From ca12c69d89326cde693299966458b82cf6045db7 Mon Sep 17 00:00:00 2001 From: Robert Buchholz Date: Thu, 27 Sep 2007 22:19:19 +0000 Subject: Debian 2.6.18 1-13etch3 security patches svn path=/patches/; revision=46 --- trunk/2.6.18/00000_README | 25 ++ .../30031_ptrace-handle-bogus-selector.patch | 86 +++++ trunk/2.6.18/30032_fixup-trace_irq-breakage.patch | 64 ++++ ..._prevent-stack-growth-into-hugetlb-region.patch | 47 +++ trunk/2.6.18/30034_cifs-honor-umask.patch | 81 +++++ .../30035_amd64-zero-extend-32bit-ptrace.patch | 88 +++++ .../2.6.18/30036_jffs2-ACL-vs-mode-handling.patch | 355 +++++++++++++++++++++ 7 files changed, 746 insertions(+) create mode 100644 trunk/2.6.18/30031_ptrace-handle-bogus-selector.patch create mode 100644 trunk/2.6.18/30032_fixup-trace_irq-breakage.patch create mode 100644 trunk/2.6.18/30033_prevent-stack-growth-into-hugetlb-region.patch create mode 100644 trunk/2.6.18/30034_cifs-honor-umask.patch create mode 100644 trunk/2.6.18/30035_amd64-zero-extend-32bit-ptrace.patch create mode 100644 trunk/2.6.18/30036_jffs2-ACL-vs-mode-handling.patch diff --git a/trunk/2.6.18/00000_README b/trunk/2.6.18/00000_README index 9480e73..e49351c 100644 --- a/trunk/2.6.18/00000_README +++ b/trunk/2.6.18/00000_README @@ -161,6 +161,31 @@ Patches [SECURITY] Require admin capabilities to issue ioctls to aacraid devices See CVE-2007-4308 +30031_ptrace-handle-bogus-selector.patch, +30032_fixup-trace_irq-breakage.patch + [SECURITY] Handle an invalid LDT segment selector %cs (the xcs field) + during ptrace single-step operations that can be used to trigger a + NULL-pointer dereference causing an Oops. + See CVE-2007-3731 + +30033_prevent-stack-growth-into-hugetlb-region.patch + [SECURITY] Prevent OOPS during stack expansion when the VMA crosses + into address space reserved for hugetlb pages. + See CVE-2007-3739 + +30034_cifs-honor-umask.patch + [SECURITY] Make CIFS honor a process' umask + See CVE-2007-3740 + +30035_amd64-zero-extend-32bit-ptrace.patch + [SECURITY] Zero extend all registers after ptrace in 32-bit entry path. + See CVE-2007-4573 + +30036_jffs2-ACL-vs-mode-handling.patch + [SECURITY] Write correct legacy modes to the medium on inode creation to + prevent incorrect permissions upon remount. + See CVE-2007-4849 + 50001_make-install.patch Handle make install in a semi-sane way that plays nice with split domU/dom0 kernels. diff --git a/trunk/2.6.18/30031_ptrace-handle-bogus-selector.patch b/trunk/2.6.18/30031_ptrace-handle-bogus-selector.patch new file mode 100644 index 0000000..2aacd3b --- /dev/null +++ b/trunk/2.6.18/30031_ptrace-handle-bogus-selector.patch @@ -0,0 +1,86 @@ +From: Roland McGrath +Date: Mon, 16 Jul 2007 08:03:16 +0000 (-0700) +Subject: Handle bogus %cs selector in single-step instruction decoding +X-Git-Tag: v2.6.23-rc1~492 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=29eb51101c02df517ca64ec472d7501127ad1da8 + +Handle bogus %cs selector in single-step instruction decoding + +The code for LDT segment selectors was not robust in the face of a bogus +selector set in %cs via ptrace before the single-step was done. + +Signed-off-by: Roland McGrath +Signed-off-by: Linus Torvalds +--- + +Adjusted to apply to Debian's 2.6.18 by dann frazier + +diff -urpN linux-source-2.6.18.orig/arch/i386/kernel/ptrace.c linux-source-2.6.18/arch/i386/kernel/ptrace.c +--- linux-source-2.6.18.orig/arch/i386/kernel/ptrace.c 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/arch/i386/kernel/ptrace.c 2007-09-19 23:45:45.949576125 -0600 +@@ -172,14 +172,22 @@ static unsigned long convert_eip_to_line + u32 *desc; + unsigned long base; + +- down(&child->mm->context.sem); +- desc = child->mm->context.ldt + (seg & ~7); +- base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000); ++ seg &= ~7UL; + +- /* 16-bit code segment? */ +- if (!