Loading...
1/*
2 File: fs/xattr.c
3
4 Extended attribute handling.
5
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 */
10#include <linux/fs.h>
11#include <linux/slab.h>
12#include <linux/file.h>
13#include <linux/xattr.h>
14#include <linux/mount.h>
15#include <linux/namei.h>
16#include <linux/security.h>
17#include <linux/syscalls.h>
18#include <linux/module.h>
19#include <linux/fsnotify.h>
20#include <linux/audit.h>
21#include <asm/uaccess.h>
22
23
24/*
25 * Check permissions for extended attribute access. This is a bit complicated
26 * because different namespaces have very different rules.
27 */
28static int
29xattr_permission(struct inode *inode, const char *name, int mask)
30{
31 /*
32 * We can never set or remove an extended attribute on a read-only
33 * filesystem or on an immutable / append-only inode.
34 */
35 if (mask & MAY_WRITE) {
36 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
37 return -EPERM;
38 }
39
40 /*
41 * No restriction for security.* and system.* from the VFS. Decision
42 * on these is left to the underlying filesystem / security module.
43 */
44 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
45 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
46 return 0;
47
48 /*
49 * The trusted.* namespace can only be accessed by privileged users.
50 */
51 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
52 if (!capable(CAP_SYS_ADMIN))
53 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
54 return 0;
55 }
56
57 /*
58 * In the user.* namespace, only regular files and directories can have
59 * extended attributes. For sticky directories, only the owner and
60 * privileged users can write attributes.
61 */
62 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
63 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
64 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
65 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
66 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
67 return -EPERM;
68 }
69
70 return inode_permission(inode, mask);
71}
72
73/**
74 * __vfs_setxattr_noperm - perform setxattr operation without performing
75 * permission checks.
76 *
77 * @dentry - object to perform setxattr on
78 * @name - xattr name to set
79 * @value - value to set @name to
80 * @size - size of @value
81 * @flags - flags to pass into filesystem operations
82 *
83 * returns the result of the internal setxattr or setsecurity operations.
84 *
85 * This function requires the caller to lock the inode's i_mutex before it
86 * is executed. It also assumes that the caller will make the appropriate
87 * permission checks.
88 */
89int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
90 const void *value, size_t size, int flags)
91{
92 struct inode *inode = dentry->d_inode;
93 int error = -EOPNOTSUPP;
94 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
95 XATTR_SECURITY_PREFIX_LEN);
96
97 if (issec)
98 inode->i_flags &= ~S_NOSEC;
99 if (inode->i_op->setxattr) {
100 error = inode->i_op->setxattr(dentry, name, value, size, flags);
101 if (!error) {
102 fsnotify_xattr(dentry);
103 security_inode_post_setxattr(dentry, name, value,
104 size, flags);
105 }
106 } else if (issec) {
107 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
108 error = security_inode_setsecurity(inode, suffix, value,
109 size, flags);
110 if (!error)
111 fsnotify_xattr(dentry);
112 }
113
114 return error;
115}
116
117
118int
119vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
120 size_t size, int flags)
121{
122 struct inode *inode = dentry->d_inode;
123 int error;
124
125 error = xattr_permission(inode, name, MAY_WRITE);
126 if (error)
127 return error;
128
129 mutex_lock(&inode->i_mutex);
130 error = security_inode_setxattr(dentry, name, value, size, flags);
131 if (error)
132 goto out;
133
134 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
135
136out:
137 mutex_unlock(&inode->i_mutex);
138 return error;
139}
140EXPORT_SYMBOL_GPL(vfs_setxattr);
141
142ssize_t
143xattr_getsecurity(struct inode *inode, const char *name, void *value,
144 size_t size)
145{
146 void *buffer = NULL;
147 ssize_t len;
148
149 if (!value || !size) {
150 len = security_inode_getsecurity(inode, name, &buffer, false);
151 goto out_noalloc;
152 }
153
154 len = security_inode_getsecurity(inode, name, &buffer, true);
155 if (len < 0)
156 return len;
157 if (size < len) {
158 len = -ERANGE;
159 goto out;
160 }
161 memcpy(value, buffer, len);
162out:
163 security_release_secctx(buffer, len);
164out_noalloc:
165 return len;
166}
167EXPORT_SYMBOL_GPL(xattr_getsecurity);
168
169ssize_t
170vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
171{
172 struct inode *inode = dentry->d_inode;
173 int error;
174
175 error = xattr_permission(inode, name, MAY_READ);
176 if (error)
177 return error;
178
179 error = security_inode_getxattr(dentry, name);
180 if (error)
181 return error;
182
183 if (!strncmp(name, XATTR_SECURITY_PREFIX,
184 XATTR_SECURITY_PREFIX_LEN)) {
185 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
186 int ret = xattr_getsecurity(inode, suffix, value, size);
187 /*
188 * Only overwrite the return value if a security module
189 * is actually active.
