From: cem@kernel.org
To: cem@kernel.org
Cc: Jan Kara <jack@suse.cz>, Christoph Hellwig <hch@lst.de>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Darrick J. Wong" <djwong@kernel.org>,
Dave Chinner <david@fromorbit.com>,
Eric Sandeen <sandeen@redhat.com>,
linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v3 0/5] Fix quota evasion on xfs and add capable_noaudit
Date: Thu, 2 Jul 2026 11:33:15 +0200 [thread overview]
Message-ID: <20260702093324.127450-1-cem@kernel.org> (raw)
From: Carlos Maiolino <cem@kernel.org>
Hi there.
This is the (hopefully) final version of the series I've been working on
to fix a quota evasion issue on xfs. This bug has originally been
introduced by accident while turning off audit messages while checking
quota limits in xfs by replacing capable() calls by has_capability_noaudit().
This series concatenates both series I sent for xfs and capabilities
infrastructure as they are dependent.
The first patch fix the xfs bug in a way that makes it easily portable
to older LTS kernels.
From second patch and beyond, it adds a new helper for the capabilities
framework named capable_noaudit() which as the same semantics as
capable() but without generating audit messages.
The following patches then replaces both generic quota call to
capable() and properly update xfs code to use this new helper.
Last but not least this unexport has_capability_noaudit which had been
previously exported.
Giving this affects different subsystems, I think it would be easier to
pull everything from a single tree (as long as everything is properly
reviewed of course).
Serge, Honza, are you guys ok if I pull those patches and send them to
Linus through xfs tree so we don't need to split the series?
Christoph, this series moves back to pass the capable_noaudit() result
straight back to xfs_trans_alloc_ichange() instead of moving the
capability check into xfs_trans_dqresv() as Darrick was not in agreement
with that (patch unreviewed and open for comments).
Changelog from the last state of these patches:
Patch2: removed the redundant external classifier from the declaration
in include/linux/capability.h.
Serge, I kept your RwB here as the external is redundant, please
let me know if you are ok with it or not.
Patch4: Replace all ns_capable_noaudit() calls by capable_noaudit() and
keep the CAP_FOWNER (instead replacing it by SYS_RESOURCE)
Carlos Maiolino (5):
xfs: fix capability check in xfs
capability: Add new capable_noaudit
quota: Don't issue audit messages on quota enforcing
xfs: replace ns_capable_noaudit
capability: unexport has_capability_noaudit
fs/quota/dquot.c | 2 +-
fs/xfs/xfs_fsmap.c | 3 +--
fs/xfs/xfs_ioctl.c | 2 +-
fs/xfs/xfs_iops.c | 3 ++-
include/linux/capability.h | 5 +++++
kernel/capability.c | 18 +++++++++++++++++-
6 files changed, 27 insertions(+), 6 deletions(-)
Cc: Jan Kara <jack@suse.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Darrick J. Wong <djwong@kernel.org>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Dr. Thomas Orgis" <thomas.orgis@uni-hamburg.de>
Cc: linux-xfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
--
2.54.0
next reply other threads:[~2026-07-02 9:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-02 9:33 cem [this message]
2026-07-02 9:33 ` [PATCH v3 1/5] xfs: fix capability check in xfs cem
2026-07-02 10:30 ` Christoph Hellwig
2026-07-02 11:17 ` Carlos Maiolino
2026-07-02 11:24 ` Christoph Hellwig
2026-07-02 12:11 ` Carlos Maiolino
2026-07-02 12:24 ` Carlos Maiolino
2026-07-02 9:33 ` [PATCH v3 2/5] capability: Add new capable_noaudit cem
2026-07-02 15:56 ` Darrick J. Wong
2026-07-02 9:33 ` [PATCH v3 3/5] quota: Don't issue audit messages on quota enforcing cem
2026-07-02 10:56 ` Jan Kara
2026-07-02 9:33 ` [PATCH v3 4/5] xfs: replace ns_capable_noaudit cem
2026-07-02 15:58 ` Darrick J. Wong
2026-07-02 9:33 ` [PATCH v3 5/5] capability: unexport has_capability_noaudit cem
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260702093324.127450-1-cem@kernel.org \
--to=cem@kernel.org \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@redhat.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox