xref: /openbmc/linux/fs/xattr.c (revision 09de5cd2)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3   File: fs/xattr.c
4 
5   Extended attribute handling.
6 
7   Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8   Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9   Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10  */
11 #include <linux/fs.h>
12 #include <linux/slab.h>
13 #include <linux/file.h>
14 #include <linux/xattr.h>
15 #include <linux/mount.h>
16 #include <linux/namei.h>
17 #include <linux/security.h>
18 #include <linux/evm.h>
19 #include <linux/syscalls.h>
20 #include <linux/export.h>
21 #include <linux/fsnotify.h>
22 #include <linux/audit.h>
23 #include <linux/vmalloc.h>
24 #include <linux/posix_acl_xattr.h>
25 
26 #include <linux/uaccess.h>
27 
28 static const char *
29 strcmp_prefix(const char *a, const char *a_prefix)
30 {
31 	while (*a_prefix && *a == *a_prefix) {
32 		a++;
33 		a_prefix++;
34 	}
35 	return *a_prefix ? NULL : a;
36 }
37 
38 /*
39  * In order to implement different sets of xattr operations for each xattr
40  * prefix, a filesystem should create a null-terminated array of struct
41  * xattr_handler (one for each prefix) and hang a pointer to it off of the
42  * s_xattr field of the superblock.
43  */
44 #define for_each_xattr_handler(handlers, handler)		\
45 	if (handlers)						\
46 		for ((handler) = *(handlers)++;			\
47 			(handler) != NULL;			\
48 			(handler) = *(handlers)++)
49 
50 /*
51  * Find the xattr_handler with the matching prefix.
52  */
53 static const struct xattr_handler *
54 xattr_resolve_name(struct inode *inode, const char **name)
55 {
56 	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57 	const struct xattr_handler *handler;
58 
59 	if (!(inode->i_opflags & IOP_XATTR)) {
60 		if (unlikely(is_bad_inode(inode)))
61 			return ERR_PTR(-EIO);
62 		return ERR_PTR(-EOPNOTSUPP);
63 	}
64 	for_each_xattr_handler(handlers, handler) {
65 		const char *n;
66 
67 		n = strcmp_prefix(*name, xattr_prefix(handler));
68 		if (n) {
69 			if (!handler->prefix ^ !*n) {
70 				if (*n)
71 					continue;
72 				return ERR_PTR(-EINVAL);
73 			}
74 			*name = n;
75 			return handler;
76 		}
77 	}
78 	return ERR_PTR(-EOPNOTSUPP);
79 }
80 
81 /*
82  * Check permissions for extended attribute access.  This is a bit complicated
83  * because different namespaces have very different rules.
84  */
85 static int
86 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
87 		 const char *name, int mask)
88 {
89 	/*
90 	 * We can never set or remove an extended attribute on a read-only
91 	 * filesystem  or on an immutable / append-only inode.
92 	 */
93 	if (mask & MAY_WRITE) {
94 		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
95 			return -EPERM;
96 		/*
97 		 * Updating an xattr will likely cause i_uid and i_gid
98 		 * to be writen back improperly if their true value is
99 		 * unknown to the vfs.
100 		 */
101 		if (HAS_UNMAPPED_ID(mnt_userns, inode))
102 			return -EPERM;
103 	}
104 
105 	/*
106 	 * No restriction for security.* and system.* from the VFS.  Decision
107 	 * on these is left to the underlying filesystem / security module.
108 	 */
109 	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
110 	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
111 		return 0;
112 
113 	/*
114 	 * The trusted.* namespace can only be accessed by privileged users.
115 	 */
116 	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
117 		if (!capable(CAP_SYS_ADMIN))
118 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
119 		return 0;
120 	}
121 
122 	/*
123 	 * In the user.* namespace, only regular files and directories can have
124 	 * extended attributes. For sticky directories, only the owner and
125 	 * privileged users can write attributes.
