1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 File: fs/xattr.c 4 5 Extended attribute handling. 6 7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 */ 11 #include <linux/fs.h> 12 #include <linux/slab.h> 13 #include <linux/file.h> 14 #include <linux/xattr.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/security.h> 18 #include <linux/evm.h> 19 #include <linux/syscalls.h> 20 #include <linux/export.h> 21 #include <linux/fsnotify.h> 22 #include <linux/audit.h> 23 #include <linux/vmalloc.h> 24 #include <linux/posix_acl_xattr.h> 25 26 #include <linux/uaccess.h> 27 28 static const char * 29 strcmp_prefix(const char *a, const char *a_prefix) 30 { 31 while (*a_prefix && *a == *a_prefix) { 32 a++; 33 a_prefix++; 34 } 35 return *a_prefix ? NULL : a; 36 } 37 38 /* 39 * In order to implement different sets of xattr operations for each xattr 40 * prefix, a filesystem should create a null-terminated array of struct 41 * xattr_handler (one for each prefix) and hang a pointer to it off of the 42 * s_xattr field of the superblock. 43 */ 44 #define for_each_xattr_handler(handlers, handler) \ 45 if (handlers) \ 46 for ((handler) = *(handlers)++; \ 47 (handler) != NULL; \ 48 (handler) = *(handlers)++) 49 50 /* 51 * Find the xattr_handler with the matching prefix. 52 */ 53 static const struct xattr_handler * 54 xattr_resolve_name(struct inode *inode, const char **name) 55 { 56 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 57 const struct xattr_handler *handler; 58 59 if (!(inode->i_opflags & IOP_XATTR)) { 60 if (unlikely(is_bad_inode(inode))) 61 return ERR_PTR(-EIO); 62 return ERR_PTR(-EOPNOTSUPP); 63 } 64 for_each_xattr_handler(handlers, handler) { 65 const char *n; 66 67 n = strcmp_prefix(*name, xattr_prefix(handler)); 68 if (n) { 69 if (!handler->prefix ^ !*n) { 70 if (*n) 71 continue; 72 return ERR_PTR(-EINVAL); 73 } 74 *name = n; 75 return handler; 76 } 77 } 78 return ERR_PTR(-EOPNOTSUPP); 79 } 80 81 /* 82 * Check permissions for extended attribute access. This is a bit complicated 83 * because different namespaces have very different rules. 84 */ 85 static int 86 xattr_permission(struct inode *inode, const char *name, int mask) 87 { 88 /* 89 * We can never set or remove an extended attribute on a read-only 90 * filesystem or on an immutable / append-only inode. 91 */ 92 if (mask & MAY_WRITE) { 93 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 94 return -EPERM; 95 /* 96 * Updating an xattr will likely cause i_uid and i_gid 97 * to be writen back improperly if their true value is 98 * unknown to the vfs. 99 */ 100 if (HAS_UNMAPPED_ID(inode)) 101 return -EPERM; 102 } 103 104 /* 105 * No restriction for security.* and system.* from the VFS. Decision 106 * on these is left to the underlying filesystem / security module. 107 */ 108 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 109 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 110 return 0; 111 112 /* 113 * The trusted.* namespace can only be accessed by privileged users. 114 */ 115 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 116 if (!capable(CAP_SYS_ADMIN)) 117 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 118 return 0; 119 } 120 121 /* 122 * In the user.* namespace, only regular files and directories can have 123 * extended attributes. For sticky directories, only the owner and 124 * privileged users can write attributes. 125 */ 126 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 127 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 128 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 129 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 130 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 131 return -EPERM; 132 } 133 134 return inode_permission(inode, mask); 135 } 136 137 int 138 __vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, 139 const void *value, size_t size, int flags) 140 { 141 const struct xattr_handler *handler; 142 143 handler = xattr_resolve_name(inode, &name); 144 if (IS_ERR(handler)) 145 return PTR_ERR(handler); 146 if (!handler->set) 147 return -EOPNOTSUPP; 148 if (size == 0) 149 value = ""; /* empty EA, do not remove */ 150 return handler->set(handler, dentry, inode, name, value, size, flags); 151 } 152 EXPORT_SYMBOL(__vfs_setxattr); 153 154 /** 155 * __vfs_setxattr_noperm - perform setxattr operation without performing 156 * permission checks. 