Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 File: fs/xattr.c
4
5 Extended attribute handling.
6
7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 */
11#include <linux/fs.h>
12#include <linux/slab.h>
13#include <linux/file.h>
14#include <linux/xattr.h>
15#include <linux/mount.h>
16#include <linux/namei.h>
17#include <linux/security.h>
18#include <linux/evm.h>
19#include <linux/syscalls.h>
20#include <linux/export.h>
21#include <linux/fsnotify.h>
22#include <linux/audit.h>
23#include <linux/vmalloc.h>
24#include <linux/posix_acl_xattr.h>
25
26#include <linux/uaccess.h>
27
28static const char *
29strcmp_prefix(const char *a, const char *a_prefix)
30{
31 while (*a_prefix && *a == *a_prefix) {
32 a++;
33 a_prefix++;
34 }
35 return *a_prefix ? NULL : a;
36}
37
38/*
39 * In order to implement different sets of xattr operations for each xattr
40 * prefix, a filesystem should create a null-terminated array of struct
41 * xattr_handler (one for each prefix) and hang a pointer to it off of the
42 * s_xattr field of the superblock.
43 */
44#define for_each_xattr_handler(handlers, handler) \
45 if (handlers) \
46 for ((handler) = *(handlers)++; \
47 (handler) != NULL; \
48 (handler) = *(handlers)++)
49
50/*
51 * Find the xattr_handler with the matching prefix.
52 */
53static const struct xattr_handler *
54xattr_resolve_name(struct inode *inode, const char **name)
55{
56 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 const struct xattr_handler *handler;
58
59 if (!(inode->i_opflags & IOP_XATTR)) {
60 if (unlikely(is_bad_inode(inode)))
61 return ERR_PTR(-EIO);
62 return ERR_PTR(-EOPNOTSUPP);
63 }
64 for_each_xattr_handler(handlers, handler) {
65 const char *n;
66
67 n = strcmp_prefix(*name, xattr_prefix(handler));
68 if (n) {
69 if (!handler->prefix ^ !*n) {
70 if (*n)
71 continue;
72 return ERR_PTR(-EINVAL);
73 }
74 *name = n;
75 return handler;
76 }
77 }
78 return ERR_PTR(-EOPNOTSUPP);
79}
80
81/*
82 * Check permissions for extended attribute access. This is a bit complicated
83 * because different namespaces have very different rules.
84 */
85static int
86xattr_permission(struct inode *inode, const char *name, int mask)
87{
88 /*
89 * We can never set or remove an extended attribute on a read-only
90 * filesystem or on an immutable / append-only inode.
91 */
92 if (mask & MAY_WRITE) {
93 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
94 return -EPERM;
95 /*
96 * Updating an xattr will likely cause i_uid and i_gid
97 * to be writen back improperly if their true value is
98 * unknown to the vfs.
99 */
100 if (HAS_UNMAPPED_ID(inode))
101 return -EPERM;
102 }
103
104 /*
105 * No restriction for security.* and system.* from the VFS. Decision
106 * on these is left to the underlying filesystem / security module.
107 */
108 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
109 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
110 return 0;
111
112 /*
113 * The trusted.* namespace can only be accessed by privileged users.
114 */
115 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
116 if (!capable(CAP_SYS_ADMIN))
117 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
118 return 0;
119 }
120
121 /*
122 * In the user.* namespace, only regular files and directories can have
123 * extended attributes. For sticky directories, only the owner and
124 * privileged users can write attributes.
125 */
126 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
127 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
128 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
129 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
130 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
131 return -EPERM;
132 }
133
134 return inode_permission(inode, mask);
135}
136
137int
138__vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
139 const void *value, size_t size, int flags)
140{
141 const struct xattr_handler *handler;
142
143 handler = xattr_resolve_name(inode, &name);
144 if (IS_ERR(handler))
145 return PTR_ERR(handler);
146 if (!handler->set)
147 return -EOPNOTSUPP;
148 if (size == 0)
149 value = ""; /* empty EA, do not remove */
150 return handler->set(handler, dentry, inode, name, value, size, flags);
151}
152EXPORT_SYMBOL(__vfs_setxattr);
153
154/**
155 * __vfs_setxattr_noperm - perform setxattr operation without performing
156 * permission checks.
157 *
158 * @dentry - object to perform setxattr on
159 * @name - xattr name to set
160 * @value - value to set @name to
161 * @size - size of @value
162 * @flags - flags to pass into filesystem operations
163 *
164 * returns the result of the internal setxattr or setsecurity operations.
165 *
166 * This function requires the caller to lock the inode's i_mutex before it
167 * is executed. It also assumes that the caller will make the appropriate
168 * permission checks.
169 */
170int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
171 const void *value, size_t size, int flags)
172{
173 struct inode *inode = dentry->d_inode;
174 int error = -EAGAIN;
175 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
176 XATTR_SECURITY_PREFIX_LEN);
177
178 if (issec)
179 inode->i_flags &= ~S_NOSEC;
180 if (inode->i_opflags & IOP_XATTR) {
181 error = __vfs_setxattr(dentry, inode, name, value, size, flags);
182 if (!error) {
183 fsnotify_xattr(dentry);
184 security_inode_post_setxattr(dentry, name, value,
185 size, flags);
186 }
187 } else {
188 if (unlikely(is_bad_inode(inode)))
189 return -EIO;
190 }
191 if (error == -EAGAIN) {
192 error = -EOPNOTSUPP;
193
194 if (issec) {
195 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
196
197 error = security_inode_setsecurity(inode, suffix, value,
198 size, flags);
199 if (!error)
200 fsnotify_xattr(dentry);
201 }
202 }
203
204 return error;
205}
206
207
208int
209vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
210 size_t size, int flags)
211{
212 struct inode *inode = dentry->d_inode;
213 int error;
214
215 error = xattr_permission(inode, name, MAY_WRITE);
216 if (error)
217 return error;
218
219 inode_lock(inode);
220 error = security_inode_setxattr(dentry, name, value, size, flags);
221 if (error)
222 goto out;
223
224 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
225
226out:
227 inode_unlock(inode);
228 return error;
229}
230EXPORT_SYMBOL_GPL(vfs_setxattr);
231
232static ssize_t
233xattr_getsecurity(struct inode *inode, const char *name, void *value,
234 size_t size)
235{
236 void *buffer = NULL;
237 ssize_t len;
238
239 if (!value || !size) {
240 len = security_inode_getsecurity(inode, name, &buffer, false);
241 goto out_noalloc;
242 }
243
244 len = security_inode_getsecurity(inode, name, &buffer, true);
245 if (len < 0)
246 return len;
247 if (size < len) {
248 len = -ERANGE;
249 goto out;
250 }
251 memcpy(value, buffer, len);
252out:
253 kfree(buffer);
254out_noalloc:
255 return len;
256}
257
258/*
259 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
260 *
261 * Allocate memory, if not already allocated, or re-allocate correct size,
262 * before retrieving the extended attribute.