126 	 */
127 	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
128 		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
129 			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
130 		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
131 		    (mask & MAY_WRITE) &&
132 		    !inode_owner_or_capable(mnt_userns, inode))
133 			return -EPERM;
134 	}
135 
136 	return inode_permission(mnt_userns, inode, mask);
137 }
138 
139 /*
140  * Look for any handler that deals with the specified namespace.
141  */
142 int
143 xattr_supported_namespace(struct inode *inode, const char *prefix)
144 {
145 	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
146 	const struct xattr_handler *handler;
147 	size_t preflen;
148 
149 	if (!(inode->i_opflags & IOP_XATTR)) {
150 		if (unlikely(is_bad_inode(inode)))
151 			return -EIO;
152 		return -EOPNOTSUPP;
153 	}
154 
155 	preflen = strlen(prefix);
156 
157 	for_each_xattr_handler(handlers, handler) {
158 		if (!strncmp(xattr_prefix(handler), prefix, preflen))
159 			return 0;
160 	}
161 
162 	return -EOPNOTSUPP;
163 }
164 EXPORT_SYMBOL(xattr_supported_namespace);
165 
166 int
167 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
168 	       struct inode *inode, const char *name, const void *value,
169 	       size_t size, int flags)
170 {
171 	const struct xattr_handler *handler;
172 
173 	handler = xattr_resolve_name(inode, &name);
174 	if (IS_ERR(handler))
175 		return PTR_ERR(handler);
176 	if (!handler->set)
177 		return -EOPNOTSUPP;
178 	if (size == 0)
179 		value = "";  /* empty EA, do not remove */
180 	return handler->set(handler, mnt_userns, dentry, inode, name, value,
181 			    size, flags);
182 }
183 EXPORT_SYMBOL(__vfs_setxattr);
184 
185 /**
186  *  __vfs_setxattr_noperm - perform setxattr operation without performing
187  *  permission checks.
188  *
189  *  @mnt_userns: user namespace of the mount the inode was found from
190  *  @dentry: object to perform setxattr on
191  *  @name: xattr name to set
192  *  @value: value to set @name to
193  *  @size: size of @value
194  *  @flags: flags to pass into filesystem operations
195  *
196  *  returns the result of the internal setxattr or setsecurity operations.
197  *
198  *  This function requires the caller to lock the inode's i_mutex before it
199  *  is executed. It also assumes that the caller will make the appropriate
200  *  permission checks.
201  */
202 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
203 			  struct dentry *dentry, const char *name,
204 			  const void *value, size_t size, int flags)
205 {
206 	struct inode *inode = dentry->d_inode;
207 	int error = -EAGAIN;
208 	int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
209 				   XATTR_SECURITY_PREFIX_LEN);
210 
211 	if (issec)
212 		inode->i_flags &= ~S_NOSEC;
213 	if (inode->i_opflags & IOP_XATTR) {
214 		error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
215 				       size, flags);
216 		if (!error) {
217 			fsnotify_xattr(dentry);
218 			security_inode_post_setxattr(dentry, name, value,
219 						     size, flags);
220 		}
221 	} else {
222 		if (unlikely(is_bad_inode(inode)))
223 			return -EIO;
224 	}
225 	if (error == -EAGAIN) {
226 		error = -EOPNOTSUPP;
227 
228 		if (issec) {
229 			const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
230 
231 			error = security_inode_setsecurity(inode, suffix, value,
232 							   size, flags);
233 			if (!error)
234 				fsnotify_xattr(dentry);
235 		}
236 	}
237 
238 	return error;
239 }
240 
241 /**
242  * __vfs_setxattr_locked - set an extended attribute while holding the inode
243  * lock
244  *
245  *  @mnt_userns: user namespace of the mount of the target inode
246  *  @dentry: object to perform setxattr on
247  *  @name: xattr name to set
248  *  @value: value to set @name to
249  *  @size: size of @value
250  *  @flags: flags to pass into filesystem operations
251  *  @delegated_inode: on return, will contain an inode pointer that
252  *  a delegation was broken on, NULL if none.
