From patchwork Sun Apr 7 20:27:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10888651 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D4D491575 for ; Sun, 7 Apr 2019 20:27:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C069F28650 for ; Sun, 7 Apr 2019 20:27:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B47042864F; Sun, 7 Apr 2019 20:27:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 407B72864F for ; Sun, 7 Apr 2019 20:27:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D7646B0006; Sun, 7 Apr 2019 16:27:20 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 186C46B0007; Sun, 7 Apr 2019 16:27:20 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0505A6B0008; Sun, 7 Apr 2019 16:27:20 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id C0BA66B0006 for ; Sun, 7 Apr 2019 16:27:19 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id j1so8879305pff.1 for ; Sun, 07 Apr 2019 13:27:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=9mq463y6Fy+tnAy6EAF3waabQKAMjMyUGNNPLiFAWs8=; b=naV7VVeZCjgy2UNSpC0t+PC4NjLfGY28s0KbIjbldf+10e6tKI96cP3pnrJfjTfsq/ ItvClxclZDYCy65le72FeQ6ttAWuPYldyA23L4JvtXRoCNo6UNO/g8jUjTDTY55PZr5i 1ZIOrTZTv/+ndWqK8Qth0jzI0PTslpXkSDEbz82oZh1xDnj0HTehM/V0/9bmrTWaEu7h vk0nXTE8oiHvCB8IR5BbKLK9Z4WL71QSwNNIVGQsmZJlKtQNXS5Com/nS8w8KfMgiWoP 82cnorhDs2l7eTtHaEJjLGr5HfrYkQ7I4QwigpjvQJ/zdzUkc5XHHcn7GOc9F15v6k6o VYbw== X-Gm-Message-State: APjAAAUF8zA+bYKwMQ1RxoQ5aAMvT2k0UgSp6JKfb4tRRFyVdwo+P/Gh /YW3dALtdmm1+uk86sJwsDhETrVjmztlzwFT5F9+Ykr4Wmv3Z790JXvFrC1o83th4s1wBwIvn4D +p5GWNCALI6V06uC/rK9TAEW5isTIyEX11ebaM3QgXsg5KiH64F4wO/E5p2/IbWOsPw== X-Received: by 2002:a62:1a06:: with SMTP id a6mr25879345pfa.18.1554668839251; Sun, 07 Apr 2019 13:27:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqyNae++Yb1LjTvUzetHYees0isiOKG4Bd8u7I7Y3Ugq/5WGbq7Tnn3EvqgXXpxrzJrL5slV X-Received: by 2002:a62:1a06:: with SMTP id a6mr25879307pfa.18.1554668838423; Sun, 07 Apr 2019 13:27:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554668838; cv=none; d=google.com; s=arc-20160816; b=j8iyromLtW+bb9OP1ActEPqsr4ZFB0SKPy/ihT0wS1wVBRZB0Ukf7VOH6y865hceBJ LA1KUeqHHLxwASCr8Z6jvhRVb5UPkEiKeISjpbU4X6YfYqCGncBVNZd1xXO+gdzS0CzN wVEj0VD543sOhj9yyF6zLs6CTHjuA+1TKryw4sQr747hzjwUBiXuc0w+18zksaegm7Rs dyOOqU73zHphZlp9ixj8qP5cUSFM9qzMzSAzIZs9V9CB4fkKtBaAJpt2mgPhaUjkJrbB gv7ytnBxk73OUOxIyZYAQzj1xXYWZekOyTp8d3CaTYqpcwWkcotWoAjQaZdTEBLQKkQw 8C3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=9mq463y6Fy+tnAy6EAF3waabQKAMjMyUGNNPLiFAWs8=; b=tnscB36HS2hBYl2roOPkDlAYkRw7F9My3ieYgDicmX/i/76/8QkDYBZKib1swXszMW RpZ1AF4o9BWThyg+RPi702SUuQi7rz/Nbj8qrC5ZYdeusEDlUMe1v7fkZy/bKr4ge3Jc fKJZzP67KqFHzEhcC3guBr6B5k3ythZou9gTj6jw9djmwcKLAUJjAKR7Xcx0JRgKoIQZ AuP6NSBhla5hcGXUqap4SgMd8Htn1905HVNi5kRIBpQa+xF6Hnb1/733mFp70t6BmRdC U0LVPnnOAkg6uHYph6cbFep70Ij9U97T+5q5wXPHHaFf0O4B+vL9Yy7wR9/d/33uvfXZ kmQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=tE2dKgm+; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2120.oracle.com (userp2120.oracle.com. [156.151.31.85]) by mx.google.com with ESMTPS id s34si24836892pgl.97.2019.04.07.13.27.