[Cluster-devel] [PATCH 3/5] vfs: teach vfs_ioc_fssetxattr_check to check project id info

Darrick J. Wong Fri, 28 Jun 2019 11:36:09 -0700

From: Darrick J. Wong <darrick.w...@oracle.com>

Standardize the project id checks for FSSETXATTR.


Signed-off-by: Darrick J. Wong <darrick.w...@oracle.com>
Reviewed-by: Jan Kara <j...@suse.cz>
---
 fs/ext4/ioctl.c    |   27 ---------------------------
 fs/f2fs/file.c     |   27 ---------------------------
 fs/inode.c         |   13 +++++++++++++
 fs/xfs/xfs_ioctl.c |   15 ---------------
 4 files changed, 13 insertions(+), 69 deletions(-)


diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 1974cb755d09..566dfac28b3f 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -697,30 +697,6 @@ static long ext4_ioctl_group_add(struct file *file,
        return err;
 }
 
-static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
-{
-       /*
-        * Project Quota ID state is only allowed to change from within the init
-        * namespace. Enforce that restriction only if we are trying to change
-        * the quota ID state. Everything else is allowed in user namespaces.
-        */
-       if (current_user_ns() == &init_user_ns)
-               return 0;
-
-       if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
-               return -EINVAL;
-
-       if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
-               if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
-                       return -EINVAL;
-       } else {
-               if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
-                       return -EINVAL;
-       }
-
-       return 0;
-}
-
 static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
 {
        struct ext4_inode_info *ei = EXT4_I(inode);
@@ -1133,9 +1109,6 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, 
unsigned long arg)
 
                inode_lock(inode);
                ext4_fill_fsxattr(inode, &old_fa);
-               err = ext4_ioctl_check_project(inode, &fa);
-               if (err)
-                       goto out;
                err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
                if (err)
                        goto out;
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 8da95b84520c..8799468724f9 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2796,30 +2796,6 @@ static int f2fs_ioc_fsgetxattr(struct file *filp, 
unsigned long arg)
        return 0;
 }
 
-static int f2fs_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
-{
-       /*
-        * Project Quota ID state is only allowed to change from within the init
-        * namespace. Enforce that restriction only if we are trying to change
-        * the quota ID state. Everything else is allowed in user namespaces.
-        */
-       if (current_user_ns() == &init_user_ns)
-               return 0;
-
-       if (__kprojid_val(F2FS_I(inode)->i_projid) != fa->fsx_projid)
-               return -EINVAL;
-
-       if (F2FS_I(inode)->i_flags & F2FS_PROJINHERIT_FL) {
-               if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
-                       return -EINVAL;
-       } else {
-               if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
-                       return -EINVAL;
-       }
-
-       return 0;
-}
-
 static int f2fs_ioc_fssetxattr(struct file *filp, unsigned long arg)
 {
        struct inode *inode = file_inode(filp);
@@ -2847,9 +2823,6 @@ static int f2fs_ioc_fssetxattr(struct file *filp, 
unsigned long arg)
                return err;
 
        inode_lock(inode);
-       err = f2fs_ioctl_check_project(inode, &fa);
-       if (err)
-               goto out;
 
        f2fs_fill_fsxattr(inode, &old_fa);
        err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
diff --git a/fs/inode.c b/fs/inode.c
index fdd6c5d3e48d..c4f8fb16f633 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -2234,6 +2234,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const 
struct fsxattr *old_fa,
            !capable(CAP_LINUX_IMMUTABLE))
                return -EPERM;
 
+       /*
+        * Project Quota ID state is only allowed to change from within the init
+        * namespace. Enforce that restriction only if we are trying to change
+        * the quota ID state. Everything else is allowed in user namespaces.
+        */
+       if (current_user_ns() != &init_user_ns) {
+               if (old_fa->fsx_projid != fa->fsx_projid)
+                       return -EINVAL;
+               if ((old_fa->fsx_xflags ^ fa->fsx_xflags) &
+                               FS_XFLAG_PROJINHERIT)
+                       return -EINVAL;
+       }
+
        return 0;
 }
 EXPORT_SYMBOL(vfs_ioc_fssetxattr_check);
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index 458a7043b4d2..f494c01342c6 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -1298,21 +1298,6 @@ xfs_ioctl_setattr_check_projid(
        if (fa->fsx_projid > (uint16_t)-1 &&
            !xfs_sb_version_hasprojid32bit(&ip->i_mount->m_sb))
                return -EINVAL;
-
-       /*
-        * Project Quota ID state is only allowed to change from within the init
-        * namespace. Enforce that restriction only if we are trying to change
-        * the quota ID state. Everything else is allowed in user namespaces.
-        */
-       if (current_user_ns() == &init_user_ns)
-               return 0;
-
-       if (xfs_get_projid(ip) != fa->fsx_projid)
-               return -EINVAL;
-       if ((fa->fsx_xflags & FS_XFLAG_PROJINHERIT) !=
-           (ip->i_d.di_flags & XFS_DIFLAG_PROJINHERIT))
-               return -EINVAL;
-
        return 0;
 }

[Cluster-devel] [PATCH 3/5] vfs: teach vfs_ioc_fssetxattr_check to check project id info

Reply via email to