From patchwork Fri Jun 28 18:34:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 11023149 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ADD32112C for ; Fri, 28 Jun 2019 18:35:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 74F82286A7 for ; Fri, 28 Jun 2019 18:35:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 63856286B3; Fri, 28 Jun 2019 18:35:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ACECF286A7 for ; Fri, 28 Jun 2019 18:35:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B71578E0005; Fri, 28 Jun 2019 14:35:04 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B20D28E0002; Fri, 28 Jun 2019 14:35:04 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9E87B8E0005; Fri, 28 Jun 2019 14:35:04 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yw1-f77.google.com (mail-yw1-f77.google.com [209.85.161.77]) by kanga.kvack.org (Postfix) with ESMTP id 770458E0002 for ; Fri, 28 Jun 2019 14:35:04 -0400 (EDT) Received: by mail-yw1-f77.google.com with SMTP id b129so9957013ywe.22 for ; Fri, 28 Jun 2019 11:35:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=SzhUagx5xKDjUPMnCOT6QDZ48tKdmDiAhiUc4dwBNMc=; b=NUwE6q145Mawt70RmfKYvR47hqFnztb6hO5jN19g8x7H0FCXPQREOm2NsX7oYzgFpy yUOl1zznj0b4xchJT4t6S7piPH7NrG/ArHkg+cyLtvrGDNbLm4Bnd8PmWPSwo+7rW3cr n6N0ZTyihdswPe6FE46hApGvMYj/TqXDtbis6jjybaABsOEXmPqCvwXiP7O21T7xPRgs MnGwS7uscRHAyd4l92xIG2o16CWw6X6FhaZymbYaSmN4kdGtBGp+BNyzmTP3PMygzc9K hpraIitrSRPm0aBG86TTYGG00B1B05GBhErUdUvFgXlQbeWNC2yUP3UJF+IAK5bbYzQE 0X3g== X-Gm-Message-State: APjAAAUR8CL2aL2ooEU/2TsviRWJc8XUxQGp4ZCWrBzACX5VSJKdVK7/ wW607enroz5hDphrXVze/mY5bmquxnfoUSXca5WQR+XC9E5EcWA55fWAD5LDh7nrULSRvZRMMrB YWrRHQhm2In2M3nYIZqdkDAzGup66wo4TAqHT4qI6KLEs63O1QtYWTl6JYyb2lsbKRw== X-Received: by 2002:a81:2713:: with SMTP id n19mr7517945ywn.399.1561746904100; Fri, 28 Jun 2019 11:35:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqyGvGLhaJ/CZM9yPsruo7LO94K5HRBmb8+bEhkwmnmb5VW06T3ACs6+Wegr7GCePWnJ+Sbl X-Received: by 2002:a81:2713:: with SMTP id n19mr7517914ywn.399.1561746903468; Fri, 28 Jun 2019 11:35:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561746903; cv=none; d=google.com; s=arc-20160816; b=CqjlGKIk52gXr6CmQ7o3abAUijg7tjPO3kPBC1iR+W9sLzBrgd0xeqJV8eGKdgYXw7 e0m+6u0fLf117Wtagi1fFhK4KwwM7XD9bUZ4zqmtZ506EunYImV11xfbCa1yBqv1RmMX f73I+Y8QYcOn2kxkhlswxGNFPgooVn2wEiQKB/taqPlqXmWAUoFwHqBLETjq2+f+oIqh BGhpWj+NfuNG0rnveJh32Km9T7RZ4aqtGOGIBCT7LkV64OqWvbjRRFib7qJbfxBEs0yT xBN2CfamPq8HvcuOd+8D2xIGe2/pq1/dOpWJWADprwU4IWM4x8+RBGX+vIhwxYM1XXaV TQBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=SzhUagx5xKDjUPMnCOT6QDZ48tKdmDiAhiUc4dwBNMc=; b=WCDt307OjOiqtS8c0euaaXi72pI7v9OBSXJcRxQCV2ZLosiJw71JLEMEWxfaTepybQ 30pLWq0S1q50yUWF5MQfbOSjVvgJ3cn1RPNQCyQOeJ3qiYRVEqaRP/AT3Zax6eTdQo12 kSeANwQ1746s2gWEjiIeco1F8lejdsa+42QN5RK018BJnBoGKK1KUT63lTN8xVALa/SL Zao6oOFdXXX7W3BHKMBJPoJf20mpoXOzUsE7lWkS34Ix4TKrcEVdxzqLJnI9F0fKMJBF JeVnIL+v5X+TiC8SwrrT7YFxBJUSLexgURnZ4VbwUZeV/CWzUZgHGRFHxSu2X+oVXUea MO7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=mnvLlQbV; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2120.oracle.com (userp2120.oracle.com. [156.151.31.85]) by mx.google.com with ESMTPS id q126si1288840ybq.99.2019.06.28.11.35.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Jun 2019 11:35:03 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) client-ip=156.151.31.85; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=mnvLlQbV; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIYFLu114564; Fri, 28 Jun 2019 18:34:51 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=SzhUagx5xKDjUPMnCOT6QDZ48tKdmDiAhiUc4dwBNMc=; b=mnvLlQbV2QHV26kqG92l3MXPrAPzWnlJDT7iMchyHjON0BMde8Sg9j+NJSQ2cgtq+RKW GtWC0aXPwH4JWFvGkbIDc22Kpnp3GPUUwn/X+y7MbUPXCMHqkJHXTM3sf3ePxCPgGQTR Ik6oOyIb8/35YREB7LMH6RLuFlRi5sjofcBUaHWl210Cqx59Cuy3psQwF5i939AWsCZH 0eByhkqF2267VS9+c8UPrsMZ+4ehuzeqW4nIe7Lc0ETccrtY9ADYq8g6iQDQxz6qcAb9 spxjGujEt8id50pXB71YFUjUEKKpzcUsz3+oVF3hJ6svSdLkNQjVZZEXy9sdSHInKJxt PQ== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 2t9cyqxyj6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:34:50 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIXcw7078820; Fri, 28 Jun 2019 18:34:50 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3030.oracle.com with ESMTP id 2t9acdyec3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 28 Jun 2019 18:34:50 +0000 Received: from aserp3030.oracle.com (aserp3030.