Eric Lee / smarc-fsl-linux-kernel

06 Nov, 2019

1 commit

  • 3484eba91   FROMLIST: Add flags option to get xattr method paired to __vfs_getxattr ... Browse Code »

    Add a flag option to get xattr method that could have a bit flag of
    XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then
    set in the __vfs_getxattr path when called by security
    infrastructure.

    This handles the case of a union filesystem driver that is being
    requested by the security layer to report back the xattr data.

    For the use case where access is to be blocked by the security layer.

    The path then could be security(dentry) ->
    __vfs_getxattr(dentry...XATTR_NOSECURITY) ->
    handler->get(dentry...XATTR_NOSECURITY) ->
    __vfs_getxattr(lower_dentry...XATTR_NOSECURITY) ->
    lower_handler->get(lower_dentry...XATTR_NOSECURITY)
    which would report back through the chain data and success as
    expected, the logging security layer at the top would have the
    data to determine the access permissions and report back the target
    context that was blocked.

    Without the get handler flag, the path on a union filesystem would be
    the errant security(dentry) -> __vfs_getxattr(dentry) ->
    handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested ->
    security(lower_dentry, log off) -> lower_handler->get(lower_dentry)
    which would report back through the chain no data, and -EACCES.

    For selinux for both cases, this would translate to a correctly
    determined blocked access. In the first case with this change a correct avc
    log would be reported, in the second legacy case an incorrect avc log
    would be reported against an uninitialized u:object_r:unlabeled:s0
    context making the logs cosmetically useless for audit2allow.

    This patch series is inert and is the wide-spread addition of the
    flags option for xattr functions, and a replacement of __vfs_getxattr
    with __vfs_getxattr(...XATTR_NOSECURITY).

    Signed-off-by: Mark Salyzyn
    Reviewed-by: Jan Kara
    Acked-by: Jan Kara
    Acked-by: Jeff Layton
    Acked-by: David Sterba
    Acked-by: Darrick J. Wong
    Acked-by: Mike Marshall
    Cc: Stephen Smalley
    Cc: linux-kernel@vger.kernel.org
    Cc: kernel-team@android.com
    Cc: linux-security-module@vger.kernel.org

    (cherry picked from (rejected from archive because of too many recipients))
    Signed-off-by: Mark Salyzyn
    Bug: 133515582
    Bug: 136124883
    Bug: 129319403
    Change-Id: Iabbb8771939d5f66667a26bb23ddf4c562c349a1

    Mark Salyzyn
     

24 Oct, 2018

1 commit

  • aa563d7bc   iov_iter: Separate type from direction and use accessor functions ... Browse Code »

    In the iov_iter struct, separate the iterator type from the iterator
    direction and use accessor functions to access them in most places.

    Convert a bunch of places to use switch-statements to access them rather
    then chains of bitwise-AND statements. This makes it easier to add further
    iterator types. Also, this can be more efficient as to implement a switch
    of small contiguous integers, the compiler can use ~50% fewer compare
    instructions than it has to use bitwise-and instructions.

    Further, cease passing the iterator type into the iterator setup function.
    The iterator function can set that itself. Only the direction is required.

    Signed-off-by: David Howells

    David Howells
     

13 Aug, 2018

1 commit

  • 3111784be   fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed ... Browse Code »

    In my testing, v9fs_fid_xattr_set will return successfully even if the
    backend ext4 filesystem has no space to store xattr key-value. That will
    cause inconsistent behavior between front end and back end. The reason is
    that lsetxattr will be triggered by p9_client_clunk, and unfortunately we
    did not catch the error. This patch will catch the error to notify upper
    caller.

    p9_client_clunk (in 9p)
    p9_client_rpc(clnt, P9_TCLUNK, "d", fid->fid);
    v9fs_clunk (in qemu)
    put_fid
    free_fid
    v9fs_xattr_fid_clunk
    v9fs_co_lsetxattr
    s->ops->lsetxattr
    ext4_xattr_user_set (in host ext4 filesystem)

    Link: http://lkml.kernel.org/r/5B57EACC.2060900@huawei.com
    Signed-off-by: Jun Piao
    Cc: Eric Van Hensbergen
    Cc: Ron Minnich
    Cc: Latchesar Ionkov
    Cc: Andrew Morton
    Cc: stable@vger.kernel.org
    Signed-off-by: Dominique Martinet

    piaojun
     

03 Aug, 2016

1 commit

28 May, 2016

1 commit

11 Apr, 2016

1 commit

07 Dec, 2015

1 commit

  • 98e9cb571   vfs: Distinguish between full xattr names and proper prefixes ... Browse Code »

    Add an additional "name" field to struct xattr_handler. When the name
    is set, the handler matches attributes with exactly that name. When the
    prefix is set instead, the handler matches attributes with the given
    prefix and with a non-empty suffix.

