--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zfs_acl.h
	+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zfs_acl.h
	@@ -214,7 +214,10 @@
	void zfs_ace_byteswap(void *, size_t, boolean_t);
	extern boolean_t zfs_has_access(struct znode zp, cred_t cr);
	extern int zfs_zaccess(struct znode , int, int, boolean_t, cred_t );
	+#ifdef illumos
	int zfs_fastaccesschk_execute(struct znode , cred_t );
	+#endif
	+int zfs_freebsd_fastaccesschk_execute(struct vnode , cred_t );
	extern int zfs_zaccess_rwx(struct znode , mode_t, int, cred_t );
	extern int zfs_zaccess_unix(struct znode , mode_t, cred_t );
	extern int zfs_acl_access(struct znode , int, cred_t );
	Index: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c
	===================================================================
	--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c
	+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c
	@@ -2299,7 +2299,41 @@
	check_privs, B_FALSE, cr));
	}

	+/*
	+ * Check if VEXEC is allowed.
	+ *
	+ * This routine is based on zfs_fastaccesschk_execute which has slowpath
	+ * calling zfs_zaccess. This would be incorrect on FreeBSD (see
	+ * zfs_freebsd_access for the difference). Thus this variant let's the
	+ * caller handle the slowpath (if necessary).
	+ *
	+ * We only check for ZFS_NO_EXECS_DENIED and fail early. This routine can
	+ * be extended to cover more cases, but the flag covers the majority.
	+ */
	int
	+zfs_freebsd_fastaccesschk_execute(struct vnode vp, cred_t cr)
	+{
	+ boolean_t is_attr;
	+ znode_t *zdp = VTOZ(vp);
	+
	+ ASSERT_VOP_LOCKED(vp, __func__);
	+
	+ if (zdp->z_pflags & ZFS_AV_QUARANTINED)
	+ return (1);
	+
	+ is_attr = ((zdp->z_pflags & ZFS_XATTR) &&
	+ (ZTOV(zdp)->v_type == VDIR));
	+ if (is_attr)
	+ return (1);
	+
	+ if (zdp->z_pflags & ZFS_NO_EXECS_DENIED)
	+ return (0);
	+
	+ return (1);
	+}
	+
	+#ifdef illumos
	+int
	zfs_fastaccesschk_execute(znode_t zdp, cred_t cr)
	{
	boolean_t owner = B_FALSE;
	@@ -2365,6 +2399,7 @@
	ZFS_EXIT(zdp->z_zfsvfs);
	return (error);
	}
	+#endif

	/*
	* Determine whether Access should be granted/denied.
	Index: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
	===================================================================
	--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
	+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
	@@ -4858,6 +4858,11 @@
	accmode_t accmode;
	int error = 0;

	+ if (ap->a_accmode == VEXEC) {
	+ if (zfs_freebsd_fastaccesschk_execute(ap->a_vp, ap->a_cred) == 0)
	+ return (0);
	+ }
	+
	/*
	* ZFS itself only knowns about VREAD, VWRITE, VEXEC and VAPPEND,
	*/

File Metadata

Mime Type: text/plain
Expires: Tue, May 19, 8:51 AM (3 h, 48 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33303433
Default Alt Text: D22224.id.diff (2 KB)

D22224.id.diffNo OneTemporaryActions

D22224.id.diffView Options

File Metadata

Event Timeline

D22224.id.diff
No OneTemporary
Actions

D22224.id.diff
View Options