1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Authors: Artem Bityutskiy (Битюцкий Артём) 20 * Adrian Hunter 21 */ 22 23 /* 24 * This file implements UBIFS extended attributes support. 25 * 26 * Extended attributes are implemented as regular inodes with attached data, 27 * which limits extended attribute size to UBIFS block size (4KiB). Names of 28 * extended attributes are described by extended attribute entries (xentries), 29 * which are almost identical to directory entries, but have different key type. 30 * 31 * In other words, the situation with extended attributes is very similar to 32 * directories. Indeed, any inode (but of course not xattr inodes) may have a 33 * number of associated xentries, just like directory inodes have associated 34 * directory entries. Extended attribute entries store the name of the extended 35 * attribute, the host inode number, and the extended attribute inode number. 36 * Similarly, direntries store the name, the parent and the target inode 37 * numbers. Thus, most of the common UBIFS mechanisms may be re-used for 38 * extended attributes. 39 * 40 * The number of extended attributes is not limited, but there is Linux 41 * limitation on the maximum possible size of the list of all extended 42 * attributes associated with an inode (%XATTR_LIST_MAX), so UBIFS makes sure 43 * the sum of all extended attribute names of the inode does not exceed that 44 * limit. 45 * 46 * Extended attributes are synchronous, which means they are written to the 47 * flash media synchronously and there is no write-back for extended attribute 48 * inodes. The extended attribute values are not stored in compressed form on 49 * the media. 50 * 51 * Since extended attributes are represented by regular inodes, they are cached 52 * in the VFS inode cache. The xentries are cached in the LNC cache (see 53 * tnc.c). 54 * 55 * ACL support is not implemented. 56 */ 57 58 #include "ubifs.h" 59 #include <linux/xattr.h> 60 #include <linux/posix_acl_xattr.h> 61 62 /* 63 * Limit the number of extended attributes per inode so that the total size 64 * (@xattr_size) is guaranteeded to fit in an 'unsigned int'. 65 */ 66 #define MAX_XATTRS_PER_INODE 65535 67 68 /* 69 * Extended attribute type constants. 70 * 71 * USER_XATTR: user extended attribute ("user.*") 72 * TRUSTED_XATTR: trusted extended attribute ("trusted.*) 73 * SECURITY_XATTR: security extended attribute ("security.*") 74 */ 75 enum { 76 USER_XATTR, 77 TRUSTED_XATTR, 78 SECURITY_XATTR, 79 }; 80 81 static const struct inode_operations none_inode_operations; 82 static const struct address_space_operations none_address_operations; 83 static const struct file_operations none_file_operations; 84 85 /** 86 * create_xattr - create an extended attribute. 87 * @c: UBIFS file-system description object 88 * @host: host inode 89 * @nm: extended attribute name 90 * @value: extended attribute value 91 * @size: size of extended attribute value 92 * 93 * This is a helper function which creates an extended attribute of name @nm 94 * and value @value for inode @host. The host inode is also updated on flash 95 * because the ctime and extended attribute accounting data changes. This 96 * function returns zero in case of success and a negative error code in case 97 * of failure. 