Linux filesystem development
 help / color / mirror / Atom feed
* [PATCH v3 0/5] Fix quota evasion on xfs and add capable_noaudit
@ 2026-07-02  9:33 cem
  2026-07-02  9:33 ` [PATCH v3 1/5] xfs: fix capability check in xfs cem
                   ` (4 more replies)
  0 siblings, 5 replies; 14+ messages in thread
From: cem @ 2026-07-02  9:33 UTC (permalink / raw)
  To: cem
  Cc: Jan Kara, Christoph Hellwig, Serge E. Hallyn, Darrick J. Wong,
	Dave Chinner, Eric Sandeen, linux-xfs, linux-fsdevel,
	linux-security-module, linux-kernel

From: Carlos Maiolino <cem@kernel.org>

Hi there.

This is the (hopefully) final version of the series I've been working on
to fix a quota evasion issue on xfs. This bug has originally been
introduced by accident while turning off audit messages while checking
quota limits in xfs by replacing capable() calls by has_capability_noaudit().

This series concatenates both series I sent for xfs and capabilities
infrastructure as they are dependent.

The first patch fix the xfs bug in a way that makes it easily portable
to older LTS kernels.

From second patch and beyond, it adds a new helper for the capabilities
framework named capable_noaudit() which as the same semantics as
capable() but without generating audit messages.
The following patches then replaces both generic quota call to
capable() and properly update xfs code to use this new helper.

Last but not least this unexport has_capability_noaudit which had been
previously exported.

Giving this affects different subsystems, I think it would be easier to
pull everything from a single tree (as long as everything is properly
reviewed of course).

Serge, Honza, are you guys ok if I pull those patches and send them to
Linus through xfs tree so we don't need to split the series?

Christoph, this series moves back to pass the capable_noaudit() result
straight back to xfs_trans_alloc_ichange() instead of moving the
capability check into xfs_trans_dqresv() as Darrick was not in agreement
with that (patch unreviewed and open for comments).

Changelog from the last state of these patches:

Patch2: removed the redundant external classifier from the declaration
        in include/linux/capability.h.
	Serge, I kept your RwB here as the external is redundant, please
	let me know if you are ok with it or not.

Patch4: Replace all ns_capable_noaudit() calls by capable_noaudit() and
	keep the CAP_FOWNER (instead replacing it by SYS_RESOURCE)


Carlos Maiolino (5):
  xfs: fix capability check in xfs
  capability: Add new capable_noaudit
  quota: Don't issue audit messages on quota enforcing
  xfs: replace ns_capable_noaudit
  capability: unexport has_capability_noaudit

 fs/quota/dquot.c           |  2 +-
 fs/xfs/xfs_fsmap.c         |  3 +--
 fs/xfs/xfs_ioctl.c         |  2 +-
 fs/xfs/xfs_iops.c          |  3 ++-
 include/linux/capability.h |  5 +++++
 kernel/capability.c        | 18 +++++++++++++++++-
 6 files changed, 27 insertions(+), 6 deletions(-)

Cc: Jan Kara <jack@suse.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Darrick J. Wong <djwong@kernel.org>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Dr. Thomas Orgis" <thomas.orgis@uni-hamburg.de>
Cc: linux-xfs@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org

-- 
2.54.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2026-07-02 15:58 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  9:33 [PATCH v3 0/5] Fix quota evasion on xfs and add capable_noaudit cem
2026-07-02  9:33 ` [PATCH v3 1/5] xfs: fix capability check in xfs cem
2026-07-02 10:30   ` Christoph Hellwig
2026-07-02 11:17     ` Carlos Maiolino
2026-07-02 11:24       ` Christoph Hellwig
2026-07-02 12:11         ` Carlos Maiolino
2026-07-02 12:24         ` Carlos Maiolino
2026-07-02  9:33 ` [PATCH v3 2/5] capability: Add new capable_noaudit cem
2026-07-02 15:56   ` Darrick J. Wong
2026-07-02  9:33 ` [PATCH v3 3/5] quota: Don't issue audit messages on quota enforcing cem
2026-07-02 10:56   ` Jan Kara
2026-07-02  9:33 ` [PATCH v3 4/5] xfs: replace ns_capable_noaudit cem
2026-07-02 15:58   ` Darrick J. Wong
2026-07-02  9:33 ` [PATCH v3 5/5] capability: unexport has_capability_noaudit cem

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox