From patchwork Tue Jun 11 04:46:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10985943 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7FFE114BB for ; Tue, 11 Jun 2019 04:48:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7244926E3E for ; Tue, 11 Jun 2019 04:48:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 66198286DD; Tue, 11 Jun 2019 04:48:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EB69726E3E for ; Tue, 11 Jun 2019 04:48:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2403866AbfFKEr5 (ORCPT ); Tue, 11 Jun 2019 00:47:57 -0400 Received: from aserp2130.oracle.com ([141.146.126.79]:44360 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403815AbfFKEr4 (ORCPT ); Tue, 11 Jun 2019 00:47:56 -0400 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4hvkn179926; Tue, 11 Jun 2019 04:46:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=3VbsaLgMKmnivyw2BABUNL3yVLlrUKnFsmwkVKP7/7Q=; b=ygS9UVyB8LyUAR7C1mNHPgi0PbSv7gBd3P6tWeLnsQcfs4hLgurKAu8u/njUDzM8jtZl vwft8Ixt1L69hPzvX7z0AOvbjg30Rm+6FJl+f7XNM9UPFWffippfEl73w1UntK28uwUO Fr2orJrX3KwsU2DI1zdH2KeSHJb84PM6VU23UBPkhgWNXotRA3T3er9eRujknfOhMugG nAK8v+cAc4CkT/t6pkRpKrVFJgpouXY14kWiyJczzBwEPMhnGyvQF4902QhWOGDRE3Jx XbBGcmgJv4/EAPD1RHtwu9roWvkuSaYyc0Aa5vqwgIaerbFx0TB0XyAtNQNve37DvQSC wQ== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by aserp2130.oracle.com with ESMTP id 2t02hejrfu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:23 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4k8F6173710; Tue, 11 Jun 2019 04:46:22 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3020.oracle.com with ESMTP id 2t0p9r34fg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 11 Jun 2019 04:46:22 +0000 Received: from aserp3020.oracle.com (aserp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5B4kMi7174183; Tue, 11 Jun 2019 04:46:22 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserp3020.oracle.com with ESMTP id 2t0p9r34f8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:22 +0000 Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x5B4kKHR023006; Tue, 11 Jun 2019 04:46:20 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 Jun 2019 21:46:19 -0700 Subject: [PATCH 1/6] mm/fs: don't allow writes to immutable files From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Mon, 10 Jun 2019 21:46:17 -0700 Message-ID: <156022837711.3227213.11787906519006016743.stgit@magnolia> In-Reply-To: <156022836912.3227213.13598042497272336695.stgit@magnolia> References: <156022836912.3227213.13598042497272336695.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9284 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=307 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110033 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." Once the flag is set, it is enforced for quite a few file operations, such as fallocate, fpunch, fzero, rm, touch, open, etc. However, we don't check for immutability when doing a write(), a PROT_WRITE mmap(), a truncate(), or a write to a previously established mmap. If a program has an open write fd to a file that the administrator subsequently marks immutable, the program still can change the file contents. Weird! The ability to write to an immutable file does not follow the manpage promise that immutable files cannot be modified. Worse yet it's inconsistent with the behavior of other syscalls which don't allow modifications of immutable files. Therefore, add the necessary checks to make the write, mmap, and truncate behavior consistent with what the manpage says and consistent with other syscalls on filesystems which support IMMUTABLE. Signed-off-by: Darrick J. Wong --- fs/attr.c | 13 ++++++------- mm/filemap.c | 3 +++ mm/memory.c | 3 +++ mm/mmap.c | 8 ++++++-- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/fs/attr.c b/fs/attr.c index d22e8187477f..1fcfdcc5b367 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -233,19 +233,18 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de WARN_ON_ONCE(!inode_is_locked(inode)); - if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) { - if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) - return -EPERM; - } + if (IS_IMMUTABLE(inode)) + return -EPERM; + + if ((ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) && + IS_APPEND(inode)) + return -EPERM; /* * If utimes(2) and friends are called with times == NULL (or both * times are UTIME_NOW), then we need to check for write permission */ if (ia_valid & ATTR_TOUCH) { - if (IS_IMMUTABLE(inode)) - return -EPERM; - if (!inode_owner_or_capable(inode)) { error = inode_permission(inode, MAY_WRITE); if (error) diff --git a/mm/filemap.c b/mm/filemap.c index df2006ba0cfa..65433c7ab1d8 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2940,6 +2940,9 @@ inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from) loff_t count; int ret; + if (IS_IMMUTABLE(inode)) + return -EPERM; + if (!iov_iter_count(from)) return 0; diff --git a/mm/memory.c b/mm/memory.c index ddf20bd0c317..4311cfdade90 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2235,6 +2235,9 @@ static vm_fault_t do_page_mkwrite(struct vm_fault *vmf) vmf->flags = FAULT_FLAG_WRITE|FAULT_FLAG_MKWRITE; + if (vmf->vma->vm_file && IS_IMMUTABLE(file_inode(vmf->vma->vm_file))) + return VM_FAULT_SIGBUS; + ret = vmf->vma->vm_ops->page_mkwrite(vmf); /* Restore original flags so that caller is not surprised */ vmf->flags = old_flags; diff --git a/mm/mmap.c b/mm/mmap.c index 7e8c3e8ae75f..ac1e32205237 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1483,8 +1483,12 @@ unsigned long do_mmap(struct file *file, unsigned long addr, case MAP_SHARED_VALIDATE: if (flags & ~flags_mask) return -EOPNOTSUPP; - if ((prot&PROT_WRITE) && !(file->f_mode&FMODE_WRITE)) - return -EACCES; + if (prot & PROT_WRITE) { + if (!(file->f_mode & FMODE_WRITE)) + return -EACCES; + if (IS_IMMUTABLE(file_inode(file))) + return -EPERM; + } /* * Make sure we don't allow writing to an append-only From patchwork Tue Jun 11 04:46:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10985937 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B54491708 for ; Tue, 11 Jun 2019 04:47:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A642B26E3E for ; Tue, 11 Jun 2019 04:47:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 997B4286DD; Tue, 11 Jun 2019 04:47:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC54F286D6 for ; Tue, 11 Jun 2019 04:47:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391191AbfFKErm (ORCPT ); Tue, 11 Jun 2019 00:47:42 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:33110 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391017AbfFKErm (ORCPT ); Tue, 11 Jun 2019 00:47:42 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4hbOv168944; Tue, 11 Jun 2019 04:46:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=WxybxO3WrS/x7Dg3DJBiQISzcpEZ9jMIUmRFYzJs8ZE=; b=KouHoeBMQ/ymJf6HIOOrACaaQzi7UEt0l1lJrCBY0Vn59xdS7jQ9hMIUdvJI75TqqQ70 60qYSdgHRavV6Nveb0KGPeviNFpJ1DIDV5gpXL2DrMktYZbGv3/Ekelwz1ITy2d+Oovj MuJCe0Zg8/vDKONBYcIrkeccye2h2rsHFM6XJpvlrviysaSF6dVxlEeRkZDYzsh6lrxG RZL35DazP7WD7+QGfndOUgSBM28R9yUqdp3FKJ6eyepAURXNdu/ORgi5/VFzSP6Mg2nJ odqAoXgCSh44u0npPvoyht0hzz065yX0OrK92+kPtZVRwl75a8hRHlPOFyIwZCnSmgW8 Fw== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by userp2120.oracle.com with ESMTP id 2t05nqjh61-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:31 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4k8Ct173748; Tue, 11 Jun 2019 04:46:30 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3020.oracle.com with ESMTP id 2t0p9r34gu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 11 Jun 2019 04:46:30 +0000 Received: from aserp3020.oracle.com (aserp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5B4kUI9174363; Tue, 11 Jun 2019 04:46:30 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3020.oracle.com with ESMTP id 2t0p9r34gm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:30 +0000 Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5B4kSKb002743; Tue, 11 Jun 2019 04:46:28 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 Jun 2019 21:46:27 -0700 Subject: [PATCH 2/6] vfs: flush and wait for io when setting the immutable flag via SETFLAGS From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Mon, 10 Jun 2019 21:46:25 -0700 Message-ID: <156022838496.3227213.3771632042609589318.stgit@magnolia> In-Reply-To: <156022836912.3227213.13598042497272336695.stgit@magnolia> References: <156022836912.3227213.13598042497272336695.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9284 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110033 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong When we're using FS_IOC_SETFLAGS to set the immutable flag on a file, we need to ensure that userspace can't continue to write the file after the file becomes immutable. To make that happen, we have to flush all the dirty pagecache pages to disk to ensure that we can fail a page fault on a mmap'd region, wait for pending directio to complete, and hope the caller locked out any new writes by holding the inode lock. Signed-off-by: Darrick J. Wong --- fs/btrfs/ioctl.c | 3 +++ fs/efivarfs/file.c | 5 +++++ fs/ext2/ioctl.c | 5 +++++ fs/ext4/ioctl.c | 3 +++ fs/f2fs/file.c | 3 +++ fs/hfsplus/ioctl.c | 3 +++ fs/nilfs2/ioctl.c | 3 +++ fs/ocfs2/ioctl.c | 3 +++ fs/orangefs/file.c | 11 ++++++++--- fs/orangefs/protocol.h | 3 +++ fs/reiserfs/ioctl.c | 3 +++ fs/ubifs/ioctl.c | 3 +++ include/linux/fs.h | 34 ++++++++++++++++++++++++++++++++++ 13 files changed, 79 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 7ddda5b4b6a6..f431813b2454 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -214,6 +214,9 @@ static int btrfs_ioctl_setflags(struct file *file, void __user *arg) fsflags = btrfs_mask_fsflags_for_type(inode, fsflags); old_fsflags = btrfs_inode_flags_to_fsflags(binode->flags); ret = vfs_ioc_setflags_check(inode, old_fsflags, fsflags); + if (ret) + goto out_unlock; + ret = vfs_ioc_setflags_flush_data(inode, fsflags); if (ret) goto out_unlock; diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c index f4f6c1bec132..845016a67724 100644 --- a/fs/efivarfs/file.c +++ b/fs/efivarfs/file.c @@ -163,6 +163,11 @@ efivarfs_ioc_setxflags(struct file *file, void __user *arg) return error; inode_lock(inode); + error = vfs_ioc_setflags_flush_data(inode, flags); + if (error) { + inode_unlock(inode); + return error; + } inode_set_flags(inode, i_flags, S_IMMUTABLE); inode_unlock(inode); diff --git a/fs/ext2/ioctl.c b/fs/ext2/ioctl.c index 88b3b9720023..75f75619237c 100644 --- a/fs/ext2/ioctl.c +++ b/fs/ext2/ioctl.c @@ -65,6 +65,11 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) inode_unlock(inode); goto setflags_out; } + ret = vfs_ioc_setflags_flush_data(inode, flags); + if (ret) { + inode_unlock(inode); + goto setflags_out; + } flags = flags & EXT2_FL_USER_MODIFIABLE; flags |= oldflags & ~EXT2_FL_USER_MODIFIABLE; diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 6aa1df1918f7..a05341b94d98 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -290,6 +290,9 @@ static int ext4_ioctl_setflags(struct inode *inode, jflag = flags & EXT4_JOURNAL_DATA_FL; err = vfs_ioc_setflags_check(inode, oldflags, flags); + if (err) + goto flags_out; + err = vfs_ioc_setflags_flush_data(inode, flags); if (err) goto flags_out; diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 183ed1ac60e1..d3cf4bdb8738 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1681,6 +1681,9 @@ static int __f2fs_ioc_setflags(struct inode *inode, unsigned int flags) oldflags = fi->i_flags; err = vfs_ioc_setflags_check(inode, oldflags, flags); + if (err) + return err; + err = vfs_ioc_setflags_flush_data(inode, flags); if (err) return err; diff --git a/fs/hfsplus/ioctl.c b/fs/hfsplus/ioctl.c index 862a3c9481d7..f8295fa35237 100644 --- a/fs/hfsplus/ioctl.c +++ b/fs/hfsplus/ioctl.c @@ -104,6 +104,9 @@ static int hfsplus_ioctl_setflags(struct file *file, int __user *user_flags) inode_lock(inode); err = vfs_ioc_setflags_check(inode, oldflags, flags); + if (err) + goto out_unlock_inode; + err = vfs_ioc_setflags_flush_data(inode, flags); if (err) goto out_unlock_inode; diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c index 0632336d2515..a3c200ab9f60 100644 --- a/fs/nilfs2/ioctl.c +++ b/fs/nilfs2/ioctl.c @@ -149,6 +149,9 @@ static int nilfs_ioctl_setflags(struct inode *inode, struct file *filp, oldflags = NILFS_I(inode)->i_flags; ret = vfs_ioc_setflags_check(inode, oldflags, flags); + if (ret) + goto out; + ret = vfs_ioc_setflags_flush_data(inode, flags); if (ret) goto out; diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c index 467a2faf0305..e91ca0dad3d7 100644 --- a/fs/ocfs2/ioctl.c +++ b/fs/ocfs2/ioctl.c @@ -107,6 +107,9 @@ static int ocfs2_set_inode_attr(struct inode *inode, unsigned flags, flags |= oldflags & ~mask; status = vfs_ioc_setflags_check(inode, oldflags, flags); + if (status) + goto bail_unlock; + status = vfs_ioc_setflags_flush_data(inode, flags); if (status) goto bail_unlock; diff --git a/fs/orangefs/file.c b/fs/orangefs/file.c index a35c17017210..fec5dfbc3dac 100644 --- a/fs/orangefs/file.c +++ b/fs/orangefs/file.c @@ -389,6 +389,8 @@ static long orangefs_ioctl(struct file *file, unsigned int cmd, unsigned long ar (unsigned long long)uval); return put_user(uval, (int __user *)arg); } else if (cmd == FS_IOC_SETFLAGS) { + struct inode *inode = file_inode(file); + ret = 0; if (get_user(uval, (int __user *)arg)) return -EFAULT; @@ -399,11 +401,14 @@ static long orangefs_ioctl(struct file *file, unsigned int cmd, unsigned long ar * the flags and then updates the flags with some new * settings. So, we ignore it in the following edit. bligon. */ - if ((uval & ~ORANGEFS_MIRROR_FL) & - (~(FS_IMMUTABLE_FL | FS_APPEND_FL | FS_NOATIME_FL))) { + if ((uval & ~ORANGEFS_MIRROR_FL) & ~ORANGEFS_VFS_FL) { gossip_err("orangefs_ioctl: the FS_IOC_SETFLAGS only supports setting one of FS_IMMUTABLE_FL|FS_APPEND_FL|FS_NOATIME_FL\n"); return -EINVAL; } + ret = vfs_ioc_setflags_flush_data(inode, + uval & ORANGEFS_VFS_FL); + if (ret) + goto out; val = uval; gossip_debug(GOSSIP_FILE_DEBUG, "orangefs_ioctl: FS_IOC_SETFLAGS: %llu\n", @@ -412,7 +417,7 @@ static long orangefs_ioctl(struct file *file, unsigned int cmd, unsigned long ar "user.pvfs2.meta_hint", &val, sizeof(val), 0); } - +out: return ret; } diff --git a/fs/orangefs/protocol.h b/fs/orangefs/protocol.h index d403cf29a99b..3dbe1c4534ce 100644 --- a/fs/orangefs/protocol.h +++ b/fs/orangefs/protocol.h @@ -129,6 +129,9 @@ static inline void ORANGEFS_khandle_from(struct orangefs_khandle *kh, #define ORANGEFS_IMMUTABLE_FL FS_IMMUTABLE_FL #define ORANGEFS_APPEND_FL FS_APPEND_FL #define