From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=zVN4=4L=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.9 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1,
	USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 16A83C35671
	for <linux-mm@archiver.kernel.org>; Sun, 23 Feb 2020 20:10:31 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 91C0220656
	for <linux-mm@archiver.kernel.org>; Sun, 23 Feb 2020 20:10:30 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PDHgbnyO"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 91C0220656
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id EE4E76B0003; Sun, 23 Feb 2020 15:10:29 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E95CB6B0006; Sun, 23 Feb 2020 15:10:29 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D83CC6B0007; Sun, 23 Feb 2020 15:10:29 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0071.hostedemail.com [216.40.44.71])
	by kanga.kvack.org (Postfix) with ESMTP id BE7126B0003
	for <linux-mm@kvack.org>; Sun, 23 Feb 2020 15:10:29 -0500 (EST)
Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 6217B181AC9BF
	for <linux-mm@kvack.org>; Sun, 23 Feb 2020 20:10:29 +0000 (UTC)
X-FDA: 76522484178.13.unit01_5b87ff6c51b50
X-HE-Tag: unit01_5b87ff6c51b50
X-Filterd-Recvd-Size: 7866
Received: from mail-oi1-f193.google.com (mail-oi1-f193.google.com [209.85.167.193])
	by imf39.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Sun, 23 Feb 2020 20:10:28 +0000 (UTC)
Received: by mail-oi1-f193.google.com with SMTP id q81so7064457oig.0
        for <linux-mm@kvack.org>; Sun, 23 Feb 2020 12:10:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:in-reply-to:message-id:references
         :user-agent:mime-version;
        bh=7+8AHInhhM2hIseIf39gKRL5df83+Bq/IRRwnFnKtY8=;
        b=PDHgbnyOhthK90yQrMveOyaVvJi48jiYtEMxhLB8DOY0kQl49cDh/bX76dPjMWkkJG
         TQjmkz8cVDjfYwA7DBfG5MR//prXUQIdbUepGsfktj9Bix3HhGhARgMDvsc15BLg1x1u
         A9Udij1NmJVkm2+VuCx/2VVkO5BEkFxGG3BQpZXGVaRljwIluZLgpzG8CZNqUtE2IoLj
         q59T0HgPjYkZvlCFuQfUV3hp6z68CImjU1GXvOp5WU/AZNC+osESBI7w65OhAJuhCc9s
         04kC6s1b01hRoCUw/GQStQOlSTUjZOJeMfrffhF6lmChiIeq5V3q5RZl1SgC43t9iKR7
         C0Qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id
         :references:user-agent:mime-version;
        bh=7+8AHInhhM2hIseIf39gKRL5df83+Bq/IRRwnFnKtY8=;
        b=d6tEIr+gQJyLHqhPIwStvaieOMZHkAgTxTOtqZXgRb0jYyzUrXaYBYq9HY7x7kyZHp
         dTvLo2Rz2PSno/Zj8vUmzGUTe1C9CPWjfm834lxxzHQA6L834lcA8hdo/BJi2LfU+nIk
         hpbEjmoa4eAHYKcnUqJIcCOtCIusNQMLoTyEjn5wTrW6S02FzylyytzqzBzSRCP2pRk/
         CLRODDYkwWwAR/bhBmnetBh7wGrSjUhRtzCUuUGGUvqnDH/XzcMW6ZriPjnGRhaNqR3U
         HdvOS1seJ99gF3KlXVdkHNx6w7Tgtc6s/tJAXowWGarrqLOkl5l9671xrf/H+hEyEdKo
         l1gg==
X-Gm-Message-State: APjAAAWHp7BseWmgrFHlRiiZ7GkFdtXWp91TEpk3NU7YeAFPWgP1U8z9
	wOt9Mi8aG/8vqysoP3wxrVfVeA==
X-Google-Smtp-Source: APXvYqzCKsOHWQ/jkOrwJbTGJr7DmE0Bf3PObbvmtm2gRbdiTA2gNiW6eDZYjRcheFcym+/OIgtznw==
X-Received: by 2002:a54:448b:: with SMTP id v11mr9921427oiv.74.1582488627811;
        Sun, 23 Feb 2020 12:10:27 -0800 (PST)
Received: from eggly.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147])
        by smtp.gmail.com with ESMTPSA id c10sm3615730otl.77.2020.02.23.12.10.26
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sun, 23 Feb 2020 12:10:27 -0800 (PST)
Date: Sun, 23 Feb 2020 12:09:53 -0800 (PST)
From: Hugh Dickins <hughd@google.com>
X-X-Sender: hugh@eggly.anvils
To: Pete Zaitcev <zaitcev@kotori.zaitcev.us>
cc: linux-mm@kvack.org, Helge Deller <deller@gmx.de>, 
    Hugh Dickins <hughd@google.com>
Subject: Re: [patch] fs: Allow user.* xattr in tmpfs
In-Reply-To: <20200217155028.632662af@suzdal.zaitcev.lan>
Message-ID: <alpine.LSU.2.11.2002231132070.5949@eggly.anvils>
References: <20200217155028.632662af@suzdal.zaitcev.lan>
User-Agent: Alpine 2.11 (LSU 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, 17 Feb 2020, Pete Zaitcev wrote:

> Not having xattr in /tmp can be worked around usually by configuring
> the affected software with TMPDIR=/var/tmp and the like, but I prefer
> having this automated, if possible.
> 
> Signed-off-by: Pete Zaitcev <zaitcev@yahoo.com>

Thanks for looking into this - and thanks to Helge for reminding
that we discussed it before in private mail, 13 September 2018 most
recently (when I falsely implied that I might get around to doing it:
sorry, I have not).

