1 /*
2 File: fs/xattr.c
3
4 Extended attribute handling.
5
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 */
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/file.h>
13 #include <linux/xattr.h>
14 #include <linux/mount.h>
15 #include <linux/namei.h>
16 #include <linux/security.h>
17 #include <linux/evm.h>
18 #include <linux/syscalls.h>
19 #include <linux/export.h>
20 #include <linux/fsnotify.h>
21 #include <linux/audit.h>
22 #include <linux/vmalloc.h>
23 #include <linux/posix_acl_xattr.h>
24
25 #include <linux/uaccess.h>
26
27 static const char *
strcmp_prefix(const char * a,const char * a_prefix)28 strcmp_prefix(const char *a, const char *a_prefix)
29 {
30 while (*a_prefix && *a == *a_prefix) {
31 a++;
32 a_prefix++;
33 }
34 return *a_prefix ? NULL : a;
35 }
36
37 /*
38 * In order to implement different sets of xattr operations for each xattr
39 * prefix, a filesystem should create a null-terminated array of struct
40 * xattr_handler (one for each prefix) and hang a pointer to it off of the
41 * s_xattr field of the superblock.
42 */
43 #define for_each_xattr_handler(handlers, handler) \
44 if (handlers) \
45 for ((handler) = *(handlers)++; \
46 (handler) != NULL; \
47 (handler) = *(handlers)++)
48
49 /*
50 * Find the xattr_handler with the matching prefix.
51 */
52 static const struct xattr_handler *
xattr_resolve_name(struct inode * inode,const char ** name)53 xattr_resolve_name(struct inode *inode, const char **name)
54 {
55 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
56 const struct xattr_handler *handler;
57
58 if (!(inode->i_opflags & IOP_XATTR)) {
59 if (unlikely(is_bad_inode(inode)))
60 return ERR_PTR(-EIO);
61 return ERR_PTR(-EOPNOTSUPP);
62 }
63 for_each_xattr_handler(handlers, handler) {
64 const char *n;
65
66 n = strcmp_prefix(*name, xattr_prefix(handler));
67 if (n) {
68 if (!handler->prefix ^ !*n) {
69 if (*n)
70 continue;
71 return ERR_PTR(-EINVAL);
72 }
73 *name = n;
74 return handler;
75 }
76 }
77 return ERR_PTR(-EOPNOTSUPP);
78 }
79
80 /*
81 * Check permissions for extended attribute access. This is a bit complicated
82 * because different namespaces have very different rules.
83 */
84 static int
xattr_permission(struct inode * inode,const char * name,int mask)85 xattr_permission(struct inode *inode, const char *name, int mask)
86 {
87 /*
88 * We can never set or remove an extended attribute on a read-only
89 * filesystem or on an immutable / append-only inode.
90 */
91 if (mask & MAY_WRITE) {
92 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
93 return -EPERM;
94 /*
95 * Updating an xattr will likely cause i_uid and i_gid
96 * to be writen back improperly if their true value is
97 * unknown to the vfs.
98 */
99 if (HAS_UNMAPPED_ID(inode))
100 return -EPERM;
101 }
102
103 /*
104 * No restriction for security.* and system.* from the VFS. Decision
105 * on these is left to the underlying filesystem / security module.
106 */
107 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
108 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
109 return 0;
110
111 /*
112 * The trusted.* namespace can only be accessed by privileged users.
113 */
114 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
115 if (!capable(CAP_SYS_ADMIN))
116 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
117 return 0;
118 }
119
120 /*
121 * In the user.* namespace, only regular files and directories can have
122 * extended attributes. For sticky directories, only the owner and
123 * privileged users can write attributes.
124 */
125 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
126 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
127 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
128 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
129 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
130 return -EPERM;
131 }
132
133 return inode_permission(inode, mask);
134 }
135
136 int
__vfs_setxattr(struct dentry * dentry,struct inode * inode,const char * name,const void * value,size_t size,int flags)137 __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
138 const void *value, size_t size, int flags)
139 {
140 const struct xattr_handler *handler;
141
142 handler = xattr_resolve_name(inode, &name);
143 if (IS_ERR(handler))
144 return PTR_ERR(handler);
145 if (!handler->set)
146 return -EOPNOTSUPP;
147 if (size == 0)
148 value = ""; /* empty EA, do not remove */
149 return handler->set(handler, dentry, inode, name, value, size, flags);
150 }
151 EXPORT_SYMBOL(__vfs_setxattr);
152
153 /**
154 * __vfs_setxattr_noperm - perform setxattr operation without performing
155 * permission checks.
