b24413180f560 (Greg Kroah-Hartman 2017-11-01 15:07:57 +0100 1) // SPDX-License-Identifier: GPL-2.0
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 2) /*
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 3) * linux/fs/attr.c
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 4) *
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 5) * Copyright (C) 1991, 1992 Linus Torvalds
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 6) * changes by Thomas Schoebel-Theuer
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 7) */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 8)
630d9c47274aa (Paul Gortmaker 2011-11-16 23:57:37 -0500 9) #include <linux/export.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 10) #include <linux/time.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 11) #include <linux/mm.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 12) #include <linux/string.h>
3f07c0144132e (Ingo Molnar 2017-02-08 18:51:30 +0100 13) #include <linux/sched/signal.h>
16f7e0fe2ecc3 (Randy Dunlap 2006-01-11 12:17:46 -0800 14) #include <linux/capability.h>
0eeca28300df1 (Robert Love 2005-07-12 17:06:03 -0400 15) #include <linux/fsnotify.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 16) #include <linux/fcntl.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 17) #include <linux/security.h>
975d294373d8c (Mimi Zohar 2011-03-09 14:39:57 -0500 18) #include <linux/evm.h>
9957a5043e7b0 (Mimi Zohar 2011-03-09 22:57:53 -0500 19) #include <linux/ima.h>
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 20)
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 21) /**
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 22) * chown_ok - verify permissions to chown inode
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 23) * @mnt_userns: user namespace of the mount @inode was found from
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 24) * @inode: inode to check permissions on
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 25) * @uid: uid to chown @inode to
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 26) *
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 27) * If the inode has been found through an idmapped mount the user namespace of
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 28) * the vfsmount must be passed through @mnt_userns. This function will then
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 29) * take care to map the inode according to @mnt_userns before checking
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 30) * permissions. On non-idmapped mounts or if permission checking is to be
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 31) * performed on the raw inode simply passs init_user_ns.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 32) */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 33) static bool chown_ok(struct user_namespace *mnt_userns,
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 34) const struct inode *inode,
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 35) kuid_t uid)
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 36) {
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 37) kuid_t kuid = i_uid_into_mnt(mnt_userns, inode);
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 38) if (uid_eq(current_fsuid(), kuid) && uid_eq(uid, kuid))
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 39) return true;
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 40) if (capable_wrt_inode_uidgid(mnt_userns, inode, CAP_CHOWN))
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 41) return true;
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 42) if (uid_eq(kuid, INVALID_UID) &&
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 43) ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 44) return true;
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 45) return false;
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 46) }
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 47)
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 48) /**
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 49) * chgrp_ok - verify permissions to chgrp inode
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 50) * @mnt_userns: user namespace of the mount @inode was found from
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 51) * @inode: inode to check permissions on
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 52) * @gid: gid to chown @inode to
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 53) *
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 54) * If the inode has been found through an idmapped mount the user namespace of
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 55) * the vfsmount must be passed through @mnt_userns. This function will then
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 56) * take care to map the inode according to @mnt_userns before checking
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 57) * permissions. On non-idmapped mounts or if permission checking is to be
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 58) * performed on the raw inode simply passs init_user_ns.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 59) */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 60) static bool chgrp_ok(struct user_namespace *mnt_userns,
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 61) const struct inode *inode, kgid_t gid)
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 62) {
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 63) kgid_t kgid = i_gid_into_mnt(mnt_userns, inode);
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 64) if (uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode)) &&
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 65) (in_group_p(gid) || gid_eq(gid, kgid)))
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 66) return true;
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 67) if (capable_wrt_inode_uidgid(mnt_userns, inode, CAP_CHOWN))
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 68) return true;
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 69) if (gid_eq(kgid, INVALID_GID) &&
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 70) ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 71) return true;
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 72) return false;
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 73) }
0031181c49ca9 (Eric W. Biederman 2016-10-15 18:36:59 -0500 74)
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 75) /**
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 76) * setattr_prepare - check if attribute changes to a dentry are allowed
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 77) * @mnt_userns: user namespace of the mount the inode was found from
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 78) * @dentry: dentry to check
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 79) * @attr: attributes to change
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 80) *
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 81) * Check if we are allowed to change the attributes contained in @attr
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 82) * in the given dentry. This includes the normal unix access permission
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 83) * checks, as well as checks for rlimits and others. The function also clears
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 84) * SGID bit from mode if user is not allowed to set it. Also file capabilities
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 85) * and IMA extended attributes are cleared if ATTR_KILL_PRIV is set.
