From: Christian Brauner <brauner@kernel.org>
To: Amir Goldstein <amir73il@gmail.com>
Cc: "Andrey Albershteyn" <aalbersh@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Matt Turner" <mattst88@gmail.com>,
"Russell King" <linux@armlinux.org.uk>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Michal Simek" <monstr@monstr.eu>,
"Thomas Bogendoerfer" <tsbogend@alpha.franken.de>,
"James E.J. Bottomley" <James.Bottomley@hansenpartnership.com>,
"Helge Deller" <deller@gmx.de>,
"Madhavan Srinivasan" <maddy@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Christophe Leroy" <christophe.leroy@csgroup.eu>,
"Naveen N Rao" <naveen@kernel.org>,
"Heiko Carstens" <hca@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
"Alexander Gordeev" <agordeev@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
"Yoshinori Sato" <ysato@users.sourceforge.jp>,
"Rich Felker" <dalias@libc.org>,
"John Paul Adrian Glaubitz" <glaubitz@physik.fu-berlin.de>,
"David S. Miller" <davem@davemloft.net>,
"Andreas Larsson" <andreas@gaisler.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Chris Zankel" <chris@zankel.net>,
"Max Filippov" <jcmvbkbc@gmail.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Jan Kara" <jack@suse.cz>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Pali Rohár" <pali@kernel.org>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org,
linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-s390@vger.kernel.org, linux-sh@vger.kernel.org,
sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-api@vger.kernel.org,
linux-arch@vger.kernel.org, linux-xfs@vger.kernel.org
Subject: Re: [PATCH v4 3/3] fs: introduce getfsxattrat and setfsxattrat syscalls
Date: Tue, 22 Apr 2025 17:14:10 +0200 [thread overview]
Message-ID: <20250422-gefressen-faucht-8ded2c9a5375@brauner> (raw)
In-Reply-To: <20250422-suchen-filmpreis-3573a913457c@brauner>
On Tue, Apr 22, 2025 at 04:31:29PM +0200, Christian Brauner wrote:
> On Thu, Mar 27, 2025 at 12:39:28PM +0100, Amir Goldstein wrote:
> > On Thu, Mar 27, 2025 at 10:33 AM Andrey Albershteyn <aalbersh@redhat.com> wrote:
> > >
> > > On 2025-03-23 09:56:25, Amir Goldstein wrote:
> > > > On Fri, Mar 21, 2025 at 8:49 PM Andrey Albershteyn <aalbersh@redhat.com> wrote:
> > > > >
> > > > > From: Andrey Albershteyn <aalbersh@redhat.com>
> > > > >
> > > > > Introduce getfsxattrat and setfsxattrat syscalls to manipulate inode
> > > > > extended attributes/flags. The syscalls take parent directory fd and
> > > > > path to the child together with struct fsxattr.
> > > > >
> > > > > This is an alternative to FS_IOC_FSSETXATTR ioctl with a difference
> > > > > that file don't need to be open as we can reference it with a path
> > > > > instead of fd. By having this we can manipulated inode extended
> > > > > attributes not only on regular files but also on special ones. This
> > > > > is not possible with FS_IOC_FSSETXATTR ioctl as with special files
> > > > > we can not call ioctl() directly on the filesystem inode using fd.
> > > > >
> > > > > This patch adds two new syscalls which allows userspace to get/set
> > > > > extended inode attributes on special files by using parent directory
> > > > > and a path - *at() like syscall.
> > > > >
> > > > > CC: linux-api@vger.kernel.org
> > > > > CC: linux-fsdevel@vger.kernel.org
> > > > > CC: linux-xfs@vger.kernel.org
> > > > > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
> > > > > Acked-by: Arnd Bergmann <arnd@arndb.de>
> > > > > ---
> > > > ...
> > > > > +SYSCALL_DEFINE5(setfsxattrat, int, dfd, const char __user *, filename,
> > > > > + struct fsxattr __user *, ufsx, size_t, usize,
> > > > > + unsigned int, at_flags)
> > > > > +{
> > > > > + struct fileattr fa;
> > > > > + struct path filepath;
> > > > > + int error;
> > > > > + unsigned int lookup_flags = 0;
> > > > > + struct filename *name;
> > > > > + struct mnt_idmap *idmap;.