253  */
254 int
255 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
256 		      const char *name, const void *value, size_t size,
257 		      int flags, struct inode **delegated_inode)
258 {
259 	struct inode *inode = dentry->d_inode;
260 	int error;
261 
262 	error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
263 	if (error)
264 		return error;
265 
266 	error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
267 					flags);
268 	if (error)
269 		goto out;
270 
271 	error = try_break_deleg(inode, delegated_inode);
272 	if (error)
273 		goto out;
274 
275 	error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
276 				      size, flags);
277 
278 out:
279 	return error;
280 }
281 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
282 
283 int
284 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
285 	     const char *name, const void *value, size_t size, int flags)
286 {
287 	struct inode *inode = dentry->d_inode;
288 	struct inode *delegated_inode = NULL;
289 	const void  *orig_value = value;
290 	int error;
291 
292 	if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
293 		error = cap_convert_nscap(mnt_userns, dentry, &value, size);
294 		if (error < 0)
295 			return error;
296 		size = error;
297 	}
298 
299 retry_deleg:
300 	inode_lock(inode);
301 	error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
302 				      flags, &delegated_inode);
303 	inode_unlock(inode);
304 
305 	if (delegated_inode) {
306 		error = break_deleg_wait(&delegated_inode);
307 		if (!error)
308 			goto retry_deleg;
309 	}
310 	if (value != orig_value)
311 		kfree(value);
312 
313 	return error;
314 }
315 EXPORT_SYMBOL_GPL(vfs_setxattr);
316 
317 static ssize_t
318 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
319 		  const char *name, void *value, size_t size)
320 {
321 	void *buffer = NULL;
322 	ssize_t len;
323 
324 	if (!value || !size) {
325 		len = security_inode_getsecurity(mnt_userns, inode, name,
326 						 &buffer, false);
327 		goto out_noalloc;
328 	}
329 
330 	len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
331 					 true);
332 	if (len < 0)
333 		return len;
334 	if (size < len) {
335 		len = -ERANGE;
336 		goto out;
337 	}
338 	memcpy(value, buffer, len);
339 out:
340 	kfree(buffer);
341 out_noalloc:
342 	return len;
343 }
344 
345 /*
346  * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
347  *
348  * Allocate memory, if not already allocated, or re-allocate correct size,
349  * before retrieving the extended attribute.
350  *
351  * Returns the result of alloc, if failed, or the getxattr operation.
352  */
353 ssize_t
354 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
355 		   const char *name, char **xattr_value, size_t xattr_size,
356 		   gfp_t flags)
357 {
358 	const struct xattr_handler *handler;
359 	struct inode *inode = dentry->d_inode;
360 	char *value = *xattr_value;
361 	int error;
362 
363 	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
364 	if (error)
365 		return error;
366 
367 	handler = xattr_resolve_name(inode, &name);
368 	if (IS_ERR(handler))
369 		return PTR_ERR(handler);
370 	if (!handler->get)
371 		return -EOPNOTSUPP;
372 	error = handler->get(handler, dentry, inode, name, NULL, 0);
373 	if (error < 0)
374 		return error;
375 
376 	if (!value || (error > xattr_size)) {
377 		value = krealloc(*xattr_value, error + 1, flags);
378 		if (!value)
379 			return -ENOMEM;
380 		memset(value, 0, error + 1);
381 	}
382 
383 	error = handler->get(handler, dentry, inode, name, value, error);
384 	*xattr_value = value;
385 	return error;
386 }
387 
388 ssize_t
389 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
390 	       void *value, size_t size)
391 {
392 	const struct xattr_handler *handler;
393 
394 	handler = xattr_resolve_name(inode, &name);
395 	if (IS_ERR(handler))
396 		return PTR_ERR(handler);
397 	if (!handler->get)
398 		return -EOPNOTSUPP;
399 	return handler->get(handler, dentry, inode, name, value, size);
400 }
401 EXPORT_SYMBOL(__vfs_getxattr);
402 
403 ssize_t
404 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
405 	     const char *name, void *value, size_t size)
406 {
407 	struct inode *inode = dentry->d_inode;
408 	int error;
409 
410 	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
411 	if (error)
412 		return error;
413 
414 	error = security_inode_getxattr(dentry, name);
415 	if (error)
416 		return error;
417 
418 	if (!strncmp(name, XATTR_SECURITY_PREFIX,
419 				XATTR_SECURITY_PREFIX_LEN)) {
420 		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
421 		int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
422 					    size);
423 		/*
424 		 * Only overwrite the return value if a security module
425 		 * is actually active.
426 		 */
427 		if (ret == -EOPNOTSUPP)
428 			goto nolsm;
429 		return ret;
430 	}
431 nolsm:
432 	return __vfs_getxattr(dentry, inode, name, value, size);
433 }
434 EXPORT_SYMBOL_GPL(vfs_getxattr);
435 
436 ssize_t
437 vfs_listxattr(struct dentry *dentry, char *list, size_t size)
438 {
439 	struct inode *inode = d_inode(dentry);
440 	ssize_t error;
441 
442 	error = security_inode_listxattr(dentry);
443 	if (error)
444 		return error;
445 	if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
446 		error = inode->i_op->listxattr(dentry, list, size);
447 	} else {
448 		error = security_inode_listsecurity(inode, list, size);
449 		if (size && error > size)
450 			error = -ERANGE;
451 	}
452 	return error;
453 }
454 EXPORT_SYMBOL_GPL(vfs_listxattr);
455 
456 int
457 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
458 		  const char *name)
459 {
460 	struct inode *inode = d_inode(dentry);
461 	const struct xattr_handler *handler;
462 
463 	handler = xattr_resolve_name(inode, &name);
464 	if (IS_ERR(handler))
465 		return PTR_ERR(handler);
466 	if (!handler->set)
467 		return -EOPNOTSUPP;
468 	return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
469 			    XATTR_REPLACE);
470 }
471 EXPORT_SYMBOL(__vfs_removexattr);
472 
473 /**
474  * __vfs_removexattr_locked - set an extended attribute while holding the inode
475  * lock
476  *
477  *  @mnt_userns: user namespace of the mount of the target inode
478  *  @dentry: object to perform setxattr on
479  *  @name: name of xattr to remove
480  *  @delegated_inode: on return, will contain an inode pointer that
481  *  a delegation was broken on, NULL if none.
482  */
483 int
484 __vfs_removexattr_locked(struct user_namespace *mnt_userns,
485 			 struct dentry *dentry, const char *name,
486 			 struct inode **delegated_inode)
487 {
488 	struct inode *inode = dentry->d_inode;
489 	int error;
490 
491 	error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
492 	if (error)
493 		return error;
494 
495 	error = security_inode_removexattr(mnt_userns, dentry, name);
496 	if (error)
497 		goto out;
498 
499 	error = try_break_deleg(inode, delegated_inode);
500 	if (error)
501 		goto out;
502 
503 	error = __vfs_removexattr(mnt_userns, dentry, name);
504 
505 	if (!error) {
506 		fsnotify_xattr(dentry);
507 		evm_inode_post_removexattr(dentry, name);
508 	}
509 
510 out:
511 	return error;
512 }
513 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
514 
515 int
516 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
517 		const char *name)
518 {
519 	struct inode *inode = dentry->d_inode;
520 	struct inode *delegated_inode = NULL;
521 	int error;
522 
523 retry_deleg:
524 	inode_lock(inode);
525 	error = __vfs_removexattr_locked(mnt_userns, dentry,
526 					 name, &delegated_inode);
527 	inode_unlock(inode);
528 
529 	if (delegated_inode) {
530 		error = break_deleg_wait(&delegated_inode);
531 		if (!error)
532 			goto retry_deleg;
533 	}
534 
535 	return error;
536 }
537 EXPORT_SYMBOL_GPL(vfs_removexattr);
538 
539 /*
540  * Extended attribute SET operations
541  */
542 static long
543 setxattr(struct user_namespace *mnt_userns, struct dentry *d,
544 	 const char __user *name, const void __user *value, size_t size,
545 	 int flags)
546 {
547 	int error;
548 	void *kvalue = NULL;
549 	char kname[XATTR_NAME_MAX + 1];
550 
551 	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
552 		return -EINVAL;
553 
554 	error = strncpy_from_user(kname, name, sizeof(kname));
555 	if (error == 0 || error == sizeof(kname))
556 		error = -ERANGE;
