On Thu, Jan 09, 2025 at 06:45:40PM +0100, Andrey Albershteyn wrote: > From: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > > Introduce getfsxattrat and setfsxattrat syscalls to manipulate inode > extended attributes/flags. The syscalls take parent directory FD and > path to the child together with struct fsxattr. > > This is an alternative to FS_IOC_FSSETXATTR ioctl with a difference > that file don't need to be open. By having this we can manipulated > inode extended attributes not only on normal files but also on > special ones. This is not possible with FS_IOC_FSSETXATTR ioctl as > opening special files returns VFS special inode instead of > underlying filesystem one. > > This patch adds two new syscalls which allows userspace to set > extended inode attributes on special files by using parent directory > to open FS inode. > > Also, as vfs_fileattr_set() is now will be called on special files > too, let's forbid any other attributes except projid and nextents > (symlink can have an extent). > > CC: linux-api@xxxxxxxxxxxxxxx > Signed-off-by: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > --- > > Notes: > Previous discussion: > https://lore.kernel.org/linux-xfs/20240520164624.665269-2-aalbersh@xxxxxxxxxx/ > > XFS has project quotas which could be attached to a directory. All > new inodes in these directories inherit project ID set on parent > directory. > > The project is created from userspace by opening and calling > FS_IOC_FSSETXATTR on each inode. This is not possible for special > files such as FIFO, SOCK, BLK etc. Therefore, some inodes are left > with empty project ID. Those inodes then are not shown in the quota > accounting but still exist in the directory. Moreover, in the case > when special files are created in the directory with already > existing project quota, these inode inherit extended attributes. > This than leaves them with these attributes without the possibility > to clear them out. This, in turn, prevents userspace from > re-creating quota project on these existing files. > > arch/alpha/kernel/syscalls/syscall.tbl | 2 + > arch/m68k/kernel/syscalls/syscall.tbl | 2 + > arch/microblaze/kernel/syscalls/syscall.tbl | 2 + > arch/parisc/kernel/syscalls/syscall.tbl | 2 + > arch/powerpc/kernel/syscalls/syscall.tbl | 2 + > arch/s390/kernel/syscalls/syscall.tbl | 2 + > arch/sh/kernel/syscalls/syscall.tbl | 2 + > arch/sparc/kernel/syscalls/syscall.tbl | 2 + > arch/x86/entry/syscalls/syscall_32.tbl | 2 + > arch/x86/entry/syscalls/syscall_64.tbl | 2 + > arch/xtensa/kernel/syscalls/syscall.tbl | 2 + > fs/inode.c | 105 ++++++++++++++++++++ > fs/ioctl.c | 17 +++- > include/linux/fileattr.h | 1 + > include/linux/syscalls.h | 4 + > include/uapi/asm-generic/unistd.h | 8 +- > 16 files changed, 154 insertions(+), 3 deletions(-) > > diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl > index c59d53d6d3f3..4b9e687494c1 100644 > --- a/arch/alpha/kernel/syscalls/syscall.tbl > +++ b/arch/alpha/kernel/syscalls/syscall.tbl > @@ -506,3 +506,5 @@ > 574 common getxattrat sys_getxattrat > 575 common listxattrat sys_listxattrat > 576 common removexattrat sys_removexattrat > +577 common getfsxattrat sys_getfsxattrat > +578 common setfsxattrat sys_setfsxattrat > diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl > index f5ed71f1910d..159476387f39 100644 > --- a/arch/m68k/kernel/syscalls/syscall.tbl > +++ b/arch/m68k/kernel/syscalls/syscall.tbl > @@ -466,3 +466,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl > index 680f568b77f2..a6d59ee740b5 100644 > --- a/arch/microblaze/kernel/syscalls/syscall.tbl > +++ b/arch/microblaze/kernel/syscalls/syscall.tbl > @@ -472,3 +472,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl > index d9fc94c86965..b3578fac43d6 100644 > --- a/arch/parisc/kernel/syscalls/syscall.tbl > +++ b/arch/parisc/kernel/syscalls/syscall.tbl > @@ -465,3 +465,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl > index d8b4ab78bef0..808045d82c94 100644 > --- a/arch/powerpc/kernel/syscalls/syscall.tbl > +++ b/arch/powerpc/kernel/syscalls/syscall.tbl > @@ -557,3 +557,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl > index e9115b4d8b63..78dfc2c184d4 100644 > --- a/arch/s390/kernel/syscalls/syscall.tbl > +++ b/arch/s390/kernel/syscalls/syscall.tbl > @@ -469,3 +469,5 @@ > 464 common getxattrat sys_getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat sys_setfsxattrat > diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl > index c8cad33bf250..d5a5c8339f0e 100644 > --- a/arch/sh/kernel/syscalls/syscall.tbl > +++ b/arch/sh/kernel/syscalls/syscall.tbl > @@ -470,3 +470,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl > index 727f99d333b3..817dcd8603bc 100644 > --- a/arch/sparc/kernel/syscalls/syscall.tbl > +++ b/arch/sparc/kernel/syscalls/syscall.tbl > @@ -512,3 +512,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl > index 4d0fb2fba7e2..b4842c027c5d 100644 > --- a/arch/x86/entry/syscalls/syscall_32.tbl > +++ b/arch/x86/entry/syscalls/syscall_32.tbl > @@ -472,3 +472,5 @@ > 464 i386 getxattrat sys_getxattrat > 465 i386 listxattrat sys_listxattrat > 466 i386 removexattrat sys_removexattrat > +467 i386 getfsxattrat sys_getfsxattrat > +468 i386 setfsxattrat sys_setfsxattrat > diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl > index 5eb708bff1c7..b6f0a7236aae 100644 > --- a/arch/x86/entry/syscalls/syscall_64.tbl > +++ b/arch/x86/entry/syscalls/syscall_64.tbl > @@ -390,6 +390,8 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > > # > # Due to a historical design error, certain syscalls are numbered differently > diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl > index 37effc1b134e..425d56be337d 100644 > --- a/arch/xtensa/kernel/syscalls/syscall.tbl > +++ b/arch/xtensa/kernel/syscalls/syscall.tbl > @@ -437,3 +437,5 @@ > 464 common getxattrat sys_getxattrat > 465 common listxattrat sys_listxattrat > 466 common removexattrat sys_removexattrat > +467 common getfsxattrat sys_getfsxattrat > +468 common setfsxattrat sys_setfsxattrat > diff --git a/fs/inode.c b/fs/inode.c > index 6b4c77268fc0..fc8939c6c8a7 100644 > --- a/fs/inode.c > +++ b/fs/inode.c > @@ -23,6 +23,9 @@ > #include <linux/rw_hint.h> > #include <linux/seq_file.h> > #include <linux/debugfs.h> > +#include <linux/syscalls.h> > +#include <linux/fileattr.h> > +#include <linux/namei.h> > #include <trace/events/writeback.h> > #define CREATE_TRACE_POINTS > #include <trace/events/timestamp.h> > @@ -2953,3 +2956,105 @@ umode_t mode_strip_sgid(struct mnt_idmap *idmap, > return mode & ~S_ISGID; > } > EXPORT_SYMBOL(mode_strip_sgid); > + > +SYSCALL_DEFINE4(getfsxattrat, int, dfd, const char __user *, filename, > + struct fsxattr *, fsx, int, at_flags) > +{ > + struct fd dir; > + struct fileattr fa; > + struct path filepath; > + struct inode *inode; > + int error; > + > + if (at_flags) > + return -EINVAL; > + > + if (!capable(CAP_FOWNER)) > + return -EPERM; > + > + dir = fdget(dfd); > + if (!fd_file(dir)) > + return -EBADF; > + > + if (!S_ISDIR(file_inode(fd_file(dir))->i_mode)) { > + error = -EBADF; > + goto out; > + } > + > + error = user_path_at(dfd, filename, at_flags, &filepath); Same comments as Jan, but I wanted to point out that the third argument to user_path_at() is LOOKUP_*, not AT_*. Right now you don't allow any AT_* flags, but that's something to fix before the next revision. --D > + if (error) > + goto out; > + > + inode = filepath.dentry->d_inode; > + if (file_inode(fd_file(dir))->i_sb->s_magic != inode->i_sb->s_magic) { > + error = -EBADF; > + goto out_path; > + } > + > + error = vfs_fileattr_get(filepath.dentry, &fa); > + if (error) > + goto out_path; > + > + if (copy_fsxattr_to_user(&fa, fsx)) > + error = -EFAULT; > + > +out_path: > + path_put(&filepath); > +out: > + fdput(dir); > + return error; > +} > + > +SYSCALL_DEFINE4(setfsxattrat, int, dfd, const char __user *, filename, > + struct fsxattr *, fsx, int, at_flags) > +{ > + struct fd dir; > + struct fileattr fa; > + struct inode *inode; > + struct path filepath; > + int error; > + > + if (at_flags) > + return -EINVAL; > + > + if (!capable(CAP_FOWNER)) > + return -EPERM; > + > + dir = fdget(dfd); > + if (!fd_file(dir)) > + return -EBADF; > + > + if (!S_ISDIR(file_inode(fd_file(dir))->i_mode)) { > + error = -EBADF; > + goto out; > + } > + > + if (copy_fsxattr_from_user(&fa, fsx)) { > + error = -EFAULT; > + goto out; > + } > + > + error = user_path_at(dfd, filename, at_flags, &filepath); > + if (error) > + goto out; > + > + inode = filepath.dentry->d_inode; > + if (file_inode(fd_file(dir))->i_sb->s_magic != inode->i_sb->s_magic) { > + error = -EBADF; > + goto out_path; > + } > + > + error = mnt_want_write(filepath.mnt); > + if (error) > + goto out_path; > + > + error = vfs_fileattr_set(file_mnt_idmap(fd_file(dir)), filepath.dentry, > + &fa); > + mnt_drop_write(filepath.mnt); > + > +out_path: > + path_put(&filepath); > +out: > + fdput(dir); > + return error; > +} > diff --git a/fs/ioctl.c b/fs/ioctl.c > index 638a36be31c1..df14f1868165 100644 > --- a/fs/ioctl.c > +++ b/fs/ioctl.c > @@ -558,8 +558,7 @@ int copy_fsxattr_to_user(const struct fileattr *fa, struct fsxattr __user *ufa) > } > EXPORT_SYMBOL(copy_fsxattr_to_user); > > -static int copy_fsxattr_from_user(struct fileattr *fa, > - struct fsxattr __user *ufa) > +int copy_fsxattr_from_user(struct fileattr *fa, struct fsxattr __user *ufa) > { > struct fsxattr xfa; > > @@ -574,6 +573,7 @@ static int copy_fsxattr_from_user(struct fileattr *fa, > > return 0; > } > +EXPORT_SYMBOL(copy_fsxattr_from_user); > > /* > * Generic function to check FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS values and reject > @@ -646,6 +646,19 @@ static int fileattr_set_prepare(struct inode *inode, > if (fa->fsx_cowextsize == 0) > fa->fsx_xflags &= ~FS_XFLAG_COWEXTSIZE; > > + /* > + * The only use case for special files is to set project ID, forbid any > + * other attributes > + */ > + if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) { > + if (fa->fsx_xflags & ~FS_XFLAG_PROJINHERIT) > + return -EINVAL; > + if (!S_ISLNK(inode->i_mode) && fa->fsx_nextents) > + return -EINVAL; > + if (fa->fsx_extsize || fa->fsx_cowextsize) > + return -EINVAL; > + } > + > return 0; > } > > diff --git a/include/linux/fileattr.h b/include/linux/fileattr.h > index 47c05a9851d0..8598e94b530b 100644 > --- a/include/linux/fileattr.h > +++ b/include/linux/fileattr.h > @@ -34,6 +34,7 @@ struct fileattr { > }; > > int copy_fsxattr_to_user(const struct fileattr *fa, struct fsxattr __user *ufa); > +int copy_fsxattr_from_user(struct fileattr *fa, struct fsxattr __user *ufa); > > void fileattr_fill_xflags(struct fileattr *fa, u32 xflags); > void fileattr_fill_flags(struct fileattr *fa, u32 flags); > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > index c6333204d451..a983023d21ab 100644 > --- a/include/linux/syscalls.h > +++ b/include/linux/syscalls.h > @@ -371,6 +371,10 @@ asmlinkage long sys_removexattrat(int dfd, const char __user *path, > asmlinkage long sys_lremovexattr(const char __user *path, > const char __user *name); > asmlinkage long sys_fremovexattr(int fd, const char __user *name); > +asmlinkage long sys_getfsxattrat(int dfd, const char __user *filename, > + struct fsxattr *fsx, int at_flags); > +asmlinkage long sys_setfsxattrat(int dfd, const char __user *filename, > + struct fsxattr *fsx, int at_flags); > asmlinkage long sys_getcwd(char __user *buf, unsigned long size); > asmlinkage long sys_eventfd2(unsigned int count, int flags); > asmlinkage long sys_epoll_create1(int flags); > diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h > index 88dc393c2bca..50be2e1007bc 100644 > --- a/include/uapi/asm-generic/unistd.h > +++ b/include/uapi/asm-generic/unistd.h > @@ -850,8 +850,14 @@ __SYSCALL(__NR_listxattrat, sys_listxattrat) > #define __NR_removexattrat 466 > __SYSCALL(__NR_removexattrat, sys_removexattrat) > > +/* fs/inode.c */ > +#define __NR_getfsxattrat 467 > +__SYSCALL(__NR_getfsxattrat, sys_getfsxattrat) > +#define __NR_setfsxattrat 468 > +__SYSCALL(__NR_setfsxattrat, sys_setfsxattrat) > + > #undef __NR_syscalls > -#define __NR_syscalls 467 > +#define __NR_syscalls 469 > > /* > * 32 bit systems traditionally used different > -- > 2.47.0 > >