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5SIYdKa080557; Fri, 28 Jun 2019 18:34:49 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserp3030.oracle.com with ESMTP id 2t9acdyebu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:34:49 +0000 Received: from abhmp0020.oracle.com (abhmp0020.oracle.com [141.146.116.26]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x5SIYk5o021913; Fri, 28 Jun 2019 18:34:47 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 28 Jun 2019 11:34:46 -0700 Subject: [PATCH 1/4] mm/fs: don't allow writes to immutable files From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, hch@infradead.org, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, Jan Kara , devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Fri, 28 Jun 2019 11:34:43 -0700 Message-ID: <156174688345.1557469.793195935067841912.stgit@magnolia> In-Reply-To: <156174687561.1557469.7505651950825460767.stgit@magnolia> References: <156174687561.1557469.7505651950825460767.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9302 signatures=668688 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=375 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906280210 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." Once the flag is set, it is enforced for quite a few file operations, such as fallocate, fpunch, fzero, rm, touch, open, etc. However, we don't check for immutability when doing a write(), a PROT_WRITE mmap(), a truncate(), or a write to a previously established mmap. If a program has an open write fd to a file that the administrator subsequently marks immutable, the program still can change the file contents. Weird! The ability to write to an immutable file does not follow the manpage promise that immutable files cannot be modified. Worse yet it's inconsistent with the behavior of other syscalls which don't allow modifications of immutable files. Therefore, add the necessary checks to make the write, mmap, and truncate behavior consistent with what the manpage says and consistent with other syscalls on filesystems which support IMMUTABLE. Signed-off-by: Darrick J. Wong Reviewed-by: Jan Kara --- fs/attr.c | 13 ++++++------- mm/filemap.c | 3 +++ mm/memory.c | 4 ++++ mm/mmap.c | 8 ++++++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/fs/attr.c b/fs/attr.c index d22e8187477f..1fcfdcc5b367 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -233,19 +233,18 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de WARN_ON_ONCE(!inode_is_locked(inode)); - if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) { - if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) - return -EPERM; - } + if (IS_IMMUTABLE(inode)) + return -EPERM; + + if ((ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) && + IS_APPEND(inode)) + return -EPERM; /* * If utimes(2) and friends are called with times == NULL (or both * times are UTIME_NOW), then we need to check for write permission */ if (ia_valid & ATTR_TOUCH) { - if (IS_IMMUTABLE(inode)) - return -EPERM; - if (!inode_owner_or_capable(inode)) { error = inode_permission(inode, MAY_WRITE); if (error) diff --git a/mm/filemap.c b/mm/filemap.c index aac71aef4c61..dad85e10f5f8 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2935,6 +2935,9 @@ inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from) loff_t count; int ret; + if (IS_IMMUTABLE(inode)) + return -EPERM; + if (!iov_iter_count(from)) return 0; diff --git a/mm/memory.c b/mm/memory.c index ddf20bd0c317..abf795277f36 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2235,6 +2235,10 @@ static vm_fault_t do_page_mkwrite(struct vm_fault *vmf) vmf->flags = FAULT_FLAG_WRITE|FAULT_FLAG_MKWRITE; + if (vmf->vma->vm_file && + IS_IMMUTABLE(vmf->vma->vm_file->f_mapping->host)) + return VM_FAULT_SIGBUS; + ret = vmf->vma->vm_ops->page_mkwrite(vmf); /* Restore original flags so that caller is not surprised */ vmf->flags = old_flags; diff --git a/mm/mmap.c b/mm/mmap.c index 7e8c3e8ae75f..b3ebca2702bf 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1483,8 +1483,12 @@ unsigned long do_mmap(struct file *file, unsigned long addr, case MAP_SHARED_VALIDATE: if (flags & ~flags_mask) return -EOPNOTSUPP; - if ((prot&PROT_WRITE) && !(file->f_mode&FMODE_WRITE)) - return -EACCES; + if (prot & PROT_WRITE) { + if (!(file->f_mode & FMODE_WRITE)) + return -EACCES; + if (IS_IMMUTABLE(file->f_mapping->host)) + return -EPERM; + } /* * Make sure we don't allow writing to an append-only From patchwork Fri Jun 28 18:34:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 11023153 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7BC79138D for ; Fri, 28 Jun 2019 18:35:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4460328685 for ; Fri, 28 Jun 2019 18:35:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 37D2728683; Fri, 28 Jun 2019 18:35:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAB1128683 for ; Fri, 28 Jun 2019 18:35:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B981D8E0006; Fri, 28 Jun 2019 14:35:11 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B48408E0002; Fri, 28 Jun 2019 14:35:11 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9E93E8E0006; Fri, 