From: Jeff Mahoney <jeffm@suse.com>
To: reiserfs-devel <reiserfs-devel@vger.kernel.org>
Cc: Jan Kara <jack@suse.cz>
Subject: Re: [PATCH] reiserfs: fix double-lock while chowning setuid file w/ xattrs
Date: Tue, 27 Nov 2012 10:13:48 -0500 [thread overview]
Message-ID: <50B4D8AC.3050105@suse.com> (raw)
In-Reply-To: <50B382E5.1010300@suse.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/26/12 9:55 AM, Jeff Mahoney wrote:
> reiserfs_chown_xattrs() takes the iattr struct passed into
> ->setattr and uses it to iterate over all the attrs associated with
> a file to change ownership of xattrs (and transfer quota associated
> with the xattr files).
>
> When a setuid file is chowned and the setuid bit is cleared,
> reiserfs_setattr gets called with both ATTR_MODE and ATTR_UID set.
> Since ATTR_MODE causes the ACL chmod code to be invoked, we end up
> calling reiserfs_acl_chmod on the xattr file. There's a missing
> IS_PRIVATE check there, so instead of bailing out immediately, we
> end up taking the inode->i_mutex a second time in open_xa_dir.
>
> The other xattr paths are protected against similar situations by
> bailing out on IS_PRIVATE. This patch adds the missing check to
> reiserfs_acl_chmod.
>
> Signed-off-by: Jeff Mahoney <jeffm@suse.com> Cc: stable@kernel.org
> --- fs/reiserfs/xattr_acl.c | 3 +++ 1 file changed, 3
> insertions(+)
>
> --- a/fs/reiserfs/xattr_acl.c +++ b/fs/reiserfs/xattr_acl.c @@
> -448,6 +448,9 @@ int reiserfs_acl_chmod(struct inode *ino struct
> posix_acl *acl, *clone; int error;
>
> + if (IS_PRIVATE(inode)) + return 0; + if
> (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP;
>
Ignore this patch. It's incomplete. It avoids the double lock, but
ATTR_MODE is applied to the directory as well.
- -Jeff
- --
Jeff Mahoney
SUSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBAgAGBQJQtNisAAoJEB57S2MheeWy3DEQAL1SfWVnMaQALEkZ7RfM3wIx
vGMkfh2kn58ZSFlpmP3dWukeSHqBQgd5N2YZbAmW51Z9peHphBe3ntyEd1Bj1qQM
RSF35EBD7UP1QtrxfwMmva1huzp7iwYCAfR7RN/QQbtNUc4ppD7CrPKIhiczmeAI
YJ+uGHZPyM6B1lRb27Vb9wPSf/TsPZ7id8dTmDMkUjLTGAQeNT7L/Eo9hiM9TK+4
mkdNspJXRZh/iIHcSOcrURdeuMhRm/KEG2G8er1LaYzP2j0y/RI1bygsWLVHfUzt
PyMcESs06R1h3vVYFDEGj2J3Nx8Z2nBHsvPt3CleRJkKdX7cZVIUIE/Eb3wFY1Hz
BrDcLHm0/jC+dw20l+ohdWDsqOf32ZxC6X6e4GP5JeKKDdtLBEkgzQDV0I9kMDiy
XQFAR6gi4ieuHTIddYWZ2KvY6ZXIN1uPEZtrjZE39mRP9/HZbf4vo5dzLgo3yCUT
5RGx0hE2HBz5xZFNe66vID+JP7TdOTUe2OUeD8pBbjiY/CiM9N8UroIN672Lsm82
FEvQ+sn2tMziVy9TfCaqq2WkEopecKCjL6HkwSf3sylCfnR2kDihA1g/ClVlhoGk
IXFir/N/aOczNuZpCQgnE+THeHAMYD3DdQmYTVqng/YgIq5pa9KSX2+VpUQP3VY0
jiLiQWm9C1JNg6MN57qV
=oSqU
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2012-11-27 15:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-26 14:55 [PATCH] reiserfs: fix double-lock while chowning setuid file w/ xattrs Jeff Mahoney
2012-11-27 15:13 ` Jeff Mahoney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B4D8AC.3050105@suse.com \
--to=jeffm@suse.com \
--cc=jack@suse.cz \
--cc=reiserfs-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.