The function posix_acl_create() applies the umask only if the inode has no ACL (= NULL) or if ACLs are not supported by the filesystem driver (= -EOPNOTSUPP). However, this happens only after after the IS_POSIXACL() check succeeded. If the superblock doesn't enable ACL support, umask will never be applied. A filesystem which has no ACL support will of course not enable SB_POSIXACL, rendering the umask-applying code path unreachable. This fixes a bug which causes the umask to be ignored with O_TMPFILE on tmpfs: https://github.com/MusicPlayerDaemon/MPD/issues/558 https://bugs.gentoo.org/show_bug.cgi?id=686142#c3 https://bugzilla.kernel.org/show_bug.cgi?id=203625 Signed-off-by: Max Kellermann <mk@xxxxxxxxxx> Reviewed-by: J. Bruce Fields <bfields@xxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx --- fs/posix_acl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 249672bf54fe..e5e7a2295b99 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -589,9 +589,14 @@ posix_acl_create(struct inode *dir, umode_t *mode, *acl = NULL; *default_acl = NULL; - if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) + if (S_ISLNK(*mode)) return 0; + if (!IS_POSIXACL(dir)) { + *mode &= ~current_umask(); + return 0; + } + p = get_acl(dir, ACL_TYPE_DEFAULT); if (!p || p == ERR_PTR(-EOPNOTSUPP)) { *mode &= ~current_umask(); -- 2.20.1