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Apr 2019 13:27:18 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) client-ip=156.151.31.85; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=tE2dKgm+; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KPGDc076183; Sun, 7 Apr 2019 20:27:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=9mq463y6Fy+tnAy6EAF3waabQKAMjMyUGNNPLiFAWs8=; b=tE2dKgm+QrzvW0UAJynvjLsoXj7nXe6GQm+EAWEQhd9kFKldDSeeZp4sYigpPUOrEgtP FteL1naRdN4NBQA1aFZ2Ou3Ei88zWRxR6R6KSujVEE9FgvnUqP5cYC9VlJ6YmDH75ScJ EpgR9Sulqlm0cIXS2NqQrbW6vIXg9JEXgt/+/kCuR/iK0K3x9nTdZKDsFS9HlyMSV7sj WUVO4cfHsqrjW/0GgWLBzgPqUSSaY6y3LaiEq34aLmaDDl3wxmZucnrhpuSMk9vIwaNM sAswXQ0iqjAjjdjLI25TFIK2BAlWtAbAfbfN4dEH/7UcGp36XBZdRM0XxN/kghJu69wd Fg== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2120.oracle.com with ESMTP id 2rpmrpu3e6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:17 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KQ7MK193939; Sun, 7 Apr 2019 20:27:17 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userp3020.oracle.com with ESMTP id 2rpkehduq0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:17 +0000 Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x37KRGtB032470; Sun, 7 Apr 2019 20:27:16 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 07 Apr 2019 13:27:15 -0700 Subject: [PATCH 1/4] mm/fs: don't allow writes to immutable files From: "Darrick J. Wong" To: darrick.wong@oracle.com Cc: david@fromorbit.com, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Sun, 07 Apr 2019 13:27:08 -0700 Message-ID: <155466882886.633834.9877039193610671186.stgit@magnolia> In-Reply-To: <155466882175.633834.15261194784129614735.stgit@magnolia> References: <155466882175.633834.15261194784129614735.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=395 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=427 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." Once the flag is set, it is enforced for quite a few file operations, such as fallocate, fpunch, fzero, rm, touch, open, etc. However, we don't check for immutability when doing a write(), a PROT_WRITE mmap(), a truncate(), or a write to a previously established mmap. If a program has an open write fd to a file that the administrator subsequently marks immutable, the program still can change the file contents. Weird! The ability to write to an immutable file does not follow the manpage promise that immutable files cannot be modified. Worse yet it's inconsistent with the behavior of other syscalls which don't allow modifications of immutable files. Therefore, add the necessary checks to make the write, mmap, and truncate behavior consistent with what the manpage says and consistent with other syscalls on filesystems which support IMMUTABLE. Signed-off-by: Darrick J. Wong --- fs/attr.c | 13 ++++++------- mm/filemap.c | 3 +++ mm/memory.c | 3 +++ mm/mmap.c | 3 +++ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/fs/attr.c b/fs/attr.c index d22e8187477f..1fcfdcc5b367 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -233,19 +233,18 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de WARN_ON_ONCE(!inode_is_locked(inode)); - if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) { - if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) - return -EPERM; - } + if (IS_IMMUTABLE(inode)) + return -EPERM; + + if ((ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) && + IS_APPEND(inode)) + return -EPERM; /* * If utimes(2) and friends are called with times == NULL (or both * times are UTIME_NOW), then we need to check for write permission */ if (ia_valid & ATTR_TOUCH) { - if (IS_IMMUTABLE(inode)) - return -EPERM; - if (!inode_owner_or_capable(inode)) { error = inode_permission(inode, MAY_WRITE); if (error) diff --git a/mm/filemap.c b/mm/filemap.c index d78f577baef2..9fed698f4c63 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -3033,6 +3033,9 @@ inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from) loff_t count; int ret; + if (IS_IMMUTABLE(inode)) + return -EPERM; + if (!iov_iter_count(from)) return 0; diff --git a/mm/memory.c b/mm/memory.c index 47fe250307c7..c493db22413a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2148,6 +2148,9 @@ static vm_fault_t do_page_mkwrite(struct vm_fault *vmf) vmf->flags = FAULT_FLAG_WRITE|FAULT_FLAG_MKWRITE; + if (vmf->vma->vm_file && IS_IMMUTABLE(file_inode(vmf->vma->vm_file))) + return VM_FAULT_SIGBUS; + ret = vmf->vma->vm_ops->page_mkwrite(vmf); /* Restore original flags so that caller is not surprised */ vmf->flags = old_flags; diff --git a/mm/mmap.c b/mm/mmap.c index 41eb48d9b527..e49dcbeda461 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1394,6 +1394,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, if (!len) return -EINVAL; + if (file && IS_IMMUTABLE(file_inode(file))) + return -EPERM; + /* * Does the application expect PROT_READ to imply PROT_EXEC? * From patchwork Sun Apr 7 20:27:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10888657 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AC4251575 for ; Sun, 7 Apr 2019 20:27:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F6002864E for ; Sun, 7 Apr 2019 20:27:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8360328650; Sun, 7 Apr 2019 20:27:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 126212864E for ; Sun, 7 Apr 2019 20:27:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 24A6F6B0007; Sun, 7 Apr 2019 16:27:27 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1FB1C6B0008; Sun, 7 Apr 2019 16:27:27 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0C4126B000A; Sun, 7 Apr 2019 16:27:27 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id BEA226B0007 for ; Sun, 7 Apr 2019 16:27:26 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id n23so8393297plp.23 for ; Sun, 07 Apr 2019 13:27:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=8Z5m1t1XYo17k81EeuKWtqQr0sJBxzEuI/QLbKGy0SI=; b=lDAYltWFStZHo0ph43QE7ff6dE75sPJZM9xRGp8frto0BV50DlzTZA4sDE7agXwILy 2XJDx+on/Nstcf6hR05Bh1grAEdCxUf/86QD1eWbznmv7U1GsfdOZL/OZVvFRAP+VOHG GDaA6fKXcxnWFkQ4JmsU5Ylf5edsYGsuDo+6zNX485b2C5x4MeDahJiU2Glqy43yBVpS O6xr+ZuRaO4PhP7bKPhSZO1Kuwh/qI1mF5isequg625Aamn8Fb+iOtKHe12rd2qs6zVd ai/2je4LllVST61LYeZeBLRQywYEphGv2WJLtte0MwSLR+PDWFCjuAvl81lMcAdB6dM7 DVDQ== X-Gm-Message-State: APjAAAUpDm9+Y1Z8eQFecVYbCDJlRole/9AeCmBD82HKryjanxn/hh+A 2kEZ+F8/JDlrJAqpNF7gcVk/KyM5AgNY/AHiQYstyj7CgiqbltVjeQ/nitxDiaYnpjFp2TqbQXW BhO9WPW+vXUKSCzXgRbfhjNsnbymeQzgl6b33PVCpuN30KNouYjey3pN9xnNf90raHA== X-Received: by 2002:a17:902:d701:: with SMTP id w1mr26742118ply.124.1554668846379; Sun, 07 Apr 2019 13:27:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqxeGeeMuid3LL+BgIDRNE/A+dFMiIv8zyVFcqFmYrwGud9paT40qtp1bOZW7jCuJfw6v8LO X-Received: by 2002:a17:902:d701:: with SMTP id w1mr26742085ply.124.1554668845778; Sun, 07 Apr 2019 13:27:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554668845; cv=none; d=google.com; s=arc-20160816; b=v8r893AEkXPNL8MDo5GEc0pQrlDldqGMIfxLetsUE2bVZ3R2jL/opN+g9v3EyCWdTz YzNc6yXzhd7aRhGdHWgWGaDxnk9bpC3pFkxUpHL2Z4TCsbdBxu36iOPQjiGJbKB5EHq0 vCmj2ePws7dykSahdSwGAFmv+xs3lCK+XXyWbhSjJxWtMPRmYObv6JrbUCyg+Ul0OrOT zX2WO8twwKtbk+E4PB0eEifOFzld8n32o4nVnEbblw83HsSvX98k/U0fSVwUCPdXddwj WnQ0RSeyfy0OB58ZGAqdgZr1Mu9WY3AwJdEH/LZo+ts0YEI4JNyx3n0QrRlI4sMoN64Y VTHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=8Z5m1t1XYo17k81EeuKWtqQr0sJBxzEuI/QLbKGy0SI=; b=HvEKl9IFFXnsW7rWEd6GlXVrDrOkJaAf7dEmzAUhzTAi1pXyW6gML8rqrfHwTYfCGM KCYxq1Gjl6VzNaooN76q7UICXc/DXDAMRr69KlobBJLnxgOuUbwJ+H1kVJY3X7EC4aJg 9EU7FrvnN7Wqj4sXGjesORE4tara2w+h7pVk9tdPBStspyQMwbVF/AolYH5SLpF2frR5 7GfwuMuiC0mvXs5jR7x6YQGKDwmELOe7XOqqakGqXAfdXcG2CrJA+KRB9Q8vK1zlS5FS SCmKB3RJup8DS9wnZB+KZ45yduNIfD8klLGZm7RoERPMfOj13Dt3ZcR/tjv6XqhWuobZ voEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=Bf+U77Rr; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.79 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from aserp2130.oracle.com (aserp2130.oracle.com. [141.146.126.79]) by mx.google.com with ESMTPS id g31si9064462plg.154.2019.04.07.13.27.25 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Apr 2019 13:27:25 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.79 as permitted sender) client-ip=141.146.126.79; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=Bf+U77Rr; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.79 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KJAPu068364; Sun, 7 Apr 2019 20:27:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=8Z5m1t1XYo17k81EeuKWtqQr0sJBxzEuI/QLbKGy0SI=; b=Bf+U77RrhMcfTj1v1gaW3yOQVeLbEwkx+IqYrvDZSHA4XvFsHoVdzDQp1UJmGyYGl1NY nLmP2BJmYhQ+lLH/nQ4fJGT5knqbikx5g72pw8AfspalqslfMMd+EyB1qTEXgHUtZpvm pwcVuKpb4P0r25JdLmQfPxNFhFqQXAyaHml+q2pWD5UPO8SPBRLfcaEUDXqOxHQAMOTs VFadZXcrryQADXtYye8y12fGrQgz9yCanT8vW5eNfdCu3nroDUxu9oR7JBBT8TxSceVc n/PO+0jiArYAl3Q7QA/0NTDttRHUGrR1eUS80qh8BkUZbNCK9FDSqJX08JYUdsr85KVZ Xw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by aserp2130.oracle.com with ESMTP id 2rphme3be2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:24 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KPpp5193773; Sun, 7 Apr 2019 20:27:24 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3020.oracle.com with ESMTP id 2rpkehduqn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:23 +0000 Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x37KRMgr027225; Sun, 7 Apr 2019 20:27:23 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 07 Apr 2019 13:27:22 -0700 Subject: [PATCH 2/4] xfs: unlock inode when xfs_ioctl_setattr_get_trans can't get transaction From: "Darrick J. Wong" To: darrick.wong@oracle.com Cc: david@fromorbit.com, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Sun, 07 Apr 2019 13:27:16 -0700 Message-ID: <155466883603.633834.5683596746694707981.stgit@magnolia> In-Reply-To: <155466882175.633834.15261194784129614735.stgit@magnolia> References: <155466882175.633834.15261194784129614735.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=911 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=938 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong We passed an inode into xfs_ioctl_setattr_get_trans with join_flags indicating which locks are held on that inode. If we can't allocate a transaction then we need to unlock the inode before we bail out. Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson --- fs/xfs/xfs_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 6ecdbb3af7de..91938c4f3c67 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -1142,7 +1142,7 @@ xfs_ioctl_setattr_get_trans( error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); if (error) - return ERR_PTR(error); + goto out_unlock; xfs_ilock(ip, XFS_ILOCK_EXCL); xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL | join_flags); From patchwork Sun Apr 7 20:27:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10888669 