1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Authors: Artem Bityutskiy (Битюцкий Артём) 20 * Adrian Hunter 21 */ 22 23 /* 24 * This file implements UBIFS extended attributes support. 25 * 26 * Extended attributes are implemented as regular inodes with attached data, 27 * which limits extended attribute size to UBIFS block size (4KiB). Names of 28 * extended attributes are described by extended attribute entries (xentries), 29 * which are almost identical to directory entries, but have different key type. 30 * 31 * In other words, the situation with extended attributes is very similar to 32 * directories. Indeed, any inode (but of course not xattr inodes) may have a 33 * number of associated xentries, just like directory inodes have associated 34 * directory entries. Extended attribute entries store the name of the extended 35 * attribute, the host inode number, and the extended attribute inode number. 36 * Similarly, direntries store the name, the parent and the target inode 37 * numbers. Thus, most of the common UBIFS mechanisms may be re-used for 38 * extended attributes. 39 * 40 * The number of extended attributes is not limited, but there is Linux 41 * limitation on the maximum possible size of the list of all extended 42 * attributes associated with an inode (%XATTR_LIST_MAX), so UBIFS makes sure 43 * the sum of all extended attribute names of the inode does not exceed that 44 * limit. 45 * 46 * Extended attributes are synchronous, which means they are written to the 47 * flash media synchronously and there is no write-back for extended attribute 48 * inodes. The extended attribute values are not stored in compressed form on 49 * the media. 50 * 51 * Since extended attributes are represented by regular inodes, they are cached 52 * in the VFS inode cache. The xentries are cached in the LNC cache (see 53 * tnc.c). 54 * 55 * ACL support is not implemented. 56 */ 57 58 #include <linux/xattr.h> 59 #include <linux/posix_acl_xattr.h> 60 #include "ubifs.h" 61 62 /* 63 * Limit the number of extended attributes per inode so that the total size 64 * (xattr_size) is guaranteeded to fit in an 'unsigned int'. 65 */ 66 #define MAX_XATTRS_PER_INODE 65535 67 68 /* 69 * Extended attribute type constants. 70 * 71 * USER_XATTR: user extended attribute ("user.*") 72 * TRUSTED_XATTR: trusted extended attribute ("trusted.*) 73 * SECURITY_XATTR: security extended attribute ("security.*") 74 */ 75 enum { 76 USER_XATTR, 77 TRUSTED_XATTR, 78 SECURITY_XATTR, 79 }; 80 81 static struct inode_operations none_inode_operations; 82 static struct address_space_operations none_address_operations; 83 static struct file_operations none_file_operations; 84 85 /** 86 * create_xattr - create an extended attribute. 87 * @c: UBIFS file-system description object 88 * @host: host inode 89 * @nm: extended attribute name 90 * @value: extended attribute value 91 * @size: size of extended attribute value 92 * 93 * This is a helper function which creates an extended attribute of name @nm 94 * and value @value for inode @host. The host inode is also updated on flash 95 * because the ctime and extended attribute accounting data changes. This 96 * function returns zero in case of success and a negative error code in case 97 * of failure. 