From owner-svn-src-all@freebsd.org Wed Jul 31 22:44:59 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9DF4CAA48E; Wed, 31 Jul 2019 22:44:59 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 45zT5R3PSqz4RmK; Wed, 31 Jul 2019 22:44:59 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5295C8BC1; Wed, 31 Jul 2019 22:44:59 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6VMixV9078543; Wed, 31 Jul 2019 22:44:59 GMT (envelope-from mckusick@FreeBSD.org) Received: (from mckusick@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6VMiwcw078539; Wed, 31 Jul 2019 22:44:58 GMT (envelope-from mckusick@FreeBSD.org) Message-Id: <201907312244.x6VMiwcw078539@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mckusick set sender to mckusick@FreeBSD.org using -f From: Kirk McKusick Date: Wed, 31 Jul 2019 22:44:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r350490 - in head/sys/ufs: ffs ufs X-SVN-Group: head X-SVN-Commit-Author: mckusick X-SVN-Commit-Paths: in head/sys/ufs: ffs ufs X-SVN-Commit-Revision: 350490 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 45zT5R3PSqz4RmK X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.50 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.50)[0.495,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 22:44:59 -0000 Author: mckusick Date: Wed Jul 31 22:44:58 2019 New Revision: 350490 URL: https://svnweb.freebsd.org/changeset/base/350490 Log: When updating the user or group disk quotas for the return of inodes or disk blocks, set the FORCE flag in the call to chkiq() or chkdq() since the user is always allowed to return resources and hence there is no need to check the user's credential . Reported by: Christopher Krah, Thomas Barabosch, and Jan-Niclas Hilgert of Fraunhofer FKIE Reported as: FS-1-UFS-1: Denial Of Service in mount (prison_priv_check) Discussed with: kib MFC: 1 week Sponsored by: Netflix Modified: head/sys/ufs/ffs/ffs_inode.c head/sys/ufs/ffs/ffs_softdep.c head/sys/ufs/ufs/ufs_quota.c head/sys/ufs/ufs/ufs_vnops.c Modified: head/sys/ufs/ffs/ffs_inode.c ============================================================================== --- head/sys/ufs/ffs/ffs_inode.c Wed Jul 31 21:48:35 2019 (r350489) +++ head/sys/ufs/ffs/ffs_inode.c Wed Jul 31 22:44:58 2019 (r350490) @@ -263,7 +263,7 @@ ffs_truncate(vp, length, flags, cred) if ((error = ffs_syncvnode(vp, MNT_WAIT, 0)) != 0) return (error); #ifdef QUOTA - (void) chkdq(ip, -extblocks, NOCRED, 0); + (void) chkdq(ip, -extblocks, NOCRED, FORCE); #endif vinvalbuf(vp, V_ALT, 0, 0); vn_pages_remove(vp, @@ -621,7 +621,7 @@ done: DIP_SET(ip, i_blocks, 0); ip->i_flag |= IN_CHANGE; #ifdef QUOTA - (void) chkdq(ip, -blocksreleased, NOCRED, 0); + (void) chkdq(ip, -blocksreleased, NOCRED, FORCE); #endif return (allerror); Modified: head/sys/ufs/ffs/ffs_softdep.c ============================================================================== --- head/sys/ufs/ffs/ffs_softdep.c Wed Jul 31 21:48:35 2019 (r350489) +++ head/sys/ufs/ffs/ffs_softdep.c Wed Jul 31 22:44:58 2019 (r350490) @@ -6682,7 +6682,7 @@ softdep_journal_freeblocks(ip, cred, length, flags) #ifdef QUOTA /* Reference the quotas in case the block count is wrong in the end. */ quotaref(vp, freeblks->fb_quota); - (void) chkdq(ip, -datablocks, NOCRED, 0); + (void) chkdq(ip, -datablocks, NOCRED, FORCE); #endif freeblks->fb_chkcnt = -datablocks; UFS_LOCK(ump); @@ -6946,7 +6946,7 @@ softdep_setup_freeblocks(ip, length, flags) #ifdef QUOTA /* Reference the quotas in case the block count is wrong in the end. */ quotaref(ITOV(ip), freeblks->fb_quota); - (void) chkdq(ip, -datablocks, NOCRED, 0); + (void) chkdq(ip, -datablocks, NOCRED, FORCE); #endif freeblks->fb_chkcnt = -datablocks; UFS_LOCK(ump); Modified: head/sys/ufs/ufs/ufs_quota.c ============================================================================== --- head/sys/ufs/ufs/ufs_quota.c Wed Jul 31 21:48:35 2019 (r350489) +++ head/sys/ufs/ufs/ufs_quota.c Wed Jul 31 22:44:58 2019 (r350490) @@ -159,6 +159,7 @@ chkdq(struct inode *ip, ufs2_daddr_t change, struct uc struct vnode *vp = ITOV(ip); int i, error, warn, do_check; + MPASS(cred != NOCRED || (flags & FORCE) != 0); /* * Disk quotas must be turned off for system files. Currently * snapshot and quota files. @@ -311,6 +312,7 @@ chkiq(struct inode *ip, int change, struct ucred *cred struct dquot *dq; int i, error, warn, do_check; + MPASS(cred != NOCRED || (flags & FORCE) != 0); #ifdef DIAGNOSTIC if ((flags & CHOWN) == 0) chkdquot(ip); Modified: head/sys/ufs/ufs/ufs_vnops.c ============================================================================== --- head/sys/ufs/ufs/ufs_vnops.c Wed Jul 31 21:48:35 2019 (r350489) +++ head/sys/ufs/ufs/ufs_vnops.c Wed Jul 31 22:44:58 2019 (r350490) @@ -811,8 +811,8 @@ ufs_chown(vp, uid, gid, cred, td) ip->i_dquot[GRPQUOTA] = NODQUOT; } change = DIP(ip, i_blocks); - (void) chkdq(ip, -change, cred, CHOWN); - (void) chkiq(ip, -1, cred, CHOWN); + (void) chkdq(ip, -change, cred, CHOWN|FORCE); + (void) chkiq(ip, -1, cred, CHOWN|FORCE); for (i = 0; i < MAXQUOTAS; i++) { dqrele(vp, ip->i_dquot[i]); ip->i_dquot[i] = NODQUOT;