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 86) *
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 87) * If the inode has been found through an idmapped mount the user namespace of
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 88) * the vfsmount must be passed through @mnt_userns. This function will then
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 89) * take care to map the inode according to @mnt_userns before checking
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 90) * permissions. On non-idmapped mounts or if permission checking is to be
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 91) * performed on the raw inode simply passs init_user_ns.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 92) *
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 93) * Should be called as the first thing in ->setattr implementations,
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 94) * possibly after taking additional locks.
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 95) */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 96) int setattr_prepare(struct user_namespace *mnt_userns, struct dentry *dentry,
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 97) struct iattr *attr)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 98) {
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 99) struct inode *inode = d_inode(dentry);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 100) unsigned int ia_valid = attr->ia_valid;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 101)
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 102) /*
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 103) * First check size constraints. These can't be overriden using
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 104) * ATTR_FORCE.
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 105) */
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 106) if (ia_valid & ATTR_SIZE) {
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 107) int error = inode_newsize_ok(inode, attr->ia_size);
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 108) if (error)
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 109) return error;
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 110) }
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 111)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 112) /* If force is set do it anyway. */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 113) if (ia_valid & ATTR_FORCE)
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 114) goto kill_priv;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 115)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 116) /* Make sure a caller can chown. */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 117) if ((ia_valid & ATTR_UID) && !chown_ok(mnt_userns, inode, attr->ia_uid))
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 118) return -EPERM;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 119)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 120) /* Make sure caller can chgrp. */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 121) if ((ia_valid & ATTR_GID) && !chgrp_ok(mnt_userns, inode, attr->ia_gid))
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 122) return -EPERM;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 123)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 124) /* Make sure a caller can chmod. */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 125) if (ia_valid & ATTR_MODE) {
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 126) if (!inode_owner_or_capable(mnt_userns, inode))
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 127) return -EPERM;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 128) /* Also check the setgid bit! */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 129) if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 130) i_gid_into_mnt(mnt_userns, inode)) &&
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 131) !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 132) attr->ia_mode &= ~S_ISGID;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 133) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 134)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 135) /* Check for setting the inode time. */
9767d74957450 (Miklos Szeredi 2008-07-01 15:01:26 +0200 136) if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) {
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 137) if (!inode_owner_or_capable(mnt_userns, inode))
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 138) return -EPERM;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 139) }
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 140)
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 141) kill_priv:
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 142) /* User has permission for the change */
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 143) if (ia_valid & ATTR_KILL_PRIV) {
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 144) int error;
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 145)
71bc356f93a1c (Christian Brauner 2021-01-21 14:19:29 +0100 146) error = security_inode_killpriv(mnt_userns, dentry);
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 147) if (error)
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 148) return error;
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 149) }
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 150)
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 151) return 0;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 152) }
31051c85b5e2a (Jan Kara 2016-05-26 16:55:18 +0200 153) EXPORT_SYMBOL(setattr_prepare);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 154)
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 155) /**
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 156) * inode_newsize_ok - may this inode be truncated to a given size
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 157) * @inode: the inode to be truncated
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 158) * @offset: the new size to assign to the inode
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 159) *
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 160) * inode_newsize_ok must be called with i_mutex held.
