From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Dave Hansen <dave@linux.vnet.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: Re: [PATCH 03/14] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp
Date: Mon, 26 Apr 2010 13:50:07 -0500 [thread overview]
Message-ID: <20100426185007.GA2029@us.ibm.com> (raw)
In-Reply-To: <1271886594-3719-4-git-send-email-zohar@linux.vnet.ibm.com>
Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):
> vfs_getxattr_alloc() and vfs_xattr_cmp() are two new kernel xattr
> helper functions. vfs_getxattr_alloc() first allocates memory for
> the requested xattr and then retrieves it. vfs_xattr_cmp() compares
> a given value with the contents of an extended attribute.
>
> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
(Heh, *thought* I had a hole to point to, but nope, looks good)
Acked-by: Serge Hallyn <serue@us.ibm.com>
thanks,
-serge
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 46f87e8..341ad71 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -159,6 +159,64 @@ out_noalloc:
> }
> EXPORT_SYMBOL_GPL(xattr_getsecurity);
>
> +/*
> + * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
> + *
> + * Allocate memory, if not already allocated, or re-allocate correct size,
> + * before retrieving the extended attribute.
> + *
> + * Returns the result of alloc, if failed, or the getxattr operation.
> + */
> +ssize_t
> +vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
> + size_t xattr_size, gfp_t flags)
> +{
> + struct inode *inode = dentry->d_inode;
> + char *value = *xattr_value;
> + int error;
> +
> + error = xattr_permission(inode, name, MAY_READ);
> + if (error)
> + return error;
> +
> + if (!inode->i_op->getxattr)
> + return -EOPNOTSUPP;
> +
> + error = inode->i_op->getxattr(dentry, name, NULL, 0);
> + if (error < 0)
> + return error;
> +
> + if (!value || (error > xattr_size)) {
> + value = krealloc(*xattr_value, error + 1, flags);
> + if (!value)
> + return -ENOMEM;
> + memset(value, 0, error + 1);
> + }
> +
> + error = inode->i_op->getxattr(dentry, name, value, error);
> + *xattr_value = value;
> + return error;
> +}
> +
> +/* Compare an extended attribute value with the given value */
> +int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
> + const char *value, size_t size, gfp_t flags)
> +{
> + char *xattr_value = NULL;
> + int rc;
> +
> + rc = vfs_getxattr_alloc(dentry, xattr_name, &xattr_value, 0, flags);
> + if (rc < 0)
> + return rc;
> +
> + if ((rc != size) || (memcmp(xattr_value, value, rc) != 0))
> + rc = -EINVAL;
> + else
> + rc = 0;
> + kfree(xattr_value);
> + return rc;
> +}
> +
> ssize_t
> vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
> {
> diff --git a/include/linux/xattr.h b/include/linux/xattr.h
> index d079bec..8698de3 100644
> --- a/include/linux/xattr.h
> +++ b/include/linux/xattr.h
> @@ -68,7 +68,10 @@ ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer,
> ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
> int generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags);
> int generic_removexattr(struct dentry *dentry, const char *name);
> -
> +ssize_t vfs_getxattr_alloc(struct dentry *dentry, const char *name,
> + char **xattr_value, size_t size, gfp_t flags);
> +int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
> + const char *value, size_t size, gfp_t flags);
> #endif /* __KERNEL__ */
>
> #endif /* _LINUX_XATTR_H */
> --
> 1.6.6.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-04-26 18:50 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-21 21:49 [PATCH 00/14] EVM Mimi Zohar
2010-04-21 21:49 ` [PATCH 01/14] integrity: move ima inode integrity data management Mimi Zohar
2010-04-21 21:49 ` [PATCH 02/14] security: move LSM xattrnames to xattr.h Mimi Zohar
2010-04-21 21:49 ` [PATCH 03/14] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2010-04-26 18:50 ` Serge E. Hallyn [this message]
2010-04-21 21:49 ` [PATCH 04/14] evm: re-release Mimi Zohar
2010-04-26 21:03 ` Serge E. Hallyn
2010-06-04 14:28 ` Stephen Smalley
2010-06-04 14:53 ` Mimi Zohar
2010-06-04 15:20 ` Stephen Smalley
2010-06-04 18:08 ` David Safford
2010-04-21 21:49 ` [PATCH 05/14] ima: move ima_file_free before releasing the file Mimi Zohar
2010-04-21 21:49 ` [PATCH 06/14] security: imbed evm calls in security hooks Mimi Zohar
2010-04-21 21:49 ` [PATCH 07/14] evm: inode post removexattr Mimi Zohar
2010-04-21 21:49 ` [PATCH 08/14] evm: imbed evm_inode_post_setattr Mimi Zohar
2010-04-21 21:49 ` [PATCH 09/14] evm: inode_post_init Mimi Zohar
2010-04-21 21:49 ` [PATCH 10/14] fs: add evm_inode_post_init calls Mimi Zohar
2010-04-21 21:49 ` [PATCH 11/14] ima: integrity appraisal extension Mimi Zohar
2010-04-21 21:49 ` [PATCH 12/14] ima: appraise default rules Mimi Zohar
2010-04-21 21:49 ` [PATCH 13/14] ima: inode post_setattr Mimi Zohar
2010-04-21 21:49 ` [PATCH 14/14] ima: add ima_inode_setxattr and ima_inode_removexattr Mimi Zohar
2010-04-21 21:58 ` [PATCH 00/14] EVM Randy Dunlap
2010-04-21 22:18 ` Mimi Zohar
2010-04-21 22:23 ` Randy Dunlap
2010-04-21 22:41 ` Mimi Zohar
2010-05-31 0:20 ` James Morris
2010-05-31 10:02 ` Shaz
2010-05-31 10:08 ` Shaz
2010-06-01 19:28 ` Mimi Zohar
2010-06-02 7:03 ` Dmitry Kasatkin
2010-06-02 7:50 ` Shaz
2010-06-02 9:12 ` Dmitry Kasatkin
2010-06-02 10:15 ` Shaz
2010-06-02 10:23 ` Dmitry Kasatkin
2010-06-02 14:02 ` Mimi Zohar
2010-06-04 6:53 ` Shaz
2010-06-04 15:09 ` Mimi Zohar
2010-06-04 18:47 ` Shaz
2010-06-04 0:57 ` James Morris
2010-06-04 6:56 ` Shaz
2010-06-04 20:25 ` [ProbableSpam] " David Safford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100426185007.GA2029@us.ibm.com \
--to=serue@us.ibm.com \
--cc=dave@linux.vnet.ibm.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.