On Wed, May 06, 2020 at 11:02:05PM -0700, Christoph Hellwig wrote: > On Wed, May 06, 2020 at 09:34:24AM -0700, Darrick J. Wong wrote: > > On Wed, May 06, 2020 at 07:57:28AM -0700, Christoph Hellwig wrote: > > > On Mon, May 04, 2020 at 06:10:29PM -0700, Darrick J. Wong wrote: > > > > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > > > > > > > Currently, xfs_swap_extents neither checks for sufficient quota > > > > reservation nor does it actually update quota counts when swapping the > > > > extent forks. While the primary known user of extent swapping (xfs_fsr) > > > > is careful to ensure that the user/group/project ids of both files > > > > match, this is not required by the kernel. Consequently, unprivileged > > > > userspace can cause the quota counts to be incorrect. > > > > > > Wouldn't be the right fix to enforce an id match? I think that is a > > > very sensible limitation. > > > > One could do that, but at a cost of breaking any userspace program that > > was using XFS_IOC_SWAPEXT and was not aware that the ids had to match > > (possibly due to the lack of documentation...) > > I don't really expect that to be the case. I'd throw in the check > and a printk_once warning, and I bet a beer at the next conference > (if there ever is one :)) that no one will trigger it. <shrug> I guess I can at least see if fstests fails if you don't allow swapping between extents with different [ugp]ids, but this really feels like cutting corners off the quota functionality... :P --D
