write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/fs/namei.c
..
..
@@ -2724,7 +2724,7 @@
2724
2724
 	dput(path->dentry);
2725
2725
 	path->dentry = parent;
2726
2726
 	child = d_hash_and_lookup(parent, &this);
2727
-	if (!child)
2727
+	if (IS_ERR_OR_NULL(child))
2728
2728
 		return -ENOENT;
2729
2729
 
2730
2730
 	path->dentry = child;
..
..
@@ -2866,8 +2866,8 @@
2866
2866
 		return p;
2867
2867
 	}
2868
2868
 
2869
-	inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2870
-	inode_lock_nested(p2->d_inode, I_MUTEX_PARENT2);
2869
+	lock_two_inodes(p1->d_inode, p2->d_inode,
2870
+			I_MUTEX_PARENT, I_MUTEX_PARENT2);
2871
2871
 	return NULL;
2872
2872
 }
2873
2873
 EXPORT_SYMBOL(lock_rename);
..
..
@@ -2882,6 +2882,63 @@
2882
2882
 }
2883
2883
 EXPORT_SYMBOL(unlock_rename);
2884
2884
 
2885
+/**
2886
+ * mode_strip_umask - handle vfs umask stripping
2887
+ * @dir:	parent directory of the new inode
2888
+ * @mode:	mode of the new inode to be created in @dir
2889
+ *
2890
+ * Umask stripping depends on whether or not the filesystem supports POSIX
2891
+ * ACLs. If the filesystem doesn't support it umask stripping is done directly
2892
+ * in here. If the filesystem does support POSIX ACLs umask stripping is
2893
+ * deferred until the filesystem calls posix_acl_create().
2894
+ *
2895
+ * Returns: mode
2896
+ */
2897
+static inline umode_t mode_strip_umask(const struct inode *dir, umode_t mode)
2898
+{
2899
+	if (!IS_POSIXACL(dir))
2900
+		mode &= ~current_umask();
2901
+	return mode;
2902
+}
2903
+
2904
+/**
2905
+ * vfs_prepare_mode - prepare the mode to be used for a new inode
2906
+ * @dir:	parent directory of the new inode
2907
+ * @mode:	mode of the new inode
2908
+ * @mask_perms:	allowed permission by the vfs
2909
+ * @type:	type of file to be created
2910
+ *
2911
+ * This helper consolidates and enforces vfs restrictions on the @mode of a new
2912
+ * object to be created.
2913
+ *
2914
+ * Umask stripping depends on whether the filesystem supports POSIX ACLs (see
2915
+ * the kernel documentation for mode_strip_umask()). Moving umask stripping
2916
+ * after setgid stripping allows the same ordering for both non-POSIX ACL and
2917
+ * POSIX ACL supporting filesystems.
2918
+ *
2919
+ * Note that it's currently valid for @type to be 0 if a directory is created.
2920
+ * Filesystems raise that flag individually and we need to check whether each
2921
+ * filesystem can deal with receiving S_IFDIR from the vfs before we enforce a
2922
+ * non-zero type.
2923
+ *
2924
+ * Returns: mode to be passed to the filesystem
2925
+ */
2926
+static inline umode_t vfs_prepare_mode(const struct inode *dir, umode_t mode,
2927
+				       umode_t mask_perms, umode_t type)
2928
+{
2929
+	mode = mode_strip_sgid(dir, mode);
2930
+	mode = mode_strip_umask(dir, mode);
2931
+
2932
+	/*
2933
+	 * Apply the vfs mandated allowed permission mask and set the type of
2934
+	 * file to be created before we call into the filesystem.
2935
+	 */
2936
+	mode &= (mask_perms & ~S_IFMT);
2937
+	mode |= (type & S_IFMT);
2938
+
2939
+	return mode;
2940
+}
2941
+
2885
2942
 int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2886
2943
 		bool want_excl)
2887
2944
 {
..
..
@@ -2891,8 +2948,8 @@
2891
2948
 
2892
2949
 	if (!dir->i_op->create)
2893
2950
 		return -EACCES;	/* shouldn't it be ENOSYS? */
2894
-	mode &= S_IALLUGO;
2895
-	mode |= S_IFREG;
2951
+
2952
+	mode = vfs_prepare_mode(dir, mode, S_IALLUGO, S_IFREG);
2896
2953
 	error = security_inode_create(dir, dentry, mode);
2897
2954
 	if (error)
2898
2955
 		return error;
..
..
@@ -3156,8 +3213,7 @@
3156
3213
 	if (open_flag & O_CREAT) {
3157
3214
 		if (open_flag & O_EXCL)
3158
3215
 			open_flag &= ~O_TRUNC;
3159
-		if (!IS_POSIXACL(dir->d_inode))
3160
-			mode &= ~current_umask();
3216
+		mode = vfs_prepare_mode(dir->d_inode, mode, mode, mode);
3161
3217
 		if (likely(got_write))
3162
3218
 			create_error = may_o_create(&nd->path, dentry, mode);
3163
3219
 		else
..
..
@@ -3370,8 +3426,7 @@
3370
3426
 	child = d_alloc(dentry, &slash_name);
3371
3427
 	if (unlikely(!child))
3372
3428
 		goto out_err;
3373
-	if (!IS_POSIXACL(dir))
3374
-		mode &= ~current_umask();
3429
+	mode = vfs_prepare_mode(dir, mode, mode, mode);
3375
3430
 	error = dir->i_op->tmpfile(dir, child, mode);
3376
3431
 	if (error)
3377
3432
 		goto out_err;
..
..
@@ -3632,6 +3687,7 @@
3632
3687
 	if (!dir->i_op->mknod)
3633
3688
 		return -EPERM;
3634
3689
 
