From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7CC9CA9EC9 for ; Mon, 4 Nov 2019 22:27:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 932B6204EC for ; Mon, 4 Nov 2019 22:27:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572906423; bh=LfTO+FHeZ6M9Pa2Fk/8x9G7IzL6obf8rE6hsYroN2dY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=2OpFiaOzNAPv8wGFhG8SwuDd45m+RYa3HP7XSF7q57jnKXUZ+YwQReLH6hyhOAwiP OLbgoZxetbLd1tOR2FsiVvYRGRMUC3vIcoWYFrZm7ntg8KaXu4TjOYoaHe8JdEZCch QFyRhLd3epVkq7tzGQog+pvDccMZGbawr1f5Vfto= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387790AbfKDVuo (ORCPT ); Mon, 4 Nov 2019 16:50:44 -0500 Received: from mail.kernel.org ([198.145.29.99]:43078 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387777AbfKDVul (ORCPT ); Mon, 4 Nov 2019 16:50:41 -0500 Received: from localhost (6.204-14-84.ripe.coltfrance.com [84.14.204.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 13FBC214D8; Mon, 4 Nov 2019 21:50:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572904240; bh=LfTO+FHeZ6M9Pa2Fk/8x9G7IzL6obf8rE6hsYroN2dY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s1S8ccrM6yMfiJSJgfmFicxe/pjrmRYul82g+9J09etFHZFgnI90dZq8IQKV4AHZ+ 1WIUz5qHHTH/vX1jxOOrS3Ggjmn6kz57OVYQ4Bck172mQjAHlmVClzMHjk8bYUXmjW 1LpUYtc4fY3incVuulzEN2AJ8C5jHET+N6vYIz4s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Giuseppe Scrivano , Miklos Szeredi Subject: [PATCH 4.9 34/62] fuse: flush dirty data/metadata before non-truncate setattr Date: Mon, 4 Nov 2019 22:44:56 +0100 Message-Id: <20191104211937.303094666@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191104211901.387893698@linuxfoundation.org> References: <20191104211901.387893698@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Miklos Szeredi commit b24e7598db62386a95a3c8b9c75630c5d56fe077 upstream. If writeback cache is enabled, then writes might get reordered with chmod/chown/utimes. The problem with this is that performing the write in the fuse daemon might itself change some of these attributes. In such case the following sequence of operations will result in file ending up with the wrong mode, for example: int fd = open ("suid", O_WRONLY|O_CREAT|O_EXCL); write (fd, "1", 1); fchown (fd, 0, 0); fchmod (fd, 04755); close (fd); This patch fixes this by flushing pending writes before performing chown/chmod/utimes. Reported-by: Giuseppe Scrivano Tested-by: Giuseppe Scrivano Fixes: 4d99ff8f12eb ("fuse: Turn writeback cache on") Cc: # v3.15+ Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/fuse/dir.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1654,6 +1654,19 @@ int fuse_do_setattr(struct dentry *dentr if (attr->ia_valid & ATTR_SIZE) is_truncate = true; + /* Flush dirty data/metadata before non-truncate SETATTR */ + if (is_wb && S_ISREG(inode->i_mode) && + attr->ia_valid & + (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET | + ATTR_TIMES_SET)) { + err = write_inode_now(inode, true); + if (err) + return err; + + fuse_set_nowrite(inode); + fuse_release_nowrite(inode); + } + if (is_truncate) { fuse_set_nowrite(inode); set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);