averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-06-21 15:43:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d44ade05aa21468bd30652bc4492891b854a400a
linux-stable-mirror/include/linux/xattr.h
T
Daniel Borkmann 9722955b54 bpf: Add simple xattr support to bpffs 
Add support for extended attributes on bpffs inodes so that user space
and BPF LSM programs can attach metadata, for example, a content hash
or a security label - to a pinned object or directory. BPF LSM or user
space tooling can then uniformly look at this (e.g. security.bpf.*) in
similar way to other fs'es. The store is in-memory and non-persistent:
it lives only for the lifetime of the mount, like everything else in
bpffs. The modelling is similar to tmpfs.

bpffs serves the trusted.* and security.* namespaces; user.* is left
unsupported. As bpffs is FS_USERNS_MOUNT, security.* is reachable by
the unprivileged mounter in a user namespace, and thus we are using
the simple_xattr_set_limited infra there (trusted.* needs global
CAP_SYS_ADMIN).

bpf_fill_super() is open-coded instead of using simple_fill_super(),
because the root inode must now be allocated through bpf_fs_alloc_inode()
i.e. carry the bpf_fs_inode wrapper and come from the right cache -
which requires s_op (and s_xattr) to be installed before the first
inode is created. While at it, also harden s_iflags with SB_I_NOEXEC
and SB_I_NODEV.

bpf_fs_listxattr() is only reachable through the filesystem via
i_op->listxattr, so the BPF token inode is left untouched. Name-based
fsetxattr()/fgetxattr() on a token fd still work since the get/set
handlers are installed at the superblock.

For security.* namespace, we use simple_xattr_set_limited() but
there was no simple_xattr_add_limited() API yet which was needed
in bpf_fs_initxattrs() to avoid underflows in the accounting. The
symlink target is freed in bpf_free_inode() rather than in
bpf_destroy_inode() so that it is released only after an RCU grace
period, as an RCU path walk following the symlink may still
dereference inode->i_link in security_inode_follow_link(). Lastly,
the bpf_symlink() allocated the symlink target is switched to
GFP_KERNEL_ACCOUNT, so the string is charged to the caller's memcg.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://patch.msgid.link/20260602074012.416289-1-daniel@iogearbox.net
Cc: Christian Brauner <brauner@kernel.org>
Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
2026-06-06 15:22:44 +02:00

173 lines
5.8 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0 */
/*
File: linux/xattr.h
Extended attributes handling.
Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
Copyright (c) 2001-2002 Silicon Graphics, Inc. All Rights Reserved.
Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
*/
#ifndef _LINUX_XATTR_H
#define _LINUX_XATTR_H
#include <linux/slab.h>
#include <linux/types.h>
#include <linux/spinlock.h>
#include <linux/mm.h>
#include <linux/rhashtable-types.h>
#include <linux/user_namespace.h>
#include <uapi/linux/xattr.h>
/* List of all open_how "versions". */
#define XATTR_ARGS_SIZE_VER0 16 /* sizeof first published struct */
#define XATTR_ARGS_SIZE_LATEST XATTR_ARGS_SIZE_VER0
struct inode;
struct dentry;
static inline bool is_posix_acl_xattr(const char *name)
{
return (strcmp(name, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
(strcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0);
}
/*
* struct xattr_handler: When @name is set, match attributes with exactly that
* name. When @prefix is set instead, match attributes with that prefix and
* with a non-empty suffix.
*/
struct xattr_handler {
const char *name;
const char *prefix;
int flags; /* fs private flags */
bool (*list)(struct dentry *dentry);
int (*get)(const struct xattr_handler *, struct dentry *dentry,
struct inode *inode, const char *name, void *buffer,
size_t size);
int (*set)(const struct xattr_handler *,
struct mnt_idmap *idmap, struct dentry *dentry,
struct inode *inode, const char *name, const void *buffer,
size_t size, int flags);
};
/**
* xattr_handler_can_list - check whether xattr can be listed
* @handler: handler for this type of xattr
* @dentry: dentry whose inode xattr to list
*
* Determine whether the xattr associated with @dentry can be listed given
* @handler.
*
* Return: true if xattr can be listed, false if not.
*/
static inline bool xattr_handler_can_list(const struct xattr_handler *handler,
struct dentry *dentry)
{
return handler && (!handler->list || handler->list(dentry));
}
const char *xattr_full_name(const struct xattr_handler *, const char *);
struct xattr {
const char *name;
void *value;
size_t value_len;
};
ssize_t __vfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t);
ssize_t vfs_getxattr(struct mnt_idmap *, struct dentry *, const char *,
void *, size_t);
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
int __vfs_setxattr(struct mnt_idmap *, struct dentry *, struct inode *,
const char *, const void *, size_t, int);
int __vfs_setxattr_noperm(struct mnt_idmap *, struct dentry *,
const char *, const void *, size_t, int);
int __vfs_setxattr_locked(struct mnt_idmap *, struct dentry *,
const char *, const void *, size_t, int,
struct delegated_inode *);
int vfs_setxattr(struct mnt_idmap *, struct dentry *, const char *,
const void *, size_t, int);
int __vfs_removexattr(struct mnt_idmap *, struct dentry *, const char *);
int __vfs_removexattr_locked(struct mnt_idmap *, struct dentry *,
const char *, struct delegated_inode *);
int vfs_removexattr(struct mnt_idmap *, struct dentry *, const char *);
ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
int vfs_getxattr_alloc(struct mnt_idmap *idmap,
struct dentry *dentry, const char *name,
char **xattr_value, size_t size, gfp_t flags);
int xattr_supports_user_prefix(struct inode *inode);
static inline const char *xattr_prefix(const struct xattr_handler *handler)
{
return handler->prefix ?: handler->name;
}
struct simple_xattr_cache {
struct rhashtable *ht;
};
struct simple_xattr {
struct rhash_head hash_node;
struct list_head *parent;
struct list_head node;
struct rcu_head rcu;
char *name;
size_t size;
char value[] __counted_by(size);
};
#define SIMPLE_XATTR_MAX_NR 128
#define SIMPLE_XATTR_MAX_SIZE (128 << 10)
struct simple_xattr_limits {
atomic_t nr_xattrs; /* current user.* xattr count */
atomic_t xattr_size; /* current total user.* value bytes */
};
static inline void simple_xattr_limits_init(struct simple_xattr_limits *limits)
{
atomic_set(&limits->nr_xattrs, 0);
atomic_set(&limits->xattr_size, 0);
}
void simple_xattrs_free(struct simple_xattr_cache *cache, struct list_head *xattrs,
size_t *freed_space);
size_t simple_xattr_space(const char *name, size_t size);
struct simple_xattr *simple_xattr_alloc(const void *value, size_t size);
void simple_xattr_free(struct simple_xattr *xattr);
void simple_xattr_free_rcu(struct simple_xattr *xattr);
int simple_xattr_get(struct simple_xattr_cache *cache, struct list_head *xattrs,
const char *name, void *buffer, size_t size);
struct simple_xattr *simple_xattr_set(struct simple_xattr_cache *cache,
struct list_head *xattrs,
const char *name, const void *value,
size_t size, int flags);
int simple_xattr_set_limited(struct simple_xattr_cache *cache,
struct list_head *xattrs,
struct simple_xattr_limits *limits,
const char *name, const void *value,
size_t size, int flags);
ssize_t simple_xattr_list(struct inode *inode, struct list_head *xattrs,
char *buffer, size_t size);
int simple_xattr_add(struct simple_xattr_cache *cache, struct list_head *xattrs,
struct simple_xattr *new_xattr);
int simple_xattr_add_limited(struct simple_xattr_cache *cache,
struct list_head *xattrs,
struct simple_xattr_limits *limits,
struct simple_xattr *new_xattr);
int xattr_list_one(char **buffer, ssize_t *remaining_size, const char *name);
void simple_xattr_cache_cleanup(struct simple_xattr_cache *cache);
DEFINE_CLASS(simple_xattr,
struct simple_xattr *,
if (!IS_ERR_OR_NULL(_T)) simple_xattr_free(_T),
simple_xattr_alloc(value, size),
const void *value, size_t size)
#endif /* _LINUX_XATTR_H */
Reference in New Issue View Git Blame Copy Permalink