Re: [PATCH v4 1/2] ext4: fix setattr project check upon fssetxattr ioctl

Re: [PATCH v4 1/2] ext4: fix setattr project check upon fssetxattr ioctl

[Theodore Y. Ts'o]

On Tue, Sep 18, 2018 at 05:15:29PM +0900, Wang Shilong wrote:
> From: Wang Shilong <wangshilong1991@gmail.com>
> 
> Currently, project quota could be changed by fssetxattr
> ioctl, and existed permission check inode_owner_or_capable()
> is obviously not enough, just think that common users could
> change project id of file, that could make users to
> break project quota easily.
> 
> This patch try to follow same regular of xfs project
> quota:
> 
> "Project Quota ID state is only allowed to change from
> within the init namespace. Enforce that restriction only
> if we are trying to change the quota ID state.
> Everything else is allowed in user namespaces."
> 
> Besides that, check and set project id'state should
> be an atomic operation, protect whole operation with
> inode lock, ext4_ioctl_setproject() is only used for
> ioctl EXT4_IOC_FSSETXATTR, we have held mnt_want_write_file()
> before ext4_ioctl_setflags(), and ext4_ioctl_setproject()
> is called after ext4_ioctl_setflags(), we could share
> codes, so remove it inside ext4_ioctl_setproject().
> 
> Signed-off-by: Wang Shilong <wshilong@ddn.com>
> Reviewed-by: Andreas Dilger <adilger@dilger.ca>

Applied, thanks.

					- Ted

Re: [PATCH v2 RESEND 2/2] ext4: fix to detect failure of dquot_initialize in project ioctl

[Theodore Y. Ts'o]

On Tue, Sep 18, 2018 at 05:15:30PM +0900, Wang Shilong wrote:
> From: Wang Shilong <wshilong@ddn.com>
> 
> We return most failure of dquota_initialize() except
> inode evict, this could make a bit sense, for example
> we allow file removal even quota files are broken?
> 
> But it dosen't make sense to allow setting project
> if quota files etc are broken.
> 
> Signed-off-by: Wang Shilong <wshilong@ddn.com>

Applied, thanks.

					- Ted