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 83C1A1575 for ; Sun, 7 Apr 2019 20:27:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 72C302864F for ; Sun, 7 Apr 2019 20:27:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6783A28653; Sun, 7 Apr 2019 20:27:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DA412864F for ; Sun, 7 Apr 2019 20:27:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 162A96B0008; Sun, 7 Apr 2019 16:27:33 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 111146B000A; Sun, 7 Apr 2019 16:27:33 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F41876B000C; Sun, 7 Apr 2019 16:27:32 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id BCE136B0008 for ; Sun, 7 Apr 2019 16:27:32 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id j1so8879512pff.1 for ; Sun, 07 Apr 2019 13:27:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=dhZCzWJyJFoBJ75COkiuAKNuKnOrPDc1hKAQlxLkLTw=; b=oMSNizE4SoidUp3LRamgEhCDz05lcOSdiQVQW5iiHRUWd3Jr0A2vm3lyaaIomkTipB O61fKDqBIneWeyu5vIG+2KXtsbd3EneYVZCBD2To482+myCpRundLLU2fXPjVRapGGwm NdsMCOx28/uaadXd0upC2W7dVIizRAoqWBNXw89BooM0+bR5uB6cr0sdiBhwcXEN9org LRpnRRGxR2JdIrQKV1QzQSs1R9h5HhRu36aQjbk++wl3zzimw1pqxgDQ+jjFjAWglvou BMJSJRmYjL6d997RIhXa3IkT0kFh4dXGykT/sEt4Dklst4xYfNDixKsECwf/3Cp6iHvp zZpw== X-Gm-Message-State: APjAAAVxAn3zWioXFmEfwv3HVhpBGFCO3Gtzv1iC3mVHD25mNGJCmkS5 vq0JNTTDk5JaxSWvEowbzs8T3k+8JJGKiNN53y+4J9jnctXI4v4IUWNQ8DXowbrxO+QCt0Gein4 miJOsRLPdiynEVeo8RW2mZkKSFjgT0wDLdnNq40Wj3x4B8WVSVB84rNj0WxNqQ7dIzw== X-Received: by 2002:a63:4241:: with SMTP id p62mr24553605pga.379.1554668852315; Sun, 07 Apr 2019 13:27:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqzn5xD5ZVK4pMevXZQrrWeydqfIjIhblah5a1naTlriVNLe5iocpFsrLjobwALpeRBhBpVL X-Received: by 2002:a63:4241:: with SMTP id p62mr24553571pga.379.1554668851559; Sun, 07 Apr 2019 13:27:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554668851; cv=none; d=google.com; s=arc-20160816; b=SMP9J793o6jjKC+y92bR+CTP8YwmGhPPTde6HyiNRoSMLncmfkPcWqNMIH83lvfl+5 9KzcJgSyaVIqV8ACwYhQwy2Q3XDGJYFJ3fVgEMXx6NpGKy259Oy4AxUjKhKpI68eRCvV Kkyvldu6wXs3zT/5bPTY12PspjF2ax+CF+GwobDWaPgKgO8SJ8UA6llMfNJwVOuNIgq+ SUsiimS3ZUYXHRqFiKVPHkXb/lVf926ZsCgZIPhVoSBRRd4zi/fJ6LsHkGy16TjMAEkD IJL1ajOlsY8+mUgOQQ/0+WiTS7nJ9MF6JciP4hnNQtwq8tI0WvSCAttoNW3SLxzdCWKi nWgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=dhZCzWJyJFoBJ75COkiuAKNuKnOrPDc1hKAQlxLkLTw=; b=ZGbYuP3GcwtUPP5WZBBeRqP2uCyFnG52wmmKpSdxWM18IXsMzvb2ygQ6Iz4TKiXGzx BfkTUIGw8a/CC8ZAvIBWl/PS8zebjEci5iPcw+/+4xKwTSngnXuiqmKafG3Ouideye1e IUcgwXvt8wK8ja8iBEPxVNGAh026fAJmvH5gCiWZg639wMo25T7z1WyFsiZ47uHXC9Ut 08HTP2vJ7NHaucuT+vBPkKC3UVvFzxNZ1obNFdngfUjnCngRE/cAxTDoqX65Rc0k9DXe SlsHmlTVwikg9+fAbJ1BTLEkXzElPtHIcPTsevtE47ITMlVsz0gmPEtme7TAAfUVPW33 89mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b="CRe/lqFK"; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2130.oracle.com (userp2130.oracle.com. [156.151.31.86]) by mx.google.com with ESMTPS id t2si23797406pgp.444.2019.04.07.13.27.