From: Tejun Heo <tj@kernel.org>
To: gregkh@linuxfoundation.org
Cc: kay@vrfy.org, linux-kernel@vger.kernel.org,
ebiederm@xmission.com, bhelgaas@google.com,
Tejun Heo <tj@kernel.org>,
"David P. Quigley" <dpquigl@tycho.nsa.gov>
Subject: [PATCH 2/2] kernfs: implement "trusted.*" xattr support
Date: Sat, 23 Nov 2013 17:40:02 -0500 [thread overview]
Message-ID: <1385246402-1407-3-git-send-email-tj@kernel.org> (raw)
In-Reply-To: <1385246402-1407-1-git-send-email-tj@kernel.org>
kernfs inherited "security.*" xattr support from sysfs. This patch
extends xattr support to "trusted.*" using simple_xattr_*(). As
trusted xattrs are restricted to CAP_SYS_ADMIN, simple_xattr_*() which
uses kernel memory for storage shouldn't be problematic.
Note that the existing "security.*" support doesn't implement
get/remove/list and the this patch only implements those ops for
"trusted.*". We probably want to extend those ops to include support
for "security.*".
This patch will allow using kernfs from cgroup which requires
"trusted.*" xattr support.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: David P. Quigley <dpquigl@tycho.nsa.gov>
---
fs/kernfs/dir.c | 12 ++++++---
fs/kernfs/inode.c | 63 +++++++++++++++++++++++++++++++++++++++------
fs/kernfs/kernfs-internal.h | 7 +++++
fs/kernfs/symlink.c | 3 +++
4 files changed, 74 insertions(+), 11 deletions(-)
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index f51e062..a441e3b 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -243,9 +243,12 @@ void kernfs_put(struct sysfs_dirent *sd)
kernfs_put(sd->s_symlink.target_sd);
if (sysfs_type(sd) & SYSFS_COPY_NAME)
kfree(sd->s_name);
- if (sd->s_iattr && sd->s_iattr->ia_secdata)
- security_release_secctx(sd->s_iattr->ia_secdata,
- sd->s_iattr->ia_secdata_len);
+ if (sd->s_iattr) {
+ if (sd->s_iattr->ia_secdata)
+ security_release_secctx(sd->s_iattr->ia_secdata,
+ sd->s_iattr->ia_secdata_len);
+ simple_xattrs_free(&sd->s_iattr->xattrs);
+ }
kfree(sd->s_iattr);
ida_simple_remove(&root->ino_ida, sd->s_ino);
kmem_cache_free(sysfs_dir_cachep, sd);
@@ -718,6 +721,9 @@ const struct inode_operations sysfs_dir_inode_operations = {
.setattr = sysfs_setattr,
.getattr = sysfs_getattr,
.setxattr = sysfs_setxattr,
+ .removexattr = sysfs_removexattr,
+ .getxattr = sysfs_getxattr,
+ .listxattr = sysfs_listxattr,
};
static struct sysfs_dirent *sysfs_leftmost_descendant(struct sysfs_dirent *pos)
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index a1f8382..18ad431 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -35,6 +35,9 @@ static const struct inode_operations sysfs_inode_operations = {
.setattr = sysfs_setattr,
.getattr = sysfs_getattr,
.setxattr = sysfs_setxattr,
+ .removexattr = sysfs_removexattr,
+ .getxattr = sysfs_getxattr,
+ .listxattr = sysfs_listxattr,
};
void __init sysfs_inode_init(void)
@@ -61,6 +64,8 @@ static struct sysfs_inode_attrs *sysfs_inode_attrs(struct sysfs_dirent *sd)
iattrs->ia_gid = GLOBAL_ROOT_GID;
iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME;
+ simple_xattrs_init(&sd->s_iattr->xattrs);
+
return sd->s_iattr;
}
@@ -162,23 +167,25 @@ int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
size_t size, int flags)
{
struct sysfs_dirent *sd = dentry->d_fsdata;
+ struct sysfs_inode_attrs *attrs;
void *secdata;
int error;
u32 secdata_len = 0;
- if (!sd)
- return -EINVAL;
+ attrs = sysfs_inode_attrs(sd);
+ if (!attrs)
+ return -ENOMEM;
if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {
const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
error = security_inode_setsecurity(dentry->d_inode, suffix,
value, size, flags);
if (error)
- goto out;
+ return error;
error = security_inode_getsecctx(dentry->d_inode,
&secdata, &secdata_len);
if (error)
- goto out;
+ return error;
