Commit f991492e authored by Darrick J. Wong's avatar Darrick J. Wong

vfs: teach vfs_ioc_fssetxattr_check to check project id info

Standardize the project id checks for FSSETXATTR.
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: default avatarJan Kara <jack@suse.cz>
parent 7b0e492e
...@@ -697,30 +697,6 @@ static long ext4_ioctl_group_add(struct file *file, ...@@ -697,30 +697,6 @@ static long ext4_ioctl_group_add(struct file *file,
return err; return err;
} }
static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
{
/*
* Project Quota ID state is only allowed to change from within the init
* namespace. Enforce that restriction only if we are trying to change
* the quota ID state. Everything else is allowed in user namespaces.
*/
if (current_user_ns() == &init_user_ns)
return 0;
if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
return -EINVAL;
if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
return -EINVAL;
} else {
if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
return -EINVAL;
}
return 0;
}
static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa) static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
{ {
struct ext4_inode_info *ei = EXT4_I(inode); struct ext4_inode_info *ei = EXT4_I(inode);
...@@ -1133,9 +1109,6 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) ...@@ -1133,9 +1109,6 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
inode_lock(inode); inode_lock(inode);
ext4_fill_fsxattr(inode, &old_fa); ext4_fill_fsxattr(inode, &old_fa);
err = ext4_ioctl_check_project(inode, &fa);
if (err)
goto out;
err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
if (err) if (err)
goto out; goto out;
......
...@@ -2214,6 +2214,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, ...@@ -2214,6 +2214,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa,
!capable(CAP_LINUX_IMMUTABLE)) !capable(CAP_LINUX_IMMUTABLE))
return -EPERM; return -EPERM;
/*
* Project Quota ID state is only allowed to change from within the init
* namespace. Enforce that restriction only if we are trying to change
* the quota ID state. Everything else is allowed in user namespaces.
*/
if (current_user_ns() != &init_user_ns) {
if (old_fa->fsx_projid != fa->fsx_projid)
return -EINVAL;
if ((old_fa->fsx_xflags ^ fa->fsx_xflags) &
FS_XFLAG_PROJINHERIT)
return -EINVAL;
}
return 0; return 0;
} }
EXPORT_SYMBOL(vfs_ioc_fssetxattr_check); EXPORT_SYMBOL(vfs_ioc_fssetxattr_check);
...@@ -1298,21 +1298,6 @@ xfs_ioctl_setattr_check_projid( ...@@ -1298,21 +1298,6 @@ xfs_ioctl_setattr_check_projid(
if (fa->fsx_projid > (uint16_t)-1 && if (fa->fsx_projid > (uint16_t)-1 &&
!xfs_sb_version_hasprojid32bit(&ip->i_mount->m_sb)) !xfs_sb_version_hasprojid32bit(&ip->i_mount->m_sb))
return -EINVAL; return -EINVAL;
/*
* Project Quota ID state is only allowed to change from within the init
* namespace. Enforce that restriction only if we are trying to change
* the quota ID state. Everything else is allowed in user namespaces.
*/
if (current_user_ns() == &init_user_ns)
return 0;
if (xfs_get_projid(ip) != fa->fsx_projid)
return -EINVAL;
if ((fa->fsx_xflags & FS_XFLAG_PROJINHERIT) !=
(ip->i_d.di_flags & XFS_DIFLAG_PROJINHERIT))
return -EINVAL;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment