From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40470C433EF for ; Thu, 16 Jun 2022 21:38:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B71E16B0071; Thu, 16 Jun 2022 17:38:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B216C6B0073; Thu, 16 Jun 2022 17:38:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9C2486B0074; Thu, 16 Jun 2022 17:38:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8A5E66B0071 for ; Thu, 16 Jun 2022 17:38:25 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay12.hostedemail.com (Postfix) with ESMTP id 638DD1205EE for ; Thu, 16 Jun 2022 21:38:25 +0000 (UTC) X-FDA: 79585412970.04.1AAD8DC Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by imf22.hostedemail.com (Postfix) with ESMTP id 56BEBC0037 for ; Thu, 16 Jun 2022 21:38:24 +0000 (UTC) Received: from pps.filterd (m0109334.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25GKPVAv024419 for ; Thu, 16 Jun 2022 14:38:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=facebook; bh=Trwy/AbLNn7HIKjn2Mbz1b1rbKIGVu8VH4/5kOnxGYo=; b=c2RiRoq/0urbd7PVvoal+I8AL4A8iQawOLWuMJGEzNSAtlzOYzjdMPORv/qVMcOyV2tH jGbju6zJ4Zx8levz0traDcOyef5/d0o1Er7dex9UjS6TCTyplnIXsz0OAvE9TvuKzZm/ xiT9PoK5OWFJ7rB9Ro4yiWa/5SPCWYn7iuQ= Received: from mail.thefacebook.com ([163.114.132.120]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3gqd2bywjv-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Thu, 16 Jun 2022 14:38:23 -0700 Received: from snc-exhub201.TheFacebook.com (2620:10d:c085:21d::7) by snc-exhub203.TheFacebook.com (2620:10d:c085:21d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Thu, 16 Jun 2022 14:38:21 -0700 Received: from twshared17349.03.ash7.facebook.com (2620:10d:c085:108::4) by mail.thefacebook.com (2620:10d:c085:21d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Thu, 16 Jun 2022 14:38:21 -0700 Received: by devvm225.atn0.facebook.com (Postfix, from userid 425415) id C2C1D108B70AC; Thu, 16 Jun 2022 14:22:23 -0700 (PDT) From: Stefan Roesch To: , , , , CC: , , , , , , Christoph Hellwig , Christian Brauner Subject: [PATCH v9 08/14] fs: add __remove_file_privs() with flags parameter Date: Thu, 16 Jun 2022 14:22:15 -0700 Message-ID: <20220616212221.2024518-9-shr@fb.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220616212221.2024518-1-shr@fb.com> References: <20220616212221.2024518-1-shr@fb.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-FB-Internal: Safe Content-Type: text/plain X-Proofpoint-GUID: iK4NnJ4kS39bhSAmID5fvJuFPlyydWA- X-Proofpoint-ORIG-GUID: iK4NnJ4kS39bhSAmID5fvJuFPlyydWA- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.64.514 definitions=2022-06-16_18,2022-06-16_01,2022-02-23_01 ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=fb.com header.s=facebook header.b="c2RiRoq/"; dmarc=pass (policy=reject) header.from=fb.com; spf=none (imf22.hostedemail.com: domain of "prvs=7166657324=shr@fb.com" has no SPF policy when checking 67.231.145.42) smtp.mailfrom="prvs=7166657324=shr@fb.com" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655415504; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Trwy/AbLNn7HIKjn2Mbz1b1rbKIGVu8VH4/5kOnxGYo=; b=INDILNRNIMIEXVfmQCct88rabMgjxoi/k1ZyyGBksru9B1qJG4yaJVtF6RsXytozKeeWPo vzf7HWPV/uoKI65pPJx9REtTLeQ1O9fhyhC2gfCVWCEKOBGCkMV5KqAEbFjmvFTKzgpHb6 vJ/n4pxg1klK8SGZAhVYc1yfTRoywxY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655415504; a=rsa-sha256; cv=none; b=hrnXj8cCP1S4+NZedtxAQI6Tky2LOfxvuSPNqYMNM9XPDPXoppuiz7OYULUG2nBsnlMfPj