xref: /openbmc/linux/fs/ubifs/xattr.c (revision 545e4006)
1 /*
2  * This file is part of UBIFS.
3  *
4  * Copyright (C) 2006-2008 Nokia Corporation.
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 as published by
8  * the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 51
17  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors: Artem Bityutskiy (Битюцкий Артём)
20  *          Adrian Hunter
21  */
22 
23 /*
24  * This file implements UBIFS extended attributes support.
25  *
26  * Extended attributes are implemented as regular inodes with attached data,
27  * which limits extended attribute size to UBIFS block size (4KiB). Names of
28  * extended attributes are described by extended attribute entries (xentries),
29  * which are almost identical to directory entries, but have different key type.
30  *
31  * In other words, the situation with extended attributes is very similar to
32  * directories. Indeed, any inode (but of course not xattr inodes) may have a
33  * number of associated xentries, just like directory inodes have associated
34  * directory entries. Extended attribute entries store the name of the extended
35  * attribute, the host inode number, and the extended attribute inode number.
36  * Similarly, direntries store the name, the parent and the target inode
37  * numbers. Thus, most of the common UBIFS mechanisms may be re-used for
38  * extended attributes.
39  *
40  * The number of extended attributes is not limited, but there is Linux
41  * limitation on the maximum possible size of the list of all extended
42  * attributes associated with an inode (%XATTR_LIST_MAX), so UBIFS makes sure
43  * the sum of all extended attribute names of the inode does not exceed that
44  * limit.
45  *
46  * Extended attributes are synchronous, which means they are written to the
47  * flash media synchronously and there is no write-back for extended attribute
48  * inodes. The extended attribute values are not stored in compressed form on
49  * the media.
50  *
51  * Since extended attributes are represented by regular inodes, they are cached
52  * in the VFS inode cache. The xentries are cached in the LNC cache (see
53  * tnc.c).
54  *
55  * ACL support is not implemented.
56  */
57 
58 #include <linux/xattr.h>
59 #include <linux/posix_acl_xattr.h>
60 #include "ubifs.h"
61 
62 /*
63  * Limit the number of extended attributes per inode so that the total size
64  * (xattr_size) is guaranteeded to fit in an 'unsigned int'.
65  */
66 #define MAX_XATTRS_PER_INODE 65535
67 
68 /*
69  * Extended attribute type constants.
70  *
71  * USER_XATTR: user extended attribute ("user.*")
72  * TRUSTED_XATTR: trusted extended attribute ("trusted.*)
73  * SECURITY_XATTR: security extended attribute ("security.*")
74  */
75 enum {
76 	USER_XATTR,
77 	TRUSTED_XATTR,
78 	SECURITY_XATTR,
79 };
80 
81 static struct inode_operations none_inode_operations;
82 static struct address_space_operations none_address_operations;
83 static struct file_operations none_file_operations;
84 
85 /**
86  * create_xattr - create an extended attribute.
87  * @c: UBIFS file-system description object
88  * @host: host inode
89  * @nm: extended attribute name
90  * @value: extended attribute value
91  * @size: size of extended attribute value
92  *
93  * This is a helper function which creates an extended attribute of name @nm
94  * and value @value for inode @host. The host inode is also updated on flash
95  * because the ctime and extended attribute accounting data changes. This
96  * function returns zero in case of success and a negative error code in case
97  * of failure.
98  */
99 static int create_xattr(struct ubifs_info *c, struct inode *host,
100 			const struct qstr *nm, const void *value, int size)
101 {
102 	int err;
103 	struct inode *inode;
104 	struct ubifs_inode *ui, *host_ui = ubifs_inode(host);
105 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
106 					.new_ino_d = size, .dirtied_ino = 1,
107 					.dirtied_ino_d = host_ui->data_len};
108 
109 	if (host_ui->xattr_cnt >= MAX_XATTRS_PER_INODE)
110 		return -ENOSPC;
111 	/*
112 	 * Linux limits the maximum size of the extended attribute names list
113 	 * to %XATTR_LIST_MAX. This means we should not allow creating more*
114 	 * extended attributes if the name list becomes larger. This limitation
115 	 * is artificial for UBIFS, though.
