Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 20:04:01 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/fs
History
Jeff Layton 6de0ec00ba VFS: make notify_change pass ATTR_KILL_S*ID to setattr operations 
When an unprivileged process attempts to modify a file that has the setuid or
setgid bits set, the VFS will attempt to clear these bits.  The VFS will set
the ATTR_KILL_SUID or ATTR_KILL_SGID bits in the ia_valid mask, and then call
notify_change to clear these bits and set the mode accordingly.

With a networked filesystem (NFS and CIFS in particular but likely others),
the client machine or process may not have credentials that allow for setting
the mode.  In some situations, this can lead to file corruption, an operation
failing outright because the setattr fails, or to races that lead to a mode
change being reverted.

In this situation, we'd like to just leave the handling of this to the server
and ignore these bits.  The problem is that by the time the setattr op is
called, the VFS has already reinterpreted the ATTR_KILL_* bits into a mode
change.  The setattr operation has no way to know its intent.

The following patch fixes this by making notify_change no longer clear the
ATTR_KILL_SUID and ATTR_KILL_SGID bits in the ia_valid before handing it off
to the setattr inode op.  setattr can then check for the presence of these
bits, and if they're set it can assume that the mode change was only for the
purposes of clearing these bits.

This means that we now have an implicit assumption that notify_change is never
called with ATTR_MODE and either ATTR_KILL_S*ID bit set.  Nothing currently
enforces that, so this patch also adds a BUG() if that occurs.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Cc: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Neil Brown <neilb@suse.de>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Chris Mason <chris.mason@oracle.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Cc: "Vladimir V. Saveliev" <vs@namesys.com>
Cc: Josef 'Jeff' Sipek <jsipek@cs.sunysb.edu>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Steven French <sfrench@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-18 14:37:22 -07:00
..
9p 9p: fix bad kconfig cross-dependency 2007-10-17 14:31:07 -05:00
adfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
affs fs: mark nibblemap const 2007-10-17 08:42:47 -07:00
afs KEYS: Make request_key() and co fundamentally asynchronous 2007-10-17 08:42:57 -07:00
autofs
autofs4 fs/autofs4/inode.c: kmalloc + memset conversion to kzalloc 2007-10-17 08:42:50 -07:00
befs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
bfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
cifs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
coda Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
configfs r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
cramfs cramfs: error message about endianess 2007-10-17 08:42:53 -07:00
debugfs docbook: fix filesystems content 2007-10-15 17:56:36 -07:00
devpts
dlm menuconfig: transform NLS and DLM menus 2007-10-17 08:43:00 -07:00
ecryptfs ecryptfs: allow lower fs to interpret ATTR_KILL_S*ID 2007-10-18 14:37:21 -07:00
efs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
exportfs knfsd: exportfs: split out reconnecting a dentry from find_exported_dentry 2007-07-17 10:23:06 -07:00
ext2 ext2 reservations 2007-10-17 08:43:02 -07:00
ext3 ext3: lighten up resize transaction requirements 2007-10-17 08:43:01 -07:00
ext4 ext4: lighten up resize transaction requirements 2007-10-17 18:50:04 -04:00
fat Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
freevxfs mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
fuse fuse: clean up execute permission checking 2007-10-17 08:43:04 -07:00
gfs2 fs: correct SuS compliance for open of large file without options 2007-10-17 08:43:01 -07:00
hfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
hfsplus Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
hostfs uml: fix hostfs style 2007-10-16 09:43:07 -07:00
hpfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
hppfs
hugetlbfs r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
isofs fs/isofs/namei.c: Remove uninitialized local vars warning 2007-10-17 08:42:58 -07:00
jbd JBD: replace jbd_kmalloc with kmalloc directly 2007-10-17 18:49:57 -04:00
jbd2 JBD2: debug code cleanup. 2007-10-17 18:49:59 -04:00
jffs2 Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
jfs introduce I_SYNC 2007-10-17 08:43:02 -07:00
lockd NFS/SUNRPC: use transport protocol naming 2007-10-09 17:17:53 -04:00
minix limit minixfs printks on corrupted dir i_size 2007-10-17 08:42:53 -07:00
msdos
ncpfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
nfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
nfs_common
nfsd knfsd: only set ATTR_KILL_S*ID if ATTR_MODE isn't being explicitly set 2007-10-18 14:37:22 -07:00
nls menuconfig: transform NLS and DLM menus 2007-10-17 08:43:00 -07:00
ntfs writeback: fix ntfs with sb_has_dirty_inodes() 2007-10-17 08:43:02 -07:00
ocfs2 Fix f_version type: should be u64 instead of unsigned long 2007-10-17 08:42:53 -07:00
openpromfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
