jfs: preserve i_mode if __jfs_set_acl() fails

When changing a file's acl mask, __jfs_set_acl() will first set the group
bits of i_mode to the value of the mask, and only then set the actual
extended attribute representing the new acl.

If the second part fails (due to lack of space, for example) and the file
had no acl attribute to begin with, the system will from now on assume
that the mask permission bits are actual group permission bits, potentially
granting access to the wrong users.

Prevent this by only changing the inode mode after the acl has been set.

Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>

1 files changed, 11 insertions, 4 deletions

diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c
index 1be45c8d460d..2e71b6e7e646 100644
--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -108,19 +108,26 @@ int jfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
 {
         int rc;
         tid_t tid;
+        int update_mode = 0;
+        umode_t mode = inode->i_mode;
 
         tid = txBegin(inode->i_sb, 0);
         mutex_lock(&JFS_IP(inode)->commit_mutex);
         if (type == ACL_TYPE_ACCESS && acl) {
-                rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+                rc = posix_acl_update_mode(inode, &mode, &acl);
                 if (rc)
                         goto end_tx;
-                inode->i_ctime = current_time(inode);
-                mark_inode_dirty(inode);
+                update_mode = 1;
         }
         rc = __jfs_set_acl(tid, inode, type, acl);
-        if (!rc)
+        if (!rc) {
+                if (update_mode) {
+                        inode->i_mode = mode;
+                        inode->i_ctime = current_time(inode);
+                        mark_inode_dirty(inode);
+                }
                 rc = txCommit(tid, 1, &inode, 0);
+        }
 end_tx:
         txEnd(tid);
         mutex_unlock(&JFS_IP(inode)->commit_mutex);