From patchwork Tue Apr 19 11:47:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817772 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCF3EC43217 for ; Tue, 19 Apr 2022 10:46:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350744AbiDSKtZ (ORCPT ); Tue, 19 Apr 2022 06:49:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237759AbiDSKtX (ORCPT ); Tue, 19 Apr 2022 06:49:23 -0400 Received: from mail1.bemta32.messagelabs.com (mail1.bemta32.messagelabs.com [195.245.230.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66CCE18E3B; Tue, 19 Apr 2022 03:46:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365198; i=@fujitsu.com; bh=nKcbw9G10YRwJtuTkWKrJxPtCYxkjd1NLjOt968HcKM=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=FtukdF7buVA7kfo1MC9GCqe2FA/iAKQnj7RcQrpOn9pKeTatldHlqxERZAtqaKDgh PLKlmPoUOMEz1nBrxNm9t/youJkNGcdT1D9IxMmHfP7SydwrknrB0+z3T80DI2oUk6 OqS+YTCjKQ1XkCyJMGQcb74E3Rfzsme7Ls6SxHD4S70pfHoJpLJ6sby7REdzeAV5UW xmRv5yqZCxV70WTms/aAPGDxpcEPGVdakI+XeNYrRrymX9BNodUJYOYnL1FUlL0GPd ES9aKpcVmHedXk64fLxVKuC4/Nm93dbORwKOYDlbAfwEVy7r3xmTyuo7iMayAqHxrL nbHmmPyKD8dXA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPIsWRWlGSWpSXmKPExsViZ8MxSZd3cly SwbH9phavD39itPhwcxKTxempZ5ksthy7x2hx+Qmfxc9lq9gtLi1yt9iz9ySLxYUDp1ktdv3Z wW6x8vFWJovzf4+zOvB4nFok4bFpVSebx4vNMxk9di/4zOTxeZOcx6Ynb5kC2KJYM/OS8isSW DM62rULpgpVdJx+zt7AuIq/i5GLQ0hgC6PEtmM3WSGcBUwScz++YIZw9jBKPPm3hLGLkZODTU BT4lnnAmYQW0RAWWLBjWNsIEXMAmeYJC5dgygSFkiUOHv6ACuIzSKgKnHjQx9YnFfAQ6LhSx9 YXEJAQWLKw/fMEHFBiZMzn7CA2MwCEhIHX7xghqhRlLjU8Y0Rwq6QmDWrjQnCVpO4em4T8wRG /llI2mchaV/AyLSK0SqpKDM9oyQ3MTNH19DAQNfQ0FTXQNfIxFgvsUo3US+1VLc8tbhE11Avs bxYL7W4WK+4Mjc5J0UvL7VkEyMwXlKKGT7vYFzQ91PvEKMkB5OSKG99VFySEF9SfkplRmJxRn xRaU5q8SFGGQ4OJQne0glAOcGi1PTUirTMHGDswqQlOHiURHgn9wOleYsLEnOLM9MhUqcYFaX EecVagBICIImM0jy4Nli6uMQoKyXMy8jAwCDEU5BalJtZgir/ilGcg1FJmLdpItAUnsy8Erjp r4AWMwEtrp4SC7K4JBEhJdXAlG0x47WhXXPmhOZX25cXbJ/22zNIXuVX1Rr1zBk/LzkUiB/Zl PQzzPpcf0Czsuf21pzcfpHZPJPW7Pi1XE1yYsHb96E/e+ZveLJiRsd7h+IF1pPU7shLvNffM+ Olh9urBQWFR5i2/d/ie5xdS4L12ft9zPnLl794xf5MN3frp64bp+Mem0iL7HHgE8rUm2JtvH3 VKz391Tvt3tY+mNnt1PktKVklxjYg+GSnmh/7vOM7+Y4+5cu62/THvyEj7J0Nt3DgjSdn8nJW yvAd3BYs2Kl0KXfaVVn1yO6l84PLs9Pe1CWdf56yYvOOcxs5/9ycn3HgiVjL28fzbJ03XFHMf TZPP/FhX9KuNpXt2W0GjUosxRmJhlrMRcWJABJQCauSAwAA X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-6.tower-587.messagelabs.com!1650365197!269511!1 X-Originating-IP: [62.60.8.146] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 19231 invoked from network); 19 Apr 2022 10:46:37 -0000 Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146) by server-6.tower-587.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:46:37 -0000 Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1]) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id 29D4210045A; Tue, 19 Apr 2022 11:46:37 +0100 (BST) Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id 17C58100440; Tue, 19 Apr 2022 11:46:37 +0100 (BST) Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:46:11 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 1/8] fs: move sgid strip operation from inode_init_owner into inode_sgid_strip Date: Tue, 19 Apr 2022 19:47:07 +0800 Message-ID: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) X-Virus-Scanned: ClamAV using ClamSMTP Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org This has no functional change. Just create and export inode_sgid_strip api for the subsequent patch. This function is used to strip S_ISGID mode when init a new inode. Acked-by: Christian Brauner (Microsoft) Signed-off-by: Yang Xu --- fs/inode.c | 22 ++++++++++++++++++---- include/linux/fs.h | 3 ++- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index 9d9b422504d1..3215e61a0021 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2246,10 +2246,8 @@ void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode, /* Directories are special, and always inherit S_ISGID */ if (S_ISDIR(mode)) mode |= S_ISGID; - else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && - !in_group_p(i_gid_into_mnt(mnt_userns, dir)) && - !capable_wrt_inode_uidgid(mnt_userns, dir, CAP_FSETID)) - mode &= ~S_ISGID; + else + inode_sgid_strip(mnt_userns, dir, &mode); } else inode_fsgid_set(inode, mnt_userns); inode->i_mode = mode; @@ -2405,3 +2403,19 @@ struct timespec64 current_time(struct inode *inode) return timestamp_truncate(now, inode); } EXPORT_SYMBOL(current_time); + +void inode_sgid_strip(struct user_namespace *mnt_userns, + const struct inode *dir, umode_t *mode) +{ + if (S_ISDIR(*mode) || !dir || !(dir->i_mode & S_ISGID)) + return; + if ((*mode & (S_ISGID | S_IXGRP)) != (S_ISGID | S_IXGRP)) + return; + if (in_group_p(i_gid_into_mnt(mnt_userns, dir))) + return; + if (capable_wrt_inode_uidgid(mnt_userns, dir, CAP_FSETID)) + return; + + *mode &= ~S_ISGID; +} +EXPORT_SYMBOL(inode_sgid_strip); diff --git a/include/linux/fs.h b/include/linux/fs.h index bbde95387a23..4a617aaab6f6 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1897,7 +1897,8 @@ extern long compat_ptr_ioctl(struct file *file, unsigned int cmd, void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode, const struct inode *dir, umode_t mode); extern bool may_open_dev(const struct path *path); - +void inode_sgid_strip(struct user_namespace *mnt_userns, + const struct inode *dir, umode_t *mode); /* * This is the "filldir" function type, used by readdir() to let * the kernel specify what kind of dirent layout it wants to have. From patchwork Tue Apr 19 11:47:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817773 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 357F1C4167D for ; Tue, 19 Apr 2022 10:46:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350758AbiDSKt0 (ORCPT ); Tue, 19 Apr 2022 06:49:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350709AbiDSKtX (ORCPT ); Tue, 19 Apr 2022 06:49:23 -0400 Received: from mail1.bemta32.messagelabs.com (mail1.bemta32.messagelabs.com [195.245.230.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 678281AF3D; Tue, 19 Apr 2022 03:46:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365198; i=@fujitsu.com; bh=ThqRNMVwN/gYuY+yP+qvGKhzoByHtom9pEJS+r8beCs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=vq8WP8thCOyj7/cit9HcuzsuLaT7Dp6E5Mv4/k+4VpBVKwZ+PCFbO1n22gGwIZRic 3EAXsuarx08FUb0aINwGjz+22QYqoIuaUmw1QiPfti+TAXN1G6iFNAfIyJFCkigljO xn7l4T/en7G07NbJi02RIWMWCjQIRzzS6bOpdqvKAyF+fUO0zthclHY/BOOVDw1QSX ybR9WRgQSa8SiryYEkeITq5n1nx+qwApuRusn2WBc32fhodUWClDYP1QWLKM4F14uD BKL5+xsiaO+2hwE4bEmtk1PvBs8RdxvEk/W3kbPBiNZHqhiCO3vXptGirx8uSz8omq G/P5MzBSVyhnw== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRWlGSWpSXmKPExsViZ8MxSZd3cly Swd+txhavD39itPhwcxKTxempZ5ksthy7x2hx+Qmfxc9lq9gtLi1yt9iz9ySLxYUDp1ktdv3Z wW6x8vFWJovzf4+zOvB4nFok4bFpVSebx4vNMxk9di/4zOTxeZOcx6Ynb5kC2KJYM/OS8isSW DMe7lnLWPCRveLv/ZVsDYz32boYuTiEBLYwSuxa84gdwlnAJNE2eyeUs4dRYsnLt6xdjJwcbA KaEs86FzCD2CICyhILbhwDa2cWOMMkcenaEkaQhLCAk8SeBz3sIDaLgKrE0vcvWUBsXgEPiYl t28FqJAQUJKY8fA82iFPAU2Lj2/dgNUJANdcPb2GGqBeUODnzCVicWUBC4uCLF8wQvYoSlzq+ Qc2pkJg1q40JwlaTuHpuE/MERsFZSNpnIWlfwMi0itEqqSgzPaMkNzEzR9fQwEDX0NBU10DXy NBUL7FKN1EvtVS3PLW4RNdQL7G8WC+1uFivuDI3OSdFLy+1ZBMjMMJSihmu72Cc2PdT7xCjJA eTkihvfVRckhBfUn5KZUZicUZ8UWlOavEhRhkODiUJ3tIJQDnBotT01Iq0zBxgtMOkJTh4lER 4J/cDpXmLCxJzizPTIVKnGBWlxHnFWoASAiCJjNI8uDZYgrnEKCslzMvIwMAgxFOQWpSbWYIq /4pRnINRSZi3aSLQFJ7MvBK46a+AFjMBLa6eEguyuCQRISXVwHTiO/fzlm8l4Ve61jFftdvQL H6qR4J1SlY+g3qsSveUrUb6gWJtiVaWcadEZHY839Z2wldx++X+5U/EHKymHs6ryzBNMPnH9r z8mDDT+vnaX0Vm92wNiOnU+i/+at70zEPhD+daG9it+T3tjAqHa5fwXhX2HXkOwvlHyuYffLV TsCrITLfmYWH5uS0Xll7uUH0/I70gL2vbVOVaK3v3RxzWPf/3JMTHrOiLbF7/TSHf4J7QRscj uRKdG9qCz6+9l1jRc4pDUuPYhQ7nS8I7q76wCU++GuX1Mlr+3sVfPxZaMTzwFU7XO60uZKyar PI2VORSXzGTeFzI38YX3RuTNDfmRx2NXny/p1bLmX+tEktxRqKhFnNRcSIA0R2Z56sDAAA= X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-16.tower-591.messagelabs.com!1650365197!273701!1 X-Originating-IP: [62.60.8.146] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 13109 invoked from network); 19 Apr 2022 10:46:37 -0000 Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146) by server-16.tower-591.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:46:37 -0000 Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1]) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id 4DBA01000F5; Tue, 19 Apr 2022 11:46:37 +0100 (BST) Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id 21AF3100459; Tue, 19 Apr 2022 11:46:37 +0100 (BST) Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:46:25 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 2/8] fs: Add missing umask strip in vfs_tmpfile Date: Tue, 19 Apr 2022 19:47:08 +0800 Message-ID: <1650368834-2420-2-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) X-Virus-Scanned: ClamAV using ClamSMTP Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org All creation paths except for O_TMPFILE handle umask in the vfs directly if the filesystem doesn't support or enable POSIX ACLs. If the filesystem does then umask handling is deferred until posix_acl_create(). Because, O_TMPFILE misses umask handling in the vfs it will not honor umask settings. Fix this by adding the missing umask handling. Reported-by: Christian Brauner (Microsoft) Acked-by: Christian Brauner (Microsoft) Signed-off-by: Yang Xu --- fs/namei.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/namei.c b/fs/namei.c index 509657fdf4f5..73646e28fae0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3521,6 +3521,8 @@ struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns, child = d_alloc(dentry, &slash_name); if (unlikely(!child)) goto out_err; + if (!IS_POSIXACL(dir)) + mode &= ~current_umask(); error = dir->i_op->tmpfile(mnt_userns, dir, child, mode); if (error) goto out_err; From patchwork Tue Apr 19 11:47:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817774 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98B30C433F5 for ; Tue, 19 Apr 2022 10:47:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350771AbiDSKto (ORCPT ); Tue, 19 Apr 2022 06:49:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240381AbiDSKtm (ORCPT ); Tue, 19 Apr 2022 06:49:42 -0400 Received: from mail3.bemta32.messagelabs.com (mail3.bemta32.messagelabs.com [195.245.230.82]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DFD61CB34; Tue, 19 Apr 2022 03:46:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365217; i=@fujitsu.com; bh=4LvUQiHQuZbq3+y9oGS90voMbGFx43rdOdvN/yWo2vI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ao26HRrlQaKtDPImAqAml+KuTJieC1e81R6RJISy54lToIcQ9oV2MWbIFyiM2crWn e2k778pGa9p83yhbDtcbWtLkSKwWjXo4FBLtw0S/8lqbjKD8ZR4itsIvORc768ViOH HnjfTwwYH+CW8+BRezNa2dyoWhbCCF/cXAPE3GxAOUbRvbeQvsbpyuG3AABzoDTJpH YrnDFbAejVXwaHCPJR0Vo9S5ElKSJwD3tChw7RUTM689yjQb6nkk8lnqo6tO+sm8gI rbDe3b0Utulm5ETUnPmJWmeBTJXWeT9lb+xl51QIsBnljuMpBSMwH+zs9bUQqGc0VE 6obMZ6J4tGdVA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnleJIrShJLcpLzFFi42Kxs+EI0VWYHJd k8GuFgcXrw58YLT7cnMRkcXrqWSaLLcfuMVpcfsJn8XPZKnaLS4vcLfbsPcliceHAaVaLXX92 sFusfLyVyeL83+OsDjwepxZJeGxa1cnm8WLzTEaP3Qs+M3l83iTnsenJW6YAtijWzLyk/IoE1 owvm86yFLzgrTjUu4S5gfE0dxcjJ4eQwGtGidaH8l2MXED2HkaJW8u/MoEk2AQ0JZ51LmAGsU UElCUW3DjGBmIzC3xgkph4sKqLkYNDWCBIYvuaAJAwi4CqxJpvuxlBbF4BD4mWV+1gtoSAgsS Uh+/BxnAKeEpsfPueBWKvh8T1w1uYIeoFJU7OfMICMV5C4uCLF8wQvYoSlzq+Qc2pkJg1q41p AiP/LCQts5C0LGBkWsVomVSUmZ5RkpuYmaNraGCga2hoqmusa2Gml1ilm6iXWqpbnlpcomuol 1herJdaXKxXXJmbnJOil5dasokRGCcpxcxhOxj/9P7UO8QoycGkJMpbHxWXJMSXlJ9SmZFYnB FfVJqTWnyIUYaDQ0mCt3QCUE6wKDU9tSItMwcYszBpCQ4eJRHeyf1Aad7igsTc4sx0iNQpRl2 OtQ0H9jILseTl56VKifOKtQAVCYAUZZTmwY2ApY9LjLJSwryMDAwMQjwFqUW5mSWo8q8YxTkY lYR5iyYBTeHJzCuB2/QK6AgmoCOqp8SCHFGSiJCSamAynjLFKGtG7eyP51ntE+V23nTmPlebI bjgXsMtIy3+76ft0xzOPc5c8sJYM9Zk4buewAO9dhb1fhsm7tBZa3Vxv+MEf41bj9esSGhNeP Radeayz1feFvZM371q8V3mWo5c5Tbp7IMRmxtVj/arV0tMY90Qm/645gbj9qJz5qUPN3yTaXx kUGaplvPaR9cw2qtH4PGiyknJrM2iT96s2rpkyd/Uk7F9yzxKX8xgfFZ+SOs9l+XpqXqb+DLf /Nu/f11d5x/jyuvrvDMDD73tDfJtS3POury3lP1LabfJwwmLfhl8lsvdcryKcXlXbdekmqap3 0OEhTzOz/mn1dKx3GvWqR+ynnL3t3XNOJtZLv9NiaU4I9FQi7moOBEAMekPSpoDAAA= X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-18.tower-585.messagelabs.com!1650365216!280278!1 X-Originating-IP: [62.60.8.84] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 24417 invoked from network); 19 Apr 2022 10:46:56 -0000 Received: from unknown (HELO mailhost3.uk.fujitsu.com) (62.60.8.84) by server-18.tower-585.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:46:56 -0000 Received: from R01UKEXCASM126.r01.fujitsu.local ([10.183.43.178]) by mailhost3.uk.fujitsu.com (8.14.5/8.14.5) with ESMTP id 23JAkiuN014724 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Apr 2022 11:46:44 +0100 Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:46:38 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 3/8] xfs: only call posix_acl_create under CONFIG_XFS_POSIX_ACL Date: Tue, 19 Apr 2022 19:47:09 +0800 Message-ID: <1650368834-2420-3-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org Since xfs_generic_create only calls xfs_set_acl when enable this kconfig, we don't need to call posix_acl_create for the !CONFIG_XFS_POSIX_ACL case. The previous patch has added missing umask strip for tmpfile, so all creation paths handle umask in the vfs directly if the filesystem doesn't support or enable POSIX ACLs. So just put this function under CONFIG_XFS_POSIX_ACL and umask strip still works well. Also use unified rule for CONFIG_XFS_POSIX_ACL in this file, so use IS_ENABLED in xfs_generic_create. Signed-off-by: Yang Xu --- fs/xfs/xfs_iops.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index b34e8e4344a8..6b8df9ab215a 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -150,6 +150,7 @@ xfs_create_need_xattr( return true; if (default_acl) return true; + #if IS_ENABLED(CONFIG_SECURITY) if (dir->i_sb->s_security) return true; @@ -169,7 +170,7 @@ xfs_generic_create( { struct inode *inode; struct xfs_inode *ip = NULL; - struct posix_acl *default_acl, *acl; + struct posix_acl *default_acl = NULL, *acl = NULL; struct xfs_name name; int error; @@ -184,9 +185,11 @@ xfs_generic_create( rdev = 0; } +#if IS_ENABLED(CONFIG_XFS_POSIX_ACL) error = posix_acl_create(dir, &mode, &default_acl, &acl); if (error) return error; +#endif /* Verify mode is valid also for tmpfile case */ error = xfs_dentry_mode_to_name(&name, dentry, mode); @@ -209,7 +212,7 @@ xfs_generic_create( if (unlikely(error)) goto out_cleanup_inode; -#ifdef CONFIG_XFS_POSIX_ACL +#if IS_ENABLED(CONFIG_XFS_POSIX_ACL) if (default_acl) { error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); if (error) From patchwork Tue Apr 19 11:47:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 823FFC433FE for ; Tue, 19 Apr 2022 10:47:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350800AbiDSKuQ (ORCPT ); Tue, 19 Apr 2022 06:50:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243059AbiDSKuG (ORCPT ); Tue, 19 Apr 2022 06:50:06 -0400 Received: from mail1.bemta32.messagelabs.com (mail1.bemta32.messagelabs.com [195.245.230.2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CCE811D335; Tue, 19 Apr 2022 03:47:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365242; i=@fujitsu.com; bh=0pzuZqnMKiL4erT/FsIYrH8hrYItIQ0ZRX22uC8lIbQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hIwfAuc69Xx8K25DwcOytVfnY2HcBlHnpYAGbO4CnypR85lQ5SFVuTh/tkIJQY6Ou 2AUfaSP0Uy2wkPcWyRMeT8JKKenGQPKsey63y6p3NOtsZL0gyTvAK35vkwzo2Nsd60 FB6Lyt3Ztlp5nqmYSWLYvPiQCpODFdh0pwWJmlxRbvWBbqEHhN4V8xIQp1hmxrcf14 EOOjwwtJo6M1zZuCRPbn9scL9ZwmIaFXx4ClIc3Z9gHSUVwYXGIWcCJaqy2kEZ+vXQ RXiFScjVnMIlMh9cHzIL+/14Si/jT8/nytq21b9Xrgl9LH5depfT0QxihYaSaXwZtA zkM1J0kBbT+lQ== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprGKsWRWlGSWpSXmKPExsViZ8ORqGs5OS7 JYEu3hMXrw58YLT7cnMRkcXrqWSaLLcfuMVpcfsJn8XPZKnaLS4vcLfbsPcliceHAaVaLXX92 sFusfLyVyeL83+OsDjwepxZJeGxa1cnm8WLzTEaP3Qs+M3l83iTnsenJW6YAtijWzLyk/IoE1 owlXy+xFuwUrdj1cjZ7A+NkoS5GLg4hgS2MEp1bpjJBOAuYJI78eczcxcgJ5OxhlDj0VhnEZh PQlHjWuQAsLiKgLLHgxjE2kAZmgTNMEpeuLWEESQgL+Ev8fv4WyObgYBFQlZg0PRckzCvgIXF t2QqwEgkBBYkpD9+DzeEU8JTY+PY9C8QuD4nrh7cwQ9QLSpyc+QQsziwgIXHwxQtmiF5FiUsd 36DmVEjMmtXGBGGrSVw9t4l5AqPgLCTts5C0L2BkWsVolVSUmZ5RkpuYmaNraGCga2hoqgskT U30Eqt0E/VSS3XLU4tLdA31EsuL9VKLi/WKK3OTc1L08lJLNjECoyulmGHWDsZZfT/1DjFKcj ApifLWR8UlCfEl5adUZiQWZ8QXleakFh9ilOHgUJLgLZ0AlBMsSk1PrUjLzAFGOkxagoNHSYR 3cj9Qmre4IDG3ODMdInWKUVFKnFesBSghAJLIKM2Da4Mll0uMslLCvIwMDAxCPAWpRbmZJajy rxjFORiVhHmbJgJN4cnMK4Gb/gpoMRPQ4uopsSCLSxIRUlINTBMil3oo5px9M+P21/9NC85/d fxqPvfMjN2PDk5jNq2KdnZnsNp99NFylynms66ZMf6cd9twjjzbhcbneX/1HTQWGM+7Glh9at JGyW+eU9ayfLZ9Gt66Ri3ploKHrken1j22j+Ffda7cn6Bu3tGb4nRrx4clF8InLVxTf3lrnOn iK2yKXwTSNb88m3LgXO7bxR2nowVzrI2v7On8Fbsh+67S67b2pYK5U0KtJ79rD73CYmd9h3vx rF8JPousU0O0pEqZ6l++/ZwnFHHobhTjCZmSSBkR9/CVLnwp129LB0zck2MtwxnN/TvJ0rtr9 fSsXbz1P7KVGV2X/p4arHnH/wGvwG6+eMtep/NREmbfFZVYijMSDbWYi4oTAfUjQSGpAwAA X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-13.tower-591.messagelabs.com!1650365241!273698!1 X-Originating-IP: [62.60.8.97] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29673 invoked from network); 19 Apr 2022 10:47:21 -0000 Received: from unknown (HELO n03ukasimr01.n03.fujitsu.local) (62.60.8.97) by server-13.tower-591.