263 *
264 * Returns the result of alloc, if failed, or the getxattr operation.
265 */
266ssize_t
267vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
268 size_t xattr_size, gfp_t flags)
269{
270 const struct xattr_handler *handler;
271 struct inode *inode = dentry->d_inode;
272 char *value = *xattr_value;
273 int error;
274
275 error = xattr_permission(inode, name, MAY_READ);
276 if (error)
277 return error;
278
279 handler = xattr_resolve_name(inode, &name);
280 if (IS_ERR(handler))
281 return PTR_ERR(handler);
282 if (!handler->get)
283 return -EOPNOTSUPP;
284 error = handler->get(handler, dentry, inode, name, NULL, 0);
285 if (error < 0)
286 return error;
287
288 if (!value || (error > xattr_size)) {
289 value = krealloc(*xattr_value, error + 1, flags);
290 if (!value)
291 return -ENOMEM;
292 memset(value, 0, error + 1);
293 }
294
295 error = handler->get(handler, dentry, inode, name, value, error);
296 *xattr_value = value;
297 return error;
298}
299
300ssize_t
301__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
302 void *value, size_t size)
303{
304 const struct xattr_handler *handler;
305
306 handler = xattr_resolve_name(inode, &name);
307 if (IS_ERR(handler))
308 return PTR_ERR(handler);
309 if (!handler->get)
310 return -EOPNOTSUPP;
311 return handler->get(handler, dentry, inode, name, value, size);
312}
313EXPORT_SYMBOL(__vfs_getxattr);
314
315ssize_t
316vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
317{
318 struct inode *inode = dentry->d_inode;
319 int error;
320
321 error = xattr_permission(inode, name, MAY_READ);
322 if (error)
323 return error;
324
325 error = security_inode_getxattr(dentry, name);
326 if (error)
327 return error;
328
329 if (!strncmp(name, XATTR_SECURITY_PREFIX,
330 XATTR_SECURITY_PREFIX_LEN)) {
331 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
332 int ret = xattr_getsecurity(inode, suffix, value, size);
333 /*
334 * Only overwrite the return value if a security module
335 * is actually active.
336 */
337 if (ret == -EOPNOTSUPP)
338 goto nolsm;
339 return ret;
340 }
341nolsm:
342 return __vfs_getxattr(dentry, inode, name, value, size);
343}
344EXPORT_SYMBOL_GPL(vfs_getxattr);
345
346ssize_t
347vfs_listxattr(struct dentry *dentry, char *list, size_t size)
348{
349 struct inode *inode = d_inode(dentry);
350 ssize_t error;
351
352 error = security_inode_listxattr(dentry);
353 if (error)
354 return error;
355 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
356 error = inode->i_op->listxattr(dentry, list, size);
357 } else {
358 error = security_inode_listsecurity(inode, list, size);
359 if (size && error > size)
360 error = -ERANGE;
361 }
362 return error;
363}
364EXPORT_SYMBOL_GPL(vfs_listxattr);
365
366int
367__vfs_removexattr(struct dentry *dentry, const char *name)
368{
369 struct inode *inode = d_inode(dentry);
370 const struct xattr_handler *handler;
371
372 handler = xattr_resolve_name(inode, &name);
373 if (IS_ERR(handler))
374 return PTR_ERR(handler);
375 if (!handler->set)
376 return -EOPNOTSUPP;
377 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
378}
379EXPORT_SYMBOL(__vfs_removexattr);
380
381int
382vfs_removexattr(struct dentry *dentry, const char *name)
383{
384 struct inode *inode = dentry->d_inode;
385 int error;
386
387 error = xattr_permission(inode, name, MAY_WRITE);
388 if (error)
389 return error;
390
391 inode_lock(inode);
392 error = security_inode_removexattr(dentry, name);
393 if (error)
394 goto out;
395
396 error = __vfs_removexattr(dentry, name);
397
398 if (!error) {
399 fsnotify_xattr(dentry);
400 evm_inode_post_removexattr(dentry, name);
401 }
402
403out:
404 inode_unlock(inode);
405 return error;
406}
407EXPORT_SYMBOL_GPL(vfs_removexattr);
408
409
410/*
411 * Extended attribute SET operations
412 */
413static long
414setxattr(struct dentry *d, const char __user *name, const void __user *value,
415 size_t size, int flags)
416{
417 int error;
418 void *kvalue = NULL;
419 char kname[XATTR_NAME_MAX + 1];
420
421 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
422 return -EINVAL;
423
424 error = strncpy_from_user(kname, name, sizeof(kname));
425 if (error == 0 || error == sizeof(kname))
426 error = -ERANGE;
427 if (error < 0)
428 return error;
429
430 if (size) {
431 if (size > XATTR_SIZE_MAX)
432 return -E2BIG;
433 kvalue = kvmalloc(size, GFP_KERNEL);
434 if (!kvalue)
435 return -ENOMEM;
436 if (copy_from_user(kvalue, value, size)) {
437 error = -EFAULT;
438 goto out;
439 }
440 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
441 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
442 posix_acl_fix_xattr_from_user(kvalue, size);
443 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
444 error = cap_convert_nscap(d, &kvalue, size);
445 if (error < 0)
446 goto out;
447 size = error;
448 }
449 }
450
451 error = vfs_setxattr(d, kname, kvalue, size, flags);
452out:
453 kvfree(kvalue);
454
455 return error;
456}
457
458static int path_setxattr(const char __user *pathname,
459 const char __user *name, const void __user *value,
460 size_t size, int flags, unsigned int lookup_flags)
461{
462 struct path path;
463 int error;
464retry:
465 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
466 if (error)
467 return error;
468 error = mnt_want_write(path.mnt);
469 if (!error) {
470 error = setxattr(path.dentry, name, value, size, flags);
471 mnt_drop_write(path.mnt);
472 }
473 path_put(&path);
474 if (retry_estale(error, lookup_flags)) {
475 lookup_flags |= LOOKUP_REVAL;
476 goto retry;
477 }
478 return error;
479}
480
481SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
482 const char __user *, name, const void __user *, value,
483 size_t, size, int, flags)
484{
485 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
486}
487
488SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
489 const char __user *, name, const void __user *, value,
490 size_t, size, int, flags)
491{
492 return path_setxattr(pathname, name, value, size, flags, 0);
493}
494
495SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
496 const void __user *,value, size_t, size, int, flags)
497{
498 struct fd f = fdget(fd);
499 int error = -EBADF;
