From: Brian Foster <bfoster@redhat.com>
To: Jan Kara <jack@suse.cz>
Cc: xfs@oss.sgi.com
Subject: Re: [PATCH] xfs: Correctly lock inode when removing suid and security marks
Date: Tue, 2 Dec 2014 11:35:48 -0500 [thread overview]
Message-ID: <20141202163548.GB2113@laptop.bfoster> (raw)
In-Reply-To: <1417532489-26580-1-git-send-email-jack@suse.cz>
On Tue, Dec 02, 2014 at 04:01:29PM +0100, Jan Kara wrote:
> Currently XFS calls file_remove_suid() without holding i_mutex. This is
> wrong because that function can end up messing with file permissions and
> security xattrs for which we need i_mutex held.
>
> Fix the problem by grabbing iolock exclusively when we will need to
> change anything in permissions / xattrs.
>
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
Hi Jan,
This doesn't compile... it looks like we need to include the security.h
header. FWIW, even then I get an undefined symbol error when compiling
as a module (security_inode_need_killpriv() does not appear to be
exported).
Brian
> fs/xfs/xfs_file.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> index eb596b419942..ad6636ac4943 100644
> --- a/fs/xfs/xfs_file.c
> +++ b/fs/xfs/xfs_file.c
> @@ -521,6 +521,18 @@ restart:
> if (error)
> return error;
>
> + /* For changing security info in file_remove_suid() we need i_mutex */
> + if (!IS_NOSEC(inode) && *iolock == XFS_IOLOCK_SHARED) {
> + struct dentry *dentry = file->f_path.dentry;
> +
> + if (should_remove_suid(dentry) ||
> + security_inode_need_killpriv(dentry)) {
> + xfs_rw_iunlock(ip, *iolock);
> + *iolock = XFS_IOLOCK_EXCL;
> + xfs_rw_ilock(ip, *iolock);
> + goto restart;
> + }
> + }
> /*
> * If the offset is beyond the size of the file, we need to zero any
> * blocks that fall between the existing EOF and the start of this
> --
> 1.8.1.4
>
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2014-12-02 16:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-02 15:01 [PATCH] xfs: Correctly lock inode when removing suid and security marks Jan Kara
2014-12-02 16:35 ` Brian Foster [this message]
2014-12-02 20:47 ` Jan Kara
2014-12-02 21:59 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141202163548.GB2113@laptop.bfoster \
--to=bfoster@redhat.com \
--cc=jack@suse.cz \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.