Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752392Ab1CEKPh (ORCPT ); Sat, 5 Mar 2011 05:15:37 -0500 Received: from mail-wy0-f174.google.com ([74.125.82.174]:65362 "EHLO mail-wy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751140Ab1CEKPg (ORCPT ); Sat, 5 Mar 2011 05:15:36 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=hGThmoNRq84mJKM/11A/R349ZcUTTNs51crvTVaSbF0sYtqQgiWK3kc2XN+gWdQvyc B6WcaoUXVKoiHtS0rhGmK4lWUUq44xwodql2S3yiAD7zyONZDyoJPkFRGL6Oc+PgK4mk sNcCCruRN39VJfRTIrkY3O7hLSeUkSiHaO9qE= Message-ID: <4D720C0B.1050300@gmail.com> Date: Sat, 05 Mar 2011 11:10:19 +0100 From: Marco Stornelli User-Agent: Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.1.16) Gecko/20101125 SUSE/3.0.11 Thunderbird/3.0.11 MIME-Version: 1.0 To: Linux Kernel CC: sedat.dilek@gmail.com, Sedat Dilek , Linux FS Devel Subject: [PATCH v3][RESEND] Check for immutable/append flag in fallocate path References: <4D6221B8.9040303@gmail.com> <4D6F5473.2070709@gmail.com> <4D720469.1010101@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1463 Lines: 39 From: Marco Stornelli In the fallocate path the kernel doesn't check for the immutable/append flag. It's possible to have a race condition in this scenario: an application open a file in read/write and it does something, meanwhile root set the immutable flag on the file, the application at that point can call fallocate with success. In addition, we don't allow to do any unreserve operation on an append only file but only the reserve one. Signed-off-by: Marco Stornelli --- ChangeLog: v3: Modified do_fallocate instead of every single fs v2: Added the check for append-only file for XFS v1: First draft --- linux-2.6.38-rc7/fs/open.c.orig 2011-03-01 22:55:12.000000000 +0100 +++ linux-2.6.38-rc7/fs/open.c 2011-03-04 15:28:43.000000000 +0100 @@ -233,6 +233,14 @@ int do_fallocate(struct file *file, int if (!(file->f_mode & FMODE_WRITE)) return -EBADF; + + /* It's not possible punch hole on append only file */ + if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode)) + return -EPERM; + + if (IS_IMMUTABLE(inode)) + return -EPERM; + /* * Revalidate the write permissions, in case security policy has * changed since the files were opened. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/