| tag name | falloc-fix-perm-updates-5.17_2022-01-29 (f6d027326c43775100c88bfb934f2b69dda005b3) |
| tag date | 2022-01-29 20:57:48 -0800 |
| tagged by | Darrick J. Wong <djwong@kernel.org> |
| tagged object | commit 8449af5308... |
xfs: fix permission drop and flushing in fallocate
While auditing the file permission dropping for fallocate, I reached the
conclusion that fallocate can modify file contents, and therefore should
be treated as a file write. As such, it needs to update the file
modification and file (metadata) change timestamps, and it needs to drop
file privileges such as setuid and capabilities, just like a regular
write. Moreover, if the inode is configured for synchronous writes,
then all the fallocate changes really ought to be persisted to disk
before fallocate returns to userspace.
Unfortunately, the XFS fallocate implementation doesn't do this
correctly. setgid without group-exec is a mandatory locking mark and is
left alone by write(), which means that we shouldn't drop it
unconditionally. Furthermore, file capabilities are another vector for
setuid to be set on a program file, and XFS ignores these.
I also noticed that fallocate doesn't flush the log to disk after
fallocate when the fs is mounted with -o sync or if the DIFLAG_SYNC flag
is set on the inode.
Therefore, refactor the XFS fallocate implementation to use the VFS
helper file_modified to update file metadata instead of open-coding it
incorrectly. Refactor it further to use xfs_file_sync_writes to decide
if we need to flush the log; and then fix the log flushing so that it
flushes after we've made /all/ the changes.
v2: fix some bisection problems
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAmH2GswACgkQ+H93GTRK
tOvg3RAAgDbrRxkghXoYPpLA7FH2dMR+x4CGwKfHk/DRR6AJofJ9YU/y3mbz9vpZ
7zAEli+EbsZBt/H+X3aIsuxB/ZYNOtCuE8FFxTBGL26kyGCYIDdbkLmvqR1tGT4A
+BBTkTOlnj5U25i5RqZMOyExIbEPcm8WyEaQZsibOO+9lccx4cz1ha6mS4TMI9ax
mj/ryLmakJzrOxgmIGYj0Gzpukhv7pOh/WILBxQYtBVvAmF980jDsXHhZw3xZydZ
5rzfpIspeV6i0udbcZMteT0Fwukz1+/RJR/3ia2mJj9Wi3FvgBwCd84R82NlCWpm
MfVGzQy8JZ8Jsgy9BGTtqtLvztQLtztAQk+PPhqiq5dEecfJEqas+TUYpSI1eydt
BXIFH8MHIRErggnoJ/vTU6vO3OH3qJO/R56mA9kdwIco93ddEvxfej1s0dV53AVJ
sihi+wXRNhku2j6l1VQ30SgoFEU2TAIwi1/H7GAUzAjlGyRjD5qm4sNUeuJjzh4A
RQjD6zodvC2EyJ/02qX/UeNcKWIFM1CgSDGLQxaY2is0hFsqigEE9lxowMs0oId7
PYLSdTkNfeRRVeMmhKc03C7srzpYrGpU1RrNJTLIWV2VmuyWooKrSP4BbM8n61nn
svUMFXHVjm7k3+x8OO2eO9yvoB1il7C1TwdnfgELF/vWwjW6nOA=
=jX/b
-----END PGP SIGNATURE-----