tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

fs: Rename file_remove_suid() to file_remove_privs()

file_remove_suid() is a misnomer since it removes also file capabilities
stored in xattrs and sets S_NOSEC flag. Also should_remove_suid() tells
something else than whether file_remove_suid() call is necessary which
leads to bugs.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

authored by

Jan Kara and committed by
Al Viro 5fa8e0a1 2426f391

+15 -12
+1 -1
fs/btrfs/file.c
··· 1748 1748 } 1749 1749 1750 1750 current->backing_dev_info = inode_to_bdi(inode); 1751 - err = file_remove_suid(file); 1751 + err = file_remove_privs(file); 1752 1752 if (err) { 1753 1753 mutex_unlock(&inode->i_mutex); 1754 1754 goto out;
+1 -1
fs/ceph/file.c
··· 959 959 960 960 pos = iocb->ki_pos; 961 961 count = iov_iter_count(from); 962 - err = file_remove_suid(file); 962 + err = file_remove_privs(file); 963 963 if (err) 964 964 goto out; 965 965
+1 -1
fs/fuse/file.c
··· 1169 1169 if (err <= 0) 1170 1170 goto out; 1171 1171 1172 - err = file_remove_suid(file); 1172 + err = file_remove_privs(file); 1173 1173 if (err) 1174 1174 goto out; 1175 1175
+8 -5
fs/inode.c
··· 1685 1685 return notify_change(dentry, &newattrs, NULL); 1686 1686 } 1687 1687 1688 - int file_remove_suid(struct file *file) 1688 + /* 1689 + * Remove special file priviledges (suid, capabilities) when file is written 1690 + * to or truncated. 1691 + */ 1692 + int file_remove_privs(struct file *file) 1689 1693 { 1690 1694 struct dentry *dentry = file->f_path.dentry; 1691 1695 struct inode *inode = d_inode(dentry); ··· 1715 1711 1716 1712 return error; 1717 1713 } 1718 - EXPORT_SYMBOL(file_remove_suid); 1714 + EXPORT_SYMBOL(file_remove_privs); 1719 1715 1720 1716 /** 1721 1717 * file_update_time - update mtime and ctime time ··· 1970 1966 * inode is being instantiated). The reason for the cmpxchg() loop 1971 1967 * --- which wouldn't be necessary if all code paths which modify 1972 1968 * i_flags actually followed this rule, is that there is at least one 1973 - * code path which doesn't today --- for example, 1974 - * __generic_file_aio_write() calls file_remove_suid() without holding 1975 - * i_mutex --- so we use cmpxchg() out of an abundance of caution. 1969 + * code path which doesn't today so we use cmpxchg() out of an abundance 1970 + * of caution. 1976 1971 * 1977 1972 * In the long run, i_mutex is overkill, and we should probably look 1978 1973 * at using the i_lock spinlock to protect i_flags, and then make sure
+1 -1
fs/ntfs/file.c
··· 382 382 base_ni = ni; 383 383 if (NInoAttr(ni)) 384 384 base_ni = ni->ext.base_ntfs_ino; 385 - err = file_remove_suid(file); 385 + err = file_remove_privs(file); 386 386 if (unlikely(err)) 387 387 goto out; 388 388 /*
+1 -1
fs/xfs/xfs_file.c
··· 623 623 * setgid bits if the process is not being run by root. This keeps 624 624 * people from modifying setuid and setgid binaries. 625 625 */ 626 - return file_remove_suid(file); 626 + return file_remove_privs(file); 627 627 } 628 628 629 629 /*
+1 -1
include/linux/fs.h
··· 2553 2553 extern struct inode *new_inode(struct super_block *sb); 2554 2554 extern void free_inode_nonrcu(struct inode *inode); 2555 2555 extern int should_remove_suid(struct dentry *); 2556 - extern int file_remove_suid(struct file *); 2556 + extern int file_remove_privs(struct file *); 2557 2557 2558 2558 extern void __insert_inode_hash(struct inode *, unsigned long hashval); 2559 2559 static inline void insert_inode_hash(struct inode *inode)
+1 -1
mm/filemap.c
··· 2536 2536 2537 2537 /* We can write back this queue in page reclaim */ 2538 2538 current->backing_dev_info = inode_to_bdi(inode); 2539 - err = file_remove_suid(file); 2539 + err = file_remove_privs(file); 2540 2540 if (err) 2541 2541 goto out; 2542 2542