1 files changed, 36 insertions, 113 deletions
diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
index 4547608b46c4..f07bf8768c3a 100644
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -70,7 +70,6 @@ xfs_setattr(
        gid_t                   gid=0, igid=0;
        int                     timeflags = 0;
        struct xfs_dquot        *udqp, *gdqp, *olddquot1, *olddquot2;
-        int                     file_owner;
        int                     need_iolock = 1;
        xfs_itrace_entry(ip);
@@ -81,6 +80,10 @@ xfs_setattr(
        if (XFS_FORCED_SHUTDOWN(mp))
                return XFS_ERROR(EIO);
+        code = -inode_change_ok(inode, iattr);
+        if (code)
+                return code;
        olddquot1 = olddquot2 = NULL;
        udqp = gdqp = NULL;
@@ -158,56 +161,6 @@ xfs_setattr(
        xfs_ilock(ip, lock_flags);
-        /* boolean: are we the file owner? */
-        file_owner = (current_fsuid() == ip->i_d.di_uid);
-        /*
-         * Change various properties of a file.
-         * Only the owner or users with CAP_FOWNER
-         * capability may do these things.
-         */
-        if (mask & (ATTR_MODE|ATTR_UID|ATTR_GID)) {
-                /*
-                 * CAP_FOWNER overrides the following restrictions:
-                 *
-                 * The user ID of the calling process must be equal
-                 * to the file owner ID, except in cases where the
-                 * CAP_FSETID capability is applicable.
-                 */
-                if (!file_owner && !capable(CAP_FOWNER)) {
-                        code = XFS_ERROR(EPERM);
-                        goto error_return;
-                }
-                /*
-                 * CAP_FSETID overrides the following restrictions:
-                 *
-                 * The effective user ID of the calling process shall match
-                 * the file owner when setting the set-user-ID and
-                 * set-group-ID bits on that file.
-                 *
-                 * The effective group ID or one of the supplementary group
-                 * IDs of the calling process shall match the group owner of
-                 * the file when setting the set-group-ID bit on that file
-                 */
-                if (mask & ATTR_MODE) {
-                        mode_t m = 0;
-                        if ((iattr->ia_mode & S_ISUID) && !file_owner)
-                                m |= S_ISUID;
-                        if ((iattr->ia_mode & S_ISGID) &&
-                            !in_group_p((gid_t)ip->i_d.di_gid))
-                                m |= S_ISGID;
-#if 0
-                        /* Linux allows this, Irix doesn't. */
-                        if ((iattr->ia_mode & S_ISVTX) && !S_ISDIR(ip->i_d.di_mode))
-                                m |= S_ISVTX;
-#endif
-                        if (m && !capable(CAP_FSETID))
-                                iattr->ia_mode &= ~m;
-                }
-        }
        /*
         * Change file ownership.  Must be the owner or privileged.
         */
@@ -224,22 +177,6 @@ xfs_setattr(
                uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
                /*
-                 * CAP_CHOWN overrides the following restrictions:
-                 *
-                 * If _POSIX_CHOWN_RESTRICTED is defined, this capability
-                 * shall override the restriction that a process cannot
-                 * change the user ID of a file it owns and the restriction
-                 * that the group ID supplied to the chown() function
-                 * shall be equal to either the group ID or one of the
-                 * supplementary group IDs of the calling process.
-                 */
-                if ((iuid != uid ||
-                     (igid != gid && !in_group_p((gid_t)gid))) &&
-                    !capable(CAP_CHOWN)) {
-                        code = XFS_ERROR(EPERM);
-                        goto error_return;
-                }
-                /*
                 * Do a quota reservation only if uid/gid is actually
                 * going to change.
                 */
@@ -276,36 +213,22 @@ xfs_setattr(
                        code = XFS_ERROR(EINVAL);
                        goto error_return;
                }
                /*
                 * Make sure that the dquots are attached to the inode.
                 */
-                if ((code = XFS_QM_DQATTACH(mp, ip, XFS_QMOPT_ILOCKED)))
+                code = XFS_QM_DQATTACH(mp, ip, XFS_QMOPT_ILOCKED);
+                if (code)
                        goto error_return;
-        }
-        /*
+                /*
-         * Change file access or modified times.
+                 * Now we can make the changes.  Before we join the inode
-         */
+                 * to the transaction, if ATTR_SIZE is set then take care of
-        if (mask & (ATTR_ATIME|ATTR_MTIME)) {
+                 * the part of the truncation that must be done without the
-                if (!file_owner) {
+                 * inode lock.  This needs to be done before joining the inode
-                        if ((mask & (ATTR_MTIME_SET|ATTR_ATIME_SET)) &&
+                 * to the transaction, because the inode cannot be unlocked
-                            !capable(CAP_FOWNER)) {
+                 * once it is a part of the transaction.
-                                code = XFS_ERROR(EPERM);
+                 */
-                                goto error_return;
-                        }
-                }
-        }
-        /*
-         * Now we can make the changes.  Before we join the inode
-         * to the transaction, if ATTR_SIZE is set then take care of
-         * the part of the truncation that must be done without the
-         * inode lock.  This needs to be done before joining the inode
-         * to the transaction, because the inode cannot be unlocked
-         * once it is a part of the transaction.
-         */
-        if (mask & ATTR_SIZE) {
-                code = 0;
                if (iattr->ia_size > ip->i_size) {
                        /*
                         * Do the first part of growing a file: zero any data
@@ -360,17 +283,10 @@ xfs_setattr(
                }
                commit_flags = XFS_TRANS_RELEASE_LOG_RES;
                xfs_ilock(ip, XFS_ILOCK_EXCL);
-        }
-        if (tp) {
                xfs_trans_ijoin(tp, ip, lock_flags);
                xfs_trans_ihold(tp, ip);
-        }
-        /*
-         * Truncate file.  Must have write permission and not be a directory.
-         */
-        if (mask & ATTR_SIZE) {
                /*
                 * Only change the c/mtime if we are changing the size
                 * or we are explicitly asked to change it. This handles
@@ -410,20 +326,9 @@ xfs_setattr(
                         */
                        xfs_iflags_set(ip, XFS_ITRUNCATED);
                }
-        }
+        } else if (tp) {
+                xfs_trans_ijoin(tp, ip, lock_flags);
-        /*
+                xfs_trans_ihold(tp, ip);
-         * Change file access modes.
-         */
-        if (mask & ATTR_MODE) {
-                ip->i_d.di_mode &= S_IFMT;
-                ip->i_d.di_mode |= iattr->ia_mode & ~S_IFMT;
-                inode->i_mode &= S_IFMT;
-                inode->i_mode |= iattr->ia_mode & ~S_IFMT;
-                xfs_trans_log_inode (tp, ip, XFS_ILOG_CORE);
-                timeflags |= XFS_ICHGTIME_CHG;
        }
        /*
@@ -471,6 +376,24 @@ xfs_setattr(
                timeflags |= XFS_ICHGTIME_CHG;
        }
+        /*
+         * Change file access modes.
+         */
+        if (mask & ATTR_MODE) {
+                umode_t mode = iattr->ia_mode;
+                if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+                        mode &= ~S_ISGID;
+                ip->i_d.di_mode &= S_IFMT;
+                ip->i_d.di_mode |= mode & ~S_IFMT;
+                inode->i_mode &= S_IFMT;
+                inode->i_mode |= mode & ~S_IFMT;
+                xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
+                timeflags |= XFS_ICHGTIME_CHG;
+        }
        /*
         * Change file access or modified times.

diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c index 4547608b46c4..f07bf8768c3a 100644 --- a/fs/xfs/xfs_vnodeops.c +++ b/fs/xfs/xfs_vnodeops.c
@@ -70,7 +70,6 @@ xfs_setattr(
70	gid_t gid=0, igid=0;	70	gid_t gid=0, igid=0;
71	int timeflags = 0;	71	int timeflags = 0;
72	struct xfs_dquot udqp, gdqp, olddquot1, olddquot2;	72	struct xfs_dquot udqp, gdqp, olddquot1, olddquot2;
73	int file_owner;
74	int need_iolock = 1;	73	int need_iolock = 1;
75		74
76	xfs_itrace_entry(ip);	75	xfs_itrace_entry(ip);
@@ -81,6 +80,10 @@ xfs_setattr(
81	if (XFS_FORCED_SHUTDOWN(mp))	80	if (XFS_FORCED_SHUTDOWN(mp))
82	return XFS_ERROR(EIO);	81	return XFS_ERROR(EIO);
83		82
		83	code = -inode_change_ok(inode, iattr);
		84	if (code)
		85	return code;
		86
84	olddquot1 = olddquot2 = NULL;	87	olddquot1 = olddquot2 = NULL;
85	udqp = gdqp = NULL;	88	udqp = gdqp = NULL;
86		89
@@ -158,56 +161,6 @@ xfs_setattr(
158		161
159	xfs_ilock(ip, lock_flags);	162	xfs_ilock(ip, lock_flags);
160		163
161	/* boolean: are we the file owner? */
162	file_owner = (current_fsuid() == ip->i_d.di_uid);
163
164	/*
165	* Change various properties of a file.
