Commit 2322392b authored by Tejun Heo's avatar Tejun Heo Committed by Greg Kroah-Hartman
Browse files

kernfs: implement "trusted.*" xattr support 



kernfs inherited "security.*" xattr support from sysfs.  This patch
extends xattr support to "trusted.*" using simple_xattr_*().  As
trusted xattrs are restricted to CAP_SYS_ADMIN, simple_xattr_*() which
uses kernel memory for storage shouldn't be problematic.

Note that the existing "security.*" support doesn't implement
get/remove/list and the this patch only implements those ops for
"trusted.*".  We probably want to extend those ops to include support
for "security.*".

This patch will allow using kernfs from cgroup which requires
"trusted.*" xattr support.

Signed-off-by: default avatarTejun Heo <tj@kernel.org>
Cc: David P. Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 9a8049af

fs/kernfs/dir.c

+9 −3
Original line number Diff line number Diff line
@@ -243,9 +243,12 @@ void kernfs_put(struct sysfs_dirent *sd) 
		kernfs_put(sd->s_symlink.target_sd);

	if (sysfs_type(sd) & SYSFS_COPY_NAME)

		kfree(sd->s_name);

	if (sd->s_iattr && sd->s_iattr->ia_secdata)

	if (sd->s_iattr) {

		if (sd->s_iattr->ia_secdata)

			security_release_secctx(sd->s_iattr->ia_secdata,

						sd->s_iattr->ia_secdata_len);

		simple_xattrs_free(&sd->s_iattr->xattrs);

	}

	kfree(sd->s_iattr);

	ida_simple_remove(&root->ino_ida, sd->s_ino);

	kmem_cache_free(sysfs_dir_cachep, sd);
@@ -718,6 +721,9 @@ const struct inode_operations sysfs_dir_inode_operations = { 
	.setattr	= sysfs_setattr,

	.getattr	= sysfs_getattr,

	.setxattr	= sysfs_setxattr,

	.removexattr	= sysfs_removexattr,

	.getxattr	= sysfs_getxattr,

	.listxattr	= sysfs_listxattr,

};



static struct sysfs_dirent *sysfs_leftmost_descendant(struct sysfs_dirent *pos)

fs/kernfs/inode.c

+55 −8
Original line number Diff line number Diff line
@@ -35,6 +35,9 @@ static const struct inode_operations sysfs_inode_operations = { 
	.setattr	= sysfs_setattr,

	.getattr	= sysfs_getattr,

	.setxattr	= sysfs_setxattr,

	.removexattr	= sysfs_removexattr,

	.getxattr	= sysfs_getxattr,

	.listxattr	= sysfs_listxattr,

};



void __init sysfs_inode_init(void)
@@ -61,6 +64,8 @@ static struct sysfs_inode_attrs *sysfs_inode_attrs(struct sysfs_dirent *sd) 
	iattrs->ia_gid = GLOBAL_ROOT_GID;

	iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME;



	simple_xattrs_init(&sd->s_iattr->xattrs);



	return sd->s_iattr;

}
@@ -162,23 +167,25 @@ int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value, 
		size_t size, int flags)

{

	struct sysfs_dirent *sd = dentry->d_fsdata;

	struct sysfs_inode_attrs *attrs;

	void *secdata;

	int error;

	u32 secdata_len = 0;



	if (!sd)

		return -EINVAL;

	attrs = sysfs_inode_attrs(sd);

	if (!attrs)

		return -ENOMEM;



	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {

		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;

		error = security_inode_setsecurity(dentry->d_inode, suffix,

						value, size, flags);

		if (error)

			goto out;

			return error;

		error = security_inode_getsecctx(dentry->d_inode,

						&secdata, &secdata_len);

		if (error)

			goto out;

			return error;



		mutex_lock(&sysfs_mutex);

		error = sysfs_sd_setsecdata(sd, &secdata, &secdata_len);
@@ -186,10 +193,50 @@ int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value, 


		if (secdata)

			security_release_secctx(secdata, secdata_len);

	} else

		return -EINVAL;

out:

		return error;

	} else if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {

		return simple_xattr_set(&attrs->xattrs, name, value, size,

					flags);

	}



	return -EINVAL;

}



int sysfs_removexattr(struct dentry *dentry, const char *name)

{

	struct sysfs_dirent *sd = dentry->d_fsdata;

	struct sysfs_inode_attrs *attrs;



	attrs = sysfs_inode_attrs(sd);

	if (!attrs)

		return -ENOMEM;



	return simple_xattr_remove(&attrs->xattrs, name);

}



ssize_t sysfs_getxattr(struct dentry *dentry, const char *name, void *buf,

		       size_t size)

{

	struct sysfs_dirent *sd = dentry->d_fsdata;

	struct sysfs_inode_attrs *attrs;



	attrs = sysfs_inode_attrs(sd);

	if (!attrs)

		return -ENOMEM;



	return simple_xattr_get(&attrs->xattrs, name, buf, size);

}



ssize_t sysfs_listxattr(struct dentry *dentry, char *buf, size_t size)

{

	struct sysfs_dirent *sd = dentry->d_fsdata;

	struct sysfs_inode_attrs *attrs;



	attrs = sysfs_inode_attrs(sd);

	if (!attrs)

		return -ENOMEM;



	return simple_xattr_list(&attrs->xattrs, buf, size);

}



static inline void set_default_inode_attr(struct inode *inode, umode_t mode)

fs/kernfs/kernfs-internal.h

+7 −0
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ 
#include <linux/lockdep.h>

#include <linux/fs.h>

#include <linux/mutex.h>

#include <linux/xattr.h>



#include <linux/kernfs.h>
@@ -21,6 +22,8 @@ struct sysfs_inode_attrs { 
	struct iattr		ia_iattr;

	void			*ia_secdata;

	u32			ia_secdata_len;



	struct simple_xattrs	xattrs;

};



#define SD_DEACTIVATED_BIAS		INT_MIN
@@ -81,6 +84,10 @@ int sysfs_getattr(struct vfsmount *mnt, struct dentry *dentry, 
		  struct kstat *stat);

int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,

		   size_t size, int flags);

int sysfs_removexattr(struct dentry *dentry, const char *name);

ssize_t sysfs_getxattr(struct dentry *dentry, const char *name, void *buf,

		       size_t size);

ssize_t sysfs_listxattr(struct dentry *dentry, char *buf, size_t size);

void sysfs_inode_init(void);



/*

fs/kernfs/symlink.c

+3 −0
Original line number Diff line number Diff line
@@ -140,6 +140,9 @@ static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, 


const struct inode_operations sysfs_symlink_inode_operations = {

	.setxattr	= sysfs_setxattr,

	.removexattr	= sysfs_removexattr,

	.getxattr	= sysfs_getxattr,

	.listxattr	= sysfs_listxattr,

	.readlink	= generic_readlink,

	.follow_link	= sysfs_follow_link,

	.put_link	= sysfs_put_link,

CRA Git | Maintained and supported by SUSTech CRA and CCSE