557 	if (error < 0)
558 		return error;
559 
560 	if (size) {
561 		if (size > XATTR_SIZE_MAX)
562 			return -E2BIG;
563 		kvalue = kvmalloc(size, GFP_KERNEL);
564 		if (!kvalue)
565 			return -ENOMEM;
566 		if (copy_from_user(kvalue, value, size)) {
567 			error = -EFAULT;
568 			goto out;
569 		}
570 		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
571 		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
572 			posix_acl_fix_xattr_from_user(mnt_userns, d_inode(d),
573 						      kvalue, size);
574 	}
575 
576 	error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
577 out:
578 	kvfree(kvalue);
579 
580 	return error;
581 }
582 
583 static int path_setxattr(const char __user *pathname,
584 			 const char __user *name, const void __user *value,
585 			 size_t size, int flags, unsigned int lookup_flags)
586 {
587 	struct path path;
588 	int error;
589 
590 retry:
591 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
592 	if (error)
593 		return error;
594 	error = mnt_want_write(path.mnt);
595 	if (!error) {
596 		error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
597 				 value, size, flags);
598 		mnt_drop_write(path.mnt);
599 	}
600 	path_put(&path);
601 	if (retry_estale(error, lookup_flags)) {
602 		lookup_flags |= LOOKUP_REVAL;
603 		goto retry;
604 	}
605 	return error;
606 }
607 
608 SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
609 		const char __user *, name, const void __user *, value,
610 		size_t, size, int, flags)
611 {
612 	return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
613 }
614 
615 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
616 		const char __user *, name, const void __user *, value,
617 		size_t, size, int, flags)
618 {
619 	return path_setxattr(pathname, name, value, size, flags, 0);
620 }
621 
622 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
623 		const void __user *,value, size_t, size, int, flags)
624 {
625 	struct fd f = fdget(fd);
626 	int error = -EBADF;
627 
628 	if (!f.file)
629 		return error;
630 	audit_file(f.file);
631 	error = mnt_want_write_file(f.file);
632 	if (!error) {
633 		error = setxattr(file_mnt_user_ns(f.file),
634 				 f.file->f_path.dentry, name,
635 				 value, size, flags);
636 		mnt_drop_write_file(f.file);
637 	}
638 	fdput(f);
639 	return error;
640 }
641 
642 /*
643  * Extended attribute GET operations
644  */
645 static ssize_t
646 getxattr(struct user_namespace *mnt_userns, struct dentry *d,
647 	 const char __user *name, void __user *value, size_t size)
648 {
649 	ssize_t error;
650 	void *kvalue = NULL;
651 	char kname[XATTR_NAME_MAX + 1];
652 
653 	error = strncpy_from_user(kname, name, sizeof(kname));
654 	if (error == 0 || error == sizeof(kname))
655 		error = -ERANGE;
656 	if (error < 0)
657 		return error;
658 
659 	if (size) {
660 		if (size > XATTR_SIZE_MAX)
661 			size = XATTR_SIZE_MAX;
662 		kvalue = kvzalloc(size, GFP_KERNEL);
663 		if (!kvalue)
664 			return -ENOMEM;
665 	}
666 
667 	error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
668 	if (error > 0) {
669 		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
670 		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
671 			posix_acl_fix_xattr_to_user(mnt_userns, d_inode(d),
672 						    kvalue, error);
673 		if (size && copy_to_user(value, kvalue, error))
674 			error = -EFAULT;
675 	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
676 		/* The file system tried to returned a value bigger
677 		   than XATTR_SIZE_MAX bytes. Not possible. */
678 		error = -E2BIG;
679 	}
680 
681 	kvfree(kvalue);
682 