190 */
191 if (ret == -EOPNOTSUPP)
192 goto nolsm;
193 return ret;
194 }
195nolsm:
196 if (inode->i_op->getxattr)
197 error = inode->i_op->getxattr(dentry, name, value, size);
198 else
199 error = -EOPNOTSUPP;
200
201 return error;
202}
203EXPORT_SYMBOL_GPL(vfs_getxattr);
204
205ssize_t
206vfs_listxattr(struct dentry *d, char *list, size_t size)
207{
208 ssize_t error;
209
210 error = security_inode_listxattr(d);
211 if (error)
212 return error;
213 error = -EOPNOTSUPP;
214 if (d->d_inode->i_op->listxattr) {
215 error = d->d_inode->i_op->listxattr(d, list, size);
216 } else {
217 error = security_inode_listsecurity(d->d_inode, list, size);
218 if (size && error > size)
219 error = -ERANGE;
220 }
221 return error;
222}
223EXPORT_SYMBOL_GPL(vfs_listxattr);
224
225int
226vfs_removexattr(struct dentry *dentry, const char *name)
227{
228 struct inode *inode = dentry->d_inode;
229 int error;
230
231 if (!inode->i_op->removexattr)
232 return -EOPNOTSUPP;
233
234 error = xattr_permission(inode, name, MAY_WRITE);
235 if (error)
236 return error;
237
238 error = security_inode_removexattr(dentry, name);
239 if (error)
240 return error;
241
242 mutex_lock(&inode->i_mutex);
243 error = inode->i_op->removexattr(dentry, name);
244 mutex_unlock(&inode->i_mutex);
245
246 if (!error)
247 fsnotify_xattr(dentry);
248 return error;
249}
250EXPORT_SYMBOL_GPL(vfs_removexattr);
251
252
253/*
254 * Extended attribute SET operations
255 */
256static long
257setxattr(struct dentry *d, const char __user *name, const void __user *value,
258 size_t size, int flags)
259{
260 int error;
261 void *kvalue = NULL;
262 char kname[XATTR_NAME_MAX + 1];
263
264 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
265 return -EINVAL;
266
267 error = strncpy_from_user(kname, name, sizeof(kname));
268 if (error == 0 || error == sizeof(kname))
269 error = -ERANGE;
270 if (error < 0)
271 return error;
272
273 if (size) {
274 if (size > XATTR_SIZE_MAX)
275 return -E2BIG;
276 kvalue = memdup_user(value, size);
277 if (IS_ERR(kvalue))
278 return PTR_ERR(kvalue);
279 }
280
281 error = vfs_setxattr(d, kname, kvalue, size, flags);
282 kfree(kvalue);
283 return error;
284}
285
286SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
287 const char __user *, name, const void __user *, value,
288 size_t, size, int, flags)
289{
290 struct path path;
291 int error;
292
293 error = user_path(pathname, &path);
294 if (error)
295 return error;
296 error = mnt_want_write(path.mnt);
297 if (!error) {
298 error = setxattr(path.dentry, name, value, size, flags);
299 mnt_drop_write(path.mnt);
300 }
301 path_put(&path);
302 return error;
303}
304
305SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
306 const char __user *, name, const void __user *, value,
307 size_t, size, int, flags)
308{
309 struct path path;
310 int error;
311
312 error = user_lpath(pathname, &path);
313 if (error)
314 return error;
315 error = mnt_want_write(path.mnt);
316 if (!error) {
317 error = setxattr(path.dentry, name, value, size, flags);
318 mnt_drop_write(path.mnt);
319 }
320 path_put(&path);
321 return error;
322}
323
324SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
325 const void __user *,value, size_t, size, int, flags)
326{
327 struct file *f;
328 struct dentry *dentry;
329 int error = -EBADF;
330
331 f = fget(fd);
332 if (!f)
333 return error;
334 dentry = f->f_path.dentry;
335 audit_inode(NULL, dentry);
336 error = mnt_want_write_file(f);
337 if (!error) {
338 error = setxattr(dentry, name, value, size, flags);
339 mnt_drop_write(f->f_path.mnt);
340 }
341 fput(f);
342 return error;
343}
344
345/*
346 * Extended attribute GET operations
347 */
348static ssize_t
349getxattr(struct dentry *d, const char __user *name, void __user *value,
350 size_t size)
351{
352 ssize_t error;
353 void *kvalue = NULL;
354 char kname[XATTR_NAME_MAX + 1];
355
356 error = strncpy_from_user(kname, name, sizeof(kname));
357 if (error == 0 || error == sizeof(kname))
358 error = -ERANGE;
359 if (error < 0)
360 return error;
361
362 if (size) {
363 if (size > XATTR_SIZE_MAX)
364 size = XATTR_SIZE_MAX;
365 kvalue = kzalloc(size, GFP_KERNEL);
366 if (!kvalue)
367 return -ENOMEM;
368 }
369
370 error = vfs_getxattr(d, kname, kvalue, size);
371 if (error > 0) {
372 if (size && copy_to_user(value, kvalue, error))
373 error = -EFAULT;
374 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
375 /* The file system tried to returned a value bigger
376 than XATTR_SIZE_MAX bytes. Not possible. */
377 error = -E2BIG;
378 }
379 kfree(kvalue);
380 return error;
381}
382
383SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
384 const char __user *, name, void __user *, value, size_t, size)
385{
386 struct path path;
387 ssize_t error;
388
389 error = user_path(pathname, &path);
390 if (error)
391 return error;
392 error = getxattr(path.dentry, name, value, size);
393 path_put(&path);
394 return error;
395}
396
397SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
398 const char __user *, name, void __user *, value, size_t, size)
399{
400 struct path path;
401 ssize_t error;
402
403 error = user_lpath(pathname, &path);
404 if (error)
405 return error;
406 error = getxattr(path.dentry, name, value, size);
407 path_put(&path);
408 return error;
409}
410
411SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
412 void __user *, value, size_t, size)
413{
414 struct file *f;
415 ssize_t error = -EBADF;
416
417 f = fget(fd);
418 if (!f)
419 return error;
420 audit_inode(NULL, f->f_path.dentry);
421 error = getxattr(f->f_path.dentry, name, value, size);
422 fput(f);
423 return error;
424}
425
426/*
427 * Extended attribute LIST operations
428 */
429static ssize_t
430listxattr(struct dentry *d, char __user *list, size_t size)
431{
432 ssize_t error;
433 char *klist = NULL;
434
435 if (size) {
436 if (size > XATTR_LIST_MAX)
437 size = XATTR_LIST_MAX;
438 klist = kmalloc(size, GFP_KERNEL);