116 	 */
117 	if (host_ui->xattr_names + host_ui->xattr_cnt +
118 					nm->len + 1 > XATTR_LIST_MAX)
119 		return -ENOSPC;
120 
121 	err = ubifs_budget_space(c, &req);
122 	if (err)
123 		return err;
124 
125 	inode = ubifs_new_inode(c, host, S_IFREG | S_IRWXUGO);
126 	if (IS_ERR(inode)) {
127 		err = PTR_ERR(inode);
128 		goto out_budg;
129 	}
130 
131 	mutex_lock(&host_ui->ui_mutex);
132 	/* Re-define all operations to be "nothing" */
133 	inode->i_mapping->a_ops = &none_address_operations;
134 	inode->i_op = &none_inode_operations;
135 	inode->i_fop = &none_file_operations;
136 
137 	inode->i_flags |= S_SYNC | S_NOATIME | S_NOCMTIME | S_NOQUOTA;
138 	ui = ubifs_inode(inode);
139 	ui->xattr = 1;
140 	ui->flags |= UBIFS_XATTR_FL;
141 	ui->data = kmalloc(size, GFP_NOFS);
142 	if (!ui->data) {
143 		err = -ENOMEM;
144 		goto out_unlock;
145 	}
146 
147 	memcpy(ui->data, value, size);
148 	host->i_ctime = ubifs_current_time(host);
149 	host_ui->xattr_cnt += 1;
150 	host_ui->xattr_size += CALC_DENT_SIZE(nm->len);
151 	host_ui->xattr_size += CALC_XATTR_BYTES(size);
152 	host_ui->xattr_names += nm->len;
153 
154 	/*
155 	 * We do not use i_size_write() because nobody can race with us as we
156 	 * are holding host @host->i_mutex - every xattr operation for this
157 	 * inode is serialized by it.
158 	 */
159 	inode->i_size = ui->ui_size = size;
160 	ui->data_len = size;
161 	err = ubifs_jnl_update(c, host, nm, inode, 0, 1);
162 	if (err)
163 		goto out_cancel;
164 	mutex_unlock(&host_ui->ui_mutex);
165 
166 	ubifs_release_budget(c, &req);
167 	insert_inode_hash(inode);
168 	iput(inode);
169 	return 0;
170 
171 out_cancel:
172 	host_ui->xattr_cnt -= 1;
173 	host_ui->xattr_size -= CALC_DENT_SIZE(nm->len);
174 	host_ui->xattr_size -= CALC_XATTR_BYTES(size);
175 out_unlock:
176 	mutex_unlock(&host_ui->ui_mutex);
177 	make_bad_inode(inode);
178 	iput(inode);
179 out_budg:
180 	ubifs_release_budget(c, &req);
181 	return err;
182 }
183 
184 /**
185  * change_xattr - change an extended attribute.
186  * @c: UBIFS file-system description object
187  * @host: host inode
188  * @inode: extended attribute inode
189  * @value: extended attribute value
190  * @size: size of extended attribute value
191  *
192  * This helper function changes the value of extended attribute @inode with new
193  * data from @value. Returns zero in case of success and a negative error code
194  * in case of failure.
195  */
196 static int change_xattr(struct ubifs_info *c, struct inode *host,
197 			struct inode *inode, const void *value, int size)
198 {
199 	int err;
200 	struct ubifs_inode *host_ui = ubifs_inode(host);
201 	struct ubifs_inode *ui = ubifs_inode(inode);
202 	struct ubifs_budget_req req = { .dirtied_ino = 2,
203 				.dirtied_ino_d = size + host_ui->data_len };
204 
205 	ubifs_assert(ui->data_len == inode->i_size);
206 	err = ubifs_budget_space(c, &req);
207 	if (err)
208 		return err;
209 
210 	mutex_lock(&host_ui->ui_mutex);
211 	host->i_ctime = ubifs_current_time(host);
212 	host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len);
213 	host_ui->xattr_size += CALC_XATTR_BYTES(size);
214 
215 	kfree(ui->data);
216 	ui->data = kmalloc(size, GFP_NOFS);
217 	if (!ui->data) {
218 		err = -ENOMEM;
219 		goto out_unlock;
220 	}
221 
222 	memcpy(ui->data, value, size);
223 	inode->i_size = ui->ui_size = size;
224 	ui->data_len = size;
225 
226 	/*
227 	 * It is important to write the host inode after the xattr inode
228 	 * because if the host inode gets synchronized (via 'fsync()'), then
229 	 * the extended attribute inode gets synchronized, because it goes
230 	 * before the host inode in the write-buffer.
