kernfs: use simple_xattrs for security attributes

Replace the special handling of security xattrs with simple_xattrs, as is already done for the trusted xattrs. This simplifies the code and allows LSMs to use more than just a single xattr to do their business. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> [PM: manual merge fixes] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Ondrej Mosnacek <omosnace@redhat.com> 2019-02-22 09:57:15 -0500
committer: Paul Moore <paul@paul-moore.com> 2019-03-20 21:54:33 -0400
commit: 0ac6075a32fc05bc7fa025965914e8dcd448a668 (patch)
tree: f82edaba1aba32eacb57876d56fb3b218ec88840
parent: b754026bd98e644f9337224ffd4201e02dfe1c43 (diff)
3 files changed, 2 insertions, 58 deletions
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 1654d9136458..bd48e315347b 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -532,9 +532,6 @@ void kernfs_put(struct kernfs_node *kn)
        kfree_const(kn->name);
        if (kn->iattr) {
-                if (kn->iattr->ia_secdata)
-                        security_release_secctx(kn->iattr->ia_secdata,
-                                                kn->iattr->ia_secdata_len);
                simple_xattrs_free(&kn->iattr->xattrs);
                kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
        }
diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c
index 5c5569fb2110..a365088caa3c 100644
--- a/fs/kernfs/inode.c
+++ b/fs/kernfs/inode.c
@@ -137,23 +137,6 @@ out:
        return error;
 }
-static int kernfs_node_setsecdata(struct kernfs_iattrs *attrs, void **secdata,
-                                  u32 *secdata_len)
-{
-        void *old_secdata;
-        size_t old_secdata_len;
-        old_secdata = attrs->ia_secdata;
-        old_secdata_len = attrs->ia_secdata_len;
-        attrs->ia_secdata = *secdata;
-        attrs->ia_secdata_len = *secdata_len;
-        *secdata = old_secdata;
-        *secdata_len = old_secdata_len;
-        return 0;
-}
 ssize_t kernfs_iop_listxattr(struct dentry *dentry, char *buf, size_t size)
 {
        struct kernfs_node *kn = kernfs_dentry_node(dentry);
@@ -189,15 +172,12 @@ static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode)
        struct kernfs_iattrs *attrs = kn->iattr;
        inode->i_mode = kn->mode;
-        if (attrs) {
+        if (attrs)
                /*
                 * kernfs_node has non-default attributes get them from
                 * persistent copy in kernfs_node.
                 */
                set_inode_attr(inode, attrs);
-                security_inode_notifysecctx(inode, attrs->ia_secdata,
-                                            attrs->ia_secdata_len);
-        }
        if (kernfs_type(kn) == KERNFS_DIR)
                set_nlink(inode, kn->dir.subdirs + 2);
@@ -345,41 +325,10 @@ static const struct xattr_handler kernfs_trusted_xattr_handler = {
        .set = kernfs_xattr_set,
 };
-static int kernfs_security_xattr_set(const struct xattr_handler *handler,
-                                     struct dentry *unused, struct inode *inode,
-                                     const char *suffix, const void *value,
-                                     size_t size, int flags)
-{
-        struct kernfs_node *kn = inode->i_private;
-        struct kernfs_iattrs *attrs;
-        void *secdata;
-        u32 secdata_len = 0;
-        int error;
-        attrs = kernfs_iattrs(kn);
-        if (!attrs)
-                return -ENOMEM;
-        error = security_inode_setsecurity(inode, suffix, value, size, flags);
-        if (error)
-                return error;
-        error = security_inode_getsecctx(inode, &secdata, &secdata_len);
-        if (error)
-                return error;
-        mutex_lock(&kernfs_mutex);
-        error = kernfs_node_setsecdata(attrs, &secdata, &secdata_len);
-        mutex_unlock(&kernfs_mutex);
-        if (secdata)
-                security_release_secctx(secdata, secdata_len);
-        return error;
-}
 static const struct xattr_handler kernfs_security_xattr_handler = {
        .prefix = XATTR_SECURITY_PREFIX,
        .get = kernfs_xattr_get,
-        .set = kernfs_security_xattr_set,
+        .set = kernfs_xattr_set,
 };
 const struct xattr_handler *kernfs_xattr_handlers[] = {
diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h
index 385a5ca0b2f6..3c437990f39a 100644
--- a/fs/kernfs/kernfs-internal.h
+++ b/fs/kernfs/kernfs-internal.h
@@ -25,8 +25,6 @@ struct kernfs_iattrs {
        struct timespec64       ia_atime;
        struct timespec64       ia_mtime;
        struct timespec64       ia_ctime;
-        void                    *ia_secdata;
-        u32                     ia_secdata_len;
        struct simple_xattrs    xattrs;
 };
author	Ondrej Mosnacek <omosnace@redhat.com>	2019-02-22 09:57:15 -0500
committer	Paul Moore <paul@paul-moore.com>	2019-03-20 21:54:33 -0400
commit	0ac6075a32fc05bc7fa025965914e8dcd448a668 (patch)
tree	f82edaba1aba32eacb57876d56fb3b218ec88840
parent	b754026bd98e644f9337224ffd4201e02dfe1c43 (diff)

diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c index 1654d9136458..bd48e315347b 100644 --- a/fs/kernfs/dir.c +++ b/fs/kernfs/dir.c
@@ -532,9 +532,6 @@ void kernfs_put(struct kernfs_node *kn)
532	kfree_const(kn->name);	532	kfree_const(kn->name);
533		533
534	if (kn->iattr) {	534	if (kn->iattr) {
535	if (kn->iattr->ia_secdata)
536	security_release_secctx(kn->iattr->ia_secdata,
537	kn->iattr->ia_secdata_len);
538	simple_xattrs_free(&kn->iattr->xattrs);	535	simple_xattrs_free(&kn->iattr->xattrs);
539	kmem_cache_free(kernfs_iattrs_cache, kn->iattr);	536	kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
540	}	537	}


diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c index 5c5569fb2110..a365088caa3c 100644 --- a/fs/kernfs/inode.c +++ b/fs/kernfs/inode.c
@@ -137,23 +137,6 @@ out:
137	return error;	137	return error;
138	}	138	}
139		139
140	static int kernfs_node_setsecdata(struct kernfs_iattrs attrs, void *secdata,
141	u32 *secdata_len)
142	{
143	void *old_secdata;
144	size_t old_secdata_len;
145
146	old_secdata = attrs->ia_secdata;
147	old_secdata_len = attrs->ia_secdata_len;
148
149	attrs->ia_secdata = *secdata;
150	attrs->ia_secdata_len = *secdata_len;
151
152	*secdata = old_secdata;
153	*secdata_len = old_secdata_len;
154	return 0;
155	}
156
157	ssize_t kernfs_iop_listxattr(struct dentry dentry, char buf, size_t size)	140	ssize_t kernfs_iop_listxattr(struct dentry dentry, char buf, size_t size)
158	{	141	{
159	struct kernfs_node *kn = kernfs_dentry_node(dentry);	142	struct kernfs_node *kn = kernfs_dentry_node(dentry);
@@ -189,15 +172,12 @@ static void kernfs_refresh_inode(struct kernfs_node kn, struct inode inode)
189	struct kernfs_iattrs *attrs = kn->iattr;	172	struct kernfs_iattrs *attrs = kn->iattr;
190		173
191	inode->i_mode = kn->mode;	174	inode->i_mode = kn->mode;
192	if (attrs) {	175	if (attrs)
193	/*	176	/*
194	* kernfs_node has non-default attributes get them from	177	* kernfs_node has non-default attributes get them from
195	* persistent copy in kernfs_node.	178	* persistent copy in kernfs_node.
196	*/	179	*/
197	set_inode_attr(inode, attrs);	180	set_inode_attr(inode, attrs);
198	security_inode_notifysecctx(inode, attrs->ia_secdata,
199	attrs->ia_secdata_len);
200	}
201		181
202	if (kernfs_type(kn) == KERNFS_DIR)	182	if (kernfs_type(kn) == KERNFS_DIR)
203	set_nlink(inode, kn->dir.subdirs + 2);	183	set_nlink(inode, kn->dir.subdirs + 2);
@@ -345,41 +325,10 @@ static const struct xattr_handler kernfs_trusted_xattr_handler = {
345	.set = kernfs_xattr_set,	325	.set = kernfs_xattr_set,
346	};	326	};
347		327
348	static int kernfs_security_xattr_set(const struct xattr_handler *handler,
349	struct dentry unused, struct inode inode,
350	const char suffix, const void value,
351	size_t size, int flags)
352	{
353	struct kernfs_node *kn = inode->i_private;
354	struct kernfs_iattrs *attrs;
355	void *secdata;
356	u32 secdata_len = 0;
357	int error;
358
359	attrs = kernfs_iattrs(kn);
360	if (!attrs)
361	return -ENOMEM;
362
363	error = security_inode_setsecurity(inode, suffix, value, size, flags);
364	if (error)
365	return error;
366	error = security_inode_getsecctx(inode, &secdata, &secdata_len);
367	if (error)
368	return error;
369
370	mutex_lock(&kernfs_mutex);
371	error = kernfs_node_setsecdata(attrs, &secdata, &secdata_len);
372	mutex_unlock(&kernfs_mutex);
373
374	if (secdata)
375	security_release_secctx(secdata, secdata_len);
376	return error;
377	}
378
379	static const struct xattr_handler kernfs_security_xattr_handler = {	328	static const struct xattr_handler kernfs_security_xattr_handler = {
380	.prefix = XATTR_SECURITY_PREFIX,	329	.prefix = XATTR_SECURITY_PREFIX,
381	.get = kernfs_xattr_get,	330	.get = kernfs_xattr_get,
382	.set = kernfs_security_xattr_set,	331	.set = kernfs_xattr_set,
383	};	332	};
384		333
385	const struct xattr_handler *kernfs_xattr_handlers[] = {	334	const struct xattr_handler *kernfs_xattr_handlers[] = {


diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h index 385a5ca0b2f6..3c437990f39a 100644 --- a/fs/kernfs/kernfs-internal.h +++ b/fs/kernfs/kernfs-internal.h
@@ -25,8 +25,6 @@ struct kernfs_iattrs {
25	struct timespec64 ia_atime;	25	struct timespec64 ia_atime;
26	struct timespec64 ia_mtime;	26	struct timespec64 ia_mtime;
27	struct timespec64 ia_ctime;	27	struct timespec64 ia_ctime;
28	void *ia_secdata;
29	u32 ia_secdata_len;
30		28
31	struct simple_xattrs xattrs;	29	struct simple_xattrs xattrs;
32	};	30	};