From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1DDC2951B1 for ; Mon, 12 May 2025 13:25:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747056335; cv=none; b=b2uJGqyYG4qaHQrM7DvRKdBoxrKvBkNOFreLjyGpKCVvbRbdTeI2ExRMxReMBEpzoewYJkLZPT0UycbE7fuKXWCgpfM/gU77AVLIyCRNgXaj16Kvj7RkcrXvKvNHXcqSzaPAJYOEMgYWQXZxkUb80/LGdXn/FsIgv1gaYZOh+T0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747056335; c=relaxed/simple; bh=DoJT2dz8txJo2HLysgqy6uqVMVeur99HqA28GNGz35o=; h=From:Subject:Date:Message-Id:MIME-Version:Content-Type:To:Cc; b=c14AqRctaqmbCUD2PaBVht2fZzmlZsnlKVzi7qyz+zopJcMuSrsgzQjk0LHk1Um7a/McvTCjIe/xl1eGUcqXd1v4wXKrnsZ4L6XQCRqzdmb356oe6uA/7J8s3GEfeZD8g5tDw1sDVWC/ApuiwkgdOYeWvo4tAjkHU2zyatOpKmA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ewW/u3nJ; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ewW/u3nJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1747056330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=znSs0IWOkqtw8MwO3eoXgDf53PvMGgHP2+ODqAezjoE=; b=ewW/u3nJIaP/Bvcfw95pAv/jIcWDn7HL5EFYgNLhenKBSjm5lHxzhUh27k0PE79UwyDpra x5ewkfOfYYQdQSSLymVSxiZF4xLR7lVl0CuGEh9zSo7bun63quIk1gJyJzhhneSWDgD5Be h2npp4KW/FgcojvmpV7a4jFgNYCx/wo= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-436-o4mr0Ni8M8Wy4uRnUWQ1hA-1; Mon, 12 May 2025 09:25:27 -0400 X-MC-Unique: o4mr0Ni8M8Wy4uRnUWQ1hA-1 X-Mimecast-MFC-AGG-ID: o4mr0Ni8M8Wy4uRnUWQ1hA_1747056327 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-5fc8fb2614eso3598005a12.3 for ; Mon, 12 May 2025 06:25:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747056322; x=1747661122; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=znSs0IWOkqtw8MwO3eoXgDf53PvMGgHP2+ODqAezjoE=; b=gaknuPbJYAoc9+gohjYdSd9nV0EzR+VTwFGBhbOAu7/7XLClhqw4yjbDwSRzsgXfL4 57y+I4pdYIohXjDsD6x+B8Si81HsJtZaNm+8Jyt3fHuVqBXGReLyqOgCEaspV2uCROQe milEIEGqoemeJm0mnt2/w+56uilsJ5vo/NZGdeqAcb4jT4XtVMf+cI7+e/wUlbg4BKC8 gOZMIdECIb/c7HBXOpmEA6/3Dxh0VauETK+MEAfhd9+Q5FZah8sY9yIxMc632MFahZ9T WaDqSlwuQ7sFaCZwhoHZXYWW2ZP/aM+zJ7dtlYx8Exyq1gqVTuemsRfJ/+0PjXtsuisk bsHQ== X-Forwarded-Encrypted: i=1; AJvYcCU8J37h+c2vGtYYzqHuA+EV2ljLGLdL30kM1Y5v1aw6ZrUoqYT5gnmLzqQ0CnzmGV8MyXfE5B3NQ4B8@vger.kernel.org X-Gm-Message-State: AOJu0Yza/8YFVqMUToJ2syiknxlsJAgGaxfibmdrC5BWQ42KmpJ9uNnl hi1v3UA64Rqq0KYjNaALhcIvykjoxkEhdlIdHd4ywi5CwCEAziYsVQin4IhKlnMeX6R8DxKMqmm qP32AOFsWXTOL+jy0imDynZNhEAoO1XmvXUjWZQr6nCq9VejXoRXcWN+4VA== X-Gm-Gg: ASbGncukmpGyOrX4vrSJb1gWdV1BwWz7sVOL31WZhxrmGqGO+h1eIqPws46o4r6fNO8 NoTYbmtLkOHmS4DQEb/XczIxu700eZyyaWThPyb4NxnSzKFcBElTPTJPIVePIgvDhxW4l6nCkjD 2gIf6EUgZF6RY2WZ7gbFSzbOsebFv4qgP40x50Xs0qzv4OHjCDJp7gLMwcaqepyBgvXMv8vdE46 ya3l3MzKI2jduP6CCTIp8BKyxvqvCNMUGihfcJ7xKQm5iq/hcX15v5B0CkdJfPygTbFbos8SIN+ j3hQ5a6asu6KVEqPdNBCu6iM3VU= X-Received: by 2002:a05:6402:210a:b0:5fd:d62b:6dc5 with SMTP id 4fb4d7f45d1cf-5fdd62b7050mr3299854a12.29.1747056321438; Mon, 12 May 2025 06:25:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFaL41IYlcRU0gfEoHIziqFeoGWmkEphkigf6LhzVcLkqHPd4BCHb1Ws6xsUyGCgK+qlle9IQ== X-Received: by 2002:a05:6402:210a:b0:5fd:d62b:6dc5 with SMTP id 4fb4d7f45d1cf-5fdd62b7050mr3299802a12.29.1747056320855; Mon, 12 May 2025 06:25:20 -0700 (PDT) Received: from [127.0.0.1] (109-92-26-237.static.isp.telekom.rs. [109.92.26.237]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5fc9cc2633bsm5788360a12.20.2025.05.12.06.25.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 May 2025 06:25:20 -0700 (PDT) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn Subject: [PATCH v5 0/7] fs: introduce file_getattr and file_setattr syscalls Date: Mon, 12 May 2025 15:25:11 +0200 Message-Id: <20250512-xattrat-syscall-v5-0-4cd6821e8ff7@kernel.org> Precedence: bulk X-Mailing-List: sparclinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIALf2IWgC/23NTQrCMBCG4auUrI0kkx9bV95DXCTNRIOllaSEl tK7m4ogosv3g3lmIQljwESO1UIi5pDC0JdQu4q0N9NfkQZXmgADxTiXdDLjGM1I05xa03VUG86 FduCsaki5ekT0YXqJ50vpW0jjEOfXgwzb+rYAfqwMlFNlhWZOettaON0x9tjth3glG5bFBwDOf wFRAMMOjitfN/UfQH4AAX8ASRkVWANqbwVo+QWs6/oEtac3pDEBAAA= X-Change-ID: 20250114-xattrat-syscall-6a1136d2db59 To: Richard Henderson , Matt Turner , Russell King , Catalin Marinas , Will Deacon , Geert Uytterhoeven , Michal Simek , Thomas Bogendoerfer , "James E.J. Bottomley" , Helge Deller , Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Yoshinori Sato , Rich Felker , John Paul Adrian Glaubitz , "David S. Miller" , Andreas Larsson , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Chris Zankel , Max Filippov , Alexander Viro , Christian Brauner , Jan Kara , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnther_Noack?= , Arnd Bergmann , =?utf-8?q?Pali_Roh=C3=A1r?= , Paul Moore , James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek , Tyler Hicks , Miklos Szeredi , Amir Goldstein Cc: linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, selinux@vger.kernel.org, ecryptfs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, Andrey Albershteyn , Andrey Albershteyn X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=7943; i=aalbersh@kernel.org; h=from:subject:message-id; bh=DoJT2dz8txJo2HLysgqy6uqVMVeur99HqA28GNGz35o=; b=owJ4nJvAy8zAJea2/JXEGuOHHIyn1ZIYMhS/7b0QKJ82jaWWRVhW4In5zAcZBvx6qUEv70UqB RWJuk0Pbe4oZWEQ42KQFVNkWSetNTWpSCr/iEGNPMwcViaQIQxcnAIwEaVkRoYnXrLFK7oFvFPP XX3zsO+a598Q0ciHIVO31Phv4lnUsfglw2+2XZma+/KWM07dl6f18X/n3LKzLzyvfH/awin/Nt3 6lSETAMKKRyg= X-Developer-Key: i=aalbersh@kernel.org; a=openpgp; fpr=AE1B2A9562721A6FC4307C1F46A7EA18AC33E108 This patchset introduced two new syscalls file_getattr() and file_setattr(). These syscalls are similar to FS_IOC_FSSETXATTR ioctl() except they use *at() semantics. Therefore, there's no need to open the file to get a fd. These syscalls allow userspace to set filesystem inode attributes on special files. One of the usage examples is XFS quota projects. XFS has project quotas which could be attached to a directory. All new inodes in these directories inherit project ID set on parent directory. The project is created from userspace by opening and calling FS_IOC_FSSETXATTR on each inode. This is not possible for special files such as FIFO, SOCK, BLK etc. Therefore, some inodes are left with empty project ID. Those inodes then are not shown in the quota