From 65341f7bbea824d2ff9d37db15d8be162df42bd3 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 28 Sep 2023 13:56:21 -0300
Subject: [PATCH] linux: Use fchmodat2 on fchmod for flags different than 0 (BZ
 26401)

Linux 6.6 (09da082b07bbae1c) added support for fchmodat2, which has
similar semantics as fchmodat with an extra flag argument.  This
allows fchmodat to implement AT_SYMLINK_NOFOLLOW and AT_EMPTY_PATH
without the need for procfs.

The syscall is registered on all architectures (with value of 452
except on alpha which is 562, commit 78252deb023cf087).

The tst-lchmod.c requires a small fix where fchmodat checks two
contradictory assertions ('(st.st_mode & 0777) == 2' and
'(st.st_mode & 0777) == 3').

Checked on x86_64-linux-gnu on a 6.6 kernel.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
---
 io/tst-lchmod.c                           |   4 +-
 sysdeps/unix/sysv/linux/fchmodat.c        | 196 ++++++++++++++++--------------
 sysdeps/unix/sysv/linux/kernel-features.h |   8 ++
 3 files changed, 115 insertions(+), 93 deletions(-)
 rewrite sysdeps/unix/sysv/linux/fchmodat.c (60%)

diff --git a/io/tst-lchmod.c b/io/tst-lchmod.c
index 2bf4835b05..6496dc61e0 100644
--- a/io/tst-lchmod.c
+++ b/io/tst-lchmod.c
@@ -219,9 +219,9 @@ test_1 (bool do_relative_path, int (*chmod_func) (int fd, const char *, mode_t,
          /* The error code from the openat fallback leaks out.  */
          if (errno != ENFILE && errno != EMFILE)
            TEST_COMPARE (errno, EOPNOTSUPP);
+	 xstat (path_file, &st);
+	 TEST_COMPARE (st.st_mode & 0777, 3);
        }
-     xstat (path_file, &st);
-     TEST_COMPARE (st.st_mode & 0777, 3);
 