156 *
157 * @dentry - object to perform setxattr on
158 * @name - xattr name to set
159 * @value - value to set @name to
160 * @size - size of @value
161 * @flags - flags to pass into filesystem operations
162 *
163 * returns the result of the internal setxattr or setsecurity operations.
164 *
165 * This function requires the caller to lock the inode's i_mutex before it
166 * is executed. It also assumes that the caller will make the appropriate
167 * permission checks.
168 */
__vfs_setxattr_noperm(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)169 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
170 const void *value, size_t size, int flags)
171 {
172 struct inode *inode = dentry->d_inode;
173 int error = -EAGAIN;
174 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
175 XATTR_SECURITY_PREFIX_LEN);
176
177 if (issec)
178 inode->i_flags &= ~S_NOSEC;
179 if (inode->i_opflags & IOP_XATTR) {
180 error = __vfs_setxattr(dentry, inode, name, value, size, flags);
181 if (!error) {
182 fsnotify_xattr(dentry);
183 security_inode_post_setxattr(dentry, name, value,
184 size, flags);
185 }
186 } else {
187 if (unlikely(is_bad_inode(inode)))
188 return -EIO;
189 }
190 if (error == -EAGAIN) {
191 error = -EOPNOTSUPP;
192
193 if (issec) {
194 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
195
196 error = security_inode_setsecurity(inode, suffix, value,
197 size, flags);
198 if (!error)
199 fsnotify_xattr(dentry);
200 }
201 }
202
203 return error;
204 }
205
206 /**
207 * __vfs_setxattr_locked: set an extended attribute while holding the inode
208 * lock
209 *
210 * @dentry - object to perform setxattr on
211 * @name - xattr name to set
212 * @value - value to set @name to
213 * @size - size of @value
214 * @flags - flags to pass into filesystem operations
215 * @delegated_inode - on return, will contain an inode pointer that
216 * a delegation was broken on, NULL if none.
217 */
218 int
__vfs_setxattr_locked(struct dentry * dentry,const char * name,const void * value,size_t size,int flags,struct inode ** delegated_inode)219 __vfs_setxattr_locked(struct dentry *dentry, const char *name,
220 const void *value, size_t size, int flags,
221 struct inode **delegated_inode)
222 {
223 struct inode *inode = dentry->d_inode;
224 int error;
225
226 error = xattr_permission(inode, name, MAY_WRITE);
227 if (error)
228 return error;
229
230 error = security_inode_setxattr(dentry, name, value, size, flags);
231 if (error)
232 goto out;
233
234 error = try_break_deleg(inode, delegated_inode);
235 if (error)
236 goto out;
237
238 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
239
240 out:
241 return error;
242 }
243 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
244
245 int
vfs_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)246 vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
247 size_t size, int flags)
248 {
249 struct inode *inode = dentry->d_inode;
250 struct inode *delegated_inode = NULL;
251 int error;
252
253 retry_deleg:
254 inode_lock(inode);
255 error = __vfs_setxattr_locked(dentry, name, value, size, flags,
256 &delegated_inode);
257 inode_unlock(inode);
258
259 if (delegated_inode) {
260 error = break_deleg_wait(&delegated_inode);
261 if (!error)
262 goto retry_deleg;
263 }
264 return error;
265 }
266 EXPORT_SYMBOL_GPL(vfs_setxattr);
267
268 static ssize_t
xattr_getsecurity(struct inode * inode,const char * name,void * value,size_t size)269 xattr_getsecurity(struct inode *inode, const char *name, void *value,
270 size_t size)
271 {
272 void *buffer = NULL;
273 ssize_t len;
274
275 if (!value || !size) {
276 len = security_inode_getsecurity(inode, name, &buffer, false);
277 goto out_noalloc;
278 }
279
280 len = security_inode_getsecurity(inode, name, &buffer, true);
281 if (len < 0)
282 return len;
283 if (size < len) {
284 len = -ERANGE;
285 goto out;
286 }
287 memcpy(value, buffer, len);
288 out:
289 kfree(buffer);
290 out_noalloc:
291 return len;
292 }
293
294 /*
295 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
296 *
297 * Allocate memory, if not already allocated, or re-allocate correct size,
298 * before retrieving the extended attribute.