accounting but still exist in the directory. This is not critical but in the case when special files are created in the directory with already existing project quota, these new inodes inherit extended attributes. This creates a mix of special files with and without attributes. Moreover, special files with attributes don't have a possibility to become clear or change the attributes. This, in turn, prevents userspace from re-creating quota project on these existing files. NAME file_getattr/file_setattr - get/set filesystem inode attributes SYNOPSIS #include /* Definition of SYS_* constants */ #include long syscall(SYS_file_getattr, int dirfd, const char *pathname, struct fsxattr *fsx, size_t size, unsigned int at_flags); long syscall(SYS_file_setattr, int dirfd, const char *pathname, struct fsxattr *fsx, size_t size, unsigned int at_flags); Note: glibc doesn't provide for file_getattr()/file_setattr(), use syscall(2) instead. DESCRIPTION The syscalls take fd and path. If path is absolute, fd is not used. If path is empty, fd can be AT_FDCWD or any valid fd which will be used to get/set attributes on. This is an alternative to FS_IOC_FSGETXATTR/FS_IOC_FSSETXATTR ioctl with a difference that file don't need to be open as we can reference it with a path instead of fd. By having this we can manipulated filesystem inode attributes not only on regular files but also on special ones. This is not possible with FS_IOC_FSSETXATTR ioctl as with special files we can not call ioctl() directly on the filesystem inode using file descriptor. at_flags can be set to AT_SYMLINK_NOFOLLOW or AT_EMPTY_PATH. RETURN VALUE On success, 0 is returned. On error, -1 is returned, and errno is set to indicate the error. ERRORS EINVAL Invalid at_flag specified (only AT_SYMLINK_NOFOLLOW and AT_EMPTY_PATH is supported). EINVAL Size was smaller than any known version of struct fsxattr. EINVAL Invalid combination of parameters provided in fsxattr for this type of file. E2BIG Size of input argument **struct fsxattr** is too big. EBADF Invalid file descriptor was provided. EPERM No permission to change this file. EOPNOTSUPP Filesystem does not support setting attributes on this type of inode HISTORY Added in Linux 6.15. EXAMPLE Create directory and file "mkdir ./dir && touch ./dir/foo" and then execute the following program: #include #include #include #include #include #include #include int main(int argc, char **argv) { int dfd; int error; struct fsxattr fsx; dfd = open("./dir", O_RDONLY); if (dfd == -1) { printf("can not open ./dir"); return dfd; } error = syscall(467, dfd, "./foo", &fsx, 0); if (error) { printf("can not call 467: %s", strerror(errno)); return error; } printf("dir/foo flags: %d\n", fsx.fsx_xflags); fsx.fsx_xflags |= FS_XFLAG_NODUMP; error = syscall(468, dfd, "./foo", &fsx, 0); if (error) { printf("can not call 468: %s", strerror(errno)); return error; } printf("dir/foo flags: %d\n", fsx.fsx_xflags); return error; } SEE ALSO ioctl(2), ioctl_iflags(2), ioctl_xfs_fsgetxattr(2) --- Changes in v5: - Remove setting of LOOKUP_EMPTY flags which does not have