      /* Close the descriptors.  */
      for (int *pfd = fd_list_begin (&fd_list); pfd < fd_list_end (&fd_list);
diff --git a/sysdeps/unix/sysv/linux/fchmodat.c b/sysdeps/unix/sysv/linux/fchmodat.c
dissimilarity index 60%
index 99527a3727..99d3df6440 100644
--- a/sysdeps/unix/sysv/linux/fchmodat.c
+++ b/sysdeps/unix/sysv/linux/fchmodat.c
@@ -1,91 +1,105 @@
-/* Change the protections of file relative to open directory.  Linux version.
-   Copyright (C) 2006-2023 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <https://www.gnu.org/licenses/>.  */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <fd_to_filename.h>
-#include <not-cancel.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sysdep.h>
-#include <unistd.h>
-
-int
-fchmodat (int fd, const char *file, mode_t mode, int flag)
-{
-  if (flag == 0)
-    return INLINE_SYSCALL (fchmodat, 3, fd, file, mode);
-  else if (flag != AT_SYMLINK_NOFOLLOW)
-    return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
-  else
-    {
-      /* The kernel system call does not have a mode argument.
-	 However, we can create an O_PATH descriptor and change that
-	 via /proc (which does not resolve symbolic links).  */
-
-      int pathfd = __openat_nocancel (fd, file,
-				      O_PATH | O_NOFOLLOW | O_CLOEXEC);
-      if (pathfd < 0)
-	/* This may report errors such as ENFILE and EMFILE.  The
-	   caller can treat them as temporary if necessary.  */
-	return pathfd;
-
-      /* Use fstatat because fstat does not work on O_PATH descriptors
-	 before Linux 3.6.  */
-      struct __stat64_t64 st;
-      if (__fstatat64_time64 (pathfd, "", &st, AT_EMPTY_PATH) != 0)
-	{
-	  __close_nocancel (pathfd);
-	  return -1;
-	}
-
-      /* Some Linux versions with some file systems can actually
-	 change symbolic link permissions via /proc, but this is not
-	 intentional, and it gives inconsistent results (e.g., error
-	 return despite mode change).  The expected behavior is that
-	 symbolic link modes cannot be changed at all, and this check
-	 enforces that.  */
-      if (S_ISLNK (st.st_mode))
-	{
-	  __close_nocancel (pathfd);
-	  __set_errno (EOPNOTSUPP);
-	  return -1;
-	}
-
-      /* For most file systems, fchmod does not operate on O_PATH
-	 descriptors, so go through /proc.  */
-      struct fd_to_filename filename;
-      int ret = __chmod (__fd_to_filename (pathfd, &filename), mode);
-      if (ret != 0)
-	{
-	  if (errno == ENOENT)
-	    /* /proc has not been mounted.  Without /proc, there is no
-	       way to upgrade the O_PATH descriptor to a full
-	       descriptor.  It is also not possible to re-open the
-	       file without O_PATH because the file name may refer to
-	       another file, and opening that without O_PATH may have
-	       side effects (such as blocking, device rewinding, or
-	       releasing POSIX locks).  */
-	    __set_errno (EOPNOTSUPP);
-	}
-      __close_nocancel (pathfd);
-      return ret;
-    }
-}
-libc_hidden_def (fchmodat)
+/* Change the protections of file relative to open directory.  Linux version.
+   Copyright (C) 2006-2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <fd_to_filename.h>
+#include <not-cancel.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sysdep.h>
+#include <unistd.h>
+
+#if !__ASSUME_FCHMODAT2
+static int
+fchmodat_fallback (int fd, const char *file, mode_t mode, int flag)
+{
+  if (flag != AT_SYMLINK_NOFOLLOW)
+    return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
+
+  /* The kernel system call does not have a mode argument.
+     However, we can create an O_PATH descriptor and change that
+     via /proc (which does not resolve symbolic links).  */
+
+  int pathfd = __openat_nocancel (fd, file,
+				  O_PATH | O_NOFOLLOW | O_CLOEXEC);
+  if (pathfd < 0)
+    /* This may report errors such as ENFILE and EMFILE.  The
+       caller can treat them as temporary if necessary.  */
+    return pathfd;
+
+  /* Use fstatat because fstat does not work on O_PATH descriptors
+     before Linux 3.6.  */
+  struct __stat64_t64 st;
+  if (__fstatat64_time64 (pathfd, "", &st, AT_EMPTY_PATH) != 0)
+    {
+      __close_nocancel (pathfd);
+      return -1;
+    }
+
+  /* Some Linux versions with some file systems can actually
+     change symbolic link permissions via /proc, but this is not
+     intentional, and it gives inconsistent results (e.g., error
+     return despite mode change).  The expected behavior is that
+     symbolic link modes cannot be changed at all, and this check
+     enforces that.  */
+  if (S_ISLNK (st.st_mode))
+    {
+      __close_nocancel (pathfd);
+      __set_errno (EOPNOTSUPP);
+      return -1;
+    }
+
+  /* For most file systems, fchmod does not operate on O_PATH
+     descriptors, so go through /proc.  */
+  struct fd_to_filename filename;
+  int ret = __chmod (__fd_to_filename (pathfd, &filename), mode);
+  if (ret != 0)
+    {
+      if (errno == ENOENT)
+	/* /proc has not been mounted.  Without /proc, there is no
+	   way to upgrade the O_PATH descriptor to a full
+	   descriptor.  It is also not possible to re-open the
+	   file without O_PATH because the file name may refer to
+	   another file, and opening that without O_PATH may have
+	   side effects (such as blocking, device rewinding, or
+	   releasing POSIX locks).  */
+	__set_errno (EOPNOTSUPP);
+    }
+  __close_nocancel (pathfd);
+  return ret;
+}
+#endif
+
+int
+fchmodat (int fd, const char *file, mode_t mode, int flag)
+{
+#if __ASSUME_FCHMODAT2
+  return INLINE_SYSCALL_CALL (fchmodat2, fd, file, mode, flag);
+#else
+  if (flag == 0)
+    return INLINE_SYSCALL_CALL (fchmodat, fd, file, mode);
+
+  int r = INLINE_SYSCALL_CALL (fchmodat2, fd, file, mode, flag);
+  if (r != 0 && errno == ENOSYS)
+    return fchmodat_fallback (fd, file, mode, flag);
+  return r;
+#endif
+}
+libc_hidden_def (fchmodat)
diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h
index 07b440f4ee..670d2604d2 100644
--- a/sysdeps/unix/sysv/linux/kernel-features.h
+++ b/sysdeps/unix/sysv/linux/kernel-features.h
@@ -252,4 +252,12 @@
 # define __ASSUME_CLONE3 0
 #endif
 
+/* The fchmodat2 system call was introduced across all architectures
+   in Linux 6.6.  */
+#if __LINUX_KERNEL_VERSION >= 0x060600
+# define __ASSUME_FCHMODAT2 1
+#else
+# define __ASSUME_FCHMODAT2 0
+#endif
+
 #endif /* kernel-features.h */
-- 
2.11.4.GIT