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 161) *
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 162) * inode_newsize_ok will check filesystem limits and ulimits to check that the
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 163) * new inode size is within limits. inode_newsize_ok will also send SIGXFSZ
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 164) * when necessary. Caller must not proceed with inode size change if failure is
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 165) * returned. @inode must be a file (not directory), with appropriate
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 166) * permissions to allow truncate (inode_newsize_ok does NOT check these
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 167) * conditions).
3fae17468a96f (Matthew Wilcox 2018-07-03 08:08:34 -0700 168) *
3fae17468a96f (Matthew Wilcox 2018-07-03 08:08:34 -0700 169) * Return: 0 on success, -ve errno on failure
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 170) */
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 171) int inode_newsize_ok(const struct inode *inode, loff_t offset)
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 172) {
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 173) if (inode->i_size < offset) {
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 174) unsigned long limit;
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 175)
d554ed895dc8f (Jiri Slaby 2010-03-05 13:42:42 -0800 176) limit = rlimit(RLIMIT_FSIZE);
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 177) if (limit != RLIM_INFINITY && offset > limit)
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 178) goto out_sig;
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 179) if (offset > inode->i_sb->s_maxbytes)
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 180) goto out_big;
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 181) } else {
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 182) /*
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 183) * truncation of in-use swapfiles is disallowed - it would
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 184) * cause subsequent swapout to scribble on the now-freed
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 185) * blocks.
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 186) */
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 187) if (IS_SWAPFILE(inode))
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 188) return -ETXTBSY;
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 189) }
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 190)
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 191) return 0;
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 192) out_sig:
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 193) send_sig(SIGXFSZ, current, 0);
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 194) out_big:
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 195) return -EFBIG;
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 196) }
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 197) EXPORT_SYMBOL(inode_newsize_ok);
25d9e2d152862 (Nicholas Piggin 2009-08-21 02:35:05 +1000 198)
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 199) /**
6a1a90ad1b0ed (Christoph Hellwig 2010-06-04 11:30:00 +0200 200) * setattr_copy - copy simple metadata updates into the generic inode
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 201) * @mnt_userns: user namespace of the mount the inode was found from
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 202) * @inode: the inode to be updated
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 203) * @attr: the new attributes
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 204) *
6a1a90ad1b0ed (Christoph Hellwig 2010-06-04 11:30:00 +0200 205) * setattr_copy must be called with i_mutex held.
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 206) *
6a1a90ad1b0ed (Christoph Hellwig 2010-06-04 11:30:00 +0200 207) * setattr_copy updates the inode's metadata with that specified
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 208) * in attr on idmapped mounts. If file ownership is changed setattr_copy
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 209) * doesn't map ia_uid and ia_gid. It will asssume the caller has already
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 210) * provided the intended values. Necessary permission checks to determine
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 211) * whether or not the S_ISGID property needs to be removed are performed with
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 212) * the correct idmapped mount permission helpers.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 213) * Noticeably missing is inode size update, which is more complex
2c27c65ed0696 (Christoph Hellwig 2010-06-04 11:30:04 +0200 214) * as it requires pagecache updates.
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 215) *
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 216) * If the inode has been found through an idmapped mount the user namespace of
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 217) * the vfsmount must be passed through @mnt_userns. This function will then
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 218) * take care to map the inode according to @mnt_userns before checking
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 219) * permissions. On non-idmapped mounts or if permission checking is to be
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 220) * performed on the raw inode simply passs init_user_ns.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 221) *
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 222) * The inode is not marked as dirty after this operation. The rationale is
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 223) * that for "simple" filesystems, the struct inode is the inode storage.
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 224) * The caller is free to mark the inode dirty afterwards if needed.
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 225) */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 226) void setattr_copy(struct user_namespace *mnt_userns, struct inode *inode,
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 227) const struct iattr *attr)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 228) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 229) unsigned int ia_valid = attr->ia_valid;
4a30131e7dbb1 (NeilBrown 2006-01-08 01:02:39 -0800 230)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 231) if (ia_valid & ATTR_UID)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 232) inode->i_uid = attr->ia_uid;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 233) if (ia_valid & ATTR_GID)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 234) inode->i_gid = attr->ia_gid;
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 235) if (ia_valid & ATTR_ATIME)
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 236) inode->i_atime = attr->ia_atime;
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 237) if (ia_valid & ATTR_MTIME)
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 238) inode->i_mtime = attr->ia_mtime;
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 239) if (ia_valid & ATTR_CTIME)
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 240) inode->i_ctime = attr->ia_ctime;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 241) if (ia_valid & ATTR_MODE) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 242) umode_t mode = attr->ia_mode;
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 243) kgid_t kgid = i_gid_into_mnt(mnt_userns, inode);
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 244) if (!in_group_p(kgid) &&
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 245) !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 246) mode &= ~S_ISGID;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 247) inode->i_mode = mode;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 248) }
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 249) }
6a1a90ad1b0ed (Christoph Hellwig 2010-06-04 11:30:00 +0200 250) EXPORT_SYMBOL(setattr_copy);
7bb46a6734a7e (Nicholas Piggin 2010-05-27 01:05:33 +1000 251)
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 252) /**
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 253) * notify_change - modify attributes of a filesytem object
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 254) * @mnt_userns: user namespace of the mount the inode was found from
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 255) * @dentry: object affected
3fae17468a96f (Matthew Wilcox 2018-07-03 08:08:34 -0700 256) * @attr: new attributes
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 257) * @delegated_inode: returns inode, if the inode is delegated
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 258) *
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 259) * The caller must hold the i_mutex on the affected object.
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 260) *
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 261) * If notify_change discovers a delegation in need of breaking,
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 262) * it will return -EWOULDBLOCK and return a reference to the inode in
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 263) * delegated_inode. The caller should then break the delegation and
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 264) * retry. Because breaking a delegation may take a long time, the
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 265) * caller should drop the i_mutex before doing so.
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 266) *
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 267) * If file ownership is changed notify_change() doesn't map ia_uid and
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 268) * ia_gid. It will asssume the caller has already provided the intended values.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 269) *
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 270) * Alternatively, a caller may pass NULL for delegated_inode. This may
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 271) * be appropriate for callers that expect the underlying filesystem not
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 272) * to be NFS exported. Also, passing NULL is fine for callers holding
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 273) * the file open for write, as there can be no conflicting delegation in
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 274) * that case.
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 275) *
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 276) * If the inode has been found through an idmapped mount the user namespace of
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 277) * the vfsmount must be passed through @mnt_userns. This function will then
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 278) * take care to map the inode according to @mnt_userns before checking
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 279) * permissions. On non-idmapped mounts or if permission checking is to be
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 280) * performed on the raw inode simply passs init_user_ns.
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 281) */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 282) int notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 283) struct iattr *attr, struct inode **delegated_inode)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 284) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 285) struct inode *inode = dentry->d_inode;
8d334acdd2c1f (Al Viro 2011-07-24 23:21:59 -0400 286) umode_t mode = inode->i_mode;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 287) int error;
95582b0083883 (Deepa Dinamani 2018-05-08 19:36:02 -0700 288) struct timespec64 now;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 289) unsigned int ia_valid = attr->ia_valid;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 290)
5955102c9984f (Al Viro 2016-01-22 15:40:57 -0500 291) WARN_ON_ONCE(!inode_is_locked(inode));
c4107b3097465 (Andrew Morton 2012-06-20 09:55:58 +1000 292)
beb29e058c35a (Miklos Szeredi 2008-07-01 15:01:29 +0200 293) if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