28 Jun 2019 14:35:11 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-io1-f78.google.com (mail-io1-f78.google.com [209.85.166.78]) by kanga.kvack.org (Postfix) with ESMTP id 7AD108E0002 for ; Fri, 28 Jun 2019 14:35:11 -0400 (EDT) Received: by mail-io1-f78.google.com with SMTP id p12so7542263iog.19 for ; Fri, 28 Jun 2019 11:35:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=hDvAuKrMfSUW7AbzqNfZSt/8R1aeCpTe5TGF8T8lRYc=; b=gu/TYDEVY7f9691KVIfakI4+UQqtH9ceiY9HV1SE3TFDFIT9DfNl+ejN5kQAPHrt0E MJXbT6WvQtcDT2BD/egBbcvVsx9GGQcGiwLNyo5ZWmsKuO7vWSmTocb+AIlUPXWnTgPe PO7Dm22w3BkXa+Tmp/OHEMbTjMtuplUftLou/qAt34bs6Os6a7TwAb57dEcPJ8271rGT 9WKan3Vw3t6Uw6U0QcUD2pczWsROfz5FTi+4VnPOCkJcYxmw1MUoi0GqkbGJSeubPWMn 7SygR/jHURjT0SXLKvCWD76JSBBKXcbjY9J+DM2kqc14HAAaC02BwxgTy4eqOigjRA2y jTPw== X-Gm-Message-State: APjAAAVAeAKThwc5ul5GSPkgHtmax5CDNiPKe8TwBIeTTj3n5VaFbqGK QE9URuq6kA5FLrdZF0uqoGYwYNY9W8kvQvvvYubQoxfZxchKDajZiE8S5iK1/s8XQWLTVYTpUhm zsjmndHuwi32e5crzNatF9VdimawhxPncue7iB3MCDubojxASXY0rBoFocAlsfs7ijA== X-Received: by 2002:a5d:9a04:: with SMTP id s4mr12961841iol.19.1561746911241; Fri, 28 Jun 2019 11:35:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqyvvoko8UBVj3EYWOqlgeuRa5/DEKTcjwKQHDgO7loL+UxEDkXa7b8wefEWJuuTr7df35x4 X-Received: by 2002:a5d:9a04:: with SMTP id s4mr12961748iol.19.1561746910262; Fri, 28 Jun 2019 11:35:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561746910; cv=none; d=google.com; s=arc-20160816; b=dHWIS5PrYN//04VDLBtGsVLvcXj6vo2UQcUPDBGW+Q95q5HsbZqUmgYV7kwlXzp4AG W+vhx8Rw1fSJOPd1kfutaR2UeLSiNUyUZplxCd30aYKOPELvIA05w9ligtSbFkNehhQf ocizaoRZaI1w/1ojwhFK0WYuKVIU+CizQOG6rRqlk1+/T0MpQ9NhaBdCXD2eCZ96SZxC NOVWOzLTh7nYULkXdf6aSYIf+ZE7se0mjcrKR0T8hIVN1Ue2seeycEGaa8k55hzevD4I xwPH8AX+B8CR4fNiU79Q1UN+I6nY+MrTa8P/YgW0Al52DYGdIFV/3YC3z0Aqm561FUt3 UQ7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=hDvAuKrMfSUW7AbzqNfZSt/8R1aeCpTe5TGF8T8lRYc=; b=w7ygu7cvtOAqPXebt4xOsthpLTkCCaNU0YulHUA2jw3HEeFQAas7c8PF2zSimGf+4L bliZw9e8+hCHm3y5yY6R+bwAZ35gQA1Ix46D7JgRBFg98BzfVOHjyoEkJYZ4T7190fWX S/DoLCmw8TDeA31tF4sojrdwapxLnWMIr/faIJuQzYiP0omys1/EkEt4w6frNa/F/x0D Ahi99hEvxAMvU/8qYlYWarLFyuzYHg1CaIf74UpAZMRPbs/EcuMFWuh6l/SgVDdRFWSy qgCt9092DNcguR/59gy5Ezh+q+9dd55FiQkWf7QhMl9RYAnMwAs6K4D1B4Hewo2KjemR SL5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b="jRRaM6/c"; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2130.oracle.com (userp2130.oracle.com. [156.151.31.86]) by mx.google.com with ESMTPS id c3si4445014ioq.99.2019.06.28.11.35.10 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Jun 2019 11:35:10 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) client-ip=156.151.31.86; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b="jRRaM6/c"; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.86 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIYQRG108883; Fri, 28 Jun 2019 18:34:57 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=hDvAuKrMfSUW7AbzqNfZSt/8R1aeCpTe5TGF8T8lRYc=; b=jRRaM6/cr2s1fN3nJa8yFGdPIm650NetSXoqzer/0L2yCpma7vUORBQ7mNoB6zegt3yV 2WaPx92M+xx36rc1eyqskvJFn7teZ2EjeHlgbNGpAU6lHKWmerm/E2KLpNPo+wGArDa1 K8c2RTjP5b+vZvA0NI05COGDHcOesafa6zvfR7n2l6a4vNBTxFEAFBe9kju/lSpjuOFA sfZS2IZRGf2rVNN8QJ4XjaPhFu7Dg9WBD5nM9iuWr+1Q8xXsS4BvM2zQ5vYY9tZSIFZD S1ts7ni4Y8CuHWQnPN6AP834iFHazwJqlHUIP93kvyf0vy/iHyKGjVX9sQiIRpp9eMnJ xw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2130.oracle.com with ESMTP id 2t9brtq3hf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:34:57 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIXXPt000897; Fri, 28 Jun 2019 18:34:56 GMT Received: from pps.reinject (localhost [127.0.0.1]) by userp3020.oracle.com with ESMTP id 2tat7e3gab-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 28 Jun 2019 18:34:56 +0000 Received: from userp3020.oracle.com (userp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5SIYuM8003117; Fri, 28 Jun 2019 18:34:56 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userp3020.oracle.com with ESMTP id 2tat7e3ga7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:34:56 +0000 Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5SIYsCq029052; Fri, 28 Jun 2019 18:34:54 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 28 Jun 2019 11:34:54 -0700 Subject: [PATCH 2/4] vfs: flush and wait for io when setting the immutable flag via SETFLAGS From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, hch@infradead.org, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Fri, 28 Jun 2019 11:34:51 -0700 Message-ID: <156174689192.1557469.17945809794748607270.stgit@magnolia> In-Reply-To: <156174687561.1557469.7505651950825460767.stgit@magnolia> References: <156174687561.1557469.7505651950825460767.