[Xenial,7/9] fuse: Propagate dentry down to inode_change_ok()

Message ID b78fb1705637fccf608e19dc6ff704dcb3079397.1512634014.git.khalid.elmously@canonical.com
State New
Headers show
Series
  • Fix for CVE-2015-1350
Related show

Commit Message

Khalid Elmously Dec. 7, 2017, 8:37 a.m.
BugLink: http://bugs.launchpad.net/bugs/1415636

commit 62490330769c1ce5dcba3f1f3e8f4005e9b797e6 upstream.

To avoid clearing of capabilities or security related extended
attributes too early, inode_change_ok() will need to take dentry instead
of inode. Propagate it down to fuse_do_setattr().

Acked-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 fs/fuse/dir.c    | 5 +++--
 fs/fuse/file.c   | 2 +-
 fs/fuse/fuse_i.h | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

Patch

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index bf76591c3dd7..43a74c1f83dc 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1589,9 +1589,10 @@  int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
  * vmtruncate() doesn't allow for this case, so do the rlimit checking
  * and the actual truncation by hand.
  */
-int fuse_do_setattr(struct inode *inode, struct iattr *attr,
+int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
 		    struct file *file)
 {
+	struct inode *inode = d_inode(dentry);
 	struct fuse_conn *fc = get_fuse_conn(inode);
 	struct fuse_inode *fi = get_fuse_inode(inode);
 	FUSE_ARGS(args);
@@ -1733,7 +1734,7 @@  static int fuse_setattr(struct dentry *entry, struct iattr *attr)
 	if (!attr->ia_valid)
 		return 0;
 
-	ret = fuse_do_setattr(inode, attr, file);
+	ret = fuse_do_setattr(entry, attr, file);
 	if (!ret) {
 		/* Directory mode changed, may need to revalidate access */
 		if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index b00bc25d7c90..9fbf4a86147c 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2816,7 +2816,7 @@  static void fuse_do_truncate(struct file *file)
 	attr.ia_file = file;
 	attr.ia_valid |= ATTR_FILE;
 
-	fuse_do_setattr(inode, &attr, file);
+	fuse_do_setattr(file_dentry(file), &attr, file);
 }
 
 static inline loff_t fuse_round_up(loff_t off)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index d761934f7ec1..b8d3d35e1afe 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -956,7 +956,7 @@  bool fuse_write_update_size(struct inode *inode, loff_t pos);
 int fuse_flush_times(struct inode *inode, struct fuse_file *ff);
 int fuse_write_inode(struct inode *inode, struct writeback_control *wbc);
 
-int fuse_do_setattr(struct inode *inode, struct iattr *attr,
+int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
 		    struct file *file);
 
 void fuse_set_initialized(struct fuse_conn *fc);