3690
+	mode = vfs_prepare_mode(dir, mode, mode, mode);
3635
3691
 	error = devcgroup_inode_mknod(mode, dev);
3636
3692
 	if (error)
3637
3693
 		return error;
..
..
@@ -3680,9 +3736,8 @@
3680
3736
 	if (IS_ERR(dentry))
3681
3737
 		return PTR_ERR(dentry);
3682
3738
 
3683
-	if (!IS_POSIXACL(path.dentry->d_inode))
3684
-		mode &= ~current_umask();
3685
-	error = security_path_mknod(&path, dentry, mode, dev);
3739
+	error = security_path_mknod(&path, dentry,
3740
+			mode_strip_umask(path.dentry->d_inode, mode), dev);
3686
3741
 	if (error)
3687
3742
 		goto out;
3688
3743
 	switch (mode & S_IFMT) {
..
..
@@ -3730,7 +3785,7 @@
3730
3785
 	if (!dir->i_op->mkdir)
3731
3786
 		return -EPERM;
3732
3787
 
3733
-	mode &= (S_IRWXUGO|S_ISVTX);
3788
+	mode = vfs_prepare_mode(dir, mode, S_IRWXUGO | S_ISVTX, 0);
3734
3789
 	error = security_inode_mkdir(dir, dentry, mode);
3735
3790
 	if (error)
3736
3791
 		return error;
..
..
@@ -3757,9 +3812,8 @@
3757
3812
 	if (IS_ERR(dentry))
3758
3813
 		return PTR_ERR(dentry);
3759
3814
 
3760
-	if (!IS_POSIXACL(path.dentry->d_inode))
3761
-		mode &= ~current_umask();
3762
-	error = security_path_mkdir(&path, dentry, mode);
3815
+	error = security_path_mkdir(&path, dentry,
3816
+			mode_strip_umask(path.dentry->d_inode, mode));
3763
3817
 	if (!error)
3764
3818
 		error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
3765
3819
 	done_path_create(&path, dentry);
..
..
@@ -4294,7 +4348,7 @@
4294
4348
  *	   sb->s_vfs_rename_mutex. We might be more accurate, but that's another
4295
4349
  *	   story.
4296
4350
  *	c) we have to lock _four_ objects - parents and victim (if it exists),
4297
- *	   and source (if it is not a directory).
4351
+ *	   and source.
4298
4352
  *	   And that - after we got ->i_mutex on parents (until then we don't know
4299
4353
  *	   whether the target exists).  Solution: try to be smart with locking
4300
4354
  *	   order for inodes.  We rely on the fact that tree topology may change
..
..
@@ -4371,10 +4425,16 @@
4371
4425
 
4372
4426
 	take_dentry_name_snapshot(&old_name, old_dentry);
4373
4427
 	dget(new_dentry);
4374
-	if (!is_dir || (flags & RENAME_EXCHANGE))
4375
-		lock_two_nondirectories(source, target);
4376
-	else if (target)
4377
-		inode_lock(target);
4428
+	/*
4429
+	 * Lock all moved children. Moved directories may need to change parent
4430
+	 * pointer so they need the lock to prevent against concurrent
4431
+	 * directory changes moving parent pointer. For regular files we've
4432
+	 * historically always done this. The lockdep locking subclasses are
4433
+	 * somewhat arbitrary but RENAME_EXCHANGE in particular can swap
4434
+	 * regular files and directories so it's difficult to tell which
4435
+	 * subclasses to use.
4436
+	 */
4437
+	lock_two_inodes(source, target, I_MUTEX_NORMAL, I_MUTEX_NONDIR2);
4378
4438
 
4379
4439
 	error = -EBUSY;
4380
4440
 	if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry))
..
..
@@ -4418,9 +4478,8 @@
4418
4478
 			d_exchange(old_dentry, new_dentry);
4419
4479
 	}
4420
4480
 out:
4421
-	if (!is_dir || (flags & RENAME_EXCHANGE))
4422
-		unlock_two_nondirectories(source, target);
4423
-	else if (target)
4481
+	inode_unlock(source);
4482
+	if (target)
4424
4483
 		inode_unlock(target);
4425
4484
 	dput(new_dentry);
4426
4485
 	if (!error) {