summaryrefslogtreecommitdiffstats
path: root/fs/xfs
diff options
context:
space:
mode:
authorDarrick J. Wong <darrick.wong@oracle.com>2018-10-05 11:05:41 +0200
committerDave Chinner <david@fromorbit.com>2018-10-05 11:05:41 +0200
commit7debbf015f580693680f3d2a3cef0cf99dcef688 (patch)
tree2eb677c3e75003c186aeb04b3d02017db1139117 /fs/xfs
parentxfs: zero posteof blocks when cloning above eof (diff)
downloadlinux-7debbf015f580693680f3d2a3cef0cf99dcef688.tar.xz
linux-7debbf015f580693680f3d2a3cef0cf99dcef688.zip
xfs: update ctime and remove suid before cloning files
Before cloning into a file, update the ctime and remove sensitive attributes like suid, just like we'd do for a regular file write. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Dave Chinner <david@fromorbit.com>
Diffstat (limited to 'fs/xfs')
-rw-r--r--fs/xfs/xfs_reflink.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
index f135748d8282..59da9708e9c1 100644
--- a/fs/xfs/xfs_reflink.c
+++ b/fs/xfs/xfs_reflink.c
@@ -1264,6 +1264,7 @@ xfs_reflink_zero_posteof(
* Prepare two files for range cloning. Upon a successful return both inodes
* will have the iolock and mmaplock held, the page cache of the out file
* will be truncated, and any leases on the out file will have been broken.
+ * This function borrows heavily from xfs_file_aio_write_checks.
*/
STATIC int
xfs_reflink_remap_prep(
@@ -1327,6 +1328,30 @@ xfs_reflink_remap_prep(
/* Zap any page cache for the destination file's range. */
truncate_inode_pages_range(&inode_out->i_data, pos_out,
PAGE_ALIGN(pos_out + *len) - 1);
+
+ /* If we're altering the file contents... */
+ if (!is_dedupe) {
+ /*
+ * ...update the timestamps (which will grab the ilock again
+ * from xfs_fs_dirty_inode, so we have to call it before we
+ * take the ilock).
+ */
+ if (!(file_out->f_mode & FMODE_NOCMTIME)) {
+ ret = file_update_time(file_out);
+ if (ret)
+ goto out_unlock;
+ }
+
+ /*
+ * ...clear the security bits if the process is not being run
+ * by root. This keeps people from modifying setuid and setgid
+ * binaries.
+ */
+ ret = file_remove_privs(file_out);
+ if (ret)
+ goto out_unlock;
+ }
+
return 1;
out_unlock:
xfs_reflink_remap_unlock(file_in, file_out);