[v7,2/5] fs: split off setxattr_copy and do_setxattr function from setxattr

Commit Message

Stefan Roesch Dec. 23, 2021, 7:56 p.m. UTC

This splits of the setup part of the function
setxattr in its own dedicated function called
setxattr_copy. In addition it also exposes a
new function called do_setxattr for making the
setxattr call.

This makes it possible to call these two functions
from io_uring in the processing of an xattr request.

Signed-off-by: Stefan Roesch <shr@fb.com>
---
 fs/internal.h | 19 +++++++++++
 fs/xattr.c    | 87 ++++++++++++++++++++++++++++++++++++++-------------
 2 files changed, 84 insertions(+), 22 deletions(-)

Comments

Linus Torvalds Dec. 23, 2021, 8:11 p.m. UTC | #1

On Thu, Dec 23, 2021 at 11:57 AM Stefan Roesch <shr@fb.com> wrote:
>
> +       /* Attribute name */
> +       char *kname;
> +       int kname_sz;

I still don't like this.

Clearly the "just embed the kname in the context" didn't work, but I
hate how this adds that "pointer and size", when the size really
should be part of the type.

The patch takes what used to be a fixed size, and turns it into
something we pass along as an argument - for no actual good reason.
The 'size' isn't even the size of the name, it's literally the size of
the allocation that has a fixed definition.

Can we perhaps do it another way, by just encoding the size in the
type itself - but keeping it as a pointer.

We have a fixed size for attribute names, so maybe we can do

        struct xattr_name {
                char name[XATTR_NAME_MAX + 1];
        };

and actually use that.

Because I don't see that kname_sz is ever validly anything else, and
ever has any actual value to be passed around?

Maybe some day we'd actually make that "xattr_name" structure also
have the actual length of the name in it, but that would still *not*
be the size of the allocation.

I think it's actively misleading to have "kname_sz' that isn't
actually the size of the name, but I also think it's stupid to have a
variable for what is a constant value.

             Linus

Stefan Roesch Dec. 23, 2021, 11:54 p.m. UTC | #2

On 12/23/21 12:11 PM, Linus Torvalds wrote:
> On Thu, Dec 23, 2021 at 11:57 AM Stefan Roesch <shr@fb.com> wrote:
>>
>> +       /* Attribute name */
>> +       char *kname;
>> +       int kname_sz;
> 
> I still don't like this.
> 
> Clearly the "just embed the kname in the context" didn't work, but I
> hate how this adds that "pointer and size", when the size really
> should be part of the type.
> 
> The patch takes what used to be a fixed size, and turns it into
> something we pass along as an argument - for no actual good reason.
> The 'size' isn't even the size of the name, it's literally the size of
> the allocation that has a fixed definition.
> 
> Can we perhaps do it another way, by just encoding the size in the
> type itself - but keeping it as a pointer.
> 
> We have a fixed size for attribute names, so maybe we can do
> 
>         struct xattr_name {
>                 char name[XATTR_NAME_MAX + 1];
>         };
> 
> and actually use that.
> 
> Because I don't see that kname_sz is ever validly anything else, and
> ever has any actual value to be passed around?
> 
> Maybe some day we'd actually make that "xattr_name" structure also
> have the actual length of the name in it, but that would still *not*
> be the size of the allocation.
> 
> I think it's actively misleading to have "kname_sz' that isn't
> actually the size of the name, but I also think it's stupid to have a
> variable for what is a constant value.
> 
>              Linus
> 

Linus, I added the xattr_name struct and removed the kname_sz field from
the xattr_ctx struct. In addition the xattr_name struct is used in xattr.c
and io_uring.c.

Patch

diff --git a/fs/internal.h b/fs/internal.h
index 432ea3ce76ec..28b9f947f26e 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -202,3 +202,22 @@  struct linux_dirent64;
 
 int vfs_getdents(struct file *file, struct linux_dirent64 __user *dirent,
 		 unsigned int count, loff_t *pos);
+
+ /*
+  * fs/xattr.c:
+  */
+struct xattr_ctx {
+	/* Value of attribute */
+	const void __user *value;
+	size_t size;
+	/* Attribute name */
+	char *kname;
+	int kname_sz;
+	unsigned int flags;
+};
+
+
+int setxattr_copy(const char __user *name, struct xattr_ctx *ctx,
+		void **xattr_val);
+int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
+		struct xattr_ctx *ctx, void *xattr_val);
diff --git a/fs/xattr.c b/fs/xattr.c
index 5c8c5175b385..fbe6c2b7ec47 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -25,6 +25,8 @@ 
 
 #include <linux/uaccess.h>
 
+#include "internal.h"
+
 static const char *
 strcmp_prefix(const char *a, const char *a_prefix)
 {
@@ -539,43 +541,84 @@  EXPORT_SYMBOL_GPL(vfs_removexattr);
 /*
  * Extended attribute SET operations
  */
-static long
-setxattr(struct user_namespace *mnt_userns, struct dentry *d,
-	 const char __user *name, const void __user *value, size_t size,
-	 int flags)
+
+int setxattr_copy(const char __user *name, struct xattr_ctx *ctx,
+		void **xattr_val)
 {
-	int error;
 	void *kvalue = NULL;
-	char kname[XATTR_NAME_MAX + 1];
+	int error;
 
-	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
+	if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE))
 		return -EINVAL;
 
-	error = strncpy_from_user(kname, name, sizeof(kname));
-	if (error == 0 || error == sizeof(kname))
-		error = -ERANGE;
+	error = strncpy_from_user(ctx->kname, name, ctx->kname_sz);
+	if (error == 0 || error == ctx->kname_sz)
+		return  -ERANGE;
 	if (error < 0)
 		return error;
 
-	if (size) {
-		if (size > XATTR_SIZE_MAX)
+	if (ctx->size) {
+		if (ctx->size > XATTR_SIZE_MAX)
 			return -E2BIG;
-		kvalue = kvmalloc(size, GFP_KERNEL);
+
+		kvalue = kvmalloc(ctx->size, GFP_KERNEL);
 		if (!kvalue)
 			return -ENOMEM;
-		if (copy_from_user(kvalue, value, size)) {
-			error = -EFAULT;
-			goto out;
+
+		if (copy_from_user(kvalue, ctx->value, ctx->size)) {
+			kvfree(kvalue);
+			return -EFAULT;
 		}
-		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
-		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
-			posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
 	}
 
-	error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
-out:
-	kvfree(kvalue);
+	*xattr_val = kvalue;
+	return 0;
+}
+
+static void setxattr_convert(struct user_namespace *mnt_userns,
+			struct xattr_ctx *ctx, void *xattr_value)
+{
+	if (ctx->size &&
+		((strcmp(ctx->kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
+		(strcmp(ctx->kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)))
+		posix_acl_fix_xattr_from_user(mnt_userns, xattr_value, ctx->size);
+}
+
+int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
+		struct xattr_ctx *ctx, void *xattr_value)
+{
+	int error;
+
+	setxattr_convert(mnt_userns, ctx, xattr_value);
+	error = vfs_setxattr(mnt_userns, dentry, ctx->kname,
+			xattr_value, ctx->size, ctx->flags);
+
+	return error;
+}
+
+static long
+setxattr(struct user_namespace *mnt_userns, struct dentry *d,
+	const char __user *name, const void __user *value, size_t size,
+	int flags)
+{
+	char kname[XATTR_NAME_MAX + 1];
+	struct xattr_ctx ctx = {
+		.value    = value,
+		.size     = size,
+		.kname    = kname,
+		.kname_sz = sizeof(kname),
+		.flags    = flags,
+	};
+	void *xattr_value = NULL;
+	int error;
+
+	error = setxattr_copy(name, &ctx, &xattr_value);
+	if (error)
+		return error;
+
+	error = do_setxattr(mnt_userns, d, &ctx, xattr_value);
 
+	kvfree(xattr_value);
 	return error;
 }