157 * 158 * @dentry - object to perform setxattr on 159 * @name - xattr name to set 160 * @value - value to set @name to 161 * @size - size of @value 162 * @flags - flags to pass into filesystem operations 163 * 164 * returns the result of the internal setxattr or setsecurity operations. 165 * 166 * This function requires the caller to lock the inode's i_mutex before it 167 * is executed. It also assumes that the caller will make the appropriate 168 * permission checks. 169 */ 170 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 171 const void *value, size_t size, int flags) 172 { 173 struct inode *inode = dentry->d_inode; 174 int error = -EAGAIN; 175 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 176 XATTR_SECURITY_PREFIX_LEN); 177 178 if (issec) 179 inode->i_flags &= ~S_NOSEC; 180 if (inode->i_opflags & IOP_XATTR) { 181 error = __vfs_setxattr(dentry, inode, name, value, size, flags); 182 if (!error) { 183 fsnotify_xattr(dentry); 184 security_inode_post_setxattr(dentry, name, value, 185 size, flags); 186 } 187 } else { 188 if (unlikely(is_bad_inode(inode))) 189 return -EIO; 190 } 191 if (error == -EAGAIN) { 192 error = -EOPNOTSUPP; 193 194 if (issec) { 195 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 196 197 error = security_inode_setsecurity(inode, suffix, value, 198 size, flags); 199 if (!error) 200 fsnotify_xattr(dentry); 201 } 202 } 203 204 return error; 205 } 206 207 /** 208 * __vfs_setxattr_locked: set an extended attribute while holding the inode 209 * lock 210 * 211 * @dentry - object to perform setxattr on 212 * @name - xattr name to set 213 * @value - value to set @name to 214 * @size - size of @value 215 * @flags - flags to pass into filesystem operations 216 * @delegated_inode - on return, will contain an inode pointer that 217 * a delegation was broken on, NULL if none. 218 */ 219 int 220 __vfs_setxattr_locked(struct dentry *dentry, const char *name, 221 const void *value, size_t size, int flags, 222 struct inode **delegated_inode) 223 { 224 struct inode *inode = dentry->d_inode; 225 int error; 226 227 error = xattr_permission(inode, name, MAY_WRITE); 228 if (error) 229 return error; 230 231 error = security_inode_setxattr(dentry, name, value, size, flags); 232 if (error) 233 goto out; 234 235 error = try_break_deleg(inode, delegated_inode); 236 if (error) 237 goto out; 238 239 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 240 241 out: 242 return error; 243 } 244 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); 245 246 int 247 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 248 size_t size, int flags) 249 { 250 struct inode *inode = dentry->d_inode; 251 struct inode *delegated_inode = NULL; 252 int error; 253 254 retry_deleg: 255 inode_lock(inode); 256 error = __vfs_setxattr_locked(dentry, name, value, size, flags, 257 &delegated_inode); 258 inode_unlock(inode); 259 260 if (delegated_inode) { 261 error = break_deleg_wait(&delegated_inode); 262 if (!error) 263 goto retry_deleg; 264 } 265 return error; 266 } 267 EXPORT_SYMBOL_GPL(vfs_setxattr); 268 269 static ssize_t 270 xattr_getsecurity(struct inode *inode, const char *name, void *value, 271 size_t size) 272 { 273 void *buffer = NULL; 274 ssize_t len; 275 276 if (!value || !size) { 277 len = security_inode_getsecurity(inode, name, &buffer, false); 278 goto out_noalloc; 279 } 280 281 len = security_inode_getsecurity(inode, name, &buffer, true); 282 if (len < 0) 283 return len; 284 if (size < len) { 285 len = -ERANGE; 286 goto out; 287 } 288 memcpy(value, buffer, len); 289 out: 290 kfree(buffer); 291 out_noalloc: 292 return len; 293 } 294 295 /* 296 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 297 * 298 * Allocate memory, if not already allocated, or re-allocate correct size, 299 * before retrieving the extended attribute. 