lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240221-idmap-fscap-refactor-v2-17-3039364623bd@kernel.org>
Date: Wed, 21 Feb 2024 15:24:48 -0600
From: "Seth Forshee (DigitalOcean)" <sforshee@...nel.org>
To: Christian Brauner <brauner@...nel.org>, 
 Seth Forshee <sforshee@...nel.org>, Serge Hallyn <serge@...lyn.com>, 
 Paul Moore <paul@...l-moore.com>, Eric Paris <eparis@...hat.com>, 
 James Morris <jmorris@...ei.org>, Alexander Viro <viro@...iv.linux.org.uk>, 
 Jan Kara <jack@...e.cz>, Stephen Smalley <stephen.smalley.work@...il.com>, 
 Ondrej Mosnacek <omosnace@...hat.com>, 
 Casey Schaufler <casey@...aufler-ca.com>, Mimi Zohar <zohar@...ux.ibm.com>, 
 Roberto Sassu <roberto.sassu@...wei.com>, 
 Dmitry Kasatkin <dmitry.kasatkin@...il.com>, 
 Eric Snowberg <eric.snowberg@...cle.com>, 
 "Matthew Wilcox (Oracle)" <willy@...radead.org>, 
 Jonathan Corbet <corbet@....net>, Miklos Szeredi <miklos@...redi.hu>, 
 Amir Goldstein <amir73il@...il.com>
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, 
 linux-security-module@...r.kernel.org, audit@...r.kernel.org, 
 selinux@...r.kernel.org, linux-integrity@...r.kernel.org, 
 linux-doc@...r.kernel.org, linux-unionfs@...r.kernel.org
Subject: [PATCH v2 17/25] fs: add vfs_get_fscaps()

Provide a type-safe interface for retrieving filesystem capabilities and
a generic implementation suitable for most filesystems. Also add an
internal interface, vfs_get_fscaps_nosec(), which skips security checks
for later use from the capability code.

Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@...nel.org>
---
 fs/xattr.c         | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 include/linux/fs.h |  4 ++++
 2 files changed, 68 insertions(+)

diff --git a/fs/xattr.c b/fs/xattr.c
index 06290e4ebc03..10d1b1f78fc2 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -181,6 +181,70 @@ xattr_supports_user_prefix(struct inode *inode)
 }
 EXPORT_SYMBOL(xattr_supports_user_prefix);
 
+static int generic_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry,
+			      struct vfs_caps *caps)
+{
+	struct inode *inode = d_inode(dentry);
+	struct vfs_ns_cap_data nscaps;
+	int ret;
+
+	ret = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, &nscaps, sizeof(nscaps));
+
+	if (ret >= 0)
+		ret = vfs_caps_from_xattr(idmap, i_user_ns(inode), caps, &nscaps, ret);
+
+	return ret;
+}
+
+/**
+ * vfs_get_fscaps_nosec - get filesystem capabilities without security checks
+ * @idmap: idmap of the mount the inode was found from
+ * @dentry: the dentry from which to get filesystem capabilities
+ * @caps: storage in which to return the filesystem capabilities
+ *
+ * This function gets the filesystem capabilities for the dentry and returns
+ * them in @caps. It does not perform security checks.
+ *
+ * Return: 0 on success, a negative errno on error.
+ */
+int vfs_get_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry,
+			 struct vfs_caps *caps)
+{
+	struct inode *inode = d_inode(dentry);
+
+	if (inode->i_op->get_fscaps)
+		return inode->i_op->get_fscaps(idmap, dentry, caps);
+	return generic_get_fscaps(idmap, dentry, caps);
+}
+
+/**
+ * vfs_get_fscaps - get filesystem capabilities
+ * @idmap: idmap of the mount the inode was found from
+ * @dentry: the dentry from which to get filesystem capabilities
+ * @caps: storage in which to return the filesystem capabilities
+ *
+ * This function gets the filesystem capabilities for the dentry and returns
+ * them in @caps.
+ *
+ * Return: 0 on success, a negative errno on error.
+ */
+int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry,
+		   struct vfs_caps *caps)
+{
+	int error;
+
+	/*
+	 * The VFS has no restrictions on reading security.* xattrs, so
+	 * xattr_permission() isn't needed. Only LSMs get a say.
+	 */
+	error = security_inode_get_fscaps(idmap, dentry);
+	if (error)
+		return error;
+
+	return vfs_get_fscaps_nosec(idmap, dentry, caps);
+}
+EXPORT_SYMBOL(vfs_get_fscaps);
+
 int
 __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
 	       struct inode *inode, const char *name, const void *value,
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 89163e0f7aad..d7cd2467e1ea 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2116,6 +2116,10 @@ extern int vfs_dedupe_file_range(struct file *file,
 extern loff_t vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos,
 					struct file *dst_file, loff_t dst_pos,
 					loff_t len, unsigned int remap_flags);
+extern int vfs_get_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry,
+				struct vfs_caps *caps);
+extern int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry,
+			  struct vfs_caps *caps);
 
 /**
  * enum freeze_holder - holder of the freeze

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