Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4432306ioa; Wed, 27 Apr 2022 03:52:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4acANxCaY5505KVPJqSf3r2rmT2gQMtH0oS6rW3jIF0n6CNFLEtO5+soUub7Hrot2aeuX X-Received: by 2002:a63:197:0:b0:3aa:9c7a:b269 with SMTP id 145-20020a630197000000b003aa9c7ab269mr23263781pgb.158.1651056730108; Wed, 27 Apr 2022 03:52:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651056730; cv=none; d=google.com; s=arc-20160816; b=kanETiiKDg+qQJeydGKXn+1ScsVZf+09ugmlLVlNsK/IP0pGpwV447G6OmkqGuvCbN mFoPtzqRBT60+YkWFLlRs+bl8H6k+Vh/sENmjy3597VJOc0OpBvY62SOY8NHWI6L0nGU RD0sChL2tD/eyfBLmQuD68HGN7EqeHajams47/xr8ySgzaruuYyZJtlmHdGnAvb0924w bvXoTZlTwo6O8V2AcisruKwVBLWD4O5kkdweya8kl8FpJH2djk2R6jAUshV0PhopAdOh GjDJWYxu+I+LLftlrLmtYv8qNM9ZrjdNrphWzF1tX26my8AlPRQR2QAZPTKaByuQqeHT MdoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6SfreAzag4EfskqK/OW27eGnGDyMVcHAvstU0/WKXMg=; b=rIp+tmmiH/j2M8fI6viuxKZ3LwCgJ+EpGifTcrYbfeDvZfBcjTWx7BVz6GBvVGCNlb qANLSJw8/HHtAs2cXQg7ewm/UH5zikmsNDQIK6kaMfORHuaq/rRmlKr4H4EAIrYHKUN6 bPO5LJ/SgY2Qez9HPFdeuFNnFA65agYz64iiZfbGwS14dcPqbi4qnOg1uhp64NYhEsII m3+NPtOozoVkFCcZL+m4pGd+PhYtxf1s0MvMN5KT2S2WLzmS6xt91yKlZU279ZkDVky3 3ptIckSGICUOrygpRoFOE65CyM8E9moiQbs1BjckLqH3ckoWDjRs/aTHSUZ1RxjThwrO H17A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zYISRifi; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id w21-20020a637b15000000b003ab358a4d44si1194027pgc.199.2022.04.27.03.52.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 03:52:10 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zYISRifi; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 53CCC2C5317; Wed, 27 Apr 2022 02:58:01 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347224AbiDZJTu (ORCPT + 99 others); Tue, 26 Apr 2022 05:19:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345881AbiDZI4r (ORCPT ); Tue, 26 Apr 2022 04:56:47 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00AA0DD947; Tue, 26 Apr 2022 01:41:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8CC5660A72; Tue, 26 Apr 2022 08:41:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92632C385A0; Tue, 26 Apr 2022 08:41:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1650962490; bh=bTTEixW6BtI8qE3xR7dSh2ppK1QVV9nMDTjkMPr2NA4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zYISRifi7RcOmVoy/89v+FXR3EzWo+shmUzKgo8wkZrbR/IYFLSswwoDIjEKy0VVO Qw2hPcBCaQWwXA/Z2REUF8RpoVqTuy1g9PzJNf9GzsrQx3bjfn6LJ9F007/gXA2mlv YPchJ91yqUglPiJp9/EBD297BHi/KM5ZZrcxABeY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Darrick J. Wong" , Theodore Tso , stable@kernel.org Subject: [PATCH 5.15 113/124] ext4: fix fallocate to use file_modified to update permissions consistently Date: Tue, 26 Apr 2022 10:21:54 +0200 Message-Id: <20220426081750.504887067@linuxfoundation.org> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220426081747.286685339@linuxfoundation.org> References: <20220426081747.286685339@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Darrick J. Wong commit ad5cd4f4ee4d5fcdb1bfb7a0c073072961e70783 upstream. Since the initial introduction of (posix) fallocate back at the turn of the century, it has been possible to use this syscall to change the user-visible contents of files. This can happen by extending the file size during a preallocation, or through any of the newer modes (punch, zero, collapse, insert range). Because the call can be used to change file contents, we should treat it like we do any other modification to a file -- update the mtime, and drop set[ug]id privileges/capabilities. The VFS function file_modified() does all this for us if pass it a locked inode, so let's make fallocate drop permissions correctly. Signed-off-by: Darrick J. Wong Link: https://lore.kernel.org/r/20220308185043.GA117678@magnolia Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/ext4.h | 2 +- fs/ext4/extents.c | 32 +++++++++++++++++++++++++------- fs/ext4/inode.c | 7 ++++++- 3 files changed, 32 insertions(+), 9 deletions(-) --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3027,7 +3027,7 @@ extern int ext4_inode_attach_jinode(stru extern int ext4_can_truncate(struct inode *inode); extern int ext4_truncate(struct inode *); extern int