2 * This file is part of UBIFS.
4 * Copyright (C) 2006-2008 Nokia Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published by
8 * the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 * Authors: Artem Bityutskiy (Битюцкий Артём)
24 * This file implements UBIFS extended attributes support.
26 * Extended attributes are implemented as regular inodes with attached data,
27 * which limits extended attribute size to UBIFS block size (4KiB). Names of
28 * extended attributes are described by extended attribute entries (xentries),
29 * which are almost identical to directory entries, but have different key type.
31 * In other words, the situation with extended attributes is very similar to
32 * directories. Indeed, any inode (but of course not xattr inodes) may have a
33 * number of associated xentries, just like directory inodes have associated
34 * directory entries. Extended attribute entries store the name of the extended
35 * attribute, the host inode number, and the extended attribute inode number.
36 * Similarly, direntries store the name, the parent and the target inode
37 * numbers. Thus, most of the common UBIFS mechanisms may be re-used for
38 * extended attributes.
40 * The number of extended attributes is not limited, but there is Linux
41 * limitation on the maximum possible size of the list of all extended
42 * attributes associated with an inode (%XATTR_LIST_MAX), so UBIFS makes sure
43 * the sum of all extended attribute names of the inode does not exceed that
46 * Extended attributes are synchronous, which means they are written to the
47 * flash media synchronously and there is no write-back for extended attribute
48 * inodes. The extended attribute values are not stored in compressed form on
51 * Since extended attributes are represented by regular inodes, they are cached
52 * in the VFS inode cache. The xentries are cached in the LNC cache (see
55 * ACL support is not implemented.
60 #include <linux/slab.h>
61 #include <linux/xattr.h>
64 * Limit the number of extended attributes per inode so that the total size
65 * (@xattr_size) is guaranteeded to fit in an 'unsigned int'.
67 #define MAX_XATTRS_PER_INODE 65535
70 * Extended attribute type constants.
72 * USER_XATTR: user extended attribute ("user.*")
73 * TRUSTED_XATTR: trusted extended attribute ("trusted.*)
74 * SECURITY_XATTR: security extended attribute ("security.*")
82 static const struct inode_operations empty_iops
;
83 static const struct file_operations empty_fops
;
86 * create_xattr - create an extended attribute.
87 * @c: UBIFS file-system description object
89 * @nm: extended attribute name
90 * @value: extended attribute value
91 * @size: size of extended attribute value
93 * This is a helper function which creates an extended attribute of name @nm
94 * and value @value for inode @host. The host inode is also updated on flash
95 * because the ctime and extended attribute accounting data changes. This
96 * function returns zero in case of success and a negative error code in case
99 static int create_xattr(struct ubifs_info
*c
, struct inode
*host
,
100 const struct fscrypt_name
*nm
, const void *value
, int size
)
104 struct ubifs_inode
*ui
, *host_ui
= ubifs_inode(host
);
105 struct ubifs_budget_req req
= { .new_ino
= 1, .new_dent
= 1,
106 .new_ino_d
= ALIGN(size
, 8), .dirtied_ino
= 1,
107 .dirtied_ino_d
= ALIGN(host_ui
->data_len
, 8) };
109 if (host_ui
->xattr_cnt
>= MAX_XATTRS_PER_INODE
) {
110 ubifs_err(c
, "inode %lu already has too many xattrs (%d), cannot create more",
111 host
->i_ino
, host_ui
->xattr_cnt
);
115 * Linux limits the maximum size of the extended attribute names list
116 * to %XATTR_LIST_MAX. This means we should not allow creating more
117 * extended attributes if the name list becomes larger. This limitation
118 * is artificial for UBIFS, though.
