From patchwork Tue Jul 18 16:22:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 9848879 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F36D6600CC for ; Tue, 18 Jul 2017 16:23:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3B082859E for ; Tue, 18 Jul 2017 16:23:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E7042285A1; Tue, 18 Jul 2017 16:23:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 522CC2859E for ; Tue, 18 Jul 2017 16:23:33 +0000 (UTC) Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v6IGNLmc022992 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 18 Jul 2017 16:23:22 GMT Received: from oss.oracle.com (oss-old-reserved.oracle.com [137.254.22.2]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v6IGNJgl030214 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jul 2017 16:23:20 GMT Received: from localhost ([127.0.0.1] helo=lb-oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1dXVHL-0005eB-Po; Tue, 18 Jul 2017 09:23:19 -0700 Received: from aserv0021.oracle.com ([141.146.126.233]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1dXVGd-0005cP-9G for ocfs2-devel@oss.oracle.com; Tue, 18 Jul 2017 09:22:35 -0700 Received: from userp2040.oracle.com (userp2040.oracle.com [156.151.31.90]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v6IGMYUE008890 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Tue, 18 Jul 2017 16:22:35 GMT Received: from pps.filterd (userp2040.oracle.com [127.0.0.1]) by userp2040.oracle.com (8.16.0.20/8.16.0.20) with SMTP id v6IGK5pL023850 for ; Tue, 18 Jul 2017 16:22:34 GMT Authentication-Results: oracle.com; spf=pass smtp.mailfrom=jack@suse.cz Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by userp2040.oracle.com with ESMTP id 2bshcv1kmy-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 18 Jul 2017 16:22:34 +0000 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 781F7AC6B; Tue, 18 Jul 2017 16:22:30 +0000 (UTC) Received: by quack2.suse.cz (Postfix, from userid 1000) id 8F3541E340C; Tue, 18 Jul 2017 18:22:29 +0200 (CEST) From: Jan Kara To: Andrew Morton Date: Tue, 18 Jul 2017 18:22:20 +0200 Message-Id: <20170718162220.27526-2-jack@suse.cz> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20170718162220.27526-1-jack@suse.cz> References: <20170718162220.27526-1-jack@suse.cz> X-CLX-Shades: MLX X-CLX-Response: 1TFkXGxwTEQpMehcZGhEKWU0XZ2ZyEQpZSRcacRoQGncGGx4TcRkaEBp3Bhg aBhoRClleF2huZhEKSUYXRVhLSUZPdVpYRU5fSV5DRUQeEQpDThdJf09IZRlYRHhPRl54QHUabG MZaGgZGlMHX3NeXGhpeBEKWFwXHwQaBBsbGQcbSBJOG04aSAUbGgQbGhoEHhIEGxAbHhofGhEKX lkXe0UTWkYRCk1cFx8dHhEKTFoXaGlNTXkRCkxGF2xraxEKQ1oXGxMfBBsZHwQYGBoEGx8RCkJe FxsRCkRJFx4RCkJGF2JpfWVFGFocTRNmEQpCXBcaEQpCRRdgAWF7W1p7QAFibREKQk4XZRp4GwU FcHN7U1kRCkJMF21keGJ8T3thQ19fEQpCbBdpfhh8QF9IHE5rUhEKQkAXZQVyHmJAUnkFelgRCk JYF2J9b3kBTxgZcHB7EQpaWBcbEQpwZxdlYEVQaGF9GG1lcxAbGhoRCnBoF2VmeGN5QXBEe2sSE BkaEQpwaBdtHF0ZWW18RH1GWhAZGhEKcGgXaxN5YG1cb2NsaGMQGRoRCnBoF2FwWl9LfE9dS0Rg EBkaEQpwaBdsEnl9bUVtSQVdSRAZGhEKcGcXZ34dEh9MT0hLeXIQHhIRCnBsF2JAWm1QQUNjcF9 tEBwaEQptfhcaEQpYTRdLESA= X-PDR: PASS X-ServerName: mx2.suse.de X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:137.65.0.0/16 ip4:151.155.28.0/17 ip4:149.44.0.0/16 ip4:147.2.0.0/16 ip4:164.99.0.0/16 ip4:130.57.0.0/16 ip4:192.31.114.0/24 ip4:195.135.221.0/24 ip4:195.135.220.0/24 ip4:69.7.179.0/24 ip4:150.215.214.0/24 include:mailcontrol.com ~all X-Proofpoint-Virus-Version: vendor=nai engine=5800 definitions=8595 signatures=668517 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=30 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=169 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707180257 Cc: stable@vger.kernel.org, Jan Kara , ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH 2/2] ocfs2: Don't clear SGID when inheriting ACLs X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ocfs2-devel-bounces@oss.oracle.com Errors-To: ocfs2-devel-bounces@oss.oracle.com X-Source-IP: userv0021.oracle.com [156.151.31.71] X-Virus-Scanned: ClamAV using ClamSMTP When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit set, DIR1 is expected to have SGID bit set (and owning group equal to the owning group of 'DIR0'). However when 'DIR0' also has some default ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on 'DIR1' to get cleared if user is not member of the owning group. Fix the problem by moving posix_acl_update_mode() out of ocfs2_set_acl() into ocfs2_iop_set_acl(). That way the function will not be called when inheriting ACLs which is what we want as it prevents SGID bit clearing and the mode has been properly set by posix_acl_create() anyway. Also posix_acl_chmod() that is calling ocfs2_set_acl() takes care of updating mode itself. Fixes: 073931017b49d9458aa351605b43a7e34598caef CC: stable@vger.kernel.org CC: Joel Becker CC: ocfs2-devel@oss.oracle.com Signed-off-by: Jan Kara --- fs/ocfs2/acl.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c index 3b9c3638a381..40b5cc97f7b0 100644 --- a/fs/ocfs2/acl.c +++ b/fs/ocfs2/acl.c @@ -240,18 +240,6 @@ static int ocfs2_set_acl(handle_t *handle, switch (type) { case ACL_TYPE_ACCESS: name_index = OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS; - if (acl) { - umode_t mode; - - ret = posix_acl_update_mode(inode, &mode, &acl); - if (ret) - return ret; - - ret = ocfs2_acl_set_mode(inode, di_bh, - handle, mode); - if (ret) - return ret; - } break; case ACL_TYPE_DEFAULT: name_index = OCFS2_XATTR_INDEX_POSIX_ACL_DEFAULT; @@ -289,7 +277,19 @@ int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type) had_lock = ocfs2_inode_lock_tracker(inode, &bh, 1, &oh); if (had_lock < 0) return had_lock; + if (type == ACL_TYPE_ACCESS && acl) { + umode_t mode; + + status = posix_acl_update_mode(inode, &mode, &acl); + if (status) + goto unlock; + + status = ocfs2_acl_set_mode(inode, bh, NULL, mode); + if (status) + goto unlock; + } status = ocfs2_set_acl(NULL, inode, bh, type, acl, NULL, NULL); +unlock: ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock); brelse(bh); return status;