[RFC][PATCH v4 62/69] link_path_walk(): sample parent's i_uid and i_mode for the last component

From: Al Viro
Date: Fri Mar 13 2020 - 19:54:55 EST

Next message: Al Viro: "[RFC][PATCH v4 64/69] open_last_lookups(): consolidate fsnotify_create() calls"
Previous message: Al Viro: "[RFC][PATCH v4 69/69] lookup_open(): don't bother with fallbacks to lookup+create"
In reply to: Al Viro: "[RFC][PATCH v4 69/69] lookup_open(): don't bother with fallbacks to lookup+create"
Next in thread: Al Viro: "[RFC][PATCH v4 64/69] open_last_lookups(): consolidate fsnotify_create() calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
fs/namei.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index c4b6e3c969b7..aa1a74c5f52d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -505,6 +505,8 @@ struct nameidata {
struct nameidata *saved;
unsigned root_seq;
int dfd;
+ kuid_t dir_uid;
+ umode_t dir_mode;
} __randomize_layout;

static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
@@ -938,9 +940,6 @@ int sysctl_protected_regular __read_mostly;
*/
static inline int may_follow_link(struct nameidata *nd, const struct inode *inode)
{
- const struct inode *parent;
- kuid_t puid;
-
if (!sysctl_protected_symlinks)
return 0;

@@ -949,13 +948,11 @@ static inline int may_follow_link(struct nameidata *nd, const struct inode *inod
return 0;

/* Allowed if parent directory not sticky and world-writable. */
- parent = nd->inode;
- if ((parent->i_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
+ if ((nd->dir_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
return 0;

/* Allowed if parent directory and link owner match. */
- puid = parent->i_uid;
- if (uid_valid(puid) && uid_eq(puid, inode->i_uid))
+ if (uid_valid(nd->dir_uid) && uid_eq(nd->dir_uid, inode->i_uid))
return 0;

if (nd->flags & LOOKUP_RCU)
@@ -2158,6 +2155,8 @@ static int link_path_walk(const char *name, struct nameidata *nd)
OK:
/* pathname or trailing symlink, done */
if (!depth) {
+ nd->dir_uid = nd->inode->i_uid;
+ nd->dir_mode = nd->inode->i_mode;
nd->flags &= ~LOOKUP_PARENT;
return 0;
}
@@ -3223,8 +3222,6 @@ static const char *open_last_lookups(struct nameidata *nd,
static const char *do_last(struct nameidata *nd,
struct file *file, const struct open_flags *op)
{
- kuid_t dir_uid = nd->inode->i_uid;
- umode_t dir_mode = nd->inode->i_mode;
int open_flag = op->open_flag;
bool do_truncate;
int acc_mode;
@@ -3240,7 +3237,7 @@ static const char *do_last(struct nameidata *nd,
if (open_flag & O_CREAT) {
if (d_is_dir(nd->path.dentry))
return ERR_PTR(-EISDIR);
- error = may_create_in_sticky(dir_mode, dir_uid,
+ error = may_create_in_sticky(nd->dir_mode, nd->dir_uid,
d_backing_inode(nd->path.dentry));
if (unlikely(error))
return ERR_PTR(error);
--
2.11.0

Next message: Al Viro: "[RFC][PATCH v4 64/69] open_last_lookups(): consolidate fsnotify_create() calls"
Previous message: Al Viro: "[RFC][PATCH v4 69/69] lookup_open(): don't bother with fallbacks to lookup+create"
In reply to: Al Viro: "[RFC][PATCH v4 69/69] lookup_open(): don't bother with fallbacks to lookup+create"
Next in thread: Al Viro: "[RFC][PATCH v4 64/69] open_last_lookups(): consolidate fsnotify_create() calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]