aboutsummaryrefslogtreecommitdiffstats
path: root/fs/reiserfs
diff options
context:
space:
mode:
authorJeff Mahoney <jeffm@suse.com>2013-05-31 15:54:17 -0400
committerJan Kara <jack@suse.cz>2013-05-31 17:14:11 -0400
commit4a8570112b76a63ad21cfcbe2783f98f7fd5ba1b (patch)
treee2009e9a11575062ed38fa464ea03801aa2c5594 /fs/reiserfs
parent0bdc7acba56a7ca4232f15f37b16f7ec079385ab (diff)
reiserfs: fix problems with chowning setuid file w/ xattrs
reiserfs_chown_xattrs() takes the iattr struct passed into ->setattr and uses it to iterate over all the attrs associated with a file to change ownership of xattrs (and transfer quota associated with the xattr files). When the setuid bit is cleared during chown, ATTR_MODE and iattr->ia_mode are passed to all the xattrs as well. This means that the xattr directory will have S_IFREG added to its mode bits. This has been prevented in practice by a missing IS_PRIVATE check in reiserfs_acl_chmod, which caused a double-lock to occur while holding the write lock. Since the file system was completely locked up, the writeout of the corrupted mode never happened. This patch temporarily clears everything but ATTR_UID|ATTR_GID for the calls to reiserfs_setattr and adds the missing IS_PRIVATE check. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/reiserfs')
-rw-r--r--fs/reiserfs/xattr.c14
-rw-r--r--fs/reiserfs/xattr_acl.c3
2 files changed, 16 insertions, 1 deletions
diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
index 4cce1d9552fb..821bcf70e467 100644
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -318,7 +318,19 @@ static int delete_one_xattr(struct dentry *dentry, void *data)
318static int chown_one_xattr(struct dentry *dentry, void *data) 318static int chown_one_xattr(struct dentry *dentry, void *data)
319{ 319{
320 struct iattr *attrs = data; 320 struct iattr *attrs = data;
321 return reiserfs_setattr(dentry, attrs); 321 int ia_valid = attrs->ia_valid;
322 int err;
323
324 /*
325 * We only want the ownership bits. Otherwise, we'll do
326 * things like change a directory to a regular file if
327 * ATTR_MODE is set.
328 */
329 attrs->ia_valid &= (ATTR_UID|ATTR_GID);
330 err = reiserfs_setattr(dentry, attrs);
331 attrs->ia_valid = ia_valid;
332
333 return err;
322} 334}
323 335
324/* No i_mutex, but the inode is unconnected. */ 336/* No i_mutex, but the inode is unconnected. */
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
index d7c01ef64eda..6c8767fdfc6a 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -443,6 +443,9 @@ int reiserfs_acl_chmod(struct inode *inode)
443 int depth; 443 int depth;
444 int error; 444 int error;
445 445
446 if (IS_PRIVATE(inode))
447 return 0;
448
446 if (S_ISLNK(inode->i_mode)) 449 if (S_ISLNK(inode->i_mode))
447 return -EOPNOTSUPP; 450 return -EOPNOTSUPP;
448 451