500
501 if (!f.file)
502 return error;
503 audit_file(f.file);
504 error = mnt_want_write_file(f.file);
505 if (!error) {
506 error = setxattr(f.file->f_path.dentry, name, value, size, flags);
507 mnt_drop_write_file(f.file);
508 }
509 fdput(f);
510 return error;
511}
512
513/*
514 * Extended attribute GET operations
515 */
516static ssize_t
517getxattr(struct dentry *d, const char __user *name, void __user *value,
518 size_t size)
519{
520 ssize_t error;
521 void *kvalue = NULL;
522 char kname[XATTR_NAME_MAX + 1];
523
524 error = strncpy_from_user(kname, name, sizeof(kname));
525 if (error == 0 || error == sizeof(kname))
526 error = -ERANGE;
527 if (error < 0)
528 return error;
529
530 if (size) {
531 if (size > XATTR_SIZE_MAX)
532 size = XATTR_SIZE_MAX;
533 kvalue = kvzalloc(size, GFP_KERNEL);
534 if (!kvalue)
535 return -ENOMEM;
536 }
537
538 error = vfs_getxattr(d, kname, kvalue, size);
539 if (error > 0) {
540 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
541 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
542 posix_acl_fix_xattr_to_user(kvalue, error);
543 if (size && copy_to_user(value, kvalue, error))
544 error = -EFAULT;
545 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
546 /* The file system tried to returned a value bigger
547 than XATTR_SIZE_MAX bytes. Not possible. */
548 error = -E2BIG;
549 }
550
551 kvfree(kvalue);
552
553 return error;
554}
555
556static ssize_t path_getxattr(const char __user *pathname,
557 const char __user *name, void __user *value,
558 size_t size, unsigned int lookup_flags)
559{
560 struct path path;
561 ssize_t error;
562retry:
563 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
564 if (error)
565 return error;
566 error = getxattr(path.dentry, name, value, size);
567 path_put(&path);
568 if (retry_estale(error, lookup_flags)) {
569 lookup_flags |= LOOKUP_REVAL;
570 goto retry;
571 }
572 return error;
573}
574
575SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
576 const char __user *, name, void __user *, value, size_t, size)
577{
578 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
579}
580
581SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
582 const char __user *, name, void __user *, value, size_t, size)
583{
584 return path_getxattr(pathname, name, value, size, 0);
585}
586
587SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
588 void __user *, value, size_t, size)
589{
590 struct fd f = fdget(fd);
591 ssize_t error = -EBADF;
592
593 if (!f.file)
594 return error;
595 audit_file(f.file);
596 error = getxattr(f.file->f_path.dentry, name, value, size);
597 fdput(f);
598 return error;
599}
600
601/*
602 * Extended attribute LIST operations
603 */
604static ssize_t
605listxattr(struct dentry *d, char __user *list, size_t size)
606{
607 ssize_t error;
608 char *klist = NULL;
609
610 if (size) {
611 if (size > XATTR_LIST_MAX)
612 size = XATTR_LIST_MAX;
613 klist = kvmalloc(size, GFP_KERNEL);
614 if (!klist)
615 return -ENOMEM;
616 }
617
618 error = vfs_listxattr(d, klist, size);
619 if (error > 0) {
620 if (size && copy_to_user(list, klist, error))
621 error = -EFAULT;
622 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
623 /* The file system tried to returned a list bigger
624 than XATTR_LIST_MAX bytes. Not possible. */
625 error = -E2BIG;
626 }
627
628 kvfree(klist);
629
630 return error;
631}
632
633static ssize_t path_listxattr(const char __user *pathname, char __user *list,
634 size_t size, unsigned int lookup_flags)
635{
636 struct path path;
637 ssize_t error;
638retry:
639 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
640 if (error)
641 return error;
642 error = listxattr(path.dentry, list, size);
643 path_put(&path);
644 if (retry_estale(error, lookup_flags)) {
645 lookup_flags |= LOOKUP_REVAL;
646 goto retry;
647 }
648 return error;
649}
650
651SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
652 size_t, size)
653{
654 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
655}
656
657SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
658 size_t, size)
659{
660 return path_listxattr(pathname, list, size, 0);
661}
662
663SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
664{
665 struct fd f = fdget(fd);
666 ssize_t error = -EBADF;
667
668 if (!f.file)
669 return error;
670 audit_file(f.file);
671 error = listxattr(f.file->f_path.dentry, list, size);
672 fdput(f);
673 return error;
674}
675
676/*
677 * Extended attribute REMOVE operations
678 */
679static long
680removexattr(struct dentry *d, const char __user *name)
681{
682 int error;
683 char kname[XATTR_NAME_MAX + 1];
684
685 error = strncpy_from_user(kname, name, sizeof(kname));
686 if (error == 0 || error == sizeof(kname))
687 error = -ERANGE;
688 if (error < 0)
689 return error;
690
691 return vfs_removexattr(d, kname);
692}
693
694static int path_removexattr(const char __user *pathname,
695 const char __user *name, unsigned int lookup_flags)
696{
697 struct path path;
698 int error;
699retry:
700 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
701 if (error)
702 return error;
703 error = mnt_want_write(path.mnt);
704 if (!error) {
705 error = removexattr(path.dentry, name);
706 mnt_drop_write(path.mnt);
707 }
708 path_put(&path);
709 if (retry_estale(error, lookup_flags)) {
710 lookup_flags |= LOOKUP_REVAL;
711 goto retry;
712 }
713 return error;
714}
715
716SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
717 const char __user *, name)
718{
719 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
720}
721
722SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
723 const char __user *, name)
724{
725 return path_removexattr(pathname, name, 0);
726}
727
728SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
729{
730 struct fd f = fdget(fd);
731 int error = -EBADF;
732
733 if (!f.file)
734 return error;
735 audit_file(f.file);
736 error = mnt_want_write_file(f.file);
737 if (!error) {
738 error = removexattr(f.file->f_path.dentry, name);
739 mnt_drop_write_file(f.file);
740 }
741 fdput(f);
742 return error;
743}
744
745/*
746 * Combine the results of the list() operation from every xattr_handler in the
747 * list.