Below looks like a bit of a misunderstanding of what I intended there.
Yes, I still think that accounting xattr memory consumption from the
space already (usually) limited by max_inodes is the best way forward
to enabling user xattrs on tmpfs, while limiting the damage they can do.

But, perhaps I'm misreading, here it looks as if you're allowing
max_inodes xattrs of size 8k on each inode?

No, I meant that we expect a memory size of, very approximately, 1k for
each inode+dentry, so max_inodes*1k is a limited pool of memory, from
which we currently count just the inodes, but could reasonably count
xattr memory too - but will need to extend to byte-counting for that. 

Hugh

> ---
>  fs/xattr.c            |    3 +++
>  include/linux/xattr.h |   13 +++++++++++++
>  mm/shmem.c            |   25 +++++++++++++++++++++++++
>  3 files changed, 41 insertions(+)
> 
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 90dd78f0eb27..502567a4a478 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -896,6 +896,7 @@ int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
>  			} else if (new_xattr) {
>  				list_replace(&xattr->list, &new_xattr->list);
>  			} else {
> +				--xattrs->count;
>  				list_del(&xattr->list);
>  			}
>  			goto out;
> @@ -906,6 +907,7 @@ int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
>  		err = -ENODATA;
>  	} else {
>  		list_add(&new_xattr->list, &xattrs->head);
> +		xattrs->count++;
>  		xattr = NULL;
>  	}
>  out:
> @@ -988,5 +990,6 @@ void simple_xattr_list_add(struct simple_xattrs *xattrs,
>  {
>  	spin_lock(&xattrs->lock);
>  	list_add(&new_xattr->list, &xattrs->head);
> +	xattrs->count++;
>  	spin_unlock(&xattrs->lock);
>  }
> diff --git a/include/linux/xattr.h b/include/linux/xattr.h
> index 6dad031be3c2..e1ed5910ef5c 100644
> --- a/include/linux/xattr.h
> +++ b/include/linux/xattr.h
> @@ -67,6 +67,7 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler)
>  struct simple_xattrs {
>  	struct list_head head;
>  	spinlock_t lock;
> +	int count;
>  };
>  
>  struct simple_xattr {
> @@ -83,6 +84,7 @@ static inline void simple_xattrs_init(struct simple_xattrs *xattrs)
>  {
>  	INIT_LIST_HEAD(&xattrs->head);
>  	spin_lock_init(&xattrs->lock);
> +	xattrs->count = 0;
>  }
>  
>  /*
> @@ -96,6 +98,17 @@ static inline void simple_xattrs_free(struct simple_xattrs *xattrs)
>  		kfree(xattr->name);
>  		kfree(xattr);
>  	}
> +	xattrs->count = 0;
> +}
> +
> +static inline int simple_xattrs_count(struct simple_xattrs *xattrs)
> +{
> +	int ret;
> +
> +	spin_lock(&xattrs->lock);
> +	ret = xattrs->count;
> +	spin_unlock(&xattrs->lock);
> +	return ret;
>  }
>  
>  struct simple_xattr *simple_xattr_alloc(const void *value, size_t size);
> diff --git a/mm/shmem.c b/mm/shmem.c
> index c8f7540ef048..0ce17afad30e 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -3246,6 +3246,30 @@ static int shmem_xattr_handler_set(const struct xattr_handler *handler,
>  	return simple_xattr_set(&info->xattrs, name, value, size, flags);
>  }
>  
> +static int shmem_xattr_handler_set_user(const struct xattr_handler *handler,
> +				   struct dentry *unused, struct inode *inode,
> +				   const char *name, const void *value,
> +				   size_t size, int flags)
> +{
> +	struct shmem_inode_info *info = SHMEM_I(inode);
> +	struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
> +
> +	if (value) {
> +		if (size > 8192)
> +			return -EINVAL;
> +		if (simple_xattrs_count(&info->xattrs) >= sbinfo->max_inodes)
> +			return -ENOSPC;
> +	}
> +	name = xattr_full_name(handler, name);
> +	return simple_xattr_set(&info->xattrs, name, value, size, flags);
> +}
> +
> +static const struct xattr_handler shmem_user_xattr_handler = {
> +	.prefix = XATTR_USER_PREFIX,
> +	.get = shmem_xattr_handler_get,
> +	.set = shmem_xattr_handler_set_user,
> +};
> +
>  static const struct xattr_handler shmem_security_xattr_handler = {
>  	.prefix = XATTR_SECURITY_PREFIX,
>  	.get = shmem_xattr_handler_get,
> @@ -3263,6 +3287,7 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
>  	&posix_acl_access_xattr_handler,
>  	&posix_acl_default_xattr_handler,
>  #endif
> +	&shmem_user_xattr_handler,
>  	&shmem_security_xattr_handler,
>  	&shmem_trusted_xattr_handler,
>  	NULL
>