beb29e058c35a (Miklos Szeredi 2008-07-01 15:01:29 +0200 294) if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
beb29e058c35a (Miklos Szeredi 2008-07-01 15:01:29 +0200 295) return -EPERM;
beb29e058c35a (Miklos Szeredi 2008-07-01 15:01:29 +0200 296) }
beb29e058c35a (Miklos Szeredi 2008-07-01 15:01:29 +0200 297)
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 298) /*
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 299) * If utimes(2) and friends are called with times == NULL (or both
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 300) * times are UTIME_NOW), then we need to check for write permission
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 301) */
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 302) if (ia_valid & ATTR_TOUCH) {
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 303) if (IS_IMMUTABLE(inode))
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 304) return -EPERM;
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 305)
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 306) if (!inode_owner_or_capable(mnt_userns, inode)) {
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 307) error = inode_permission(mnt_userns, inode, MAY_WRITE);
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 308) if (error)
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 309) return error;
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 310) }
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 311) }
f2b20f6ee8423 (Miklos Szeredi 2016-09-16 12:44:20 +0200 312)
69b4573296469 (Andi Kleen 2011-05-28 08:25:51 -0700 313) if ((ia_valid & ATTR_MODE)) {
8d334acdd2c1f (Al Viro 2011-07-24 23:21:59 -0400 314) umode_t amode = attr->ia_mode;
69b4573296469 (Andi Kleen 2011-05-28 08:25:51 -0700 315) /* Flag setting protected by i_mutex */
69b4573296469 (Andi Kleen 2011-05-28 08:25:51 -0700 316) if (is_sxid(amode))
69b4573296469 (Andi Kleen 2011-05-28 08:25:51 -0700 317) inode->i_flags &= ~S_NOSEC;
69b4573296469 (Andi Kleen 2011-05-28 08:25:51 -0700 318) }
69b4573296469 (Andi Kleen 2011-05-28 08:25:51 -0700 319)
c2050a454c7f1 (Deepa Dinamani 2016-09-14 07:48:06 -0700 320) now = current_time(inode);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 321)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 322) attr->ia_ctime = now;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 323) if (!(ia_valid & ATTR_ATIME_SET))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 324) attr->ia_atime = now;
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 325) else
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 326) attr->ia_atime = timestamp_truncate(attr->ia_atime, inode);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 327) if (!(ia_valid & ATTR_MTIME_SET))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 328) attr->ia_mtime = now;
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 329) else
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 330) attr->ia_mtime = timestamp_truncate(attr->ia_mtime, inode);
eb31e2f63d85d (Amir Goldstein 2019-11-24 21:31:45 +0200 331)
b53767719b6cd (Serge Hallyn 2007-10-16 23:31:36 -0700 332) if (ia_valid & ATTR_KILL_PRIV) {
b53767719b6cd (Serge Hallyn 2007-10-16 23:31:36 -0700 333) error = security_inode_need_killpriv(dentry);
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 334) if (error < 0)
b53767719b6cd (Serge Hallyn 2007-10-16 23:31:36 -0700 335) return error;
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 336) if (error == 0)
030b533c4fd4d (Jan Kara 2016-05-26 17:21:32 +0200 337) ia_valid = attr->ia_valid &= ~ATTR_KILL_PRIV;
b53767719b6cd (Serge Hallyn 2007-10-16 23:31:36 -0700 338) }
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 339)
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 340) /*
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 341) * We now pass ATTR_KILL_S*ID to the lower level setattr function so
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 342) * that the function has the ability to reinterpret a mode change
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 343) * that's due to these bits. This adds an implicit restriction that
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 344) * no function will ever call notify_change with both ATTR_MODE and
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 345) * ATTR_KILL_S*ID set.
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 346) */
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 347) if ((ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) &&
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 348) (ia_valid & ATTR_MODE))
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 349) BUG();
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 350)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 351) if (ia_valid & ATTR_KILL_SUID) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 352) if (mode & S_ISUID) {
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 353) ia_valid = attr->ia_valid |= ATTR_MODE;
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 354) attr->ia_mode = (inode->i_mode & ~S_ISUID);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 355) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 356) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 357) if (ia_valid & ATTR_KILL_SGID) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 358) if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 359) if (!(ia_valid & ATTR_MODE)) {
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 360) ia_valid = attr->ia_valid |= ATTR_MODE;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 361) attr->ia_mode = inode->i_mode;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 362) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 363) attr->ia_mode &= ~S_ISGID;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 364) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 365) }
6de0ec00ba8db (Jeff Layton 2007-10-18 03:05:20 -0700 366) if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID)))
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 367) return 0;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 368)
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 369) /*
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 370) * Verify that uid/gid changes are valid in the target
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 371) * namespace of the superblock.
