xattr: rework simple xattrs and support user.* xattrs on sockets

[PATCH 07/14] xattr: add xattr_permission_error()

Posted by Christian Brauner 1 month ago

Stop repeating the ?: in multiple places and use a simple helper for
this.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/xattr.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/fs/xattr.c b/fs/xattr.c
index 64803097e1dc..c4db8663c32e 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -106,6 +106,13 @@ int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode)
 	return 0;
 }
 
+static inline int xattr_permission_error(int mask)
+{
+	if (mask & MAY_WRITE)
+		return -EPERM;
+	return -ENODATA;
+}
+
 /*
  * Check permissions for extended attribute access.  This is a bit complicated
  * because different namespaces have very different rules.
@@ -135,7 +142,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
 	 */
 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
 		if (!capable(CAP_SYS_ADMIN))
-			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
+			return xattr_permission_error(mask);
 		return 0;
 	}
 
@@ -146,7 +153,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
 	 */
 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
-			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
+			return xattr_permission_error(mask);
 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
 		    (mask & MAY_WRITE) &&
 		    !inode_owner_or_capable(idmap, inode))

-- 
2.47.3

Re: [PATCH 07/14] xattr: add xattr_permission_error()

Posted by Jan Kara 2 weeks, 5 days ago

On Mon 16-02-26 14:32:03, Christian Brauner wrote:
> Stop repeating the ?: in multiple places and use a simple helper for
> this.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/xattr.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 64803097e1dc..c4db8663c32e 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -106,6 +106,13 @@ int may_write_xattr(struct mnt_idmap *idmap, struct inode *inode)
>  	return 0;
>  }
>  
> +static inline int xattr_permission_error(int mask)
> +{
> +	if (mask & MAY_WRITE)
> +		return -EPERM;
> +	return -ENODATA;
> +}
> +
>  /*
>   * Check permissions for extended attribute access.  This is a bit complicated
>   * because different namespaces have very different rules.
> @@ -135,7 +142,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
>  	 */
>  	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
>  		if (!capable(CAP_SYS_ADMIN))
> -			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
> +			return xattr_permission_error(mask);
>  		return 0;
>  	}
>  
> @@ -146,7 +153,7 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
>  	 */
>  	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
>  		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
> -			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
> +			return xattr_permission_error(mask);
>  		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
>  		    (mask & MAY_WRITE) &&
>  		    !inode_owner_or_capable(idmap, inode))
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR