From patchwork Tue Feb 28 17:03:42 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg Kurz <groug@kaod.org>
X-Patchwork-Id: 9596301
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C44CD60453 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 28 Feb 2017 17:04:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1E6728533
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 28 Feb 2017 17:04:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A61CA2852A; Tue, 28 Feb 2017 17:04:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 122E528533
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 28 Feb 2017 17:04:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751364AbdB1RES (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 28 Feb 2017 12:04:18 -0500
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:33114 "EHLO
	mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1751332AbdB1REQ (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 28 Feb 2017 12:04:16 -0500
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id
	v1SH2rTl024548
	for <linux-fsdevel@vger.kernel.org>; Tue, 28 Feb 2017 12:03:51 -0500
Received: from e18.ny.us.ibm.com (e18.ny.us.ibm.com [129.33.205.208])
	by mx0a-001b2d01.pphosted.com with ESMTP id 28w9w4uewj-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <linux-fsdevel@vger.kernel.org>; Tue, 28 Feb 2017 12:03:50 -0500
Received: from localhost
	by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <linux-fsdevel@vger.kernel.org> from <groug@kaod.org>;
	Tue, 28 Feb 2017 12:03:48 -0500
Received: from d01dlp01.pok.ibm.com (9.56.250.166)
	by e18.ny.us.ibm.com (146.89.104.205) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Tue, 28 Feb 2017 12:03:45 -0500
Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com
	[9.57.198.26])
	by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 53D6E38C8046;
	Tue, 28 Feb 2017 12:03:46 -0500 (EST)
Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com
	[9.57.199.107])
	by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP
	id v1SH3jmZ53543088; Tue, 28 Feb 2017 17:03:45 GMT
Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 38709124035;
	Tue, 28 Feb 2017 12:03:43 -0500 (EST)
Received: from [192.168.66.23] (unknown [9.164.183.34])
	by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP id 5DEE4124049;
	Tue, 28 Feb 2017 12:03:42 -0500 (EST)
Subject: [PATCH 1/2] vfs: implement fchmodat2() syscall
From: Greg Kurz <groug@kaod.org>
To: viro@zeniv.linux.org.uk
Cc: linux-fsdevel@vger.kernel.org, Eric Blake <eblake@redhat.com>,
	linux-kernel@vger.kernel.org
Date: Tue, 28 Feb 2017 18:03:42 +0100
User-Agent: StGit/0.17.1-20-gc0b1b-dirty
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 17022817-0044-0000-0000-000002AE1911
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00006697; HX=3.00000240; KW=3.00000007;
	PH=3.00000004; SC=3.00000205; SDB=6.00828162; UDB=6.00405869;
	IPR=6.00605678;
	BA=6.00005174; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;
	ZB=6.00000000;
	ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00014472;
	XFM=3.00000011; UTC=2017-02-28 17:03:47
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17022817-0045-0000-0000-000006DC1876
Message-Id: <148830142269.7103.7429913851447595016.stgit@bahia>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-02-28_15:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=4
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000
	definitions=main-1702280151
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

According to the POSIX.1-2008 manual page [1], the fchmodat() function has
a flag argument which may be passed the following value:

AT_SYMLINK_NOFOLLOW
    If path names a symbolic link, then the mode of the symbolic link is
    changed.

and the following error may be returned:

[EOPNOTSUPP]
    The AT_SYMLINK_NOFOLLOW bit is set in the flag argument, path names a
    symbolic link, and the system does not support changing the mode of a
    symbolic link.

The linux kernel doesn't support changing the mode of a symbolic link, but
the current implementation doesn't even have a flag argument. It is then
up to userspace to deal with that. Unfortunately, it is impossible to
implement the POSIX behavior in a race-free manner.

This patch introduces a new fchmodat2() syscall with a flag argument to
address the issue.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/chmod.html

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 fs/open.c                         |   23 +++++++++++++++++++----
 include/linux/syscalls.h          |    2 ++
 include/uapi/asm-generic/unistd.h |    4 +++-
 scripts/checksyscalls.sh          |    3 ++-
 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index 9921f70bc5ca..66a8c19f72ca 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -558,24 +558,39 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
 	return err;
 }
 
-SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, umode_t, mode)
+SYSCALL_DEFINE4(fchmodat2, int, dfd, const char __user *, filename, umode_t,
+		mode, int, flag)
 {
 	struct path path;
-	int error;
-	unsigned int lookup_flags = LOOKUP_FOLLOW;
+	int error = -EINVAL;
+	unsigned int lookup_flags;
+
+	if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
+		goto out;
+
+	lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
 retry:
 	error = user_path_at(dfd, filename, lookup_flags, &path);
 	if (!error) {
-		error = chmod_common(&path, mode);
+		error = -EOPNOTSUPP;
+		if (!d_is_symlink(path.dentry))
+			error = chmod_common(&path, mode);
 		path_put(&path);
 		if (retry_estale(error, lookup_flags)) {
 			lookup_flags |= LOOKUP_REVAL;
 			goto retry;
 		}
 	}
+out:
 	return error;
 }
 
+SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, umode_t,
+		mode)
+{
+	return sys_fchmodat2(dfd, filename, mode, 0);
+}
+
 SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode)
 {
 	return sys_fchmodat(AT_FDCWD, filename, mode);
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 91a740f6b884..982089d55b31 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -775,6 +775,8 @@ asmlinkage long sys_futimesat(int dfd, const char __user *filename,
 asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode);
 asmlinkage long sys_fchmodat(int dfd, const char __user * filename,
 			     umode_t mode);
+asmlinkage long sys_fchmodat2(int dfd, const char __user *filename,
+			      umode_t mode, int flag);
 asmlinkage long sys_fchownat(int dfd, const char __user *filename, uid_t user,
 			     gid_t group, int flag);
 asmlinkage long sys_openat(int dfd, const char __user *filename, int flags,
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
index 9b1462e38b82..e8b0a00908b1 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
@@ -730,9 +730,11 @@ __SYSCALL(__NR_pkey_mprotect, sys_pkey_mprotect)
 __SYSCALL(__NR_pkey_alloc,    sys_pkey_alloc)
 #define __NR_pkey_free 290
 __SYSCALL(__NR_pkey_free,     sys_pkey_free)
+#define __NR_fchmodat2 291
+__SYSCALL(__NR_fchmodat2,     sys_fchmodat2)
 
 #undef __NR_syscalls
-#define __NR_syscalls 291
+#define __NR_syscalls 292
 
 /*
  * All syscalls below here should go away really,
diff --git a/scripts/checksyscalls.sh b/scripts/checksyscalls.sh
index 2c9082ba6137..2e7471a1d308 100755
--- a/scripts/checksyscalls.sh
+++ b/scripts/checksyscalls.sh
@@ -19,7 +19,7 @@ cat << EOF
 #define __IGNORE_link		/* linkat */
 #define __IGNORE_unlink		/* unlinkat */
 #define __IGNORE_mknod		/* mknodat */
-#define __IGNORE_chmod		/* fchmodat */
+#define __IGNORE_chmod		/* fchmodat2 */
 #define __IGNORE_chown		/* fchownat */
 #define __IGNORE_mkdir		/* mkdirat */
 #define __IGNORE_rmdir		/* unlinkat */
@@ -39,6 +39,7 @@ cat << EOF
 
 /* Missing flags argument */
 #define __IGNORE_renameat	/* renameat2 */
+#define __IGNORE_fchmodat	/* fchmodat2 */
 
 /* CLOEXEC flag */
 #define __IGNORE_pipe		/* pipe2 */