From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 941F1EB64DA for ; Thu, 20 Jul 2023 17:10:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1CF85280148; Thu, 20 Jul 2023 13:10:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 17F5C28004C; Thu, 20 Jul 2023 13:10:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F1414280148; Thu, 20 Jul 2023 13:09:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D9DDE28004C for ; Thu, 20 Jul 2023 13:09:59 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 2B1FF140200 for ; Thu, 20 Jul 2023 17:09:59 +0000 (UTC) X-FDA: 81032627718.25.77A92B3 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) by imf04.hostedemail.com (Postfix) with ESMTP id 1114840002 for ; Thu, 20 Jul 2023 17:09:56 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=HF2MFQgA; spf=pass (imf04.hostedemail.com: domain of ovt@google.com designates 209.85.208.50 as permitted sender) smtp.mailfrom=ovt@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689872997; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OePz8v69s00M2ilRycRfcSyFAghjyc8VZlWYpXtiIsE=; b=urAw96J4piPxdamMWPhf0nhaPtQ69VYZMjiAxwWwyFsHka70gg3GdRVozeMrcIfObDyg/C fsBahH7p70Y0cBGhupWJ9EJJMmCbKgKqW35k7eSFX6vuPPmb8Xz7M373EB/44RgQAvSCNZ RFrFb8vLS5Me7vAZcvzmu5dGiyQzKnM= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=HF2MFQgA; spf=pass (imf04.hostedemail.com: domain of ovt@google.com designates 209.85.208.50 as permitted sender) smtp.mailfrom=ovt@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689872997; a=rsa-sha256; cv=none; b=v4+cQ9mTwtjmV+aEZvf7G0zRzngZKDj+wv9D/pEIfXVYfz7j6Om+iuR0YXWrHus3/a2H4a iB7eGBRWNoGg9FcgWL6mxFb06TCxGGWPmnyRwsj3TOWKvxATkjByVl8WRAX/SDhzNFbH0d BsizNeLh1065Rhi9GUNp1K/qvKUGacM= Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-51e5da802afso1409490a12.3 for ; Thu, 20 Jul 2023 10:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689872995; x=1690477795; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OePz8v69s00M2ilRycRfcSyFAghjyc8VZlWYpXtiIsE=; b=HF2MFQgAMFvDlJlXwWccBNQfwAuM4Cv4Jx1kGnNgwgaYJmc7w69Dz75kZr2QItQxmE LMjTqR6PIj/K0hknPmU5Iv1lOdXQONXG2mQoxeuNMWnsQYyHPeq3rOaUtVTQ/3W+BObY C6zXwgGJauidVjYPdTZFk9raAtCgmxRh5UV5YWCJHBflvzEVS3nd5h/fGWCR6fwwLxnt zUpGu+LIf/KOiHTJs3xJRiXRKvECmNdYAJlHxqUrnN2u8+PIuLkkdHl1VwDzeq+tNxd3 3guK1GAj57MIP72oxsbKoNjNfJ7dV7f7nLvl+wFvNHygOF6SvbmFQday5Culdm4JetXK f4XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689872995; x=1690477795; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OePz8v69s00M2ilRycRfcSyFAghjyc8VZlWYpXtiIsE=; b=NQTioVnw3psRNEA9U7r6CbLFlGlqnXOm0+4WtLrbwUy7wXmXrOxjMvNOfyPlGRalB0 +I37A/HcDRPZKdP1MRIs5vxjw/KSLTSx9mcfz1cAbHt6gvnUqm9dDIt4j6p5L6c3RKDs 0wxfi2LXZsdOVnHjviH+S/0I1EyokXVcyJeEKfI3D29vA06HryPuOKBQ9FyC5vM1MIIY +dnM7G1z3szOWXJaNE6fWt3fcs76EE1G9npA3B3dV3IG9qqWl9KgLUcmEy/VwpZDKOfN EOPV5Zx/Udst+SSJ08fx86ZOXXrcBly2/ffocy81NkfnGear7Mc3yiT+myi5PeH6bxTn AVfA== X-Gm-Message-State: ABy/qLYsmatfaUvJepYQ/I9HUqO5ChKqhoFiTQdAQJmoTjhM8cKSnVBa zQeVHTL6PUzaYyXiDYujEHqwTLEauOgmZ9OaDTRS5g== X-Google-Smtp-Source: APBJJlFM0DzaqWr1FLRWsslI+/8JlxbvnO+4c0QVQwcMiphx3eD1TYU/HuJ+O1zxgDAJwp8PIXSok91hfqYBDyU3IGY= X-Received: by 2002:a17:906:2756:b0:992:462d:e2af with SMTP id a22-20020a170906275600b00992462de2afmr2943870ejd.75.1689872995482; Thu, 20 Jul 2023 10:09:55 -0700 (PDT) MIME-Version: 1.0 References: <20230720065430.2178136-1-ovt@google.com> <9b8d38f0-fd22-3f98-d070-16baf976ecb5@google.com> In-Reply-To: <9b8d38f0-fd22-3f98-d070-16baf976ecb5@google.com> From: Oleksandr Tymoshenko Date: Thu, 20 Jul 2023 10:09:46 -0700 Message-ID: Subject: Re: [PATCH] shmem: add support for user extended attributes To: Hugh Dickins Cc: Jonathan Corbet , Andrew Morton , Christian Brauner , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: multipart/alternative; boundary="0000000000009d2a2a0600ee3767" X-Rspamd-Queue-Id: 1114840002 X-Rspam-User: X-Stat-Signature: 4qrk34ruz31c8ekkc7ojaspr9tjgni86 X-Rspamd-Server: rspam01 X-HE-Tag: 1689872996-353570 X-HE-Meta: U2FsdGVkX1+sHyXbagLMAgXeIMU9YLJFIoTt/5wqrn/ZyvzUo5duAQZETt146CcgRTpUo5hRDCDEVjv9A16Qm9lc0nGw9IYGrUHFhq5hRAwZHF/7lq1JONawBzRXKvmfmkyV9aroFL7pO/go9YNDPYby8fLw25QQ8CtEtKgTBdDVzTN0y2jf+fVqqWLQzus1NBlDCx7KMSBzBDhlyrmCgC0fFJheZiGWtECCTtEOYyk0NlwmpN5bAmLyyVCqGuR7lKx81MlHKluTkvx34JRrsAJsT+PUSOD10uVQuBHtgcMcrMnhi88hdoOrDrSKXpYHTlPgGT/pKDTHcP++N0FxPWwvZ/g3/aSDttPxgk6B+eJuyveGVEB+BzMsCE46LeTgrEXpdk/Coiwqex4A9LD+1ukc3HcKc2tdc801ISjGCQgdGjKR47m3mg5wY02iKvk00VM0T5vFQvVMIg7f9I8P9kNDsKn5CzOIKvCTuIvsSfvWqcHavGiEFxs8OmWYRtCzRJhqvVHHWo1jNmkvcIGzgOXH6tjCXkWhdpTNhQ+LlyobmYy6+o+BWeLj2aV1ZfAH7KySoSdJbKR6sZKHrIYbUHhlpbsldJddD2E/uNWN7Wzu6AZTxl4jlFslP/leiQJVfMy9hVAcoYj+qVYu/MSSjhF/X5iXiiolx3i7PR64Wu6oW1P7hzqnOTqD0NfWu3fnQ+rM5NZ6WyHYZkrialwwWqltfd8X8W4MhJM31YqftjD0O8KK8bfo+MWxdWBuH4jlTsE+PB9L7/ily7bVwmlaiRBNzJV22ywvHNGe6j5wjvtzXzCHWQgUvvfsPHu/TpsyTLwDkTouPTmM618Rni1us5VZ1agBGwRAA+Q0wlnxZAIH1kskJMeUtE78NrhGHcIgxYdGFqu0YY1+7zaOafH5spQM9JBGxM8MZ9JtZvOs3K4iJieNFH6U9vJVoGN0sbqvdVALNJZxkYxTtRGNTqq UgDMaP3V Q/uR+ALJijWMZqbcKi0eUpJMwKuIIxrz1dEQR2pCq6uG3jy8NPkvRM4puuLHF2Rzgor3wayOwOZYwzsUDN/5Cm/pIGjrOOOhvSHXU+nEd3q+2/gd2vu73ZX6YsVTQa6rrsqJ11UDQHnbzuM4NAo9Is7L7Inrz7q0qKcpV+CuBqs9EyVdiLaXiNNLYPiqw4W2V44JF8ZdpYKCNUcLNtu4syPzbCM3CvSH55ELItrnEX8Ijv0PqV3Xze7pzpg9UeiN23/jZRqrYAM5xAVyKoPkr3UADZ37vT6h8GaqCR+wvOnO/Lx3I6Jw+wrtWrJDKJHfHih0h7nBYpwckkTxiJVFDfg0DmmkpLMEFvZI3vv6ovmZ99UksB928uX7fNIz9BMBXPRkE X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --0000000000009d2a2a0600ee3767 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Hugh, Could you share that patch? On Thu, Jul 20, 2023 at 9:57=E2=80=AFAM Hugh Dickins wro= te: > On Thu, 20 Jul 2023, Oleksandr Tymoshenko wrote: > > > User extended attributes are not enabled in tmpfs because > > the size of the value is not limited and the memory allocated > > for it is not counted against any limit. Malicious > > non-privileged user can exhaust kernel memory by creating > > user.* extended attribute with very large value. > > > > There are still situations when enabling suport for extended > > user attributes on tmpfs is required and the attack vector > > is not applicable, for instance batch jobs with trusted binaries. > > > > This patch introduces two mount options to enable/disable > > support for user.