120 names_len
= host_ui
->xattr_names
+ host_ui
->xattr_cnt
+ fname_len(nm
) + 1;
121 if (names_len
> XATTR_LIST_MAX
) {
122 ubifs_err(c
, "cannot add one more xattr name to inode %lu, total names length would become %d, max. is %d",
123 host
->i_ino
, names_len
, XATTR_LIST_MAX
);
127 err
= ubifs_budget_space(c
, &req
);
131 inode
= ubifs_new_inode(c
, host
, S_IFREG
| S_IRWXUGO
);
133 err
= PTR_ERR(inode
);
137 /* Re-define all operations to be "nothing" */
138 inode
->i_mapping
->a_ops
= &empty_aops
;
139 inode
->i_op
= &empty_iops
;
140 inode
->i_fop
= &empty_fops
;
142 inode
->i_flags
|= S_SYNC
| S_NOATIME
| S_NOCMTIME
;
143 ui
= ubifs_inode(inode
);
145 ui
->flags
|= UBIFS_XATTR_FL
;
146 ui
->data
= kmemdup(value
, size
, GFP_NOFS
);
151 inode
->i_size
= ui
->ui_size
= size
;
154 mutex_lock(&host_ui
->ui_mutex
);
155 host
->i_ctime
= current_time(host
);
156 host_ui
->xattr_cnt
+= 1;
157 host_ui
->xattr_size
+= CALC_DENT_SIZE(fname_len(nm
));
158 host_ui
->xattr_size
+= CALC_XATTR_BYTES(size
);
159 host_ui
->xattr_names
+= fname_len(nm
);
162 * We handle UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT here because we
163 * have to set the UBIFS_CRYPT_FL flag on the host inode.
164 * To avoid multiple updates of the same inode in the same operation,
167 if (strcmp(fname_name(nm
), UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT
) == 0)
168 host_ui
->flags
|= UBIFS_CRYPT_FL
;
170 err
= ubifs_jnl_update(c
, host
, nm
, inode
, 0, 1);
173 ubifs_set_inode_flags(host
);
174 mutex_unlock(&host_ui
->ui_mutex
);
176 ubifs_release_budget(c
, &req
);
177 insert_inode_hash(inode
);
182 host_ui
->xattr_cnt
-= 1;
183 host_ui
->xattr_size
-= CALC_DENT_SIZE(fname_len(nm
));
184 host_ui
->xattr_size
-= CALC_XATTR_BYTES(size
);
185 host_ui
->xattr_names
-= fname_len(nm
);
186 host_ui
->flags
&= ~UBIFS_CRYPT_FL
;
187 mutex_unlock(&host_ui
->ui_mutex
);
189 make_bad_inode(inode
);
192 ubifs_release_budget(c
, &req
);
197 * change_xattr - change an extended attribute.
198 * @c: UBIFS file-system description object
200 * @inode: extended attribute inode
201 * @value: extended attribute value
202 * @size: size of extended attribute value
204 * This helper function changes the value of extended attribute @inode with new
205 * data from @value. Returns zero in case of success and a negative error code
206 * in case of failure.
208 static int change_xattr(struct ubifs_info
*c
, struct inode
*host
,
209 struct inode
*inode
, const void *value
, int size
)
212 struct ubifs_inode
*host_ui
= ubifs_inode(host
);
213 struct ubifs_inode
*ui
= ubifs_inode(inode
);
216 struct ubifs_budget_req req
= { .dirtied_ino
= 2,
217 .dirtied_ino_d
= ALIGN(size
, 8) + ALIGN(host_ui
->data_len
, 8) };
219 ubifs_assert(ui
->data_len
== inode
->i_size
);
220 err
= ubifs_budget_space(c
, &req
);
224 buf
= kmemdup(value
, size
, GFP_NOFS
);
229 mutex_lock(&ui
->ui_mutex
);
232 inode
->i_size
= ui
->ui_size
= size
;
233 old_size
= ui
->data_len
;
235 mutex_unlock(&ui
->ui_mutex
);
237 mutex_lock(&host_ui
->ui_mutex
);
238 host
->i_ctime
= current_time(host
);
239 host_ui
->xattr_size
-= CALC_XATTR_BYTES(old_size
);
240 host_ui
->xattr_size
+= CALC_XATTR_BYTES(size
);
243 * It is important to write the host inode after the xattr inode
244 * because if the host inode gets synchronized (via 'fsync()'), then
245 * the extended attribute inode gets synchronized, because it goes
246 * before the host inode in the write-buffer.