ext4_break_layouts(struct inode *); -extern int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length); +extern int ext4_punch_hole(struct file *file, loff_t offset, loff_t length); extern void ext4_set_inode_flags(struct inode *, bool init); extern int ext4_alloc_da_blocks(struct inode *inode); extern void ext4_set_aops(struct inode *inode); --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -4504,9 +4504,9 @@ retry: return ret > 0 ? ret2 : ret; } -static int ext4_collapse_range(struct inode *inode, loff_t offset, loff_t len); +static int ext4_collapse_range(struct file *file, loff_t offset, loff_t len); -static int ext4_insert_range(struct inode *inode, loff_t offset, loff_t len); +static int ext4_insert_range(struct file *file, loff_t offset, loff_t len); static long ext4_zero_range(struct file *file, loff_t offset, loff_t len, int mode) @@ -4578,6 +4578,10 @@ static long ext4_zero_range(struct file /* Wait all existing dio workers, newcomers will block on i_mutex */ inode_dio_wait(inode); + ret = file_modified(file); + if (ret) + goto out_mutex; + /* Preallocate the range including the unaligned edges */ if (partial_begin || partial_end) { ret = ext4_alloc_file_blocks(file, @@ -4696,7 +4700,7 @@ long ext4_fallocate(struct file *file, i ext4_fc_start_update(inode); if (mode & FALLOC_FL_PUNCH_HOLE) { - ret = ext4_punch_hole(inode, offset, len); + ret = ext4_punch_hole(file, offset, len); goto exit; } @@ -4705,12 +4709,12 @@ long ext4_fallocate(struct file *file, i goto exit; if (mode & FALLOC_FL_COLLAPSE_RANGE) { - ret = ext4_collapse_range(inode, offset, len); + ret = ext4_collapse_range(file, offset, len); goto exit; } if (mode & FALLOC_FL_INSERT_RANGE) { - ret = ext4_insert_range(inode, offset, len); + ret = ext4_insert_range(file, offset, len); goto exit; } @@ -4746,6 +4750,10 @@ long ext4_fallocate(struct file *file, i /* Wait all existing dio workers, newcomers will block on i_mutex */ inode_dio_wait(inode); + ret = file_modified(file); + if (ret) + goto out; + ret = ext4_alloc_file_blocks(file, lblk, max_blocks, new_size, flags); if (ret) goto out; @@ -5248,8 +5256,9 @@ out: * This implements the fallocate's collapse range functionality for ext4 * Returns: 0 and non-zero on error. */ -static int ext4_collapse_range(struct inode *inode, loff_t offset, loff_t len) +static int ext4_collapse_range(struct file *file, loff_t offset, loff_t len) { + struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; struct address_space *mapping = inode->i_mapping; ext4_lblk_t punch_start, punch_stop; @@ -5301,6 +5310,10 @@ static int ext4_collapse_range(struct in /* Wait for existing dio to complete */ inode_dio_wait(inode); + ret = file_modified(file); + if (ret) + goto out_mutex; + /* * Prevent page faults from reinstantiating pages we have released from * page cache. @@ -5394,8 +5407,9 @@ out_mutex: * by len bytes. * Returns 0 on success, error otherwise. */ -static int ext4_insert_range(struct inode *inode, loff_t offset, loff_t len) +static int ext4_insert_range(struct file *file, loff_t offset, loff_t len) { + struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; struct address_space *mapping = inode->i_mapping; handle_t *handle; @@ -5452,6 +5466,10 @@ static int ext4_insert_range(struct inod /* Wait for existing dio to complete */ inode_dio_wait(inode); + ret = file_modified(file); + if (ret) + goto out_mutex; + /* * Prevent page faults from reinstantiating pages we have released from * page cache. --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3939,8 +3939,9 @@ int ext4_break_layouts(struct inode *ino * Returns: 0 on success or negative on failure */ -int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) +int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) { + struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t first_block, stop_block; struct address_space *mapping = inode->i_mapping; @@ -4002,6 +4003,10 @@ int ext4_punch_hole(struct inode *inode, /* Wait all existing dio workers, newcomers will block on i_mutex */ inode_dio_wait(inode); + ret = file_modified(file); + if (ret) + goto out_mutex; + /* * Prevent page faults from reinstantiating pages we have released from * page cache.