This is a note to let you know that I've just added the patch titled
xfs: reserve quota for target dir expansion when renaming files
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xfs-reserve-quota-for-target-dir-expansion-when-renaming-files.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Tue Aug 23 09:20:27 AM CEST 2022
From: Leah Rumancik <leah.rumancik@xxxxxxxxx>
Date: Fri, 19 Aug 2022 11:14:25 -0700
Subject: xfs: reserve quota for target dir expansion when renaming files
To: stable@xxxxxxxxxxxxxxx
Cc: linux-xfs@xxxxxxxxxxxxxxx, amir73il@xxxxxxxxx, "Darrick J. Wong" <djwong@xxxxxxxxxx>, Dave Chinner <dchinner@xxxxxxxxxx>, Leah Rumancik <leah.rumancik@xxxxxxxxx>
Message-ID: <20220819181431.4113819-4-leah.rumancik@xxxxxxxxx>
From: "Darrick J. Wong" <djwong@xxxxxxxxxx>
[ Upstream commit 41667260bc84db4dfe566e3f6ab6da5293d60d8d ]
XFS does not reserve quota for directory expansion when renaming
children into a directory. This means that we don't reject the
expansion with EDQUOT when we're at or near a hard limit, which means
that unprivileged userspace can use rename() to exceed quota.
Rename operations don't always expand the target directory, and we allow
a rename to proceed with no space reservation if we don't need to add a
block to the target directory to handle the addition. Moreover, the
unlink operation on the source directory generally does not expand the
directory (you'd have to free a block and then cause a btree split) and
it's probably of little consequence to leave the corner case that
renaming a file out of a directory can increase its size.
As with link and unlink, there is a further bug in that we do not
trigger the blockgc workers to try to clear space when we're out of
quota.
Because rename is its own special tricky animal, we'll patch xfs_rename
directly to reserve quota to the rename transaction. We'll leave
cleaning up the rest of xfs_rename for the metadata directory tree
patchset.
Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
Signed-off-by: Leah Rumancik <leah.rumancik@xxxxxxxxx>
Acked-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/xfs/xfs_inode.c | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -3103,7 +3103,8 @@ xfs_rename(
bool new_parent = (src_dp != target_dp);
bool src_is_directory = S_ISDIR(VFS_I(src_ip)->i_mode);
int spaceres;
- int error;
+ bool retried = false;
+ int error, nospace_error = 0;
trace_xfs_rename(src_dp, target_dp, src_name, target_name);
@@ -3127,9 +3128,12 @@ xfs_rename(
xfs_sort_for_rename(src_dp, target_dp, src_ip, target_ip, wip,
inodes, &num_inodes);
+retry:
+ nospace_error = 0;
spaceres = XFS_RENAME_SPACE_RES(mp, target_name->len);
error = xfs_trans_alloc(mp, &M_RES(mp)->tr_rename, spaceres, 0, 0, &tp);
if (error == -ENOSPC) {
+ nospace_error = error;
spaceres = 0;
error = xfs_trans_alloc(mp, &M_RES(mp)->tr_rename, 0, 0, 0,
&tp);
@@ -3184,6 +3188,31 @@ xfs_rename(
spaceres);
/*
+ * Try to reserve quota to handle an expansion of the target directory.
+ * We'll allow the rename to continue in reservationless mode if we hit
+ * a space usage constraint. If we trigger reservationless mode, save
+ * the errno if there isn't any free space in the target directory.
+ */
+ if (spaceres != 0) {
+ error = xfs_trans_reserve_quota_nblks(tp, target_dp, spaceres,
+ 0, false);
+ if (error == -EDQUOT || error == -ENOSPC) {
+ if (!retried) {
+ xfs_trans_cancel(tp);
+ xfs_blockgc_free_quota(target_dp, 0);
+ retried = true;
+ goto retry;
+ }
+
+ nospace_error = error;
+ spaceres = 0;
+ error = 0;
+ }
+ if (error)
+ goto out_trans_cancel;
+ }
+
+ /*
* Check for expected errors before we dirty the transaction
* so we can return an error without a transaction abort.
*
@@ -3429,6 +3458,8 @@ out_trans_cancel:
out_release_wip:
if (wip)
xfs_irele(wip);
+ if (error == -ENOSPC && nospace_error)
+ error = nospace_error;
return error;
}
Patches currently in stable-queue which might be from leah.rumancik@xxxxxxxxx are
queue-5.15/xfs-remove-infinite-loop-when-reserving-free-block-pool.patch
queue-5.15/xfs-reserve-quota-for-target-dir-expansion-when-renaming-files.patch
queue-5.15/xfs-fix-soft-lockup-via-spinning-in-filestream-ag-selection-loop.patch
queue-5.15/xfs-flush-inodegc-workqueue-tasks-before-cancel.patch
queue-5.15/xfs-revert-xfs-actually-bump-warning-counts-when-we-send-warnings.patch
queue-5.15/xfs-reserve-quota-for-dir-expansion-when-linking-unlinking-files.patch
queue-5.15/xfs-fix-overfilling-of-reserve-pool.patch
queue-5.15/xfs-reject-crazy-array-sizes-being-fed-to-xfs_ioc_getbmap.patch
queue-5.15/xfs-always-succeed-at-setting-the-reserve-pool-size.patch