683 	return error;
684 }
685 
686 static ssize_t path_getxattr(const char __user *pathname,
687 			     const char __user *name, void __user *value,
688 			     size_t size, unsigned int lookup_flags)
689 {
690 	struct path path;
691 	ssize_t error;
692 retry:
693 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
694 	if (error)
695 		return error;
696 	error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
697 	path_put(&path);
698 	if (retry_estale(error, lookup_flags)) {
699 		lookup_flags |= LOOKUP_REVAL;
700 		goto retry;
701 	}
702 	return error;
703 }
704 
705 SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
706 		const char __user *, name, void __user *, value, size_t, size)
707 {
708 	return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
709 }
710 
711 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
712 		const char __user *, name, void __user *, value, size_t, size)
713 {
714 	return path_getxattr(pathname, name, value, size, 0);
715 }
716 
717 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
718 		void __user *, value, size_t, size)
719 {
720 	struct fd f = fdget(fd);
721 	ssize_t error = -EBADF;
722 
723 	if (!f.file)
724 		return error;
725 	audit_file(f.file);
726 	error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
727 			 name, value, size);
728 	fdput(f);
729 	return error;
730 }
731 
732 /*
733  * Extended attribute LIST operations
734  */
735 static ssize_t
736 listxattr(struct dentry *d, char __user *list, size_t size)
737 {
738 	ssize_t error;
739 	char *klist = NULL;
740 
741 	if (size) {
742 		if (size > XATTR_LIST_MAX)
743 			size = XATTR_LIST_MAX;
744 		klist = kvmalloc(size, GFP_KERNEL);
745 		if (!klist)
746 			return -ENOMEM;
747 	}
748 
749 	error = vfs_listxattr(d, klist, size);
750 	if (error > 0) {
751 		if (size && copy_to_user(list, klist, error))
752 			error = -EFAULT;
753 	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
754 		/* The file system tried to returned a list bigger
755 		   than XATTR_LIST_MAX bytes. Not possible. */
756 		error = -E2BIG;
757 	}
758 
759 	kvfree(klist);
760 
761 	return error;
762 }
763 
764 static ssize_t path_listxattr(const char __user *pathname, char __user *list,
765 			      size_t size, unsigned int lookup_flags)
766 {
767 	struct path path;
768 	ssize_t error;
769 retry:
770 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
771 	if (error)
772 		return error;
773 	error = listxattr(path.dentry, list, size);
774 	path_put(&path);
775 	if (retry_estale(error, lookup_flags)) {
776 		lookup_flags |= LOOKUP_REVAL;
777 		goto retry;
778 	}
779 	return error;
780 }
781 
782 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
783 		size_t, size)
784 {
785 	return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
786 }
787 
788 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
789 		size_t, size)
790 {
791 	return path_listxattr(pathname, list, size, 0);
792 }
793 
794 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
795 {
796 	struct fd f = fdget(fd);
797 	ssize_t error = -EBADF;
798 
799 	if (!f.file)
800 		return error;
801 	audit_file(f.file);
802 	error = listxattr(f.file->f_path.dentry, list, size);
803 	fdput(f);
804 	return error;
805 }
806 
807 /*
808  * Extended attribute REMOVE operations
809  */
810 static long
811 removexattr(struct user_namespace *mnt_userns, struct dentry *d,
812 	    const char __user *name)
813 {
814 	int error;
815 	char kname[XATTR_NAME_MAX + 1];
816 
817 	error = strncpy_from_user(kname, name, sizeof(kname));
818 	if (error == 0 || error == sizeof(kname))
