The patch titled
r/o bind mounts: elevate mount count for extended attributes
has been added to the -mm tree. Its filename is
ro-bind-mounts-elevate-mount-count-for-extended-attributes.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: r/o bind mounts: elevate mount count for extended attributes
From: Dave Hansen <haveblue@xxxxxxxxxx>
This basically audits the callers of xattr_permission(), which calls
permission() and can perform writes to the filesystem.
Signed-off-by: Dave Hansen <haveblue@xxxxxxxxxx>
Cc: Serge Hallyn <serue@xxxxxxxxxx>
Cc: Herbert Poetzl <herbert@xxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/nfsd/nfs4proc.c | 7 ++++++-
fs/xattr.c | 14 ++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff -puN fs/nfsd/nfs4proc.c~ro-bind-mounts-elevate-mount-count-for-extended-attributes fs/nfsd/nfs4proc.c
--- a/fs/nfsd/nfs4proc.c~ro-bind-mounts-elevate-mount-count-for-extended-attributes
+++ a/fs/nfsd/nfs4proc.c
@@ -604,13 +604,18 @@ nfsd4_setattr(struct svc_rqst *rqstp, st
return status;
}
}
+ status = mnt_want_write(current_fh->fh_export->ex_mnt);
+ if (status)
+ return status;
status = nfs_ok;
if (setattr->sa_acl != NULL)
status = nfsd4_set_nfs4_acl(rqstp, current_fh, setattr->sa_acl);
if (status)
- return status;
+ goto out;
status = nfsd_setattr(rqstp, current_fh, &setattr->sa_iattr,
0, (time_t)0);
+out:
+ mnt_drop_write(current_fh->fh_export->ex_mnt);
return status;
}
diff -puN fs/xattr.c~ro-bind-mounts-elevate-mount-count-for-extended-attributes fs/xattr.c
--- a/fs/xattr.c~ro-bind-mounts-elevate-mount-count-for-extended-attributes
+++ a/fs/xattr.c
@@ -12,6 +12,7 @@
#include <linux/smp_lock.h>
#include <linux/file.h>
#include <linux/xattr.h>
+#include <linux/mount.h>
#include <linux/namei.h>
#include <linux/security.h>
#include <linux/syscalls.h>
@@ -210,7 +211,11 @@ sys_setxattr(char __user *path, char __u
error = user_path_walk(path, &nd);
if (error)
return error;
+ error = mnt_want_write(nd.mnt);
+ if (error)
+ return error;
error = setxattr(nd.dentry, name, value, size, flags);
+ mnt_drop_write(nd.mnt);
path_release(&nd);
return error;
}
@@ -225,7 +230,11 @@ sys_lsetxattr(char __user *path, char __
error = user_path_walk_link(path, &nd);
if (error)
return error;
+ error = mnt_want_write(nd.mnt);
+ if (error)
+ return error;
error = setxattr(nd.dentry, name, value, size, flags);
+ mnt_drop_write(nd.mnt);
path_release(&nd);
return error;
}
@@ -241,9 +250,14 @@ sys_fsetxattr(int fd, char __user *name,
f = fget(fd);
if (!f)
return error;
+ error = mnt_want_write(f->f_vfsmnt);
+ if (error)
+ goto out_fput;
dentry = f->f_dentry;
audit_inode(NULL, dentry->d_inode);
error = setxattr(dentry, name, value, size, flags);
+ mnt_drop_write(f->f_vfsmnt);
+out_fput:
fput(f);
return error;
}
_
Patches currently in -mm which might be from haveblue@xxxxxxxxxx are
origin.patch
catch-notification-of-memory-add-event-of-acpi-via-container-driver-register-start-func-for-memory-device.patch
catch-notification-of-memory-add-event-of-acpi-via-container-driveravoid-redundant-call-add_memory.patch
pgdat-allocation-for-new-node-add-specify-node-id.patch
pgdat-allocation-for-new-node-add-get-node-id-by-acpi.patch
pgdat-allocation-for-new-node-add-generic-alloc-node_data.patch
pgdat-allocation-for-new-node-add-refresh-node_data.patch
pgdat-allocation-for-new-node-add-export-kswapd-start-func.patch
pgdat-allocation-for-new-node-add-call-pgdat-allocation.patch
node-hotplug-register-cpu-remove-node-struct.patch
acpi-dock-driver.patch
ro-bind-mounts-prepare-for-write-access-checks-collapse-if.patch
ro-bind-mounts-r-o-bind-mount-prepwork-move-open_nameis-vfs_create.patch
ro-bind-mounts-add-vfsmount-writer-count.patch
ro-bind-mounts-elevate-mnt-writers-for-callers-of-vfs_mkdir.patch
ro-bind-mounts-elevate-write-count-during-entire-ncp_ioctl.patch
ro-bind-mounts-sys_symlinkat-elevate-write-count-around-vfs_symlink.patch
ro-bind-mounts-elevate-mount-count-for-extended-attributes.patch
ro-bind-mounts-sys_linkat-elevate-write-count-around-vfs_link.patch
ro-bind-mounts-mount_is_safe-add-comment.patch
ro-bind-mounts-unix_find_other-elevate-write-count-for-touch_atime.patch
ro-bind-mounts-elevate-write-count-over-calls-to-vfs_rename.patch
ro-bind-mounts-tricky-elevate-write-count-files-are-opened.patch
ro-bind-mounts-elevate-writer-count-for-do_sys_truncate.patch
ro-bind-mounts-elevate-write-count-for-do_utimes.patch
ro-bind-mounts-elevate-write-count-for-do_sys_utime-and-touch_atime.patch
ro-bind-mounts-sys_mknodat-elevate-write-count-for-vfs_mknod-create.patch
ro-bind-mounts-elevate-mnt-writers-for-vfs_unlink-callers.patch
ro-bind-mounts-do_rmdir-elevate-write-count.patch
ro-bind-mounts-elevate-writer-count-for-custom-struct-file.patch
ro-bind-mounts-honor-r-w-changes-at-do_remount-time.patch
page-owner-tracking-leak-detector.patch
x86-e820-debugging.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