98 */ 99 static int create_xattr(struct ubifs_info *c, struct inode *host, 100 const struct qstr *nm, const void *value, int size) 101 { 102 int err; 103 struct inode *inode; 104 struct ubifs_inode *ui, *host_ui = ubifs_inode(host); 105 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 106 .new_ino_d = ALIGN(size, 8), .dirtied_ino = 1, 107 .dirtied_ino_d = ALIGN(host_ui->data_len, 8) }; 108 109 if (host_ui->xattr_cnt >= MAX_XATTRS_PER_INODE) 110 return -ENOSPC; 111 /* 112 * Linux limits the maximum size of the extended attribute names list 113 * to %XATTR_LIST_MAX. This means we should not allow creating more 114 * extended attributes if the name list becomes larger. This limitation 115 * is artificial for UBIFS, though. 116 */ 117 if (host_ui->xattr_names + host_ui->xattr_cnt + 118 nm->len + 1 > XATTR_LIST_MAX) 119 return -ENOSPC; 120 121 err = ubifs_budget_space(c, &req); 122 if (err) 123 return err; 124 125 inode = ubifs_new_inode(c, host, S_IFREG | S_IRWXUGO); 126 if (IS_ERR(inode)) { 127 err = PTR_ERR(inode); 128 goto out_budg; 129 } 130 131 /* Re-define all operations to be "nothing" */ 132 inode->i_mapping->a_ops = &none_address_operations; 133 inode->i_op = &none_inode_operations; 134 inode->i_fop = &none_file_operations; 135 136 inode->i_flags |= S_SYNC | S_NOATIME | S_NOCMTIME | S_NOQUOTA; 137 ui = ubifs_inode(inode); 138 ui->xattr = 1; 139 ui->flags |= UBIFS_XATTR_FL; 140 ui->data = kmalloc(size, GFP_NOFS); 141 if (!ui->data) { 142 err = -ENOMEM; 143 goto out_free; 144 } 145 memcpy(ui->data, value, size); 146 inode->i_size = ui->ui_size = size; 147 ui->data_len = size; 148 149 mutex_lock(&host_ui->ui_mutex); 150 host->i_ctime = ubifs_current_time(host); 151 host_ui->xattr_cnt += 1; 152 host_ui->xattr_size += CALC_DENT_SIZE(nm->len); 153 host_ui->xattr_size += CALC_XATTR_BYTES(size); 154 host_ui->xattr_names += nm->len; 155 156 err = ubifs_jnl_update(c, host, nm, inode, 0, 1); 157 if (err) 158 goto out_cancel; 159 mutex_unlock(&host_ui->ui_mutex); 160 161 ubifs_release_budget(c, &req); 162 insert_inode_hash(inode); 163 iput(inode); 164 return 0; 165 166 out_cancel: 167 host_ui->xattr_cnt -= 1; 168 host_ui->xattr_size -= CALC_DENT_SIZE(nm->len); 169 host_ui->xattr_size -= CALC_XATTR_BYTES(size); 170 mutex_unlock(&host_ui->ui_mutex); 171 out_free: 172 make_bad_inode(inode); 173 iput(inode); 174 out_budg: 175 ubifs_release_budget(c, &req); 176 return err; 177 } 178 179 /** 180 * change_xattr - change an extended attribute. 181 * @c: UBIFS file-system description object 182 * @host: host inode 183 * @inode: extended attribute inode 184 * @value: extended attribute value 185 * @size: size of extended attribute value 186 * 187 * This helper function changes the value of extended attribute @inode with new 188 * data from @value. Returns zero in case of success and a negative error code 189 * in case of failure. 