299 *
300 * Returns the result of alloc, if failed, or the getxattr operation.
301 */
302 ssize_t
vfs_getxattr_alloc(struct dentry * dentry,const char * name,char ** xattr_value,size_t xattr_size,gfp_t flags)303 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
304 size_t xattr_size, gfp_t flags)
305 {
306 const struct xattr_handler *handler;
307 struct inode *inode = dentry->d_inode;
308 char *value = *xattr_value;
309 int error;
310
311 error = xattr_permission(inode, name, MAY_READ);
312 if (error)
313 return error;
314
315 handler = xattr_resolve_name(inode, &name);
316 if (IS_ERR(handler))
317 return PTR_ERR(handler);
318 if (!handler->get)
319 return -EOPNOTSUPP;
320 error = handler->get(handler, dentry, inode, name, NULL, 0);
321 if (error < 0)
322 return error;
323
324 if (!value || (error > xattr_size)) {
325 value = krealloc(*xattr_value, error + 1, flags);
326 if (!value)
327 return -ENOMEM;
328 memset(value, 0, error + 1);
329 }
330
331 error = handler->get(handler, dentry, inode, name, value, error);
332 *xattr_value = value;
333 return error;
334 }
335
336 ssize_t
__vfs_getxattr(struct dentry * dentry,struct inode * inode,const char * name,void * value,size_t size)337 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
338 void *value, size_t size)
339 {
340 const struct xattr_handler *handler;
341
342 handler = xattr_resolve_name(inode, &name);
343 if (IS_ERR(handler))
344 return PTR_ERR(handler);
345 if (!handler->get)
346 return -EOPNOTSUPP;
347 return handler->get(handler, dentry, inode, name, value, size);
348 }
349 EXPORT_SYMBOL(__vfs_getxattr);
350
351 ssize_t
vfs_getxattr(struct dentry * dentry,const char * name,void * value,size_t size)352 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
353 {
354 struct inode *inode = dentry->d_inode;
355 int error;
356
357 error = xattr_permission(inode, name, MAY_READ);
358 if (error)
359 return error;
360
361 error = security_inode_getxattr(dentry, name);
362 if (error)
363 return error;
364
365 if (!strncmp(name, XATTR_SECURITY_PREFIX,
366 XATTR_SECURITY_PREFIX_LEN)) {
367 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
368 int ret = xattr_getsecurity(inode, suffix, value, size);
369 /*
370 * Only overwrite the return value if a security module
371 * is actually active.
372 */
373 if (ret == -EOPNOTSUPP)
374 goto nolsm;
375 return ret;
376 }
377 nolsm:
378 return __vfs_getxattr(dentry, inode, name, value, size);
379 }
380 EXPORT_SYMBOL_GPL(vfs_getxattr);
381
382 ssize_t
vfs_listxattr(struct dentry * dentry,char * list,size_t size)383 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
384 {
385 struct inode *inode = d_inode(dentry);
386 ssize_t error;
387
388 error = security_inode_listxattr(dentry);
389 if (error)
390 return error;
391 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
392 error = inode->i_op->listxattr(dentry, list, size);
393 } else {
394 error = security_inode_listsecurity(inode, list, size);
395 if (size && error > size)
396 error = -ERANGE;
397 }
398 return error;
399 }
400 EXPORT_SYMBOL_GPL(vfs_listxattr);
401
402 int
__vfs_removexattr(struct dentry * dentry,const char * name)403 __vfs_removexattr(struct dentry *dentry, const char *name)
404 {
405 struct inode *inode = d_inode(dentry);
406 const struct xattr_handler *handler;
407
408 handler = xattr_resolve_name(inode, &name);
409 if (IS_ERR(handler))
410 return PTR_ERR(handler);
411 if (!handler->set)
412 return -EOPNOTSUPP;
413 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
414 }
415 EXPORT_SYMBOL(__vfs_removexattr);
416
417 /**
418 * __vfs_removexattr_locked: set an extended attribute while holding the inode
419 * lock
420 *
421 * @dentry - object to perform setxattr on
422 * @name - name of xattr to remove
423 * @delegated_inode - on return, will contain an inode pointer that
424 * a delegation was broken on, NULL if none.