748 */
749ssize_t
750generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
751{
752 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
753 unsigned int size = 0;
754
755 if (!buffer) {
756 for_each_xattr_handler(handlers, handler) {
757 if (!handler->name ||
758 (handler->list && !handler->list(dentry)))
759 continue;
760 size += strlen(handler->name) + 1;
761 }
762 } else {
763 char *buf = buffer;
764 size_t len;
765
766 for_each_xattr_handler(handlers, handler) {
767 if (!handler->name ||
768 (handler->list && !handler->list(dentry)))
769 continue;
770 len = strlen(handler->name);
771 if (len + 1 > buffer_size)
772 return -ERANGE;
773 memcpy(buf, handler->name, len + 1);
774 buf += len + 1;
775 buffer_size -= len + 1;
776 }
777 size = buf - buffer;
778 }
779 return size;
780}
781EXPORT_SYMBOL(generic_listxattr);
782
783/**
784 * xattr_full_name - Compute full attribute name from suffix
785 *
786 * @handler: handler of the xattr_handler operation
787 * @name: name passed to the xattr_handler operation
788 *
789 * The get and set xattr handler operations are called with the remainder of
790 * the attribute name after skipping the handler's prefix: for example, "foo"
791 * is passed to the get operation of a handler with prefix "user." to get
792 * attribute "user.foo". The full name is still "there" in the name though.
793 *
794 * Note: the list xattr handler operation when called from the vfs is passed a
795 * NULL name; some file systems use this operation internally, with varying
796 * semantics.
797 */
798const char *xattr_full_name(const struct xattr_handler *handler,
799 const char *name)
800{
801 size_t prefix_len = strlen(xattr_prefix(handler));
802
803 return name - prefix_len;
804}
805EXPORT_SYMBOL(xattr_full_name);
806
807/*
808 * Allocate new xattr and copy in the value; but leave the name to callers.
809 */
810struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
811{
812 struct simple_xattr *new_xattr;
813 size_t len;
814
815 /* wrap around? */
816 len = sizeof(*new_xattr) + size;
817 if (len < sizeof(*new_xattr))
818 return NULL;
819
820 new_xattr = kmalloc(len, GFP_KERNEL);
821 if (!new_xattr)
822 return NULL;
823
824 new_xattr->size = size;
825 memcpy(new_xattr->value, value, size);
826 return new_xattr;
827}
828
829/*
830 * xattr GET operation for in-memory/pseudo filesystems
831 */
832int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
833 void *buffer, size_t size)
834{
835 struct simple_xattr *xattr;
836 int ret = -ENODATA;
837
838 spin_lock(&xattrs->lock);
839 list_for_each_entry(xattr, &xattrs->head, list) {
840 if (strcmp(name, xattr->name))
841 continue;
842
843 ret = xattr->size;
844 if (buffer) {
845 if (size < xattr->size)
846 ret = -ERANGE;
847 else
848 memcpy(buffer, xattr->value, xattr->size);
849 }
850 break;
851 }
852 spin_unlock(&xattrs->lock);
853 return ret;
854}
855
856/**
857 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
858 * @xattrs: target simple_xattr list
859 * @name: name of the extended attribute
860 * @value: value of the xattr. If %NULL, will remove the attribute.
861 * @size: size of the new xattr
862 * @flags: %XATTR_{CREATE|REPLACE}
863 *
864 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
865 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
866 * otherwise, fails with -ENODATA.
867 *
868 * Returns 0 on success, -errno on failure.
869 */
870int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
871 const void *value, size_t size, int flags)
872{
873 struct simple_xattr *xattr;
874 struct simple_xattr *new_xattr = NULL;
875 int err = 0;
876
877 /* value == NULL means remove */
878 if (value) {
879 new_xattr = simple_xattr_alloc(value, size);
880 if (!new_xattr)
881 return -ENOMEM;
882
883 new_xattr->name = kstrdup(name, GFP_KERNEL);
884 if (!new_xattr->name) {
885 kfree(new_xattr);
886 return -ENOMEM;
887 }
888 }
889
890 spin_lock(&xattrs->lock);
891 list_for_each_entry(xattr, &xattrs->head, list) {
892 if (!strcmp(name, xattr->name)) {
893 if (flags & XATTR_CREATE) {
894 xattr = new_xattr;
895 err = -EEXIST;
896 } else if (new_xattr) {
897 list_replace(&xattr->list, &new_xattr->list);
898 } else {
899 list_del(&xattr->list);
900 }
901 goto out;
902 }
903 }
904 if (flags & XATTR_REPLACE) {
905 xattr = new_xattr;
906 err = -ENODATA;
907 } else {
908 list_add(&new_xattr->list, &xattrs->head);
909 xattr = NULL;
910 }
911out:
912 spin_unlock(&xattrs->lock);
913 if (xattr) {
914 kfree(xattr->name);
915 kfree(xattr);
916 }
917 return err;
918
919}
920
921static bool xattr_is_trusted(const char *name)
922{
923 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
924}
925
926static int xattr_list_one(char **buffer, ssize_t *remaining_size,
927 const char *name)
928{
929 size_t len = strlen(name) + 1;
930 if (*buffer) {
931 if (*remaining_size < len)
932 return -ERANGE;
933 memcpy(*buffer, name, len);
934 *buffer += len;
935 }
936 *remaining_size -= len;
937 return 0;
938}
939
940/*
941 * xattr LIST operation for in-memory/pseudo filesystems
942 */
943ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
944 char *buffer, size_t size)
945{
946 bool trusted = capable(CAP_SYS_ADMIN);
947 struct simple_xattr *xattr;
948 ssize_t remaining_size = size;
949 int err = 0;
950
951#ifdef CONFIG_FS_POSIX_ACL
952 if (IS_POSIXACL(inode)) {
953 if (inode->i_acl) {
954 err = xattr_list_one(&buffer, &remaining_size,
955 XATTR_NAME_POSIX_ACL_ACCESS);
956 if (err)
957 return err;
958 }
959 if (inode->i_default_acl) {
960 err = xattr_list_one(&buffer, &remaining_size,
961 XATTR_NAME_POSIX_ACL_DEFAULT);
962 if (err)
963 return err;
964 }
965 }
966#endif
967
968 spin_lock(&xattrs->lock);
969 list_for_each_entry(xattr, &xattrs->head, list) {
970 /* skip "trusted." attributes for unprivileged callers */
971 if (!trusted && xattr_is_trusted(xattr->name))
972 continue;
973
974 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
975 if (err)
976 break;
977 }
978 spin_unlock(&xattrs->lock);
979
980 return err ? err : size - remaining_size;
981}
982
983/*
984 * Adds an extended attribute to the list
985 */
986void simple_xattr_list_add(struct simple_xattrs *xattrs,
987 struct simple_xattr *new_xattr)
988{
989 spin_lock(&xattrs->lock);
990 list_add(&new_xattr->list, &xattrs->head);
991 spin_unlock(&xattrs->lock);
992}
1/*
2 File: fs/xattr.c
3
4 Extended attribute handling.
5
6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 */
10#include <linux/fs.h>
11#include <linux/slab.h>
12#include <linux/file.h>
13#include <linux/xattr.h>
14#include <linux/mount.h>
15#include <linux/namei.h>
16#include <linux/security.h>
17#include <linux/evm.h>
18#include <linux/syscalls.h>
19#include <linux/export.h>
20#include <linux/fsnotify.h>
21#include <linux/audit.h>
22#include <linux/vmalloc.h>
23#include <linux/posix_acl_xattr.h>
24
25#include <linux/uaccess.h>
26#include "internal.h"
27
28static const char *
29strcmp_prefix(const char *a, const char *a_prefix)
30{
31 while (*a_prefix && *a == *a_prefix) {
32 a++;
33 a_prefix++;
34 }
35 return *a_prefix ? NULL : a;
36}
37
38/*
39 * In order to implement different sets of xattr operations for each xattr
40 * prefix, a filesystem should create a null-terminated array of struct
41 * xattr_handler (one for each prefix) and hang a pointer to it off of the
42 * s_xattr field of the superblock.
43 */
44#define for_each_xattr_handler(handlers, handler) \
45 if (handlers) \
46 for ((handler) = *(handlers)++; \
47 (handler) != NULL; \
48 (handler) = *(handlers)++)
49
50/*
51 * Find the xattr_handler with the matching prefix.
52 */
53static const struct xattr_handler *
54xattr_resolve_name(struct inode *inode, const char **name)
55{
56 const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 const struct xattr_handler *handler;
58
59 if (!(inode->i_opflags & IOP_XATTR)) {
60 if (unlikely(is_bad_inode(inode)))
61 return ERR_PTR(-EIO);
62 return ERR_PTR(-EOPNOTSUPP);
63 }
64 for_each_xattr_handler(handlers, handler) {
65 const char *n;
66
67 n = strcmp_prefix(*name, xattr_prefix(handler));
68 if (n) {
69 if (!handler->prefix ^ !*n) {
70 if (*n)
71 continue;
72 return ERR_PTR(-EINVAL);
73 }
74 *name = n;
75 return handler;
76 }
77 }
78 return ERR_PTR(-EOPNOTSUPP);
79}
80
81/*
82 * Check permissions for extended attribute access. This is a bit complicated
83 * because different namespaces have very different rules.
84 */
85static int
86xattr_permission(struct inode *inode, const char *name, int mask)
87{
88 /*
89 * We can never set or remove an extended attribute on a read-only
90 * filesystem or on an immutable / append-only inode.
91 */
92 if (mask & MAY_WRITE) {
93 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
94 return -EPERM;
95 /*
96 * Updating an xattr will likely cause i_uid and i_gid
97 * to be writen back improperly if their true value is
98 * unknown to the vfs.
99 */
100 if (HAS_UNMAPPED_ID(inode))
101 return -EPERM;
102 }
103
104 /*
105 * No restriction for security.* and system.* from the VFS. Decision
106 * on these is left to the underlying filesystem / security module.
107 */
108 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
109 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
110 return 0;
111
112 /*
113 * The trusted.* namespace can only be accessed by privileged users.
114 */
115 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
116 if (!capable(CAP_SYS_ADMIN))
117 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
118 return 0;
119 }
120
121 /*
122 * In the user.* namespace, only regular files and directories can have
123 * extended attributes. For sticky directories, only the owner and
124 * privileged users can write attributes.
125 */
126 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
127 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
128 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
129 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
130 (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
131 return -EPERM;
132 }
133
134 return inode_permission(inode, mask);
135}
136
137int
138__vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
139 const void *value, size_t size, int flags)
140{
141 const struct xattr_handler *handler;
142
143 handler = xattr_resolve_name(inode, &name);
144 if (IS_ERR(handler))
145 return PTR_ERR(handler);
146 if (!handler->set)
147 return -EOPNOTSUPP;
148 if (size == 0)
149 value = ""; /* empty EA, do not remove */
150 return handler->set(handler, dentry, inode, name, value, size, flags);
151}
152EXPORT_SYMBOL(__vfs_setxattr);
153
154/**
155 * __vfs_setxattr_noperm - perform setxattr operation without performing
156 * permission checks.
157 *
158 * @dentry - object to perform setxattr on
159 * @name - xattr name to set
160 * @value - value to set @name to
161 * @size - size of @value
162 * @flags - flags to pass into filesystem operations
163 *
164 * returns the result of the internal setxattr or setsecurity operations.
165 *
166 * This function requires the caller to lock the inode's i_mutex before it
167 * is executed. It also assumes that the caller will make the appropriate
168 * permission checks.
169 */
170int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
171 const void *value, size_t size, int flags)
172{
173 struct inode *inode = dentry->d_inode;
174 int error = -EAGAIN;
175 int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
176 XATTR_SECURITY_PREFIX_LEN);
177
178 if (issec)
179 inode->i_flags &= ~S_NOSEC;
180 if (inode->i_opflags & IOP_XATTR) {
181 error = __vfs_setxattr(dentry, inode, name, value, size, flags);
182 if (!error) {
183 fsnotify_xattr(dentry);
184 security_inode_post_setxattr(dentry, name, value,
185 size, flags);
186 }
187 } else {
188 if (unlikely(is_bad_inode(inode)))
189 return -EIO;
190 }
191 if (error == -EAGAIN) {
192 error = -EOPNOTSUPP;
193
194 if (issec) {
195 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
196
197 error = security_inode_setsecurity(inode, suffix, value,
198 size, flags);
199 if (!error)
200 fsnotify_xattr(dentry);
201 }
202 }
203
204 return error;
205}
206
207
208int
209vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
210 size_t size, int flags)
211{
212 struct inode *inode = dentry->d_inode;
213 int error;
214
215 error = xattr_permission(inode, name, MAY_WRITE);
216 if (error)
217 return error;
218
219 inode_lock(inode);
220 error = security_inode_setxattr(dentry, name, value, size, flags);
221 if (error)
222 goto out;
223
224 error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
225
226out:
227 inode_unlock(inode);
228 return error;
229}
230EXPORT_SYMBOL_GPL(vfs_setxattr);
231
232ssize_t
233xattr_getsecurity(struct inode *inode, const char *name, void *value,
234 size_t size)
235{
236 void *buffer = NULL;
237 ssize_t len;
238
239 if (!value || !size) {
240 len = security_inode_getsecurity(inode, name, &buffer, false);
241 goto out_noalloc;
242 }
243
244 len = security_inode_getsecurity(inode, name, &buffer, true);
245 if (len < 0)
246 return len;
247 if (size < len) {
248 len = -ERANGE;
249 goto out;
250 }
251 memcpy(value, buffer, len);
252out:
253 kfree(buffer);
254out_noalloc:
255 return len;
256}
257EXPORT_SYMBOL_GPL(xattr_getsecurity);
258
259/*
260 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
261 *
262 * Allocate memory, if not already allocated, or re-allocate correct size,
263 * before retrieving the extended attribute.