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:47:21 -0000 Received: from n03ukasimr01.n03.fujitsu.local (localhost [127.0.0.1]) by n03ukasimr01.n03.fujitsu.local (Postfix) with ESMTP id 9AF6F1001A1; Tue, 19 Apr 2022 11:47:20 +0100 (BST) Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by n03ukasimr01.n03.fujitsu.local (Postfix) with ESMTPS id 805B6100196; Tue, 19 Apr 2022 11:47:20 +0100 (BST) Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:47:01 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 4/8] NFSv3: only do posix_acl_create under CONFIG_NFS_V3_ACL Date: Tue, 19 Apr 2022 19:47:10 +0800 Message-ID: <1650368834-2420-4-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) X-Virus-Scanned: ClamAV using ClamSMTP Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org Since nfs3_proc_create/nfs3_proc_mkdir/nfs3_proc_mknod these rpc ops are called by nfs_create/nfs_mkdir/nfs_mkdir these inode ops, so they are all in control of vfs. nfs3_proc_setacls does nothing in the !CONFIG_NFS_V3_ACL case, so we put posix_acl_create under CONFIG_NFS_V3_ACL and it also doesn't affect sattr->ia_mode value because vfs has did umask strip. Signed-off-by: Yang Xu --- fs/nfs/nfs3proc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c index 1597eef40d54..9ab93427db30 100644 --- a/fs/nfs/nfs3proc.c +++ b/fs/nfs/nfs3proc.c @@ -337,7 +337,7 @@ static int nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr, int flags) { - struct posix_acl *default_acl, *acl; + struct posix_acl *default_acl = NULL, *acl = NULL; struct nfs3_createdata *data; struct dentry *d_alias; int status = -ENOMEM; @@ -361,9 +361,11 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr, data->arg.create.verifier[1] = cpu_to_be32(current->pid); } +#if IS_ENABLED(CONFIG_NFS_V3_ACL) status = posix_acl_create(dir, &sattr->ia_mode, &default_acl, &acl); if (status) goto out; +#endif for (;;) { d_alias = nfs3_do_create(dir, dentry, data); @@ -580,7 +582,7 @@ nfs3_proc_symlink(struct inode *dir, struct dentry *dentry, struct page *page, static int nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr) { - struct posix_acl *default_acl, *acl; + struct posix_acl *default_acl = NULL, *acl = NULL; struct nfs3_createdata *data; struct dentry *d_alias; int status = -ENOMEM; @@ -591,9 +593,11 @@ nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr) if (data == NULL) goto out; +#if IS_ENABLED(CONFIG_NFS_V3_ACL) status = posix_acl_create(dir, &sattr->ia_mode, &default_acl, &acl); if (status) goto out; +#endif data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_MKDIR]; data->arg.mkdir.fh = NFS_FH(dir); @@ -711,7 +715,7 @@ static int nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr, dev_t rdev) { - struct posix_acl *default_acl, *acl; + struct posix_acl *default_acl = NULL, *acl = NULL; struct nfs3_createdata *data; struct dentry *d_alias; int status = -ENOMEM; @@ -723,9 +727,11 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr, if (data == NULL) goto out; +#if IS_ENABLED(CONFIG_NFS_V3_ACL) status = posix_acl_create(dir, &sattr->ia_mode, &default_acl, &acl); if (status) goto out; +#endif data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_MKNOD]; data->arg.mknod.fh = NFS_FH(dir); From patchwork Tue Apr 19 11:47:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817776 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62005C4332F for ; Tue, 19 Apr 2022 10:48:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350377AbiDSKun (ORCPT ); Tue, 19 Apr 2022 06:50:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348948AbiDSKul (ORCPT ); Tue, 19 Apr 2022 06:50:41 -0400 Received: from mail1.bemta32.messagelabs.com (mail1.bemta32.messagelabs.com [195.245.230.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 847BF1D338; Tue, 19 Apr 2022 03:47:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365276; i=@fujitsu.com; bh=5OQ/Hq2ZgIjiCcAVb/a2oNQEva6kfuXLNoiXM0nDZ3Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=r5MwFFr2WWDUk61GLUsbh5JTCIZEpkXCpaJ0qL62tSpTmwYBZB3XSBbPLvbOAg1rb ekxsFqL3U5xO9+rhi+xB9/1RqcWvX+tWWGQlXYermRWYV9uNMspMm8HenLhwSVjosG GGnksgt32LTuoCdY9GLut+vKZ5dXMTIx+RaSvtB3/GygRywhno2b9myLkVGaXQFFS0 bDU8Dgt14SkkVZsyuXPyVv3NeuyF5Ru9FURWhU9YIoh0XrzOxfzaWD58XJIpA50QGI 1ZgoRicAz1G0WPtkwvL5eZi3nzzdAAcb1qhsJO95T+HcOVWKSW1aPxjCB6GFCsTYKL fpw4KTbmFgPrQ== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprGKsWRWlGSWpSXmKPExsViZ8MxSTdmcly SwZUjQhavD39itPhwcxKTxempZ5ksthy7x2hx+Qmfxc9lq9gtLi1yt9iz9ySLxYUDp1ktdv3Z wW6x8vFWJovzf4+zOvB4nFok4bFpVSebx4vNMxk9di/4zOTxeZOcx6Ynb5kC2KJYM/OS8isSW DMaLy9hLFjHVrHz1DvWBsYNrF2MXBxCAlsYJd62rGTqYuQEchYwSZx4zAmR2MMo0Xz8JCNIgk 1AU+JZ5wJmEFtEQFliwY1jbCBFzAJnmCQuXVsCVMTBISwQJvHoRgJIDYuAqsT3ex/BenkFPCR eLj4ItkBCQEFiysP3YHM4BTwlNr59zwKx2EPi+uEtzBD1ghInZz4BizMLSEgcfPGCGaJXUeJS xzdGCLtCYtasNqiZahJXz21insAoOAtJ+ywk7QsYmVYxWiUVZaZnlOQmZuboGhoY6Boamuqa6 RqaWeolVukm6qWW6panFpfoGuollhfrpRYX6xVX5ibnpOjlpZZsYgRGV0ox28odjCv7fuodYp TkYFIS5a2PiksS4kvKT6nMSCzOiC8qzUktPsQow8GhJMFbOgEoJ1iUmp5akZaZA4x0mLQEB4+ SCO/kfqA0b3FBYm5xZjpE6hSjopQ4r1gLUEIAJJFRmgfXBksulxhlpYR5GRkYGIR4ClKLcjNL UOVfMYpzMCoJ8xZNAprCk5lXAjf9FdBiJqDF1VNiQRaXJCKkpBqYLFj3Llz8jqd68sIG94ZpM 15fWW7Eou4xU1kpcq75wjB7Zfkks62rOiNWL9efYfNgjUNRh1dUpgZLaOO1a6334l/zv9Scuu e9XUmO1YpbooUHzdMiXymlznizc9nXgIRkYeuokKUtL/XEYi1XXmB0jCr5y/2Vfdud97dFF1b 8vCp4fpWQoLf0ksV/RS7PT7PiK3TPqFgW56K3K7/8+IkaFuXLKzy4A+SX9T9Km3D0guD1OV92 HnCLiOw6Imnr/W37r/BDlakXlyUvW6jy20omjW+hyS2vY3xTZYIvXz+zVf6t7U+jOLd3h7pdm GfVv5bck7RtpZCPC1MD50/jZsdNPLtNmJqXl+wunKo3u+63EktxRqKhFnNRcSIA4mPkI6kDAA A= X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-13.tower-587.messagelabs.com!1650365275!269614!1 X-Originating-IP: [62.60.8.146] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 9211 invoked from network); 19 Apr 2022 10:47:56 -0000 Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146) by server-13.tower-587.