This is a note to let you know that I've just added the patch titled fs: move should_remove_suid() to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fs-move-should_remove_suid.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From stable-owner@xxxxxxxxxxxxxxx Sat Mar 18 11:16:15 2023 From: Amir Goldstein <amir73il@xxxxxxxxx> Date: Sat, 18 Mar 2023 12:15:25 +0200 Subject: fs: move should_remove_suid() To: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Sasha Levin <sashal@xxxxxxxxxx>, "Darrick J . Wong" <djwong@xxxxxxxxxx>, Leah Rumancik <leah.rumancik@xxxxxxxxx>, Chandan Babu R <chandan.babu@xxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, linux-xfs@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx Message-ID: <20230318101529.1361673-12-amir73il@xxxxxxxxx> From: Amir Goldstein <amir73il@xxxxxxxxx> commit e243e3f94c804ecca9a8241b5babe28f35258ef4 upstream. Move the helper from inode.c to attr.c. This keeps the the core of the set{g,u}id stripping logic in one place when we add follow-up changes. It is the better place anyway, since should_remove_suid() returns ATTR_KILL_S{G,U}ID flags. Reviewed-by: Amir Goldstein <amir73il@xxxxxxxxx> Signed-off-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/attr.c | 29 +++++++++++++++++++++++++++++ fs/inode.c | 29 ----------------------------- 2 files changed, 29 insertions(+), 29 deletions(-) --- a/fs/attr.c +++ b/fs/attr.c @@ -20,6 +20,35 @@ #include "internal.h" +/* + * The logic we want is + * + * if suid or (sgid and xgrp) + * remove privs + */ +int should_remove_suid(struct dentry *dentry) +{ + umode_t mode = d_inode(dentry)->i_mode; + int kill = 0; + + /* suid always must be killed */ + if (unlikely(mode & S_ISUID)) + kill = ATTR_KILL_SUID; + + /* + * sgid without any exec bits is just a mandatory locking mark; leave + * it alone. If some exec bits are set, it's a real sgid; kill it. + */ + if (unlikely((mode & S_ISGID) && (mode & S_IXGRP))) + kill |= ATTR_KILL_SGID; + + if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode))) + return kill; + + return 0; +} +EXPORT_SYMBOL(should_remove_suid); + static bool chown_ok(const struct inode *inode, kuid_t uid) { if (uid_eq(current_fsuid(), inode->i_uid) && --- a/fs/inode.c +++ b/fs/inode.c @@ -1855,35 +1855,6 @@ skip_update: EXPORT_SYMBOL(touch_atime); /* - * The logic we want is - * - * if suid or (sgid and xgrp) - * remove privs - */ -int should_remove_suid(struct dentry *dentry) -{ - umode_t mode = d_inode(dentry)->i_mode; - int kill = 0; - - /* suid always must be killed */ - if (unlikely(mode & S_ISUID)) - kill = ATTR_KILL_SUID; - - /* - * sgid without any exec bits is just a mandatory locking mark; leave - * it alone. If some exec bits are set, it's a real sgid; kill it. - */ - if (unlikely((mode & S_ISGID) && (mode & S_IXGRP))) - kill |= ATTR_KILL_SGID; - - if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode))) - return kill; - - return 0; -} -EXPORT_SYMBOL(should_remove_suid); - -/* * Return mask of changes for notify_change() that need to be done as a * response to write or truncate. Return 0 if nothing has to be changed. * Negative value on error (change should be denied). Patches currently in stable-queue which might be from stable-owner@xxxxxxxxxxxxxxx are queue-5.10/xfs-fallocate-should-call-file_modified.patch queue-5.10/attr-add-setattr_should_drop_sgid.patch queue-5.10/xfs-set-prealloc-flag-in-xfs_alloc_file_space.patch queue-5.10/xfs-purge-dquots-after-inode-walk-fails-during-quotacheck.patch queue-5.10/fs-use-consistent-setgid-checks-in-is_sxid.patch queue-5.10/xfs-remove-xfs_prealloc_sync.patch queue-5.10/attr-add-in_group_or_capable.patch queue-5.10/xfs-don-t-assert-fail-on-perag-references-on-teardown.patch queue-5.10/xfs-don-t-leak-btree-cursor-when-insrec-fails-after-a-split.patch queue-5.10/fs-move-s_isgid-stripping-into-the-vfs_-helpers.patch queue-5.10/xfs-remove-xfs_setattr_time-declaration.patch queue-5.10/fs-move-should_remove_suid.patch queue-5.10/attr-use-consistent-sgid-stripping-checks.patch queue-5.10/fs-add-mode_strip_sgid-helper.patch queue-5.10/xfs-use-setattr_copy-to-set-vfs-inode-attributes.patch