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9302 signatures=668688 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=753 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906280210 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong When we're using FS_IOC_SETFLAGS to set the immutable flag on a file, we need to ensure that userspace can't continue to write the file after the file becomes immutable. To make that happen, we have to flush all the dirty pagecache pages to disk to ensure that we can fail a page fault on a mmap'd region, wait for pending directio to complete, and hope the caller locked out any new writes by holding the inode lock. Signed-off-by: Darrick J. Wong --- fs/inode.c | 21 +++++++++++++++++++-- include/linux/fs.h | 11 +++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index f08711b34341..65a412af3ffb 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2193,7 +2193,8 @@ EXPORT_SYMBOL(current_time); /* * Generic function to check FS_IOC_SETFLAGS values and reject any invalid - * configurations. + * configurations. Once we're done, prepare the inode for whatever changes + * are coming down the pipeline. * * Note: the caller should be holding i_mutex, or else be sure that they have * exclusive access to the inode structure. @@ -2201,6 +2202,8 @@ EXPORT_SYMBOL(current_time); int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, unsigned int flags) { + int ret; + /* * The IMMUTABLE and APPEND_ONLY flags can only be changed by * the relevant capability. @@ -2211,7 +2214,21 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; - return 0; + /* + * Now that we're done checking the new flags, flush all pending IO and + * dirty mappings before setting S_IMMUTABLE on an inode via + * FS_IOC_SETFLAGS. If the flush fails we'll clear the flag before + * returning error. + */ + if (!S_ISREG(inode->i_mode) || IS_IMMUTABLE(inode) || + !(flags & FS_IMMUTABLE_FL)) + return 0; + + inode_set_flags(inode, S_IMMUTABLE, S_IMMUTABLE); + ret = inode_drain_writes(inode); + if (ret) + inode_set_flags(inode, 0, S_IMMUTABLE); + return ret; } EXPORT_SYMBOL(vfs_ioc_setflags_prepare); diff --git a/include/linux/fs.h b/include/linux/fs.h index 91482ab4556a..0efe749de577 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3567,4 +3567,15 @@ static inline void simple_fill_fsxattr(struct fsxattr *fa, __u32 xflags) fa->fsx_xflags = xflags; } +/* + * Flush file data before changing attributes. Caller must hold any locks + * required to prevent further writes to this file until we're done setting + * flags. + */ +static inline int inode_drain_writes(struct inode *inode) +{ + inode_dio_wait(inode); + return filemap_write_and_wait(inode->i_mapping); +} + #endif /* _LINUX_FS_H */ From patchwork Fri Jun 28 18:34:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 11023275 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AD204112C for ; Fri, 28 Jun 2019 18:37:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B11528346 for ; Fri, 28 Jun 2019 18:37:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6DE2428514; Fri, 28 Jun 2019 18:37:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B001128346 for ; Fri, 28 Jun 2019 18:37:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D91408E0003; Fri, 28 Jun 2019 14:37:19 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D42308E0002; Fri, 28 Jun 2019 14:37:19 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C09C48E0003; Fri, 28 Jun 2019 14:37:19 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yw1-f77.google.com (mail-yw1-f77.google.com [209.85.161.77]) by kanga.kvack.org (Postfix) with ESMTP id 9B73C8E0002 for ; Fri, 28 Jun 2019 14:37:19 -0400 (EDT) Received: by mail-yw1-f77.google.com with SMTP id b63so10001066ywc.12 for ; Fri, 28 Jun 2019 11:37:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=O3xegD6OiDT7CYvuWXxJjj2lv59PMA3CjktcEglMT6c=; b=OjD7SkEsqM6/28oAW31FcIxeoBEav40ThGjcx9nOA4rOEBu81/jUJ0QbjbfxATx0Qu gmiM0+VqOpCCnn9DXeK3fvYQjV1nXdyizPnbwbo+a2yhxyM6fT/h3tAHC9VNLrTkYwUt eILotlRUTkM4OZGwJwGflrgtr4A3UfSMX0o13uMfJJuWaJMtSjABknEBryIU2JixUIBL rd4ijloXkQvo+Rj/Ws35YU27x/a7CuzQgkSJmCXz6njhtBoqHGGL92OFOIEdZYrA5Tqj 9GN/6RL2GIiGQM31+nOvJT5r+gPDIx06rL54vpgAdMzpYWDLDwR6HbJTYV/DuddoqnEg LCrg== X-Gm-Message-State: APjAAAV+PJpPmcRQ5shjVnq8rGa83+0uEvu072z7hXJPcEeq73sPQhXw dPXIYhXhKVkXk0F9XmqQBWfphOsO+IYMNpauUU87r573RWDaD4EGS9o9rRnL5nHLcJ+e9+B+/KF vtRiKtfWfZ/WEA/vaIHMH/sBKRhkCVShAwJQVvhKzqncaJc16sly91xhsTpLlbl6ALA== X-Received: by 2002:a25:61ce:: with SMTP id v197mr3063469ybb.109.1561747039389; Fri, 28 Jun 2019 11:37:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqybviCP7yP4JJKXZQNISBhuwUEE3RnYBWMu4+6MXo5hd17NeYHTvZPNeKSB7Tabq5OMRhGb X-Received: by 2002:a25:61ce:: with SMTP id v197mr3063426ybb.109.1561747038511; Fri, 28 Jun 2019 