any effect - Return -ENOSUPP from vfs_fileattr_set() - Add fsxattr masking (by Amir) - Fix UAF issue dentry - Fix getname_maybe_null() issue with NULL path - Implement file_getattr/file_setattr hooks - Return LSM return code from file_setattr - Rename from getfsxattrat/setfsxattrat to file_getattr/file_setattr - Link to v4: https://lore.kernel.org/r/20250321-xattrat-syscall-v4-0-3e82e6fb3264@kernel.org Changes in v4: - Use getname_maybe_null() for correct handling of dfd + path semantic - Remove restriction for special files on which flags are allowed - Utilize copy_struct_from_user() for better future compatibility - Add draft man page to cover letter - Convert -ENOIOCTLCMD to -EOPNOSUPP as more appropriate for syscall - Add missing __user to header declaration of syscalls - Link to v3: https://lore.kernel.org/r/20250211-xattrat-syscall-v3-1-a07d15f898b2@kernel.org Changes in v3: - Remove unnecessary "dfd is dir" check as it checked in user_path_at() - Remove unnecessary "same filesystem" check - Use CLASS() instead of directly calling fdget/fdput - Link to v2: https://lore.kernel.org/r/20250122-xattrat-syscall-v2-1-5b360d4fbcb2@kernel.org v1: https://lore.kernel.org/linuxppc-dev/20250109174540.893098-1-aalbersh@kernel.org/ Previous discussion: https://lore.kernel.org/linux-xfs/20240520164624.665269-2-aalbersh@redhat.com/ --- Amir Goldstein (1): fs: prepare for extending file_get/setattr() Andrey Albershteyn (6): fs: split fileattr related helpers into separate file lsm: introduce new hooks for setting/getting inode fsxattr selinux: implement inode_file_[g|s]etattr hooks fs: split fileattr/fsxattr converters into helpers fs: make vfs_fileattr_[get|set] return -EOPNOSUPP fs: introduce file_getattr and file_setattr syscalls arch/alpha/kernel/syscalls/syscall.tbl | 2 + arch/arm/tools/syscall.tbl | 2 + arch/arm64/tools/syscall_32.tbl | 2 + arch/m68k/kernel/syscalls/syscall.tbl | 2 + arch/microblaze/kernel/syscalls/syscall.tbl | 2 + arch/mips/kernel/syscalls/syscall_n32.tbl | 2 + arch/mips/kernel/syscalls/syscall_n64.tbl | 2 + arch/mips/kernel/syscalls/syscall_o32.tbl | 2 + arch/parisc/kernel/syscalls/syscall.tbl | 2 + arch/powerpc/kernel/syscalls/syscall.tbl | 2 + arch/s390/kernel/syscalls/syscall.tbl | 2 + arch/sh/kernel/syscalls/syscall.tbl | 2 + arch/sparc/kernel/syscalls/syscall.tbl | 2 + arch/x86/entry/syscalls/syscall_32.tbl | 2 + arch/x86/entry/syscalls/syscall_64.tbl | 2 + arch/xtensa/kernel/syscalls/syscall.tbl | 2 + fs/Makefile | 3 +- fs/ecryptfs/inode.c | 8 +- fs/file_attr.c | 475 ++++++++++++++++++++++++++++ fs/ioctl.c | 309 ------------------ fs/overlayfs/inode.c | 2 +- include/linux/fileattr.h | 26 ++ include/linux/lsm_hook_defs.h | 2 + include/linux/security.h | 16 + include/linux/syscalls.h | 6 + include/uapi/asm-generic/unistd.h | 8 +- include/uapi/linux/fs.h | 3 + security/security.c | 30 ++ security/selinux/hooks.c | 14 + 29 files changed, 621 insertions(+), 313 deletions(-) --- base-commit: 0d8d44db295ccad20052d6301ef49ff01fb8ae2d change-id: 20250114-xattrat-syscall-6a1136d2db59 Best regards, -- Andrey Albershteyn