Re: [PATCH v2] Add security.* XATTR support for the UBIFS

[Stephen Smalley <sds@tycho.nsa.gov>]

On Wed, 2012-04-11 at 07:12 -0700, Subodh Nijsure wrote:
> On Wed, Apr 11, 2012 at 6:10 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On Wed, 2012-04-11 at 06:00 -0700, Subodh Nijsure wrote:
> >> On Tue, Apr 10, 2012 at 5:46 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >> > On Mon, 2012-04-09 at 16:51 -0700, subodh.nijsure@gmail.com wrote:
> >> >> From: Subodh Nijsure <snijsure@grid-net.com>
> >> >>
> >> >> Also fix couple of bugs in UBIFS extended attribute length calculation.
> >> >>
> >> >> Changes Since V1:
> >> >>          Instead of just handling security.selinux extended attribute handle
> >> >>          all security.* attributes.
> >> >>
> >> >> TESTING: Tested on  MX28 based platforms using Micron MT29F2G08ABAEAH4 NAND
> >> >>          With these change we are able to label UBIFS filesystem with
> >> >>          security.selinux and run system with selinux enabled.
> >> >>          This change also allows one to set other security.* extended
> >> >>          attributesr, such as security.smack security.evm, security.ima
> >> >>          Ran integck test on UBI filesystem.
> >> >>
> >> >> Signed-off-by: Subodh Nijsure <snijsure@grid-net.com>
> >> >> ---
> >> >>  fs/ubifs/dir.c     |    4 ++
> >> >>  fs/ubifs/file.c    |    6 ++
> >> >>  fs/ubifs/journal.c |   12 +++-
> >> >>  fs/ubifs/super.c   |    3 +
> >> >>  fs/ubifs/ubifs.h   |    9 +++
> >> >>  fs/ubifs/xattr.c   |  147 ++++++++++++++++++++++++++++++++++++++++++++++++----
> >> >>  6 files changed, 167 insertions(+), 14 deletions(-)
> >> >>
> >> >> diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
> >> >> index ec9f187..f4e06c4 100644
> >> >> --- a/fs/ubifs/dir.c
> >> >> +++ b/fs/ubifs/dir.c
> >> >> @@ -293,6 +293,7 @@ static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
> >> >>       ubifs_release_budget(c, &req);
> >> >>       insert_inode_hash(inode);
> >> >>       d_instantiate(dentry, inode);
> >> >> +     ubifs_init_security(dir, inode, &dentry->d_name);
> >> >>       return 0;
> >> >>
> >> >>  out_cancel:
> >> >
> >> > The ubifs_init_security() should occur before d_instantiate() so that
> >> > the inode is not accessible to other threads before its security
> >> > attributes have been set.  And if it fails, you would ideally drop the
> >> > inode altogether and return an error to the creating process.
> >> >
> >>
> >> I will look into moving ubifs_init_security() before d_instantiate().
> >> Last time I had tried I had run into some issues and had to keep
> >> creating inode and then creating xattr as two seperate items. I will
> >> look through the UBIFS code that actually creates xattr ubi nodes.
> >> Also I will wait for couple of days to send v3 patch with to see if
> >> mtd folks have other comments this patch.
> >
> > I'd favor moving the call to ubifs_init_security() inside of
> > ubifs_new_inode() so that it gets done as part of all inode creation.
> > To do that, you'll need to pass the &dentry->d_name (const struct qstr
> > *) down to ubifs_new_inode(). But you can see that it is done that way
> > for ext4_new_inode(), for example.
> >
> > --
> 
> Okay, I will look at that code little bit mode.
> 
> UBIFS create_xattr() (fs/ubifs/xattr.c)  calls ubifs_new_inode() so it
> can get tricky if I want to create xattr in ubifs_new_inode().
> 
> Also noticed that UBIFS doesn't d_instantiate() inode entry created to
> hold extended attribute, not certain if that would be an issue.
> 
> I will look how other fs manage xattrs, I certainly don't want to
> modify how UBIFS manages extended attributes.

Oh, I missed the fact that ubifs xattrs are implemented as their own
inodes.  In that case, I guess you don't want to do what I said above,
and your current approach is fine (aside from moving it up before
d_instantiate and handling the error case).  ext4 doesn't implement the
xattr as a regular inode so that is different.

-- 
Stephen Smalley
National Security Agency