11:37:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561747038; cv=none; d=google.com; s=arc-20160816; b=Wlu17lf9RtvQMQNtRsAPQUEy6zefPs4nz0kSG/3pSoLTG2X8vMCiVjBolX4aN+T402 uKigjG0+6SH+CsiORuNLW24qL3UMq2uM8z9e6Kj66pm3b/zb1YReOauYVBDejkGccX1p UEXmADLaOPgHETEOqbs9P6eHbcCwP4/HPD+bg27GDZTHj2I7cyTTMZGzXmb7haRZLLbK M1qdekjXjfyfJdDS452YyVbN65YA4jY1qLEIy0i3gSD8JFGdt46w8f4AvHhnS+aS2Drs 17XM4Mjqbeu85MZjBFFL15+175Bb17+wNYfN7sQ5DKHQa9GHy7TkhSlx5u63SwBWWFcd Qvtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=O3xegD6OiDT7CYvuWXxJjj2lv59PMA3CjktcEglMT6c=; b=WMlIeGS+jTd5xyK2WN7wc6zTCNumHYF9YbKyPr1C7MfKSJTTwL7lT7+KN304NXVBqZ hWFyKfngO6CPAy1RZj8g4jIaGQpzAom8hzOKXfOmwOlyQkAw/hARkx7iETOiOY3Wcjvk ol71ymDGsAmPnhcFtNYXYIbjBkrP0kbVQWu103sF5bmdUHq9nJyN41qs2bSWhkVqBnpq 8bsnnLAenU3MYYJNFY5GQjdJZB31lOG5boSldxG0XIeemhK3b/KVdMDa3PlFq0xB9Pon HPRlge9pttWTo1MFEnHyVsTCO/VyWeL0q/Bw+2xRBI3y2mOFKs4NfvH3Y1ykRj09Unl3 YaJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=pBjv0y1S; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from userp2120.oracle.com (userp2120.oracle.com. [156.151.31.85]) by mx.google.com with ESMTPS id z124si1243257yba.58.2019.06.28.11.37.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Jun 2019 11:37:18 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) client-ip=156.151.31.85; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=pBjv0y1S; spf=pass (google.com: domain of darrick.wong@oracle.com designates 156.151.31.85 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIZrgg116051; Fri, 28 Jun 2019 18:37:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=O3xegD6OiDT7CYvuWXxJjj2lv59PMA3CjktcEglMT6c=; b=pBjv0y1SN47tvWrJ59lGt95PbfTTcZyMo9tTZrwAQL+MKNQI4cQR1e3KUF4ZjX6TmQXZ 7fjAp5KNwNlrmQE8bFZ5Mtp6Ur83C4iOF3g41nLAjrgtjNTT9OMudTKl25Pzx5EC6Sp/ VxGLjm8WAc/tteHJnZ565nHN8j5W0lueTaPVyfE1fK2HAHC0cvuGLTA/Uxt/ht5MjO0z jNNOa/AMQsWH9qGigPS4x+VIrXc0q1GoaD59PUQetqOon/6SHWDztzFuxDWr7fJOVHCm MRUq+5/EFMA4sIYD7vqAXm0IVx7/aanhJbJ8Sl2GQu5MJjUMqHRiuVbkgORgpat3rs1Y 6g== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by userp2120.oracle.com with ESMTP id 2t9cyqxyse-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:37:06 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIYqWe152199; Fri, 28 Jun 2019 18:35:05 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3020.oracle.com with ESMTP id 2t9p6w235t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 28 Jun 2019 18:35:05 +0000 Received: from aserp3020.oracle.com (aserp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5SIZ4ue152605; Fri, 28 Jun 2019 18:35:04 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3020.oracle.com with ESMTP id 2t9p6w2359-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:35:04 +0000 Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5SIZ2qU029171; Fri, 28 Jun 2019 18:35:02 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 28 Jun 2019 11:35:02 -0700 Subject: [PATCH 3/4] vfs: flush and wait for io when setting the immutable flag via FSSETXATTR From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, hch@infradead.org, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Fri, 28 Jun 2019 11:34:59 -0700 Message-ID: <156174689965.1557469.9018924813461417576.stgit@magnolia> In-Reply-To: <156174687561.1557469.7505651950825460767.stgit@magnolia> References: <156174687561.1557469.7505651950825460767.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9302 signatures=668688 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906280210 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong When we're using FS_IOC_FSSETXATTR to set the immutable flag on a file, we need to ensure that userspace can't continue to write the file after the file becomes immutable. To make that happen, we have to flush all the dirty pagecache pages to disk to ensure that we can fail a page fault on a mmap'd region, wait for pending directio to complete, and hope the caller locked out any new writes by holding the inode lock. XFS has more complex locking than other FSSETXATTR implementations so we have to keep the checking and preparation code in different functions. Signed-off-by: Darrick J. Wong --- fs/btrfs/ioctl.c | 2 + fs/ext4/ioctl.c | 2 + fs/f2fs/file.c | 2 + fs/inode.c | 31 +++++++++++++++++++++++ fs/xfs/xfs_ioctl.c | 71 +++++++++++++++++++++++++++++++++++++++------------- include/linux/fs.h | 3 ++ 6 files changed, 90 insertions(+), 21 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 3cd66efdb99d..aeffe3fd99c4 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -420,7 +420,7 @@ static int btrfs_ioctl_fssetxattr(struct file *file, void __user *arg) simple_fill_fsxattr(&old_fa, btrfs_inode_flags_to_xflags(binode->flags)); - ret = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + ret = vfs_ioc_fssetxattr_prepare(inode, &old_fa, &fa); if (ret) goto