Patch "ceph: don't truncate file in atomic_open" has been added to the 4.9-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 13 Oct 2022 11:15:11 +0200

This is a note to let you know that I've just added the patch titled

    ceph: don't truncate file in atomic_open

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ceph-don-t-truncate-file-in-atomic_open.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 7cb9994754f8a36ae9e5ec4597c5c4c2d6c03832 Mon Sep 17 00:00:00 2001
From: Hu Weiwen <sehuww@xxxxxxxxxxxxxxxx>
Date: Fri, 1 Jul 2022 10:52:27 +0800
Subject: ceph: don't truncate file in atomic_open

From: Hu Weiwen <sehuww@xxxxxxxxxxxxxxxx>

commit 7cb9994754f8a36ae9e5ec4597c5c4c2d6c03832 upstream.

Clear O_TRUNC from the flags sent in the MDS create request.

`atomic_open' is called before permission check. We should not do any
modification to the file here. The caller will do the truncation
afterward.

Fixes: 124e68e74099 ("ceph: file operations")
Signed-off-by: Hu Weiwen <sehuww@xxxxxxxxxxxxxxxx>
Reviewed-by: Xiubo Li <xiubli@xxxxxxxxxx>
Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
[Xiubo: fixed a trivial conflict for 4.9 backport]
Signed-off-by: Xiubo Li <xiubli@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/ceph/file.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -354,6 +354,11 @@ int ceph_atomic_open(struct inode *dir,
 	err = ceph_init_dentry(dentry);
 	if (err < 0)
 		return err;
+	/*
+	 * Do not truncate the file, since atomic_open is called before the
+	 * permission check. The caller will do the truncation afterward.
+	 */
+	flags &= ~O_TRUNC;
 
 	if (flags & O_CREAT) {
 		err = ceph_pre_init_acls(dir, &mode, &acls);
@@ -384,9 +389,7 @@ int ceph_atomic_open(struct inode *dir,
        req->r_args.open.mask = cpu_to_le32(mask);
 
 	req->r_locked_dir = dir;           /* caller holds dir->i_mutex */
-	err = ceph_mdsc_do_request(mdsc,
-				   (flags & (O_CREAT|O_TRUNC)) ? dir : NULL,
-				   req);
+	err = ceph_mdsc_do_request(mdsc, (flags & O_CREAT) ? dir : NULL, req);
 	err = ceph_handle_snapdir(req, dentry, err);
 	if (err)
 		goto out_req;


Patches currently in stable-queue which might be from sehuww@xxxxxxxxxxxxxxxx are

queue-4.9/ceph-don-t-truncate-file-in-atomic_open.patch