190 */ 191 static int change_xattr(struct ubifs_info *c, struct inode *host, 192 struct inode *inode, const void *value, int size) 193 { 194 int err; 195 struct ubifs_inode *host_ui = ubifs_inode(host); 196 struct ubifs_inode *ui = ubifs_inode(inode); 197 struct ubifs_budget_req req = { .dirtied_ino = 2, 198 .dirtied_ino_d = ALIGN(size, 8) + ALIGN(host_ui->data_len, 8) }; 199 200 ubifs_assert(ui->data_len == inode->i_size); 201 err = ubifs_budget_space(c, &req); 202 if (err) 203 return err; 204 205 kfree(ui->data); 206 ui->data = kmalloc(size, GFP_NOFS); 207 if (!ui->data) { 208 err = -ENOMEM; 209 goto out_free; 210 } 211 memcpy(ui->data, value, size); 212 inode->i_size = ui->ui_size = size; 213 ui->data_len = size; 214 215 mutex_lock(&host_ui->ui_mutex); 216 host->i_ctime = ubifs_current_time(host); 217 host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len); 218 host_ui->xattr_size += CALC_XATTR_BYTES(size); 219 220 /* 221 * It is important to write the host inode after the xattr inode 222 * because if the host inode gets synchronized (via 'fsync()'), then 223 * the extended attribute inode gets synchronized, because it goes 224 * before the host inode in the write-buffer. 225 */ 226 err = ubifs_jnl_change_xattr(c, inode, host); 227 if (err) 228 goto out_cancel; 229 mutex_unlock(&host_ui->ui_mutex); 230 231 ubifs_release_budget(c, &req); 232 return 0; 233 234 out_cancel: 235 host_ui->xattr_size -= CALC_XATTR_BYTES(size); 236 host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); 237 mutex_unlock(&host_ui->ui_mutex); 238 make_bad_inode(inode); 239 out_free: 240 ubifs_release_budget(c, &req); 241 return err; 242 } 243 244 /** 245 * check_namespace - check extended attribute name-space. 246 * @nm: extended attribute name 247 * 248 * This function makes sure the extended attribute name belongs to one of the 249 * supported extended attribute name-spaces. Returns name-space index in case 250 * of success and a negative error code in case of failure. 251 */ 252 static int check_namespace(const struct qstr *nm) 253 { 254 int type; 255 256 if (nm->len > UBIFS_MAX_NLEN) 257 return -ENAMETOOLONG; 258 259 if (!strncmp(nm->name, XATTR_TRUSTED_PREFIX, 260 XATTR_TRUSTED_PREFIX_LEN)) { 261 if (nm->name[sizeof(XATTR_TRUSTED_PREFIX) - 1] == '\0') 262 return -EINVAL; 263 type = TRUSTED_XATTR; 264 } else if (!strncmp(nm->name, XATTR_USER_PREFIX, 265 XATTR_USER_PREFIX_LEN)) { 266 if (nm->name[XATTR_USER_PREFIX_LEN] == '\0') 267 return -EINVAL; 268 type = USER_XATTR; 269 } else if (!strncmp(nm->name, XATTR_SECURITY_PREFIX, 270 XATTR_SECURITY_PREFIX_LEN)) { 271 if (nm->name[sizeof(XATTR_SECURITY_PREFIX) - 1] == '\0') 272 return -EINVAL; 273 type = SECURITY_XATTR; 274 } else 275 return -EOPNOTSUPP; 276 277 return type; 278 } 279 280 static struct inode *iget_xattr(struct ubifs_info *c, ino_t inum) 281 { 282 struct inode *inode; 283 284 inode = ubifs_iget(c->vfs_sb, inum); 285 if (IS_ERR(inode)) { 286 ubifs_err("dead extended attribute entry, error %d", 287 (int)PTR_ERR(inode)); 288 return inode; 289 } 290 if (ubifs_inode(inode)->xattr) 291 return inode; 292 ubifs_err("corrupt extended attribute entry"); 293 iput(inode); 294 return ERR_PTR(-EINVAL); 295 } 296 297 int ubifs_setxattr(struct dentry *dentry, const char *name, 298 const void *value, size_t size, int flags) 299 { 300 struct inode *inode, *host = dentry->d_inode; 301 struct ubifs_info *c = host->i_sb->s_fs_info; 302 struct qstr nm = { .name = name, .len = strlen(name) }; 303 struct ubifs_dent_node *xent; 304 union ubifs_key key; 305 int err, type; 306 307 dbg_gen("xattr '%s', host ino %lu ('%.