231 	 */
232 	err = ubifs_jnl_change_xattr(c, inode, host);
233 	if (err)
234 		goto out_cancel;
235 	mutex_unlock(&host_ui->ui_mutex);
236 
237 	ubifs_release_budget(c, &req);
238 	return 0;
239 
240 out_cancel:
241 	host_ui->xattr_size -= CALC_XATTR_BYTES(size);
242 	host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len);
243 	make_bad_inode(inode);
244 out_unlock:
245 	mutex_unlock(&host_ui->ui_mutex);
246 	ubifs_release_budget(c, &req);
247 	return err;
248 }
249 
250 /**
251  * check_namespace - check extended attribute name-space.
252  * @nm: extended attribute name
253  *
254  * This function makes sure the extended attribute name belongs to one of the
255  * supported extended attribute name-spaces. Returns name-space index in case
256  * of success and a negative error code in case of failure.
257  */
258 static int check_namespace(const struct qstr *nm)
259 {
260 	int type;
261 
262 	if (nm->len > UBIFS_MAX_NLEN)
263 		return -ENAMETOOLONG;
264 
265 	if (!strncmp(nm->name, XATTR_TRUSTED_PREFIX,
266 		     XATTR_TRUSTED_PREFIX_LEN)) {
267 		if (nm->name[sizeof(XATTR_TRUSTED_PREFIX) - 1] == '\0')
268 			return -EINVAL;
269 		type = TRUSTED_XATTR;
270 	} else if (!strncmp(nm->name, XATTR_USER_PREFIX,
271 				      XATTR_USER_PREFIX_LEN)) {
272 		if (nm->name[XATTR_USER_PREFIX_LEN] == '\0')
273 			return -EINVAL;
274 		type = USER_XATTR;
275 	} else if (!strncmp(nm->name, XATTR_SECURITY_PREFIX,
276 				     XATTR_SECURITY_PREFIX_LEN)) {
277 		if (nm->name[sizeof(XATTR_SECURITY_PREFIX) - 1] == '\0')
278 			return -EINVAL;
279 		type = SECURITY_XATTR;
280 	} else
281 		return -EOPNOTSUPP;
282 
283 	return type;
284 }
285 
286 static struct inode *iget_xattr(struct ubifs_info *c, ino_t inum)
287 {
288 	struct inode *inode;
289 
290 	inode = ubifs_iget(c->vfs_sb, inum);
291 	if (IS_ERR(inode)) {
292 		ubifs_err("dead extended attribute entry, error %d",
293 			  (int)PTR_ERR(inode));
294 		return inode;
295 	}
296 	if (ubifs_inode(inode)->xattr)
297 		return inode;
298 	ubifs_err("corrupt extended attribute entry");
299 	iput(inode);
300 	return ERR_PTR(-EINVAL);
301 }
302 
303 int ubifs_setxattr(struct dentry *dentry, const char *name,
304 		   const void *value, size_t size, int flags)
305 {
306 	struct inode *inode, *host = dentry->d_inode;
307 	struct ubifs_info *c = host->i_sb->s_fs_info;
308 	struct qstr nm = { .name = name, .len = strlen(name) };
309 	struct ubifs_dent_node *xent;
310 	union ubifs_key key;
311 	int err, type;
312 
313 	dbg_gen("xattr '%s', host ino %lu ('%.*s'), size %zd", name,
314 		host->i_ino, dentry->d_name.len, dentry->d_name.name, size);
315 
316 	if (size > UBIFS_MAX_INO_DATA)
317 		return -ERANGE;
318 
319 	type = check_namespace(&nm);
320 	if (type < 0)
321 		return type;
322 
323 	xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS);
324 	if (!xent)
325 		return -ENOMEM;
326 
327 	/*
328 	 * The extended attribute entries are stored in LNC, so multiple
329 	 * look-ups do not involve reading the flash.