264 *
265 * Returns the result of alloc, if failed, or the getxattr operation.
266 */
267ssize_t
268vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
269 size_t xattr_size, gfp_t flags)
270{
271 const struct xattr_handler *handler;
272 struct inode *inode = dentry->d_inode;
273 char *value = *xattr_value;
274 int error;
275
276 error = xattr_permission(inode, name, MAY_READ);
277 if (error)
278 return error;
279
280 handler = xattr_resolve_name(inode, &name);
281 if (IS_ERR(handler))
282 return PTR_ERR(handler);
283 if (!handler->get)
284 return -EOPNOTSUPP;
285 error = handler->get(handler, dentry, inode, name, NULL, 0);
286 if (error < 0)
287 return error;
288
289 if (!value || (error > xattr_size)) {
290 value = krealloc(*xattr_value, error + 1, flags);
291 if (!value)
292 return -ENOMEM;
293 memset(value, 0, error + 1);
294 }
295
296 error = handler->get(handler, dentry, inode, name, value, error);
297 *xattr_value = value;
298 return error;
299}
300
301ssize_t
302__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
303 void *value, size_t size)
304{
305 const struct xattr_handler *handler;
306
307 handler = xattr_resolve_name(inode, &name);
308 if (IS_ERR(handler))
309 return PTR_ERR(handler);
310 if (!handler->get)
311 return -EOPNOTSUPP;
312 return handler->get(handler, dentry, inode, name, value, size);
313}
314EXPORT_SYMBOL(__vfs_getxattr);
315
316ssize_t
317vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
318{
319 struct inode *inode = dentry->d_inode;
320 int error;
321
322 error = xattr_permission(inode, name, MAY_READ);
323 if (error)
324 return error;
325
326 error = security_inode_getxattr(dentry, name);
327 if (error)
328 return error;
329
330 if (!strncmp(name, XATTR_SECURITY_PREFIX,
331 XATTR_SECURITY_PREFIX_LEN)) {
332 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
333 int ret = xattr_getsecurity(inode, suffix, value, size);
334 /*
335 * Only overwrite the return value if a security module
336 * is actually active.
337 */
338 if (ret == -EOPNOTSUPP)
339 goto nolsm;
340 return ret;
341 }
342nolsm:
343 return __vfs_getxattr(dentry, inode, name, value, size);
344}
345EXPORT_SYMBOL_GPL(vfs_getxattr);
346
347ssize_t
348vfs_listxattr(struct dentry *dentry, char *list, size_t size)
349{
350 struct inode *inode = d_inode(dentry);
351 ssize_t error;
352
353 error = security_inode_listxattr(dentry);
354 if (error)
355 return error;
356 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
357 error = -EOPNOTSUPP;
358 error = inode->i_op->listxattr(dentry, list, size);
359 } else {
360 error = security_inode_listsecurity(inode, list, size);
361 if (size && error > size)
362 error = -ERANGE;
363 }
364 return error;
365}
366EXPORT_SYMBOL_GPL(vfs_listxattr);
367
368int
369__vfs_removexattr(struct dentry *dentry, const char *name)
370{
371 struct inode *inode = d_inode(dentry);
372 const struct xattr_handler *handler;
373
374 handler = xattr_resolve_name(inode, &name);
375 if (IS_ERR(handler))
376 return PTR_ERR(handler);
377 if (!handler->set)
378 return -EOPNOTSUPP;
379 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
380}
381EXPORT_SYMBOL(__vfs_removexattr);
382
383int
384vfs_removexattr(struct dentry *dentry, const char *name)
385{
386 struct inode *inode = dentry->d_inode;
387 int error;
388
389 error = xattr_permission(inode, name, MAY_WRITE);
390 if (error)
391 return error;
392
393 inode_lock(inode);
394 error = security_inode_removexattr(dentry, name);
395 if (error)
396 goto out;
397
398 error = __vfs_removexattr(dentry, name);
399
400 if (!error) {
401 fsnotify_xattr(dentry);
402 evm_inode_post_removexattr(dentry, name);
403 }
404
405out:
406 inode_unlock(inode);
407 return error;
408}
409EXPORT_SYMBOL_GPL(vfs_removexattr);
410
411
412/*
413 * Extended attribute SET operations
414 */
415static long
416setxattr(struct dentry *d, const char __user *name, const void __user *value,
417 size_t size, int flags)
418{
419 int error;
420 void *kvalue = NULL;
421 char kname[XATTR_NAME_MAX + 1];
422
423 if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
424 return -EINVAL;
425
426 error = strncpy_from_user(kname, name, sizeof(kname));
427 if (error == 0 || error == sizeof(kname))
428 error = -ERANGE;
429 if (error < 0)
430 return error;
431
432 if (size) {
433 if (size > XATTR_SIZE_MAX)
434 return -E2BIG;
435 kvalue = kvmalloc(size, GFP_KERNEL);
436 if (!kvalue)
437 return -ENOMEM;
438 if (copy_from_user(kvalue, value, size)) {
439 error = -EFAULT;
440 goto out;
441 }
442 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
443 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
444 posix_acl_fix_xattr_from_user(kvalue, size);
445 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) {
446 error = cap_convert_nscap(d, &kvalue, size);
447 if (error < 0)
448 goto out;
449 size = error;
450 }
451 }
452
453 error = vfs_setxattr(d, kname, kvalue, size, flags);
454out:
455 kvfree(kvalue);
456
457 return error;
458}
459
460static int path_setxattr(const char __user *pathname,
461 const char __user *name, const void __user *value,
462 size_t size, int flags, unsigned int lookup_flags)
463{
464 struct path path;
465 int error;
466retry:
467 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
468 if (error)
469 return error;
470 error = mnt_want_write(path.mnt);
471 if (!error) {
472 error = setxattr(path.dentry, name, value, size, flags);
473 mnt_drop_write(path.mnt);
474 }
475 path_put(&path);
476 if (retry_estale(error, lookup_flags)) {
477 lookup_flags |= LOOKUP_REVAL;
478 goto retry;
479 }
480 return error;
481}
482
483SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
484 const char __user *, name, const void __user *, value,
485 size_t, size, int, flags)
486{
487 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
488}
489
490SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
491 const char __user *, name, const void __user *, value,
492 size_t, size, int, flags)
493{
494 return path_setxattr(pathname, name, value, size, flags, 0);
495}
496
497SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
498 const void __user *,value, size_t, size, int, flags)
499{
500 struct fd f = fdget(fd);
