LU-19070 dne: dir migrate allowed only for root

Current implemetation of lfs migrate -m
relies on setxttr(, "trusted.lmv", ) which is
allowed only for users with CAP_SYS_ADMIN capability.
Adding the same check to ll_migrate() will prevent
incomplete migrations from a non-root user.
Add error reporting to cb_migrate_mdt_fini().

Fixes: 0a83d948f3 ("LU-4684 migrate: shrink dir layout after migration")
Fixes: 2dae2b8ffb ("LU-8777 mdt: add parameter to disable remote/striped dir")
HPE-bug-id: LUS-12895
Signed-off-by: Alexander Zarochentsev <alexander.zarochentsev@hpe.com>
Change-Id: I58d417b64e2b634d76e4ad38685deb21d9ce8a86
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/59474
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Andrew Perepechko <andrew.perepechko@hpe.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 029b9a5..5b6073d 100644 (file)
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -21,6 +21,7 @@
 #include <linux/file.h>
 #include <linux/sched.h>
 #include <linux/user_namespace.h>
+#include <linux/capability.h>
 #include <linux/uidgid.h>
 #include <linux/falloc.h>
 #include <linux/ktime.h>
@@ -5969,6 +5970,13 @@ int ll_migrate(struct inode *parent, struct file *file, struct lmv_user_md *lum,
        if (is_root_inode(child_inode))
                GOTO(out_iput, rc = -EINVAL);
 
+       /*
+        * setxattr() used for finishing the dir migration, has the same
+        * capability check for updating attributes in "trusted" namespace.
+        */
+       if (!capable(CAP_SYS_ADMIN))
+               GOTO(out_iput, rc = -EPERM);
+
        op_data = ll_prep_md_op_data(NULL, parent, NULL, name, namelen,
                                     child_inode->i_mode, LUSTRE_OPC_ANY, NULL);
        if (IS_ERR(op_data))

diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c
index 97e507d..f1b30bf 100644 (file)
--- a/lustre/utils/liblustreapi.c
+++ b/lustre/utils/liblustreapi.c
@@ -6628,8 +6628,17 @@ static int cb_migrate_mdt_fini(char *path, int p, int *dp, void *data,
        }
 
        ret = setxattr(path, XATTR_NAME_LMV, lmu, lmulen, 0);
-       if (ret == -EALREADY)
-               ret = 0;
+       if (ret == -1) {
+               if (errno == EALREADY) {
+                       ret = 0;
+               } else {
+                       llapi_error(LLAPI_MSG_ERROR, errno,
+                                   "%s: error completing migration of %s",
+                                   __func__, path);
+                       ret = -errno;
+               }
+       }
+
 out:
        cb_common_fini(path, p, dp, data, de);
        return ret;