    This patch should avoid bugs like the one fixed in commit c361016a in
    the future.

    Signed-off-by: Andreas Gruenbacher
    Reviewed-by: James Morris
    Signed-off-by: Al Viro

    Andreas Gruenbacher
     

14 Nov, 2015

1 commit

  • e409de992   9p: xattr simplifications ... Browse Code »

    Now that the xattr handler is passed to the xattr handler operations, we
    can use the same get and set operations for the user, trusted, and security
    xattr namespaces. In those namespaces, we can access the full attribute
    name by "reattaching" the name prefix the vfs has skipped for us. Add a
    xattr_full_name helper to make this obvious in the code.

    For the "system.posix_acl_access" and "system.posix_acl_default"
    attributes, handler->prefix is the full attribute name; the suffix is the
    empty string.

    Signed-off-by: Andreas Gruenbacher
    Cc: Eric Van Hensbergen
    Cc: Ron Minnich
    Cc: Latchesar Ionkov
    Cc: v9fs-developer@lists.sourceforge.net
    Signed-off-by: Al Viro

    Andreas Gruenbacher
     

12 Apr, 2015

2 commits

02 Jun, 2014

1 commit

  • f15844e07   9P: fix return value in v9fs_fid_xattr_set ... Browse Code »

    v9fs_fid_xattr_set is supposed to return 0 on success.

    This corrects the behaviour introduced in commit
    bdd5c28dcb8330b9074404cc92a0b83aae5606a
    "9p: fix return value in case in v9fs_fid_xattr_set()"

    (The function returns a negative error on error, as expected)

    Signed-off-by: Dominique Martinet
    Signed-off-by: Eric Van Hensbergen

    Dominique Martinet
     

24 Nov, 2013

1 commit

08 Jul, 2013

1 commit

  • d9a738597   fs/9p: xattr: add trusted and security namespaces ... Browse Code »

    Allow requests for security.* and trusted.* xattr name spaces
    to pass through to server.

    The new files are 99% cut and paste from fs/9p/xattr_user.c with the
    namespaces changed. It has the intended effect in superficial testing.
    I do not know much detail about how these namespaces are used, but passing
    them through to the server, which can decide whether to handle them or not,
    seems reasonable.

    I want to support a use case where an ext4 file system is mounted via 9P,
    then re-exported via samba to windows clients in a cluster. Windows wants
    to store xattrs such as security.NTACL. This works when ext4 directly
    backs samba, but not when 9P is inserted. This use case is documented here:
    http://code.google.com/p/diod/issues/detail?id=95

    Signed-off-by: Jim Garlick
    Signed-off-by: Eric Van Hensbergen

    Jim Garlick
     

26 Feb, 2013

1 commit

06 Jan, 2012

1 commit

  • 5d3851530   9p: Reduce object size with CONFIG_NET_9P_DEBUG ... Browse Code »

    Reduce object size by deduplicating formats.

    Use vsprintf extension %pV.
    Rename P9_DPRINTK uses to p9_debug, align arguments.
    Add function for _p9_debug and macro to add __func__.
    Add missing "\n"s to p9_debug uses.
    Remove embedded function names as p9_debug adds it.
    Remove P9_EPRINTK macro and convert use to pr_.
    Add and use pr_fmt and pr_.

    $ size fs/9p/built-in.o*
    text data bss dec hex filename
    62133 984 16000 79117 1350d fs/9p/built-in.o.new
    67342 984 16928 85254 14d06 fs/9p/built-in.o.old
    $ size net/9p/built-in.o*
    text data bss dec hex filename
    88792 4148 22024 114964 1c114 net/9p/built-in.o.new
    94072 4148 23232 121452 1da6c net/9p/built-in.o.old

    Signed-off-by: Joe Perches
    Signed-off-by: Eric Van Hensbergen

    Joe Perches
     

11 Jan, 2011

1 commit

28 Oct, 2010

2 commits

03 Aug, 2010

2 commits