ORANGEFS_NOATIME_FL FS_NOATIME_FL +#define ORANGEFS_VFS_FL (FS_IMMUTABLE_FL | \ + FS_APPEND_FL | \ + FS_NOATIME_FL) #define ORANGEFS_MIRROR_FL 0x01000000ULL #define ORANGEFS_FS_ID_NULL ((__s32)0) #define ORANGEFS_ATTR_SYS_UID (1 << 0) diff --git a/fs/reiserfs/ioctl.c b/fs/reiserfs/ioctl.c index 92bcb1ecd994..50494f54392c 100644 --- a/fs/reiserfs/ioctl.c +++ b/fs/reiserfs/ioctl.c @@ -77,6 +77,9 @@ long reiserfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) err = vfs_ioc_setflags_check(inode, REISERFS_I(inode)->i_attrs, flags); + if (err) + goto setflags_out; + err = vfs_ioc_setflags_flush_data(inode, flags); if (err) goto setflags_out; if ((flags & REISERFS_NOTAIL_FL) && diff --git a/fs/ubifs/ioctl.c b/fs/ubifs/ioctl.c index bdea836fc38b..ff4a43314599 100644 --- a/fs/ubifs/ioctl.c +++ b/fs/ubifs/ioctl.c @@ -110,6 +110,9 @@ static int setflags(struct inode *inode, int flags) mutex_lock(&ui->ui_mutex); oldflags = ubifs2ioctl(ui->flags); err = vfs_ioc_setflags_check(inode, oldflags, flags); + if (err) + goto out_unlock; + err = vfs_ioc_setflags_flush_data(inode, flags); if (err) goto out_unlock; diff --git a/include/linux/fs.h b/include/linux/fs.h index 8dad3c80b611..9c899c63957e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3548,7 +3548,41 @@ static inline struct sock *io_uring_get_socket(struct file *file) int vfs_ioc_setflags_check(struct inode *inode, int oldflags, int flags); +/* + * Do we need to flush the file data before changing attributes? When we're + * setting the immutable flag we must stop all directio writes and flush the + * dirty pages so that we can fail the page fault on the next write attempt. + */ +static inline bool vfs_ioc_setflags_need_flush(struct inode *inode, int flags) +{ + if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && + (flags & FS_IMMUTABLE_FL)) + return true; + + return false; +} + +/* + * Flush file data before changing attributes. Caller must hold any locks + * required to prevent further writes to this file until we're done setting + * flags. + */ +static inline int inode_flush_data(struct inode *inode) +{ + inode_dio_wait(inode); + return filemap_write_and_wait(inode->i_mapping); +} + +/* Flush file data before changing attributes, if necessary. */ +static inline int vfs_ioc_setflags_flush_data(struct inode *inode, int flags) +{ + if (vfs_ioc_setflags_need_flush(inode, flags)) + return inode_flush_data(inode); + return 0; +} + int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, struct fsxattr *fa); + #endif /* _LINUX_FS_H */ From patchwork Tue Jun 11 04:46:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10985941 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D6D714E5 for ; Tue, 11 Jun 2019 04:47:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3057326E3E for ; Tue, 11 Jun 2019 04:47:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 23C90286DD; Tue, 11 Jun 2019 04:47:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 981C926E3E for ; Tue, 11 Jun 2019 04:47:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2403833AbfFKErx (ORCPT ); Tue, 11 Jun 2019 00:47:53 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:44470 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403815AbfFKErw (ORCPT ); Tue, 11 Jun 2019 00:47:52 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4hb7L159153; Tue, 11 Jun 2019 04:46:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=OE6FPPB5Pqi/Vl6YrpWW8Mgm59ZrawiJ1ASuvgj6hZQ=; b=aajQA90vj37ND50UtdyHx5H16e4znrHfLUb+wBHywGqmqqRsIos1xOgFYLz7aYNs00s1 mkdEqPk+9iThLFFbd7m84IB9UbTbiJsER4EGmYV30XNlH6n40JvOmYi8cKj93Y3wOIWS xXXEp1l5r1zAYgrHOMIuw78O9W4vf7dHoDzzlKM07X2NgjrlxKWaQ90Q6ZtGKszaDIiW t6S8su+95if8Mv8oeTvn/HimNYzwaiJe7JgUnemVyARWuXBfLDIzU5Dpew2Ysp6JC1dM Nh5hEvqL7jgmqANgt7EJvwjiQk/FOzixoiiL9QVfsDpehQuyb5PWlCJr/s6iVqc1Wuda mA== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2130.oracle.com with ESMTP id 2t04etjkw1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:43 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4ipsN119991; Tue, 11 Jun 2019 04:46:43 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3030.oracle.com with ESMTP id 2t04hy50d3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 11 Jun 2019 04:46:43 +0000 Received: from aserp3030.oracle.com (aserp3030.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5B4kgVr123729; Tue, 11 Jun 2019 04:46:42 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3030.oracle.com with ESMTP id 2t04hy50d0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:42 +0000 Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5B4keoZ002792; Tue, 11 Jun 2019 04:46:40 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 Jun 2019 21:46:40 -0700 Subject: [PATCH 3/6] vfs: flush and wait for io when setting the immutable flag via FSSETXATTR From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Mon, 10 Jun 2019 21:46:33 -0700 Message-ID: <156022839302.3227213.8773888198343223122.stgit@magnolia> In-Reply-To: <156022836912.3227213.13598042497272336695.stgit@magnolia> References: <156022836912.3227213.13598042497272336695.