425 */
426 int
__vfs_removexattr_locked(struct dentry * dentry,const char * name,struct inode ** delegated_inode)427 __vfs_removexattr_locked(struct dentry *dentry, const char *name,
428 struct inode **delegated_inode)
429 {
430 struct inode *inode = dentry->d_inode;
431 int error;
432
433 error = xattr_permission(inode, name, MAY_WRITE);
434 if (error)
435 return error;
436
437 error = security_inode_removexattr(dentry, name);
438 if (error)
439 goto out;
440
441 error = try_break_deleg(inode, delegated_inode);
442 if (error)
443 goto out;
444
445 error = __vfs_removexattr(dentry, name);
446
447 if (!error) {
448 fsnotify_xattr(dentry);
449 evm_inode_post_removexattr(dentry, name);
450 }
451
452 out:
453 return error;
454 }
455 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
456
457 int
vfs_removexattr(struct dentry * dentry,const char * name)458 vfs_removexattr(struct dentry *dentry, const char *name)
459 {
460 struct inode *inode = dentry->d_inode;
461 struct inode *delegated_inode = NULL;
462 int error;
463
464 retry_deleg:
465 inode_lock(inode);
466 error = __vfs_removexattr_locked(dentry, name, &delegated_inode);
467 inode_unlock(inode);
468
469 if (delegated_inode) {
470 error = break_deleg_wait(&delegated_inode);
471 if (!error)
472 goto retry_deleg;
473 }
474
475 return error;
476 }
477 EXPORT_SYMBOL_GPL(vfs_removexattr);
478
479 /*
480 * Extended attribute SET operations
481 */
482 static long
setxattr(struct dentry * d,const char __user * name,const void __user * value,size_t size,int flags)483 setxattr(struct dentry *d, const char __user *name, const void __user *value,
484 size_t size, int flags)
485 {
486 int error;
487 void *kvalue = NULL;
488 char kname[XATTR_NAME_MAX + 1];
489
490 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
491 return -EINVAL;
492
493 error = strncpy_from_user(kname, name, sizeof(kname));
494 if (error == 0 || error == sizeof(kname))
495 error = -ERANGE;
496 if (error < 0)
497 return error;
498
499 if (size) {
500 if (size > XATTR_SIZE_MAX)
501 return -E2BIG;
502 kvalue = kvmalloc(size, GFP_KERNEL);
503 if (!kvalue)
504 return -ENOMEM;
505 if (copy_from_user(kvalue, value, size)) {
506 error = -EFAULT;
507 goto out;
508 }
509 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
510 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
511 posix_acl_fix_xattr_from_user(kvalue, size);
512 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
513 error = cap_convert_nscap(d, &kvalue, size);
514 if (error < 0)
515 goto out;
516 size = error;
517 }
518 }
519
520 error = vfs_setxattr(d, kname, kvalue, size, flags);
521 out:
522 kvfree(kvalue);
523
524 return error;
525 }
526
path_setxattr(const char __user * pathname,const char __user * name,const void __user * value,size_t size,int flags,unsigned int lookup_flags)527 static int path_setxattr(const char __user *pathname,
528 const char __user *name, const void __user *value,
529 size_t size, int flags, unsigned int lookup_flags)
530 {
531 struct path path;
532 int error;
533 retry:
534 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
535 if (error)
536 return error;
537 error = mnt_want_write(path.mnt);
538 if (!error) {
539 error = setxattr(path.dentry, name, value, size, flags);
540 mnt_drop_write(path.mnt);
541 }
542 path_put(&path);
543 if (retry_estale(error, lookup_flags)) {
544 lookup_flags |= LOOKUP_REVAL;
545 goto retry;
546 }
547 return error;
548 }
549
SYSCALL_DEFINE5(setxattr,const char __user *,pathname,const char __user *,name,const void __user *,value,size_t,size,int,flags)550 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
551 const char __user *, name, const void __user *, value,
552 size_t, size, int, flags)
553 {
554 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
555 }
556
SYSCALL_DEFINE5(lsetxattr,const char __user *,pathname,const char __user *,name,const void __user *,value,size_t,size,int,flags)557 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
