On Tue, Dec 02, 2014 at 09:47:56PM +0100, Jan Kara wrote: > On Tue 02-12-14 11:35:48, Brian Foster wrote: > > On Tue, Dec 02, 2014 at 04:01:29PM +0100, Jan Kara wrote: > > > Currently XFS calls file_remove_suid() without holding i_mutex. This is > > > wrong because that function can end up messing with file permissions and > > > security xattrs for which we need i_mutex held. > > > > > > Fix the problem by grabbing iolock exclusively when we will need to > > > change anything in permissions / xattrs. > > > > > > Signed-off-by: Jan Kara <jack@xxxxxxx> > > > --- > > > > Hi Jan, > > > > This doesn't compile... it looks like we need to include the security.h > > header. FWIW, even then I get an undefined symbol error when compiling > > as a module (security_inode_need_killpriv() does not appear to be > > exported). > Sorry, forgot to amend the include in the commit. Regarding export of > security_inode_need_killpriv() - right, I had security XFS compiled in so I > didn't notice. Before I go and fix this up in the obvious way, does anyone > have better idea how to fix this than to second guess what > file_remove_suid() does? Maybe a VFS helper like file_needs_remove_suid() > will be cleaner than what I did? Helper seems like a sane idea - that way the filesystems can use them as a matched pair if need be... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