> > > >
> > > > > + struct dentry *dentry;
> > > > > + struct vfsmount *mnt;
> > > > > + struct fsxattr fsx = {};
> > > > > +
> > > > > + BUILD_BUG_ON(sizeof(struct fsxattr) < FSXATTR_SIZE_VER0);
> > > > > + BUILD_BUG_ON(sizeof(struct fsxattr) != FSXATTR_SIZE_LATEST);
> > > > > +
> > > > > + if ((at_flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
> > > > > + return -EINVAL;
> > > > > +
> > > > > + if (!(at_flags & AT_SYMLINK_NOFOLLOW))
> > > > > + lookup_flags |= LOOKUP_FOLLOW;
> > > > > +
> > > > > + if (at_flags & AT_EMPTY_PATH)
> > > > > + lookup_flags |= LOOKUP_EMPTY;
> > > > > +
> > > > > + if (usize > PAGE_SIZE)
> > > > > + return -E2BIG;
> > > > > +
> > > > > + if (usize < FSXATTR_SIZE_VER0)
> > > > > + return -EINVAL;
> > > > > +
> > > > > + error = copy_struct_from_user(&fsx, sizeof(struct fsxattr), ufsx, usize);
> > > > > + if (error)
> > > > > + return error;
> > > > > +
> > > > > + fsxattr_to_fileattr(&fsx, &fa);
> > > > > +
> > > > > + name = getname_maybe_null(filename, at_flags);
> > > > > + if (!name) {
> > > > > + CLASS(fd, f)(dfd);
> > > > > +
> > > > > + if (fd_empty(f))
> > > > > + return -EBADF;
> > > > > +
> > > > > + idmap = file_mnt_idmap(fd_file(f));
> > > > > + dentry = file_dentry(fd_file(f));
> > > > > + mnt = fd_file(f)->f_path.mnt;
> > > > > + } else {
> > > > > + error = filename_lookup(dfd, name, lookup_flags, &filepath,
> > > > > + NULL);
> > > > > + if (error)
> > > > > + return error;
> > > > > +
> > > > > + idmap = mnt_idmap(filepath.mnt);
> > > > > + dentry = filepath.dentry;
> > > > > + mnt = filepath.mnt;
> > > > > + }
> > > > > +
> > > > > + error = mnt_want_write(mnt);
> > > > > + if (!error) {
> > > > > + error = vfs_fileattr_set(idmap, dentry, &fa);
> > > > > + if (error == -ENOIOCTLCMD)
> > > > > + error = -EOPNOTSUPP;
> > > >
> > > > This is awkward.
> > > > vfs_fileattr_set() should return -EOPNOTSUPP.
> > > > ioctl_setflags() could maybe convert it to -ENOIOCTLCMD,
> > > > but looking at similar cases ioctl_fiemap(), ioctl_fsfreeze() the
> > > > ioctl returns -EOPNOTSUPP.
> > > >
> > > > I don't think it is necessarily a bad idea to start returning
> > > > -EOPNOTSUPP instead of -ENOIOCTLCMD for the ioctl
> > > > because that really reflects the fact that the ioctl is now implemented
> > > > in vfs and not in the specific fs.
> > > >
> > > > and I think it would not be a bad idea at all to make that change
> > > > together with the merge of the syscalls as a sort of hint to userspace
> > > > that uses the ioctl, that the sycalls API exists.
> > > >
> > > > Thanks,
> > > > Amir.
> > > >
> > >
> > > Hmm, not sure what you're suggesting here. I see it as:
> > > - get/setfsxattrat should return EOPNOTSUPP as it make more sense
> > > than ENOIOCTLCMD
> > > - ioctl_setflags returns ENOIOCTLCMD which also expected
> > >
> > > Don't really see a reason to change what vfs_fileattr_set() returns
> > > and then copying this if() to other places or start returning
> > > EOPNOTSUPP.