558 const char __user *, name, const void __user *, value,
559 size_t, size, int, flags)
560 {
561 return path_setxattr(pathname, name, value, size, flags, 0);
562 }
563
SYSCALL_DEFINE5(fsetxattr,int,fd,const char __user *,name,const void __user *,value,size_t,size,int,flags)564 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
565 const void __user *,value, size_t, size, int, flags)
566 {
567 struct fd f = fdget(fd);
568 int error = -EBADF;
569
570 if (!f.file)
571 return error;
572 audit_file(f.file);
573 error = mnt_want_write_file(f.file);
574 if (!error) {
575 error = setxattr(f.file->f_path.dentry, name, value, size, flags);
576 mnt_drop_write_file(f.file);
577 }
578 fdput(f);
579 return error;
580 }
581
582 /*
583 * Extended attribute GET operations
584 */
585 static ssize_t
getxattr(struct dentry * d,const char __user * name,void __user * value,size_t size)586 getxattr(struct dentry *d, const char __user *name, void __user *value,
587 size_t size)
588 {
589 ssize_t error;
590 void *kvalue = NULL;
591 char kname[XATTR_NAME_MAX + 1];
592
593 error = strncpy_from_user(kname, name, sizeof(kname));
594 if (error == 0 || error == sizeof(kname))
595 error = -ERANGE;
596 if (error < 0)
597 return error;
598
599 if (size) {
600 if (size > XATTR_SIZE_MAX)
601 size = XATTR_SIZE_MAX;
602 kvalue = kvzalloc(size, GFP_KERNEL);
603 if (!kvalue)
604 return -ENOMEM;
605 }
606
607 error = vfs_getxattr(d, kname, kvalue, size);
608 if (error > 0) {
609 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
610 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
611 posix_acl_fix_xattr_to_user(kvalue, error);
612 if (size && copy_to_user(value, kvalue, error))
613 error = -EFAULT;
614 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
615 /* The file system tried to returned a value bigger
616 than XATTR_SIZE_MAX bytes. Not possible. */
617 error = -E2BIG;
618 }
619
620 kvfree(kvalue);
621
622 return error;
623 }
624
path_getxattr(const char __user * pathname,const char __user * name,void __user * value,size_t size,unsigned int lookup_flags)625 static ssize_t path_getxattr(const char __user *pathname,
626 const char __user *name, void __user *value,
627 size_t size, unsigned int lookup_flags)
628 {
629 struct path path;
630 ssize_t error;
631 retry:
632 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
633 if (error)
634 return error;
635 error = getxattr(path.dentry, name, value, size);
636 path_put(&path);
637 if (retry_estale(error, lookup_flags)) {
638 lookup_flags |= LOOKUP_REVAL;
639 goto retry;
640 }
641 return error;
642 }
643
SYSCALL_DEFINE4(getxattr,const char __user *,pathname,const char __user *,name,void __user *,value,size_t,size)644 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
645 const char __user *, name, void __user *, value, size_t, size)
646 {
647 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
648 }
649
SYSCALL_DEFINE4(lgetxattr,const char __user *,pathname,const char __user *,name,void __user *,value,size_t,size)650 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
651 const char __user *, name, void __user *, value, size_t, size)
652 {
653 return path_getxattr(pathname, name, value, size, 0);
654 }
655
SYSCALL_DEFINE4(fgetxattr,int,fd,const char __user *,name,void __user *,value,size_t,size)656 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
657 void __user *, value, size_t, size)
658 {
659 struct fd f = fdget(fd);
660 ssize_t error = -EBADF;
661
662 if (!f.file)
663 return error;
664 audit_file(f.file);
665 error = getxattr(f.file->f_path.dentry, name, value, size);
666 fdput(f);
667 return error;
668 }
669
670 /*
671 * Extended attribute LIST operations
672 */
673 static ssize_t
listxattr(struct dentry * d,char __user * list,size_t size)674 listxattr(struct dentry *d, char __user *list, size_t size)
675 {
676 ssize_t error;
677 char *klist = NULL;
678
679 if (size) {
680 if (size > XATTR_LIST_MAX)
681 size = XATTR_LIST_MAX;
682 klist = kvmalloc(size, GFP_KERNEL);
683 if (!klist)
684 return -ENOMEM;
685 }
686
687 error = vfs_listxattr(d, klist, size);
688 if (error > 0) {
689 if (size && copy_to_user(list, klist, error))
690 error = -EFAULT;
691 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
692 /* The file system tried to returned a list bigger
693 than XATTR_LIST_MAX bytes. Not possible. */
694 error = -E2BIG;
695 }
696
697 kvfree(klist);
698
699 return error;
700 }
701
path_listxattr(const char __user * pathname,char __user * list,size_t size,unsigned int lookup_flags)702 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
703 size_t size, unsigned int lookup_flags)
704 {
705 struct path path;
706 ssize_t error;
707 retry:
708 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
709 if (error)
710 return error;
711 error = listxattr(path.dentry, list, size);
712 path_put(&path);
713 if (retry_estale(error, lookup_flags)) {
714 lookup_flags |= LOOKUP_REVAL;
715 goto retry;
716 }
717 return error;
718 }
719
SYSCALL_DEFINE3(listxattr,const char __user *,pathname,char __user *,list,size_t,size)720 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
721 size_t, size)
722 {
723 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
724 }
725
SYSCALL_DEFINE3(llistxattr,const char __user *,pathname,char __user *,list,size_t,size)726 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
727 size_t, size)
728 {
729 return path_listxattr(pathname, list, size, 0);
730 }
731
SYSCALL_DEFINE3(flistxattr,int,fd,char __user *,list,size_t,size)732 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
733 {
734 struct fd f = fdget(fd);
735 ssize_t error = -EBADF;
736
737 if (!f.file)
738 return error;
739 audit_file(f.file);
740 error = listxattr(f.file->f_path.dentry, list, size);
741 fdput(f);
742 return error;
743 }
744
745 /*
746 * Extended attribute REMOVE operations
747 */
748 static long
removexattr(struct dentry * d,const char __user * name)749 removexattr(struct dentry *d, const char __user *name)
750 {
751 int error;
752 char kname[XATTR_NAME_MAX + 1];
753
754 error = strncpy_from_user(kname, name, sizeof(kname));
755 if (error == 0 || error == sizeof(kname))
756 error = -ERANGE;
757 if (error < 0)
758 return error;
759
760 return vfs_removexattr(d, kname);
761 }
762
path_removexattr(const char __user * pathname,const char __user * name,unsigned int lookup_flags)763 static int path_removexattr(const char __user *pathname,
764 const char __user *name, unsigned int lookup_flags)
765 {
766 struct path path;
767 int error;
768 retry:
769 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
770 if (error)
771 return error;
772 error = mnt_want_write(path.mnt);
773 if (!error) {
774 error = removexattr(path.dentry, name);
775 mnt_drop_write(path.mnt);
776 }
777 path_put(&path);
778 if (retry_estale(error, lookup_flags)) {
779 lookup_flags |= LOOKUP_REVAL;
780 goto retry;
781 }
782 return error;
783 }
784
SYSCALL_DEFINE2(removexattr,const char __user *,pathname,const char __user *,name)785 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
786 const char __user *, name)
787 {
788 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
789 }
790
SYSCALL_DEFINE2(lremovexattr,const char __user *,pathname,const char __user *,name)791 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
792 const char __user *, name)
793 {
794 return path_removexattr(pathname, name, 0);
795 }
796
SYSCALL_DEFINE2(fremovexattr,int,fd,const char __user *,name)797 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
798 {
799 struct fd f = fdget(fd);
800 int error = -EBADF;
801
802 if (!f.file)
803 return error;
804 audit_file(f.file);
805 error = mnt_want_write_file(f.file);
806 if (!error) {
807 error = removexattr(f.file->f_path.dentry, name);
808 mnt_drop_write_file(f.file);
809 }
810 fdput(f);
811 return error;
812 }
813
814 /*
815 * Combine the results of the list() operation from every xattr_handler in the
816 * list.
