Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp396567rdb; Thu, 30 Nov 2023 07:38:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IHDpFoJAcLG0tfbLzRVNOJFD7CeMBHGLmaR4KosEHRUt2GuzW9tqKXE8y4zsq/jKM5AhZ4G X-Received: by 2002:a05:6a00:1a8c:b0:6be:4e6e:2a85 with SMTP id e12-20020a056a001a8c00b006be4e6e2a85mr25039013pfv.30.1701358697767; Thu, 30 Nov 2023 07:38:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701358697; cv=none; d=google.com; s=arc-20160816; b=Swz7Y55O6KDz40fYE33DqINv9vX9eiZ6uEgauP0EIPQ0JiBPW5mAeA4fYSPLLUBnqF /DPYRUqBb7N2j7abqc4CX/bkIj4A5SpXzvSObN07gKywXIMenbTPkKU7wuYDAOzHhU1B GUgNLtgdZk0aQXnGkagFtINEHe0EToI5gKiLMWRFRjEk9hhylJ/JV0LSYuNjtriFEFWn KxTaAm6uk5FiMnCwIwNiRTNtKMYr6iVjpOYJl5aNG27iqgkm+iLcdxsRZvS68jRf5lIf TjNRUdGI2WMbuwbsPEkedrv1qsP+wq9m7MMUVnQ5LDh1lfiso7fKQTqtpOiLzJdrHiTq 0TCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=jwwmXeMPuyY49hBTuxKwQA4Wc2/npjquL0WPDwOGxaA=; fh=+vZwhLTSeTSKnU46TxpzbraKs0lTOVYQiil923WoDOY=; b=lzQitgRQ6rUzsoGjG+faKuFtFahO0JHXb3Pp2qaPuR5Z2jFObPAKoaxzSp+GHJBEgA d9ipUXJOaL3+nt18THz/G8ioUkhKN+bw6FZ/ZLlMK5puizzt9bG//cNt1i4cnqK2sQA9 7btNl8itvfRGYPCrsAgliZ4KCYZdKl9VClGY1zaWR6lK+EljneUWhxL9jrQRXZSuSXAf Q1vtCf5qhIJzIMuWEIbdGyqj774vn679yv11RlgHwQuyE7RlHfVhV4B7TCnlYPwP6YQK PouFmtmXCzHNq4zbu0dTHNG1tZxg2w0to6wjxUI+gxK00WfcyAWXit0I2FX74ZZ/B+Ln KjAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nuppY99F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id fi27-20020a056a00399b00b006cc0219fc85si1473867pfb.252.2023.11.30.07.38.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 07:38:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nuppY99F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 02CD7802F234; Thu, 30 Nov 2023 07:38:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346281AbjK3Ph7 (ORCPT + 99 others); Thu, 30 Nov 2023 10:37:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346334AbjK3Ph6 (ORCPT ); Thu, 30 Nov 2023 10:37:58 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57C6810C2 for ; Thu, 30 Nov 2023 07:38:05 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D9A9FC433C7; Thu, 30 Nov 2023 15:38:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701358685; bh=TYH67YY/vrV7LCaHvewMgY+OV3nAVb1Ax/9cHSFKzoI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=nuppY99F8p1LDyn+nSkuEYzAS+YVKpAhQxNpDdUjTgsoDe6BTntotyOg8I0NpXbs3 7K6zIDKIBLTZk/DbWA81w1Q9qoEd+l6w2kKNfOouBPx3d10zvSbhzAEMp/U+O6EdHe nkj3cz7G23WGV6UPExAS+M+5hWgqO7RFReEWtVUJ4Nd4Kl12d4nolLDeG+QYZT9CYR hntPSnx+3+diLqCdBPHx0dFk+OSND3/PXkkPsbOEikaGZ2U1HjXTyE3NfPjUdfa+MY 8mF1juW8ISvVagOeSxOsh+fZCPLKlCOQodVkZyd0pC6AxQ/BVTR6ruDUf3JZ51rfYX uslOgzqOWGqYg== Date: Thu, 30 Nov 2023 09:38:03 -0600 From: "Seth Forshee (DigitalOcean)" To: Amir Goldstein Cc: Christian Brauner , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Miklos Szeredi , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: Re: [PATCH 09/16] fs: add vfs_set_fscaps() Message-ID: References: <20231129-idmap-fscap-refactor-v1-0-da5a26058a5b@kernel.org> <20231129-idmap-fscap-refactor-v1-9-da5a26058a5b@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 30 Nov 2023 07:38:15 -0800 (PST) On Thu, Nov 30, 2023 at 10:01:55AM +0200, Amir Goldstein wrote: > On Wed, Nov 29, 2023 at 11:50 PM Seth Forshee (DigitalOcean) > wrote: > > > > Provide a type-safe interface for setting filesystem capabilities and a > > generic implementation suitable for most filesystems. > > > > Signed-off-by: Seth Forshee (DigitalOcean) > > --- > > fs/xattr.