((desc[1] >> 22) & 1)) +- addr &= 0xffff; +- addr += base; ++ down(&child->mm->context.sem); ++ if (unlikely((seg >> 3) >= child->mm->context.size)) ++ addr = -1L; /* bogus selector, access would fault */ ++ else { ++ desc = child->mm->context.ldt + seg; ++ base = ((desc[0] >> 16) | ++ ((desc[1] & 0xff) << 16) | ++ (desc[1] & 0xff000000)); ++ ++ /* 16-bit code segment? */ ++ if (!((desc[1] >> 22) & 1)) ++ addr &= 0xffff; ++ addr += base; ++ } + up(&child->mm->context.sem); + } + return addr; +diff -urpN linux-source-2.6.18.orig/arch/x86_64/kernel/ptrace.c linux-source-2.6.18/arch/x86_64/kernel/ptrace.c +--- linux-source-2.6.18.orig/arch/x86_64/kernel/ptrace.c 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/arch/x86_64/kernel/ptrace.c 2007-09-19 23:45:45.953575027 -0600 +@@ -103,16 +103,25 @@ unsigned long convert_rip_to_linear(stru + u32 *desc; + unsigned long base; + +- down(&child->mm->context.sem); +- desc = child->mm->context.ldt + (seg & ~7); +- base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000); ++ seg &= ~7UL; + +- /* 16-bit code segment? */ +- if (!((desc[1] >> 22) & 1)) +- addr &= 0xffff; +- addr += base; ++ down(&child->mm->context.sem); ++ if (unlikely((seg >> 3) >= child->mm->context.size)) ++ addr = -1L; /* bogus selector, access would fault */ ++ else { ++ desc = child->mm->context.ldt + seg; ++ base = ((desc[0] >> 16) | ++ ((desc[1] & 0xff) << 16) | ++ (desc[1] & 0xff000000)); ++ ++ /* 16-bit code segment? */ ++ if (!((desc[1] >> 22) & 1)) ++ addr &= 0xffff; ++ addr += base; ++ } + up(&child->mm->context.sem); + } ++ + return addr; + } + diff --git a/trunk/2.6.18/30032_fixup-trace_irq-breakage.patch b/trunk/2.6.18/30032_fixup-trace_irq-breakage.patch new file mode 100644 index 0000000..383f5d8 --- /dev/null +++ b/trunk/2.6.18/30032_fixup-trace_irq-breakage.patch @@ -0,0 +1,64 @@ +From: Peter Zijlstra +Date: Wed, 18 Jul 2007 18:59:22 +0000 (+0200) +Subject: i386: fixup TRACE_IRQ breakage +X-Git-Tag: v2.6.23-rc1~491 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=a10d9a71bafd3a283da240d2868e71346d2aef6f + +i386: fixup TRACE_IRQ breakage + +The TRACE_IRQS_ON function in iret_exc: calls a C function without +ensuring that the segments are set properly. Move the trace function and +the enabling of interrupt into the C stub. + +Signed-off-by: Peter Zijlstra +Signed-off-by: Linus Torvalds +--- + +Backported to Debian's 2.6.18 by dann frazier + +diff -urpN linux-source-2.6.18.orig/arch/i386/kernel/entry.S linux-source-2.6.18/arch/i386/kernel/entry.S +--- linux-source-2.6.18.orig/arch/i386/kernel/entry.S 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/arch/i386/kernel/entry.S 2007-09-19 23:53:22.929573806 -0600 +@@ -384,8 +384,6 @@ restore_nocheck_notrace: + 1: iret + .section .fixup,"ax" + iret_exc: +- TRACE_IRQS_ON +- sti + pushl $0 # no error code + pushl $do_iret_error + jmp error_code +diff -urpN linux-source-2.6.18.orig/arch/i386/kernel/traps.c linux-source-2.6.18/arch/i386/kernel/traps.c +--- linux-source-2.6.18.orig/arch/i386/kernel/traps.c 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/arch/i386/kernel/traps.c 2007-09-19 23:47:18.209575527 -0600 +@@ -516,10 +516,12 @@ fastcall void do_##name(struct pt_regs * + do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \ + } + +-#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \ ++#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \ + fastcall void do_##name(struct pt_regs * regs, long error_code) \ + { \ + siginfo_t info; \ ++ if (irq) \ ++ local_irq_enable(); \ + info.si_signo = signr; \ + info.si_errno = 0; \ + info.si_code = sicode; \ +@@ -559,13 +561,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3) + #endif + DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow) + DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds) +-DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip) ++DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0) + DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun) + DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS) + DO_ERROR(11, SIGBUS, "segment not present", segment_not_present) + DO_ERROR(12, SIGBUS, "stack segment", stack_segment) +-DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0) +-DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0) ++DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0) ++DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1) + + fastcall void __kprobes do_general_protection(struct pt_regs * regs, + long error_code) diff --git a/trunk/2.6.18/30033_prevent-stack-growth-into-hugetlb-region.patch b/trunk/2.6.18/30033_prevent-stack-growth-into-hugetlb-region.patch new file mode 100644 index 0000000..caa7fa7 --- /dev/null +++ b/trunk/2.6.18/30033_prevent-stack-growth-into-hugetlb-region.patch @@ -0,0 +1,47 @@ +From: Adam Litke +Date: Tue, 30 Jan 2007 22:35:39 +0000 (-0800) +Subject: [PATCH] Don't allow the stack to grow into hugetlb reserved regions +X-Git-Tag: v2.6.20-rc7~10 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=0d59a01bc461bbab4017ff449b8401151ef44cf6 + +[PATCH] Don't allow the stack to grow into hugetlb reserved regions + +When expanding the stack, we don't currently check if the VMA will cross +into an area of the address space that is reserved for hugetlb pages. +Subsequent faults on the expanded portion of such a VMA will confuse the +low-level MMU code, resulting in an OOPS. Check for this. + +Signed-off-by: Adam Litke +Cc: David Gibson +Cc: William Lee Irwin III +Cc: Hugh Dickins +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +--- + +diff --git a/mm/mmap.c b/mm/mmap.c +index 9717337..cc3a208 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -1477,6 +1477,7 @@ static int acct_stack_growth(struct vm_area_struct * vma, unsigned long size, un + { + struct mm_struct *mm = vma->vm_mm; + struct rlimit *rlim = current->signal->rlim; ++ unsigned long new_start; + + /* address space limit tests */ + if (!may_expand_vm(mm, grow)) +@@ -1496,6 +1497,12 @@ static int acct_stack_growth(struct vm_area_struct * vma, unsigned long size, un + return -ENOMEM; + } + ++ /* Check to ensure the stack will not grow into a hugetlb-only region */ ++ new_start = (vma->vm_flags & VM_GROWSUP) ? vma->vm_start : ++ vma->vm_end - size; ++ if (is_hugepage_only_range(vma->vm_mm, new_start, size)) ++ return -EFAULT; ++ + /* + * Overcommit.. This must be the final test, as it will + * update security statistics. diff --git a/trunk/2.6.18/30034_cifs-honor-umask.patch b/trunk/2.6.18/30034_cifs-honor-umask.patch new file mode 100644 index 0000000..bf45500 --- /dev/null +++ b/trunk/2.6.18/30034_cifs-honor-umask.patch @@ -0,0 +1,81 @@ +From: Steve French +Date: Fri, 8 Jun 2007 14:55:14 +0000 (+0000) +Subject: [CIFS] CIFS should honour umask +X-Git-Tag: v2.6.22-rc5~50^2 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=3ce53fc4c57603d99c330a6ee2fe96d94f2d350f + +[CIFS] CIFS should honour umask + +This patch makes CIFS honour a process' umask like other filesystems. +Of course the server is still free to munge the permissions if it wants +to; but the client will send the "right" permissions to begin with. + +A few caveats: + +1) It only applies to filesystems that have CAP_UNIX (aka support unix +extensions) +2) It applies the correct mode to the follow up CIFSSMBUnixSetPerms() +after remote creation + +When mode to CIFS/NTFS ACL mapping is complete we can do the +same thing for that case for servers which do not +support the Unix Extensions. + +Signed-off-by: Matt Keenen +Signed-off-by: Steve French +--- + +Backported to Debian's 2.6.18 by dann frazier + +diff -urpN linux-source-2.6.18.orig/fs/cifs/dir.c linux-source-2.6.18/fs/cifs/dir.c +--- linux-source-2.6.18.orig/fs/cifs/dir.c 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/fs/cifs/dir.c 2007-09-24 22:49:29.509100350 -0600 +@@ -199,7 +199,8 @@ cifs_create(struct inode *inode, struct + /* If Open reported that we actually created a file + then we now have to set the mode if possible */ + if ((cifs_sb->tcon->ses->capabilities & CAP_UNIX) && +- (oplock & CIFS_CREATE_ACTION)) ++ (oplock & CIFS_CREATE_ACTION)) { ++ mode &= ~current->fs->umask; + if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { + CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode, + (__u64)current->fsuid, +@@ -217,7 +218,7 @@ cifs_create(struct inode *inode, struct + cifs_sb->mnt_cifs_flags & + CIFS_MOUNT_MAP_SPECIAL_CHR); + } +- else { ++ } else { + /* BB implement mode setting via Windows security descriptors */ + /* eg CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/ + /* could set r/o dos attribute if mode & 0222 == 0 */ +@@ -325,6 +326,7 @@ int cifs_mknod(struct inode *inode, stru + if(full_path == NULL) + rc = -ENOMEM; + else if (pTcon->ses->capabilities & CAP_UNIX) { ++ mode &= ~current->fs->umask; + if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { + rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path, + mode,(__u64)current->fsuid,(__u64)current->fsgid, +diff -urpN linux-source-2.6.18.orig/fs/cifs/inode.c linux-source-2.6.18/fs/cifs/inode.c +--- linux-source-2.6.18.orig/fs/cifs/inode.c 2007-09-18 16:46:11.000000000 -0600 ++++ linux-source-2.6.18/fs/cifs/inode.c 2007-09-24 22:50:34.825099389 -0600 +@@ -751,7 +751,8 @@ int cifs_mkdir(struct inode *inode, stru + d_instantiate(direntry, newinode); + if (direntry->d_inode) + direntry->d_inode->i_nlink = 2; +- if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) ++ if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) { ++ mode &= ~current->fs->umask; + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { + CIFSSMBUnixSetPerms(xid, pTcon, full_path, + mode, +@@ -769,7 +770,7 @@ int cifs_mkdir(struct inode *inode, stru + cifs_sb->mnt_cifs_flags & + CIFS_MOUNT_MAP_SPECIAL_CHR); + } +- else { ++ } else { + /* BB to be implemented via Windows secrty descriptors + eg CIFSSMBWinSetPerms(xid, pTcon, full_path, mode, + -1, -1, local_nls); */ diff --git a/trunk/2.6.18/30035_amd64-zero-extend-32bit-ptrace.patch b/trunk/2.6.18/30035_amd64-zero-extend-32bit-ptrace.patch new file mode 100644 index 0000000..0f2637a --- /dev/null +++ b/trunk/2.6.18/30035_amd64-zero-extend-32bit-ptrace.patch @@ -0,0 +1,88 @@ +From: Andi Kleen +Date: Fri, 21 Sep 2007 14:16:18 +0000 (+0200) +Subject: x86_64: Zero extend all registers after ptrace in 32bit entry path. +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=176df2457ef6207156ca1a40991c54ca01fef567 + +x86_64: Zero extend all registers after ptrace in 32bit entry path. + +Strictly it's only needed for eax. + +It actually does a little more than strictly needed -- the other registers +are already zero extended. + +Also remove the now unnecessary and non functional compat task check +in ptrace. + +This is CVE-2007-4573 + +Found by Wojciech Purczynski + +Signed-off-by: Andi Kleen +Signed-off-by: Linus Torvalds +--- + +Adjusted to apply to Debian's 2.6.18 by dann frazier + +diff -urpN linux-source-2.6.18.orig/arch/x86_64/ia32/ia32entry.S linux-source-2.6.18/arch/x86_64/ia32/ia32entry.S +--- linux-source-2.6.18.orig/arch/x86_64/ia32/ia32entry.S 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/arch/x86_64/ia32/ia32entry.S 2007-09-25 00:10:16.089100799 -0600 +@@ -38,6 +38,18 @@ + movq %rax,R8(%rsp) + .endm + ++ .macro LOAD_ARGS32 offset ++ movl \offset(%rsp),%r11d ++ movl \offset+8(%rsp),%r10d ++ movl \offset+16(%rsp),%r9d ++ movl \offset+24(%rsp),%r8d ++ movl \offset+40(%rsp),%ecx ++ movl \offset+48(%rsp),%edx ++ movl \offset+56(%rsp),%esi ++ movl \offset+64(%rsp),%edi ++ movl \offset+72(%rsp),%eax ++ .endm ++ + .macro CFI_STARTPROC32 simple + CFI_STARTPROC \simple + CFI_UNDEFINED r8 +@@ -151,7 +163,7 @@ sysenter_tracesys: + movq $-ENOSYS,RAX(%rsp) /* really needed? */ + movq %rsp,%rdi /* &pt_regs -> arg1 */ + call syscall_trace_enter +- LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */ ++ LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ + RESTORE_REST + movl %ebp, %ebp + /* no need to do an access_ok check here because rbp has been +@@ -253,7 +265,7 @@ cstar_tracesys: + movq $-ENOSYS,RAX(%rsp) /* really needed? */ + movq %rsp,%rdi /* &pt_regs -> arg1 */ + call syscall_trace_enter +- LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */ ++ LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ + RESTORE_REST + movl RSP-ARGOFFSET(%rsp), %r8d + /* no need to do an access_ok check here because r8 has been +@@ -330,7 +342,7 @@ ia32_tracesys: + movq $-ENOSYS,RAX(%rsp) /* really needed? */ + movq %rsp,%rdi /* &pt_regs -> arg1 */ + call syscall_trace_enter +- LOAD_ARGS ARGOFFSET /* reload args from stack in case ptrace changed it */ ++ LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ + RESTORE_REST + jmp ia32_do_syscall + END(ia32_syscall) +diff -urpN linux-source-2.6.18.orig/arch/x86_64/kernel/ptrace.c linux-source-2.6.18/arch/x86_64/kernel/ptrace.c +--- linux-source-2.6.18.orig/arch/x86_64/kernel/ptrace.c 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/arch/x86_64/kernel/ptrace.c 2007-09-25 00:10:16.089100799 -0600 +@@ -223,10 +223,6 @@ static int putreg(struct task_struct *ch + { + unsigned long tmp; + +- /* Some code in the 64bit emulation may not be 64bit clean. +- Don't take any chances. */ +- if (test_tsk_thread_flag(child, TIF_IA32)) +- value &= 0xffffffff; + switch (regno) { + case offsetof(struct user_regs_struct,fs): + if (value && (value & 3) != 3) diff --git a/trunk/2.6.18/30036_jffs2-ACL-vs-mode-handling.patch b/trunk/2.6.18/30036_jffs2-ACL-vs-mode-handling.patch new file mode 100644 index 0000000..6d52512 --- /dev/null +++ b/trunk/2.6.18/30036_jffs2-ACL-vs-mode-handling.patch @@ -0,0 +1,355 @@ +From: David Woodhouse +Date: Wed, 22 Aug 2007 11:39:19 +0000 (+0100) +Subject: [JFFS2] Fix ACL vs. mode handling. +X-Git-Url: http://git.infradead.org/?p=mtd-2.6.git;a=commitdiff_plain;h=9ed437c50d89eabae763dd422579f73fdebf288d + +[JFFS2] Fix ACL vs. mode handling. + +When POSIX ACL support was enabled, we weren't writing correct +legacy modes to the medium on inode creation, or when the ACL was set. +This meant that the permissions would be incorrect after the file system +was remounted. + +Signed-off-by: David Woodhouse +--- + +diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c +index 65b3a1b..8ec9323 100644 +--- a/fs/jffs2/acl.c ++++ b/fs/jffs2/acl.c +@@ -176,7 +176,7 @@ static void jffs2_iset_acl(struct inode *inode, struct posix_acl **i_acl, struct + spin_unlock(&inode->i_lock); + } + +-static struct posix_acl *jffs2_get_acl(struct inode *inode, int type) ++struct posix_acl *jffs2_get_acl(struct inode *inode, int type) + { + struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); + struct posix_acl *acl; +@@ -247,8 +247,13 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl) + if (rc < 0) + return rc; + if (inode->i_mode != mode) { +- inode->i_mode = mode; +- jffs2_dirty_inode(inode); ++ struct iattr attr; ++ ++ attr.ia_valid = ATTR_MODE; ++ attr.ia_mode = mode; ++ rc = jffs2_do_setattr(inode, &attr); ++ if (rc < 0) ++ return rc; + } + if (rc == 0) + acl = NULL; +@@ -307,22 +312,16 @@ int jffs2_permission(struct inode *inode, int mask, struct nameidata *nd) + return generic_permission(inode, mask, jffs2_check_acl); + } + +-int jffs2_init_acl(struct inode *inode, struct inode *dir) ++int jffs2_init_acl(struct inode *inode, struct posix_acl *acl) + { + struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); +- struct posix_acl *acl = NULL, *clone; ++ struct posix_acl *clone; + mode_t mode; + int rc = 0; + + f->i_acl_access = JFFS2_ACL_NOT_CACHED; + f->i_acl_default = JFFS2_ACL_NOT_CACHED; +- if (!S_ISLNK(inode->i_mode)) { +- acl = jffs2_get_acl(dir, ACL_TYPE_DEFAULT); +- if (IS_ERR(acl)) +- return PTR_ERR(acl); +- if (!acl) +- inode->i_mode &= ~current->fs->umask; +- } ++ + if (acl) { + if (S_ISDIR(inode->i_mode)) { + rc = jffs2_set_acl(inode, ACL_TYPE_DEFAULT, acl); +diff --git a/fs/jffs2/acl.h b/fs/jffs2/acl.h +index c84378c..90a2dbf 100644 +--- a/fs/jffs2/acl.h ++++ b/fs/jffs2/acl.h +@@ -28,9 +28,10 @@ struct jffs2_acl_header { + + #define JFFS2_ACL_NOT_CACHED ((void *)-1) + ++extern struct posix_acl *jffs2_get_acl(struct inode *inode, int type); + extern int jffs2_permission(struct inode *, int, struct nameidata *); + extern int jffs2_acl_chmod(struct inode *); +-extern int jffs2_init_acl(struct inode *, struct inode *); ++extern int jffs2_init_acl(struct inode *, struct posix_acl *); + extern void jffs2_clear_acl(struct jffs2_inode_info *); + + extern struct xattr_handler jffs2_acl_access_xattr_handler; +@@ -38,6 +39,7 @@ extern struct xattr_handler jffs2_acl_default_xattr_handler; + + #else + ++#define jffs2_get_acl(inode, type) (NULL) + #define jffs2_permission NULL + #define jffs2_acl_chmod(inode) (0) + #define jffs2_init_acl(inode,dir) (0) +diff --git a/fs/jffs2/dir.c b/fs/jffs2/dir.c +index d293a1f..8353eb9 100644 +--- a/fs/jffs2/dir.c ++++ b/fs/jffs2/dir.c +@@ -182,6 +182,7 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode, + struct jffs2_inode_info *f, *dir_f; + struct jffs2_sb_info *c; + struct inode *inode; ++ struct posix_acl *acl; + int ret; + + ri = jffs2_alloc_raw_inode(); +@@ -192,7 +193,7 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode, + + D1(printk(KERN_DEBUG "jffs2_create()\n")); + +- inode = jffs2_new_inode(dir_i, mode, ri); ++ inode = jffs2_new_inode(dir_i, mode, ri, &acl); + + if (IS_ERR(inode)) { + D1(printk(KERN_DEBUG "jffs2_new_inode() failed\n")); +@@ -212,12 +213,12 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode, + dentry->d_name.name, dentry->d_name.len); + + if (ret) +- goto fail; ++ goto fail_acl; + + ret = jffs2_init_security(inode, dir_i); + if (ret) +- goto fail; +- ret = jffs2_init_acl(inode, dir_i); ++ goto fail_acl; ++ ret = jffs2_init_acl(inode, acl); + if (ret) + goto fail; + +@@ -230,6 +231,8 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode, + inode->i_ino, inode->i_mode, inode->i_nlink, f->inocache->nlink, inode->i_mapping->nrpages)); + return 0; + ++ fail_acl: ++ posix_acl_release(acl); + fail: + make_bad_inode(inode); + iput(inode); +@@ -306,6 +309,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char + struct jffs2_full_dirent *fd; + int namelen; + uint32_t alloclen; ++ struct posix_acl *acl; + int ret, targetlen = strlen(target); + + /* FIXME: If you care. We'd need to use frags for the target +@@ -332,7 +336,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char + return ret; + } + +- inode = jffs2_new_inode(dir_i, S_IFLNK | S_IRWXUGO, ri); ++ inode = jffs2_new_inode(dir_i, S_IFLNK | S_IRWXUGO, ri, &acl); + + if (IS_ERR(inode)) { + jffs2_free_raw_inode(ri); +@@ -362,6 +366,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char + up(&f->sem); + jffs2_complete_reservation(c); + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return PTR_ERR(fn); + } + +@@ -372,6 +377,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char + up(&f->sem); + jffs2_complete_reservation(c); + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return -ENOMEM; + } + +@@ -389,9 +395,10 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char + ret = jffs2_init_security(inode, dir_i); + if (ret) { + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return ret; + } +- ret = jffs2_init_acl(inode, dir_i); ++ ret = jffs2_init_acl(inode, acl); + if (ret) { + jffs2_clear_inode(inode); + return ret; +@@ -469,6 +476,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) + struct jffs2_full_dirent *fd; + int namelen; + uint32_t alloclen; ++ struct posix_acl *acl; + int ret; + + mode |= S_IFDIR; +@@ -491,7 +499,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) + return ret; + } + +- inode = jffs2_new_inode(dir_i, mode, ri); ++ inode = jffs2_new_inode(dir_i, mode, ri, &acl); + + if (IS_ERR(inode)) { + jffs2_free_raw_inode(ri); +@@ -518,6 +526,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) + up(&f->sem); + jffs2_complete_reservation(c); + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return PTR_ERR(fn); + } + /* No data here. Only a metadata node, which will be +@@ -531,9 +540,10 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) + ret = jffs2_init_security(inode, dir_i); + if (ret) { + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return ret; + } +- ret = jffs2_init_acl(inode, dir_i); ++ ret = jffs2_init_acl(inode, acl); + if (ret) { + jffs2_clear_inode(inode); + return ret; +@@ -629,6 +639,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de + union jffs2_device_node dev; + int devlen = 0; + uint32_t alloclen; ++ struct posix_acl *acl; + int ret; + + if (!new_valid_dev(rdev)) +@@ -655,7 +666,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de + return ret; + } + +- inode = jffs2_new_inode(dir_i, mode, ri); ++ inode = jffs2_new_inode(dir_i, mode, ri, &acl); + + if (IS_ERR(inode)) { + jffs2_free_raw_inode(ri); +@@ -684,6 +695,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de + up(&f->sem); + jffs2_complete_reservation(c); + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return PTR_ERR(fn); + } + /* No data here. Only a metadata node, which will be +@@ -697,9 +709,10 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de + ret = jffs2_init_security(inode, dir_i); + if (ret) { + jffs2_clear_inode(inode); ++ posix_acl_release(acl); + return ret; + } +- ret = jffs2_init_acl(inode, dir_i); ++ ret = jffs2_init_acl(inode, acl); + if (ret) { + jffs2_clear_inode(inode); + return ret; +diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c +index 1d3b7a9..dd64ddc 100644 +--- a/fs/jffs2/fs.c ++++ b/fs/jffs2/fs.c +@@ -24,7 +24,7 @@ + + static int jffs2_flash_setup(struct jffs2_sb_info *c); + +-static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr) ++int jffs2_do_setattr (struct inode *inode, struct iattr *iattr) + { + struct jffs2_full_dnode *old_metadata, *new_metadata; + struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); +@@ -36,10 +36,8 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr) + unsigned int ivalid; + uint32_t alloclen; + int ret; ++ + D1(printk(KERN_DEBUG "jffs2_setattr(): ino #%lu\n", inode->i_ino)); +- ret = inode_change_ok(inode, iattr); +- if (ret) +- return ret; + + /* Special cases - we don't want more than one data node + for these types on the medium at any time. So setattr +@@ -183,9 +181,14 @@ int jffs2_setattr(struct dentry *dentry, struct iattr *iattr) + { + int rc; + ++ rc = inode_change_ok(dentry->d_inode, iattr); ++ if (rc) ++ return rc; ++ + rc = jffs2_do_setattr(dentry->d_inode, iattr); + if (!rc && (iattr->ia_valid & ATTR_MODE)) + rc = jffs2_acl_chmod(dentry->d_inode); ++ + return rc; + } + +@@ -399,7 +402,8 @@ void jffs2_write_super (struct super_block *sb) + + /* jffs2_new_inode: allocate a new inode and inocache, add it to the hash, + fill in the raw_inode while you're at it. */ +-struct inode *jffs2_new_inode (struct inode *dir_i, int mode, struct jffs2_raw_inode *ri) ++struct inode *jffs2_new_inode (struct inode *dir_i, int mode, struct jffs2_raw_inode *ri, ++ struct posix_acl **acl) + { + struct inode *inode; + struct super_block *sb = dir_i->i_sb; +@@ -431,7 +435,23 @@ struct inode *jffs2_new_inode (struct inode *dir_i, int mode, struct jffs2_raw_i + } else { + ri->gid = cpu_to_je16(current->fsgid); + } +- ri->mode = cpu_to_jemode(mode); ++ ++ /* POSIX ACLs have to be processed now, at least partly. ++ The umask is only applied if there's no default ACL */ ++ if (!S_ISLNK(mode)) { ++ *acl = jffs2_get_acl(dir_i, ACL_TYPE_DEFAULT); ++ if (IS_ERR(*acl)) { ++ make_bad_inode(inode); ++ iput(inode); ++ inode = (void *)*acl; ++ *acl = NULL; ++ return inode; ++ } ++ if (!(*acl)) ++ mode &= ~current->fs->umask; ++ } else { ++ *acl = NULL; ++ } + ret = jffs2_do_new_inode (c, f, mode, ri); + if (ret) { + make_bad_inode(inode); +diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h +index 80daea9..f6743a9 100644 +--- a/fs/jffs2/os-linux.h ++++ b/fs/jffs2/os-linux.h +@@ -173,12 +173,15 @@ int jffs2_ioctl(struct inode *, struct file *, unsigned int, unsigned long); + extern const struct inode_operations jffs2_symlink_inode_operations; + + /* fs.c */ ++struct posix_acl; ++ + int jffs2_setattr (struct dentry *, struct iattr *); ++int jffs2_do_setattr (struct inode *, struct iattr *); + void jffs2_read_inode (struct inode *); + void jffs2_clear_inode (struct inode *); + void jffs2_dirty_inode(struct inode *inode); + struct inode *jffs2_new_inode (struct inode *dir_i, int mode, +- struct jffs2_raw_inode *ri); ++ struct jffs2_raw_inode *ri, struct posix_acl **acl); + int jffs2_statfs (struct dentry *, struct kstatfs *); + void jffs2_write_super (struct super_block *); + int jffs2_remount_fs (struct super_block *, int *, char *); -- cgit v1.2.3-65-gdbad