From: Jeff Mahoney <jeffm@suse.com>
To: reiserfs-devel <reiserfs-devel@vger.kernel.org>
Cc: stable@kernel.org, Jan Kara <jack@suse.cz>
Subject: [PATCH] reiserfs: fix double-lock while chowning setuid file w/ xattrs
Date: Mon, 26 Nov 2012 09:55:33 -0500 [thread overview]
Message-ID: <50B382E5.1010300@suse.com> (raw)
reiserfs_chown_xattrs() takes the iattr struct passed into ->setattr
and uses it to iterate over all the attrs associated with a file to change
ownership of xattrs (and transfer quota associated with the xattr files).
When a setuid file is chowned and the setuid bit is cleared, reiserfs_setattr
gets called with both ATTR_MODE and ATTR_UID set. Since ATTR_MODE causes
the ACL chmod code to be invoked, we end up calling reiserfs_acl_chmod on
the xattr file. There's a missing IS_PRIVATE check there, so instead of
bailing out immediately, we end up taking the inode->i_mutex a second time
in open_xa_dir.
The other xattr paths are protected against similar situations by bailing
out on IS_PRIVATE. This patch adds the missing check to reiserfs_acl_chmod.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@kernel.org
---
fs/reiserfs/xattr_acl.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -448,6 +448,9 @@ int reiserfs_acl_chmod(struct inode *ino
struct posix_acl *acl, *clone;
int error;
+ if (IS_PRIVATE(inode))
+ return 0;
+
if (S_ISLNK(inode->i_mode))
return -EOPNOTSUPP;
--
Jeff Mahoney
SUSE Labs
next reply other threads:[~2012-11-26 14:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-26 14:55 Jeff Mahoney [this message]
2012-11-27 15:13 ` [PATCH] reiserfs: fix double-lock while chowning setuid file w/ xattrs Jeff Mahoney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B382E5.1010300@suse.com \
--to=jeffm@suse.com \
--cc=jack@suse.cz \
--cc=reiserfs-devel@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.