[Devel] [PATCH RHEL7 COMMIT] Revert "ms/vfs: Don't modify inodes with a uid or gid unknown to the vfs"

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jul 21 11:00:35 MSK 2017 

The commit is pushed to "branch-rh7-3.10.0-514.26.1.vz7.33.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.26.1.vz7.33.12
------>
commit 82c71904ef8bfcca74ca61cafac9762db87470f3
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Fri Jul 21 11:57:18 2017 +0400

    Revert "ms/vfs: Don't modify inodes with a uid or gid unknown to the vfs"
    
    This reverts commit 4ca88214ec7373a4b428cc4a665517564510df75.
    
    Temporary revert due to
    https://jira.sw.ru/browse/PSBM-68599
    
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 fs/attr.c          |  8 --------
 fs/inode.c         |  7 -------
 fs/namei.c         | 26 +++++---------------------
 fs/xattr.c         |  7 -------
 include/linux/fs.h |  5 -----
 5 files changed, 5 insertions(+), 48 deletions(-)

diff --git a/fs/attr.c b/fs/attr.c
index d3434f3..00dc159 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -271,14 +271,6 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de
 	    !kgid_has_mapping(inode->i_sb->s_user_ns, attr->ia_gid))
 		return -EOVERFLOW;
 
-	/* Don't allow modifications of files with invalid uids or
-	 * gids unless those uids & gids are being made valid.
-	 */
-	if (!(ia_valid & ATTR_UID) && !uid_valid(inode->i_uid))
-		return -EOVERFLOW;
-	if (!(ia_valid & ATTR_GID) && !gid_valid(inode->i_gid))
-		return -EOVERFLOW;
-
 	error = security_inode_setattr(dentry, attr);
 	if (error)
 		return error;
diff --git a/fs/inode.c b/fs/inode.c
index dc178a5..675349a 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1633,13 +1633,6 @@ void touch_atime(struct path *path)
 
 	if (inode->i_flags & S_NOATIME)
 		return;
-
-	/* Atime updates will likely cause i_uid and i_gid to be written
-	 * back improprely if their true value is unknown to the vfs.
-	 */
-	if (HAS_UNMAPPED_ID(inode))
-		return;
-
 	if (IS_NOATIME(inode))
 		return;
 	if ((inode->i_sb->s_flags & MS_NODIRATIME) && S_ISDIR(inode->i_mode))
diff --git a/fs/namei.c b/fs/namei.c
index 74abaeb..1ee459f 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -427,14 +427,6 @@ int __inode_permission(struct inode *inode, int mask)
 		 */
 		if (IS_IMMUTABLE(inode))
 			return -EACCES;
-
-		/*
-		 * Updating mtime will likely cause i_uid and i_gid to be
-		 * written back improperly if their true value is unknown
-		 * to the vfs.
-		 */
-		if (HAS_UNMAPPED_ID(inode))
-			return -EACCES;
 	}
 
 	retval = do_inode_permission(inode, mask);
@@ -2588,11 +2580,10 @@ EXPORT_SYMBOL(__check_sticky);
  *	c. have CAP_FOWNER capability
  *  6. If the victim is append-only or immutable we can't do antyhing with
  *     links pointing to it.
- *  7. If the victim has an unknown uid or gid we can't change the inode.
- *  8. If we were asked to remove a directory and victim isn't one - ENOTDIR.
- *  9. If we were asked to remove a non-directory and victim isn't one - EISDIR.
- * 10. We can't remove a root or mountpoint.
- * 11. We don't allow removal of NFS sillyrenamed files; it's handled by
+ *  7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
+ *  8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
+ *  9. We can't remove a root or mountpoint.
+ * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
  *     nfs_async_unlink().
  */
 static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
@@ -2614,7 +2605,7 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
 		return -EPERM;
 
 	if (check_sticky(dir, inode) || IS_APPEND(inode) ||
-	    IS_IMMUTABLE(inode) || HAS_UNMAPPED_ID(inode) ||
+	    IS_IMMUTABLE(inode) ||
 	    (IS_SWAPFILE(inode) && inode->i_nlink == 1))
 		return -EPERM;
 	if (isdir) {
@@ -4039,13 +4030,6 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 	 */
 	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
 		return -EPERM;
-	/*
-	 * Updating the link count will likely cause i_uid and i_gid to
-	 * be writen back improperly if their true value is unknown to
-	 * the vfs.
-	 */
-	if (HAS_UNMAPPED_ID(inode))
-		return -EPERM;
 	if (!dir->i_op->link)
 		return -EPERM;
 	if (S_ISDIR(inode->i_mode))
diff --git a/fs/xattr.c b/fs/xattr.c
index 5fd3e7d..d49ea1b 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -38,13 +38,6 @@ xattr_permission(struct inode *inode, const char *name, int mask)
 	if (mask & MAY_WRITE) {
 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
 			return -EPERM;
-		/*
-		 * Updating an xattr will likely cause i_uid and i_gid
-		 * to be writen back improperly if their true value is
-		 * unknown to the vfs.
-		 */
-		if (HAS_UNMAPPED_ID(inode))
-			return -EPERM;
 	}
 
 	/*
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 7203d76..6b509f8 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2011,11 +2011,6 @@ struct super_operations {
 #define IS_WHITEOUT(inode)	(S_ISCHR(inode->i_mode) && \
 				 (inode)->i_rdev == WHITEOUT_DEV)
 
-static inline bool HAS_UNMAPPED_ID(struct inode *inode)
-{
-	return !uid_valid(inode->i_uid) || !gid_valid(inode->i_gid);
-}
-
 /*
  * Inode state bits.  Protected by inode->i_lock
  *

More information about the Devel mailing list