From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E5A6CCA481 for ; Wed, 8 Jun 2022 17:27:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232849AbiFHR1M (ORCPT ); Wed, 8 Jun 2022 13:27:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232474AbiFHR1D (ORCPT ); Wed, 8 Jun 2022 13:27:03 -0400 Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A46184B1EB for ; Wed, 8 Jun 2022 10:24:56 -0700 (PDT) Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.17.1.5/8.17.1.5) with ESMTP id 258FPRnJ010804 for ; Wed, 8 Jun 2022 10:24:55 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=facebook; bh=m9h5JjUlP4piprhMDRnStZmvgsUbBw57nIc8eedIMuk=; b=gYu+UJTT/c/eRVNcaiHQe3Nzev7C8qLFpFQhBrsD7+Ar9KaDeODNaQ7f23a5K5T63Hsq 2/TNXSpO8EEs9/nKt7KfFjctD+9Ud0kux62Ijk+C5HdC8TYmTq0wmhzUCF+uE1ruuDqJ 9ADeaJ3jWxanG0HLBpOcpGTmOGH+YGryxOA= Received: from mail.thefacebook.com ([163.114.132.120]) by m0001303.ppops.net (PPS) with ESMTPS id 3ghy4t3axx-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 08 Jun 2022 10:24:55 -0700 Received: from twshared25107.07.ash9.facebook.com (2620:10d:c085:108::4) by mail.thefacebook.com (2620:10d:c085:11d::4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Wed, 8 Jun 2022 10:24:52 -0700 Received: by devvm225.atn0.facebook.com (Postfix, from userid 425415) id 9CD20103BFB5E; Wed, 8 Jun 2022 10:17:43 -0700 (PDT) From: Stefan Roesch To: , , , , CC: , , , , , Christoph Hellwig Subject: [PATCH v8 08/14] fs: add __remove_file_privs() with flags parameter Date: Wed, 8 Jun 2022 10:17:35 -0700 Message-ID: <20220608171741.3875418-9-shr@fb.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220608171741.3875418-1-shr@fb.com> References: <20220608171741.3875418-1-shr@fb.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-FB-Internal: Safe Content-Type: text/plain X-Proofpoint-ORIG-GUID: m2XkrndXOGOt-g5i2L9AZO3lefnCnK8o X-Proofpoint-GUID: m2XkrndXOGOt-g5i2L9AZO3lefnCnK8o X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.517,FMLib:17.11.64.514 definitions=2022-06-08_05,2022-06-07_02,2022-02-23_01 Precedence: bulk List-ID: X-Mailing-List: io-uring@vger.kernel.org This adds the function __remove_file_privs, which allows the caller to pass the kiocb flags parameter. No intended functional changes in this patch. Signed-off-by: Stefan Roesch Reviewed-by: Christoph Hellwig Reviewed-by: Jan Kara --- fs/inode.c | 57 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index 9d9b422504d1..ac1cf5aa78c8 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2010,36 +2010,43 @@ static int __remove_privs(struct user_namespace *= mnt_userns, return notify_change(mnt_userns, dentry, &newattrs, NULL); } =20 -/* - * Remove special file priviledges (suid, capabilities) when file is wri= tten - * to or truncated. - */ -int file_remove_privs(struct file *file) +static int __file_remove_privs(struct file *file, unsigned int flags) { struct dentry *dentry =3D file_dentry(file); struct inode *inode =3D file_inode(file); + int error; int kill; - int error =3D 0; =20 - /* - * Fast path for nothing security related. - * As well for non-regular files, e.g. blkdev inodes. - * For example, blkdev_write_iter() might get here - * trying to remove privs which it is not allowed to. - */ if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode)) return 0; =20 kill =3D dentry_needs_remove_privs(dentry); - if (kill < 0) + if (kill <=3D 0) return kill; - if (kill) - error =3D __remove_privs(file_mnt_user_ns(file), dentry, kill); + + if (flags & IOCB_NOWAIT) + return -EAGAIN; + + error =3D __remove_privs(file_mnt_user_ns(file), dentry, kill); if (!error) inode_has_no_xattr(inode); =20 return error; } + +/** + * file_remove_privs - remove special file privileges (suid, capabilitie= s) + * @file: file to remove privileges from + * + * When file is modified by a write or truncation ensure that special + * file privileges are removed. + * + * Return: 0 on success, negative errno on failure. + */ +int file_remove_privs(struct file *file) +{ + return __file_remove_privs(file, 0); +} EXPORT_SYMBOL(file_remove_privs); =20 /** @@ -2090,18 +2097,28 @@ int file_update_time(struct file *file) } EXPORT_SYMBOL(file_update_time); =20 -/* Caller must hold the file's inode lock */ +/** + * file_modified - handle mandated vfs changes when modifying a file + * @file: file that was modified + * + * When file has been modified ensure that special + * file privileges are removed and time settings are updated. + * + * Context: Caller must hold the file's inode lock. + * + * Return: 0 on success, negative errno on failure. + */ int file_modified(struct file *file) { - int err; + int ret; =20 /* * Clear the security bits if the process is not being run by root. * This keeps people from modifying setuid and setgid binaries. */ - err =3D file_remove_privs(file); - if (err) - return err; + ret =3D __file_remove_privs(file, 0); + if (ret) + return ret; =20 if (unlikely(file->f_mode & FMODE_NOCMTIME)) return 0; --=20 2.30.2