From: Alexander Zarochentsev <alexander.zarochentsev@hpe.com>
Date: Wed, 28 May 2025 17:29:26 +0000 (+0000)
Subject: LU-19070 dne: dir migrate allowed only for root
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=07963781a918ada7911e11c02e5e4f1a096e4bbb;p=fs%2Flustre-release.git

LU-19070 dne: dir migrate allowed only for root

Current implemetation of lfs migrate -m
relies on setxttr(, "trusted.lmv", ) which is
allowed only for users with CAP_SYS_ADMIN capability.
Adding the same check to ll_migrate() will prevent
incomplete migrations from a non-root user.
Add error reporting to cb_migrate_mdt_fini().

Fixes: 0a83d948f3 ("LU-4684 migrate: shrink dir layout after migration")
Fixes: 2dae2b8ffb ("LU-8777 mdt: add parameter to disable remote/striped dir")
HPE-bug-id: LUS-12895
Signed-off-by: Alexander Zarochentsev <alexander.zarochentsev@hpe.com>
Change-Id: I58d417b64e2b634d76e4ad38685deb21d9ce8a86
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/59474
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Andrew Perepechko <andrew.perepechko@hpe.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 029b9a5..5b6073d 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -21,6 +21,7 @@
 #include <linux/file.h>
 #include <linux/sched.h>
 #include <linux/user_namespace.h>
+#include <linux/capability.h>
 #include <linux/uidgid.h>
 #include <linux/falloc.h>
 #include <linux/ktime.h>
@@ -5969,6 +5970,13 @@ int ll_migrate(struct inode *parent, struct file *file, struct lmv_user_md *lum,
 	if (is_root_inode(child_inode))
 		GOTO(out_iput, rc = -EINVAL);
 
+	/*
+	 * setxattr() used for finishing the dir migration, has the same
+	 * capability check for updating attributes in "trusted" namespace.
+	 */
+	if (!capable(CAP_SYS_ADMIN))
+		GOTO(out_iput, rc = -EPERM);
+
 	op_data = ll_prep_md_op_data(NULL, parent, NULL, name, namelen,
 				     child_inode->i_mode, LUSTRE_OPC_ANY, NULL);
 	if (IS_ERR(op_data))
diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c
index 97e507d..f1b30bf 100644
--- a/lustre/utils/liblustreapi.c
+++ b/lustre/utils/liblustreapi.c
@@ -6628,8 +6628,17 @@ static int cb_migrate_mdt_fini(char *path, int p, int *dp, void *data,
 	}
 
 	ret = setxattr(path, XATTR_NAME_LMV, lmu, lmulen, 0);
-	if (ret == -EALREADY)
-		ret = 0;
+	if (ret == -1) {
+		if (errno == EALREADY) {
+			ret = 0;
+		} else {
+			llapi_error(LLAPI_MSG_ERROR, errno,
+				    "%s: error completing migration of %s",
+				    __func__, path);
+			ret = -errno;
+		}
+	}
+
 out:
 	cb_common_fini(path, p, dp, data, de);
 	return ret;