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > include/linux/fs.h | 2 ++ > > 2 files changed, 89 insertions(+) > > > > diff --git a/fs/xattr.c b/fs/xattr.c > > index 3abaf9bef0a5..03cc824e4f87 100644 > > --- a/fs/xattr.c > > +++ b/fs/xattr.c > > @@ -247,6 +247,93 @@ int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, > > } > > EXPORT_SYMBOL(vfs_get_fscaps); > > > > +static int generic_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, > > + const struct vfs_caps *caps, int flags) > > +{ > > + struct inode *inode = d_inode(dentry); > > + struct vfs_ns_cap_data nscaps; > > + int size; > > + > > + size = vfs_caps_to_xattr(idmap, i_user_ns(inode), caps, > > + &nscaps, sizeof(nscaps)); > > + if (size < 0) > > + return size; > > + > > + return __vfs_setxattr_noperm(idmap, dentry, XATTR_NAME_CAPS, > > + &nscaps, size, flags); > > +} > > + > > +/** > > + * vfs_set_fscaps - set filesystem capabilities > > + * @idmap: idmap of the mount the inode was found from > > + * @dentry: the dentry on which to set filesystem capabilities > > + * @caps: the filesystem capabilities to be written > > + * @flags: setxattr flags to use when writing the capabilities xattr > > + * > > + * This function writes the supplied filesystem capabilities to the dentry. > > + * > > + * Return: 0 on success, a negative errno on error. > > + */ > > +int vfs_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, > > + const struct vfs_caps *caps, int flags) > > +{ > > + struct inode *inode = d_inode(dentry); > > + struct inode *delegated_inode = NULL; > > + struct vfs_ns_cap_data nscaps; > > + int size, error; > > + > > + /* > > + * Unfortunately EVM wants to have the raw xattr value to compare to > > + * the on-disk version, so we need to pass the raw xattr to the > > + * security hooks. But we also want to do security checks before > > + * breaking leases, so that means a conversion to the raw xattr here > > + * which will usually be reduntant with the conversion we do for > > + * writing the xattr to disk. > > + */ > > + size = vfs_caps_to_xattr(idmap, i_user_ns(inode), caps, &nscaps, > > + sizeof(nscaps)); > > + if (size < 0) > > + return size; > > + > > +retry_deleg: > > + inode_lock(inode); > > + > > + error = xattr_permission(idmap, inode, XATTR_NAME_CAPS, MAY_WRITE); > > + if (error) > > + goto out_inode_unlock; > > + error = security_inode_setxattr(idmap, dentry, XATTR_NAME_CAPS, &nscaps, > > + size, flags); > > + if (error) > > + goto out_inode_unlock; > > + > > + error = try_break_deleg(inode, &delegated_inode); > > + if (error) > > + goto out_inode_unlock; > > + > > + if (inode->i_opflags & IOP_XATTR) { > > + if (inode->i_op->set_fscaps) > > + error = inode->i_op->set_fscaps(idmap, dentry, caps, flags); > > + else > > + error = generic_set_fscaps(idmap, dentry, caps, flags); > > I think the non-generic case is missing fsnotify_xattr(). > > See vfs_set_acl() for comparison. Good catch. I'm going to have another look at some of this in light of some of your other feedback, but I'll get it fixed one way or another in v2.