248 err
= ubifs_jnl_change_xattr(c
, inode
, host
);
251 mutex_unlock(&host_ui
->ui_mutex
);
253 ubifs_release_budget(c
, &req
);
257 host_ui
->xattr_size
-= CALC_XATTR_BYTES(size
);
258 host_ui
->xattr_size
+= CALC_XATTR_BYTES(old_size
);
259 mutex_unlock(&host_ui
->ui_mutex
);
260 make_bad_inode(inode
);
262 ubifs_release_budget(c
, &req
);
266 static struct inode
*iget_xattr(struct ubifs_info
*c
, ino_t inum
)
270 inode
= ubifs_iget(c
->vfs_sb
, inum
);
272 ubifs_err(c
, "dead extended attribute entry, error %d",
273 (int)PTR_ERR(inode
));
276 if (ubifs_inode(inode
)->xattr
)
278 ubifs_err(c
, "corrupt extended attribute entry");
280 return ERR_PTR(-EINVAL
);
283 int ubifs_xattr_set(struct inode
*host
, const char *name
, const void *value
,
284 size_t size
, int flags
, bool check_lock
)
287 struct ubifs_info
*c
= host
->i_sb
->s_fs_info
;
288 struct fscrypt_name nm
= { .disk_name
= FSTR_INIT((char *)name
, strlen(name
))};
289 struct ubifs_dent_node
*xent
;
294 ubifs_assert(inode_is_locked(host
));
296 if (size
> UBIFS_MAX_INO_DATA
)
299 if (fname_len(&nm
) > UBIFS_MAX_NLEN
)
300 return -ENAMETOOLONG
;
302 xent
= kmalloc(UBIFS_MAX_XENT_NODE_SZ
, GFP_NOFS
);
307 * The extended attribute entries are stored in LNC, so multiple
308 * look-ups do not involve reading the flash.
310 xent_key_init(c
, &key
, host
->i_ino
, &nm
);
311 err
= ubifs_tnc_lookup_nm(c
, &key
, xent
, &nm
);
316 if (flags
& XATTR_REPLACE
)
317 /* We are asked not to create the xattr */
320 err
= create_xattr(c
, host
, &nm
, value
, size
);
324 if (flags
& XATTR_CREATE
) {
325 /* We are asked not to replace the xattr */
330 inode
= iget_xattr(c
, le64_to_cpu(xent
->inum
));
332 err
= PTR_ERR(inode
);
336 err
= change_xattr(c
, host
, inode
, value
, size
);
344 ssize_t
ubifs_xattr_get(struct inode
*host
, const char *name
, void *buf
,
348 struct ubifs_info
*c
= host
->i_sb
->s_fs_info
;
349 struct fscrypt_name nm
= { .disk_name
= FSTR_INIT((char *)name
, strlen(name
))};
350 struct ubifs_inode
*ui
;
351 struct ubifs_dent_node
*xent
;
355 if (fname_len(&nm
) > UBIFS_MAX_NLEN
)
356 return -ENAMETOOLONG
;
358 xent
= kmalloc(UBIFS_MAX_XENT_NODE_SZ
, GFP_NOFS
);
362 xent_key_init(c
, &key
, host
->i_ino
, &nm
);
363 err
= ubifs_tnc_lookup_nm(c
, &key
, xent
, &nm
);
370 inode
= iget_xattr(c
, le64_to_cpu(xent
->inum
));
372 err
= PTR_ERR(inode
);
376 ui
= ubifs_inode(inode
);
377 ubifs_assert(inode
->i_size
== ui
->data_len
);
378 ubifs_assert(ubifs_inode(host
)->xattr_size
> ui
->data_len
);
380 mutex_lock(&ui
->ui_mutex
);
382 /* If @buf is %NULL we are supposed to return the length */
383 if (ui
->data_len
> size
) {
388 memcpy(buf
, ui
->data
, ui
->data_len
);
393 mutex_unlock(&ui
->ui_mutex
);
400 static bool xattr_visible(const char *name
)
402 /* File encryption related xattrs are for internal use only */
403 if (strcmp(name
, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT
) == 0)
406 /* Show trusted namespace only for "power" users */
407 if (strncmp(name
, XATTR_TRUSTED_PREFIX
,
408 XATTR_TRUSTED_PREFIX_LEN
) == 0 && !capable(CAP_SYS_ADMIN
))
414 ssize_t
ubifs_listxattr(struct dentry
*dentry
, char *buffer
, size_t size
)
417 struct inode
*host
= d_inode(dentry
);
418 struct ubifs_info
*c
= host
->i_sb
->s_fs_info
;
419 struct ubifs_inode
*host_ui
= ubifs_inode(host
);
420 struct ubifs_dent_node
*xent
, *pxent
= NULL
;
421 int err
, len
, written
= 0;
422 struct fscrypt_name nm
= {0};
424 dbg_gen("ino %lu ('%pd'), buffer size %zd", host
->i_ino
,
427 len
= host_ui
->xattr_names
+ host_ui
->xattr_cnt
;
430 * We should return the minimum buffer size which will fit a
431 * null-terminated list of all the extended attribute names.
438 lowest_xent_key(c
, &key
, host
->i_ino
);
440 xent
= ubifs_tnc_next_ent(c
, &key
, &nm
);
446 fname_name(&nm
) = xent
->name
;
447 fname_len(&nm
) = le16_to_cpu(xent
->nlen
);
449 if (xattr_visible(xent
->name
)) {
450 memcpy(buffer
+ written
, fname_name(&nm
), fname_len(&nm
) + 1);
451 written
+= fname_len(&nm
) + 1;
456 key_read(c
, &xent
->key
, &key
);
460 if (err
!= -ENOENT
) {
461 ubifs_err(c
, "cannot find next direntry, error %d", err
);
465 ubifs_assert(written
<= size
);
469 static int remove_xattr(struct ubifs_info
*c
, struct inode
*host
,
470 struct inode
*inode
, const struct fscrypt_name
*nm
)
473 struct ubifs_inode
*host_ui
= ubifs_inode(host
);
474 struct ubifs_inode
*ui
= ubifs_inode(inode
);
475 struct ubifs_budget_req req
= { .dirtied_ino
= 2, .mod_dent
= 1,
476 .dirtied_ino_d
= ALIGN(host_ui
->data_len
, 8) };
478 ubifs_assert(ui
->data_len
== inode
->i_size
);
480 err
= ubifs_budget_space(c
, &req
);
484 mutex_lock(&host_ui
->ui_mutex
);
485 host
->i_ctime
= current_time(host
);
486 host_ui
->xattr_cnt
-= 1;
487 host_ui
->xattr_size
-= CALC_DENT_SIZE(fname_len(nm
));
488 host_ui
->xattr_size
-= CALC_XATTR_BYTES(ui
->data_len
);
489 host_ui
->xattr_names
-= fname_len(nm
);
491 err
= ubifs_jnl_delete_xattr(c
, host
, inode
, nm
);
494 mutex_unlock(&host_ui
->ui_mutex
);
496 ubifs_release_budget(c
, &req
);
500 host_ui
->xattr_cnt
+= 1;
501 host_ui
->xattr_size
+= CALC_DENT_SIZE(fname_len(nm
));
502 host_ui
->xattr_size
+= CALC_XATTR_BYTES(ui
->data_len
);
503 host_ui
->xattr_names
+= fname_len(nm
);
504 mutex_unlock(&host_ui
->ui_mutex
);
505 ubifs_release_budget(c
, &req
);
506 make_bad_inode(inode
);
511 * ubifs_evict_xattr_inode - Evict an xattr inode.