817 */
818 ssize_t
generic_listxattr(struct dentry * dentry,char * buffer,size_t buffer_size)819 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
820 {
821 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
822 unsigned int size = 0;
823
824 if (!buffer) {
825 for_each_xattr_handler(handlers, handler) {
826 if (!handler->name ||
827 (handler->list && !handler->list(dentry)))
828 continue;
829 size += strlen(handler->name) + 1;
830 }
831 } else {
832 char *buf = buffer;
833 size_t len;
834
835 for_each_xattr_handler(handlers, handler) {
836 if (!handler->name ||
837 (handler->list && !handler->list(dentry)))
838 continue;
839 len = strlen(handler->name);
840 if (len + 1 > buffer_size)
841 return -ERANGE;
842 memcpy(buf, handler->name, len + 1);
843 buf += len + 1;
844 buffer_size -= len + 1;
845 }
846 size = buf - buffer;
847 }
848 return size;
849 }
850 EXPORT_SYMBOL(generic_listxattr);
851
852 /**
853 * xattr_full_name - Compute full attribute name from suffix
854 *
855 * @handler: handler of the xattr_handler operation
856 * @name: name passed to the xattr_handler operation
857 *
858 * The get and set xattr handler operations are called with the remainder of
859 * the attribute name after skipping the handler's prefix: for example, "foo"
860 * is passed to the get operation of a handler with prefix "user." to get
861 * attribute "user.foo". The full name is still "there" in the name though.
862 *
863 * Note: the list xattr handler operation when called from the vfs is passed a
864 * NULL name; some file systems use this operation internally, with varying
865 * semantics.
866 */
xattr_full_name(const struct xattr_handler * handler,const char * name)867 const char *xattr_full_name(const struct xattr_handler *handler,
868 const char *name)
869 {
870 size_t prefix_len = strlen(xattr_prefix(handler));
871
872 return name - prefix_len;
873 }
874 EXPORT_SYMBOL(xattr_full_name);
875
876 /*
877 * Allocate new xattr and copy in the value; but leave the name to callers.
878 */
simple_xattr_alloc(const void * value,size_t size)879 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
880 {
881 struct simple_xattr *new_xattr;
882 size_t len;
883
884 /* wrap around? */
885 len = sizeof(*new_xattr) + size;
886 if (len < sizeof(*new_xattr))
887 return NULL;
888
889 new_xattr = kmalloc(len, GFP_KERNEL);
890 if (!new_xattr)
891 return NULL;
892
893 new_xattr->size = size;
894 memcpy(new_xattr->value, value, size);
895 return new_xattr;
896 }
897
898 /*
899 * xattr GET operation for in-memory/pseudo filesystems
900 */
simple_xattr_get(struct simple_xattrs * xattrs,const char * name,void * buffer,size_t size)901 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
902 void *buffer, size_t size)
903 {
904 struct simple_xattr *xattr;
905 int ret = -ENODATA;
906
907 spin_lock(&xattrs->lock);
908 list_for_each_entry(xattr, &xattrs->head, list) {
909 if (strcmp(name, xattr->name))
910 continue;
911
912 ret = xattr->size;
913 if (buffer) {
914 if (size < xattr->size)
915 ret = -ERANGE;
916 else
917 memcpy(buffer, xattr->value, xattr->size);
918 }
919 break;
920 }
921 spin_unlock(&xattrs->lock);
922 return ret;
923 }
924
925 /**
926 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
927 * @xattrs: target simple_xattr list
928 * @name: name of the extended attribute
929 * @value: value of the xattr. If %NULL, will remove the attribute.
930 * @size: size of the new xattr
931 * @flags: %XATTR_{CREATE|REPLACE}
932 *
933 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
934 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
935 * otherwise, fails with -ENODATA.