439 if (!klist)
440 return -ENOMEM;
441 }
442
443 error = vfs_listxattr(d, klist, size);
444 if (error > 0) {
445 if (size && copy_to_user(list, klist, error))
446 error = -EFAULT;
447 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
448 /* The file system tried to returned a list bigger
449 than XATTR_LIST_MAX bytes. Not possible. */
450 error = -E2BIG;
451 }
452 kfree(klist);
453 return error;
454}
455
456SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
457 size_t, size)
458{
459 struct path path;
460 ssize_t error;
461
462 error = user_path(pathname, &path);
463 if (error)
464 return error;
465 error = listxattr(path.dentry, list, size);
466 path_put(&path);
467 return error;
468}
469
470SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
471 size_t, size)
472{
473 struct path path;
474 ssize_t error;
475
476 error = user_lpath(pathname, &path);
477 if (error)
478 return error;
479 error = listxattr(path.dentry, list, size);
480 path_put(&path);
481 return error;
482}
483
484SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
485{
486 struct file *f;
487 ssize_t error = -EBADF;
488
489 f = fget(fd);
490 if (!f)
491 return error;
492 audit_inode(NULL, f->f_path.dentry);
493 error = listxattr(f->f_path.dentry, list, size);
494 fput(f);
495 return error;
496}
497
498/*
499 * Extended attribute REMOVE operations
500 */
501static long
502removexattr(struct dentry *d, const char __user *name)
503{
504 int error;
505 char kname[XATTR_NAME_MAX + 1];
506
507 error = strncpy_from_user(kname, name, sizeof(kname));
508 if (error == 0 || error == sizeof(kname))
509 error = -ERANGE;
510 if (error < 0)
511 return error;
512
513 return vfs_removexattr(d, kname);
514}
515
516SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
517 const char __user *, name)
518{
519 struct path path;
520 int error;
521
522 error = user_path(pathname, &path);
523 if (error)
524 return error;
525 error = mnt_want_write(path.mnt);
526 if (!error) {
527 error = removexattr(path.dentry, name);
528 mnt_drop_write(path.mnt);
529 }
530 path_put(&path);
531 return error;
532}
533
534SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
535 const char __user *, name)
536{
537 struct path path;
538 int error;
539
540 error = user_lpath(pathname, &path);
541 if (error)
542 return error;
543 error = mnt_want_write(path.mnt);
544 if (!error) {
545 error = removexattr(path.dentry, name);
546 mnt_drop_write(path.mnt);
547 }
548 path_put(&path);
549 return error;
550}
551
552SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
553{
554 struct file *f;
555 struct dentry *dentry;
556 int error = -EBADF;
557
558 f = fget(fd);
559 if (!f)
560 return error;
561 dentry = f->f_path.dentry;
562 audit_inode(NULL, dentry);
563 error = mnt_want_write_file(f);
564 if (!error) {
565 error = removexattr(dentry, name);
566 mnt_drop_write(f->f_path.mnt);
567 }
568 fput(f);
569 return error;
570}
571
572
573static const char *
574strcmp_prefix(const char *a, const char *a_prefix)
575{
576 while (*a_prefix && *a == *a_prefix) {
577 a++;
578 a_prefix++;
579 }
580 return *a_prefix ? NULL : a;
581}
582
583/*
584 * In order to implement different sets of xattr operations for each xattr
585 * prefix with the generic xattr API, a filesystem should create a
586 * null-terminated array of struct xattr_handler (one for each prefix) and
587 * hang a pointer to it off of the s_xattr field of the superblock.
588 *
589 * The generic_fooxattr() functions will use this list to dispatch xattr
590 * operations to the correct xattr_handler.
591 */
592#define for_each_xattr_handler(handlers, handler) \
593 for ((handler) = *(handlers)++; \
594 (handler) != NULL; \
595 (handler) = *(handlers)++)
596
597/*
598 * Find the xattr_handler with the matching prefix.
599 */
600static const struct xattr_handler *
601xattr_resolve_name(const struct xattr_handler **handlers, const char **name)
602{
603 const struct xattr_handler *handler;
604
605 if (!*name)
606 return NULL;
607
608 for_each_xattr_handler(handlers, handler) {
609 const char *n = strcmp_prefix(*name, handler->prefix);
610 if (n) {
611 *name = n;
612 break;
613 }
614 }
615 return handler;
616}
617
618/*
619 * Find the handler for the prefix and dispatch its get() operation.
620 */
621ssize_t
622generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size)
623{
624 const struct xattr_handler *handler;
625
626 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
627 if (!handler)
628 return -EOPNOTSUPP;
629 return handler->get(dentry, name, buffer, size, handler->flags);
630}
631
632/*
633 * Combine the results of the list() operation from every xattr_handler in the
634 * list.
635 */
636ssize_t
637generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
638{
639 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
640 unsigned int size = 0;
641
642 if (!buffer) {
643 for_each_xattr_handler(handlers, handler) {
644 size += handler->list(dentry, NULL, 0, NULL, 0,
645 handler->flags);
646 }
647 } else {
648 char *buf = buffer;
649
650 for_each_xattr_handler(handlers, handler) {
651 size = handler->list(dentry, buf, buffer_size,
652 NULL, 0, handler->flags);
653 if (size > buffer_size)
654 return -ERANGE;
655 buf += size;
656 buffer_size -= size;
657 }
658 size = buf - buffer;
659 }
660 return size;
661}
662
663/*
664 * Find the handler for the prefix and dispatch its set() operation.
665 */
666int
667generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)
668{
669 const struct xattr_handler *handler;
670
671 if (size == 0)
672 value = ""; /* empty EA, do not remove */
673 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
674 if (!handler)
675 return -EOPNOTSUPP;
676 return handler->set(dentry, name, value, size, flags, handler->flags);
677}
678
679/*
680 * Find the handler for the prefix and dispatch its set() operation to remove
681 * any associated extended attribute.