98 */ 99 static int create_xattr(struct ubifs_info *c, struct inode *host, 100 const struct qstr *nm, const void *value, int size) 101 { 102 int err; 103 struct inode *inode; 104 struct ubifs_inode *ui, *host_ui = ubifs_inode(host); 105 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 106 .new_ino_d = size, .dirtied_ino = 1, 107 .dirtied_ino_d = host_ui->data_len}; 108 109 if (host_ui->xattr_cnt >= MAX_XATTRS_PER_INODE) 110 return -ENOSPC; 111 /* 112 * Linux limits the maximum size of the extended attribute names list 113 * to %XATTR_LIST_MAX. This means we should not allow creating more* 114 * extended attributes if the name list becomes larger. This limitation 115 * is artificial for UBIFS, though. 116 */ 117 if (host_ui->xattr_names + host_ui->xattr_cnt + 118 nm->len + 1 > XATTR_LIST_MAX) 119 return -ENOSPC; 120 121 err = ubifs_budget_space(c, &req); 122 if (err) 123 return err; 124 125 inode = ubifs_new_inode(c, host, S_IFREG | S_IRWXUGO); 126 if (IS_ERR(inode)) { 127 err = PTR_ERR(inode); 128 goto out_budg; 129 } 130 131 mutex_lock(&host_ui->ui_mutex); 132 /* Re-define all operations to be "nothing" */ 133 inode->i_mapping->a_ops = &none_address_operations; 134 inode->i_op = &none_inode_operations; 135 inode->i_fop = &none_file_operations; 136 137 inode->i_flags |= S_SYNC | S_NOATIME | S_NOCMTIME | S_NOQUOTA; 138 ui = ubifs_inode(inode); 139 ui->xattr = 1; 140 ui->flags |= UBIFS_XATTR_FL; 141 ui->data = kmalloc(size, GFP_NOFS); 142 if (!ui->data) { 143 err = -ENOMEM; 144 goto out_unlock; 145 } 146 147 memcpy(ui->data, value, size); 148 host->i_ctime = ubifs_current_time(host); 149 host_ui->xattr_cnt += 1; 150 host_ui->xattr_size += CALC_DENT_SIZE(nm->len); 151 host_ui->xattr_size += CALC_XATTR_BYTES(size); 152 host_ui->xattr_names += nm->len; 153 154 /* 155 * We do not use i_size_write() because nobody can race with us as we 156 * are holding host @host->i_mutex - every xattr operation for this 157 * inode is serialized by it. 158 */ 159 inode->i_size = ui->ui_size = size; 160 ui->data_len = size; 161 err = ubifs_jnl_update(c, host, nm, inode, 0, 1); 162 if (err) 163 goto out_cancel; 164 mutex_unlock(&host_ui->ui_mutex); 165 166 ubifs_release_budget(c, &req); 167 insert_inode_hash(inode); 168 iput(inode); 169 return 0; 170 171 out_cancel: 172 host_ui->xattr_cnt -= 1; 173 host_ui->xattr_size -= CALC_DENT_SIZE(nm->len); 174 host_ui->xattr_size -= CALC_XATTR_BYTES(size); 175 out_unlock: 176 mutex_unlock(&host_ui->ui_mutex); 177 make_bad_inode(inode); 178 iput(inode); 179 out_budg: 180 ubifs_release_budget(c, &req); 181 return err; 182 } 183 184 /** 185 * change_xattr - change an extended attribute. 186 * @c: UBIFS file-system description object 187 * @host: host inode 188 * @inode: extended attribute inode 189 * @value: extended attribute value 190 * @size: size of extended attribute value 191 * 192 * This helper function changes the value of extended attribute @inode with new 193 * data from @value. Returns zero in case of success and a negative error code 194 * in case of failure. 195 */ 196 static int change_xattr(struct ubifs_info *c, struct inode *host, 197 struct inode *inode, const void *value, int size) 198 { 199 int err; 200 struct ubifs_inode *host_ui = ubifs_inode(host); 201 struct ubifs_inode *ui = ubifs_inode(inode); 202 struct ubifs_budget_req req = { .dirtied_ino = 2, 203 .dirtied_ino_d = size + host_ui->data_len }; 204 205 ubifs_assert(ui->data_len == inode->i_size); 206 err = ubifs_budget_space(c, &req); 207 if (err) 208 return err; 209 210 mutex_lock(&host_ui->ui_mutex); 211 host->i_ctime = ubifs_current_time(host); 212 host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len); 213 host_ui->xattr_size += CALC_XATTR_BYTES(size); 214 215 kfree(ui->data); 216 ui->data = kmalloc(size, GFP_NOFS); 217 if (!ui->data) { 218 err = -ENOMEM; 219 goto out_unlock; 220 } 221 222 memcpy(ui->data, value, size); 223 inode->i_size = ui->ui_size = size; 224 ui->data_len = size; 225 226 /* 227 * It is important to write the host inode after the xattr inode 228 * because if the host inode gets synchronized (via 'fsync()'), then 229 * the extended attribute inode gets synchronized, because it goes 230 * before the host inode in the write-buffer. 231 */ 232 err = ubifs_jnl_change_xattr(c, inode, host); 233 if (err) 234 goto out_cancel; 235 mutex_unlock(&host_ui->ui_mutex); 236 237 ubifs_release_budget(c, &req); 238 return 0; 239 240 out_cancel: 241 host_ui->xattr_size -= CALC_XATTR_BYTES(size); 242 host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); 243 make_bad_inode(inode); 244 out_unlock: 245 mutex_unlock(&host_ui->ui_mutex); 246 ubifs_release_budget(c, &req); 247 return err; 248 } 249 250 /** 251 * check_namespace - check extended attribute name-space. 252 * @nm: extended attribute name 253 * 254 * This function makes sure the extended attribute name belongs to one of the 255 * supported extended attribute name-spaces. Returns name-space index in case 256 * of success and a negative error code in case of failure. 257 */ 258 static int check_namespace(const struct qstr *nm) 259 { 260 int type; 261 262 if (nm->len > UBIFS_MAX_NLEN) 263 return -ENAMETOOLONG; 264 265 if (!strncmp(nm->name, XATTR_TRUSTED_PREFIX, 266 XATTR_TRUSTED_PREFIX_LEN)) { 267 if (nm->name[sizeof(XATTR_TRUSTED_PREFIX) - 1] == '\0') 268 return -EINVAL; 269 type = TRUSTED_XATTR; 270 } else if (!strncmp(nm->name, XATTR_USER_PREFIX, 271 XATTR_USER_PREFIX_LEN)) { 272 if (nm->name[XATTR_USER_PREFIX_LEN] == '\0') 273 return -EINVAL; 274 type = USER_XATTR; 275 } else if (!strncmp(nm->name, XATTR_SECURITY_PREFIX, 276 XATTR_SECURITY_PREFIX_LEN)) { 277 if (nm->name[sizeof(XATTR_SECURITY_PREFIX) - 1] == '\0') 278 return -EINVAL; 279 type = SECURITY_XATTR; 280 } else 281 return -EOPNOTSUPP; 282 283 return type; 284 } 285 286 static struct inode *iget_xattr(struct ubifs_info *c, ino_t inum) 287 { 288 struct inode *inode; 289 290 inode = ubifs_iget(c->vfs_sb, inum); 291 if (IS_ERR(inode)) { 292 ubifs_err("dead extended attribute entry, error %d", 293 (int)PTR_ERR(inode)); 294 return inode; 295 } 296 if (ubifs_inode(inode)->xattr) 297 return inode; 298 ubifs_err("corrupt extended attribute entry"); 299 iput(inode); 300 return ERR_PTR(-EINVAL); 301 } 302 303 int ubifs_setxattr(struct dentry *dentry, const char *name, 304 const void *value, size_t size, int flags) 305 { 306 struct inode *inode, *host = dentry->d_inode; 307 struct ubifs_info *c = host->i_sb->s_fs_info; 308 struct qstr nm = { .name = name, .len = strlen(name) }; 309 struct ubifs_dent_node *xent; 310 union ubifs_key key; 311 int err, type; 312 313 dbg_gen("xattr '%s', host ino %lu ('%.