On Tue, Sep 18, 2018 at 05:15:29PM +0900, Wang Shilong wrote: > From: Wang Shilong <wangshilong1991@xxxxxxxxx> > > Currently, project quota could be changed by fssetxattr > ioctl, and existed permission check inode_owner_or_capable() > is obviously not enough, just think that common users could > change project id of file, that could make users to > break project quota easily. > > This patch try to follow same regular of xfs project > quota: > > "Project Quota ID state is only allowed to change from > within the init namespace. Enforce that restriction only > if we are trying to change the quota ID state. > Everything else is allowed in user namespaces." > > Besides that, check and set project id'state should > be an atomic operation, protect whole operation with > inode lock, ext4_ioctl_setproject() is only used for > ioctl EXT4_IOC_FSSETXATTR, we have held mnt_want_write_file() > before ext4_ioctl_setflags(), and ext4_ioctl_setproject() > is called after ext4_ioctl_setflags(), we could share > codes, so remove it inside ext4_ioctl_setproject(). > > Signed-off-by: Wang Shilong <wshilong@xxxxxxx> > Reviewed-by: Andreas Dilger <adilger@xxxxxxxxx> Applied, thanks. - Ted