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:47:56 -0000 Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1]) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id BABB7100460; Tue, 19 Apr 2022 11:47:55 +0100 (BST) Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id AB4B1100459; Tue, 19 Apr 2022 11:47:55 +0100 (BST) Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:47:35 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 5/8] f2fs: Remove useless NULL assign value for acl and default_acl Date: Tue, 19 Apr 2022 19:47:11 +0800 Message-ID: <1650368834-2420-5-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) X-Virus-Scanned: ClamAV using ClamSMTP Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org Like other use ${fs}_init_acl and posix_acl_create filesystem, we don't need to assign NULL for acl and default_acl pointer because f2fs_acl_create will do this job. So remove it. Signed-off-by: Yang Xu --- fs/f2fs/acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c index eaa240b21f07..9ae2d2fec58b 100644 --- a/fs/f2fs/acl.c +++ b/fs/f2fs/acl.c @@ -412,7 +412,7 @@ static int f2fs_acl_create(struct inode *dir, umode_t *mode, int f2fs_init_acl(struct inode *inode, struct inode *dir, struct page *ipage, struct page *dpage) { - struct posix_acl *default_acl = NULL, *acl = NULL; + struct posix_acl *default_acl, *acl; int error; error = f2fs_acl_create(dir, &inode->i_mode, &default_acl, &acl, dpage); From patchwork Tue Apr 19 11:47:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817788 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6ABD1C433F5 for ; Tue, 19 Apr 2022 10:48:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350787AbiDSKvZ (ORCPT ); Tue, 19 Apr 2022 06:51:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52770 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238369AbiDSKvX (ORCPT ); Tue, 19 Apr 2022 06:51:23 -0400 Received: from mail1.bemta36.messagelabs.com (mail1.bemta36.messagelabs.com [85.158.142.2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1ACB11CB33; Tue, 19 Apr 2022 03:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365319; i=@fujitsu.com; bh=L0gnk54iyGfM60Qjlex0JGvplvmF+grDZIqDPCSoCAQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Vbslnnvp7hIfI/TZE7tXKJR3U/OhVVDHi8Nw9ysK8O4YO+PvAYCM18PJZ8HA6Kdn+ If51cY2Pw67flEgu2vdqdfOuq6cIybAAHtJkSAYZuBAPQMHMOLGGnlngMMZpsJqLMG gXrHPgh5XGU7xDzAlXBS8nwzW8RQ0zedJ/9gvroDF2o2StoYVv7u1NE3nb/MXgDyW7 CO+qyFNdGjE0n4e4zXgA7jAOK/gxO7FifSPWONtuauFRyD3sIRbm+vn4YcuBc/zJUy DMOdO/0dLYpCdr8Yk9zIFp1GMZoC4qjqMAKA2xW34Ynwc22w2a54Ki68f5Tc61RVmg KnM9N9407wX5w== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphleJIrShJLcpLzFFi42Kxs+GYots2OS7 JYN4MVYvXhz8xWny4OYnJ4vTUs0wWW47dY7S4/ITP4ueyVewWlxa5W+zZe5LF4sKB06wWu/7s YLdY+Xgrk8X5v8dZHXg8Ti2S8Ni0qpPN48XmmYweuxd8ZvL4vEnOY9OTt0wBbFGsmXlJ+RUJr BlzfxUXvOCuODJlLmsDYytHFyMXh5DAa0aJaTNvMkE4exglun52MXcxcnKwCWhKPOtcAGaLCC hLLLhxjA3EZhb4wCQx8WAViC0sECFx/dkpsBoWAVWJN91P2EFsXgEPiTVbnjOB2BICChJTHr4 Hq+EU8JTY+PY9C4gtBFRz/fAWZoh6QYmTM5+wQMyXkDj44gUzRK+ixKWOb4wQdoXErFltTBMY +WchaZmFpGUBI9MqRtukosz0jJLcxMwcXUMDA11DQ1NdMwtdIxO9xCrdRL3UUt3k1LySokSgr F5iebFeanGxXnFlbnJOil5easkmRmDEpBS7SOxgvNn3U+8QoyQHk5Iob31UXJIQX1J+SmVGYn FGfFFpTmrxIUYZDg4lCd7SCUA5waLU9NSKtMwcYPTCpCU4eJREeCf3A6V5iwsSc4sz0yFSpxh 1OSb9ubaXWYglLz8vVUqcV6wFqEgApCijNA9uBCyRXGKUlRLmZWRgYBDiKUgtys0sQZV/xSjO wagkzLtxEtAUnsy8ErhNr4COYAI6onpKLMgRJYkIKakGpk06k238rWeF92iIH7bWTr1z9T+Lg b5E30Pf04c5889ZvDvQ4VFQ2H2jf/Oca5u8kh3F0zoW/QzM2Z+woPW276IZV0pnRu942+2fnM itYzh17m2Twgbjk6nCpj2h5mdE76lsX+jA+lP5d9aL/UXsjIfaeCcpqF+OEHwZwrp9+03OLes mnZl8gn/Ppb9vo68/mHqp+PKZtSzKiuWKvkL1JcJOSV82dL0TPbCdb+P8Dzxcgh72suKNThlu G5Zrs60236H6M8vy1aW4jqWuq+dusG/pm7J91Uv5nsSJPFsFlQ1+2XOIf79SNyHU+oLqro2PX Nie986TfyMys/buTfnrj73dzF5xtVZa7zhdGaH5RImlOCPRUIu5qDgRAJF7efCfAwAA X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-25.tower-545.messagelabs.com!1650365318!270565!1 X-Originating-IP: [62.60.8.148] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14526 invoked from network); 19 Apr 2022 10:48:38 -0000 Received: from unknown (HELO mailhost1.uk.fujitsu.com) (62.60.8.148) by server-25.tower-545.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:48:38 -0000 Received: from R01UKEXCASM126.r01.fujitsu.local ([10.183.43.178]) by mailhost1.uk.fujitsu.com (8.14.5/8.14.5) with ESMTP id 23JAmcLA004855 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Apr 2022 11:48:38 +0100 Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:48:32 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 6/8] ntfs3: Use the same order for acl pointer check in ntfs_init_acl Date: Tue, 19 Apr 2022 19:47:12 +0800 Message-ID: <1650368834-2420-6-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org Like ext4 and other use ${fs}_init_acl filesystem, they all used the following style error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); if (error) return error; if (default_acl) { error = __ext4_set_acl(handle, inode, ACL_TYPE_DEFAULT, default_acl, XATTR_CREATE); posix_acl_release(default_acl); } else { inode->i_default_acl = NULL; } if (acl) { if (!error) error = __ext4_set_acl(handle, inode, ACL_TYPE_ACCESS, acl, XATTR_CREATE); posix_acl_release(acl); } else { inode->i_acl = NULL; } ... So for the readability and unity of the code, adjust this order. Signed-off-by: Yang Xu --- fs/ntfs3/xattr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index afd0ddad826f..64cefa869a61 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -642,13 +642,13 @@ int ntfs_init_acl(struct user_namespace *mnt_userns, struct inode *inode, inode->i_default_acl = NULL; } - if (!acl) - inode->i_acl = NULL; - else { + if (acl) { if (!err) err = ntfs_set_acl_ex(mnt_userns, inode, acl, ACL_TYPE_ACCESS); posix_acl_release(acl); + } else { + inode->i_acl = NULL; } return err; From patchwork Tue Apr 19 11:47:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12E83C4332F for ; Tue, 19 Apr 2022 10:49:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350816AbiDSKwW (ORCPT ); Tue, 19 Apr 2022 06:52:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234132AbiDSKwV (ORCPT ); Tue, 19 Apr 2022 06:52:21 -0400 Received: from mail1.bemta34.messagelabs.com (mail1.bemta34.messagelabs.com [195.245.231.