330 	 */
331 	xent_key_init(c, &key, host->i_ino, &nm);
332 	err = ubifs_tnc_lookup_nm(c, &key, xent, &nm);
333 	if (err) {
334 		if (err != -ENOENT)
335 			goto out_free;
336 
337 		if (flags & XATTR_REPLACE)
338 			/* We are asked not to create the xattr */
339 			err = -ENODATA;
340 		else
341 			err = create_xattr(c, host, &nm, value, size);
342 		goto out_free;
343 	}
344 
345 	if (flags & XATTR_CREATE) {
346 		/* We are asked not to replace the xattr */
347 		err = -EEXIST;
348 		goto out_free;
349 	}
350 
351 	inode = iget_xattr(c, le64_to_cpu(xent->inum));
352 	if (IS_ERR(inode)) {
353 		err = PTR_ERR(inode);
354 		goto out_free;
355 	}
356 
357 	err = change_xattr(c, host, inode, value, size);
358 	iput(inode);
359 
360 out_free:
361 	kfree(xent);
362 	return err;
363 }
364 
365 ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf,
366 		       size_t size)
367 {
368 	struct inode *inode, *host = dentry->d_inode;
369 	struct ubifs_info *c = host->i_sb->s_fs_info;
370 	struct qstr nm = { .name = name, .len = strlen(name) };
371 	struct ubifs_inode *ui;
372 	struct ubifs_dent_node *xent;
373 	union ubifs_key key;
374 	int err;
375 
376 	dbg_gen("xattr '%s', ino %lu ('%.*s'), buf size %zd", name,
377 		host->i_ino, dentry->d_name.len, dentry->d_name.name, size);
378 
379 	err = check_namespace(&nm);
380 	if (err < 0)
381 		return err;
382 
383 	xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS);
384 	if (!xent)
385 		return -ENOMEM;
386 
387 	mutex_lock(&host->i_mutex);
388 	xent_key_init(c, &key, host->i_ino, &nm);
389 	err = ubifs_tnc_lookup_nm(c, &key, xent, &nm);
390 	if (err) {
391 		if (err == -ENOENT)
392 			err = -ENODATA;
393 		goto out_unlock;
394 	}
395 
396 	inode = iget_xattr(c, le64_to_cpu(xent->inum));
397 	if (IS_ERR(inode)) {
398 		err = PTR_ERR(inode);
399 		goto out_unlock;
400 	}
401 
402 	ui = ubifs_inode(inode);
403 	ubifs_assert(inode->i_size == ui->data_len);
404 	ubifs_assert(ubifs_inode(host)->xattr_size > ui->data_len);
405 
406 	if (buf) {
407 		/* If @buf is %NULL we are supposed to return the length */
408 		if (ui->data_len > size) {
409 			dbg_err("buffer size %zd, xattr len %d",
410 				size, ui->data_len);
411 			err = -ERANGE;
412 			goto out_iput;
413 		}
414 
415 		memcpy(buf, ui->data, ui->data_len);
416 	}
417 	err = ui->data_len;
418 
419 out_iput:
420 	iput(inode);
421 out_unlock:
422 	mutex_unlock(&host->i_mutex);
423 	kfree(xent);
424 	return err;
425 }
426 
427 ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size)
428 {
429 	union ubifs_key key;
430 	struct inode *host = dentry->d_inode;
431 	struct ubifs_info *c = host->i_sb->s_fs_info;
432 	struct ubifs_inode *host_ui = ubifs_inode(host);
433 	struct ubifs_dent_node *xent, *pxent = NULL;
434 	int err, len, written = 0;
435 	struct qstr nm = { .name = NULL };
436 
437 	dbg_gen("ino %lu ('%.*s'), buffer size %zd", host->i_ino,
438 		dentry->d_name.len, dentry->d_name.name, size);
439 
440 	len = host_ui->xattr_names + host_ui->xattr_cnt;
441 	if (!buffer)
442 		/*
443 		 * We should return the minimum buffer size which will fit a
444 		 * null-terminated list of all the extended attribute names.
445 		 */
446 		return len;
447 
448 	if (len > size)
449 		return -ERANGE;
450 
451 	lowest_xent_key(c, &key, host->i_ino);
452 
453 	mutex_lock(&host->i_mutex);
454 	while (1) {
455 		int type;
456 
457 		xent = ubifs_tnc_next_ent(c, &key, &nm);
458 		if (unlikely(IS_ERR(xent))) {
459 			err = PTR_ERR(xent);
460 			break;
461 		}
462 
463 		nm.name = xent->name;
464 		nm.len = le16_to_cpu(xent->nlen);
465 
466 		type = check_namespace(&nm);
467 		if (unlikely(type < 0)) {
468 			err = type;
469 			break;
470 		}
471 
472 		/* Show trusted namespace only for "power" users */
473 		if (type != TRUSTED_XATTR || capable(CAP_SYS_ADMIN)) {
474 			memcpy(buffer + written, nm.name, nm.len + 1);
475 			written += nm.len + 1;
476 		}
477 
478 		kfree(pxent);
479 		pxent = xent;
480 		key_read(c, &xent->key, &key);
481 	}
482 	mutex_unlock(&host->i_mutex);
483 
484 	kfree(pxent);
485 	if (err != -ENOENT) {
486 		ubifs_err("cannot find next direntry, error %d", err);
487 		return err;
488 	}
489 
490 	ubifs_assert(written <= size);
491 	return written;
492 }
493 
494 static int remove_xattr(struct ubifs_info *c, struct inode *host,
495 			struct inode *inode, const struct qstr *nm)
496 {
497 	int err;
498 	struct ubifs_inode *host_ui = ubifs_inode(host);
499 	struct ubifs_inode *ui = ubifs_inode(inode);
500 	struct ubifs_budget_req req = { .dirtied_ino = 1, .mod_dent = 1,
501 					.dirtied_ino_d = host_ui->data_len };
502 
503 	ubifs_assert(ui->data_len == inode->i_size);
504 
505 	err = ubifs_budget_space(c, &req);
506 	if (err)
507 		return err;
508 
509 	mutex_lock(&host_ui->ui_mutex);
510 	host->i_ctime = ubifs_current_time(host);
511 	host_ui->xattr_cnt -= 1;
512 	host_ui->xattr_size -= CALC_DENT_SIZE(nm->len);
513 	host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len);
514 	host_ui->xattr_names -= nm->len;
515 
516 	err = ubifs_jnl_delete_xattr(c, host, inode, nm);
517 	if (err)
518 		goto out_cancel;
519 	mutex_unlock(&host_ui->ui_mutex);
520 
521 	ubifs_release_budget(c, &req);
522 	return 0;
523 
524 out_cancel:
525 	host_ui->xattr_cnt += 1;
526 	host_ui->xattr_size += CALC_DENT_SIZE(nm->len);
527 	host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len);
528 	mutex_unlock(&host_ui->ui_mutex);
529 	ubifs_release_budget(c, &req);
530 	make_bad_inode(inode);
531 	return err;
532 }
533 
534 int ubifs_removexattr(struct dentry *dentry, const char *name)
535 {
536 	struct inode *inode, *host = dentry->d_inode;
537 	struct ubifs_info *c = host->i_sb->s_fs_info;
538 	struct qstr nm = { .name = name, .len = strlen(name) };
539 	struct ubifs_dent_node *xent;
540 	union ubifs_key key;
541 	int err;
542 
543 	dbg_gen("xattr '%s', ino %lu ('%.*s')", name,
544 		host->i_ino, dentry->d_name.len, dentry->d_name.name);
545 	ubifs_assert(mutex_is_locked(&host->i_mutex));
546 
547 	err = check_namespace(&nm);
548 	if (err < 0)
549 		return err;
550 
551 	xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS);
552 	if (!xent)
553 		return -ENOMEM;
554 
555 	xent_key_init(c, &key, host->i_ino, &nm);
556 	err = ubifs_tnc_lookup_nm(c, &key, xent, &nm);
557 	if (err) {
558 		if (err == -ENOENT)
559 			err = -ENODATA;
560 		goto out_free;
561 	}
562 
563 	inode = iget_xattr(c, le64_to_cpu(xent->inum));
564 	if (IS_ERR(inode)) {
565 		err = PTR_ERR(inode);
566 		goto out_free;
567 	}
568 
569 	ubifs_assert(inode->i_nlink == 1);
570 	inode->i_nlink = 0;
571 	err = remove_xattr(c, host, inode, &nm);
572 	if (err)
573 		inode->i_nlink = 1;
574 
575 	/* If @i_nlink is 0, 'iput()' will delete the inode */
576 	iput(inode);
577 
578 out_free:
579 	kfree(xent);
580 	return err;
581 }
582