501 int error = -EBADF;
502
503 if (!f.file)
504 return error;
505 audit_file(f.file);
506 error = mnt_want_write_file_path(f.file);
507 if (!error) {
508 error = setxattr(f.file->f_path.dentry, name, value, size, flags);
509 mnt_drop_write_file_path(f.file);
510 }
511 fdput(f);
512 return error;
513}
514
515/*
516 * Extended attribute GET operations
517 */
518static ssize_t
519getxattr(struct dentry *d, const char __user *name, void __user *value,
520 size_t size)
521{
522 ssize_t error;
523 void *kvalue = NULL;
524 char kname[XATTR_NAME_MAX + 1];
525
526 error = strncpy_from_user(kname, name, sizeof(kname));
527 if (error == 0 || error == sizeof(kname))
528 error = -ERANGE;
529 if (error < 0)
530 return error;
531
532 if (size) {
533 if (size > XATTR_SIZE_MAX)
534 size = XATTR_SIZE_MAX;
535 kvalue = kvzalloc(size, GFP_KERNEL);
536 if (!kvalue)
537 return -ENOMEM;
538 }
539
540 error = vfs_getxattr(d, kname, kvalue, size);
541 if (error > 0) {
542 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
543 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
544 posix_acl_fix_xattr_to_user(kvalue, size);
545 if (size && copy_to_user(value, kvalue, error))
546 error = -EFAULT;
547 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
548 /* The file system tried to returned a value bigger
549 than XATTR_SIZE_MAX bytes. Not possible. */
550 error = -E2BIG;
551 }
552
553 kvfree(kvalue);
554
555 return error;
556}
557
558static ssize_t path_getxattr(const char __user *pathname,
559 const char __user *name, void __user *value,
560 size_t size, unsigned int lookup_flags)
561{
562 struct path path;
563 ssize_t error;
564retry:
565 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
566 if (error)
567 return error;
568 error = getxattr(path.dentry, name, value, size);
569 path_put(&path);
570 if (retry_estale(error, lookup_flags)) {
571 lookup_flags |= LOOKUP_REVAL;
572 goto retry;
573 }
574 return error;
575}
576
577SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
578 const char __user *, name, void __user *, value, size_t, size)
579{
580 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
581}
582
583SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
584 const char __user *, name, void __user *, value, size_t, size)
585{
586 return path_getxattr(pathname, name, value, size, 0);
587}
588
589SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
590 void __user *, value, size_t, size)
591{
592 struct fd f = fdget(fd);
593 ssize_t error = -EBADF;
594
595 if (!f.file)
596 return error;
597 audit_file(f.file);
598 error = getxattr(f.file->f_path.dentry, name, value, size);
599 fdput(f);
600 return error;
601}
602
603/*
604 * Extended attribute LIST operations
605 */
606static ssize_t
607listxattr(struct dentry *d, char __user *list, size_t size)
608{
609 ssize_t error;
610 char *klist = NULL;
611
612 if (size) {
613 if (size > XATTR_LIST_MAX)
614 size = XATTR_LIST_MAX;
615 klist = kvmalloc(size, GFP_KERNEL);
616 if (!klist)
617 return -ENOMEM;
618 }
619
620 error = vfs_listxattr(d, klist, size);
621 if (error > 0) {
622 if (size && copy_to_user(list, klist, error))
623 error = -EFAULT;
624 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
625 /* The file system tried to returned a list bigger
626 than XATTR_LIST_MAX bytes. Not possible. */
627 error = -E2BIG;
628 }
629
630 kvfree(klist);
631
632 return error;
633}
634
635static ssize_t path_listxattr(const char __user *pathname, char __user *list,
636 size_t size, unsigned int lookup_flags)
637{
638 struct path path;
639 ssize_t error;
640retry:
641 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
642 if (error)
643 return error;
644 error = listxattr(path.dentry, list, size);
645 path_put(&path);
646 if (retry_estale(error, lookup_flags)) {
647 lookup_flags |= LOOKUP_REVAL;
648 goto retry;
649 }
650 return error;
651}
652
653SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
654 size_t, size)
655{
656 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
657}
658
659SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
660 size_t, size)
661{
662 return path_listxattr(pathname, list, size, 0);
663}
664
665SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
666{
667 struct fd f = fdget(fd);
668 ssize_t error = -EBADF;
669
670 if (!f.file)
671 return error;
672 audit_file(f.file);
673 error = listxattr(f.file->f_path.dentry, list, size);
674 fdput(f);
675 return error;
676}
677
678/*
679 * Extended attribute REMOVE operations
680 */
681static long
682removexattr(struct dentry *d, const char __user *name)
683{
684 int error;
685 char kname[XATTR_NAME_MAX + 1];
686
687 error = strncpy_from_user(kname, name, sizeof(kname));
688 if (error == 0 || error == sizeof(kname))
689 error = -ERANGE;
690 if (error < 0)
691 return error;
692
693 return vfs_removexattr(d, kname);
694}
695
696static int path_removexattr(const char __user *pathname,
697 const char __user *name, unsigned int lookup_flags)
698{
699 struct path path;
700 int error;
701retry:
702 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
703 if (error)
704 return error;
705 error = mnt_want_write(path.mnt);
706 if (!error) {
707 error = removexattr(path.dentry, name);
708 mnt_drop_write(path.mnt);
709 }
710 path_put(&path);
711 if (retry_estale(error, lookup_flags)) {
712 lookup_flags |= LOOKUP_REVAL;
713 goto retry;
714 }
715 return error;
716}
717
718SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
719 const char __user *, name)
720{
721 return path_removexattr(pathname, name, LOOKUP_FOLLOW);
722}
723
724SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
725 const char __user *, name)
726{
727 return path_removexattr(pathname, name, 0);
728}
729
730SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
731{
732 struct fd f = fdget(fd);
733 int error = -EBADF;
734
735 if (!f.file)
736 return error;
737 audit_file(f.file);
738 error = mnt_want_write_file_path(f.file);
739 if (!error) {
740 error = removexattr(f.file->f_path.dentry, name);
741 mnt_drop_write_file_path(f.file);
742 }
743 fdput(f);
744 return error;
745}
746
747/*
748 * Combine the results of the list() operation from every xattr_handler in the
749 * list.
