From: Jan Kara <jack@suse.cz>
To: Brian Foster <bfoster@redhat.com>
Cc: Jan Kara <jack@suse.cz>, xfs@oss.sgi.com
Subject: Re: [PATCH] xfs: Correctly lock inode when removing suid and security marks
Date: Tue, 2 Dec 2014 21:47:56 +0100 [thread overview]
Message-ID: <20141202204756.GA944@quack.suse.cz> (raw)
In-Reply-To: <20141202163548.GB2113@laptop.bfoster>
On Tue 02-12-14 11:35:48, Brian Foster wrote:
> On Tue, Dec 02, 2014 at 04:01:29PM +0100, Jan Kara wrote:
> > Currently XFS calls file_remove_suid() without holding i_mutex. This is
> > wrong because that function can end up messing with file permissions and
> > security xattrs for which we need i_mutex held.
> >
> > Fix the problem by grabbing iolock exclusively when we will need to
> > change anything in permissions / xattrs.
> >
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
>
> Hi Jan,
>
> This doesn't compile... it looks like we need to include the security.h
> header. FWIW, even then I get an undefined symbol error when compiling
> as a module (security_inode_need_killpriv() does not appear to be
> exported).
Sorry, forgot to amend the include in the commit. Regarding export of
security_inode_need_killpriv() - right, I had security XFS compiled in so I
didn't notice. Before I go and fix this up in the obvious way, does anyone
have better idea how to fix this than to second guess what
file_remove_suid() does? Maybe a VFS helper like file_needs_remove_suid()
will be cleaner than what I did?
Honza
> > fs/xfs/xfs_file.c | 12 ++++++++++++
> > 1 file changed, 12 insertions(+)
> >
> > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> > index eb596b419942..ad6636ac4943 100644
> > --- a/fs/xfs/xfs_file.c
> > +++ b/fs/xfs/xfs_file.c
> > @@ -521,6 +521,18 @@ restart:
> > if (error)
> > return error;
> >
> > + /* For changing security info in file_remove_suid() we need i_mutex */
> > + if (!IS_NOSEC(inode) && *iolock == XFS_IOLOCK_SHARED) {
> > + struct dentry *dentry = file->f_path.dentry;
> > +
> > + if (should_remove_suid(dentry) ||
> > + security_inode_need_killpriv(dentry)) {
> > + xfs_rw_iunlock(ip, *iolock);
> > + *iolock = XFS_IOLOCK_EXCL;
> > + xfs_rw_ilock(ip, *iolock);
> > + goto restart;
> > + }
> > + }
> > /*
> > * If the offset is beyond the size of the file, we need to zero any
> > * blocks that fall between the existing EOF and the start of this
> > --
> > 1.8.1.4
> >
> > _______________________________________________
> > xfs mailing list
> > xfs@oss.sgi.com
> > http://oss.sgi.com/mailman/listinfo/xfs
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2014-12-02 20:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-02 15:01 [PATCH] xfs: Correctly lock inode when removing suid and security marks Jan Kara
2014-12-02 16:35 ` Brian Foster
2014-12-02 20:47 ` Jan Kara [this message]
2014-12-02 21:59 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141202204756.GA944@quack.suse.cz \
--to=jack@suse.cz \
--cc=bfoster@redhat.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.