reiserfs_chown_xattrs() takes the iattr struct passed into ->setattr and uses it to iterate over all the attrs associated with a file to change ownership of xattrs (and transfer quota associated with the xattr files). When a setuid file is chowned and the setuid bit is cleared, reiserfs_setattr gets called with both ATTR_MODE and ATTR_UID set. Since ATTR_MODE causes the ACL chmod code to be invoked, we end up calling reiserfs_acl_chmod on the xattr file. There's a missing IS_PRIVATE check there, so instead of bailing out immediately, we end up taking the inode->i_mutex a second time in open_xa_dir. The other xattr paths are protected against similar situations by bailing out on IS_PRIVATE. This patch adds the missing check to reiserfs_acl_chmod. Signed-off-by: Jeff Mahoney <jeffm@xxxxxxxx> Cc: stable@xxxxxxxxxx --- fs/reiserfs/xattr_acl.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/reiserfs/xattr_acl.c +++ b/fs/reiserfs/xattr_acl.c @@ -448,6 +448,9 @@ int reiserfs_acl_chmod(struct inode *ino struct posix_acl *acl, *clone; int error; + if (IS_PRIVATE(inode)) + return 0; + if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; -- Jeff Mahoney SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe reiserfs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