166	* Only the owner or users with CAP_FOWNER
167	* capability may do these things.
168	*/
169	if (mask & (ATTR_MODE\|ATTR_UID\|ATTR_GID)) {
170	/*
171	* CAP_FOWNER overrides the following restrictions:
172	*
173	* The user ID of the calling process must be equal
174	* to the file owner ID, except in cases where the
175	* CAP_FSETID capability is applicable.
176	*/
177	if (!file_owner && !capable(CAP_FOWNER)) {
178	code = XFS_ERROR(EPERM);
179	goto error_return;
180	}
181
182	/*
183	* CAP_FSETID overrides the following restrictions:
184	*
185	* The effective user ID of the calling process shall match
186	* the file owner when setting the set-user-ID and
187	* set-group-ID bits on that file.
188	*
189	* The effective group ID or one of the supplementary group
190	* IDs of the calling process shall match the group owner of
191	* the file when setting the set-group-ID bit on that file
192	*/
193	if (mask & ATTR_MODE) {
194	mode_t m = 0;
195
196	if ((iattr->ia_mode & S_ISUID) && !file_owner)
197	m \|= S_ISUID;
198	if ((iattr->ia_mode & S_ISGID) &&
199	!in_group_p((gid_t)ip->i_d.di_gid))
200	m \|= S_ISGID;
201	#if 0
202	/* Linux allows this, Irix doesn't. */
203	if ((iattr->ia_mode & S_ISVTX) && !S_ISDIR(ip->i_d.di_mode))
204	m \|= S_ISVTX;
205	#endif
206	if (m && !capable(CAP_FSETID))
207	iattr->ia_mode &= ~m;
208	}
209	}
210
211	/*	164	/*
212	* Change file ownership. Must be the owner or privileged.	165	* Change file ownership. Must be the owner or privileged.
213	*/	166	*/
@@ -224,22 +177,6 @@ xfs_setattr(
224	uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;	177	uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
225		178
226	/*	179	/*
227	* CAP_CHOWN overrides the following restrictions:
228	*
229	* If _POSIX_CHOWN_RESTRICTED is defined, this capability
230	* shall override the restriction that a process cannot
231	* change the user ID of a file it owns and the restriction
232	* that the group ID supplied to the chown() function
233	* shall be equal to either the group ID or one of the
234	* supplementary group IDs of the calling process.
235	*/
236	if ((iuid != uid \|\|
237	(igid != gid && !in_group_p((gid_t)gid))) &&
238	!capable(CAP_CHOWN)) {
239	code = XFS_ERROR(EPERM);
240	goto error_return;
241	}
242	/*
243	* Do a quota reservation only if uid/gid is actually	180	* Do a quota reservation only if uid/gid is actually
244	* going to change.	181	* going to change.
245	*/	182	*/
@@ -276,36 +213,22 @@ xfs_setattr(
276	code = XFS_ERROR(EINVAL);	213	code = XFS_ERROR(EINVAL);
277	goto error_return;	214	goto error_return;
278	}	215	}
		216
279	/*	217	/*
280	* Make sure that the dquots are attached to the inode.	218	* Make sure that the dquots are attached to the inode.