682 */
683int
684generic_removexattr(struct dentry *dentry, const char *name)
685{
686 const struct xattr_handler *handler;
687
688 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name);
689 if (!handler)
690 return -EOPNOTSUPP;
691 return handler->set(dentry, name, NULL, 0,
692 XATTR_REPLACE, handler->flags);
693}
694
695EXPORT_SYMBOL(generic_getxattr);
696EXPORT_SYMBOL(generic_listxattr);
697EXPORT_SYMBOL(generic_setxattr);
698EXPORT_SYMBOL(generic_removexattr);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 File: fs/xattr.c
4
5 Extended attribute handling.
6
7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 */
11#include <linux/fs.h>
12#include <linux/slab.h>
13#include <linux/file.h>
14#include <linux/xattr.h>
15#include <linux/mount.h>
16#include <linux/namei.h>
17#include <linux/security.h>
18#include <linux/evm.h>
19#include <linux/syscalls.h>
20#include <linux/export.h>
21#include <linux/fsnotify.h>
22#include <linux/audit.h>
23#include <linux/vmalloc.h>
24#include <linux/posix_acl_xattr.h>
25
26#include <linux/uaccess.h>
27
28static const char *
29strcmp_prefix(const char *a, const char *a_prefix)
30{
31 while (*a_prefix && *a == *a_prefix) {
32 a++;
33 a_prefix++;
34 }
35 return *a_prefix ? NULL : a;
36}
37
38/*
39 * In order to implement different sets of xattr operations for each xattr
40 * prefix, a filesystem should create a null-terminated array of struct
41 * xattr_handler (one for each prefix) and hang a pointer to it off of the
42 * s_xattr field of the superblock.
43 */
44#define for_each_xattr_handler(handlers, handler) \
45 if (handlers) \
46 for ((handler) = *(handlers)++; \
47 (handler) != NULL; \
48 (handler) = *(handlers)++)
49
50/*
51 * Find the xattr_handler with the matching prefix.
52 */
53static const struct xattr_handler *
54xattr_resolve_name(struct inode *inode, const char **name)
55{
56 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 const struct xattr_handler *handler;
58
59 if (!(inode->i_opflags & IOP_XATTR)) {
60 if (unlikely(is_bad_inode(inode)))
61 return ERR_PTR(-EIO);
62 return ERR_PTR(-EOPNOTSUPP);
63 }
64 for_each_xattr_handler(handlers, handler) {
65 const char *n;
66
67 n = strcmp_prefix(*name, xattr_prefix(handler));
68 if (n) {
69 if (!handler->prefix ^ !*n) {
70 if (*n)
71 continue;
72 return ERR_PTR(-EINVAL);
73 }
74 *name = n;
75 return handler;
76 }
77 }
78 return ERR_PTR(-EOPNOTSUPP);
79}
80
81/*
82 * Check permissions for extended attribute access. This is a bit complicated
83 * because different namespaces have very different rules.
84 */
85static int
86xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
87 const char *name, int mask)
88{
89 /*
90 * We can never set or remove an extended attribute on a read-only
91 * filesystem or on an immutable / append-only inode.
92 */
93 if (mask & MAY_WRITE) {
94 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
95 return -EPERM;
96 /*
97 * Updating an xattr will likely cause i_uid and i_gid
98 * to be writen back improperly if their true value is
99 * unknown to the vfs.
100 */
101 if (HAS_UNMAPPED_ID(mnt_userns, inode))
102 return -EPERM;
103 }
104
105 /*
106 * No restriction for security.* and system.* from the VFS. Decision
107 * on these is left to the underlying filesystem / security module.
108 */
109 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
110 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
111 return 0;
112
113 /*
114 * The trusted.* namespace can only be accessed by privileged users.
115 */
116 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
117 if (!capable(CAP_SYS_ADMIN))
118 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
119 return 0;
120 }
121
122 /*
123 * In the user.* namespace, only regular files and directories can have
124 * extended attributes. For sticky directories, only the owner and
125 * privileged users can write attributes.
126 */
127 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
128 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
129 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
130 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
131 (mask & MAY_WRITE) &&
132 !inode_owner_or_capable(mnt_userns, inode))
133 return -EPERM;
134 }
135
136 return inode_permission(mnt_userns, inode, mask);
137}
138
139/*
140 * Look for any handler that deals with the specified namespace.
141 */
142int
143xattr_supported_namespace(struct inode *inode, const char *prefix)
144{
145 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
146 const struct xattr_handler *handler;
147 size_t preflen;
148
149 if (!(inode->i_opflags & IOP_XATTR)) {
150 if (unlikely(is_bad_inode(inode)))
151 return -EIO;
152 return -EOPNOTSUPP;
153 }
154
155 preflen = strlen(prefix);
156
157 for_each_xattr_handler(handlers, handler) {
158 if (!strncmp(xattr_prefix(handler), prefix, preflen))
159 return 0;
160 }
161
162 return -EOPNOTSUPP;
163}
164EXPORT_SYMBOL(xattr_supported_namespace);
165
166int
167__vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
168 struct inode *inode, const char *name, const void *value,
169 size_t size, int flags)
170{
171 const struct xattr_handler *handler;
172
173 handler = xattr_resolve_name(inode, &name);
174 if (IS_ERR(handler))
175 return PTR_ERR(handler);
176 if (!handler->set)
177 return -EOPNOTSUPP;
178 if (size == 0)
179 value = ""; /* empty EA, do not remove */
180 return handler->set(handler, mnt_userns, dentry, inode, name, value,
181 size, flags);
182}
183EXPORT_SYMBOL(__vfs_setxattr);
184
185/**
186 * __vfs_setxattr_noperm - perform setxattr operation without performing
187 * permission checks.
188 *
189 * @mnt_userns: user namespace of the mount the inode was found from
190 * @dentry: object to perform setxattr on
191 * @name: xattr name to set
192 * @value: value to set @name to
193 * @size: size of @value
194 * @flags: flags to pass into filesystem operations
195 *
196 * returns the result of the internal setxattr or setsecurity operations.
197 *
198 * This function requires the caller to lock the inode's i_mutex before it
199 * is executed. It also assumes that the caller will make the appropriate
200 * permission checks.
201 */
202int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
203 struct dentry *dentry, const char *name,
204 const void *value, size_t size, int flags)
205{
206 struct inode *inode = dentry->d_inode;
207 int error = -EAGAIN;
208 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
209 XATTR_SECURITY_PREFIX_LEN);
210
211 if (issec)
212 inode->i_flags &= ~S_NOSEC;
213 if (inode->i_opflags & IOP_XATTR) {
214 error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
215 size, flags);
216 if (!error) {
217 fsnotify_xattr(dentry);
218 security_inode_post_setxattr(dentry, name, value,
219 size, flags);
220 }
221 } else {
222 if (unlikely(is_bad_inode(inode)))
223 return -EIO;
224 }
225 if (error == -EAGAIN) {
226 error = -EOPNOTSUPP;
227
228 if (issec) {
229 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
230
231 error = security_inode_setsecurity(inode, suffix, value,
232 size, flags);
233 if (!error)
234 fsnotify_xattr(dentry);
235 }
236 }
237
238 return error;
239}
240
241/**
242 * __vfs_setxattr_locked - set an extended attribute while holding the inode
243 * lock
244 *
245 * @mnt_userns: user namespace of the mount of the target inode
246 * @dentry: object to perform setxattr on
247 * @name: xattr name to set
248 * @value: value to set @name to
249 * @size: size of @value
250 * @flags: flags to pass into filesystem operations
251 * @delegated_inode: on return, will contain an inode pointer that
252 * a delegation was broken on, NULL if none.
253 */
254int
255__vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
256 const char *name, const void *value, size_t size,
257 int flags, struct inode **delegated_inode)
258{
259 struct inode *inode = dentry->d_inode;
260 int error;
261
262 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
263 if (error)
264 return error;
265
266 error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
267 flags);
268 if (error)
269 goto out;
270
271 error = try_break_deleg(inode, delegated_inode);
272 if (error)
273 goto out;
274
275 error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
276 size, flags);
277
278out:
279 return error;
280}
281EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
282
283int
284vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
285 const char *name, const void *value, size_t size, int flags)
286{
287 struct inode *inode = dentry->d_inode;
288 struct inode *delegated_inode = NULL;
289 const void *orig_value = value;
290 int error;
291
292 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
293 error = cap_convert_nscap(mnt_userns, dentry, &value, size);
294 if (error < 0)
295 return error;
296 size = error;
297 }
298
299retry_deleg:
300 inode_lock(inode);
301 error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
302 flags, &delegated_inode);
303 inode_unlock(inode);
304
305 if (delegated_inode) {
306 error = break_deleg_wait(&delegated_inode);
307 if (!error)
308 goto retry_deleg;
309 }
310 if (value != orig_value)
311 kfree(value);
312
313 return error;
314}
315EXPORT_SYMBOL_GPL(vfs_setxattr);
316
317static ssize_t
318xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
319 const char *name, void *value, size_t size)
320{
321 void *buffer = NULL;
322 ssize_t len;
323
324 if (!value || !size) {
325 len = security_inode_getsecurity(mnt_userns, inode, name,
326 &buffer, false);
327 goto out_noalloc;
328 }
329
330 len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
331 true);
332 if (len < 0)
333 return len;
334 if (size < len) {
335 len = -ERANGE;
336 goto out;
337 }
338 memcpy(value, buffer, len);
339out:
340 kfree(buffer);
341out_noalloc:
342 return len;
343}
344
345/*
346 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
347 *
348 * Allocate memory, if not already allocated, or re-allocate correct size,
349 * before retrieving the extended attribute.
350 *
351 * Returns the result of alloc, if failed, or the getxattr operation.
352 */
353ssize_t
354vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
355 const char *name, char **xattr_value, size_t xattr_size,
356 gfp_t flags)
357{
358 const struct xattr_handler *handler;
359 struct inode *inode = dentry->d_inode;
360 char *value = *xattr_value;
361 int error;
362
363 error = xattr_permission(mnt_userns, inode, name, MAY_READ);
364 if (error)
365 return error;
366
367 handler = xattr_resolve_name(inode, &name);
368 if (IS_ERR(handler))
369 return PTR_ERR(handler);
370 if (!handler->get)
371 return -EOPNOTSUPP;
372 error = handler->get(handler, dentry, inode, name, NULL, 0);
373 if (error < 0)
374 return error;
375
376 if (!value || (error > xattr_size)) {
377 value = krealloc(*xattr_value, error + 1, flags);
378 if (!value)
379 return -ENOMEM;
380 memset(value, 0, error + 1);
381 }
382
383 error = handler->get(handler, dentry, inode, name, value, error);
384 *xattr_value = value;
385 return error;
386}
387
388ssize_t
389__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
390 void *value, size_t size)
391{
392 const struct xattr_handler *handler;
393
394 handler = xattr_resolve_name(inode, &name);
395 if (IS_ERR(handler))
396 return PTR_ERR(handler);
397 if (!handler->get)
398 return -EOPNOTSUPP;
399 return handler->get(handler, dentry, inode, name, value, size);
400}
401EXPORT_SYMBOL(__vfs_getxattr);
402
403ssize_t
404vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
405 const char *name, void *value, size_t size)
406{
407 struct inode *inode = dentry->d_inode;
408 int error;
409
410 error = xattr_permission(mnt_userns, inode, name, MAY_READ);
411 if (error)
412 return error;
413
414 error = security_inode_getxattr(dentry, name);
415 if (error)
416 return error;
417
418 if (!strncmp(name, XATTR_SECURITY_PREFIX,
419 XATTR_SECURITY_PREFIX_LEN)) {
420 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
421 int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
422 size);
423 /*
424 * Only overwrite the return value if a security module
425 * is actually active.
426 */
427 if (ret == -EOPNOTSUPP)
428 goto nolsm;
429 return ret;
430 }
431nolsm:
432 return __vfs_getxattr(dentry, inode, name, value, size);
433}
434EXPORT_SYMBOL_GPL(vfs_getxattr);
435
436ssize_t
437vfs_listxattr(struct dentry *dentry, char *list, size_t size)
438{
439 struct inode *inode = d_inode(dentry);
440 ssize_t error;
441
442 error = security_inode_listxattr(dentry);
443 if (error)
444 return error;
445 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
446 error = inode->i_op->listxattr(dentry, list, size);
447 } else {
448 error = security_inode_listsecurity(inode, list, size);
449 if (size && error > size)
450 error = -ERANGE;
451 }
452 return error;
453}
454EXPORT_SYMBOL_GPL(vfs_listxattr);
455
456int
457__vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
458 const char *name)
459{
460 struct inode *inode = d_inode(dentry);
461 const struct xattr_handler *handler;
462
463 handler = xattr_resolve_name(inode, &name);
464 if (IS_ERR(handler))
465 return PTR_ERR(handler);
466 if (!handler->set)
467 return -EOPNOTSUPP;
468 return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
469 XATTR_REPLACE);
470}
471EXPORT_SYMBOL(__vfs_removexattr);
472
473/**
474 * __vfs_removexattr_locked - set an extended attribute while holding the inode
475 * lock
476 *
477 * @mnt_userns: user namespace of the mount of the target inode
478 * @dentry: object to perform setxattr on
479 * @name: name of xattr to remove
480 * @delegated_inode: on return, will contain an inode pointer that
481 * a delegation was broken on, NULL if none.
482 */
483int
484__vfs_removexattr_locked(struct user_namespace *mnt_userns,
485 struct dentry *dentry, const char *name,
486 struct inode **delegated_inode)
487{
488 struct inode *inode = dentry->d_inode;
489 int error;
490
491 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
492 if (error)
493 return error;
494
495 error = security_inode_removexattr(mnt_userns, dentry, name);
496 if (error)
497 goto out;
498
499 error = try_break_deleg(inode, delegated_inode);
500 if (error)
501 goto out;
502
503 error = __vfs_removexattr(mnt_userns, dentry, name);
504
505 if (!error) {
506 fsnotify_xattr(dentry);
507 evm_inode_post_removexattr(dentry, name);
508 }
509
510out:
511 return error;
512}
513EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
514
515int
516vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
517 const char *name)
518{
519 struct inode *inode = dentry->d_inode;
520 struct inode *delegated_inode = NULL;
521 int error;
522
523retry_deleg:
524 inode_lock(inode);
525 error = __vfs_removexattr_locked(mnt_userns, dentry,
526 name, &delegated_inode);
527 inode_unlock(inode);
528
529 if (delegated_inode) {
530 error = break_deleg_wait(&delegated_inode);
531 if (!error)
532 goto retry_deleg;
533 }
534
535 return error;
536}
537EXPORT_SYMBOL_GPL(vfs_removexattr);
538
539/*
540 * Extended attribute SET operations
541 */
542static long
543setxattr(struct user_namespace *mnt_userns, struct dentry *d,
544 const char __user *name, const void __user *value, size_t size,
545 int flags)
546{
547 int error;
548 void *kvalue = NULL;
549 char kname[XATTR_NAME_MAX + 1];
550
551 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
552 return -EINVAL;
553
554 error = strncpy_from_user(kname, name, sizeof(kname));
555 if (error == 0 || error == sizeof(kname))
556 error = -ERANGE;
557 if (error < 0)
558 return error;
559
560 if (size) {
561 if (size > XATTR_SIZE_MAX)
562 return -E2BIG;
563 kvalue = kvmalloc(size, GFP_KERNEL);
564 if (!kvalue)
565 return -ENOMEM;
566 if (copy_from_user(kvalue, value, size)) {
567 error = -EFAULT;
568 goto out;
569 }
570 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
571 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
572 posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
573 }
574
575 error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
576out:
577 kvfree(kvalue);
578
579 return error;
580}
581
582static int path_setxattr(const char __user *pathname,
583 const char __user *name, const void __user *value,
584 size_t size, int flags, unsigned int lookup_flags)
585{
586 struct path path;
587 int error;
588
589retry:
590 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
591 if (error)
592 return error;
593 error = mnt_want_write(path.mnt);
594 if (!error) {
595 error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
596 value, size, flags);
597 mnt_drop_write(path.mnt);
598 }
599 path_put(&path);
600 if (retry_estale(error, lookup_flags)) {
601 lookup_flags |= LOOKUP_REVAL;
602 goto retry;
603 }
604 return error;
605}
606
607SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
608 const char __user *, name, const void __user *, value,
609 size_t, size, int, flags)
610{
611 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
612}
613
614SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
615 const char __user *, name, const void __user *, value,
616 size_t, size, int, flags)
617{
618 return path_setxattr(pathname, name, value, size, flags, 0);
619}
620
621SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
622 const void __user *,value, size_t, size, int, flags)
623{
624 struct fd f = fdget(fd);
625 int error = -EBADF;
626
627 if (!f.file)
628 return error;
629 audit_file(f.file);
630 error = mnt_want_write_file(f.file);
631 if (!error) {
632 error = setxattr(file_mnt_user_ns(f.file),
633 f.file->f_path.dentry, name,
634 value, size, flags);
635 mnt_drop_write_file(f.file);
636 }
637 fdput(f);
638 return error;
639}
640
641/*
642 * Extended attribute GET operations
643 */
644static ssize_t
645getxattr(struct user_namespace *mnt_userns, struct dentry *d,
646 const char __user *name, void __user *value, size_t size)
647{
648 ssize_t error;
649 void *kvalue = NULL;
650 char kname[XATTR_NAME_MAX + 1];
651
652 error = strncpy_from_user(kname, name, sizeof(kname));
653 if (error == 0 || error == sizeof(kname))
654 error = -ERANGE;
655 if (error < 0)
656 return error;
657
658 if (size) {
659 if (size > XATTR_SIZE_MAX)
660 size = XATTR_SIZE_MAX;
661 kvalue = kvzalloc(size, GFP_KERNEL);
662 if (!kvalue)
663 return -ENOMEM;
664 }
665
666 error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
667 if (error > 0) {
668 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
669 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
670 posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
671 if (size && copy_to_user(value, kvalue, error))
672 error = -EFAULT;
673 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
