From: Yang Xu <xuyang2018.jy@xxxxxxxxxxx> commit ac6800e279a22b28f4fc21439843025a0d5bf03e upstream. All creation paths except for O_TMPFILE handle umask in the vfs directly if the filesystem doesn't support or enable POSIX ACLs. If the filesystem does then umask handling is deferred until posix_acl_create(). Because, O_TMPFILE misses umask handling in the vfs it will not honor umask settings. Fix this by adding the missing umask handling. Link: https://lore.kernel.org/r/1657779088-2242-2-git-send-email-xuyang2018.jy@xxxxxxxxxxx Fixes: 60545d0d4610 ("[O_TMPFILE] it's still short a few helpers, but infrastructure should be OK now...") Cc: <stable@xxxxxxxxxxxxxxx> # 4.19+ Reported-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx> Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx> Reviewed-and-Tested-by: Jeff Layton <jlayton@xxxxxxxxxx> Acked-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx> Signed-off-by: Yang Xu <xuyang2018.jy@xxxxxxxxxxx> Signed-off-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/namei.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/namei.c +++ b/fs/namei.c @@ -3523,6 +3523,8 @@ struct dentry *vfs_tmpfile(struct user_n child = d_alloc(dentry, &slash_name); if (unlikely(!child)) goto out_err; + if (!IS_POSIXACL(dir)) + mode &= ~current_umask(); error = dir->i_op->tmpfile(mnt_userns, dir, child, mode); if (error) goto out_err;