vfs: teach vfs_ioc_fssetxattr_check to check project id info

Standardize the project id checks for FSSETXATTR. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Jan Kara <jack@suse.cz>
author: Darrick J. Wong <darrick.wong@oracle.com> 2019-07-01 08:25:35 -0700
committer: Darrick J. Wong <darrick.wong@oracle.com> 2019-07-01 08:25:35 -0700
commit: f991492ed11055934f1b35615cb1b435325939bf (patch)
tree: 97be4cf121aa028469a10e58a609bff5002eb6a5 /fs/inode.c
parent: vfs: create a generic checking function for FS_IOC_FSSETXATTR (diff)
download: wireguard-linux-f991492ed11055934f1b35615cb1b435325939bf.tar.xz
wireguard-linux-f991492ed11055934f1b35615cb1b435325939bf.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/inode.c b/fs/inode.c
index ba2bafa22885..30b720cffd9c 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -2214,6 +2214,19 @@ int vfs_ioc_fssetxattr_check(struct inode *inode, const struct fsxattr *old_fa,
 	    !capable(CAP_LINUX_IMMUTABLE))
 		return -EPERM;
 
+	/*
+	 * Project Quota ID state is only allowed to change from within the init
+	 * namespace. Enforce that restriction only if we are trying to change
+	 * the quota ID state. Everything else is allowed in user namespaces.
+	 */
+	if (current_user_ns() != &init_user_ns) {
+		if (old_fa->fsx_projid != fa->fsx_projid)
+			return -EINVAL;
+		if ((old_fa->fsx_xflags ^ fa->fsx_xflags) &
+				FS_XFLAG_PROJINHERIT)
+			return -EINVAL;
+	}
+
 	return 0;
 }
 EXPORT_SYMBOL(vfs_ioc_fssetxattr_check);
author	Darrick J. Wong <darrick.wong@oracle.com>	2019-07-01 08:25:35 -0700
committer	Darrick J. Wong <darrick.wong@oracle.com>	2019-07-01 08:25:35 -0700
commit	f991492ed11055934f1b35615cb1b435325939bf (patch)
tree	97be4cf121aa028469a10e58a609bff5002eb6a5 /fs/inode.c
parent	vfs: create a generic checking function for FS_IOC_FSSETXATTR (diff)
download	wireguard-linux-f991492ed11055934f1b35615cb1b435325939bf.tar.xz wireguard-linux-f991492ed11055934f1b35615cb1b435325939bf.zip