300 * 301 * Returns the result of alloc, if failed, or the getxattr operation. 302 */ 303 ssize_t 304 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, 305 size_t xattr_size, gfp_t flags) 306 { 307 const struct xattr_handler *handler; 308 struct inode *inode = dentry->d_inode; 309 char *value = *xattr_value; 310 int error; 311 312 error = xattr_permission(inode, name, MAY_READ); 313 if (error) 314 return error; 315 316 handler = xattr_resolve_name(inode, &name); 317 if (IS_ERR(handler)) 318 return PTR_ERR(handler); 319 if (!handler->get) 320 return -EOPNOTSUPP; 321 error = handler->get(handler, dentry, inode, name, NULL, 0); 322 if (error < 0) 323 return error; 324 325 if (!value || (error > xattr_size)) { 326 value = krealloc(*xattr_value, error + 1, flags); 327 if (!value) 328 return -ENOMEM; 329 memset(value, 0, error + 1); 330 } 331 332 error = handler->get(handler, dentry, inode, name, value, error); 333 *xattr_value = value; 334 return error; 335 } 336 337 ssize_t 338 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 339 void *value, size_t size) 340 { 341 const struct xattr_handler *handler; 342 343 handler = xattr_resolve_name(inode, &name); 344 if (IS_ERR(handler)) 345 return PTR_ERR(handler); 346 if (!handler->get) 347 return -EOPNOTSUPP; 348 return handler->get(handler, dentry, inode, name, value, size); 349 } 350 EXPORT_SYMBOL(__vfs_getxattr); 351 352 ssize_t 353 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 354 { 355 struct inode *inode = dentry->d_inode; 356 int error; 357 358 error = xattr_permission(inode, name, MAY_READ); 359 if (error) 360 return error; 361 362 error = security_inode_getxattr(dentry, name); 363 if (error) 364 return error; 365 366 if (!strncmp(name, XATTR_SECURITY_PREFIX, 367 XATTR_SECURITY_PREFIX_LEN)) { 368 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 369 int ret = xattr_getsecurity(inode, suffix, value, size); 370 /* 371 * Only overwrite the return value if a security module 372 * is actually active. 373 */ 374 if (ret == -EOPNOTSUPP) 375 goto nolsm; 376 return ret; 377 } 378 nolsm: 379 return __vfs_getxattr(dentry, inode, name, value, size); 380 } 381 EXPORT_SYMBOL_GPL(vfs_getxattr); 382 383 ssize_t 384 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 385 { 386 struct inode *inode = d_inode(dentry); 387 ssize_t error; 388 389 error = security_inode_listxattr(dentry); 390 if (error) 391 return error; 392 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { 393 error = inode->i_op->listxattr(dentry, list, size); 394 } else { 395 error = security_inode_listsecurity(inode, list, size); 396 if (size && error > size) 397 error = -ERANGE; 398 } 399 return error; 400 } 401 EXPORT_SYMBOL_GPL(vfs_listxattr); 402 403 int 404 __vfs_removexattr(struct dentry *dentry, const char *name) 405 { 406 struct inode *inode = d_inode(dentry); 407 const struct xattr_handler *handler; 408 409 handler = xattr_resolve_name(inode, &name); 410 if (IS_ERR(handler)) 411 return PTR_ERR(handler); 412 if (!handler->set) 413 return -EOPNOTSUPP; 414 return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE); 415 } 416 EXPORT_SYMBOL(__vfs_removexattr); 417 418 /** 419 * __vfs_removexattr_locked: set an extended attribute while holding the inode 420 * lock 421 * 422 * @dentry - object to perform setxattr on 423 * @name - name of xattr to remove 424 * @delegated_inode - on return, will contain an inode pointer that 425 * a delegation was broken on, NULL if none. 426 */ 427 int 428 __vfs_removexattr_locked(struct dentry *dentry, const char *name, 429 struct inode **delegated_inode) 430 { 431 struct inode *inode = dentry->d_inode; 432 int error; 433 434 error = xattr_permission(inode, name, MAY_WRITE); 435 if (error) 436 return error; 437 438 error = security_inode_removexattr(dentry, name); 439 if (error) 440 goto out; 441 442 error = try_break_deleg(inode, delegated_inode); 443 if (error) 444 goto out; 445 446 error = __vfs_removexattr(dentry, name); 447 448 if (!error) { 449 fsnotify_xattr(dentry); 450 evm_inode_post_removexattr(dentry, name); 451 } 452 453 out: 454 return error; 455 } 456 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); 457 458 int 459 vfs_removexattr(struct dentry *dentry, const char *name) 460 { 461 struct inode *inode = dentry->d_inode; 462 struct inode *delegated_inode = NULL; 463 int error; 464 465 retry_deleg: 466 inode_lock(inode); 467 error = __vfs_removexattr_locked(dentry, name, &delegated_inode); 468 inode_unlock(inode); 469 470 if (delegated_inode) { 471 error = break_deleg_wait(&delegated_inode); 472 if (!error) 473 goto retry_deleg; 474 } 475 476 return error; 477 } 478 EXPORT_SYMBOL_GPL(vfs_removexattr); 479 480 /* 481 * Extended attribute SET operations 482 */ 483 static long 484 setxattr(struct dentry *d, const char __user *name, const void __user *value, 485 size_t size, int flags) 486 { 487 int error; 488 void *kvalue = NULL; 489 char kname[XATTR_NAME_MAX + 1]; 490 491 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 492 return -EINVAL; 493 494 error = strncpy_from_user(kname, name, sizeof(kname)); 495 if (error == 0 || error == sizeof(kname)) 496 error = -ERANGE; 497 if (error < 0) 498 return error; 499 500 if (size) { 501 if (size > XATTR_SIZE_MAX) 502 return -E2BIG; 503 kvalue = kvmalloc(size, GFP_KERNEL); 504 if (!kvalue) 505 return -ENOMEM; 506 if (copy_from_user(kvalue, value, size)) { 507 error = -EFAULT; 508 goto out; 509 } 510 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 511 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 512 posix_acl_fix_xattr_from_user(kvalue, size); 513 else if (strcmp(kname, XATTR_NAME_CAPS) == 0) { 514 error = cap_convert_nscap(d, &kvalue, size); 515 if (error < 0) 516 goto out; 517 size = error; 518 } 519 } 520 521 error = vfs_setxattr(d, kname, kvalue, size, flags); 522 out: 523 kvfree(kvalue); 524 525 return error; 526 } 527 528 static int path_setxattr(const char __user *pathname, 529 const char __user *name, const void __user *value, 530 size_t size, int flags, unsigned int lookup_flags) 531 { 532 struct path path; 533 int error; 534 retry: 535 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 536 if (error) 537 return error; 538 error = mnt_want_write(path.mnt); 539 if (!error) { 540 error = setxattr(path.dentry, name, value, size, flags); 541 mnt_drop_write(path.mnt); 542 } 543 path_put(&path); 544 if (retry_estale(error, lookup_flags)) { 545 lookup_flags |= LOOKUP_REVAL; 546 goto retry; 547 } 548 return error; 549 } 550 551 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 552 const char __user *, name, const void __user *, value, 553 size_t, size, int, flags) 554 { 555 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 556 } 557 558 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 559 const char __user *, name, const void __user *, value, 560 size_t, size, int, flags) 561 { 562 return path_setxattr(pathname, name, value, size, flags, 0); 563 } 564 565 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 566 const void __user *,value, size_t, size, int, flags) 567 { 568 struct fd f = fdget(fd); 569 int error = -EBADF; 570 571 if (!f.file) 572 return error; 573 audit_file(f.file); 574 error = mnt_want_write_file(f.file); 575 if (!error) { 576 error = setxattr(f.file->f_path.dentry, name, value, size, flags); 577 mnt_drop_write_file(f.file); 578 } 579 fdput(f); 580 return error; 581 } 582 583 /* 584 * Extended attribute GET operations 585 */ 586 static ssize_t 587 getxattr(struct dentry *d, const char __user *name, void __user *value, 588 size_t size) 589 { 590 ssize_t error; 591 void *kvalue = NULL; 592 char kname[XATTR_NAME_MAX + 1]; 593 594 error = strncpy_from_user(kname, name, sizeof(kname)); 595 if (error == 0 || error == sizeof(kname)) 596 error = -ERANGE; 597 if (error < 0) 598 return error; 599 600 if (size) { 601 if (size > XATTR_SIZE_MAX) 602 size = XATTR_SIZE_MAX; 603 kvalue = kvzalloc(size, GFP_KERNEL); 604 if (!kvalue) 605 return -ENOMEM; 606 } 607 608 error = vfs_getxattr(d, kname, kvalue, size); 609 if (error > 0) { 610 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 611 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 612 posix_acl_fix_xattr_to_user(kvalue, error); 613 if (size && copy_to_user(value, kvalue, error)) 614 error = -EFAULT; 615 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 616 /* The file system tried to returned a value bigger 617 than XATTR_SIZE_MAX bytes. Not possible. */ 618 error = -E2BIG; 619 } 620 621 kvfree(kvalue); 622 623 return error; 624 } 625 626 static ssize_t path_getxattr(const char __user *pathname, 627 const char __user *name, void __user *value, 628 size_t size, unsigned int lookup_flags) 629 { 630 struct path path; 631 ssize_t error; 632 retry: 633 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 634 if (error) 635 return error; 636 error = getxattr(path.dentry, name, value, size); 637 path_put(&path); 638 if (retry_estale(error, lookup_flags)) { 639 lookup_flags |= LOOKUP_REVAL; 640 goto retry; 641 } 642 return error; 643 } 644 645 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 646 const char __user *, name, void __user *, value, size_t, size) 647 { 648 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 649 } 650 651 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 652 const char __user *, name, void __user *, value, size_t, size) 653 { 654 return path_getxattr(pathname, name, value, size, 0); 655 } 656 657 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 658 void __user *, value, size_t, size) 659 { 660 struct fd f = fdget(fd); 661 ssize_t error = -EBADF; 662 663 if (!f.file) 664 return error; 665 audit_file(f.file); 666 error = getxattr(f.file->f_path.dentry, name, value, size); 667 fdput(f); 668 return error; 669 } 670 671 /* 672 * Extended attribute LIST operations 673 */ 674 static ssize_t 675 listxattr(struct dentry *d, char __user *list, size_t size) 676 { 677 ssize_t error; 678 char *klist = NULL; 679 680 if (size) { 681 if (size > XATTR_LIST_MAX) 682 size = XATTR_LIST_MAX; 683 klist = kvmalloc(size, GFP_KERNEL); 684 if (!klist) 685 return -ENOMEM; 686 } 687 688 error = vfs_listxattr(d, klist, size); 689 if (error > 0) { 690 if (size && copy_to_user(list, klist, error)) 691 error = -EFAULT; 692 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 693 /* The file system tried to returned a list bigger 694 than XATTR_LIST_MAX bytes. Not possible. */ 695 error = -E2BIG; 696 } 697 698 kvfree(klist); 699 700 return error; 701 } 702 703 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 704 size_t size, unsigned int lookup_flags) 705 { 706 struct path path; 707 ssize_t error; 708 retry: 709 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 710 if (error) 711 return error; 712 error = listxattr(path.dentry, list, size); 713 path_put(&path); 714 if (retry_estale(error, lookup_flags)) { 715 lookup_flags |= LOOKUP_REVAL; 716 goto retry; 717 } 718 return error; 719 } 720 721 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 722 size_t, size) 723 { 724 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 725 } 726 727 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 728 size_t, size) 729 { 730 return path_listxattr(pathname, list, size, 0); 731 } 732 733 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 734 { 735 struct fd f = fdget(fd); 736 ssize_t error = -EBADF; 737 738 if (!f.file) 739 return error; 740 audit_file(f.file); 741 error = listxattr(f.file->f_path.dentry, list, size); 742 fdput(f); 743 return error; 744 } 745 746 /* 747 * Extended attribute REMOVE operations 748 */ 749 static long 750 removexattr(struct dentry *d, const char __user *name) 751 { 752 int error; 753 char kname[XATTR_NAME_MAX + 1]; 754 755 error = strncpy_from_user(kname, name, sizeof(kname)); 756 if (error == 0 || error == sizeof(kname)) 757 error = -ERANGE; 758 if (error < 0) 759 return error; 760 761 return vfs_removexattr(d, kname); 762 } 763 764 static int path_removexattr(const char __user *pathname, 765 const char __user *name, unsigned int lookup_flags) 766 { 767 struct path path; 768 int error; 769 retry: 770 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 771 if (error) 772 return error; 773 error = mnt_want_write(path.mnt); 774 if (!error) { 775 error = removexattr(path.dentry, name); 776 mnt_drop_write(path.mnt); 777 } 778 path_put(&path); 779 if (retry_estale(error, lookup_flags)) { 780 lookup_flags |= LOOKUP_REVAL; 781 goto retry; 782 } 783 return error; 784 } 785 786 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 787 const char __user *, name) 788 { 789 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 790 } 791 792 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 793 const char __user *, name) 794 { 795 return path_removexattr(pathname, name, 0); 796 } 797 798 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 799 { 800 struct fd f = fdget(fd); 801 int error = -EBADF; 802 803 if (!f.file) 804 return error; 805 audit_file(f.file); 806 error = mnt_want_write_file(f.file); 807 if (!error) { 808 error = removexattr(f.file->f_path.dentry, name); 809 mnt_drop_write_file(f.file); 810 } 811 fdput(f); 812 return error; 813 } 814 815 /* 816 * Combine the results of the list() operation from every xattr_handler in the 817 * list. 818 */ 819 ssize_t 820 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 821 { 822 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 823 unsigned int size = 0; 824 825 if (!buffer) { 826 for_each_xattr_handler(handlers, handler) { 827 if (!handler->name || 828 (handler->list && !handler->list(dentry))) 829 continue; 830 size += strlen(handler->name) + 1; 831 } 832 } else { 833 char *buf = buffer; 834 size_t len; 835 836 for_each_xattr_handler(handlers, handler) { 837 if (!handler->name || 838 (handler->list && !handler->list(dentry))) 839 continue; 840 len = strlen(handler->name); 841 if (len + 1 > buffer_size) 842 return -ERANGE; 843 memcpy(buf, handler->name, len + 1); 844 buf += len + 1; 845 buffer_size -= len + 1; 846 } 847 size = buf - buffer; 848 } 849 return size; 850 } 851 EXPORT_SYMBOL(generic_listxattr); 852 853 /** 854 * xattr_full_name - Compute full attribute name from suffix 855 * 856 * @handler: handler of the xattr_handler operation 857 * @name: name passed to the xattr_handler operation 858 * 859 * The get and set xattr handler operations are called with the remainder of 860 * the attribute name after skipping the handler's prefix: for example, "foo" 861 * is passed to the get operation of a handler with prefix "user." to get 862 * attribute "user.foo". The full name is still "there" in the name though. 863 * 864 * Note: the list xattr handler operation when called from the vfs is passed a 865 * NULL name; some file systems use this operation internally, with varying 866 * semantics. 867 */ 868 const char *xattr_full_name(const struct xattr_handler *handler, 869 const char *name) 870 { 871 size_t prefix_len = strlen(xattr_prefix(handler)); 872 873 return name - prefix_len; 874 } 875 EXPORT_SYMBOL(xattr_full_name); 876 877 /* 878 * Allocate new xattr and copy in the value; but leave the name to callers. 879 */ 880 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 881 { 882 struct simple_xattr *new_xattr; 883 size_t len; 884 885 /* wrap around? */ 886 len = sizeof(*new_xattr) + size; 887 if (len < sizeof(*new_xattr)) 888 return NULL; 889 890 new_xattr = kvmalloc(len, GFP_KERNEL); 891 if (!new_xattr) 892 return NULL; 893 894 new_xattr->size = size; 895 memcpy(new_xattr->value, value, size); 896 return new_xattr; 897 } 898 899 /* 900 * xattr GET operation for in-memory/pseudo filesystems 901 */ 902 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 903 void *buffer, size_t size) 904 { 905 struct simple_xattr *xattr; 906 int ret = -ENODATA; 907 908 spin_lock(&xattrs->lock); 909 list_for_each_entry(xattr, &xattrs->head, list) { 910 if (strcmp(name, xattr->name)) 911 continue; 912 913 ret = xattr->size; 914 if (buffer) { 915 if (size < xattr->size) 916 ret = -ERANGE; 917 else 918 memcpy(buffer, xattr->value, xattr->size); 919 } 920 break; 921 } 922 spin_unlock(&xattrs->lock); 923 return ret; 924 } 925 926 /** 927 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems 928 * @xattrs: target simple_xattr list 929 * @name: name of the extended attribute 930 * @value: value of the xattr. If %NULL, will remove the attribute. 931 * @size: size of the new xattr 932 * @flags: %XATTR_{CREATE|REPLACE} 933 * @removed_size: returns size of the removed xattr, -1 if none removed 934 * 935 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails 936 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; 937 * otherwise, fails with -ENODATA. 938 * 939 * Returns 0 on success, -errno on failure. 940 */ 941 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 942 const void *value, size_t size, int flags, 943 ssize_t *removed_size) 944 { 945 struct simple_xattr *xattr; 946 struct simple_xattr *new_xattr = NULL; 947 int err = 0; 948 949 if (removed_size) 950 *removed_size = -1; 951 952 /* value == NULL means remove */ 953 if (value) { 954 new_xattr = simple_xattr_alloc(value, size); 955 if (!new_xattr) 956 return -ENOMEM; 957 958 new_xattr->name = kstrdup(name, GFP_KERNEL); 959 if (!new_xattr->name) { 960 kvfree(new_xattr); 961 return -ENOMEM; 962 } 963 } 964 965 spin_lock(&xattrs->lock); 966 list_for_each_entry(xattr, &xattrs->head, list) { 967 if (!strcmp(name, xattr->name)) { 968 if (flags & XATTR_CREATE) { 969 xattr = new_xattr; 970 err = -EEXIST; 971 } else if (new_xattr) { 972 list_replace(&xattr->list, &new_xattr->list); 973 if (removed_size) 974 *removed_size = xattr->size; 975 } else { 976 list_del(&xattr->list); 977 if (removed_size) 978 *removed_size = xattr->size; 979 } 980 goto out; 981 } 982 } 983 if (flags & XATTR_REPLACE) { 984 xattr = new_xattr; 985 err = -ENODATA; 986 } else { 987 list_add(&new_xattr->list, &xattrs->head); 988 xattr = NULL; 989 } 990 out: 991 spin_unlock(&xattrs->lock); 992 if (xattr) { 993 kfree(xattr->name); 994 kvfree(xattr); 995 } 996 return err; 997 998 } 999 1000 static bool xattr_is_trusted(const char *name) 1001 { 1002 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1003 } 1004 1005 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 1006 const char *name) 1007 { 1008 size_t len = strlen(name) + 1; 1009 if (*buffer) { 1010 if (*remaining_size < len) 1011 return -ERANGE; 1012 memcpy(*buffer, name, len); 1013 *buffer += len; 1014 } 1015 *remaining_size -= len; 1016 return 0; 1017 } 1018 1019 /* 1020 * xattr LIST operation for in-memory/pseudo filesystems 1021 */ 1022 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 1023 char *buffer, size_t size) 1024 { 1025 bool trusted = capable(CAP_SYS_ADMIN); 1026 struct simple_xattr *xattr; 1027 ssize_t remaining_size = size; 1028 int err = 0; 1029 1030 #ifdef CONFIG_FS_POSIX_ACL 1031 if (IS_POSIXACL(inode)) { 1032 if (inode->i_acl) { 1033 err = xattr_list_one(&buffer, &remaining_size, 1034 XATTR_NAME_POSIX_ACL_ACCESS); 1035 if (err) 1036 return err; 1037 } 1038 if (inode->i_default_acl) { 1039 err = xattr_list_one(&buffer, &remaining_size, 1040 XATTR_NAME_POSIX_ACL_DEFAULT); 1041 if (err) 1042 return err; 1043 } 1044 } 1045 #endif 1046 1047 spin_lock(&xattrs->lock); 1048 list_for_each_entry(xattr, &xattrs->head, list) { 1049 /* skip "trusted." attributes for unprivileged callers */ 1050 if (!trusted && xattr_is_trusted(xattr->name)) 1051 continue; 1052 1053 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 1054 if (err) 1055 break; 1056 } 1057 spin_unlock(&xattrs->lock); 1058 1059 return err ? err : size - remaining_size; 1060 } 1061 1062 /* 1063 * Adds an extended attribute to the list 1064 */ 1065 void simple_xattr_list_add(struct simple_xattrs *xattrs, 1066 struct simple_xattr *new_xattr) 1067 { 1068 spin_lock(&xattrs->lock); 1069 list_add(&new_xattr->list, &xattrs->head); 1070 spin_unlock(&xattrs->lock); 1071 } 1072