partitions fs/partitions/sun.c endianness annotations 2007-10-14 12:41:51 -07:00
proc Don't truncate /proc/PID/environ at 4096 characters 2007-10-17 08:43:00 -07:00
qnx4 Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
ramfs Remove valueless definition of hard-selected RAMFS option 2007-10-17 08:42:56 -07:00
reiserfs reiserfs: turn of ATTR_KILL_S*ID at beginning of reiserfs_setattr 2007-10-18 14:37:22 -07:00
romfs fs/romfs/inode.c: trivial improvements 2007-10-17 08:42:47 -07:00
smbfs Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
sysfs spin_lock_unlocked cleanups 2007-10-17 08:43:01 -07:00
sysv Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
udf fs/udf/balloc.c: mark a variable as uninitialized_var() 2007-10-17 08:43:00 -07:00
ufs ufs: Fix mount check in ufs_fill_super() 2007-10-17 08:42:51 -07:00
vfat
xfs Merge branch 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6 2007-10-17 09:04:11 -07:00
aio.c Remove struct task_struct::io_wait 2007-10-18 14:37:20 -07:00
anon_inodes.c anon-inodes use open coded atomic_inc for the shared inode 2007-10-17 08:43:00 -07:00
attr.c VFS: make notify_change pass ATTR_KILL_S*ID to setattr operations 2007-10-18 14:37:22 -07:00
bad_inode.c
binfmt_aout.c core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe 2007-10-17 08:42:50 -07:00
binfmt_elf.c Break ELF_PLATFORM and stack pointer randomization dependency 2007-10-17 08:43:01 -07:00
binfmt_elf_fdpic.c core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe 2007-10-17 08:42:50 -07:00
binfmt_em86.c
binfmt_flat.c binfmt_flat: warning fixes 2007-10-17 08:42:54 -07:00
binfmt_misc.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
binfmt_script.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
binfmt_som.c core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe 2007-10-17 08:42:50 -07:00
bio.c bio: make freeing of ->bi_io_vec conditional in bio_free() 2007-10-16 11:03:52 +02:00
block_dev.c Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
buffer.c writeback: remove pages_skipped accounting in __block_write_full_page() 2007-10-17 08:43:02 -07:00
char_dev.c mm: bdi init hooks 2007-10-17 08:42:45 -07:00
compat.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
compat_ioctl.c Clean up duplicate includes in fs/ 2007-10-17 08:42:48 -07:00
dcache.c vfs: use the predefined d_unhashed inline function instead 2007-10-17 08:43:00 -07:00
dcookies.c Remove fs.h from mm.h 2007-07-29 17:09:29 -07:00
direct-io.c remove ZERO_PAGE 2007-10-16 09:42:53 -07:00
dnotify.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
dquot.c quota: send messages via netlink 2007-10-17 08:42:56 -07:00
drop_caches.c invalidate_mapping_pages(): add cond_resched 2007-07-16 09:05:36 -07:00
eventfd.c
eventpoll.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
exec.c security/ cleanups 2007-10-17 08:43:07 -07:00
fcntl.c F_DUPFD_CLOEXEC implementation 2007-10-17 08:43:01 -07:00
fifo.c
file.c
file_table.c r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
filesystems.c
fs-writeback.c introduce I_SYNC 2007-10-17 08:43:02 -07:00
generic_acl.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
inode.c introduce I_SYNC 2007-10-17 08:43:02 -07:00
inotify.c
inotify_user.c change inotifyfs magic as the same magic is used for futexfs 2007-10-17 08:43:00 -07:00
internal.h
ioctl.c drop obsolete sys_ioctl export 2007-07-16 09:05:48 -07:00
ioprio.c
Kconfig Ext4: Uninitialized Block Groups 2007-10-17 18:50:00 -04:00
Kconfig.binfmt
libfs.c make fs/libfs.c:simple_commit_write() static 2007-10-17 08:42:53 -07:00
locks.c Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
Makefile Remove valueless definition of hard-selected RAMFS option 2007-10-17 08:42:56 -07:00
mbcache.c mm: Remove slab destructors from kmem_cache_create(). 2007-07-20 10:11:58 +09:00
mpage.c mm: buffered write cleanup 2007-10-16 09:42:54 -07:00
namei.c r/o bind mounts: give permission() a local 'mnt' variable 2007-10-17 08:43:05 -07:00
namespace.c fs: remove the unused mempages parameter 2007-10-17 08:42:49 -07:00
nfsctl.c nfsctl: use vfs_path_lookup 2007-07-19 10:04:45 -07:00
no-block.c
open.c Implement file posix capabilities 2007-10-17 08:43:07 -07:00
pipe.c sched: affine sync wakeups 2007-10-15 17:00:19 +02:00
pnode.c
pnode.h
posix_acl.c
quota.c [IA64] Fix build failure in fs/quota.c 2007-07-27 15:40:13 -07:00
quota_v1.c
quota_v2.c
read_write.c Cleanup macros for distinguishing mandatory locks 2007-10-09 18:32:46 -04:00
read_write.h
readdir.c
select.c Use ERESTART_RESTARTBLOCK if poll() is interrupted by a signal 2007-10-17 08:42:53 -07:00
seq_file.c [FS] seq_file: Introduce the seq_open_private() 2007-10-10 16:55:33 -07:00
signalfd.c rename signalfd_siginfo fields 2007-10-17 08:43:01 -07:00
splice.c Implement file posix capabilities 2007-10-17 08:43:07 -07:00
stack.c
stat.c
super.c writeback: fix periodic superblock dirty inode flushing 2007-10-17 08:43:02 -07:00
sync.c
timerfd.c make timerfd return a u64 and fix the __put_user 2007-07-26 11:35:17 -07:00
utimes.c VFS: check nanoseconds in utimensat 2007-10-17 08:42:52 -07:00
xattr.c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
xattr_acl.c