On Tue, Feb 01, 2022 at 10:39:19AM +1100, Dave Chinner wrote:
> From: Dave Chinner <dchinner@xxxxxxxxxx>
>
> The operations that xfs_update_prealloc_flags() perform are now
> unique to xfs_fs_map_blocks(), so move xfs_update_prealloc_flags()
> to be a static function in xfs_pnfs.c and cut out all the
> other functionality that is doesn't use anymore.
>
LGTM,
Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx>
--D
> Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx>
> ---
> fs/xfs/xfs_file.c | 32 -------------------------------
> fs/xfs/xfs_inode.h | 8 --------
> fs/xfs/xfs_pnfs.c | 47 ++++++++++++++++++++++++++++++++++++++++++++--
> 3 files changed, 45 insertions(+), 42 deletions(-)
>
> diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> index 082e3ef81418..cecc5dedddff 100644
> --- a/fs/xfs/xfs_file.c
> +++ b/fs/xfs/xfs_file.c
> @@ -66,38 +66,6 @@ xfs_is_falloc_aligned(
> return !((pos | len) & mask);
> }
>
> -int
> -xfs_update_prealloc_flags(
> - struct xfs_inode *ip,
> - enum xfs_prealloc_flags flags)
> -{
> - struct xfs_trans *tp;
> - int error;
> -
> - error = xfs_trans_alloc(ip->i_mount, &M_RES(ip->i_mount)->tr_writeid,
> - 0, 0, 0, &tp);
> - if (error)
> - return error;
> -
> - xfs_ilock(ip, XFS_ILOCK_EXCL);
> - xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
> -
> - if (!(flags & XFS_PREALLOC_INVISIBLE)) {
> - VFS_I(ip)->i_mode &= ~S_ISUID;
> - if (VFS_I(ip)->i_mode & S_IXGRP)
> - VFS_I(ip)->i_mode &= ~S_ISGID;
> - xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
> - }
> -
> - if (flags & XFS_PREALLOC_SET)
> - ip->i_diflags |= XFS_DIFLAG_PREALLOC;
> - if (flags & XFS_PREALLOC_CLEAR)
> - ip->i_diflags &= ~XFS_DIFLAG_PREALLOC;
> -
> - xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
> - return xfs_trans_commit(tp);
> -}
> -
> /*
> * Fsync operations on directories are much simpler than on regular files,
> * as there is no file data to flush, and thus also no need for explicit
> diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h
> index 3fc6d77f5be9..b7e8f14d9fca 100644
> --- a/fs/xfs/xfs_inode.h
> +++ b/fs/xfs/xfs_inode.h
> @@ -462,14 +462,6 @@ xfs_itruncate_extents(
> }
>
> /* from xfs_file.c */
> -enum xfs_prealloc_flags {
> - XFS_PREALLOC_SET = (1 << 1),
> - XFS_PREALLOC_CLEAR = (1 << 2),
> - XFS_PREALLOC_INVISIBLE = (1 << 3),
> -};
> -
> -int xfs_update_prealloc_flags(struct xfs_inode *ip,
> - enum xfs_prealloc_flags flags);
> int xfs_break_layouts(struct inode *inode, uint *iolock,
> enum layout_break_reason reason);
>
> diff --git a/fs/xfs/xfs_pnfs.c b/fs/xfs/xfs_pnfs.c
> index ce6d66f20385..b5e5c7ddfe67 100644
> --- a/fs/xfs/xfs_pnfs.c
> +++ b/fs/xfs/xfs_pnfs.c
> @@ -70,6 +70,49 @@ xfs_fs_get_uuid(
> return 0;
> }
>
> +/*
> + * We cannot use file based VFS helpers such as file_modified() to update inode
> + * state as PNFS doesn't provide us with an open file context that the VFS
> + * helpers require. Hence we open code a best effort timestamp update and
> + * SUID/SGID stripping here, knowing that server side security in PNFS settings
> + * is largely non-existent as clients have storage level remote write access.
> + * Hence clients have the capability to overwrite filesystem metadata, and so
> + * the filesystem trust domain extends to untrusted, uncontrollable remote
> + * clients. Hence server side enforced filesystem "security" in filesystem
> + * based PNFS block layout settings is pure theatre: friends don't let friends
> + * host executables on PNFS exported XFS volumes, let alone SUID executables.
> + *
> + * We also need to set the inode prealloc flag to ensure that the extents we
> + * allocate beyond the existing EOF and hand to the PNFS client are not removed
> + * by background blockgc scanning, ENOSPC mitigations or inode reclaim before
> + * the PNFS client calls xfs_fs_block_commit() to indicate that data has been
> + * written and the file size can be extended.
> + */
> +static int
> +xfs_fs_map_update_inode(
> + struct xfs_inode *ip)
> +{
> + struct xfs_trans *tp;
> + int error;
> +
> + error = xfs_trans_alloc(ip->i_mount, &M_RES(ip->i_mount)->tr_writeid,
> + 0, 0, 0, &tp);
> + if (error)
> + return error;
> +
> + xfs_ilock(ip, XFS_ILOCK_EXCL);
> + xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
> +
> + VFS_I(ip)->i_mode &= ~S_ISUID;
> + if (VFS_I(ip)->i_mode & S_IXGRP)
> + VFS_I(ip)->i_mode &= ~S_ISGID;
> + xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
> + ip->i_diflags |= XFS_DIFLAG_PREALLOC;
> +
> + xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
> + return xfs_trans_commit(tp);
> +}
> +
> /*
> * Get a layout for the pNFS client.
> */
> @@ -164,7 +207,7 @@ xfs_fs_map_blocks(
> * that the blocks allocated and handed out to the client are
> * guaranteed to be present even after a server crash.
> */
> - error = xfs_update_prealloc_flags(ip, XFS_PREALLOC_SET);
> + error = xfs_fs_map_update_inode(ip);
> if (!error)
> error = xfs_log_force_inode(ip);
> if (error)
> @@ -257,7 +300,7 @@ xfs_fs_commit_blocks(
> length = end - start;
> if (!length)
> continue;
> -
> +
> /*
> * Make sure reads through the pagecache see the new data.
> */
> --
> 2.33.0
>
