From aa5e85a10846636165592c5a46d797c100c68529 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Mon, 4 Sep 2017 09:24:53 +0200 Subject: [PATCH] 9pfs: local: clarify fchmodat_nofollow() implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since fchmodat(2) on Linux doesn't support AT_SYMLINK_NOFOLLOW, we have to implement it using workarounds. There are two different ways, depending on whether the system supports O_PATH or not. In the case O_PATH is supported, we rely on the behavhior of openat(2) when passing O_NOFOLLOW | O_PATH and the file is a symbolic link. Even if openat_file() already adds O_NOFOLLOW to the flags, this patch makes it explicit that we need both creation flags to obtain the expected behavior. This is only cleanup, no functional change. Signed-off-by: Greg Kurz Reviewed-by: Philippe Mathieu-Daudé --- hw/9pfs/9p-local.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index efb0b79a74..e51af87309 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c @@ -349,11 +349,11 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode) return -1; } - /* Access modes are ignored when O_PATH is supported. We try O_RDONLY and - * O_WRONLY for old-systems that don't support O_PATH. - */ - fd = openat_file(dirfd, name, O_RDONLY | O_PATH_9P_UTIL, 0); + fd = openat_file(dirfd, name, O_RDONLY | O_PATH_9P_UTIL | O_NOFOLLOW, 0); #if O_PATH_9P_UTIL == 0 + /* Fallback for systems that don't support O_PATH: we depend on the file + * being readable or writable. + */ if (fd == -1) { /* In case the file is writable-only and isn't a directory. */ if (errno == EACCES) { @@ -368,6 +368,10 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode) } ret = fchmod(fd, mode); #else + /* Access modes are ignored when O_PATH is supported. If name is a symbolic + * link, O_PATH | O_NOFOLLOW causes openat(2) to return a file descriptor + * referring to the symbolic link. + */ if (fd == -1) { return -1; }