From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 318F5C43334
	for <linux-mm@archiver.kernel.org>; Wed,  8 Jun 2022 17:24:55 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id BBE0D6B0071; Wed,  8 Jun 2022 13:24:54 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B6E776B0072; Wed,  8 Jun 2022 13:24:54 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A36D76B0073; Wed,  8 Jun 2022 13:24:54 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 93F6F6B0071
	for <linux-mm@kvack.org>; Wed,  8 Jun 2022 13:24:54 -0400 (EDT)
Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 6513C34117
	for <linux-mm@kvack.org>; Wed,  8 Jun 2022 17:24:54 +0000 (UTC)
X-FDA: 79555743708.15.AD6D1EE
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42])
	by imf26.hostedemail.com (Postfix) with ESMTP id C5EF5140061
	for <linux-mm@kvack.org>; Wed,  8 Jun 2022 17:24:53 +0000 (UTC)
Received: from pps.filterd (m0109333.ppops.net [127.0.0.1])
	by mx0a-00082601.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 258FPQeR014459
	for <linux-mm@kvack.org>; Wed, 8 Jun 2022 10:24:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=facebook;
 bh=m9h5JjUlP4piprhMDRnStZmvgsUbBw57nIc8eedIMuk=;
 b=gYu+UJTT/c/eRVNcaiHQe3Nzev7C8qLFpFQhBrsD7+Ar9KaDeODNaQ7f23a5K5T63Hsq
 2/TNXSpO8EEs9/nKt7KfFjctD+9Ud0kux62Ijk+C5HdC8TYmTq0wmhzUCF+uE1ruuDqJ
 9ADeaJ3jWxanG0HLBpOcpGTmOGH+YGryxOA= 
Received: from mail.thefacebook.com ([163.114.132.120])
	by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3gj9djra86-2
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <linux-mm@kvack.org>; Wed, 08 Jun 2022 10:24:52 -0700
Received: from twshared25107.07.ash9.facebook.com (2620:10d:c085:108::4) by
 mail.thefacebook.com (2620:10d:c085:11d::5) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.28; Wed, 8 Jun 2022 10:24:52 -0700
Received: by devvm225.atn0.facebook.com (Postfix, from userid 425415)
	id 9CD20103BFB5E; Wed,  8 Jun 2022 10:17:43 -0700 (PDT)
From: Stefan Roesch <shr@fb.com>
To: <io-uring@vger.kernel.org>, <kernel-team@fb.com>, <linux-mm@kvack.org>,
        <linux-xfs@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>
CC: <shr@fb.com>, <david@fromorbit.com>, <jack@suse.cz>, <hch@infradead.org>,
        <axboe@kernel.dk>, Christoph Hellwig <hch@lst.de>
Subject: [PATCH v8 08/14] fs: add __remove_file_privs() with flags parameter
Date: Wed, 8 Jun 2022 10:17:35 -0700
Message-ID: <20220608171741.3875418-9-shr@fb.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20220608171741.3875418-1-shr@fb.com>
References: <20220608171741.3875418-1-shr@fb.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-FB-Internal: Safe
Content-Type: text/plain
X-Proofpoint-GUID: AXMZoram7zC7ROhTplMlu8whGVH3LQm2
X-Proofpoint-ORIG-GUID: AXMZoram7zC7ROhTplMlu8whGVH3LQm2
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.517,FMLib:17.11.64.514
 definitions=2022-06-08_05,2022-06-07_02,2022-02-23_01
X-Rspam-User: 
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=fb.com header.s=facebook header.b=gYu+UJTT;
	dmarc=pass (policy=reject) header.from=fb.com;
	spf=none (imf26.hostedemail.com: domain of "prvs=7158831454=shr@fb.com" has no SPF policy when checking 67.231.145.42) smtp.mailfrom="prvs=7158831454=shr@fb.com"
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: C5EF5140061
X-Stat-Signature: od8eyhuqqwotecstn93mf5qa8849pi9q
X-HE-Tag: 1654709093-868812
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

This adds the function __remove_file_privs, which allows the caller to
pass the kiocb flags parameter.

No intended functional changes in this patch.

Signed-off-by: Stefan Roesch <shr@fb.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jan Kara <jack@suse.cz>
---
 fs/inode.c | 57 +++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 37 insertions(+), 20 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index 9d9b422504d1..ac1cf5aa78c8 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -2010,36 +2010,43 @@ static int __remove_privs(struct user_namespace *=
mnt_userns,
 	return notify_change(mnt_userns, dentry, &newattrs, NULL);
 }
=20
-/*
- * Remove special file priviledges (suid, capabilities) when file is wri=
tten
- * to or truncated.
- */
-int file_remove_privs(struct file *file)
+static int __file_remove_privs(struct file *file, unsigned int flags)
 {
 	struct dentry *dentry =3D file_dentry(file);
 	struct inode *inode =3D file_inode(file);
+	int error;
 	int kill;
-	int error =3D 0;
=20
-	/*
-	 * Fast path for nothing security related.
-	 * As well for non-regular files, e.g. blkdev inodes.
-	 * For example, blkdev_write_iter() might get here
-	 * trying to remove privs which it is not allowed to.
-	 */
 	if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
 		return 0;
=20
 	kill =3D dentry_needs_remove_privs(dentry);
-	if (kill < 0)
+	if (kill <=3D 0)
 		return kill;
-	if (kill)
-		error =3D __remove_privs(file_mnt_user_ns(file), dentry, kill);
+
+	if (flags & IOCB_NOWAIT)
+		return -EAGAIN;
+
+	error =3D __remove_privs(file_mnt_user_ns(file), dentry, kill);
 	if (!error)
 		inode_has_no_xattr(inode);
=20
 	return error;
 }
+
+/**
+ * file_remove_privs - remove special file privileges (suid, capabilitie=
s)
+ * @file: file to remove privileges from
+ *
+ * When file is modified by a write or truncation ensure that special
+ * file privileges are removed.
+ *
+ * Return: 0 on success, negative errno on failure.
+ */
+int file_remove_privs(struct file *file)
+{
+	return __file_remove_privs(file, 0);
+}
 EXPORT_SYMBOL(file_remove_privs);
=20
 /**
@@ -2090,18 +2097,28 @@ int file_update_time(struct file *file)
 }
 EXPORT_SYMBOL(file_update_time);
=20
-/* Caller must hold the file's inode lock */
+/**
+ * file_modified - handle mandated vfs changes when modifying a file
+ * @file: file that was modified
+ *
+ * When file has been modified ensure that special
+ * file privileges are removed and time settings are updated.
+ *
+ * Context: Caller must hold the file's inode lock.
+ *
+ * Return: 0 on success, negative errno on failure.
+ */
 int file_modified(struct file *file)
 {
-	int err;
+	int ret;
=20
 	/*
 	 * Clear the security bits if the process is not being run by root.
 	 * This keeps people from modifying setuid and setgid binaries.
 	 */
-	err =3D file_remove_privs(file);
-	if (err)
-		return err;
+	ret =3D __file_remove_privs(file, 0);
+	if (ret)
+		return ret;
=20
 	if (unlikely(file->f_mode & FMODE_NOCMTIME))
 		return 0;
--=20
2.30.2