> >
> > ENOIOCTLCMD conceptually means that the ioctl command is unknown
> > This is not the case since ->fileattr_[gs]et() became a vfs API
>
> vfs_fileattr_{g,s}et() should not return ENOIOCTLCMD. Change the return
> code to EOPNOTSUPP and then make EOPNOTSUPP be translated to ENOTTY on
> on overlayfs and to ENOIOCTLCMD in ecryptfs and in fs/ioctl.c. This way
> we get a clean VFS api while retaining current behavior. Amir can do his
> cleanup based on that.
Also this get/set dance is not something new apis should do. It should
be handled like setattr_prepare() or generic_fillattr() where the
filesystem calls a VFS helper and that does all of this based on the
current state of the inode instead of calling into the filesystem twice:
int vfs_fileattr_set(struct mnt_idmap *idmap, struct dentry *dentry,
struct fileattr *fa)
{
<snip>
inode_lock(inode);
err = vfs_fileattr_get(dentry, &old_ma);
if (!err) {
/* initialize missing bits from old_ma */
if (fa->flags_valid) {
<snip>
err = fileattr_set_prepare(inode, &old_ma, fa);
if (!err && !security_inode_setfsxattr(inode, fa))
err = inode->i_op->fileattr_set(idmap, dentry, fa);
next prev parent reply other threads:[~2025-04-22 15:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-21 19:48 [PATCH v4 0/3] fs: introduce getfsxattrat and setfsxattrat syscalls Andrey Albershteyn
2025-03-21 19:48 ` [PATCH v4 1/3] lsm: introduce new hooks for setting/getting inode fsxattr Andrey Albershteyn
2025-03-21 21:32 ` Paul Moore
2025-03-24 19:27 ` Mickaël Salaün
2025-03-27 9:19 ` Andrey Albershteyn
2025-03-24 19:21 ` Mickaël Salaün
2025-03-21 19:48 ` [PATCH v4 2/3] fs: split fileattr/fsxattr converters into helpers Andrey Albershteyn
2025-03-27 12:32 ` Jan Kara
2025-03-21 19:48 ` [PATCH v4 3/3] fs: introduce getfsxattrat and setfsxattrat syscalls Andrey Albershteyn
2025-03-23 8:56 ` Amir Goldstein
2025-03-27 9:33 ` Andrey Albershteyn
2025-03-27 11:39 ` Amir Goldstein
2025-04-22 14:31 ` Christian Brauner
2025-04-22 15:14 ` Christian Brauner [this message]
2025-04-25 18:16 ` Andrey Albershteyn
2025-04-28 9:17 ` Christian Brauner
2025-03-27 12:31 ` Jan Kara
2025-04-22 14:59 ` Christian Brauner
2025-04-23 9:53 ` Jan Kara
2025-04-24 9:06 ` Christian Brauner
2025-04-24 17:45 ` Andrey Albershteyn
2025-03-23 8:45 ` [PATCH v4 0/3] " Amir Goldstein
2025-03-23 10:32 ` Pali Rohár
2025-03-27 11:47 ` Amir Goldstein
2025-03-27 19:26 ` Pali Rohár
2025-03-27 20:57 ` Amir Goldstein
2025-03-27 21:13 ` Pali Rohár
2025-03-28 14:09 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250422-gefressen-faucht-8ded2c9a5375@brauner \
--to=brauner@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=aalbersh@redhat.com \
--cc=agordeev@linux.ibm.com \
--cc=amir73il@gmail.com \
--cc=andreas@gaisler.com \
--cc=arnd@arndb.de \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=chris@zankel.net \
--cc=christophe.leroy@csgroup.eu \
--cc=dalias@libc.org \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=geert@linux-m68k.org \
--cc=glaubitz@physik.fu-berlin.de \
--cc=gnoack@google.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=jack@suse.cz \
--cc=jcmvbkbc@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mattst88@gmail.com \
--cc=mic@digikod.net \
--cc=mingo@redhat.com \
--cc=monstr@monstr.eu \
--cc=mpe@ellerman.id.au \
--cc=naveen@kernel.org \
--cc=npiggin@gmail.com \
--cc=pali@kernel.org \
--cc=paul@paul-moore.com \
--cc=richard.henderson@linaro.org \
--cc=serge@hallyn.com \
--cc=sparclinux@vger.kernel.org \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tsbogend@alpha.franken.de \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox