[Cluster-devel] [PATCH] gfs2: Update setattr permission checks

[Andreas Gruenbacher]

Update the permission checks in gfs2_setattr to match those in
notify_change.  Previously, attempts to set the timestamps of an
append-only files to the current time were always denied.

Combines mainline commits beb29e058c35a and f2b20f6ee8423.

Fixes xfstest generic/079.

Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
---
 fs/gfs2/inode.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index 8700eb815638..b76c5d6d2be2 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -1929,9 +1929,27 @@ static int gfs2_setattr(struct dentry *dentry, struct iattr *attr)
 	if (error)
 		return error;
 
-	error = -EPERM;
-	if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
-		goto out;
+	if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
+		error = -EPERM;
+		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+			goto out;
+	}
+
+	/*
+	 * If utimes(2) and friends are called with times == NULL (or both
+	 * times are UTIME_NOW), then we need to check for write permission
+	 */
+	if (attr->ia_valid & ATTR_TOUCH) {
+		error = -EACCES;
+		if (IS_IMMUTABLE(inode))
+			goto out;
+
+		if (!inode_owner_or_capable(inode)) {
+			error = inode_permission(inode, MAY_WRITE);
+			if (error)
+				goto out;
+		}
+	}
 
 	error = setattr_prepare(dentry, attr);
 	if (error)
-- 
2.14.3