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F6D51D335; Tue, 19 Apr 2022 03:49:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365376; i=@fujitsu.com; bh=Fz8SqrOoJRAH5VgPokOekSx4pC2GeAEfvOCpXEqbC9Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tkOmuFrOFDuLZNUi6gI154M1rEx2njVP3wBRxNHLpwFSqetYkJ+wxyWOo5TioVf2X ciYpJ3bXpWCtVYXrTcK5zGxQgYX1WZCStU+p9c2KBperUraw9of1Pb6yfXV1FD5iQ4 sMV8bLk565aYNXvmyFNpYkxJYu44q0ehWkkP3P1lqaTZWqCazPsz9+Eb0QRKhisloG RELs8UpkEDWZwH+QfVLbeQilI1nN/2795r7GjX/xGgt5IyiCjKsFuOcXNe+5Lz7Fto 9O1idnVmDR8qRxif2WpQm7NkKEkYDMgNiI46sD3ECT3GSUv6LwryaMK4CTknT1azt9 /frmTUwwGaeSw== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPKsWRWlGSWpSXmKPExsViZ8MxSXf/5Lg kgx/brCxeH/7EaPHh5iQmi9NTzzJZbDl2j9Hi8hM+i5/LVrFbXFrkbrFn70kWiwsHTrNa7Pqz g91i5eOtTBbn/x5ndeDxOLVIwmPTqk42jxebZzJ67F7wmcnj8yY5j01P3jIFsEWxZuYl5Vcks GZ0d19hK2jxrti88StLA+My+y5GLg4hgS2MEqfbVrJ0MXICOQuYJE52CEEk9jBKbHw2nwkkwS agKfGscwEziC0ioCyx4MYxNpAiZoEzTBKXri1hBEkICyRILGs7ADaJRUBV4vyLL2BxXgEPiUd bDrCD2BICChJTHr4HG8Qp4Cmx8e17qM0eEtcPb2GGqBeUODnzCVicWUBC4uCLF8wQvYoSlzq+ MULYFRKzZrUxQdhqElfPbWKewCg4C0n7LCTtCxiZVjFaJRVlpmeU5CZm5ugaGhjoGhqa6hob6 5qb6CVW6SbqpZbqlqcWl+ga6SWWF+ulFhfrFVfmJuek6OWllmxiBMZXSrGi1w7GVyt+6h1ilO RgUhLlrY+KSxLiS8pPqcxILM6ILyrNSS0+xCjDwaEkwVs6ASgnWJSanlqRlpkDjHWYtAQHj5I I7+R+oDRvcUFibnFmOkTqFKMlx/md+/cyc6xtOAAk/376u5dZiCUvPy9VSpxXrAWoQQCkIaM0 D24cLB1dYpSVEuZlZGBgEOIpSC3KzSxBlX/FKM7BqCTMu3ES0BSezLwSuK2vgA5iAjqoekosy EEliQgpqQYmu4uVKvVTL5Wvu3M1z2CifFNO1u7N77bJNEy2vbTN6k2sx/mcuAl1P/R+a7m+Px UbxbChoCPxfdpnfbmon3OKmSftVPw2acck9sAHLAqllc1fu3hP3RNmTjhRkxry8VCbrn7BjFi vnJM/CzR3nNn4jfnLteVyGbGZL8pX1a30ar68/TXrxtcidppXRQ9suR7r9mpC8Y1Ln7dp7Yx7 N5X9Ro210mQrJo7vN7TubA0T/Dz3fnP6p9ajjokng/7VMK2b2P7bd+Gb5m/nPsn9mygTqThD0 rmnK0zvbpyHDhPbGoaAHT7++Uv2FjJPNzq896CxqnRE4qrDX5+f3nPL5rBJt+nLt1c/XZR5X5 iyZNsqayWW4oxEQy3mouJEACUPgr7CAwAA X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-11.tower-571.messagelabs.com!1650365375!271969!1 X-Originating-IP: [62.60.8.146] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 25071 invoked from network); 19 Apr 2022 10:49:35 -0000 Received: from unknown (HELO n03ukasimr02.n03.fujitsu.local) (62.60.8.146) by server-11.tower-571.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:49:35 -0000 Received: from n03ukasimr02.n03.fujitsu.local (localhost [127.0.0.1]) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTP id 73E15100441; Tue, 19 Apr 2022 11:49:35 +0100 (BST) Received: from R01UKEXCASM126.r01.fujitsu.local (unknown [10.183.43.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by n03ukasimr02.n03.fujitsu.local (Postfix) with ESMTPS id 6601A10034F; Tue, 19 Apr 2022 11:49:35 +0100 (BST) Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:49:03 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 7/8] fs: strip file's S_ISGID mode on vfs instead of on underlying filesystem Date: Tue, 19 Apr 2022 19:47:13 +0800 Message-ID: <1650368834-2420-7-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) X-Virus-Scanned: ClamAV using ClamSMTP Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org Currently, vfs only passes mode argument to filesystem, then use inode_init_owner() to strip S_ISGID. Some filesystem(ie ext4/btrfs) will call inode_init_owner firstly, then posxi acl setup, but xfs uses the contrary order. It will affect S_ISGID clear especially we filter S_IXGRP by umask or acl. Regardless of which filesystem is in use, failure to strip the SGID correctly is considered a security failure that needs to be fixed. The current VFS infrastructure requires the filesystem to do everything right and not step on any landmines to strip the SGID bit, when in fact it can easily be done at the VFS and the filesystems then don't even need to be aware that the SGID needs to be (or has been stripped) by the operation the user asked to be done. Vfs has all the info it needs - it doesn't need the filesystems to do everything correctly with the mode and ensuring that they order things like posix acl setup functions correctly with inode_init_owner() to strip the SGID bit. Just strip the SGID bit at the VFS, and then the filesystems can't get it wrong. Also, the inode_sgid_strip() api should be used before IS_POSIXACL() because this api may change mode. Only the following places use inode_init_owner " arch/powerpc/platforms/cell/spufs/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode | S_IFDIR); arch/powerpc/platforms/cell/spufs/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode | S_IFDIR); fs/9p/vfs_inode.c: inode_init_owner(&init_user_ns, inode, NULL, mode); fs/bfs/dir.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/btrfs/inode.c: inode_init_owner(mnt_userns, inode, dir, mode); fs/btrfs/tests/btrfs-tests.c: inode_init_owner(&init_user_ns, inode, NULL, S_IFREG); fs/ext2/ialloc.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/ext4/ialloc.c: inode_init_owner(mnt_userns, inode, dir, mode); fs/f2fs/namei.c: inode_init_owner(mnt_userns, inode, dir, mode); fs/hfsplus/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/hugetlbfs/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/jfs/jfs_inode.c: inode_init_owner(&init_user_ns, inode, parent, mode); fs/minix/bitmap.