Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp7707300pxu;
        Sat, 26 Dec 2020 02:10:04 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxdL6mTfSEKQp08XSNZlGW06WydLTYlC+AxhYbnwcZ9cCmtJpGLjjA/nDojDjLYnzTSr5kE
X-Received: by 2002:aa7:d354:: with SMTP id m20mr34228381edr.195.1608977403795;
        Sat, 26 Dec 2020 02:10:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1608977403; cv=none;
        d=google.com; s=arc-20160816;
        b=FnbgSdqjEydrvXLRfN+tDttN+pTpQn+BJxvDklYyEk0tYzyRrCoQsjHyMee/84DUt0
         X2zcMP2cF2VKm0zA+AJ4KoPA7ja/0IvhAJnXkfTQaUFwG75/SDKm0kLCjWcAgp53o5m/
         d7oYxvivQ9E9dlrQMW0PR6aI/FeZvx790AyEBZmBkHSYJsiKFwjM6Rl7ACwgQYGwNmJ9
         kblxvCKVg2gwdoOtVDFMSm+TjDaXdeum3vGlWa1PO6qTTWPpdGpIgmV0cN49gyTLRD07
         UcVGhG0uCx5+OezHTircL7ThSwfpY0q/azUp/Ftwb7O7To4c3KotD/i7nUoc9CPvHtfY
         SkOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=FT0wdxh1FvpbTnCncJbCBxzgmoPScp58x99nLt1iOZM=;
        b=WwIDX68eZYgyHy5i1+C4tgZTLhW/FbqesI+DGkMionEulfduWrX+OaHz/139AE3FMt
         wi1xlFGjmj1OwgYJOwIWWkBiUS8PmsNo+GAb2fRX07y5GWM95t6ijUD4QhseIYOqsvV4
         hEaTCW1SI1yuK0/1hx0uY52uqygJ6VArhABTXFMVIYc5Gtasio6F17+puxvgm1hc6GzH
         IIyEL4zjOW3nMF31b5qbMiEmZ++hHbmnw36pJYSP90/agJcJ0sH0/Hav9lDZuvN2XbWc
         uqGTFt04AhmTvynJi+1GMoS+Zy5Mgp76dyctEp5nTdV959ponRrpYsInT0OhQHDYoT3d
         V0Sg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id lg10si16151397ejb.120.2020.12.26.02.09.34;
        Sat, 26 Dec 2020 02:10:03 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725987AbgLZKIE (ORCPT <rfc822;lxz1983@gmail.com> + 99 others);
        Sat, 26 Dec 2020 05:08:04 -0500
Received: from szxga05-in.huawei.com ([45.249.212.191]:9995 "EHLO
        szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725968AbgLZKID (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 26 Dec 2020 05:08:03 -0500
Received: from DGGEMS402-HUB.china.huawei.com (unknown [172.30.72.59])
        by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4D2zx63FVCzhxYC;
        Sat, 26 Dec 2020 18:06:34 +0800 (CST)
Received: from szvp000203569.huawei.com (10.120.216.130) by
 DGGEMS402-HUB.china.huawei.com (10.3.19.202) with Microsoft SMTP Server id
 14.3.498.0; Sat, 26 Dec 2020 18:07:11 +0800
From:   Chao Yu <yuchao0@huawei.com>
To:     <jaegeuk@kernel.org>
CC:     <linux-f2fs-devel@lists.sourceforge.net>,
        <linux-kernel@vger.kernel.org>, <chao@kernel.org>,
        Chao Yu <yuchao0@huawei.com>, <stable@kernel.org>
Subject: [PATCH] f2fs: enforce the immutable flag on open files
Date:   Sat, 26 Dec 2020 18:07:01 +0800
Message-ID: <20201226100701.30179-1-yuchao0@huawei.com>
X-Mailer: git-send-email 2.29.2
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.120.216.130]
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch ports commit 02b016ca7f99 ("ext4: enforce the immutable
flag on open files") to f2fs.

According to the chattr man page, "a file with the 'i' attribute
cannot be modified..."  Historically, this was only enforced when the
file was opened, per the rest of the description, "... and the file
can not be opened in write mode".

There is general agreement that we should standardize all file systems
to prevent modifications even for files that were opened at the time
the immutable flag is set.  Eventually, a change to enforce this at
the VFS layer should be landing in mainline.

Cc: stable@kernel.org
Signed-off-by: Chao Yu <yuchao0@huawei.com>
---
 fs/f2fs/file.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 1ff5fc10e1fa..71dd20f7ecb3 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -60,6 +60,9 @@ static vm_fault_t f2fs_vm_page_mkwrite(struct vm_fault *vmf)
 	bool need_alloc = true;
 	int err = 0;
 
+	if (unlikely(IS_IMMUTABLE(inode)))
+		return VM_FAULT_SIGBUS;
+
 	if (unlikely(f2fs_cp_error(sbi))) {
 		err = -EIO;
 		goto err;
@@ -866,6 +869,14 @@ int f2fs_setattr(struct dentry *dentry, struct iattr *attr)
 	if (unlikely(f2fs_cp_error(F2FS_I_SB(inode))))
 		return -EIO;
 
+	if (unlikely(IS_IMMUTABLE(inode)))
+		return -EPERM;
+
+	if (unlikely(IS_APPEND(inode) &&
+			(attr->ia_valid & (ATTR_MODE | ATTR_UID |
+				  ATTR_GID | ATTR_TIMES_SET))))
+		return -EPERM;
+
 	if ((attr->ia_valid & ATTR_SIZE) &&
 		!f2fs_is_compress_backend_ready(inode))
 		return -EOPNOTSUPP;
@@ -4360,6 +4371,11 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
 		inode_lock(inode);
 	}
 
+	if (unlikely(IS_IMMUTABLE(inode))) {
+		ret = -EPERM;
+		goto unlock;
+	}
+
 	ret = generic_write_checks(iocb, from);
 	if (ret > 0) {
 		bool preallocated = false;
@@ -4424,6 +4440,7 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
 		if (ret > 0)
 			f2fs_update_iostat(F2FS_I_SB(inode), APP_WRITE_IO, ret);
 	}
+unlock:
 	inode_unlock(inode);
 out:
 	trace_f2fs_file_write_iter(inode, iocb->ki_pos,
-- 
2.29.2