fuse: Propagate dentry down to inode_change_ok()

[ Upstream commit 62490330 ] To avoid clearing of capabilities or security related extended attributes too early, inode_change_ok() will need to take dentry instead of inode. Propagate it down to fuse_do_setattr(). References: CVE-2015-1350 Acked-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz> Conflicts: Missing file_dentry() from d101a125Signed-off-by: Philipp Hahn <hahn@univention.de> Signed-off-by: Sasha Levin <alexander.levin@verizon.com>

fuse: Propagate dentry down to inode_change_ok()
[ Upstream commit 62490330 ] To avoid clearing of capabilities or security related extended attributes too early, inode_change_ok() will need to take dentry instead of inode. Propagate it down to fuse_do_setattr(). References: CVE-2015-1350 Acked-by: Miklos Szeredi <mszeredi@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz> Conflicts: Missing file_dentry() from d101a125Signed-off-by: Philipp Hahn <hahn@univention.de> Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
820bc458 · Jan Kara · Sasha Levin · 89bc54c5 · 820bc458 · 820bc458
Commit 820bc458 authored Dec 14, 2016 by Jan Kara Committed by Sasha Levin Dec 23, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 5 deletions

fs/fuse/dir.c fs/fuse/dir.c +4 -3

fs/fuse/file.c fs/fuse/file.c +1 -1

fs/fuse/fuse_i.h fs/fuse/fuse_i.h +1 -1

No files found.
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1602,9 +1602,10 @@ int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
 * vmtruncate() doesn't allow for this case, so do the rlimit checking
 * and the actual truncation by hand.
 */
-int fuse_do_setattr(struct inode *inode, struct iattr *attr,
+int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
 		    struct file *file)
 {
+	struct inode *inode = d_inode(dentry);
 	struct fuse_conn *fc = get_fuse_conn(inode);
 	struct fuse_inode *fi = get_fuse_inode(inode);
 	FUSE_ARGS(args);
@@ -1718,9 +1719,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr)
 		return -EACCES;

 	if (attr->ia_valid & ATTR_FILE)
-		return fuse_do_setattr(inode, attr, attr->ia_file);
+		return fuse_do_setattr(entry, attr, attr->ia_file);
 	else
-		return fuse_do_setattr(inode, attr, NULL);
+		return fuse_do_setattr(entry, attr, NULL);
 }

 static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry,

--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2797,7 +2797,7 @@ static void fuse_do_truncate(struct file *file)
 	attr.ia_file = file;
 	attr.ia_valid |= ATTR_FILE;

-	fuse_do_setattr(inode, &attr, file);
+	fuse_do_setattr(file->f_path.dentry, &attr, file);
 }

 static inline loff_t fuse_round_up(loff_t off)

--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -913,7 +913,7 @@ bool fuse_write_update_size(struct inode *inode, loff_t pos);
 int fuse_flush_times(struct inode *inode, struct fuse_file *ff);
 int fuse_write_inode(struct inode *inode, struct writeback_control *wbc);

-int fuse_do_setattr(struct inode *inode, struct iattr *attr,
+int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
 		    struct file *file);

 void fuse_set_initialized(struct fuse_conn *fc);