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/nilfs2/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/ntfs3/inode.c: inode_init_owner(mnt_userns, inode, dir, mode); fs/ocfs2/dlmfs/dlmfs.c: inode_init_owner(&init_user_ns, inode, NULL, mode); fs/ocfs2/dlmfs/dlmfs.c: inode_init_owner(&init_user_ns, inode, parent, mode); fs/ocfs2/namei.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/omfs/inode.c: inode_init_owner(&init_user_ns, inode, NULL, mode); fs/overlayfs/dir.c: inode_init_owner(&init_user_ns, inode, dentry->d_parent->d_inode, mode); fs/ramfs/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/reiserfs/namei.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/sysv/ialloc.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/ubifs/dir.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/udf/ialloc.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/ufs/ialloc.c: inode_init_owner(&init_user_ns, inode, dir, mode); fs/xfs/xfs_inode.c: inode_init_owner(mnt_userns, inode, dir, mode); fs/zonefs/super.c: inode_init_owner(&init_user_ns, inode, parent, S_IFDIR | 0555); kernel/bpf/inode.c: inode_init_owner(&init_user_ns, inode, dir, mode); mm/shmem.c: inode_init_owner(&init_user_ns, inode, dir, mode); " They are used in filesystem init new inode function and these init inode functions are used by following operations: mkdir symlink mknod create tmpfile rename We don't care about mkdir because we don't strip SGID bit for directory except fs.xfs.irix_sgid_inherit. But we even call it in do_mkdirat() since inode_sgid_strip() will skip directories anyway. This will enforce the same ordering for all relevant operations and it will make the code more uniform and easier to understand by using new helper prepare_mode(). symlink and rename only use valid mode that doesn't have SGID bit. We have added inode_sgid_strip api for the remaining operations. In addition to the above six operations, four filesystems has a little difference 1) btrfs has btrfs_create_subvol_root to create new inode but used non SGID bit mode and can ignore 2) ocfs2 reflink function should add inode_sgid_strip api manually because we don't add it in vfs 3) spufs which doesn't really go hrough the regular VFS callpath because it has separate system call spu_create, but it t only allows the creation of directories and only allows bits in 0777 and can ignore 4)bpf use vfs_mkobj in bpf_obj_do_pin with "S_IFREG | ((S_IRUSR | S_IWUSR) & ~current_umask()) mode and use bpf_mkobj_ops in bpf_iter_link_pin_kernel with S_IFREG | S_IRUSR; , so bpf is also not affected This patch also changed grpid behaviour for ext4/xfs because the mode passed to them may been changed by inode_sgid_strip. Also as Christian Brauner said" The patch itself is useful as it would move a security sensitive operation that is currently burried in individual filesystems into the vfs layer. But it has a decent regression potential since it might strip filesystems that have so far relied on getting the S_ISGID bit with a mode argument. So this needs a lot of testing and long exposure in -next for at least one full kernel cycle." Suggested-by: Dave Chinner Signed-off-by: Yang Xu --- fs/inode.c | 2 -- fs/namei.c | 22 +++++++++------------- fs/ocfs2/namei.c | 1 + include/linux/fs.h | 9 +++++++++ 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index 3215e61a0021..0eb1dab99893 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2246,8 +2246,6 @@ void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode, /* Directories are special, and always inherit S_ISGID */ if (S_ISDIR(mode)) mode |= S_ISGID; - else - inode_sgid_strip(mnt_userns, dir, &mode); } else inode_fsgid_set(inode, mnt_userns); inode->i_mode = mode; diff --git a/fs/namei.c b/fs/namei.c index 73646e28fae0..f86614ab841f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3287,8 +3287,7 @@ static struct dentry *lookup_open(struct nameidata *nd, struct file *file, if (open_flag & O_CREAT) { if (open_flag & O_EXCL) open_flag &= ~O_TRUNC; - if (!IS_POSIXACL(dir->d_inode)) - mode &= ~current_umask(); + prepare_mode(mnt_userns, dir->d_inode, &mode); if (likely(got_write)) create_error = may_o_create(mnt_userns, &nd->path, dentry, mode); @@ -3521,8 +3520,7 @@ struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns, child = d_alloc(dentry, &slash_name); if (unlikely(!child)) goto out_err; - if (!IS_POSIXACL(dir)) - mode &= ~current_umask(); + prepare_mode(mnt_userns, dir, &mode); error = dir->i_op->tmpfile(mnt_userns, dir, child, mode); if (error) goto out_err; @@ -3850,13 +3848,12 @@ static int do_mknodat(int dfd, struct filename *name, umode_t mode, if (IS_ERR(dentry)) goto out1; - if (!IS_POSIXACL(path.dentry->d_inode)) - mode &= ~current_umask(); + mnt_userns = mnt_user_ns(path.mnt); + prepare_mode(mnt_userns, path.dentry->d_inode, &mode); error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out2; - mnt_userns = mnt_user_ns(path.mnt); switch (mode & S_IFMT) { case 0: case S_IFREG: error = vfs_create(mnt_userns, path.dentry->d_inode, @@ -3943,6 +3940,7 @@ int do_mkdirat(int dfd, struct filename *name, umode_t mode) struct path path; int error; unsigned int lookup_flags = LOOKUP_DIRECTORY; + struct user_namespace *mnt_userns; retry: dentry = filename_create(dfd, name, &path, lookup_flags); @@ -3950,15 +3948,13 @@ int do_mkdirat(int dfd, struct filename *name, umode_t mode) if (IS_ERR(dentry)) goto out_putname; - if (!IS_POSIXACL(path.dentry->d_inode)) - mode &= ~current_umask(); + mnt_userns = mnt_user_ns(path.mnt); + prepare_mode(mnt_userns, path.dentry->d_inode, &mode); error = security_path_mkdir(&path, dentry, mode); - if (!error) { - struct user_namespace *mnt_userns; - mnt_userns = mnt_user_ns(path.mnt); + if (!error) error = vfs_mkdir(mnt_userns, path.dentry->d_inode, dentry, mode); - } + done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index c75fd54b9185..c81b8e0847aa 