Date: Wed, 14 Oct 2009 21:06:55 GMT From: Gleb Kurtsou <gk@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 169505 for review Message-ID: <200910142106.n9EL6tGU095339@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=169505 Change 169505 by gk@gk_h1 on 2009/10/14 21:06:44 support ioctls on read-only filesystem enable ro mount test Affected files ... .. //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs_vnops.c#24 edit .. //depot/projects/soc2009/gk_pefs/tools/regression/pefs/t_mount#2 edit Differences ... ==== //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs_vnops.c#24 (text+ko) ==== @@ -70,6 +70,7 @@ #include <sys/mount.h> #include <sys/mutex.h> #include <sys/namei.h> +#include <sys/priv.h> #include <sys/sf_buf.h> #include <sys/sysctl.h> #include <sys/sx.h> @@ -753,11 +754,8 @@ case VDIR: case VLNK: case VREG: - /* - * Do not check pefs_no_keys(vp) here because ioctls - * expect filesystem to be writable right after mount - */ - if (vp->v_mount->mnt_flag & MNT_RDONLY) + if ((vp->v_mount->mnt_flag & MNT_RDONLY) != 0 || + pefs_no_keys(vp)) return (EROFS); break; default: @@ -2029,17 +2027,19 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); vdrop(dvp); /* vhold by vn_vptocnp */ - error = pefs_enccn_get(&fenccn, vp, &cn); + error = VOP_ACCESS(vp, VWRITE, cred, td); + if (error == 0) + error = pefs_enccn_get(&fenccn, vp, &cn); if (error != 0) { - VOP_UNLOCK(lvp, 0); - VOP_UNLOCK(ldvp, 0); + VOP_UNLOCK(vp, 0); + VOP_UNLOCK(dvp, 0); PEFSDEBUG("pefs_setkey: pefs_enccn_get failed: %d\n", error); goto out; } error = pefs_enccn_create(&tenccn, pk, NULL, &cn); if (error != 0) { - VOP_UNLOCK(lvp, 0); - VOP_UNLOCK(ldvp, 0); + VOP_UNLOCK(vp, 0); + VOP_UNLOCK(dvp, 0); pefs_enccn_free(&fenccn); goto out; } @@ -2072,16 +2072,24 @@ pefs_ioctl(struct vop_ioctl_args *ap) { struct vnode *vp = ap->a_vp; - struct pefs_mount *pm = VFS_TO_PEFS(vp->v_mount); struct pefs_xkey *xk = ap->a_data; + struct ucred *cred = ap->a_cred; + struct thread *td = ap->a_td; + struct mount *mp = vp->v_mount; + struct pefs_mount *pm = VFS_TO_PEFS(mp); struct pefs_key *pk; - int error, i; + int error = 0, i; - vn_lock(pm->pm_rootvp, LK_SHARED | LK_RETRY); - error = VOP_ACCESS(pm->pm_rootvp, VWRITE, ap->a_cred, ap->a_td); - VOP_UNLOCK(pm->pm_rootvp, 0); - if (error != 0) - return (error); + if (mp->mnt_cred->cr_uid != cred->cr_uid) { + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + if (error != 0 && (mp->mnt_flag & MNT_RDONLY) == 0) { + vn_lock(pm->pm_rootvp, LK_SHARED | LK_RETRY); + error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, td); + VOP_UNLOCK(pm->pm_rootvp, 0); + } + if (error != 0) + return (error); + } /* * Recycle all unused vnodes after adding/deleting keys to cleanup @@ -2114,7 +2122,7 @@ pefs_key_ref(pk); mtx_unlock(&pm->pm_keys_lock); if (pk != NULL) { - error = pefs_setkey(vp, pk, ap->a_cred, ap->a_td); + error = pefs_setkey(vp, pk, cred, td); pefs_key_release(pk); } else { PEFSDEBUG("pefs_ioctl: key not found\n"); @@ -2132,7 +2140,7 @@ } error = pefs_key_add(pm, xk->pxk_index, pk); if (error == 0) - pefs_flushkey(vp->v_mount, ap->a_td, 0, NULL); + pefs_flushkey(mp, td, 0, NULL); else pefs_key_release(pk); break; @@ -2144,7 +2152,7 @@ pefs_key_ref(pk); pefs_key_remove(pm, pk); mtx_unlock(&pm->pm_keys_lock); - pefs_flushkey(vp->v_mount, ap->a_td, 0, pk); + pefs_flushkey(mp, td, 0, pk); pefs_key_release(pk); } else { mtx_unlock(&pm->pm_keys_lock); @@ -2154,8 +2162,7 @@ case PEFS_FLUSHKEYS: PEFSDEBUG("pefs_ioctl: flush keys\n"); if (pefs_key_remove_all(pm)) { - pefs_flushkey(vp->v_mount, ap->a_td, - PEFS_FLUSHKEY_ALL, NULL); + pefs_flushkey(mp, td, PEFS_FLUSHKEY_ALL, NULL); } break; default: ==== //depot/projects/soc2009/gk_pefs/tools/regression/pefs/t_mount#2 (text+ko) ==== @@ -55,11 +55,10 @@ test_name "File-system can be unmounted" test_unmount - # XXX - #test_name "File-system mount options work" - #test_mount -o ro - #mount | grep ${Work_Dir} | grep -q read-only || die - #test_unmount + test_name "File-system mount options work" + test_mount -o ro + mount | grep ${Work_Dir} | grep -q read-only || die + test_unmount test_name "Root directory attributes are set correctly" test_mount -o "uid=1000,gid=100,mode=755"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910142106.n9EL6tGU095339>