819 		error = -ERANGE;
820 	if (error < 0)
821 		return error;
822 
823 	return vfs_removexattr(mnt_userns, d, kname);
824 }
825 
826 static int path_removexattr(const char __user *pathname,
827 			    const char __user *name, unsigned int lookup_flags)
828 {
829 	struct path path;
830 	int error;
831 retry:
832 	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
833 	if (error)
834 		return error;
835 	error = mnt_want_write(path.mnt);
836 	if (!error) {
837 		error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
838 		mnt_drop_write(path.mnt);
839 	}
840 	path_put(&path);
841 	if (retry_estale(error, lookup_flags)) {
842 		lookup_flags |= LOOKUP_REVAL;
843 		goto retry;
844 	}
845 	return error;
846 }
847 
848 SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
849 		const char __user *, name)
850 {
851 	return path_removexattr(pathname, name, LOOKUP_FOLLOW);
852 }
853 
854 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
855 		const char __user *, name)
856 {
857 	return path_removexattr(pathname, name, 0);
858 }
859 
860 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
861 {
862 	struct fd f = fdget(fd);
863 	int error = -EBADF;
864 
865 	if (!f.file)
866 		return error;
867 	audit_file(f.file);
868 	error = mnt_want_write_file(f.file);
869 	if (!error) {
870 		error = removexattr(file_mnt_user_ns(f.file),
871 				    f.file->f_path.dentry, name);
872 		mnt_drop_write_file(f.file);
873 	}
874 	fdput(f);
875 	return error;
876 }
877 
878 /*
879  * Combine the results of the list() operation from every xattr_handler in the
880  * list.
881  */
882 ssize_t
883 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
884 {
885 	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
886 	unsigned int size = 0;
887 
888 	if (!buffer) {
889 		for_each_xattr_handler(handlers, handler) {
890 			if (!handler->name ||
891 			    (handler->list && !handler->list(dentry)))
892 				continue;
893 			size += strlen(handler->name) + 1;
894 		}
895 	} else {
896 		char *buf = buffer;
897 		size_t len;
898 
899 		for_each_xattr_handler(handlers, handler) {
900 			if (!handler->name ||
901 			    (handler->list && !handler->list(dentry)))
902 				continue;
903 			len = strlen(handler->name);
904 			if (len + 1 > buffer_size)
905 				return -ERANGE;
906 			memcpy(buf, handler->name, len + 1);
907 			buf += len + 1;
908 			buffer_size -= len + 1;
909 		}
910 		size = buf - buffer;
911 	}
912 	return size;
913 }
914 EXPORT_SYMBOL(generic_listxattr);
915 
916 /**
917  * xattr_full_name  -  Compute full attribute name from suffix
918  *
919  * @handler:	handler of the xattr_handler operation
920  * @name:	name passed to the xattr_handler operation
921  *
922  * The get and set xattr handler operations are called with the remainder of
923  * the attribute name after skipping the handler's prefix: for example, "foo"
924  * is passed to the get operation of a handler with prefix "user." to get
925  * attribute "user.foo".  The full name is still "there" in the name though.
926  *
927  * Note: the list xattr handler operation when called from the vfs is passed a
928  * NULL name; some file systems use this operation internally, with varying
929  * semantics.
930  */
931 const char *xattr_full_name(const struct xattr_handler *handler,
932 			    const char *name)
933 {
934 	size_t prefix_len = strlen(xattr_prefix(handler));
935 
936 	return name - prefix_len;
937 }
938 EXPORT_SYMBOL(xattr_full_name);
939 
940 /*
941  * Allocate new xattr and copy in the value; but leave the name to callers.
