[v4,14/30] internal: add may_write_xattr()

Message ID	20220929153041.500115-15-brauner@kernel.org (mailing list archive)
State	Handled Elsewhere
Delegated to:	Paul Moore
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: Christian Brauner <brauner@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Christian Brauner <brauner@kernel.org>, Seth Forshee <sforshee@kernel.org>, Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>, linux-security-module@vger.kernel.org Subject: [PATCH v4 14/30] internal: add may_write_xattr() Date: Thu, 29 Sep 2022 17:30:24 +0200 Message-Id: <20220929153041.500115-15-brauner@kernel.org> In-Reply-To: <20220929153041.500115-1-brauner@kernel.org> References: <20220929153041.500115-1-brauner@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	acl: add vfs posix acl api \| expand [v4,00/30] acl: add vfs posix acl api [v4,01/30] orangefs: rework posix acl handling when creating new filesystem objects [v4,02/30] fs: pass dentry to set acl method [v4,03/30] fs: rename current get acl method [v4,04/30] fs: add new get acl method [v4,05/30] cifs: implement get acl method [v4,06/30] cifs: implement set acl method [v4,07/30] 9p: implement get acl method [v4,08/30] 9p: implement set acl method [v4,09/30] security: add get, remove and set acl hook [v4,10/30] selinux: implement get, set and remove acl hook [v4,11/30] smack: implement get, set and remove acl hook [v4,12/30] integrity: implement get and set acl hook [v4,13/30] evm: add post set acl hook [v4,14/30] internal: add may_write_xattr() [v4,15/30] acl: add vfs_set_acl() [v4,16/30] acl: add vfs_get_acl() [v4,17/30] acl: add vfs_remove_acl() [v4,18/30] ksmbd: use vfs_remove_acl() [v4,19/30] ecryptfs: implement get acl method [v4,20/30] ecryptfs: implement set acl method [v4,21/30] ovl: implement get acl method [v4,22/30] ovl: implement set acl method [v4,23/30] ovl: use posix acl api [v4,24/30] xattr: use posix acl api [v4,25/30] evm: remove evm_xattr_acl_change() [v4,26/30] ecryptfs: use stub posix acl handlers [v4,27/30] ovl: use stub posix acl handlers [v4,28/30] cifs: use stub posix acl handlers [v4,29/30] 9p: use stub posix acl handlers [v4,30/30] acl: remove a slew of now unused helpers

Message ID

20220929153041.500115-15-brauner@kernel.org (mailing list archive)

State

Handled Elsewhere

Delegated to:

Paul Moore

Headers

From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Christian Brauner <brauner@kernel.org>,
        Seth Forshee <sforshee@kernel.org>,
        Christoph Hellwig <hch@lst.de>,
        Al Viro <viro@zeniv.linux.org.uk>,
        linux-security-module@vger.kernel.org
Subject: [PATCH v4 14/30] internal: add may_write_xattr()
Date: Thu, 29 Sep 2022 17:30:24 +0200
Message-Id: <20220929153041.500115-15-brauner@kernel.org>
In-Reply-To: <20220929153041.500115-1-brauner@kernel.org>
References: <20220929153041.500115-1-brauner@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

acl: add vfs posix acl api | expand

Commit Message

Christian Brauner Sept. 29, 2022, 3:30 p.m. UTC

Split out the generic checks whether an inode allows writing xattrs. Since
security.* and system.* xattrs don't have any restrictions and we're going
to split out posix acls into a dedicated api we will use this helper to
check whether we can write posix acls.

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
---

Notes:
    /* v2 */
    patch not present
    
    /* v3 */
    patch not present
    
    /* v4 */
    Christoph Hellwig <hch@lst.de>:
    - Split out checks whether an inode can have xattrs written to into a helper.

 fs/internal.h |  1 +
 fs/xattr.c    | 40 +++++++++++++++++++++++++++-------------
 2 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/fs/internal.h b/fs/internal.h
index 87e96b9024ce..a95b1500ed65 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -221,3 +221,4 @@  ssize_t do_getxattr(struct user_namespace *mnt_userns,
 int setxattr_copy(const char __user *name, struct xattr_ctx *ctx);
 int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
 		struct xattr_ctx *ctx);
+int may_write_xattr(struct user_namespace *mnt_userns, struct inode *inode);
diff --git a/fs/xattr.c b/fs/xattr.c
index 61107b6bbed2..57148c207545 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -80,6 +80,28 @@  xattr_resolve_name(struct inode *inode, const char **name)
 	return ERR_PTR(-EOPNOTSUPP);
 }
 
+/**
+ * may_write_xattr - check whether inode allows writing xattr
+ * @mnt_userns:	User namespace of the mount the inode was found from
+ * @inode: the inode on which to set an xattr
+ *
+ * Check whether the inode allows writing xattrs. Specifically, we can never
+ * set or remove an extended attribute on a read-only filesystem  or on an
+ * immutable / append-only inode.
+ *
+ * We also need to ensure that the inode has a mapping in the mount to
+ * not risk writing back invalid i_{g,u}id values.
+ *
+ * Return: On success zero is returned. On error a negative errno is returned.
+ */
+int may_write_xattr(struct user_namespace *mnt_userns, struct inode *inode)
+{
+	if (IS_IMMUTABLE(inode) || IS_APPEND(inode) ||
+	    HAS_UNMAPPED_ID(mnt_userns, inode))
+		return -EPERM;
+	return 0;
+}
+
 /*
  * Check permissions for extended attribute access.  This is a bit complicated
  * because different namespaces have very different rules.
@@ -88,20 +110,12 @@  static int
 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
 		 const char *name, int mask)
 {
-	/*
-	 * We can never set or remove an extended attribute on a read-only
-	 * filesystem  or on an immutable / append-only inode.
-	 */
 	if (mask & MAY_WRITE) {
-		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
-			return -EPERM;
-		/*
-		 * Updating an xattr will likely cause i_uid and i_gid
-		 * to be writen back improperly if their true value is
-		 * unknown to the vfs.
-		 */
-		if (HAS_UNMAPPED_ID(mnt_userns, inode))
-			return -EPERM;
+		int ret;
+
+		ret = may_write_xattr(mnt_userns, inode);
+		if (ret)
+			return ret;
 	}
 
 	/*

[v4,14/30] internal: add may_write_xattr()

Commit Message

Patch