Oleg's patch fixes the kernels to call setattr_raw inside remove_suid.
In 2.4, remove_suid just did nothing.
In 2.6, it would LBUG when notify_change was called instead.
- workaround for 2.6 crash in ll_unhash_aliases (5687, 5210)
- small ext3 extents cleanups and fixes (5733)
- improved mballoc code, several small races and bugs fixed (5733, 5638)
+ - kernel version 43: fix remove_suid bugs in both 2.4 and 2.6 (5695)
* miscellania
- service request history (4965)
- put {ll,lov,osc}_async_page structs in a single slab (4699)
+Version 43: fix remove_suid to not crash 2.6, and do anything on 2.4 (b=5695)
Version 42: export show_task()
Version 41: revalidate should check working dir is a directory (b=4134)
Version 40: >32000 subdirectories support for ext3 (b=3244)
--- /dev/null
+--- uml-2.4.24/mm/filemap.c.orig 2005-02-18 22:27:31.000000000 +0200
++++ uml-2.4.24/mm/filemap.c 2005-02-18 22:49:02.960952568 +0200
+@@ -2993,7 +2993,20 @@ inline void remove_suid(struct inode *in
+ /* was any of the uid bits set? */
+ mode &= inode->i_mode;
+ if (mode && !capable(CAP_FSETID)) {
++ struct inode_operations *op = inode->i_op;
+ inode->i_mode &= ~mode;
++
++ if (op && op->setattr_raw) {
++ struct iattr newattrs;
++ int result;
++ newattrs.ia_mode = inode->i_mode;
++
++ newattrs.ia_valid = ATTR_FORCE | ATTR_MODE;
++ result = op->setattr_raw(inode, &newattrs);
++ /* the file system wants to use normal vfs path now */
++ if (result != -EOPNOTSUPP)
++ return; /* No way to return status. Whoops! */
++ }
+ mark_inode_dirty(inode);
+ }
+ }
--- /dev/null
+--- linux-2.6.5-7.141/mm/filemap.c.orig 2005-02-18 14:53:26.000000000 +0200
++++ linux-2.6.5-7.141/mm/filemap.c 2005-02-18 22:37:28.727492096 +0200
+@@ -1816,6 +1816,19 @@ int remove_suid(struct dentry *dentry)
+
+ if (unlikely(kill && !capable(CAP_FSETID))) {
+ struct iattr newattrs;
++ struct inode_operations *op = dentry->d_inode->i_op;
++
++ if (op && op->setattr_raw) {
++ newattrs.ia_mode = mode & ~S_ISUID;
++ if (kill & ATTR_KILL_SGID)
++ newattrs.ia_mode &= ~S_ISGID;
++
++ newattrs.ia_valid = ATTR_FORCE | ATTR_MODE;
++ result = op->setattr_raw(dentry->d_inode, &newattrs);
++ /* the file system wants to use normal vfs path now */
++ if (result != -EOPNOTSUPP)
++ return result;
++ }
+
+ newattrs.ia_valid = ATTR_FORCE | kill;
+ result = notify_change(dentry, &newattrs);
kexec-2.6-suse-lnxi.patch
export-filemap_populate.patch
grab_cache_page_nowait_gfp-2.6-suse.patch
+remove-suid-2.6-suse.patch
export-show_task-2.4-rhel.patch
compile-fixes-2.4.21-rhel.patch
grab_cache_page_nowait_gfp-rh-2.4.patch
+remove-suid-2.4-rhel.patch
export-show_task-2.4-vanilla.patch
export-zap-page-range.patch
uml-sigusr1-2.4-vanilla.patch
+remove-suid-2.4-rhel.patch
}
run_test 71 "Running dbench on lustre (don't segment fault) ===="
+test_72() { # bug 5695 - Test that on 2.6 remove_suid works properly
+ check_kernel_version 40 || return 0
+ [ "$RUNAS_ID" = "$UID" ] && echo "skipping test 72" && return
+ touch $DIR/f72
+ chmod 777 $DIR/f72
+ chmod ug+s $DIR/f72
+ $RUNAS -u $(($RUNAS_ID + 1)) dd if=/dev/zero of=$DIR/f72 bs=512 count=1 || error
+ # See if we are still setuid/sgid
+ test -u $DIR/f72 -o -g $DIR/f72 && error "S/gid is not dropped on write"
+ # Now test that MDS is updated too
+ cancel_lru_locks MDC
+ test -u $DIR/f72 -o -g $DIR/f72 && error "S/gid is not dropped on MDS"
+ true
+}
+run_test 72 "Test that remove suid works properly (bug5695) ===="
+
+
# on the LLNL clusters, runas will still pick up root's $TMP settings,
# which will not be writable for the runas user, and then you get a CVS
# error message with a corrupt path string (CVS bug) and panic.
git://git.whamcloud.com / fs / lustre-release.git / commitdiff