From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Bob Peterson <rpeterso@redhat.com>,
Andreas Gruenbacher <agruenba@redhat.com>,
Sasha Levin <sashal@kernel.org>,
cluster-devel@redhat.com
Subject: [PATCH AUTOSEL 4.19 09/19] gfs2: move privileged user check to gfs2_quota_lock_check
Date: Fri, 22 May 2020 10:51:10 -0400 [thread overview]
Message-ID: <20200522145120.434921-9-sashal@kernel.org> (raw)
In-Reply-To: <20200522145120.434921-1-sashal@kernel.org>
From: Bob Peterson <rpeterso@redhat.com>
[ Upstream commit 4ed0c30811cb4d30ef89850b787a53a84d5d2bcb ]
Before this patch, function gfs2_quota_lock checked if it was called
from a privileged user, and if so, it bypassed the quota check:
superuser can operate outside the quotas.
That's the wrong place for the check because the lock/unlock functions
are separate from the lock_check function, and you can do lock and
unlock without actually checking the quotas.
This patch moves the check to gfs2_quota_lock_check.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/quota.c | 3 +--
fs/gfs2/quota.h | 3 ++-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index 0efae7a0ee80..dd0f9bc13164 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -1043,8 +1043,7 @@ int gfs2_quota_lock(struct gfs2_inode *ip, kuid_t uid, kgid_t gid)
u32 x;
int error = 0;
- if (capable(CAP_SYS_RESOURCE) ||
- sdp->sd_args.ar_quota != GFS2_QUOTA_ON)
+ if (sdp->sd_args.ar_quota != GFS2_QUOTA_ON)
return 0;
error = gfs2_quota_hold(ip, uid, gid);
diff --git a/fs/gfs2/quota.h b/fs/gfs2/quota.h
index 836f29480be6..e3a6e2404d11 100644
--- a/fs/gfs2/quota.h
+++ b/fs/gfs2/quota.h
@@ -47,7 +47,8 @@ static inline int gfs2_quota_lock_check(struct gfs2_inode *ip,
int ret;
ap->allowed = UINT_MAX; /* Assume we are permitted a whole lot */
- if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
+ if (capable(CAP_SYS_RESOURCE) ||
+ sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
return 0;
ret = gfs2_quota_lock(ip, NO_UID_QUOTA_CHANGE, NO_GID_QUOTA_CHANGE);
if (ret)
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [PATCH AUTOSEL 4.19 09/19] gfs2: move privileged user check to gfs2_quota_lock_check
Date: Fri, 22 May 2020 10:51:10 -0400 [thread overview]
Message-ID: <20200522145120.434921-9-sashal@kernel.org> (raw)
In-Reply-To: <20200522145120.434921-1-sashal@kernel.org>
From: Bob Peterson <rpeterso@redhat.com>
[ Upstream commit 4ed0c30811cb4d30ef89850b787a53a84d5d2bcb ]
Before this patch, function gfs2_quota_lock checked if it was called
from a privileged user, and if so, it bypassed the quota check:
superuser can operate outside the quotas.
That's the wrong place for the check because the lock/unlock functions
are separate from the lock_check function, and you can do lock and
unlock without actually checking the quotas.
This patch moves the check to gfs2_quota_lock_check.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/quota.c | 3 +--
fs/gfs2/quota.h | 3 ++-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index 0efae7a0ee80..dd0f9bc13164 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -1043,8 +1043,7 @@ int gfs2_quota_lock(struct gfs2_inode *ip, kuid_t uid, kgid_t gid)
u32 x;
int error = 0;
- if (capable(CAP_SYS_RESOURCE) ||
- sdp->sd_args.ar_quota != GFS2_QUOTA_ON)
+ if (sdp->sd_args.ar_quota != GFS2_QUOTA_ON)
return 0;
error = gfs2_quota_hold(ip, uid, gid);
diff --git a/fs/gfs2/quota.h b/fs/gfs2/quota.h
index 836f29480be6..e3a6e2404d11 100644
--- a/fs/gfs2/quota.h
+++ b/fs/gfs2/quota.h
@@ -47,7 +47,8 @@ static inline int gfs2_quota_lock_check(struct gfs2_inode *ip,
int ret;
ap->allowed = UINT_MAX; /* Assume we are permitted a whole lot */
- if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
+ if (capable(CAP_SYS_RESOURCE) ||
+ sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
return 0;
ret = gfs2_quota_lock(ip, NO_UID_QUOTA_CHANGE, NO_GID_QUOTA_CHANGE);
if (ret)
--
2.25.1
next prev parent reply other threads:[~2020-05-22 14:54 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-22 14:51 [PATCH AUTOSEL 4.19 01/19] ARM: dts: rockchip: fix phy nodename for rk3228-evb Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 02/19] arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 03/19] arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 04/19] ARM: dts: rockchip: swap clock-names of gpu nodes Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 05/19] ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 06/19] gpio: tegra: mask GPIO IRQs during IRQ shutdown Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 07/19] ALSA: usb-audio: add mapping for ASRock TRX40 Creator Sasha Levin
2020-05-22 14:51 ` Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 08/19] net: microchip: encx24j600: add missed kthread_stop Sasha Levin
2020-05-22 14:51 ` Sasha Levin [this message]
2020-05-22 14:51 ` [Cluster-devel] [PATCH AUTOSEL 4.19 09/19] gfs2: move privileged user check to gfs2_quota_lock_check Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 10/19] gfs2: don't call quota_unhold if quotas are not locked Sasha Levin
2020-05-22 14:51 ` [Cluster-devel] " Sasha Levin
2020-05-31 21:22 ` Pavel Machek
2020-05-31 21:22 ` [Cluster-devel] " Pavel Machek
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 11/19] Revert "gfs2: Don't demote a glock until its revokes are written" Sasha Levin
2020-05-22 14:51 ` [Cluster-devel] " Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 12/19] cachefiles: Fix race between read_waiter and read_copier involving op->to_do Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 13/19] usb: dwc3: pci: Enable extcon driver for Intel Merrifield Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 14/19] usb: gadget: legacy: fix redundant initialization warnings Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 15/19] net: freescale: select CONFIG_FIXED_PHY where needed Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 16/19] IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 17/19] riscv: stacktrace: Fix undefined reference to `walk_stackframe' Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 18/19] cifs: Fix null pointer check in cifs_read Sasha Levin
2020-05-22 14:51 ` [PATCH AUTOSEL 4.19 19/19] samples: bpf: Fix build error Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200522145120.434921-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=agruenba@redhat.com \
--cc=cluster-devel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rpeterso@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.