750 */
751ssize_t
752generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
753{
754 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
755 unsigned int size = 0;
756
757 if (!buffer) {
758 for_each_xattr_handler(handlers, handler) {
759 if (!handler->name ||
760 (handler->list && !handler->list(dentry)))
761 continue;
762 size += strlen(handler->name) + 1;
763 }
764 } else {
765 char *buf = buffer;
766 size_t len;
767
768 for_each_xattr_handler(handlers, handler) {
769 if (!handler->name ||
770 (handler->list && !handler->list(dentry)))
771 continue;
772 len = strlen(handler->name);
773 if (len + 1 > buffer_size)
774 return -ERANGE;
775 memcpy(buf, handler->name, len + 1);
776 buf += len + 1;
777 buffer_size -= len + 1;
778 }
779 size = buf - buffer;
780 }
781 return size;
782}
783EXPORT_SYMBOL(generic_listxattr);
784
785/**
786 * xattr_full_name - Compute full attribute name from suffix
787 *
788 * @handler: handler of the xattr_handler operation
789 * @name: name passed to the xattr_handler operation
790 *
791 * The get and set xattr handler operations are called with the remainder of
792 * the attribute name after skipping the handler's prefix: for example, "foo"
793 * is passed to the get operation of a handler with prefix "user." to get
794 * attribute "user.foo". The full name is still "there" in the name though.
795 *
796 * Note: the list xattr handler operation when called from the vfs is passed a
797 * NULL name; some file systems use this operation internally, with varying
798 * semantics.
799 */
800const char *xattr_full_name(const struct xattr_handler *handler,
801 const char *name)
802{
803 size_t prefix_len = strlen(xattr_prefix(handler));
804
805 return name - prefix_len;
806}
807EXPORT_SYMBOL(xattr_full_name);
808
809/*
810 * Allocate new xattr and copy in the value; but leave the name to callers.
811 */
812struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
813{
814 struct simple_xattr *new_xattr;
815 size_t len;
816
817 /* wrap around? */
818 len = sizeof(*new_xattr) + size;
819 if (len < sizeof(*new_xattr))
820 return NULL;
821
822 new_xattr = kmalloc(len, GFP_KERNEL);
823 if (!new_xattr)
824 return NULL;
825
826 new_xattr->size = size;
827 memcpy(new_xattr->value, value, size);
828 return new_xattr;
829}
830
831/*
832 * xattr GET operation for in-memory/pseudo filesystems
833 */
834int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
835 void *buffer, size_t size)
836{
837 struct simple_xattr *xattr;
838 int ret = -ENODATA;
839
840 spin_lock(&xattrs->lock);
841 list_for_each_entry(xattr, &xattrs->head, list) {
842 if (strcmp(name, xattr->name))
843 continue;
844
845 ret = xattr->size;
846 if (buffer) {
847 if (size < xattr->size)
848 ret = -ERANGE;
849 else
850 memcpy(buffer, xattr->value, xattr->size);
851 }
852 break;
853 }
854 spin_unlock(&xattrs->lock);
855 return ret;
856}
857
858/**
859 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
860 * @xattrs: target simple_xattr list
861 * @name: name of the extended attribute
862 * @value: value of the xattr. If %NULL, will remove the attribute.
863 * @size: size of the new xattr
864 * @flags: %XATTR_{CREATE|REPLACE}
865 *
866 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
867 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist;
868 * otherwise, fails with -ENODATA.
869 *
870 * Returns 0 on success, -errno on failure.
871 */
872int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
873 const void *value, size_t size, int flags)
874{
875 struct simple_xattr *xattr;
876 struct simple_xattr *new_xattr = NULL;
877 int err = 0;
878
879 /* value == NULL means remove */
880 if (value) {
881 new_xattr = simple_xattr_alloc(value, size);
882 if (!new_xattr)
883 return -ENOMEM;
884
885 new_xattr->name = kstrdup(name, GFP_KERNEL);
886 if (!new_xattr->name) {
887 kfree(new_xattr);
888 return -ENOMEM;
889 }
890 }
891
892 spin_lock(&xattrs->lock);
893 list_for_each_entry(xattr, &xattrs->head, list) {
894 if (!strcmp(name, xattr->name)) {
895 if (flags & XATTR_CREATE) {
896 xattr = new_xattr;
897 err = -EEXIST;
898 } else if (new_xattr) {
899 list_replace(&xattr->list, &new_xattr->list);
900 } else {
901 list_del(&xattr->list);
902 }
903 goto out;
904 }
905 }
906 if (flags & XATTR_REPLACE) {
907 xattr = new_xattr;
908 err = -ENODATA;
909 } else {
910 list_add(&new_xattr->list, &xattrs->head);
911 xattr = NULL;
912 }
913out:
914 spin_unlock(&xattrs->lock);
915 if (xattr) {
916 kfree(xattr->name);
917 kfree(xattr);
918 }
919 return err;
920
921}
922
923static bool xattr_is_trusted(const char *name)
924{
925 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
926}
927
928static int xattr_list_one(char **buffer, ssize_t *remaining_size,
929 const char *name)
930{
931 size_t len = strlen(name) + 1;
932 if (*buffer) {
933 if (*remaining_size < len)
934 return -ERANGE;
935 memcpy(*buffer, name, len);
936 *buffer += len;
937 }
938 *remaining_size -= len;
939 return 0;
940}
941
942/*
943 * xattr LIST operation for in-memory/pseudo filesystems
944 */
945ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
946 char *buffer, size_t size)
947{
948 bool trusted = capable(CAP_SYS_ADMIN);
949 struct simple_xattr *xattr;
950 ssize_t remaining_size = size;
951 int err = 0;
952
953#ifdef CONFIG_FS_POSIX_ACL
954 if (inode->i_acl) {
955 err = xattr_list_one(&buffer, &remaining_size,
956 XATTR_NAME_POSIX_ACL_ACCESS);
957 if (err)
958 return err;
959 }
960 if (inode->i_default_acl) {
961 err = xattr_list_one(&buffer, &remaining_size,
962 XATTR_NAME_POSIX_ACL_DEFAULT);
963 if (err)
964 return err;
965 }
966#endif
967
968 spin_lock(&xattrs->lock);
969 list_for_each_entry(xattr, &xattrs->head, list) {
970 /* skip "trusted." attributes for unprivileged callers */
971 if (!trusted && xattr_is_trusted(xattr->name))
972 continue;
973
974 err = xattr_list_one(&buffer, &remaining_size, xattr->name);
975 if (err)
976 break;
977 }
978 spin_unlock(&xattrs->lock);
979
980 return err ? err : size - remaining_size;
981}
982
983/*
984 * Adds an extended attribute to the list
985 */
986void simple_xattr_list_add(struct simple_xattrs *xattrs,
987 struct simple_xattr *new_xattr)
988{
989 spin_lock(&xattrs->lock);
990 list_add(&new_xattr->list, &xattrs->head);
991 spin_unlock(&xattrs->lock);
992}