936 *
937 * Returns 0 on success, -errno on failure.
938 */
simple_xattr_set(struct simple_xattrs * xattrs,const char * name,const void * value,size_t size,int flags)939 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
940 const void *value, size_t size, int flags)
941 {
942 struct simple_xattr *xattr;
943 struct simple_xattr *new_xattr = NULL;
944 int err = 0;
945
946 /* value == NULL means remove */
947 if (value) {
948 new_xattr = simple_xattr_alloc(value, size);
949 if (!new_xattr)
950 return -ENOMEM;
951
952 new_xattr->name = kstrdup(name, GFP_KERNEL);
953 if (!new_xattr->name) {
954 kfree(new_xattr);
955 return -ENOMEM;
956 }
957 }
958
959 spin_lock(&xattrs->lock);
960 list_for_each_entry(xattr, &xattrs->head, list) {
961 if (!strcmp(name, xattr->name)) {
962 if (flags & XATTR_CREATE) {
963 xattr = new_xattr;
964 err = -EEXIST;
965 } else if (new_xattr) {
966 list_replace(&xattr->list, &new_xattr->list);
967 } else {
968 list_del(&xattr->list);
969 }
970 goto out;
971 }
972 }
973 if (flags & XATTR_REPLACE) {
974 xattr = new_xattr;
975 err = -ENODATA;
976 } else {
977 list_add(&new_xattr->list, &xattrs->head);
978 xattr = NULL;
979 }
980 out:
981 spin_unlock(&xattrs->lock);
982 if (xattr) {
983 kfree(xattr->name);
984 kfree(xattr);
985 }
986 return err;
987
988 }
989
xattr_is_trusted(const char * name)990 static bool xattr_is_trusted(const char *name)
991 {
992 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
993 }
994
xattr_list_one(char ** buffer,ssize_t * remaining_size,const char * name)995 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
996 const char *name)
997 {
998 size_t len = strlen(name) + 1;
999 if (*buffer) {
1000 if (*remaining_size < len)
1001 return -ERANGE;
1002 memcpy(*buffer, name, len);
1003 *buffer += len;
1004 }
1005 *remaining_size -= len;
1006 return 0;
1007 }
1008
1009 /*
1010 * xattr LIST operation for in-memory/pseudo filesystems
1011 */
simple_xattr_list(struct inode * inode,struct simple_xattrs * xattrs,char * buffer,size_t size)1012 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1013 char *buffer, size_t size)
1014 {
1015 bool trusted = ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
1016 struct simple_xattr *xattr;
1017 ssize_t remaining_size = size;
1018 int err = 0;
1019
1020 #ifdef CONFIG_FS_POSIX_ACL
1021 if (IS_POSIXACL(inode)) {
1022 if (inode->i_acl) {
1023 err = xattr_list_one(&buffer, &remaining_size,
1024 XATTR_NAME_POSIX_ACL_ACCESS);
1025 if (err)
1026 return err;
1027 }
1028 if (inode->i_default_acl) {
1029 err = xattr_list_one(&buffer, &remaining_size,
1030 XATTR_NAME_POSIX_ACL_DEFAULT);
1031 if (err)
1032 return err;
1033 }
1034 }
1035 #endif
1036
1037 spin_lock(&xattrs->lock);
1038 list_for_each_entry(xattr, &xattrs->head, list) {
1039 /* skip "trusted." attributes for unprivileged callers */
1040 if (!trusted && xattr_is_trusted(xattr->name))
1041 continue;
1042
1043 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1044 if (err)
1045 break;
1046 }
1047 spin_unlock(&xattrs->lock);
1048
1049 return err ? err : size - remaining_size;
1050 }
1051
1052 /*
1053 * Adds an extended attribute to the list
1054 */
simple_xattr_list_add(struct simple_xattrs * xattrs,struct simple_xattr * new_xattr)1055 void simple_xattr_list_add(struct simple_xattrs *xattrs,
1056 struct simple_xattr *new_xattr)
1057 {
1058 spin_lock(&xattrs->lock);
1059 list_add(&new_xattr->list, &xattrs->head);
1060 spin_unlock(&xattrs->lock);
1061 }
1062