aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ext4/ioctl.c
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2011-12-21 14:14:31 -0500
committerTheodore Ts'o <tytso@mit.edu>2011-12-21 14:14:31 -0500
commit22cdfca5641817060dd724a9c30442f5c0675fcd (patch)
tree1202eac61dc5a04027228f375d24cf025ed6b47d /fs/ext4/ioctl.c
parent8c48f7e88e293b9dd422bd8884842aea85d30b22 (diff)
ext4: remove unneeded file_remove_suid() from ext4_ioctl()
In the code to support EXT4_IOC_MOVE_EXT, ext4_ioctl calls file_remove_suid() after the call to ext4_move_extents() if any extents has been moved. There are at least three things wrong with this. First, file_remove_suid() should be called with i_mutex down, which is not here. Second, it should be called before the donor file has been modified, to avoid a potential race condition. Third, and most importantly, it's pointless, because ext4_file_extents() already checks if the donor file has the setuid or setgid bit set, and will return an error in that case. So the first two objections don't really matter, since file_remove_suid() will never need to modify the inode in any case. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'fs/ext4/ioctl.c')
-rw-r--r--fs/ext4/ioctl.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index a56796814d6a..ff1aab7cd6e8 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -247,8 +247,6 @@ setversion_out:
247 err = ext4_move_extents(filp, donor_filp, me.orig_start, 247 err = ext4_move_extents(filp, donor_filp, me.orig_start,
248 me.donor_start, me.len, &me.moved_len); 248 me.donor_start, me.len, &me.moved_len);
249 mnt_drop_write(filp->f_path.mnt); 249 mnt_drop_write(filp->f_path.mnt);
250 if (me.moved_len > 0)
251 file_remove_suid(donor_filp);
252 250
253 if (copy_to_user((struct move_extent __user *)arg, 251 if (copy_to_user((struct move_extent __user *)arg,
254 &me, sizeof(me))) 252 &me, sizeof(me)))