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9284 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110033 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong When we're using FS_IOC_FSSETXATTR to set the immutable flag on a file, we need to ensure that userspace can't continue to write the file after the file becomes immutable. To make that happen, we have to flush all the dirty pagecache pages to disk to ensure that we can fail a page fault on a mmap'd region, wait for pending directio to complete, and hope the caller locked out any new writes by holding the inode lock. Signed-off-by: Darrick J. Wong --- fs/btrfs/ioctl.c | 3 +++ fs/ext4/ioctl.c | 3 +++ fs/f2fs/file.c | 3 +++ fs/xfs/xfs_ioctl.c | 39 +++++++++++++++++++++++++++++++++------ include/linux/fs.h | 23 +++++++++++++++++++++++ 5 files changed, 65 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index f431813b2454..63a9281e6ce0 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -432,6 +432,9 @@ static int btrfs_ioctl_fssetxattr(struct file *file, void __user *arg) __btrfs_ioctl_fsgetxattr(binode, &old_fa); ret = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + if (ret) + goto out_unlock; + ret = vfs_ioc_fssetxattr_flush_data(inode, &fa); if (ret) goto out_unlock; diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index a05341b94d98..6037585c1520 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -1115,6 +1115,9 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) inode_lock(inode); ext4_fsgetxattr(inode, &old_fa); err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + if (err) + goto out; + err = vfs_ioc_fssetxattr_flush_data(inode, &fa); if (err) goto out; flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index d3cf4bdb8738..97f4bb36540f 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2832,6 +2832,9 @@ static int f2fs_ioc_fssetxattr(struct file *filp, unsigned long arg) __f2fs_ioc_fsgetxattr(inode, &old_fa); err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + if (err) + goto out; + err = vfs_ioc_fssetxattr_flush_data(inode, &fa); if (err) goto out; flags = (fi->i_flags & ~F2FS_FL_XFLAG_VISIBLE) | diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index b494e7e881e3..88583b3e1e76 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -1014,6 +1014,28 @@ xfs_diflags_to_linux( #endif } +/* + * Lock the inode against file io and page faults, then flush all dirty pages + * and wait for writeback and direct IO operations to finish. Returns with + * the relevant inode lock flags set in @join_flags. Caller is responsible for + * unlocking even on error return. + */ +static int +xfs_ioctl_setattr_flush( + struct xfs_inode *ip, + int *join_flags) +{ + /* Already locked the inode from IO? Assume we're done. */ + if (((*join_flags) & (XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL)) == + (XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL)) + return 0; + + /* Lock and flush all mappings and IO in preparation for flag change */ + *join_flags = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; + xfs_ilock(ip, *join_flags); + return inode_flush_data(VFS_I(ip)); +} + static int xfs_ioctl_setattr_xflags( struct xfs_trans *tp, @@ -1099,23 +1121,22 @@ xfs_ioctl_setattr_dax_invalidate( if (!(fa->fsx_xflags & FS_XFLAG_DAX) && !IS_DAX(inode)) return 0; - if (S_ISDIR(inode->i_mode)) + if (!S_ISREG(inode->i_mode)) return 0; - /* lock, flush and invalidate mapping in preparation for flag change */ - xfs_ilock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); - error = filemap_write_and_wait(inode->i_mapping); + error = xfs_ioctl_setattr_flush(ip, join_flags); if (error) goto out_unlock; error = invalidate_inode_pages2(inode->i_mapping); if (error) goto out_unlock; - *join_flags = XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL; return 0; out_unlock: - xfs_iunlock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); + if (*join_flags) + xfs_iunlock(ip, *join_flags); + *join_flags = 0; return error; } @@ -1337,6 +1358,12 @@ xfs_ioctl_setattr( if (code) goto error_free_dquots; + if (!join_flags && vfs_ioc_fssetxattr_need_flush(VFS_I(ip), fa)) { + code = xfs_ioctl_setattr_flush(ip, &join_flags); + if (code) + goto error_free_dquots; + } + tp = xfs_ioctl_setattr_get_trans(ip, join_flags); if (IS_ERR(tp)) { code = PTR_ERR(tp); diff --git a/include/linux/fs.h b/include/linux/fs.h index 9c899c63957e..dae2b31cd32b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3584,5 +3584,28 @@ static inline int vfs_ioc_setflags_flush_data(struct inode *inode, int flags) int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, struct fsxattr *fa); +/* + * Do we need to flush the file data before changing attributes? When we're + * setting the immutable flag we must stop all directio writes and flush the + * dirty pages so that we can fail the page fault on the next write attempt. + */ +static inline bool vfs_ioc_fssetxattr_need_flush(struct inode *inode, + struct fsxattr *fa) +{ + if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && + (fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) + return true; + + return false; +} + +/* Flush file data before changing attributes, if necessary. */ +static inline int vfs_ioc_fssetxattr_flush_data(struct inode *inode, + struct fsxattr *fa) +{ + if (vfs_ioc_fssetxattr_need_flush(inode, fa)) + return inode_flush_data(inode); + return 0; +} #endif /* _LINUX_FS_H */ From patchwork Tue Jun 11 04:46:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10985949 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 73B4B14BB for ; Tue, 11 Jun 2019 04:48:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 66D1026E3E for ; Tue, 11 Jun 2019 04:48:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5AD1B28708; Tue, 11 Jun 2019 04:48:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0A4EA26E3E for ; Tue, 11 Jun 2019 04:48:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391067AbfFKEsD (ORCPT ); Tue, 11 Jun 2019 00:48:03 -0400 Received: from aserp2130.oracle.com ([141.146.126.79]:44436 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388869AbfFKEsC (ORCPT ); Tue, 11 Jun 2019 00:48:02 -0400 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4ieXX180356; Tue, 11 Jun 2019 04:46:51 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=9SKtfVa/Ru/24wF00+1XpgCjgE3DaoVXLTp8OBycX6Q=; b=a65p1F4GNMOD7ZhfQQ0Aee5lYxxpF5bEu3ejKPQ2FI7leIuD3L5Od98XxlBZBiULo+I0 PiLxwPa4TP11fmkzFx2hTEBttQ70Asjs3pVhj0xnUyuA4TDA1PdZ8+K3B6AKTniIH0Wt PmgpOJ8FLa5n7B5QaOsMaglRlEL7Jg9amXjrWd4aSz73BNDqzucGWJCWPu30LR2AHZmZ Vp4STkJq+EZPOJb8jfflSMgEzgDqHawNUz8Vj1787pJfdkW2tYHVSsDffdIcIn3YNzqe XNFe4G9eEolFtUBijCmtu6ZVbwPdu+R01OhSK+PU52cI/5p/ugsYJGx0SL2G2TuMpOje ZA== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by aserp2130.oracle.com with ESMTP id 2t02hejrh6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:51 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4klpd052677; Tue, 11 Jun 2019 04:46:50 GMT Received: from pps.reinject (localhost [127.0.0.1]) by userp3020.oracle.com with ESMTP id 2t1jph7wy0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 11 Jun 2019 04:46:50 +0000 Received: from userp3020.oracle.com (userp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5B4koOo052887; Tue, 11 Jun 2019 04:46:50 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userp3020.oracle.com with ESMTP id 2t1jph7wxv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:50 +0000 Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5B4kmA1002826; Tue, 11 Jun 2019 04:46:48 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 Jun 2019 21:46:48 -0700 Subject: [PATCH 4/6] vfs: don't allow most setxattr to immutable files From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Mon, 10 Jun 2019 21:46:45 -0700 Message-ID: <156022840560.3227213.4776913678782966728.stgit@magnolia> In-Reply-To: <156022836912.3227213.13598042497272336695.stgit@magnolia> References: <156022836912.3227213.13598042497272336695.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9284 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=893 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110033 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." However, we don't actually check the immutable flag in the setattr code, which means that we can update inode flags and project ids and extent size hints on supposedly immutable files. Therefore, reject setflags and fssetxattr calls on an immutable file if the file is immutable and will remain that way. Signed-off-by: Darrick J. Wong --- fs/inode.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/fs/inode.c b/fs/inode.c index a3757051fd55..adfb458bf533 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2184,6 +2184,17 @@ int vfs_ioc_setflags_check(struct inode *inode, int oldflags, int flags) !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; + /* + * We aren't allowed to change any other flags if the immutable flag is + * already set and is not being unset. + */ + if ((oldflags & FS_IMMUTABLE_FL) && + (flags & FS_IMMUTABLE_FL)) { + if ((oldflags & ~FS_IMMUTABLE_FL) != + (flags & ~FS_IMMUTABLE_FL)) + return -EPERM; + } + return 0; } EXPORT_SYMBOL(vfs_ioc_setflags_check); @@ -2226,6 +2237,26 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, !S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) return -EINVAL; + /* + * We aren't allowed to change any fields if the immutable flag is + * already set and is not being unset. + */ + if ((old_fa->fsx_xflags & FS_XFLAG_IMMUTABLE) && + (fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) { + if ((old_fa->fsx_xflags & ~FS_XFLAG_IMMUTABLE) != + (fa->fsx_xflags & ~FS_XFLAG_IMMUTABLE)) + return -EPERM; + if (old_fa->fsx_projid != fa->fsx_projid) + return -EPERM; + if ((fa->fsx_xflags & (FS_XFLAG_EXTSIZE | + FS_XFLAG_EXTSZINHERIT)) && + old_fa->fsx_extsize != fa->fsx_extsize) + return -EPERM; + if ((old_fa->fsx_xflags & FS_XFLAG_COWEXTSIZE) && + old_fa->fsx_cowextsize != fa->fsx_cowextsize) + return -EPERM; + } + /* Extent size hints of zero turn off the flags. */ if (fa->fsx_extsize == 0) fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT); From patchwork Tue Jun 11 04:46:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10985953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BE5E214E5 for ; Tue, 11 Jun 2019 04:48:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1BC228708 for ; Tue, 11 Jun 2019 04:48:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A5FF628718; Tue, 11 Jun 2019 04:48:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 52C1828708 for ; Tue, 11 Jun 2019 04:48:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2403881AbfFKEsI (ORCPT ); Tue, 11 Jun 2019 00:48:08 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:44650 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391203AbfFKEsE (ORCPT ); Tue, 11 Jun 2019 00:48:04 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4iSvp159663; Tue, 11 Jun 2019 04:46:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=GoNZ4aRxdLiu9VXKzoYqQXkZ8KvvgodmwFDB7EyF+mY=; b=GE9rwfHpB156RhzOW3QIE5Ib1NCYfB6ocjrsr9h85Z64UFXD2joZMNqo9BS8hoswAb0h eMAxHh82iy8Lv4rluHpal9wg9+RaKQScBCSecygwBgnvkAUZM5sU43iqnz7VygBHop2T TINkuaZH8bLj30vUyrvPfBAT8pE1KIIobZBEHu7eel+2Pquec3TPNQb0ILLZLbp+DKHb xtA5NBfYliCuVi3kGxugHBhIpxC8E3jeBWUn/osSIotdpHia9oVvnqfNIHWWMVTnVeIO +7ivXGGQbsVKWghtSxPgDA6HW2/f8n+wupQ5UMy8PdvoRMhpBs3EirSgchcpVtLqnphd uw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2130.oracle.com with ESMTP id 2t04etjkwq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:58 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4klnb052783; Tue, 11 Jun 2019 04:46:58 GMT Received: from pps.reinject (localhost [127.0.0.1]) by userp3020.oracle.com with ESMTP id 2t1jph7x07-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 11 Jun 2019 04:46:58 +0000 Received: from userp3020.oracle.com (userp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5B4kwXe053046; Tue, 11 Jun 2019 04:46:58 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userp3020.oracle.com with ESMTP id 2t1jph7wyw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:46:58 +0000 Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5B4kuxl015492; Tue, 11 Jun 2019 04:46:56 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 Jun 2019 21:46:56 -0700 Subject: [PATCH 5/6] xfs: refactor setflags to use setattr code directly From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Mon, 10 Jun 2019 21:46:53 -0700 Message-ID: <156022841356.3227213.6932589992914531998.stgit@magnolia> In-Reply-To: <156022836912.3227213.13598042497272336695.stgit@magnolia> References: <156022836912.3227213.13598042497272336695.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9284 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110033 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong Refactor the SETFLAGS implementation to use the SETXATTR code directly instead of partially constructing a struct fsxattr and calling bits and pieces of the setxattr code. This reduces code size and becomes necessary in the next patch to maintain the behavior of allowing userspace to set immutable on an immutable file so long as nothing /else/ about the attributes change. Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_ioctl.c | 40 +++------------------------------------- 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 88583b3e1e76..7b19ba2956ad 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -1491,11 +1491,8 @@ xfs_ioc_setxflags( struct file *filp, void __user *arg) { - struct xfs_trans *tp; struct fsxattr fa; - struct fsxattr old_fa; unsigned int flags; - int join_flags = 0; int error; if (copy_from_user(&flags, arg, sizeof(flags))) @@ -1506,44 +1503,13 @@ xfs_ioc_setxflags( FS_SYNC_FL)) return -EOPNOTSUPP; - fa.fsx_xflags = xfs_merge_ioc_xflags(flags, xfs_ip2xflags(ip)); + __xfs_ioc_fsgetxattr(ip, false, &fa); + fa.fsx_xflags = xfs_merge_ioc_xflags(flags, fa.fsx_xflags); error = mnt_want_write_file(filp); if (error) return error; - - /* - * Changing DAX config may require inode locking for mapping - * invalidation. These need to be held all the way to transaction commit - * or cancel time, so need to be passed through to - * xfs_ioctl_setattr_get_trans() so it can apply them to the join call - * appropriately. - */ - error = xfs_ioctl_setattr_dax_invalidate(ip, &fa, &join_flags); - if (error) - goto out_drop_write; - - tp = xfs_ioctl_setattr_get_trans(ip, join_flags); - if (IS_ERR(tp)) { - error = PTR_ERR(tp); - goto out_drop_write; - } - - __xfs_ioc_fsgetxattr(ip, false, &old_fa); - error = vfs_ioc_fssetxattr_check(VFS_I(ip), &old_fa, &fa); - if (error) { - xfs_trans_cancel(tp); - goto out_drop_write; - } - - error = xfs_ioctl_setattr_xflags(tp, ip, &fa); - if (error) { - xfs_trans_cancel(tp); - goto out_drop_write; - } - - error = xfs_trans_commit(tp); -out_drop_write: + error = xfs_ioctl_setattr(ip, &fa); mnt_drop_write_file(filp); return error; } From patchwork Tue Jun 11 04:47:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10985979 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0176F14E5 for ; Tue, 11 Jun 2019 04:50:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E84A02832D for ; Tue, 11 Jun 2019 04:50:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DB9FC28495; Tue, 11 Jun 2019 04:50:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E7E02832D for ; Tue, 11 Jun 2019 04:50:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391166AbfFKEuO (ORCPT ); Tue, 11 Jun 2019 00:50:14 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:46456 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389620AbfFKEuO (ORCPT ); Tue, 11 Jun 2019 00:50:14 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4hbtt159138; Tue, 11 Jun 2019 04:49:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=w6B62XWgEySnIWZsve79cF+lTRasJpmyyQueK4g93UE=; b=xr/OkVp95W9CZa1qjVKbtngLN9J+a0uZavn2r3ArsGbLa3Idt+XiHAevESEnFd2Muawd IDeKByu9gQWLom5QvFu9SB6aGdiFJoCp0tz7vKlzNewkahhwnjXvO0YFc7SwTBUu/TXr 1JAzKRa/DZxlP4ZZpnIqV/L0X1JujwSoecEOGG343C3b9FaK4zuy1R0cRIGXh59pnwVC rgO1+qT0i60g5fCtoX0xlqOK/qTFrDgQsRkvoiZce/aNAuX3Lrp5ll2wDFoSsEQSMY+0 xO05b6rP2HVkV4MLCu2gbQsaloZCyjVElf52i0un57IO4AUWcCHG2FJLiCzCFi61Ne0u iQ== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2130.oracle.com with ESMTP id 2t04etjm38-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:49:06 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5B4jGrX167613; Tue, 11 Jun 2019 04:47:06 GMT Received: from pps.reinject (localhost [127.0.0.1]) by userp3030.oracle.com with ESMTP id 2t024u6kpg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 11 Jun 2019 04:47:06 +0000 Received: from userp3030.oracle.com (userp3030.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5B4l5Gj171026; Tue, 11 Jun 2019 04:47:06 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3030.oracle.com with ESMTP id 2t024u6kpc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Jun 2019 04:47:05 +0000 Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x5B4l4Q5023284; Tue, 11 Jun 2019 04:47:04 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 10 Jun 2019 21:47:04 -0700 Subject: [PATCH 6/6] xfs: clean up xfs_merge_ioc_xflags From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Mon, 10 Jun 2019 21:47:01 -0700 Message-ID: <156022842153.3227213.3285668171167534801.stgit@magnolia> In-Reply-To: <156022836912.3227213.13598042497272336695.stgit@magnolia> References: <156022836912.3227213.13598042497272336695.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9284 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=605 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110033 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong Clean up the calling convention since we're editing the fsxattr struct anyway. Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_ioctl.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 7b19ba2956ad..a67bc9afdd0b 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -829,35 +829,31 @@ xfs_ioc_ag_geometry( * Linux extended inode flags interface. */ -STATIC unsigned int +static inline void xfs_merge_ioc_xflags( - unsigned int flags, - unsigned int start) + struct fsxattr *fa, + unsigned int flags) { - unsigned int xflags = start; - if (flags & FS_IMMUTABLE_FL) - xflags |= FS_XFLAG_IMMUTABLE; + fa->fsx_xflags |= FS_XFLAG_IMMUTABLE; else - xflags &= ~FS_XFLAG_IMMUTABLE; + fa->fsx_xflags &= ~FS_XFLAG_IMMUTABLE; if (flags & FS_APPEND_FL) - xflags |= FS_XFLAG_APPEND; + fa->fsx_xflags |= FS_XFLAG_APPEND; else - xflags &= ~FS_XFLAG_APPEND; + fa->fsx_xflags &= ~FS_XFLAG_APPEND; if (flags & FS_SYNC_FL) - xflags |= FS_XFLAG_SYNC; + fa->fsx_xflags |= FS_XFLAG_SYNC; else - xflags &= ~FS_XFLAG_SYNC; + fa->fsx_xflags &= ~FS_XFLAG_SYNC; if (flags & FS_NOATIME_FL) - xflags |= FS_XFLAG_NOATIME; + fa->fsx_xflags |= FS_XFLAG_NOATIME; else - xflags &= ~FS_XFLAG_NOATIME; + fa->fsx_xflags &= ~FS_XFLAG_NOATIME; if (flags & FS_NODUMP_FL) - xflags |= FS_XFLAG_NODUMP; + fa->fsx_xflags |= FS_XFLAG_NODUMP; else - xflags &= ~FS_XFLAG_NODUMP; - - return xflags; + fa->fsx_xflags &= ~FS_XFLAG_NODUMP; } STATIC unsigned int @@ -1504,7 +1500,7 @@ xfs_ioc_setxflags( return -EOPNOTSUPP; __xfs_ioc_fsgetxattr(ip, false, &fa); - fa.fsx_xflags = xfs_merge_ioc_xflags(flags, fa.fsx_xflags); + xfs_merge_ioc_xflags(&fa, flags); error = mnt_want_write_file(filp); if (error)