diff options
author | Alexander Lochmann <alexander.lochmann@tu-dortmund.de> | 2018-12-14 11:55:52 +0100 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2019-04-29 03:46:57 +0200 |
commit | f69e749a49353d96af1a293f56b5b56de59c668a (patch) | |
tree | ccf6a64b148cfc4102dade591f0139a597bbbb34 /fs | |
parent | [fix] get rid of checking for absent device name in vfs_get_tree() (diff) | |
download | linux-f69e749a49353d96af1a293f56b5b56de59c668a.tar.xz linux-f69e749a49353d96af1a293f56b5b56de59c668a.zip |
Abort file_remove_privs() for non-reg. files
file_remove_privs() might be called for non-regular files, e.g.
blkdev inode. There is no reason to do its job on things
like blkdev inodes, pipes, or cdevs. Hence, abort if
file does not refer to a regular inode.
AV: more to the point, for devices there might be any number of
inodes refering to given device. Which one to strip the permissions
from, even if that made any sense in the first place? All of them
will be observed with contents modified, after all.
Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
Spinczyk)
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/inode.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/fs/inode.c b/fs/inode.c index e9d97add2b36..9a453f3637f8 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1817,8 +1817,13 @@ int file_remove_privs(struct file *file) int kill; int error = 0; - /* Fast path for nothing security related */ - if (IS_NOSEC(inode)) + /* + * Fast path for nothing security related. + * As well for non-regular files, e.g. blkdev inodes. + * For example, blkdev_write_iter() might get here + * trying to remove privs which it is not allowed to. + */ + if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode)) return 0; kill = dentry_needs_remove_privs(dentry); |