mutex_lock(&sysfs_mutex);
error = sysfs_sd_setsecdata(sd, &secdata, &secdata_len);
@@ -186,10 +193,50 @@ int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
if (secdata)
security_release_secctx(secdata, secdata_len);
- } else
- return -EINVAL;
-out:
- return error;
+ return error;
+ } else if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
+ return simple_xattr_set(&attrs->xattrs, name, value, size,
+ flags);
+ }
+
+ return -EINVAL;
+}
+
+int sysfs_removexattr(struct dentry *dentry, const char *name)
+{
+ struct sysfs_dirent *sd = dentry->d_fsdata;
+ struct sysfs_inode_attrs *attrs;
+
+ attrs = sysfs_inode_attrs(sd);
+ if (!attrs)
+ return -ENOMEM;
+
+ return simple_xattr_remove(&attrs->xattrs, name);
+}
+
+ssize_t sysfs_getxattr(struct dentry *dentry, const char *name, void *buf,
+ size_t size)
+{
+ struct sysfs_dirent *sd = dentry->d_fsdata;
+ struct sysfs_inode_attrs *attrs;
+
+ attrs = sysfs_inode_attrs(sd);
+ if (!attrs)
+ return -ENOMEM;
+
+ return simple_xattr_get(&attrs->xattrs, name, buf, size);
+}
+
+ssize_t sysfs_listxattr(struct dentry *dentry, char *buf, size_t size)
+{
+ struct sysfs_dirent *sd = dentry->d_fsdata;
+ struct sysfs_inode_attrs *attrs;
+
+ attrs = sysfs_inode_attrs(sd);
+ if (!attrs)
+ return -ENOMEM;
+
+ return simple_xattr_list(&attrs->xattrs, buf, size);
}
static inline void set_default_inode_attr(struct inode *inode, umode_t mode)
diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h
index f25b354..910e485 100644
--- a/fs/kernfs/kernfs-internal.h
+++ b/fs/kernfs/kernfs-internal.h
@@ -14,6 +14,7 @@
#include <linux/lockdep.h>
#include <linux/fs.h>
#include <linux/mutex.h>
+#include <linux/xattr.h>
#include <linux/kernfs.h>
@@ -21,6 +22,8 @@ struct sysfs_inode_attrs {
struct iattr ia_iattr;
void *ia_secdata;
u32 ia_secdata_len;
+
+ struct simple_xattrs xattrs;
};
#define SD_DEACTIVATED_BIAS INT_MIN
@@ -81,6 +84,10 @@ int sysfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat);
int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
size_t size, int flags);
+int sysfs_removexattr(struct dentry *dentry, const char *name);
+ssize_t sysfs_getxattr(struct dentry *dentry, const char *name, void *buf,
+ size_t size);
+ssize_t sysfs_listxattr(struct dentry *dentry, char *buf, size_t size);
void sysfs_inode_init(void);
/*
diff --git a/fs/kernfs/symlink.c b/fs/kernfs/symlink.c
index 12569a7..adf2875 100644
--- a/fs/kernfs/symlink.c
+++ b/fs/kernfs/symlink.c
@@ -140,6 +140,9 @@ static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd,
const struct inode_operations sysfs_symlink_inode_operations = {
.setxattr = sysfs_setxattr,
+ .removexattr = sysfs_removexattr,
+ .getxattr = sysfs_getxattr,
+ .listxattr = sysfs_listxattr,
.readlink = generic_readlink,
.follow_link = sysfs_follow_link,
.put_link = sysfs_put_link,
--
1.8.4.2
next prev parent reply other threads:[~2013-11-23 22:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-23 22:40 [PATCHSET REPOST driver-core-next] kernfs: implement trusted.* xattr support Tejun Heo
2013-11-23 22:40 ` [PATCH 1/2] kernfs: update sysfs_init_inode_attrs() Tejun Heo
2013-11-23 22:40 ` Tejun Heo [this message]
2013-12-04 15:24 ` [PATCHSET REPOST driver-core-next] kernfs: implement trusted.* xattr support Tejun Heo
2013-12-04 15:33 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2013-11-05 2:08 [PATCHSET " Tejun Heo
2013-11-05 2:08 ` [PATCH 2/2] kernfs: implement "trusted.*" " Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1385246402-1407-3-git-send-email-tj@kernel.org \
--to=tj@kernel.org \
--cc=bhelgaas@google.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=ebiederm@xmission.com \
--cc=gregkh@linuxfoundation.org \
--cc=kay@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.