Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a6de82ca authored by Jan Kara's avatar Jan Kara Committed by Al Viro
Browse files

xfs: Correctly lock inode when removing suid and file capabilities 



Currently XFS calls file_remove_privs() without holding i_mutex. This is
wrong because that function can end up messing with file permissions and
file capabilities stored in xattrs for which we need i_mutex held.

Fix the problem by grabbing iolock exclusively when we will need to
change anything in permissions / xattrs.

Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 45f147a1

fs/xfs/xfs_file.c

+10 −1
Original line number Diff line number Diff line
@@ -563,6 +563,13 @@ xfs_file_aio_write_checks( 
	if (error)

		return error;



	/* For changing security info in file_remove_privs() we need i_mutex */

	if (*iolock == XFS_IOLOCK_SHARED && !IS_NOSEC(inode)) {

		xfs_rw_iunlock(ip, *iolock);

		*iolock = XFS_IOLOCK_EXCL;

		xfs_rw_ilock(ip, *iolock);

		goto restart;

	}

	/*

	 * If the offset is beyond the size of the file, we need to zero any

	 * blocks that fall between the existing EOF and the start of this
@@ -623,7 +630,9 @@ xfs_file_aio_write_checks( 
	 * setgid bits if the process is not being run by root.  This keeps

	 * people from modifying setuid and setgid binaries.

	 */

	if (!IS_NOSEC(inode))

		return file_remove_privs(file);

	return 0;

}



/*