On Wed, May 06, 2020 at 07:57:28AM -0700, Christoph Hellwig wrote: > On Mon, May 04, 2020 at 06:10:29PM -0700, Darrick J. Wong wrote: > > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > > > Currently, xfs_swap_extents neither checks for sufficient quota > > reservation nor does it actually update quota counts when swapping the > > extent forks. While the primary known user of extent swapping (xfs_fsr) > > is careful to ensure that the user/group/project ids of both files > > match, this is not required by the kernel. Consequently, unprivileged > > userspace can cause the quota counts to be incorrect. > > Wouldn't be the right fix to enforce an id match? I think that is a > very sensible limitation. One could do that, but at a cost of breaking any userspace program that was using XFS_IOC_SWAPEXT and was not aware that the ids had to match (possibly due to the lack of documentation...) It was trivial enough to port this from the atomic file update series, so I decided to post the least functionality-reducing version and see what happens. Thoughts? --D