out_unlock; diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 566dfac28b3f..69810e59f89a 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -1109,7 +1109,7 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) inode_lock(inode); ext4_fill_fsxattr(inode, &old_fa); - err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + err = vfs_ioc_fssetxattr_prepare(inode, &old_fa, &fa); if (err) goto out; flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 8799468724f9..b47f22eb483e 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2825,7 +2825,7 @@ static int f2fs_ioc_fssetxattr(struct file *filp, unsigned long arg) inode_lock(inode); f2fs_fill_fsxattr(inode, &old_fa); - err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); + err = vfs_ioc_fssetxattr_prepare(inode, &old_fa, &fa); if (err) goto out; flags = (fi->i_flags & ~F2FS_FL_XFLAG_VISIBLE) | diff --git a/fs/inode.c b/fs/inode.c index 65a412af3ffb..cf07378e5731 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2293,3 +2293,34 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, return 0; } EXPORT_SYMBOL(vfs_ioc_fssetxattr_check); + +/* + * Generic function to check FS_IOC_FSSETXATTR values and reject any invalid + * configurations. If none are found, flush all pending IO and dirty mappings + * before setting S_IMMUTABLE on an inode. If the flush fails we'll clear the + * flag before returning error. + * + * Note: the caller must hold whatever locks are necessary to block any other + * threads from starting a write to the file. + */ +int vfs_ioc_fssetxattr_prepare(struct inode *inode, + const struct fsxattr *old_fa, + struct fsxattr *fa) +{ + int ret; + + ret = vfs_ioc_fssetxattr_check(inode, old_fa, fa); + if (ret) + return ret; + + if (!S_ISREG(inode->i_mode) || IS_IMMUTABLE(inode) || + !(fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) + return 0; + + inode_set_flags(inode, S_IMMUTABLE, S_IMMUTABLE); + ret = inode_drain_writes(inode); + if (ret) + inode_set_flags(inode, 0, S_IMMUTABLE); + return ret; +} +EXPORT_SYMBOL(vfs_ioc_fssetxattr_prepare); diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index fe29aa61293c..552f18554c48 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -1057,6 +1057,30 @@ xfs_ioctl_setattr_xflags( return 0; } +/* + * If we're setting immutable on a regular file, we need to prevent new writes. + * Once we've done that, we must wait for all the other writes to complete. + * + * The caller must use @join_flags to release the locks which are held on @ip + * regardless of return value. + */ +static int +xfs_ioctl_setattr_drain_writes( + struct xfs_inode *ip, + const struct fsxattr *fa, + int *join_flags) +{ + struct inode *inode = VFS_I(ip); + + if (!S_ISREG(inode->i_mode) || !(fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) + return 0; + + *join_flags = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; + xfs_ilock(ip, *join_flags); + + return inode_drain_writes(inode); +} + /* * If we are changing DAX flags, we have to ensure the file is clean and any * cached objects in the address space are invalidated and removed. This @@ -1064,6 +1088,9 @@ xfs_ioctl_setattr_xflags( * operation. The locks need to be held until the transaction has been committed * so that the cache invalidation is atomic with respect to the DAX flag * manipulation. + * + * The caller must use @join_flags to release the locks which are held on @ip + * regardless of return value. */ static int xfs_ioctl_setattr_dax_invalidate( @@ -1075,8 +1102,6 @@ xfs_ioctl_setattr_dax_invalidate( struct super_block *sb = inode->i_sb; int error; - *join_flags = 0; - /* * It is only valid to set the DAX flag on regular files and * directories on filesystems where the block size is equal to the page @@ -1102,21 +1127,15 @@ xfs_ioctl_setattr_dax_invalidate( return 0; /* lock, flush and invalidate mapping in preparation for flag change */ - xfs_ilock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); - error = filemap_write_and_wait(inode->i_mapping); - if (error) - goto out_unlock; - error = invalidate_inode_pages2(inode->i_mapping); - if (error) - goto out_unlock; - - *join_flags = XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL; - return 0; - -out_unlock: - xfs_iunlock(ip, XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL); - return error; + if (*join_flags == 0) { + *join_flags = XFS_MMAPLOCK_EXCL | XFS_IOLOCK_EXCL; + xfs_ilock(ip, *join_flags); + error = filemap_write_and_wait(inode->i_mapping); + if (error) + return error; + } + return invalidate_inode_pages2(inode->i_mapping); } /* @@ -1325,6 +1344,12 @@ xfs_ioctl_setattr( return code; } + code = xfs_ioctl_setattr_drain_writes(ip, fa, &join_flags); + if (code) { + xfs_iunlock(ip, join_flags); + goto error_free_dquots; + } + /* * Changing DAX config may require inode locking for mapping * invalidation. These need to be held all the way to transaction commit @@ -1333,8 +1358,10 @@ xfs_ioctl_setattr( * appropriately. */ code = xfs_ioctl_setattr_dax_invalidate(ip, fa, &join_flags); - if (code) + if (code) { + xfs_iunlock(ip, join_flags); goto error_free_dquots; + } tp = xfs_ioctl_setattr_get_trans(ip, join_flags); if (IS_ERR(tp)) { @@ -1484,6 +1511,12 @@ xfs_ioc_setxflags( if (error) return error; + error = xfs_ioctl_setattr_drain_writes(ip, &fa, &join_flags); + if (error) { + xfs_iunlock(ip, join_flags); + goto out_drop_write; + } + /* * Changing DAX config may require inode locking for mapping * invalidation. These need to be held all the way to transaction commit @@ -1492,8 +1525,10 @@ xfs_ioc_setxflags( * appropriately. */ error = xfs_ioctl_setattr_dax_invalidate(ip, &fa, &join_flags); - if (error) + if (error) { + xfs_iunlock(ip, join_flags); goto out_drop_write; + } tp = xfs_ioctl_setattr_get_trans(ip, join_flags); if (IS_ERR(tp)) { diff --git a/include/linux/fs.h b/include/linux/fs.h index 0efe749de577..73a8bd789e36 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3560,6 +3560,9 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, struct fsxattr *fa); +int vfs_ioc_fssetxattr_prepare(struct inode *inode, + const struct fsxattr *old_fa, + struct fsxattr *fa); static inline void simple_fill_fsxattr(struct fsxattr *fa, __u32 xflags) { From patchwork Fri Jun 28 18:35:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 11023171 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9A7091932 for ; Fri, 28 Jun 2019 18:35:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F20D20008 for ; Fri, 28 Jun 2019 18:35:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4EE43286B3; Fri, 28 Jun 2019 18:35:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 26F50286A7 for ; Fri, 28 Jun 2019 18:35:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 248428E0008; Fri, 28 Jun 2019 14:35:27 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1D2D48E0002; Fri, 28 Jun 2019 14:35:27 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 074FD8E0008; Fri, 28 Jun 2019 14:35:26 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yb1-f208.google.com (mail-yb1-f208.google.com [209.85.219.208]) by kanga.kvack.org (Postfix) with ESMTP id D63988E0002 for ; Fri, 28 Jun 2019 14:35:26 -0400 (EDT) Received: by mail-yb1-f208.google.com with SMTP id n70so801792ybf.8 for ; Fri, 28 Jun 2019 11:35:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:from:to:cc:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=mV9lFn0ZU5Q9Z/uVcSNUaPT4H36wgugtQJzUEwexaJw=; b=Al7tzfo1hRbf5+QUJ6KhmYICofzPsjqg8SZQUVj9UwX+OhWaw3PZ3wlmXuja0pHiyb rWUk/xUP+Osw4Pxm9Wfay7TgZdTp2aq6sNQ8Rm+1ZI5qhvTfJy5w+Dp2ISElKwZCcIGb p5zXuL38XNFlnr9aScXi4JnEM88HBUq0dvA+eO77qCS/n9Zc1NWGJ28bAUvFMA7Md2Fk WMgA5oiU/qp/Dc+KCaefNrIQkezXoc8VT0Mtde10Gj4EVAlAJSPu7tVNJadEwyHJQ3JV 409vXp2fTqo4Dw7M8kNMDux18NtZCdOwC/YXjhQuNFnKnJG4w83WpPQDmlNl8McpatMI u76Q== X-Gm-Message-State: APjAAAXrtH+K/sMLPK5b8/0OadMI9IS30yr1rOjkzbW8mdwo4odjy4Ix 5L+ZSa5hR8RcvxDPj/HUEpvmuTeYB/RZ4TLfisIeY2xekNn8Mrt0CLR2xBjk4W+bdhkL4FlMBWM OhokXxzNYLX98+REFryykl4XcEAbw92KEIc70DL8rvOf6MzuPASB+/cgHicgex7ke5A== X-Received: by 2002:a25:2e0e:: with SMTP id u14mr7844030ybu.337.1561746926662; Fri, 28 Jun 2019 11:35:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqzMOMtN2qFBqLhNskYw7LlqubJtHQ8KXIWcpWsaAeK9/jszsSD4Z2FcZximGvOK3eSj25Q+ X-Received: by 2002:a25:2e0e:: with SMTP id u14mr7843998ybu.337.1561746926126; Fri, 28 Jun 2019 11:35:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561746926; cv=none; d=google.com; s=arc-20160816; b=tB60uQFmoBgj94KVnU0+JBd3I45m8Ru+2H/wwY0ZBevNu/bpAW+SOMwJ8AVBn2R9/N 9sps6DgOSGzGB4JMFNBCuogqT/47LrCAoYcuhym1HeQonlhlZPQAMj7bjVgbqiKyCoB2 /zLwTO8GJcmVl+sfltmmolSsKdAHVdag6wsrZ8WKjFG4sztYG4jmS/8uNr+FuY3VN780 pj26im0BtIZf7YFcF/7obv2tKLdGtYbABqiBJgU44msHzWTS3PZ5T89sNXhLdT3UmnSg YSMgc264gxF7znJx/Ngsp5in7Pl6TuYaTre0bgZN033SccCAxfskr3822qTSiOEIXlED m2SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:dkim-signature; bh=mV9lFn0ZU5Q9Z/uVcSNUaPT4H36wgugtQJzUEwexaJw=; b=IVAs9rU5tCtrSU1zF0WJ2YM9pgNg+IChHMOZcQklsEVr2woP77jLmQ+w1+JrkIecPo Et20CT0pVYNrnYGZMSAGs9Tmn+ME92tHP2wf+zCBjJJB4BKTyDPDZ6YcPzKlP+FL9Key C6V1te6AM5d0Z9v8zzw7EeaMTdxIauQ5I0LYbpxZHHbo0j7wQXXct0lxzcPuwK4IBv0X lwzaIs75vpnypAVk2n3hh3Zgj+/2uRchNzOS3dt3cJJyxTa4ytd3MAhcaohTNINLvh43 kmpp7pXn8q8CNNqAdkY8torTa5i237Pk2t8cC1GFxMKhj3PfsXgGhQFUPiwZc0td33mN MbPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=InU5VQwU; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from aserp2120.oracle.com (aserp2120.oracle.com. [141.146.126.78]) by mx.google.com with ESMTPS id j190si1139189ywj.167.2019.06.28.11.35.25 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Jun 2019 11:35:26 -0700 (PDT) Received-SPF: pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) client-ip=141.146.126.78; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=InU5VQwU; spf=pass (google.com: domain of darrick.wong@oracle.com designates 141.146.126.78 as permitted sender) smtp.mailfrom=darrick.wong@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIYg95028012; Fri, 28 Jun 2019 18:35:13 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=mV9lFn0ZU5Q9Z/uVcSNUaPT4H36wgugtQJzUEwexaJw=; b=InU5VQwU/9kdWgyHNdeqJamZTFjgL8ed4NsqyIJsp1hQoTRw+cuss3QKw28DrcV+MwR5 NeB4fDw3S211SaxJkEgWs/ZkYiDTII3xYEWMTlWXM6xHHN1Rt8aCBLQgFhwcOBsGPjd+ L+wFuDCjf8ij8nvQzq781+D4e/bjHz9pWruNxQdDbokTlTpBPvyyLbHVQSgy1RyPAMiE JbrP87fbggSJM8vshLS1qI0MLBNpYz/DX7cBYg9uy+2ZB3lAIlhxzDquuSXcLj6p6BWP 09uZZfbWmNnvcjsl2cOOUYvGPzOx2719utSM0C6FKO5h1+pepugx0bbxDLfeyC7E5WIe qg== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2120.oracle.com with ESMTP id 2t9c9q72t0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:35:13 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x5SIXc0S078839; Fri, 28 Jun 2019 18:35:12 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3030.oracle.com with ESMTP id 2t9acdyegn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 28 Jun 2019 18:35:12 +0000 Received: from aserp3030.oracle.com (aserp3030.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x5SIZCBn081341; Fri, 28 Jun 2019 18:35:12 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3030.oracle.com with ESMTP id 2t9acdyegg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jun 2019 18:35:12 +0000 Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x5SIZA31029198; Fri, 28 Jun 2019 18:35:10 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 28 Jun 2019 11:35:10 -0700 Subject: [PATCH 4/4] vfs: don't allow most setxattr to immutable files From: "Darrick J. Wong" To: matthew.garrett@nebula.com, yuchao0@huawei.com, tytso@mit.edu, darrick.wong@oracle.com, ard.biesheuvel@linaro.org, josef@toxicpanda.com, hch@infradead.org, clm@fb.com, adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk, jack@suse.com, dsterba@suse.com, jaegeuk@kernel.org, jk@ozlabs.org Cc: reiserfs-devel@vger.kernel.org, linux-efi@vger.kernel.org, devel@lists.orangefs.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-xfs@vger.kernel.org, linux-mm@kvack.org, linux-nilfs@vger.kernel.org, linux-mtd@lists.infradead.org, ocfs2-devel@oss.oracle.com, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org Date: Fri, 28 Jun 2019 11:35:07 -0700 Message-ID: <156174690758.1557469.9258105121276292687.stgit@magnolia> In-Reply-To: <156174687561.1557469.7505651950825460767.stgit@magnolia> References: <156174687561.1557469.7505651950825460767.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9302 signatures=668688 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=902 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906280210 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." However, we don't actually check the immutable flag in the setattr code, which means that we can update inode flags and project ids and extent size hints on supposedly immutable files. Therefore, reject setflags and fssetxattr calls on an immutable file if the file is immutable and will remain that way. Signed-off-by: Darrick J. Wong --- fs/inode.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/fs/inode.c b/fs/inode.c index cf07378e5731..4261c709e50e 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2214,6 +2214,14 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; + /* + * We aren't allowed to change any other flags if the immutable flag is + * already set and is not being unset. + */ + if ((oldflags & FS_IMMUTABLE_FL) && (flags & FS_IMMUTABLE_FL) && + oldflags != flags) + return -EPERM; + /* * Now that we're done checking the new flags, flush all pending IO and * dirty mappings before setting S_IMMUTABLE on an inode via @@ -2284,6 +2292,25 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa, !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) return -EINVAL; + /* + * We aren't allowed to change any fields if the immutable flag is + * already set and is not being unset. + */ + if ((old_fa->fsx_xflags & FS_XFLAG_IMMUTABLE) && + (fa->fsx_xflags & FS_XFLAG_IMMUTABLE)) { + if (old_fa->fsx_xflags != fa->fsx_xflags) + return -EPERM; + if (old_fa->fsx_projid != fa->fsx_projid) + return -EPERM; + if ((fa->fsx_xflags & (FS_XFLAG_EXTSIZE | + FS_XFLAG_EXTSZINHERIT)) && + old_fa->fsx_extsize != fa->fsx_extsize) + return -EPERM; + if ((old_fa->fsx_xflags & FS_XFLAG_COWEXTSIZE) && + old_fa->fsx_cowextsize != fa->fsx_cowextsize) + return -EPERM; + } + /* Extent size hints of zero turn off the flags. */ if (fa->fsx_extsize == 0) fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT);