From bc29767d5c719efc76aa390db711986f5fc94c09 Mon Sep 17 00:00:00 2001 From: phil Date: Sat, 26 Feb 2005 04:19:04 +0000 Subject: [PATCH] b=5695 Oleg's patch fixes the kernels to call setattr_raw inside remove_suid. In 2.4, remove_suid just did nothing. In 2.6, it would LBUG when notify_change was called instead. --- lustre/ChangeLog | 1 + lustre/kernel_patches/patches/lustre_version.patch | 1 + .../patches/remove-suid-2.4-rhel.patch | 23 ++++++++++++++++++++++ .../patches/remove-suid-2.6-suse.patch | 22 +++++++++++++++++++++ lustre/kernel_patches/series/2.6-suse-lnxi.series | 1 + lustre/kernel_patches/series/rhel-2.4.21 | 1 + lustre/kernel_patches/series/vanilla-2.4.24 | 1 + lustre/tests/sanity.sh | 17 ++++++++++++++++ 8 files changed, 67 insertions(+) create mode 100644 lustre/kernel_patches/patches/remove-suid-2.4-rhel.patch create mode 100644 lustre/kernel_patches/patches/remove-suid-2.6-suse.patch diff --git a/lustre/ChangeLog b/lustre/ChangeLog index 1b9be20..922919a 100644 --- a/lustre/ChangeLog +++ b/lustre/ChangeLog @@ -29,6 +29,7 @@ tbd Cluster File Systems, Inc. - workaround for 2.6 crash in ll_unhash_aliases (5687, 5210) - small ext3 extents cleanups and fixes (5733) - improved mballoc code, several small races and bugs fixed (5733, 5638) + - kernel version 43: fix remove_suid bugs in both 2.4 and 2.6 (5695) * miscellania - service request history (4965) - put {ll,lov,osc}_async_page structs in a single slab (4699) diff --git a/lustre/kernel_patches/patches/lustre_version.patch b/lustre/kernel_patches/patches/lustre_version.patch index 0737286..4e97332 100644 --- a/lustre/kernel_patches/patches/lustre_version.patch +++ b/lustre/kernel_patches/patches/lustre_version.patch @@ -1,3 +1,4 @@ +Version 43: fix remove_suid to not crash 2.6, and do anything on 2.4 (b=5695) Version 42: export show_task() Version 41: revalidate should check working dir is a directory (b=4134) Version 40: >32000 subdirectories support for ext3 (b=3244) diff --git a/lustre/kernel_patches/patches/remove-suid-2.4-rhel.patch b/lustre/kernel_patches/patches/remove-suid-2.4-rhel.patch new file mode 100644 index 0000000..4f9fe49 --- /dev/null +++ b/lustre/kernel_patches/patches/remove-suid-2.4-rhel.patch @@ -0,0 +1,23 @@ +--- uml-2.4.24/mm/filemap.c.orig 2005-02-18 22:27:31.000000000 +0200 ++++ uml-2.4.24/mm/filemap.c 2005-02-18 22:49:02.960952568 +0200 +@@ -2993,7 +2993,20 @@ inline void remove_suid(struct inode *in + /* was any of the uid bits set? */ + mode &= inode->i_mode; + if (mode && !capable(CAP_FSETID)) { ++ struct inode_operations *op = inode->i_op; + inode->i_mode &= ~mode; ++ ++ if (op && op->setattr_raw) { ++ struct iattr newattrs; ++ int result; ++ newattrs.ia_mode = inode->i_mode; ++ ++ newattrs.ia_valid = ATTR_FORCE | ATTR_MODE; ++ result = op->setattr_raw(inode, &newattrs); ++ /* the file system wants to use normal vfs path now */ ++ if (result != -EOPNOTSUPP) ++ return; /* No way to return status. Whoops! */ ++ } + mark_inode_dirty(inode); + } + } diff --git a/lustre/kernel_patches/patches/remove-suid-2.6-suse.patch b/lustre/kernel_patches/patches/remove-suid-2.6-suse.patch new file mode 100644 index 0000000..4a4e10f --- /dev/null +++ b/lustre/kernel_patches/patches/remove-suid-2.6-suse.patch @@ -0,0 +1,22 @@ +--- linux-2.6.5-7.141/mm/filemap.c.orig 2005-02-18 14:53:26.000000000 +0200 ++++ linux-2.6.5-7.141/mm/filemap.c 2005-02-18 22:37:28.727492096 +0200 +@@ -1816,6 +1816,19 @@ int remove_suid(struct dentry *dentry) + + if (unlikely(kill && !capable(CAP_FSETID))) { + struct iattr newattrs; ++ struct inode_operations *op = dentry->d_inode->i_op; ++ ++ if (op && op->setattr_raw) { ++ newattrs.ia_mode = mode & ~S_ISUID; ++ if (kill & ATTR_KILL_SGID) ++ newattrs.ia_mode &= ~S_ISGID; ++ ++ newattrs.ia_valid = ATTR_FORCE | ATTR_MODE; ++ result = op->setattr_raw(dentry->d_inode, &newattrs); ++ /* the file system wants to use normal vfs path now */ ++ if (result != -EOPNOTSUPP) ++ return result; ++ } + + newattrs.ia_valid = ATTR_FORCE | kill; + result = notify_change(dentry, &newattrs); diff --git a/lustre/kernel_patches/series/2.6-suse-lnxi.series b/lustre/kernel_patches/series/2.6-suse-lnxi.series index 5669eb8..aba1070 100644 --- a/lustre/kernel_patches/series/2.6-suse-lnxi.series +++ b/lustre/kernel_patches/series/2.6-suse-lnxi.series @@ -6,3 +6,4 @@ perfctr-2.6-suse-lnxi.patch kexec-2.6-suse-lnxi.patch export-filemap_populate.patch grab_cache_page_nowait_gfp-2.6-suse.patch +remove-suid-2.6-suse.patch diff --git a/lustre/kernel_patches/series/rhel-2.4.21 b/lustre/kernel_patches/series/rhel-2.4.21 index c8cc479..e4d40b8 100644 --- a/lustre/kernel_patches/series/rhel-2.4.21 +++ b/lustre/kernel_patches/series/rhel-2.4.21 @@ -46,3 +46,4 @@ llnl-frame-pointer-walk-fix-2.4.21-rhel.patch export-show_task-2.4-rhel.patch compile-fixes-2.4.21-rhel.patch grab_cache_page_nowait_gfp-rh-2.4.patch +remove-suid-2.4-rhel.patch diff --git a/lustre/kernel_patches/series/vanilla-2.4.24 b/lustre/kernel_patches/series/vanilla-2.4.24 index d4dc1c1..e2b69da 100644 --- a/lustre/kernel_patches/series/vanilla-2.4.24 +++ b/lustre/kernel_patches/series/vanilla-2.4.24 @@ -43,3 +43,4 @@ ext3-nlinks-2.4.24.patch export-show_task-2.4-vanilla.patch export-zap-page-range.patch uml-sigusr1-2.4-vanilla.patch +remove-suid-2.4-rhel.patch diff --git a/lustre/tests/sanity.sh b/lustre/tests/sanity.sh index 699c2f2..d1ea72e 100644 --- a/lustre/tests/sanity.sh +++ b/lustre/tests/sanity.sh @@ -2333,6 +2333,23 @@ test_71() { } run_test 71 "Running dbench on lustre (don't segment fault) ====" +test_72() { # bug 5695 - Test that on 2.6 remove_suid works properly + check_kernel_version 40 || return 0 + [ "$RUNAS_ID" = "$UID" ] && echo "skipping test 72" && return + touch $DIR/f72 + chmod 777 $DIR/f72 + chmod ug+s $DIR/f72 + $RUNAS -u $(($RUNAS_ID + 1)) dd if=/dev/zero of=$DIR/f72 bs=512 count=1 || error + # See if we are still setuid/sgid + test -u $DIR/f72 -o -g $DIR/f72 && error "S/gid is not dropped on write" + # Now test that MDS is updated too + cancel_lru_locks MDC + test -u $DIR/f72 -o -g $DIR/f72 && error "S/gid is not dropped on MDS" + true +} +run_test 72 "Test that remove suid works properly (bug5695) ====" + + # on the LLNL clusters, runas will still pick up root's $TMP settings, # which will not be writable for the runas user, and then you get a CVS # error message with a corrupt path string (CVS bug) and panic. -- 1.8.3.1