mRSRdtITMua/pv9rC4aV2XRU56HgSPesITKcGdi9cmxj3uy/euH45xGbZOzyuAS7HLpcb7 Y9y8+ZjEEzeDQhgBPyQUxxocHrbg55U= X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 56BEBC0037 X-Rspam-User: Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=fb.com header.s=facebook header.b="c2RiRoq/"; dmarc=pass (policy=reject) header.from=fb.com; spf=none (imf22.hostedemail.com: domain of "prvs=7166657324=shr@fb.com" has no SPF policy when checking 67.231.145.42) smtp.mailfrom="prvs=7166657324=shr@fb.com" X-Stat-Signature: f83wn4io7jn6mujrm87hncc5ya5kr9iq X-HE-Tag: 1655415504-531231 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This adds the function __remove_file_privs, which allows the caller to pass the kiocb flags parameter. No intended functional changes in this patch. Signed-off-by: Stefan Roesch Reviewed-by: Christoph Hellwig Reviewed-by: Jan Kara Reviewed-by: Christian Brauner (Microsoft) --- fs/inode.c | 57 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index bd4da9c5207e..a2e18379c8a6 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2010,36 +2010,43 @@ static int __remove_privs(struct user_namespace *= mnt_userns, return notify_change(mnt_userns, dentry, &newattrs, NULL); } =20 -/* - * Remove special file priviledges (suid, capabilities) when file is wri= tten - * to or truncated. - */ -int file_remove_privs(struct file *file) +static int __file_remove_privs(struct file *file, unsigned int flags) { struct dentry *dentry =3D file_dentry(file); struct inode *inode =3D file_inode(file); + int error; int kill; - int error =3D 0; =20 - /* - * Fast path for nothing security related. - * As well for non-regular files, e.g. blkdev inodes. - * For example, blkdev_write_iter() might get here - * trying to remove privs which it is not allowed to. - */ if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode)) return 0; =20 kill =3D dentry_needs_remove_privs(dentry); - if (kill < 0) + if (kill <=3D 0) return kill; - if (kill) - error =3D __remove_privs(file_mnt_user_ns(file), dentry, kill); + + if (flags & IOCB_NOWAIT) + return -EAGAIN; + + error =3D __remove_privs(file_mnt_user_ns(file), dentry, kill); if (!error) inode_has_no_xattr(inode); =20 return error; } + +/** + * file_remove_privs - remove special file privileges (suid, capabilitie= s) + * @file: file to remove privileges from + * + * When file is modified by a write or truncation ensure that special + * file privileges are removed. + * + * Return: 0 on success, negative errno on failure. + */ +int file_remove_privs(struct file *file) +{ + return __file_remove_privs(file, 0); +} EXPORT_SYMBOL(file_remove_privs); =20 /** @@ -2090,18 +2097,28 @@ int file_update_time(struct file *file) } EXPORT_SYMBOL(file_update_time); =20 -/* Caller must hold the file's inode lock */ +/** + * file_modified - handle mandated vfs changes when modifying a file + * @file: file that was modified + * + * When file has been modified ensure that special + * file privileges are removed and time settings are updated. + * + * Context: Caller must hold the file's inode lock. + * + * Return: 0 on success, negative errno on failure. + */ int file_modified(struct file *file) { - int err; + int ret; =20 /* * Clear the security bits if the process is not being run by root. * This keeps people from modifying setuid and setgid binaries. */ - err =3D file_remove_privs(file); - if (err) - return err; + ret =3D __file_remove_privs(file, 0); + if (ret) + return ret; =20 if (unlikely(file->f_mode & FMODE_NOCMTIME)) return 0; --=20 2.30.2