From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, jfs-discussion@lists.sourceforge.net,
Jan Kara <jack@suse.cz>, Dave Kleikamp <dave.kleikamp@oracle.com>
Subject: [PATCH 4.12 01/31] jfs: Dont clear SGID when inheriting ACLs
Date: Thu, 3 Aug 2017 16:17:31 -0700 [thread overview]
Message-ID: <20170803231737.258164618@linuxfoundation.org> (raw)
In-Reply-To: <20170803231737.202188456@linuxfoundation.org>
4.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 9bcf66c72d726322441ec82962994e69157613e4 upstream.
When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
set, DIR1 is expected to have SGID bit set (and owning group equal to
the owning group of 'DIR0'). However when 'DIR0' also has some default
ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
'DIR1' to get cleared if user is not member of the owning group.
Fix the problem by moving posix_acl_update_mode() out of
__jfs_set_acl() into jfs_set_acl(). That way the function will not be
called when inheriting ACLs which is what we want as it prevents SGID
bit clearing and the mode has been properly set by posix_acl_create()
anyway.
Fixes: 073931017b49d9458aa351605b43a7e34598caef
CC: jfs-discussion@lists.sourceforge.net
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jfs/acl.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -77,13 +77,6 @@ static int __jfs_set_acl(tid_t tid, stru
switch (type) {
case ACL_TYPE_ACCESS:
ea_name = XATTR_NAME_POSIX_ACL_ACCESS;
- if (acl) {
- rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
- if (rc)
- return rc;
- inode->i_ctime = current_time(inode);
- mark_inode_dirty(inode);
- }
break;
case ACL_TYPE_DEFAULT:
ea_name = XATTR_NAME_POSIX_ACL_DEFAULT;
@@ -118,9 +111,17 @@ int jfs_set_acl(struct inode *inode, str
tid = txBegin(inode->i_sb, 0);
mutex_lock(&JFS_IP(inode)->commit_mutex);
+ if (type == ACL_TYPE_ACCESS && acl) {
+ rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+ if (rc)
+ goto end_tx;
+ inode->i_ctime = current_time(inode);
+ mark_inode_dirty(inode);
+ }
rc = __jfs_set_acl(tid, inode, type, acl);
if (!rc)
rc = txCommit(tid, 1, &inode, 0);
+end_tx:
txEnd(tid);
mutex_unlock(&JFS_IP(inode)->commit_mutex);
return rc;
next prev parent reply other threads:[~2017-08-03 23:17 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-03 23:17 [PATCH 4.12 00/31] 4.12.5-stable review Greg Kroah-Hartman
2017-08-03 23:17 ` Greg Kroah-Hartman [this message]
2017-08-03 23:17 ` [PATCH 4.12 03/31] ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 04/31] ALSA: hda - Add mute led support for HP ProBook 440 G4 Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 05/31] parisc: Prevent TLB speculation on flushed pages on CPUs that only support equivalent aliases Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 06/31] parisc: Extend disabled preemption in copy_user_page Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 07/31] parisc: Suspend lockup detectors before system halt Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 08/31] powerpc/pseries: Fix of_node_put() underflow during reconfig remove Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 09/31] mmc: sunxi: Keep default timing phase settings for new timing mode Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 10/31] NFS: invalidate file size when taking a lock Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 11/31] NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 12/31] scripts/dtc: dtx_diff - update include dts paths to match build Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 13/31] crypto: brcm - Fix SHA3-512 algorithm failure Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 14/31] crypto: brcm - remove BCM_PDC_MBOX dependency in Kconfig Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 15/31] crypto: authencesn - Fix digest_null crash Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 16/31] KVM: PPC: Book3S HV: Enable TM before accessing TM registers Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 17/31] KVM: PPC: Book3S HV: Fix host crash on changing HPT size Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 18/31] dm integrity: fix inefficient allocation of journal space Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 19/31] dm integrity: test for corrupted disk format during table load Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 20/31] md: remove idx from struct resync_pages Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 21/31] md/raid1: fix writebehind bio clone Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 22/31] md/raid5: add thread_group worker async_tx_issue_pending_all Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 23/31] drm/vmwgfx: Fix gcc-7.1.1 warning Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 24/31] drm/vmwgfx: Limit max desktop dimensions to 8Kx8K Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 25/31] drm/nouveau/disp/nv50-: bump max chans to 21 Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 26/31] drm/nouveau/bar/gf100: fix access to upper half of BAR2 Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 28/31] isdn/i4l: fix buffer overflow Greg Kroah-Hartman
2017-08-03 23:17 ` [PATCH 4.12 29/31] ipmi/watchdog: fix watchdog timeout set on reboot Greg Kroah-Hartman
2017-08-03 23:18 ` [PATCH 4.12 30/31] dentry name snapshots Greg Kroah-Hartman
2017-08-03 23:18 ` [PATCH 4.12 31/31] mmc: tmio-mmc: fix bad pointer math Greg Kroah-Hartman
2017-08-04 4:53 ` [PATCH 4.12 00/31] 4.12.5-stable review Guenter Roeck
2017-08-04 16:27 ` Greg Kroah-Hartman
2017-08-04 20:55 ` Shuah Khan
2017-08-04 21:46 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170803231737.258164618@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dave.kleikamp@oracle.com \
--cc=jack@suse.cz \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).