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c @@ -198,6 +198,7 @@ static struct inode *ocfs2_get_init_inode(struct inode *dir, umode_t mode) if (S_ISDIR(mode)) set_nlink(inode, 2); inode_init_owner(&init_user_ns, inode, dir, mode); + inode_sgid_strip(&init_user_ns, dir, &mode); status = dquot_initialize(inode); if (status) return ERR_PTR(status); diff --git a/include/linux/fs.h b/include/linux/fs.h index 4a617aaab6f6..8c2f4cde974b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3458,6 +3458,15 @@ static inline bool dir_relax_shared(struct inode *inode) return !IS_DEADDIR(inode); } +static inline void prepare_mode(struct user_namespace *mnt_userns, + const struct inode *dir, umode_t *mode) +{ + inode_sgid_strip(mnt_userns, dir, mode); + + if (!IS_POSIXACL(dir)) + *mode &= ~current_umask(); +} + extern bool path_noexec(const struct path *path); extern void inode_nohighmem(struct inode *inode); From patchwork Tue Apr 19 11:47:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang Xu (Fujitsu)" X-Patchwork-Id: 12817790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82694C433F5 for ; Tue, 19 Apr 2022 10:50:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350821AbiDSKxU (ORCPT ); Tue, 19 Apr 2022 06:53:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350787AbiDSKxS (ORCPT ); Tue, 19 Apr 2022 06:53:18 -0400 Received: from mail1.bemta36.messagelabs.com (mail1.bemta36.messagelabs.com [85.158.142.113]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53FEC1DA57; Tue, 19 Apr 2022 03:50:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fujitsu.com; s=170520fj; t=1650365434; i=@fujitsu.com; bh=KUoy2iJzDfdq/6qX+n+tPy7WXkIBqP/Z5evBH4xlq3s=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AT9aGIGMrlK8j3YT8sBCHhuIuq3BBxBztbgg9uLgpz6aYou7skZoN2sviXtypDbIp iuPWQZ/oa4nGFNXih74LyowrhN+6xM4thKV5HaSWRAg/kzEo8QDXLSfxZHX7gVIoJh nMa0X6sb4dZF+s3o6B+Fg4+k4WflRRqHfCxtk09Cmm2MRmw7ZR7MyDV1nqUDyGRSK3 7KPxlyt91Ap2MiLeu6/9/0f9PzcjTtkDVEnamVDJYahQwwygUxy23FZud8lTbwyYCO Ext/aTQNCz5Z7X+whqQ7hnFX/vYpaCWM0IMv7uu0ahJMVVwVsVBQAg1trPWm0T9Daw 1JiynZzDAI9kg== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkleJIrShJLcpLzFFi42Kxs+GYovtzcly SwfZv1havD39itPhwcxKTxempZ5ksthy7x2hx+Qmfxc9lq9gtLi1yt9iz9ySLxYUDp1ktdv3Z wW6x8vFWJovzf4+zOvB4nFok4bFpVSebx4vNMxk9di/4zOTxeZOcx6Ynb5kC2KJYM/OS8isSW DN+7uxlK9jHWfHy1U3WBsYd7F2MXBxCAq8ZJfpv9LFAOHsYJZZfamDtYuTkYBPQlHjWuYAZxB YRUJZYcOMYG4jNLPCBSWLiwSoQW1ggWGLvjBdg9SwCqhIfvsxk7GLk4OAV8JA4dp4TJCwhoCA x5eF7sDGcAp4SG9++ZwGxhYBKrh/eAhbnFRCUODnzCQvEeAmJgy9eMEP0Kkpc6vjGCGFXSMya 1cY0gZF/FpKWWUhaFjAyrWK0SyrKTM8oyU3MzNE1NDDQNTQ01TUHUmZmeolVuol6qaW6yal5J UWJQGm9xPJivdTiYr3iytzknBS9vNSSTYzAmEkpdlu2g3Ff30+9Q4ySHExKorz1UXFJQnxJ+S mVGYnFGfFFpTmpxYcYZTg4lCR4SycA5QSLUtNTK9Iyc4DxC5OW4OBREuGd3A+U5i0uSMwtzky HSJ1iVJQS5xVrAUoIgCQySvPg2mAp4xKjrJQwLyMDA4MQT0FqUW5mCar8K0ZxDkYlYd6Nk4Cm 8GTmlcBNfwW0mAlocfWUWJDFJYkIKakGJhamGom9xs1Ne7JeT25ldZgp33ErXdWeWad4t9J1B dfXeqsnefxSYFmukhWYWfCjTm8HV9B1ieMf+lbW/XfZdCQr5zLPoy38jh/z35Y9yNreVlH4eJ ZKy++qP7Vcqpv3xvrcvNq2M/TUDW5ZNraDmxK72W4+2/OktzDlUwTzz0Mi1z4etIvav5sz8uv d+/M/qey9dby9pk/kZHfpX0dudteH7nKqUqznGteFCn25XnGhvUG08FljQ/PKdY5d2adO3Obw 5BE7rmbvyfJJMPbZhSMfdaP/+Qv13KkOnjTl/bn40uXbnye7ySdZV9y8bpktfmbL9UmOz9l4m VyKb+ltzpPInbLZdf1PnylnHq7jV2Ipzkg01GIuKk4EAPdP9QqUAwAA X-Env-Sender: xuyang2018.jy@fujitsu.com X-Msg-Ref: server-25.tower-545.messagelabs.com!1650365433!270749!1 X-Originating-IP: [62.60.8.148] X-SYMC-ESS-Client-Auth: outbound-route-from=pass X-StarScan-Received: X-StarScan-Version: 9.85.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 1555 invoked from network); 19 Apr 2022 10:50:33 -0000 Received: from unknown (HELO mailhost1.uk.fujitsu.com) (62.60.8.148) by server-25.tower-545.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Apr 2022 10:50:33 -0000 Received: from R01UKEXCASM126.r01.fujitsu.local ([10.183.43.178]) by mailhost1.uk.fujitsu.com (8.14.5/8.14.5) with ESMTP id 23JAoXvI005594 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Apr 2022 11:50:33 +0100 Received: from localhost.localdomain (10.167.220.84) by R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 19 Apr 2022 11:50:28 +0100 From: Yang Xu To: CC: , , , , , , , , , , , Yang Xu Subject: [PATCH v4 8/8] ceph: Remove S_ISGID clear code in ceph_finish_async_create Date: Tue, 19 Apr 2022 19:47:14 +0800 Message-ID: <1650368834-2420-8-git-send-email-xuyang2018.jy@fujitsu.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> References: <1650368834-2420-1-git-send-email-xuyang2018.jy@fujitsu.com> MIME-Version: 1.0 X-Originating-IP: [10.167.220.84] X-ClientProxiedBy: G08CNEXCHPEKD07.g08.fujitsu.local (10.167.33.80) To R01UKEXCASM126.r01.fujitsu.local (10.183.43.178) Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org Since vfs has stripped S_ISGID in the previous patch, the calltrace as below: vfs: lookup_open ... if (open_flag & O_CREAT) { if (open_flag & O_EXCL) open_flag &= ~O_TRUNC; prepare_mode(mnt_userns, dir->d_inode, &mode); ... dir_inode->i_op->atomic_open ceph: ceph_atomic_open ... if (flags & O_CREAT) ceph_finish_async_create We have stripped sgid and umask in prepare mode, so remove this useless code here. Signed-off-by: Yang Xu --- fs/ceph/file.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 6c9e837aa1d3..8e3b99853333 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -651,10 +651,6 @@ static int ceph_finish_async_create(struct inode *dir, struct dentry *dentry, /* Directories always inherit the setgid bit. */ if (S_ISDIR(mode)) mode |= S_ISGID; - else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && - !in_group_p(dir->i_gid) && - !capable_wrt_inode_uidgid(&init_user_ns, dir, CAP_FSETID)) - mode &= ~S_ISGID; } else { in.gid = cpu_to_le32(from_kgid(&init_user_ns, current_fsgid())); }