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Apr 2019 13:27:31 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) client-ip=156.151.31.86; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b="CRe/lqFK"; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KKx2b063305; Sun, 7 Apr 2019 20:27:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=dhZCzWJyJFoBJ75COkiuAKNuKnOrPDc1hKAQlxLkLTw=; b=CRe/lqFKWCFJxRbNttxCQ7SgecorAo+xzZO4nrDxSoo57SsBzEOA9wJUTk2F/AQGBe5s JAng93IH3nOYiG5MGf5Cxd6svj1EormZb5HPvrDMfTvMnxU4XilaeGJRU6Mbt5C0Vf2l RAA91h8Dk/rhw5jXOIU4P6oTvAvYot+PWuaCGHjRxLpDLcTy1XMzZFgx4EMzEtjfkIED WHUprTx6Ib5AoO5lzg3SyMJyPlUDb6CJb1+EE0co82tH6donqaKKWHGiO1ISV0wRnizQ jjvmSwm9RZfxqF8KHAzR/Wsc3W+4OaidB9o/oCfxwEbWxadBowI17mBce1p8mXBX9Arc KA== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2130.oracle.com with ESMTP id 2rpkhsk6be-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:30 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KR2p3165960; Sun, 7 Apr 2019 20:27:30 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userp3030.oracle.com with ESMTP id 2rph7rqdh8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:30 +0000 Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x37KRT4A031880; Sun, 7 Apr 2019 20:27:29 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 07 Apr 2019 13:27:29 -0700 Subject: [PATCH 3/4] xfs: flush page mappings as part of setting immutable From: "Darrick J. Wong" To: darrick.wong@oracle.com Cc: david@fromorbit.com, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Sun, 07 Apr 2019 13:27:23 -0700 Message-ID: <155466884294.633834.1486289166159962611.stgit@magnolia> In-Reply-To: <155466882175.633834.15261194784129614735.stgit@magnolia> References: <155466882175.633834.15261194784129614735.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=3 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." This means that we need to flush the page cache when setting the immutable flag so that all mappings will become read-only again and therefore programs cannot continue to write to writable mappings. Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_ioctl.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 7 deletions(-) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 91938c4f3c67..5a1b96dad901 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -998,6 +998,31 @@ xfs_diflags_to_linux( #endif } +/* + * Lock the inode against file io and page faults, then flush all dirty pages + * and wait for writeback and direct IO operations to finish. Returns with + * the relevant inode lock flags set in @join_flags. Caller is responsible for + * unlocking even on error return. + */ +static int +xfs_ioctl_setattr_flush( + struct xfs_inode *ip, + int *join_flags) +{ + struct inode *inode = VFS_I(ip); + + /* Already locked the inode from IO? Assume we're done. */ + if (((*join_flags) & (XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL)) == + (XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL)) + return 0; + + /* Lock and flush all mappings and IO in preparation for flag change */ + *join_flags = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; + xfs_ilock(ip, *join_flags); + inode_dio_wait(inode); + return filemap_write_and_wait(inode->i_mapping); +} + static int xfs_ioctl_setattr_xflags( struct xfs_trans *tp, @@ -1092,25 +1117,22 @@ xfs_ioctl_setattr_dax_invalidate( if (!(fa->fsx_xflags & FS_XFLAG_DAX) && !IS_DAX(inode)) return 0; - if (S_ISDIR(inode->i_mode)) + if (!S_ISREG(inode->i_mode)) return 0; /* lock, flush and invalidate mapping in preparation for flag change */ - xfs_ilock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); - error = filemap_write_and_wait(inode->i_mapping); + error = xfs_ioctl_setattr_flush(ip, join_flags); if (error) goto out_unlock; error = invalidate_inode_pages2(inode->i_mapping); if (error) goto out_unlock; - - *join_flags = XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL; return 0; out_unlock: - xfs_iunlock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); + xfs_iunlock(ip, *join_flags); + *join_flags = 0; return error; - } /* @@ -1356,6 +1378,21 @@ xfs_ioctl_setattr( if (code) goto error_free_dquots; + /* + * If we are trying to set immutable on a file then flush everything to + * disk to force all writable memory mappings back through the + * pagefault handler. + */ + if (S_ISREG(VFS_I(ip)->i_mode) && !IS_IMMUTABLE(VFS_I(ip)) && + (fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) { + code = xfs_ioctl_setattr_flush(ip, &join_flags); + if (code) { + xfs_iunlock(ip, join_flags); + join_flags = 0; + goto error_free_dquots; + } + } + tp = xfs_ioctl_setattr_get_trans(ip, join_flags); if (IS_ERR(tp)) { code = PTR_ERR(tp); From patchwork Sun Apr 7 20:27:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10888673 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BADA11708 for ; Sun, 7 Apr 2019 20:27:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9EF9F2864E for ; Sun, 7 Apr 2019 20:27:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9305928650; Sun, 7 Apr 2019 20:27:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 264D02864E for ; Sun, 7 Apr 2019 20:27:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 35ED26B000A; Sun, 7 Apr 2019 16:27:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 30C076B000C; Sun, 7 Apr 2019 16:27:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1FCD16B000E; Sun, 7 Apr 2019 16:27:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id D947B6B000A for ; Sun, 7 Apr 2019 16:27:40 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id m35so5713960pgl.6 for ; Sun, 07 Apr 2019 13:27:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=Kv3ME1CHuNV3vr0SQcA7uFv9ps91/aQadFGc+0Oqa8Q=; b=HkYIYX9/Dv7N/Bj3tuj25md4Ye4YHoCTjbw9fKzGiy7gi7he0Ig8qKxDQ1hrO2YM6r wTHq08mj313A1WmYTOjs2e2xN71sPNd1j9nG07f8KOrGry11w1wrZ4VUJqbrqKfgOD1B mHlRGKAMh5lPunTJA1Pms/WWR5o7ly8il4Ws1cxLnImWn30ZpErgyFsWwVX33HiIWb06 svgDaoEI+m4wj8oH3Ok5HsL3x3jGyBlpWJeKBitjhMrGswd+zrUv5qgDW8tt9/ziYrPH 5djButMyI+xffqF+NuHk+3yXExHGIGwX8uTow9MraZg8dS3PUbiZjU+n2/naaDZeESIq 8pOA== X-Gm-Message-State: APjAAAU4z5dc+IKvcr1FkFKVlTO7QZbl8KCt63kgAL3sxHAot1CN8ida jwh+Z6prYdJUiFWpUu/env0pA7FjguhDxkWHLtAjs2Noz3ZVVDdgcUWL3wt8qd0jOjJOCbunS8p Jddszc7tDeP39nXUEdW4f6An8jdMxMtLAbFctKCtga0tkD6GAblcnlS1yDYo8ENV4Sw== X-Received: by 2002:aa7:91d5:: with SMTP id z21mr25745838pfa.222.1554668860438; Sun, 07 Apr 2019 13:27:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqyY3JXs9h0l/S2PNpWUK+0KqcCmFMhNIK2wlP352waedzLBCT4NcsPoaIZT5j/RggAfaKTd X-Received: by 2002:aa7:91d5:: with SMTP id z21mr25745801pfa.222.1554668859799; Sun, 07 Apr 2019 13:27:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554668859; cv=none; d=google.com; s=arc-20160816; b=dBB+oAz3Wt7H0RNsGZJC2Hy2oZnHqYR2Zv1PMQja2m2PHOq65JdoGS8n4ynrlUur5z euW3tiA6PPfJ5lM4YiQKjY+HDwuS5bUlTgvRNAvG4Y14DgNp4oxFMuRYB/kFagGhcZZ7 Q5yt9qaTcbJ+ERXDjQ7gZRrVnNxPiZLYbvlTVXXxTkszM0HOD1l5ej/8aLw6jdPYhZ5w 7fD8qEUNA+r/hKzltz8YvLy+kuoHjQ6rx62nz8u/ws78ukyuOueYLk6Npeh0j6EcxYfe zUMH0FHgdk/fCIVHxsdyx84BzzZI81yarjW1mBPkJHzJt6ueArD0G8Y0N1Za66qzl0CB Znlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=Kv3ME1CHuNV3vr0SQcA7uFv9ps91/aQadFGc+0Oqa8Q=; b=wpgQ79g9jIJmbQCQ/SYMrjE74oZNYBfTNjqK4b6dpCgPmJvCxRba8+3zMQMsO5YKUc 7su6ew4xG66IEiQ2+IhhIjcw10tj0I/obpHkxCuMeuvQYpFZp5zfSPg7/ZT8V3WzgSyQ 4/fkRnPlbgngVVZYHpuhy77wJMROSUm3sDDfuGCchheMsrZVyHArxgqyhH9tSuARmSvk S0TArjxrSV4HLBf/Wf0LHtJmW5mFZlt7CyeUJjUs9Vp22C5TDwtoSi2/xQ7Qo86+/qfe BrqS2lxnAQmmKJUhYTV01jJDX5FpFl1sZYChhf0V0GTz/f9wVMNTNQC1WhH1QS0h07qg 9/wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=FqmdE+7E; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.79 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from aserp2130.oracle.com (aserp2130.oracle.com. [141.146.126.79]) by mx.google.com with ESMTPS id m3si24276883pfh.249.2019.04.07.13.27.