From: Amir Goldstein <amir7...@gmail.com> We intend to add support for more xflags to selective filesystems and We cannot rely on copy_struct_from_user() to detect this extension.
In preparation of extending the API, do not allow setting xflags unknown by this kernel version. Also do not pass the read-only flags and read-only field fsx_nextents to filesystem. These changes should not affect existing chattr programs that use the ioctl to get fsxattr before setting the new values. Link: https://lore.kernel.org/linux-fsdevel/20250216164029.20673-4-p...@kernel.org/ Cc: Pali Rohár <p...@kernel.org> Cc: Andrey Albershteyn <aalbe...@redhat.com> Signed-off-by: Amir Goldstein <amir7...@gmail.com> --- fs/file_attr.c | 19 +++++++++++++------ include/linux/fileattr.h | 22 +++++++++++++++++++++- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/fs/file_attr.c b/fs/file_attr.c index d696f440fa4ffcba8985cc4bfe22a1c0e612ac7c..6cd1e820f7b108c12c06654df843104f460b94cf 100644 --- a/fs/file_attr.c +++ b/fs/file_attr.c @@ -91,8 +91,10 @@ EXPORT_SYMBOL(vfs_fileattr_get); void fileattr_to_fsxattr(const struct fileattr *fa, struct fsxattr *fsx) { + __u32 mask = FS_XFLAGS_MASK; + memset(fsx, 0, sizeof(struct fsxattr)); - fsx->fsx_xflags = fa->fsx_xflags; + fsx->fsx_xflags = fa->fsx_xflags & mask; fsx->fsx_extsize = fa->fsx_extsize; fsx->fsx_nextents = fa->fsx_nextents; fsx->fsx_projid = fa->fsx_projid; @@ -119,13 +121,20 @@ int copy_fsxattr_to_user(const struct fileattr *fa, struct fsxattr __user *ufa) } EXPORT_SYMBOL(copy_fsxattr_to_user); -void fsxattr_to_fileattr(const struct fsxattr *fsx, struct fileattr *fa) +int fsxattr_to_fileattr(const struct fsxattr *fsx, struct fileattr *fa) { + __u32 mask = FS_XFLAGS_MASK; + + if (fsx->fsx_xflags & ~mask) + return -EINVAL; + fileattr_fill_xflags(fa, fsx->fsx_xflags); + fa->fsx_xflags &= ~FS_XFLAG_RDONLY_MASK; fa->fsx_extsize = fsx->fsx_extsize; - fa->fsx_nextents = fsx->fsx_nextents; fa->fsx_projid = fsx->fsx_projid; fa->fsx_cowextsize = fsx->fsx_cowextsize; + + return 0; } static int copy_fsxattr_from_user(struct fileattr *fa, @@ -136,9 +145,7 @@ static int copy_fsxattr_from_user(struct fileattr *fa, if (copy_from_user(&xfa, ufa, sizeof(xfa))) return -EFAULT; - fsxattr_to_fileattr(&xfa, fa); - - return 0; + return fsxattr_to_fileattr(&xfa, fa); } /* diff --git a/include/linux/fileattr.h b/include/linux/fileattr.h index 433efa0f47844ef063373eb390672812682b6388..f62a5143eb2dccd5ceedfe72439cc4cab823cb1d 100644 --- a/include/linux/fileattr.h +++ b/include/linux/fileattr.h @@ -14,6 +14,26 @@ FS_XFLAG_NODUMP | FS_XFLAG_NOATIME | FS_XFLAG_DAX | \ FS_XFLAG_PROJINHERIT) +/* Read-only inode flags */ +#define FS_XFLAG_RDONLY_MASK \ + (FS_XFLAG_PREALLOC | FS_XFLAG_HASATTR) + +/* Flags to indicate valid value of fsx_ fields */ +#define FS_XFLAG_VALUES_MASK \ + (FS_XFLAG_EXTSIZE | FS_XFLAG_COWEXTSIZE) + +/* Flags for directories */ +#define FS_XFLAG_DIRONLY_MASK \ + (FS_XFLAG_RTINHERIT | FS_XFLAG_NOSYMLINKS | FS_XFLAG_EXTSZINHERIT) + +/* Misc settable flags */ +#define FS_XFLAG_MISC_MASK \ + (FS_XFLAG_REALTIME | FS_XFLAG_NODEFRAG | FS_XFLAG_FILESTREAM) + +#define FS_XFLAGS_MASK \ + (FS_XFLAG_COMMON | FS_XFLAG_RDONLY_MASK | FS_XFLAG_VALUES_MASK | \ + FS_XFLAG_DIRONLY_MASK | FS_XFLAG_MISC_MASK) + /* * Merged interface for miscellaneous file attributes. 'flags' originates from * ext* and 'fsx_flags' from xfs. There's some overlap between the two, which @@ -35,7 +55,7 @@ struct fileattr { void fileattr_to_fsxattr(const struct fileattr *fa, struct fsxattr *fsx); int copy_fsxattr_to_user(const struct fileattr *fa, struct fsxattr __user *ufa); -void fsxattr_to_fileattr(const struct fsxattr *fsx, struct fileattr *fa); +int fsxattr_to_fileattr(const struct fsxattr *fsx, struct fileattr *fa); void fileattr_fill_xflags(struct fileattr *fa, u32 xflags); void fileattr_fill_flags(struct fileattr *fa, u32 flags); -- 2.47.2