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 372) */
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 373) if (ia_valid & ATTR_UID &&
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 374) !kuid_has_mapping(inode->i_sb->s_user_ns, attr->ia_uid))
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 375) return -EOVERFLOW;
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 376) if (ia_valid & ATTR_GID &&
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 377) !kgid_has_mapping(inode->i_sb->s_user_ns, attr->ia_gid))
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 378) return -EOVERFLOW;
a475acf01f79e (Seth Forshee 2016-04-26 14:36:25 -0500 379)
0bd23d09b874e (Eric W. Biederman 2016-06-29 14:54:46 -0500 380) /* Don't allow modifications of files with invalid uids or
0bd23d09b874e (Eric W. Biederman 2016-06-29 14:54:46 -0500 381) * gids unless those uids & gids are being made valid.
0bd23d09b874e (Eric W. Biederman 2016-06-29 14:54:46 -0500 382) */
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 383) if (!(ia_valid & ATTR_UID) &&
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 384) !uid_valid(i_uid_into_mnt(mnt_userns, inode)))
0bd23d09b874e (Eric W. Biederman 2016-06-29 14:54:46 -0500 385) return -EOVERFLOW;
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 386) if (!(ia_valid & ATTR_GID) &&
2f221d6f7b881 (Christian Brauner 2021-01-21 14:19:26 +0100 387) !gid_valid(i_gid_into_mnt(mnt_userns, inode)))
0bd23d09b874e (Eric W. Biederman 2016-06-29 14:54:46 -0500 388) return -EOVERFLOW;
0bd23d09b874e (Eric W. Biederman 2016-06-29 14:54:46 -0500 389)
a77b72da24ecf (Miklos Szeredi 2008-07-30 14:06:22 +0200 390) error = security_inode_setattr(dentry, attr);
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 391) if (error)
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 392) return error;
27ac0ffeac80b (J. Bruce Fields 2011-09-20 17:19:26 -0400 393) error = try_break_deleg(inode, delegated_inode);
a77b72da24ecf (Miklos Szeredi 2008-07-30 14:06:22 +0200 394) if (error)
a77b72da24ecf (Miklos Szeredi 2008-07-30 14:06:22 +0200 395) return error;
a77b72da24ecf (Miklos Szeredi 2008-07-30 14:06:22 +0200 396)
eef2380c18789 (Christoph Hellwig 2010-06-04 11:30:01 +0200 397) if (inode->i_op->setattr)
549c7297717c3 (Christian Brauner 2021-01-21 14:19:43 +0100 398) error = inode->i_op->setattr(mnt_userns, dentry, attr);
eef2380c18789 (Christoph Hellwig 2010-06-04 11:30:01 +0200 399) else
549c7297717c3 (Christian Brauner 2021-01-21 14:19:43 +0100 400) error = simple_setattr(mnt_userns, dentry, attr);
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 401)
975d294373d8c (Mimi Zohar 2011-03-09 14:39:57 -0500 402) if (!error) {
0eeca28300df1 (Robert Love 2005-07-12 17:06:03 -0400 403) fsnotify_change(dentry, ia_valid);
a2d2329e30e22 (Christian Brauner 2021-01-21 14:19:45 +0100 404) ima_inode_post_setattr(mnt_userns, dentry);
975d294373d8c (Mimi Zohar 2011-03-09 14:39:57 -0500 405) evm_inode_post_setattr(dentry, ia_valid);
975d294373d8c (Mimi Zohar 2011-03-09 14:39:57 -0500 406) }
0eeca28300df1 (Robert Love 2005-07-12 17:06:03 -0400 407)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 408) return error;
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 409) }
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 410) EXPORT_SYMBOL(notify_change);