diff options
| author | Jan Kara <jack@suse.cz> | 2016-12-14 13:24:46 +0100 |
|---|---|---|
| committer | Sasha Levin <alexander.levin@verizon.com> | 2016-12-23 08:56:34 -0500 |
| commit | 820bc4582ab98a15f6f08aec443dbe731ef04874 (patch) | |
| tree | 762c3af9b18f58c98d29f3ef63833f4d2af92628 /fs | |
| parent | 89bc54c5402751feb71957101670a4da191f9210 (diff) | |
fuse: Propagate dentry down to inode_change_ok()
[ Upstream commit 62490330769c1ce5dcba3f1f3e8f4005e9b797e6 ]
To avoid clearing of capabilities or security related extended
attributes too early, inode_change_ok() will need to take dentry instead
of inode. Propagate it down to fuse_do_setattr().
References: CVE-2015-1350
Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Conflicts: Missing file_dentry() from d101a125954eae1d397adda94ca6319485a50493
Signed-off-by: Philipp Hahn <hahn@univention.de>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/fuse/dir.c | 7 | ||||
| -rw-r--r-- | fs/fuse/file.c | 2 | ||||
| -rw-r--r-- | fs/fuse/fuse_i.h | 2 |
3 files changed, 6 insertions, 5 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 0572bca49f15..e9c31bcf44a7 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1602,9 +1602,10 @@ int fuse_flush_times(struct inode *inode, struct fuse_file *ff) * vmtruncate() doesn't allow for this case, so do the rlimit checking * and the actual truncation by hand. */ -int fuse_do_setattr(struct inode *inode, struct iattr *attr, +int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, struct file *file) { + struct inode *inode = d_inode(dentry); struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_inode *fi = get_fuse_inode(inode); FUSE_ARGS(args); @@ -1718,9 +1719,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) return -EACCES; if (attr->ia_valid & ATTR_FILE) - return fuse_do_setattr(inode, attr, attr->ia_file); + return fuse_do_setattr(entry, attr, attr->ia_file); else - return fuse_do_setattr(inode, attr, NULL); + return fuse_do_setattr(entry, attr, NULL); } static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, diff --git a/fs/fuse/file.c b/fs/fuse/file.c index d8f29ef2d819..1f03f0a36e35 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -2797,7 +2797,7 @@ static void fuse_do_truncate(struct file *file) attr.ia_file = file; attr.ia_valid |= ATTR_FILE; - fuse_do_setattr(inode, &attr, file); + fuse_do_setattr(file->f_path.dentry, &attr, file); } static inline loff_t fuse_round_up(loff_t off) diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 85f9d8273455..30d2bde45f68 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -913,7 +913,7 @@ bool fuse_write_update_size(struct inode *inode, loff_t pos); int fuse_flush_times(struct inode *inode, struct fuse_file *ff); int fuse_write_inode(struct inode *inode, struct writeback_control *wbc); -int fuse_do_setattr(struct inode *inode, struct iattr *attr, +int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, struct file *file); void fuse_set_initialized(struct fuse_conn *fc); |