Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761333AbYBOWqN (ORCPT ); Fri, 15 Feb 2008 17:46:13 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1764224AbYBOWhx (ORCPT ); Fri, 15 Feb 2008 17:37:53 -0500 Received: from e5.ny.us.ibm.com ([32.97.182.145]:40124 "EHLO e5.ny.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1762438AbYBOWhq (ORCPT ); Fri, 15 Feb 2008 17:37:46 -0500 Subject: [PATCH 16/30] r/o bind mounts: elevate write count for do_utimes() To: linux-kernel@vger.kernel.org Cc: hch@lst.de, miklos@szeredi.hu, akpm@osdl.org, Dave Hansen From: Dave Hansen Date: Fri, 15 Feb 2008 14:37:42 -0800 References: <20080215223721.9E0A088A@kernel> In-Reply-To: <20080215223721.9E0A088A@kernel> Message-Id: <20080215223742.552C557D@kernel> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2971 Lines: 102 Now includes fix for oops seen by akpm. "never let a libc developer write your kernel code" - hch "nor, apparently, a kernel developer" - akpm Acked-by: Al Viro Signed-off-by: Christoph Hellwig Cc: Valdis Kletnieks Cc: Balbir Singh Signed-off-by: Dave Hansen --- linux-2.6.git-dave/fs/utimes.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff -puN fs/utimes.c~r-o-bind-mounts-elevate-write-count-for-do_utimes fs/utimes.c --- linux-2.6.git/fs/utimes.c~r-o-bind-mounts-elevate-write-count-for-do_utimes 2008-02-15 13:25:50.000000000 -0800 +++ linux-2.6.git-dave/fs/utimes.c 2008-02-15 13:25:50.000000000 -0800 @@ -2,6 +2,7 @@ #include #include #include +#include #include #include #include @@ -59,6 +60,7 @@ long do_utimes(int dfd, char __user *fil struct inode *inode; struct iattr newattrs; struct file *f = NULL; + struct vfsmount *mnt; error = -EINVAL; if (times && (!nsec_valid(times[0].tv_nsec) || @@ -79,18 +81,20 @@ long do_utimes(int dfd, char __user *fil if (!f) goto out; dentry = f->f_path.dentry; + mnt = f->f_path.mnt; } else { error = __user_walk_fd(dfd, filename, (flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW, &nd); if (error) goto out; dentry = nd.path.dentry; + mnt = nd.path.mnt; } inode = dentry->d_inode; - error = -EROFS; - if (IS_RDONLY(inode)) + error = mnt_want_write(mnt); + if (error) goto dput_and_out; /* Don't worry, the checks are done in inode_change_ok() */ @@ -98,7 +102,7 @@ long do_utimes(int dfd, char __user *fil if (times) { error = -EPERM; if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) - goto dput_and_out; + goto mnt_drop_write_and_out; if (times[0].tv_nsec == UTIME_OMIT) newattrs.ia_valid &= ~ATTR_ATIME; @@ -118,22 +122,24 @@ long do_utimes(int dfd, char __user *fil } else { error = -EACCES; if (IS_IMMUTABLE(inode)) - goto dput_and_out; + goto mnt_drop_write_and_out; if (!is_owner_or_cap(inode)) { if (f) { if (!(f->f_mode & FMODE_WRITE)) - goto dput_and_out; + goto mnt_drop_write_and_out; } else { error = vfs_permission(&nd, MAY_WRITE); if (error) - goto dput_and_out; + goto mnt_drop_write_and_out; } } } mutex_lock(&inode->i_mutex); error = notify_change(dentry, &newattrs); mutex_unlock(&inode->i_mutex); +mnt_drop_write_and_out: + mnt_drop_write(mnt); dput_and_out: if (f) fput(f); _ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/