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Apr 2019 13:27:39 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.79 as permitted sender) client-ip=141.146.126.79; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=FqmdE+7E; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.79 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KJMGV068386; Sun, 7 Apr 2019 20:27:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=Kv3ME1CHuNV3vr0SQcA7uFv9ps91/aQadFGc+0Oqa8Q=; b=FqmdE+7Eb0IBxrlLL177cZCTndZa9EnxerIHOWMihSBaobMZoAfDXGpnG3KAO2PnBn5o ZwG+Nv8XeBhXoUuCDPMo8M6rqDJSbmbEMqxwPv4JvxiPs+yGhldsSkGZVrESeou6My2N yVdhuQWdBtjo0gBw/obdeV1UDO9cU9SZxVz+DXGoP/q9uqrwEFpn1oKfKMntBqCVoB2r k6SHjsQde/s5HkMbDT/OuNcUZsVVVYdGUyBDXfwPr2Rf7bQPHrMNVV4VgkrME2zEiIpD OatzVYGxPrgkE2508YGx0ghlOoT1YMXn9+yO4UA3nQj/gqeupshVeoyk/7VZABXza44u Cw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by aserp2130.oracle.com with ESMTP id 2rphme3be7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:38 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x37KRcwU195361; Sun, 7 Apr 2019 20:27:38 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userp3020.oracle.com with ESMTP id 2rpkehdurk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 07 Apr 2019 20:27:37 +0000 Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x37KRauR032494; Sun, 7 Apr 2019 20:27:36 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 07 Apr 2019 13:27:36 -0700 Subject: [PATCH 4/4] xfs: don't allow most setxattr to immutable files From: "Darrick J. Wong" To: darrick.wong@oracle.com Cc: david@fromorbit.com, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Sun, 07 Apr 2019 13:27:29 -0700 Message-ID: <155466884962.633834.14320700092446721044.stgit@magnolia> In-Reply-To: <155466882175.633834.15261194784129614735.stgit@magnolia> References: <155466882175.633834.15261194784129614735.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070194 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9220 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904070193 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." However, we don't actually check the immutable flag in the setattr code, which means that we can update project ids and extent size hints on supposedly immutable files. Therefore, reject a setattr call on an immutable file except for the case where we're trying to unset IMMUTABLE. Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson --- fs/xfs/xfs_ioctl.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 5a1b96dad901..1215713d7814 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -1061,6 +1061,14 @@ xfs_ioctl_setattr_xflags( !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; + /* + * If immutable is set and we are not clearing it, we're not allowed + * to change anything else in the inode. + */ + if ((ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) && + (fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) + return -EPERM; + /* diflags2 only valid for v3 inodes. */ di_flags2 = xfs_flags2diflags2(ip, fa->fsx_xflags); if (di_flags2 && ip->i_d.di_version < 3)