*s'), size %zd", name, 314 host->i_ino, dentry->d_name.len, dentry->d_name.name, size); 315 316 if (size > UBIFS_MAX_INO_DATA) 317 return -ERANGE; 318 319 type = check_namespace(&nm); 320 if (type < 0) 321 return type; 322 323 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 324 if (!xent) 325 return -ENOMEM; 326 327 /* 328 * The extended attribute entries are stored in LNC, so multiple 329 * look-ups do not involve reading the flash. 330 */ 331 xent_key_init(c, &key, host->i_ino, &nm); 332 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 333 if (err) { 334 if (err != -ENOENT) 335 goto out_free; 336 337 if (flags & XATTR_REPLACE) 338 /* We are asked not to create the xattr */ 339 err = -ENODATA; 340 else 341 err = create_xattr(c, host, &nm, value, size); 342 goto out_free; 343 } 344 345 if (flags & XATTR_CREATE) { 346 /* We are asked not to replace the xattr */ 347 err = -EEXIST; 348 goto out_free; 349 } 350 351 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 352 if (IS_ERR(inode)) { 353 err = PTR_ERR(inode); 354 goto out_free; 355 } 356 357 err = change_xattr(c, host, inode, value, size); 358 iput(inode); 359 360 out_free: 361 kfree(xent); 362 return err; 363 } 364 365 ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, 366 size_t size) 367 { 368 struct inode *inode, *host = dentry->d_inode; 369 struct ubifs_info *c = host->i_sb->s_fs_info; 370 struct qstr nm = { .name = name, .len = strlen(name) }; 371 struct ubifs_inode *ui; 372 struct ubifs_dent_node *xent; 373 union ubifs_key key; 374 int err; 375 376 dbg_gen("xattr '%s', ino %lu ('%.*s'), buf size %zd", name, 377 host->i_ino, dentry->d_name.len, dentry->d_name.name, size); 378 379 err = check_namespace(&nm); 380 if (err < 0) 381 return err; 382 383 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 384 if (!xent) 385 return -ENOMEM; 386 387 mutex_lock(&host->i_mutex); 388 xent_key_init(c, &key, host->i_ino, &nm); 389 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 390 if (err) { 391 if (err == -ENOENT) 392 err = -ENODATA; 393 goto out_unlock; 394 } 395 396 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 397 if (IS_ERR(inode)) { 398 err = PTR_ERR(inode); 399 goto out_unlock; 400 } 401 402 ui = ubifs_inode(inode); 403 ubifs_assert(inode->i_size == ui->data_len); 404 ubifs_assert(ubifs_inode(host)->xattr_size > ui->data_len); 405 406 if (buf) { 407 /* If @buf is %NULL we are supposed to return the length */ 408 if (ui->data_len > size) { 409 dbg_err("buffer size %zd, xattr len %d", 410 size, ui->data_len); 411 err = -ERANGE; 412 goto out_iput; 413 } 414 415 memcpy(buf, ui->data, ui->data_len); 416 } 417 err = ui->data_len; 418 419 out_iput: 420 iput(inode); 421 out_unlock: 422 mutex_unlock(&host->i_mutex); 423 kfree(xent); 424 return err; 425 } 426 427 ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size) 428 { 429 union ubifs_key key; 430 struct inode *host = dentry->d_inode; 431 struct ubifs_info *c = host->i_sb->s_fs_info; 432 struct ubifs_inode *host_ui = ubifs_inode(host); 433 struct ubifs_dent_node *xent, *pxent = NULL; 434 int err, len, written = 0; 435 struct qstr nm = { .name = NULL }; 436 437 dbg_gen("ino %lu ('%.*s'), buffer size %zd", host->i_ino, 438 dentry->d_name.len, dentry->d_name.name, size); 439 440 len = host_ui->xattr_names + host_ui->xattr_cnt; 441 if (!buffer) 442 /* 443 * We should return the minimum buffer size which will fit a 444 * null-terminated list of all the extended attribute names. 445 */ 446 return len; 447 448 if (len > size) 449 return -ERANGE; 450 451 lowest_xent_key(c, &key, host->i_ino); 452 453 mutex_lock(&host->i_mutex); 454 while (1) { 455 int type; 456 457 xent = ubifs_tnc_next_ent(c, &key, &nm); 458 if (unlikely(IS_ERR(xent))) { 459 err = PTR_ERR(xent); 460 break; 461 } 462 463 nm.name = xent->name; 464 nm.len = le16_to_cpu(xent->nlen); 465 466 type = check_namespace(&nm); 467 if (unlikely(type < 0)) { 468 err = type; 469 break; 470 } 471 472 /* Show trusted namespace only for "power" users */ 473 if (type != TRUSTED_XATTR || capable(CAP_SYS_ADMIN)) { 474 memcpy(buffer + written, nm.name, nm.len + 1); 475 written += nm.len + 1; 476 } 477 478 kfree(pxent); 479 pxent = xent; 480 key_read(c, &xent->key, &key); 481 } 482 mutex_unlock(&host->i_mutex); 483 484 kfree(pxent); 485 if (err != -ENOENT) { 486 ubifs_err("cannot find next direntry, error %d", err); 487 return err; 488 } 489 490 ubifs_assert(written <= size); 491 return written; 492 } 493 494 static int remove_xattr(struct ubifs_info *c, struct inode *host, 495 struct inode *inode, const struct qstr *nm) 496 { 497 int err; 498 struct ubifs_inode *host_ui = ubifs_inode(host); 499 struct ubifs_inode *ui = ubifs_inode(inode); 500 struct ubifs_budget_req req = { .dirtied_ino = 1, .mod_dent = 1, 501 .dirtied_ino_d = host_ui->data_len }; 502 503 ubifs_assert(ui->data_len == inode->i_size); 504 505 err = ubifs_budget_space(c, &req); 506 if (err) 507 return err; 508 509 mutex_lock(&host_ui->ui_mutex); 510 host->i_ctime = ubifs_current_time(host); 511 host_ui->xattr_cnt -= 1; 512 host_ui->xattr_size -= CALC_DENT_SIZE(nm->len); 513 host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len); 514 host_ui->xattr_names -= nm->len; 515 516 err = ubifs_jnl_delete_xattr(c, host, inode, nm); 517 if (err) 518 goto out_cancel; 519 mutex_unlock(&host_ui->ui_mutex); 520 521 ubifs_release_budget(c, &req); 522 return 0; 523 524 out_cancel: 525 host_ui->xattr_cnt += 1; 526 host_ui->xattr_size += CALC_DENT_SIZE(nm->len); 527 host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); 528 mutex_unlock(&host_ui->ui_mutex); 529 ubifs_release_budget(c, &req); 530 make_bad_inode(inode); 531 return err; 532 } 533 534 int ubifs_removexattr(struct dentry *dentry, const char *name) 535 { 536 struct inode *inode, *host = dentry->d_inode; 537 struct ubifs_info *c = host->i_sb->s_fs_info; 538 struct qstr nm = { .name = name, .len = strlen(name) }; 539 struct ubifs_dent_node *xent; 540 union ubifs_key key; 541 int err; 542 543 dbg_gen("xattr '%s', ino %lu ('%.*s')", name, 544 host->i_ino, dentry->d_name.len, dentry->d_name.name); 545 ubifs_assert(mutex_is_locked(&host->i_mutex)); 546 547 err = check_namespace(&nm); 548 if (err < 0) 549 return err; 550 551 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 552 if (!xent) 553 return -ENOMEM; 554 555 xent_key_init(c, &key, host->i_ino, &nm); 556 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 557 if (err) { 558 if (err == -ENOENT) 559 err = -ENODATA; 560 goto out_free; 561 } 562 563 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 564 if (IS_ERR(inode)) { 565 err = PTR_ERR(inode); 566 goto out_free; 567 } 568 569 ubifs_assert(inode->i_nlink == 1); 570 inode->i_nlink = 0; 571 err = remove_xattr(c, host, inode, &nm); 572 if (err) 573 inode->i_nlink = 1; 574 575 /* If @i_nlink is 0, 'iput()' will delete the inode */ 576 iput(inode); 577 578 out_free: 579 kfree(xent); 580 return err; 581 } 582