281	*/	219	*/
282	if ((code = XFS_QM_DQATTACH(mp, ip, XFS_QMOPT_ILOCKED)))	220	code = XFS_QM_DQATTACH(mp, ip, XFS_QMOPT_ILOCKED);
		221	if (code)
283	goto error_return;	222	goto error_return;
284	}
285		223
286	/*	224	/*
287	* Change file access or modified times.	225	* Now we can make the changes. Before we join the inode
288	*/	226	* to the transaction, if ATTR_SIZE is set then take care of
289	if (mask & (ATTR_ATIME\|ATTR_MTIME)) {	227	* the part of the truncation that must be done without the
290	if (!file_owner) {	228	* inode lock. This needs to be done before joining the inode
291	if ((mask & (ATTR_MTIME_SET\|ATTR_ATIME_SET)) &&	229	* to the transaction, because the inode cannot be unlocked
292	!capable(CAP_FOWNER)) {	230	* once it is a part of the transaction.
293	code = XFS_ERROR(EPERM);	231	*/
294	goto error_return;
295	}
296	}
297	}
298
299	/*
300	* Now we can make the changes. Before we join the inode
301	* to the transaction, if ATTR_SIZE is set then take care of
302	* the part of the truncation that must be done without the
303	* inode lock. This needs to be done before joining the inode
304	* to the transaction, because the inode cannot be unlocked
305	* once it is a part of the transaction.
306	*/
307	if (mask & ATTR_SIZE) {
308	code = 0;
309	if (iattr->ia_size > ip->i_size) {	232	if (iattr->ia_size > ip->i_size) {
310	/*	233	/*
311	* Do the first part of growing a file: zero any data	234	* Do the first part of growing a file: zero any data
@@ -360,17 +283,10 @@ xfs_setattr(
360	}	283	}
361	commit_flags = XFS_TRANS_RELEASE_LOG_RES;	284	commit_flags = XFS_TRANS_RELEASE_LOG_RES;
362	xfs_ilock(ip, XFS_ILOCK_EXCL);	285	xfs_ilock(ip, XFS_ILOCK_EXCL);
363	}
364		286
365	if (tp) {
366	xfs_trans_ijoin(tp, ip, lock_flags);	287	xfs_trans_ijoin(tp, ip, lock_flags);
367	xfs_trans_ihold(tp, ip);	288	xfs_trans_ihold(tp, ip);
368	}
369		289
370	/*
371	* Truncate file. Must have write permission and not be a directory.
372	*/
373	if (mask & ATTR_SIZE) {
374	/*	290	/*
375	* Only change the c/mtime if we are changing the size	291	* Only change the c/mtime if we are changing the size
376	* or we are explicitly asked to change it. This handles	292	* or we are explicitly asked to change it. This handles
@@ -410,20 +326,9 @@ xfs_setattr(
410	*/	326	*/
411	xfs_iflags_set(ip, XFS_ITRUNCATED);	327	xfs_iflags_set(ip, XFS_ITRUNCATED);
412	}	328	}
413	}	329	} else if (tp) {
414		330	xfs_trans_ijoin(tp, ip, lock_flags);
415	/*	331	xfs_trans_ihold(tp, ip);
416	* Change file access modes.
417	*/
418	if (mask & ATTR_MODE) {
419	ip->i_d.di_mode &= S_IFMT;
420	ip->i_d.di_mode \|= iattr->ia_mode & ~S_IFMT;
421
422	inode->i_mode &= S_IFMT;
423	inode->i_mode \|= iattr->ia_mode & ~S_IFMT;
424
425	xfs_trans_log_inode (tp, ip, XFS_ILOG_CORE);
426	timeflags \|= XFS_ICHGTIME_CHG;
427	}	332	}
428		333
429	/*	334	/*
@@ -471,6 +376,24 @@ xfs_setattr(
471	timeflags \|= XFS_ICHGTIME_CHG;	376	timeflags \|= XFS_ICHGTIME_CHG;
472	}	377	}
473		378
		379	/*
		380	* Change file access modes.
		381	*/
		382	if (mask & ATTR_MODE) {
		383	umode_t mode = iattr->ia_mode;
		384
		385	if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
		386	mode &= ~S_ISGID;
		387
		388	ip->i_d.di_mode &= S_IFMT;
		389	ip->i_d.di_mode \|= mode & ~S_IFMT;
		390
		391	inode->i_mode &= S_IFMT;
		392	inode->i_mode \|= mode & ~S_IFMT;
		393
		394	xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
		395	timeflags \|= XFS_ICHGTIME_CHG;
		396	}
474		397
475	/*	398	/*
476	* Change file access or modified times.	399	* Change file access or modified times.