674 /* The file system tried to returned a value bigger
675 than XATTR_SIZE_MAX bytes. Not possible. */
676 error = -E2BIG;
677 }
678
679 kvfree(kvalue);
680
681 return error;
682}
683
684static ssize_t path_getxattr(const char __user *pathname,
685 const char __user *name, void __user *value,
686 size_t size, unsigned int lookup_flags)
687{
688 struct path path;
689 ssize_t error;
690retry:
691 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
692 if (error)
693 return error;
694 error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
695 path_put(&path);
696 if (retry_estale(error, lookup_flags)) {
697 lookup_flags |= LOOKUP_REVAL;
698 goto retry;
699 }
700 return error;
701}
702
703SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
704 const char __user *, name, void __user *, value, size_t, size)
705{
706 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
707}
708
709SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
710 const char __user *, name, void __user *, value, size_t, size)
711{
712 return path_getxattr(pathname, name, value, size, 0);
713}
714
715SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
716 void __user *, value, size_t, size)
717{
718 struct fd f = fdget(fd);
719 ssize_t error = -EBADF;
720
721 if (!f.file)
722 return error;
723 audit_file(f.file);
724 error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
725 name, value, size);
726 fdput(f);
727 return error;
728}
729
730/*
731 * Extended attribute LIST operations
732 */
733static ssize_t
734listxattr(struct dentry *d, char __user *list, size_t size)
735{
736 ssize_t error;
737 char *klist = NULL;
738
739 if (size) {
740 if (size > XATTR_LIST_MAX)
741 size = XATTR_LIST_MAX;
742 klist = kvmalloc(size, GFP_KERNEL);
743 if (!klist)
744 return -ENOMEM;
745 }
746
747 error = vfs_listxattr(d, klist, size);
748 if (error > 0) {
749 if (size && copy_to_user(list, klist, error))
750 error = -EFAULT;
751 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
752 /* The file system tried to returned a list bigger
753 than XATTR_LIST_MAX bytes. Not possible. */
754 error = -E2BIG;
755 }
756
757 kvfree(klist);
758
759 return error;
760}
761
762static ssize_t path_listxattr(const char __user *pathname, char __user *list,
763 size_t size, unsigned int lookup_flags)
764{
765 struct path path;
766 ssize_t error;
767retry:
768 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
769 if (error)
770 return error;
771 error = listxattr(path.dentry, list, size);
772 path_put(&path);
773 if (retry_estale(error, lookup_flags)) {
774 lookup_flags |= LOOKUP_REVAL;
775 goto retry;
776 }
777 return error;
778}
779
780SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
781 size_t, size)
782{
783 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
784}
785
786SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
787 size_t, size)
788{
789 return path_listxattr(pathname, list, size, 0);
790}
791
792SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
793{
794 struct fd f = fdget(fd);
795 ssize_t error = -EBADF;
796
797 if (!f.file)
798 return error;
799 audit_file(f.file);
800 error = listxattr(f.file->f_path.dentry, list, size);
801 fdput(f);
802 return error;
803}
804
805/*
806 * Extended attribute REMOVE operations
807 */
808static long
809removexattr(struct user_namespace *mnt_userns, struct dentry *d,
810 const char __user *name)
811{
812 int error;
813 char kname[XATTR_NAME_MAX + 1];
814
815 error = strncpy_from_user(kname, name, sizeof(kname));
816 if (error == 0 || error == sizeof(kname))
817 error = -ERANGE;
818 if (error < 0)
819 return error;
820
821 return vfs_removexattr(mnt_userns, d, kname);
822}
823
824static int path_removexattr(const char __user *pathname,
825 const char __user *name, unsigned int lookup_flags)
826{
827 struct path path;
828 int error;
829retry:
830 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
831 if (error)
832 return error;
833 error = mnt_want_write(path.mnt);
834 if (!error) {
835 error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
836 mnt_drop_write(path.mnt);
837 }
838 path_put(&path);
839 if (retry_estale(error, lookup_flags)) {
840 lookup_flags |= LOOKUP_REVAL;
841 goto retry;
842 }
843 return error;
844}
845
846SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
847 const char __user *, name)
848{
849 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
850}
851
852SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
853 const char __user *, name)
854{
855 return path_removexattr(pathname, name, 0);
856}
857
858SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
859{
860 struct fd f = fdget(fd);
861 int error = -EBADF;
862
863 if (!f.file)
864 return error;
865 audit_file(f.file);
866 error = mnt_want_write_file(f.file);
867 if (!error) {
868 error = removexattr(file_mnt_user_ns(f.file),
869 f.file->f_path.dentry, name);
870 mnt_drop_write_file(f.file);
871 }
872 fdput(f);
873 return error;
874}
875
876/*
877 * Combine the results of the list() operation from every xattr_handler in the
878 * list.
879 */
880ssize_t
881generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
882{
883 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
884 unsigned int size = 0;
885
886 if (!buffer) {
887 for_each_xattr_handler(handlers, handler) {
888 if (!handler->name ||
889 (handler->list && !handler->list(dentry)))
890 continue;
891 size += strlen(handler->name) + 1;
892 }
893 } else {
894 char *buf = buffer;
895 size_t len;
896
897 for_each_xattr_handler(handlers, handler) {
898 if (!handler->name ||
899 (handler->list && !handler->list(dentry)))
900 continue;
901 len = strlen(handler->name);
902 if (len + 1 > buffer_size)
903 return -ERANGE;
904 memcpy(buf, handler->name, len + 1);
905 buf += len + 1;
906 buffer_size -= len + 1;
907 }
908 size = buf - buffer;
909 }
910 return size;
911}
912EXPORT_SYMBOL(generic_listxattr);
913
914/**
915 * xattr_full_name - Compute full attribute name from suffix
916 *
917 * @handler: handler of the xattr_handler operation
918 * @name: name passed to the xattr_handler operation
919 *
920 * The get and set xattr handler operations are called with the remainder of
921 * the attribute name after skipping the handler's prefix: for example, "foo"
922 * is passed to the get operation of a handler with prefix "user." to get
923 * attribute "user.foo". The full name is still "there" in the name though.
924 *
925 * Note: the list xattr handler operation when called from the vfs is passed a
926 * NULL name; some file systems use this operation internally, with varying
927 * semantics.
928 */
929const char *xattr_full_name(const struct xattr_handler *handler,
930 const char *name)
931{
932 size_t prefix_len = strlen(xattr_prefix(handler));
933
934 return name - prefix_len;
935}
936EXPORT_SYMBOL(xattr_full_name);
937
938/*
939 * Allocate new xattr and copy in the value; but leave the name to callers.
940 */
941struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
942{
943 struct simple_xattr *new_xattr;
944 size_t len;
945
946 /* wrap around? */
947 len = sizeof(*new_xattr) + size;
948 if (len < sizeof(*new_xattr))
949 return NULL;
950
951 new_xattr = kvmalloc(len, GFP_KERNEL);
952 if (!new_xattr)
953 return NULL;
954
955 new_xattr->size = size;
956 memcpy(new_xattr->value, value, size);
957 return new_xattr;
958}
959
960/*
961 * xattr GET operation for in-memory/pseudo filesystems
962 */
963int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
964 void *buffer, size_t size)
965{
966 struct simple_xattr *xattr;
967 int ret = -ENODATA;
968
969 spin_lock(&xattrs->lock);
970 list_for_each_entry(xattr, &xattrs->head, list) {
971 if (strcmp(name, xattr->name))
972 continue;
973
974 ret = xattr->size;
975 if (buffer) {
976 if (size < xattr->size)
977 ret = -ERANGE;
978 else
979 memcpy(buffer, xattr->value, xattr->size);
980 }
981 break;
982 }
983 spin_unlock(&xattrs->lock);
984 return ret;
985}
986
987/**
988 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
989 * @xattrs: target simple_xattr list
990 * @name: name of the extended attribute
991 * @value: value of the xattr. If %NULL, will remove the attribute.
992 * @size: size of the new xattr
993 * @flags: %XATTR_{CREATE|REPLACE}
994 * @removed_size: returns size of the removed xattr, -1 if none removed
995 *
996 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
997 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
998 * otherwise, fails with -ENODATA.
999 *
1000 * Returns 0 on success, -errno on failure.
1001 */
1002int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1003 const void *value, size_t size, int flags,
1004 ssize_t *removed_size)
1005{
1006 struct simple_xattr *xattr;
1007 struct simple_xattr *new_xattr = NULL;
1008 int err = 0;
1009
1010 if (removed_size)
1011 *removed_size = -1;
1012
1013 /* value == NULL means remove */
1014 if (value) {
1015 new_xattr = simple_xattr_alloc(value, size);
1016 if (!new_xattr)
1017 return -ENOMEM;
1018
1019 new_xattr->name = kstrdup(name, GFP_KERNEL);
1020 if (!new_xattr->name) {
1021 kvfree(new_xattr);
1022 return -ENOMEM;
1023 }
1024 }
1025
1026 spin_lock(&xattrs->lock);
1027 list_for_each_entry(xattr, &xattrs->head, list) {
1028 if (!strcmp(name, xattr->name)) {
1029 if (flags & XATTR_CREATE) {
1030 xattr = new_xattr;
1031 err = -EEXIST;
1032 } else if (new_xattr) {
1033 list_replace(&xattr->list, &new_xattr->list);
1034 if (removed_size)
1035 *removed_size = xattr->size;
1036 } else {
1037 list_del(&xattr->list);
1038 if (removed_size)
1039 *removed_size = xattr->size;
1040 }
1041 goto out;
1042 }
1043 }
1044 if (flags & XATTR_REPLACE) {
1045 xattr = new_xattr;
1046 err = -ENODATA;
1047 } else {
1048 list_add(&new_xattr->list, &xattrs->head);
1049 xattr = NULL;
1050 }
1051out:
1052 spin_unlock(&xattrs->lock);
1053 if (xattr) {
1054 kfree(xattr->name);
1055 kvfree(xattr);
1056 }
1057 return err;
1058
1059}
1060
1061static bool xattr_is_trusted(const char *name)
1062{
1063 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1064}
1065
1066static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1067 const char *name)
1068{
1069 size_t len = strlen(name) + 1;
1070 if (*buffer) {
1071 if (*remaining_size < len)
1072 return -ERANGE;
1073 memcpy(*buffer, name, len);
1074 *buffer += len;
1075 }
1076 *remaining_size -= len;
1077 return 0;
1078}
1079
1080/*
1081 * xattr LIST operation for in-memory/pseudo filesystems
1082 */
1083ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1084 char *buffer, size_t size)
1085{
1086 bool trusted = capable(CAP_SYS_ADMIN);
1087 struct simple_xattr *xattr;
1088 ssize_t remaining_size = size;
1089 int err = 0;
1090
1091#ifdef CONFIG_FS_POSIX_ACL
1092 if (IS_POSIXACL(inode)) {
1093 if (inode->i_acl) {
1094 err = xattr_list_one(&buffer, &remaining_size,
1095 XATTR_NAME_POSIX_ACL_ACCESS);
1096 if (err)
1097 return err;
1098 }
1099 if (inode->i_default_acl) {
1100 err = xattr_list_one(&buffer, &remaining_size,
1101 XATTR_NAME_POSIX_ACL_DEFAULT);
1102 if (err)
1103 return err;
1104 }
1105 }
1106#endif
1107
1108 spin_lock(&xattrs->lock);
1109 list_for_each_entry(xattr, &xattrs->head, list) {
1110 /* skip "trusted." attributes for unprivileged callers */
1111 if (!trusted && xattr_is_trusted(xattr->name))
1112 continue;
1113
1114 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1115 if (err)
1116 break;
1117 }
1118 spin_unlock(&xattrs->lock);
1119
1120 return err ? err : size - remaining_size;
1121}
1122
1123/*
1124 * Adds an extended attribute to the list
1125 */
1126void simple_xattr_list_add(struct simple_xattrs *xattrs,
1127 struct simple_xattr *new_xattr)
1128{
1129 spin_lock(&xattrs->lock);
1130 list_add(&new_xattr->list, &xattrs->head);
1131 spin_unlock(&xattrs->lock);
1132}