512 * @c: UBIFS file-system description object
513 * @xattr_inum: xattr inode number
515 * When an inode that hosts xattrs is being removed we have to make sure
516 * that cached inodes of the xattrs also get removed from the inode cache
517 * otherwise we'd waste memory. This function looks up an inode from the
518 * inode cache and clears the link counter such that iput() will evict
521 void ubifs_evict_xattr_inode(struct ubifs_info
*c
, ino_t xattr_inum
)
525 inode
= ilookup(c
->vfs_sb
, xattr_inum
);
532 static int ubifs_xattr_remove(struct inode
*host
, const char *name
)
535 struct ubifs_info
*c
= host
->i_sb
->s_fs_info
;
536 struct fscrypt_name nm
= { .disk_name
= FSTR_INIT((char *)name
, strlen(name
))};
537 struct ubifs_dent_node
*xent
;
541 ubifs_assert(inode_is_locked(host
));
543 if (fname_len(&nm
) > UBIFS_MAX_NLEN
)
544 return -ENAMETOOLONG
;
546 xent
= kmalloc(UBIFS_MAX_XENT_NODE_SZ
, GFP_NOFS
);
550 xent_key_init(c
, &key
, host
->i_ino
, &nm
);
551 err
= ubifs_tnc_lookup_nm(c
, &key
, xent
, &nm
);
558 inode
= iget_xattr(c
, le64_to_cpu(xent
->inum
));
560 err
= PTR_ERR(inode
);
564 ubifs_assert(inode
->i_nlink
== 1);
566 err
= remove_xattr(c
, host
, inode
, &nm
);
570 /* If @i_nlink is 0, 'iput()' will delete the inode */
578 #ifdef CONFIG_UBIFS_FS_SECURITY
579 static int init_xattrs(struct inode
*inode
, const struct xattr
*xattr_array
,
582 const struct xattr
*xattr
;
586 for (xattr
= xattr_array
; xattr
->name
!= NULL
; xattr
++) {
587 name
= kmalloc(XATTR_SECURITY_PREFIX_LEN
+
588 strlen(xattr
->name
) + 1, GFP_NOFS
);
593 strcpy(name
, XATTR_SECURITY_PREFIX
);
594 strcpy(name
+ XATTR_SECURITY_PREFIX_LEN
, xattr
->name
);
596 * creating a new inode without holding the inode rwsem,
597 * no need to check whether inode is locked.
599 err
= ubifs_xattr_set(inode
, name
, xattr
->value
,
600 xattr
->value_len
, 0, false);
609 int ubifs_init_security(struct inode
*dentry
, struct inode
*inode
,
610 const struct qstr
*qstr
)
614 err
= security_inode_init_security(inode
, dentry
, qstr
,
617 struct ubifs_info
*c
= dentry
->i_sb
->s_fs_info
;
618 ubifs_err(c
, "cannot initialize security for inode %lu, error %d",
625 static int xattr_get(const struct xattr_handler
*handler
,
626 struct dentry
*dentry
, struct inode
*inode
,
627 const char *name
, void *buffer
, size_t size
)
629 dbg_gen("xattr '%s', ino %lu ('%pd'), buf size %zd", name
,
630 inode
->i_ino
, dentry
, size
);
632 name
= xattr_full_name(handler
, name
);
633 return ubifs_xattr_get(inode
, name
, buffer
, size
);
636 static int xattr_set(const struct xattr_handler
*handler
,
637 struct dentry
*dentry
, struct inode
*inode
,
638 const char *name
, const void *value
,
639 size_t size
, int flags
)
641 dbg_gen("xattr '%s', host ino %lu ('%pd'), size %zd",
642 name
, inode
->i_ino
, dentry
, size
);
644 name
= xattr_full_name(handler
, name
);
647 return ubifs_xattr_set(inode
, name
, value
, size
, flags
, true);
649 return ubifs_xattr_remove(inode
, name
);
652 static const struct xattr_handler ubifs_user_xattr_handler
= {
653 .prefix
= XATTR_USER_PREFIX
,
658 static const struct xattr_handler ubifs_trusted_xattr_handler
= {
659 .prefix
= XATTR_TRUSTED_PREFIX
,
664 #ifdef CONFIG_UBIFS_FS_SECURITY
665 static const struct xattr_handler ubifs_security_xattr_handler
= {
666 .prefix
= XATTR_SECURITY_PREFIX
,
672 const struct xattr_handler
*ubifs_xattr_handlers
[] = {
673 &ubifs_user_xattr_handler
,
674 &ubifs_trusted_xattr_handler
,
675 #ifdef CONFIG_UBIFS_FS_SECURITY
676 &ubifs_security_xattr_handler
,