* extended attributes on tmpfs: > > > > user_xattr enable support for user extended aatributes > > nouser_xattr disable support for user extended attributes > > > > The default behavior of the filesystem is not changed. > > > > Signed-off-by: Oleksandr Tymoshenko > > Thanks, but no. > > This is not something we want mount options for: > we just want to limit the memory usage of tmpfs user xattrs. > > I've had the patch to do that limiting (taking it out of the inode > space already limited by nr_inodes) in my test tree for 2.5 years now: > waiting to reach the top of the heap to pull together and submit. > > Your sending this patch does help to raise the priority for my > sending that patch: thank you; but I cannot promise when that will be. > > (And the way mm/shmem.c is conflicted between vfs and mm trees > is rather discouraging development there at the moment: I'm hoping > it can be mostly wrested back into the mm tree in the next cycle.) > > Hugh > > > --- > > Documentation/filesystems/tmpfs.rst | 12 ++++++++ > > include/linux/shmem_fs.h | 1 + > > mm/shmem.c | 45 +++++++++++++++++++++++++++++ > > 3 files changed, 58 insertions(+) > > > > diff --git a/Documentation/filesystems/tmpfs.rst > b/Documentation/filesystems/tmpfs.rst > > index f18f46be5c0c..5700ba72d095 100644 > > --- a/Documentation/filesystems/tmpfs.rst > > +++ b/Documentation/filesystems/tmpfs.rst > > @@ -215,6 +215,16 @@ will give you tmpfs instance on /mytmpfs which can > allocate 10GB > > RAM/SWAP in 10240 inodes and it is only accessible by root. > > > > > > +tmpfs, when compiled with CONFIG_TMPFS_XATTR, does not support > > +Extended User Attributes for security reasons. The support can be > > +enabled/disabled by two mount options: > > + > > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > > +user_xattr Enable support for Extended User Attributes > > +nouser_xattr Disable upport for Extended User Attributes > > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > > + > > + > > :Author: > > Christoph Rohland , 1.12.01 > > :Updated: > > @@ -223,3 +233,5 @@ RAM/SWAP in 10240 inodes and it is only accessible > by root. > > KOSAKI Motohiro, 16 Mar 2010 > > :Updated: > > Chris Down, 13 July 2020 > > +:Updated: > > + Oleksandr Tymoshenko, 19 July 2023 > > diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h > > index 9029abd29b1c..f06d18b9041c 100644 > > --- a/include/linux/shmem_fs.h > > +++ b/include/linux/shmem_fs.h > > @@ -53,6 +53,7 @@ struct shmem_sb_info { > > spinlock_t shrinklist_lock; /* Protects shrinklist */ > > struct list_head shrinklist; /* List of shinkable inodes */ > > unsigned long shrinklist_len; /* Length of shrinklist */ > > + bool user_xattr; /* user.* xattrs are allowed */ > > }; > > > > static inline struct shmem_inode_info *SHMEM_I(struct inode *inode) > > diff --git a/mm/shmem.c b/mm/shmem.c > > index 2f2e0e618072..4f7d46d65494 100644 > > --- a/mm/shmem.c > > +++ b/mm/shmem.c > > @@ -85,6 +85,7 @@ static struct vfsmount *shm_mnt; > > > > #define BLOCKS_PER_PAGE (PAGE_SIZE/512) > > #define VM_ACCT(size) (PAGE_ALIGN(size) >> PAGE_SHIFT) > > +#define TMPFS_USER_XATTR_INDEX 1 > > > > /* Pretend that each entry is of this size in directory's i_size */ > > #define BOGO_DIRENT_SIZE 20 > > @@ -116,11 +117,13 @@ struct shmem_options { > > int huge; > > int seen; > > bool noswap; > > + bool user_xattr; > > #define SHMEM_SEEN_BLOCKS 1 > > #define SHMEM_SEEN_INODES 2 > > #define SHMEM_SEEN_HUGE 4 > > #define SHMEM_SEEN_INUMS 8 > > #define SHMEM_SEEN_NOSWAP 16 > > +#define SHMEM_SEEN_USER_XATTR 32 > > }; > > > > #ifdef CONFIG_TMPFS > > @@ -3447,6 +3450,16 @@ static int shmem_xattr_handler_get(const struct > xattr_handler *handler, > > const char *name, void *buffer, size_t > size) > > { > > struct shmem_inode_info *info =3D SHMEM_I(inode); > > + struct shmem_sb_info *sbinfo =3D SHMEM_SB(inode->i_sb); > > + > > + switch (handler->flags) { > > + case TMPFS_USER_XATTR_INDEX: > > + if (!sbinfo->user_xattr) > > + return -EOPNOTSUPP; > > + break; > > + default: > > + break; > > + } > > > > name =3D xattr_full_name(handler, name); > > return simple_xattr_get(&info->xattrs, name, buffer, size); > > @@ -3459,8 +3472,18 @@ static int shmem_xattr_handler_set(const struct > xattr_handler *handler, > > size_t size, int flags) > > { > > struct shmem_inode_info *info =3D SHMEM_I(inode); > > + struct shmem_sb_info *sbinfo =3D SHMEM_SB(inode->i_sb); > > int err; > > > > + switch (handler->flags) { > > + case TMPFS_USER_XATTR_INDEX: > > + if (!sbinfo->user_xattr) > > + return -EOPNOTSUPP; > > + break; > > + default: > > + break; > > + } > > + > > name =3D xattr_full_name(handler, name); > > err =3D simple_xattr_set(&info->xattrs, name, value, size, flags, > NULL); > > if (!err) { > > @@ -3482,9 +3505,17 @@ static const struct xattr_handler > shmem_trusted_xattr_handler =3D { > > .set =3D shmem_xattr_handler_set, > > }; > > > > +static const struct xattr_handler shmem_user_xattr_handler =3D { > > + .prefix =3D XATTR_USER_PREFIX, > > + .flags =3D TMPFS_USER_XATTR_INDEX, > > + .get =3D shmem_xattr_handler_get, > > + .set =3D shmem_xattr_handler_set, > > +}; > > + > > static const struct xattr_handler *shmem_xattr_handlers[] =3D { > > &shmem_security_xattr_handler, > > &shmem_trusted_xattr_handler, > > + &shmem_user_xattr_handler, > > NULL > > }; > > > > @@ -3604,6 +3635,8 @@ enum shmem_param { > > Opt_inode32, > > Opt_inode64, > > Opt_noswap, > > + Opt_user_xattr, > > + Opt_nouser_xattr, > > }; > > > > static const struct constant_table shmem_param_enums_huge[] =3D { > > @@ -3626,6 +3659,8 @@ const struct fs_parameter_spec > shmem_fs_parameters[] =3D { > > fsparam_flag ("inode32", Opt_inode32), > > fsparam_flag ("inode64", Opt_inode64), > > fsparam_flag ("noswap", Opt_noswap), > > + fsparam_flag ("user_xattr", Opt_user_xattr), > > + fsparam_flag ("nouser_xattr", Opt_nouser_xattr), > > {} > > }; > > > > @@ -3717,6 +3752,14 @@ static int shmem_parse_one(struct fs_context *fc= , > struct fs_parameter *param) > > ctx->noswap =3D true; > > ctx->seen |=3D SHMEM_SEEN_NOSWAP; > > break; > > + case Opt_user_xattr: > > + ctx->user_xattr =3D true; > > + ctx->seen |=3D SHMEM_SEEN_USER_XATTR; > > + break; > > + case Opt_nouser_xattr: > > + ctx->user_xattr =3D false; > > + ctx->seen |=3D SHMEM_SEEN_USER_XATTR; > > + break; > > } > > return 0; > > > > @@ -3834,6 +3877,8 @@ static int shmem_reconfigure(struct fs_context *f= c) > > sbinfo->max_inodes =3D ctx->inodes; > > sbinfo->free_inodes =3D ctx->inodes - inodes; > > } > > + if (ctx->seen & SHMEM_SEEN_USER_XATTR) > > + sbinfo->user_xattr =3D ctx->user_xattr; > > > > /* > > * Preserve previous mempolicy unless mpol remount option was > specified. > > -- > > 2.41.0.255.g8b1d071c50-goog > > > > > --0000000000009d2a2a0600ee3767 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi = Hugh,

Could you share tha= t patch?

On Thu, Jul 20, 2023 at 9:57=E2=80=AFAM Hugh Dickins <hughd@google.com> wrote:
=
On Thu, 20 Jul 2023, Olek= sandr Tymoshenko wrote:

> User extended attributes are not enabled in tmpfs because
> the size of the value is not limited and the memory allocated
> for it is not counted against any limit. Malicious
> non-privileged user can exhaust kernel memory by creating
> user.* extended attribute with very large value.
>
> There are still situations when enabling suport for extended
> user attributes on tmpfs is required and the attack vector
> is not applicable, for instance batch jobs with trusted binaries.
>
> This patch introduces two mount options to enable/disable
> support for user.* extended attributes on tmpfs:
>
> user_xattr=C2=A0 =C2=A0 enable support for user extended aatributes > nouser_xattr=C2=A0 disable support for user extended attributes
>
> The default behavior of the filesystem is not changed.
>
> Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>

Thanks, but no.

This is not something we want mount options for:
we just want to limit the memory usage of tmpfs user xattrs.

I've had the patch to do that limiting (taking it out of the inode
space already limited by nr_inodes) in my test tree for 2.5 years now:
waiting to reach the top of the heap to pull together and submit.

Your sending this patch does help to raise the priority for my
sending that patch: thank you; but I cannot promise when that will be.

(And the way mm/shmem.c is conflicted between vfs and mm trees
is rather discouraging development there at the moment: I'm hoping
it can be mostly wrested back into the mm tree in the next cycle.)

Hugh

> ---
>=C2=A0 Documentation/filesystems/tmpfs.rst | 12 ++++++++
>=C2=A0 include/linux/shmem_fs.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 |=C2=A0 1 +
>=C2=A0 mm/shmem.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 45 +++++++++++++++++++++++++++++ >=C2=A0 3 files changed, 58 insertions(+)
>
> diff --git a/Documentation/filesystems/tmpfs.rst b/Documentation/files= ystems/tmpfs.rst
> index f18f46be5c0c..5700ba72d095 100644
> --- a/Documentation/filesystems/tmpfs.rst
> +++ b/Documentation/filesystems/tmpfs.rst
> @@ -215,6 +215,16 @@ will give you tmpfs instance on /mytmpfs which ca= n allocate 10GB
>=C2=A0 RAM/SWAP in 10240 inodes and it is only accessible by root.
>=C2=A0
>=C2=A0
> +tmpfs, when compiled with CONFIG_TMPFS_XATTR, does not support
> +Extended User Attributes for security reasons. The support can be
> +enabled/disabled by two mount options:
> +
> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=C2=A0 =3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> +user_xattr=C2=A0 =C2=A0 Enable support for Extended User Attributes > +nouser_xattr=C2=A0 Disable upport for Extended User Attributes
> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=C2=A0 =3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> +
> +
>=C2=A0 :Author:
>=C2=A0 =C2=A0 =C2=A0Christoph Rohland <cr@sap.com>, 1.12.01
>=C2=A0 :Updated:
> @@ -223,3 +233,5 @@ RAM/SWAP in 10240 inodes and it is only accessible= by root.
>=C2=A0 =C2=A0 =C2=A0KOSAKI Motohiro, 16 Mar 2010
>=C2=A0 :Updated:
>=C2=A0 =C2=A0 =C2=A0Chris Down, 13 July 2020
> +:Updated:
> +=C2=A0 =C2=A0Oleksandr Tymoshenko, 19 July 2023
> diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h
> index 9029abd29b1c..f06d18b9041c 100644
> --- a/include/linux/shmem_fs.h
> +++ b/include/linux/shmem_fs.h
> @@ -53,6 +53,7 @@ struct shmem_sb_info {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0spinlock_t shrinklist_lock;=C2=A0 =C2=A0/* P= rotects shrinklist */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0struct list_head shrinklist;=C2=A0 /* List o= f shinkable inodes */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0unsigned long shrinklist_len; /* Length of s= hrinklist */
> +=C2=A0 =C2=A0 =C2=A0bool user_xattr;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 /* user.* xattrs are allowed */
>=C2=A0 };
>=C2=A0
>=C2=A0 static inline struct shmem_inode_info *SHMEM_I(struct inode *ino= de)
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 2f2e0e618072..4f7d46d65494 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -85,6 +85,7 @@ static struct vfsmount *shm_mnt;
>=C2=A0
>=C2=A0 #define BLOCKS_PER_PAGE=C2=A0 (PAGE_SIZE/512)
>=C2=A0 #define VM_ACCT(size)=C2=A0 =C2=A0 (PAGE_ALIGN(size) >> PA= GE_SHIFT)
> +#define TMPFS_USER_XATTR_INDEX 1
>=C2=A0
>=C2=A0 /* Pretend that each entry is of this size in directory's i_= size */
>=C2=A0 #define BOGO_DIRENT_SIZE 20
> @@ -116,11 +117,13 @@ struct shmem_options {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0int huge;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0int seen;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0bool noswap;
> +=C2=A0 =C2=A0 =C2=A0bool user_xattr;
>=C2=A0 #define SHMEM_SEEN_BLOCKS 1
>=C2=A0 #define SHMEM_SEEN_INODES 2
>=C2=A0 #define SHMEM_SEEN_HUGE 4
>=C2=A0 #define SHMEM_SEEN_INUMS 8
>=C2=A0 #define SHMEM_SEEN_NOSWAP 16
> +#define SHMEM_SEEN_USER_XATTR 32
>=C2=A0 };
>=C2=A0
>=C2=A0 #ifdef CONFIG_TMPFS
> @@ -3447,6 +3450,16 @@ static int shmem_xattr_handler_get(const struct= xattr_handler *handler,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 const char *name, void *bu= ffer, size_t size)
>=C2=A0 {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0struct shmem_inode_info *info =3D SHMEM_I(in= ode);
> +=C2=A0 =C2=A0 =C2=A0struct shmem_sb_info *sbinfo =3D SHMEM_SB(inode-&= gt;i_sb);
> +
> +=C2=A0 =C2=A0 =C2=A0switch (handler->flags) {
> +=C2=A0 =C2=A0 =C2=A0case TMPFS_USER_XATTR_INDEX:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!sbinfo->user_= xattr)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0return -EOPNOTSUPP;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
> +=C2=A0 =C2=A0 =C2=A0default:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
> +=C2=A0 =C2=A0 =C2=A0}
>=C2=A0
>=C2=A0 =C2=A0 =C2=A0 =C2=A0name =3D xattr_full_name(handler, name);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return simple_xattr_get(&info->xattrs= , name, buffer, size);
> @@ -3459,8 +3472,18 @@ static int shmem_xattr_handler_set(const struct= xattr_handler *handler,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 size_t size, int flags) >=C2=A0 {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0struct shmem_inode_info *info =3D SHMEM_I(in= ode);
> +=C2=A0 =C2=A0 =C2=A0struct shmem_sb_info *sbinfo =3D SHMEM_SB(inode-&= gt;i_sb);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0int err;
>=C2=A0
> +=C2=A0 =C2=A0 =C2=A0switch (handler->flags) {
> +=C2=A0 =C2=A0 =C2=A0case TMPFS_USER_XATTR_INDEX:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!sbinfo->user_= xattr)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0return -EOPNOTSUPP;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
> +=C2=A0 =C2=A0 =C2=A0default:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
> +=C2=A0 =C2=A0 =C2=A0}
> +
>=C2=A0 =C2=A0 =C2=A0 =C2=A0name =3D xattr_full_name(handler, name);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0err =3D simple_xattr_set(&info->xattr= s, name, value, size, flags, NULL);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0if (!err) {
> @@ -3482,9 +3505,17 @@ static const struct xattr_handler shmem_trusted= _xattr_handler =3D {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0.set =3D shmem_xattr_handler_set,
>=C2=A0 };
>=C2=A0
> +static const struct xattr_handler shmem_user_xattr_handler =3D {
> +=C2=A0 =C2=A0 =C2=A0.prefix =3D XATTR_USER_PREFIX,
> +=C2=A0 =C2=A0 =C2=A0.flags =3D TMPFS_USER_XATTR_INDEX,
> +=C2=A0 =C2=A0 =C2=A0.get =3D shmem_xattr_handler_get,
> +=C2=A0 =C2=A0 =C2=A0.set =3D shmem_xattr_handler_set,
> +};
> +
>=C2=A0 static const struct xattr_handler *shmem_xattr_handlers[] =3D {<= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0&shmem_security_xattr_handler,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0&shmem_trusted_xattr_handler,
> +=C2=A0 =C2=A0 =C2=A0&shmem_user_xattr_handler,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0NULL
>=C2=A0 };
>=C2=A0
> @@ -3604,6 +3635,8 @@ enum shmem_param {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0Opt_inode32,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0Opt_inode64,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0Opt_noswap,
> +=C2=A0 =C2=A0 =C2=A0Opt_user_xattr,
> +=C2=A0 =C2=A0 =C2=A0Opt_nouser_xattr,
>=C2=A0 };
>=C2=A0
>=C2=A0 static const struct constant_table shmem_param_enums_huge[] =3D = {
> @@ -3626,6 +3659,8 @@ const struct fs_parameter_spec shmem_fs_paramete= rs[] =3D {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0fsparam_flag=C2=A0 ("inode32",=C2= =A0 =C2=A0 =C2=A0 =C2=A0Opt_inode32),
>=C2=A0 =C2=A0 =C2=A0 =C2=A0fsparam_flag=C2=A0 ("inode64",=C2= =A0 =C2=A0 =C2=A0 =C2=A0Opt_inode64),
>=C2=A0 =C2=A0 =C2=A0 =C2=A0fsparam_flag=C2=A0 ("noswap",=C2= =A0 =C2=A0 =C2=A0 =C2=A0 Opt_noswap),
> +=C2=A0 =C2=A0 =C2=A0fsparam_flag=C2=A0 ("user_xattr",=C2=A0= =C2=A0 Opt_user_xattr),
> +=C2=A0 =C2=A0 =C2=A0fsparam_flag=C2=A0 ("nouser_xattr",=C2= =A0 Opt_nouser_xattr),
>=C2=A0 =C2=A0 =C2=A0 =C2=A0{}
>=C2=A0 };
>=C2=A0
> @@ -3717,6 +3752,14 @@ static int shmem_parse_one(struct fs_context *f= c, struct fs_parameter *param)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->noswap = =3D true;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->seen |= =3D SHMEM_SEEN_NOSWAP;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
> +=C2=A0 =C2=A0 =C2=A0case Opt_user_xattr:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->user_xattr = =3D true;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->seen |=3D SHM= EM_SEEN_USER_XATTR;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
> +=C2=A0 =C2=A0 =C2=A0case Opt_nouser_xattr:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->user_xattr = =3D false;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ctx->seen |=3D SHM= EM_SEEN_USER_XATTR;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0break;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0}
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return 0;
>=C2=A0
> @@ -3834,6 +3877,8 @@ static int shmem_reconfigure(struct fs_context *= fc)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sbinfo->max_i= nodes=C2=A0 =3D ctx->inodes;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sbinfo->free_= inodes =3D ctx->inodes - inodes;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0}
> +=C2=A0 =C2=A0 =C2=A0if (ctx->seen & SHMEM_SEEN_USER_XATTR)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sbinfo->user_xattr= =3D ctx->user_xattr;
>=C2=A0
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/*
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 * Preserve previous mempolicy unless mpol r= emount option was specified.
> --
> 2.41.0.255.g8b1d071c50-goog
>
>
--0000000000009d2a2a0600ee3767--