mirror of
https://github.com/torvalds/linux.git
synced 2024-10-23 05:30:55 +00:00
vfs: teach vfs_ioc_fssetxattr_check to check project id info
Standardize the project id checks for FSSETXATTR. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Jan Kara <jack@suse.cz>
This commit is contained in:
parent
7b0e492e6b
commit
f991492ed1
|
@ -697,30 +697,6 @@ group_add_out:
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Project Quota ID state is only allowed to change from within the init
|
|
||||||
* namespace. Enforce that restriction only if we are trying to change
|
|
||||||
* the quota ID state. Everything else is allowed in user namespaces.
|
|
||||||
*/
|
|
||||||
if (current_user_ns() == &init_user_ns)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
|
|
||||||
return -EINVAL;
|
|
||||||
|
|
||||||
if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
|
|
||||||
if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
|
|
||||||
return -EINVAL;
|
|
||||||
} else {
|
|
||||||
if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
|
static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
|
||||||
{
|
{
|
||||||
struct ext4_inode_info *ei = EXT4_I(inode);
|
struct ext4_inode_info *ei = EXT4_I(inode);
|
||||||
|
@ -1133,9 +1109,6 @@ resizefs_out:
|
||||||
|
|
||||||
inode_lock(inode);
|
inode_lock(inode);
|
||||||
ext4_fill_fsxattr(inode, &old_fa);
|
ext4_fill_fsxattr(inode, &old_fa);
|
||||||
err = ext4_ioctl_check_project(inode, &fa);
|
|
||||||
if (err)
|
|
||||||
goto out;
|
|
||||||
err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
|
err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
|
||||||
if (err)
|
if (err)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
13
fs/inode.c
13
fs/inode.c
|
@ -2214,6 +2214,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa,
|
||||||
!capable(CAP_LINUX_IMMUTABLE))
|
!capable(CAP_LINUX_IMMUTABLE))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Project Quota ID state is only allowed to change from within the init
|
||||||
|
* namespace. Enforce that restriction only if we are trying to change
|
||||||
|
* the quota ID state. Everything else is allowed in user namespaces.
|
||||||
|
*/
|
||||||
|
if (current_user_ns() != &init_user_ns) {
|
||||||
|
if (old_fa->fsx_projid != fa->fsx_projid)
|
||||||
|
return -EINVAL;
|
||||||
|
if ((old_fa->fsx_xflags ^ fa->fsx_xflags) &
|
||||||
|
FS_XFLAG_PROJINHERIT)
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(vfs_ioc_fssetxattr_check);
|
EXPORT_SYMBOL(vfs_ioc_fssetxattr_check);
|
||||||
|
|
|
@ -1298,21 +1298,6 @@ xfs_ioctl_setattr_check_projid(
|
||||||
if (fa->fsx_projid > (uint16_t)-1 &&
|
if (fa->fsx_projid > (uint16_t)-1 &&
|
||||||
!xfs_sb_version_hasprojid32bit(&ip->i_mount->m_sb))
|
!xfs_sb_version_hasprojid32bit(&ip->i_mount->m_sb))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
/*
|
|
||||||
* Project Quota ID state is only allowed to change from within the init
|
|
||||||
* namespace. Enforce that restriction only if we are trying to change
|
|
||||||
* the quota ID state. Everything else is allowed in user namespaces.
|
|
||||||
*/
|
|
||||||
if (current_user_ns() == &init_user_ns)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (xfs_get_projid(ip) != fa->fsx_projid)
|
|
||||||
return -EINVAL;
|
|
||||||
if ((fa->fsx_xflags & FS_XFLAG_PROJINHERIT) !=
|
|
||||||
(ip->i_d.di_flags & XFS_DIFLAG_PROJINHERIT))
|
|
||||||
return -EINVAL;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user