Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f3d4ee1 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Jens Axboe
Browse files

vfs: splice remove_suid() cleanup 



generic_file_splice_write() duplicates remove_suid() just because it
doesn't hold i_mutex.  But it grabs i_mutex inside splice_from_pipe()
anyway, so this is rather pointless.

Move locking to generic_file_splice_write() and call remove_suid() and
__splice_from_pipe() instead.

Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
parent 07416d29

fs/splice.c

+13 −16
Original line number Diff line number Diff line
@@ -811,24 +811,19 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, 
{

	struct address_space *mapping = out->f_mapping;

	struct inode *inode = mapping->host;

	int killsuid, killpriv;

	struct splice_desc sd = {

		.total_len = len,

		.flags = flags,

		.pos = *ppos,

		.u.file = out,

	};

	ssize_t ret;

	int err = 0;



	killpriv = security_inode_need_killpriv(out->f_path.dentry);

	killsuid = should_remove_suid(out->f_path.dentry);

	if (unlikely(killsuid || killpriv)) {

		mutex_lock(&inode->i_mutex);

		if (killpriv)

			err = security_inode_killpriv(out->f_path.dentry);

		if (!err && killsuid)

			err = __remove_suid(out->f_path.dentry, killsuid);

		mutex_unlock(&inode->i_mutex);

		if (err)

			return err;

	}



	ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);

	inode_double_lock(inode, pipe->inode);

	ret = remove_suid(out->f_path.dentry);

	if (likely(!ret))

		ret = __splice_from_pipe(pipe, &sd, pipe_to_file);

	inode_double_unlock(inode, pipe->inode);

	if (ret > 0) {

		unsigned long nr_pages;
@@ -840,6 +835,8 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, 
		 * sync it.

		 */

		if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {

			int err;



			mutex_lock(&inode->i_mutex);

			err = generic_osync_inode(inode, mapping,

						  OSYNC_METADATA|OSYNC_DATA);

include/linux/fs.h

+0 −1
Original line number Diff line number Diff line
@@ -1816,7 +1816,6 @@ extern void iget_failed(struct inode *); 
extern void clear_inode(struct inode *);

extern void destroy_inode(struct inode *);

extern struct inode *new_inode(struct super_block *);

extern int __remove_suid(struct dentry *, int);

extern int should_remove_suid(struct dentry *);

extern int remove_suid(struct dentry *);

mm/filemap.c

+1 −1
Original line number Diff line number Diff line
@@ -1655,7 +1655,7 @@ int should_remove_suid(struct dentry *dentry) 
}

EXPORT_SYMBOL(should_remove_suid);



int __remove_suid(struct dentry *dentry, int kill)

static int __remove_suid(struct dentry *dentry, int kill)

{

	struct iattr newattrs;