*s'), size %zd", name, 308 host->i_ino, dentry->d_name.len, dentry->d_name.name, size); 309 ubifs_assert(mutex_is_locked(&host->i_mutex)); 310 311 if (size > UBIFS_MAX_INO_DATA) 312 return -ERANGE; 313 314 type = check_namespace(&nm); 315 if (type < 0) 316 return type; 317 318 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 319 if (!xent) 320 return -ENOMEM; 321 322 /* 323 * The extended attribute entries are stored in LNC, so multiple 324 * look-ups do not involve reading the flash. 325 */ 326 xent_key_init(c, &key, host->i_ino, &nm); 327 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 328 if (err) { 329 if (err != -ENOENT) 330 goto out_free; 331 332 if (flags & XATTR_REPLACE) 333 /* We are asked not to create the xattr */ 334 err = -ENODATA; 335 else 336 err = create_xattr(c, host, &nm, value, size); 337 goto out_free; 338 } 339 340 if (flags & XATTR_CREATE) { 341 /* We are asked not to replace the xattr */ 342 err = -EEXIST; 343 goto out_free; 344 } 345 346 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 347 if (IS_ERR(inode)) { 348 err = PTR_ERR(inode); 349 goto out_free; 350 } 351 352 err = change_xattr(c, host, inode, value, size); 353 iput(inode); 354 355 out_free: 356 kfree(xent); 357 return err; 358 } 359 360 ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, 361 size_t size) 362 { 363 struct inode *inode, *host = dentry->d_inode; 364 struct ubifs_info *c = host->i_sb->s_fs_info; 365 struct qstr nm = { .name = name, .len = strlen(name) }; 366 struct ubifs_inode *ui; 367 struct ubifs_dent_node *xent; 368 union ubifs_key key; 369 int err; 370 371 dbg_gen("xattr '%s', ino %lu ('%.*s'), buf size %zd", name, 372 host->i_ino, dentry->d_name.len, dentry->d_name.name, size); 373 374 err = check_namespace(&nm); 375 if (err < 0) 376 return err; 377 378 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 379 if (!xent) 380 return -ENOMEM; 381 382 xent_key_init(c, &key, host->i_ino, &nm); 383 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 384 if (err) { 385 if (err == -ENOENT) 386 err = -ENODATA; 387 goto out_unlock; 388 } 389 390 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 391 if (IS_ERR(inode)) { 392 err = PTR_ERR(inode); 393 goto out_unlock; 394 } 395 396 ui = ubifs_inode(inode); 397 ubifs_assert(inode->i_size == ui->data_len); 398 ubifs_assert(ubifs_inode(host)->xattr_size > ui->data_len); 399 400 if (buf) { 401 /* If @buf is %NULL we are supposed to return the length */ 402 if (ui->data_len > size) { 403 dbg_err("buffer size %zd, xattr len %d", 404 size, ui->data_len); 405 err = -ERANGE; 406 goto out_iput; 407 } 408 409 memcpy(buf, ui->data, ui->data_len); 410 } 411 err = ui->data_len; 412 413 out_iput: 414 iput(inode); 415 out_unlock: 416 kfree(xent); 417 return err; 418 } 419 420 ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size) 421 { 422 union ubifs_key key; 423 struct inode *host = dentry->d_inode; 424 struct ubifs_info *c = host->i_sb->s_fs_info; 425 struct ubifs_inode *host_ui = ubifs_inode(host); 426 struct ubifs_dent_node *xent, *pxent = NULL; 427 int err, len, written = 0; 428 struct qstr nm = { .name = NULL }; 429 430 dbg_gen("ino %lu ('%.*s'), buffer size %zd", host->i_ino, 431 dentry->d_name.len, dentry->d_name.name, size); 432 433 len = host_ui->xattr_names + host_ui->xattr_cnt; 434 if (!buffer) 435 /* 436 * We should return the minimum buffer size which will fit a 437 * null-terminated list of all the extended attribute names. 438 */ 439 return len; 440 441 if (len > size) 442 return -ERANGE; 443 444 lowest_xent_key(c, &key, host->i_ino); 445 while (1) { 446 int type; 447 448 xent = ubifs_tnc_next_ent(c, &key, &nm); 449 if (IS_ERR(xent)) { 450 err = PTR_ERR(xent); 451 break; 452 } 453 454 nm.name = xent->name; 455 nm.len = le16_to_cpu(xent->nlen); 456 457 type = check_namespace(&nm); 458 if (unlikely(type < 0)) { 459 err = type; 460 break; 461 } 462 463 /* Show trusted namespace only for "power" users */ 464 if (type != TRUSTED_XATTR || capable(CAP_SYS_ADMIN)) { 465 memcpy(buffer + written, nm.name, nm.len + 1); 466 written += nm.len + 1; 467 } 468 469 kfree(pxent); 470 pxent = xent; 471 key_read(c, &xent->key, &key); 472 } 473 474 kfree(pxent); 475 if (err != -ENOENT) { 476 ubifs_err("cannot find next direntry, error %d", err); 477 return err; 478 } 479 480 ubifs_assert(written <= size); 481 return written; 482 } 483 484 static int remove_xattr(struct ubifs_info *c, struct inode *host, 485 struct inode *inode, const struct qstr *nm) 486 { 487 int err; 488 struct ubifs_inode *host_ui = ubifs_inode(host); 489 struct ubifs_inode *ui = ubifs_inode(inode); 490 struct ubifs_budget_req req = { .dirtied_ino = 2, .mod_dent = 1, 491 .dirtied_ino_d = ALIGN(host_ui->data_len, 8) }; 492 493 ubifs_assert(ui->data_len == inode->i_size); 494 495 err = ubifs_budget_space(c, &req); 496 if (err) 497 return err; 498 499 mutex_lock(&host_ui->ui_mutex); 500 host->i_ctime = ubifs_current_time(host); 501 host_ui->xattr_cnt -= 1; 502 host_ui->xattr_size -= CALC_DENT_SIZE(nm->len); 503 host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len); 504 host_ui->xattr_names -= nm->len; 505 506 err = ubifs_jnl_delete_xattr(c, host, inode, nm); 507 if (err) 508 goto out_cancel; 509 mutex_unlock(&host_ui->ui_mutex); 510 511 ubifs_release_budget(c, &req); 512 return 0; 513 514 out_cancel: 515 host_ui->xattr_cnt += 1; 516 host_ui->xattr_size += CALC_DENT_SIZE(nm->len); 517 host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); 518 mutex_unlock(&host_ui->ui_mutex); 519 ubifs_release_budget(c, &req); 520 make_bad_inode(inode); 521 return err; 522 } 523 524 int ubifs_removexattr(struct dentry *dentry, const char *name) 525 { 526 struct inode *inode, *host = dentry->d_inode; 527 struct ubifs_info *c = host->i_sb->s_fs_info; 528 struct qstr nm = { .name = name, .len = strlen(name) }; 529 struct ubifs_dent_node *xent; 530 union ubifs_key key; 531 int err; 532 533 dbg_gen("xattr '%s', ino %lu ('%.*s')", name, 534 host->i_ino, dentry->d_name.len, dentry->d_name.name); 535 ubifs_assert(mutex_is_locked(&host->i_mutex)); 536 537 err = check_namespace(&nm); 538 if (err < 0) 539 return err; 540 541 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 542 if (!xent) 543 return -ENOMEM; 544 545 xent_key_init(c, &key, host->i_ino, &nm); 546 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 547 if (err) { 548 if (err == -ENOENT) 549 err = -ENODATA; 550 goto out_free; 551 } 552 553 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 554 if (IS_ERR(inode)) { 555 err = PTR_ERR(inode); 556 goto out_free; 557 } 558 559 ubifs_assert(inode->i_nlink == 1); 560 inode->i_nlink = 0; 561 err = remove_xattr(c, host, inode, &nm); 562 if (err) 563 inode->i_nlink = 1; 564 565 /* If @i_nlink is 0, 'iput()' will delete the inode */ 566 iput(inode); 567 568 out_free: 569 kfree(xent); 570 return err; 571 } 572