942  */
943 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
944 {
945 	struct simple_xattr *new_xattr;
946 	size_t len;
947 
948 	/* wrap around? */
949 	len = sizeof(*new_xattr) + size;
950 	if (len < sizeof(*new_xattr))
951 		return NULL;
952 
953 	new_xattr = kvmalloc(len, GFP_KERNEL);
954 	if (!new_xattr)
955 		return NULL;
956 
957 	new_xattr->size = size;
958 	memcpy(new_xattr->value, value, size);
959 	return new_xattr;
960 }
961 
962 /*
963  * xattr GET operation for in-memory/pseudo filesystems
964  */
965 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
966 		     void *buffer, size_t size)
967 {
968 	struct simple_xattr *xattr;
969 	int ret = -ENODATA;
970 
971 	spin_lock(&xattrs->lock);
972 	list_for_each_entry(xattr, &xattrs->head, list) {
973 		if (strcmp(name, xattr->name))
974 			continue;
975 
976 		ret = xattr->size;
977 		if (buffer) {
978 			if (size < xattr->size)
979 				ret = -ERANGE;
980 			else
981 				memcpy(buffer, xattr->value, xattr->size);
982 		}
983 		break;
984 	}
985 	spin_unlock(&xattrs->lock);
986 	return ret;
987 }
988 
989 /**
990  * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
991  * @xattrs: target simple_xattr list
992  * @name: name of the extended attribute
993  * @value: value of the xattr. If %NULL, will remove the attribute.
994  * @size: size of the new xattr
995  * @flags: %XATTR_{CREATE|REPLACE}
996  * @removed_size: returns size of the removed xattr, -1 if none removed
997  *
998  * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
999  * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
1000  * otherwise, fails with -ENODATA.
1001  *
1002  * Returns 0 on success, -errno on failure.
1003  */
1004 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1005 		     const void *value, size_t size, int flags,
1006 		     ssize_t *removed_size)
1007 {
1008 	struct simple_xattr *xattr;
1009 	struct simple_xattr *new_xattr = NULL;
1010 	int err = 0;
1011 
1012 	if (removed_size)
1013 		*removed_size = -1;
1014 
1015 	/* value == NULL means remove */
1016 	if (value) {
1017 		new_xattr = simple_xattr_alloc(value, size);
1018 		if (!new_xattr)
1019 			return -ENOMEM;
1020 
1021 		new_xattr->name = kstrdup(name, GFP_KERNEL);
1022 		if (!new_xattr->name) {
1023 			kvfree(new_xattr);
1024 			return -ENOMEM;
1025 		}
1026 	}
1027 
1028 	spin_lock(&xattrs->lock);
1029 	list_for_each_entry(xattr, &xattrs->head, list) {
1030 		if (!strcmp(name, xattr->name)) {
1031 			if (flags & XATTR_CREATE) {
1032 				xattr = new_xattr;
1033 				err = -EEXIST;
1034 			} else if (new_xattr) {
1035 				list_replace(&xattr->list, &new_xattr->list);
1036 				if (removed_size)
1037 					*removed_size = xattr->size;
1038 			} else {
1039 				list_del(&xattr->list);
1040 				if (removed_size)
1041 					*removed_size = xattr->size;
1042 			}
1043 			goto out;
1044 		}
1045 	}
1046 	if (flags & XATTR_REPLACE) {
1047 		xattr = new_xattr;
1048 		err = -ENODATA;
1049 	} else {
1050 		list_add(&new_xattr->list, &xattrs->head);
1051 		xattr = NULL;
1052 	}
1053 out:
1054 	spin_unlock(&xattrs->lock);
1055 	if (xattr) {
1056 		kfree(xattr->name);
1057 		kvfree(xattr);
1058 	}
1059 	return err;
1060 
1061 }
1062 
1063 static bool xattr_is_trusted(const char *name)
1064 {
1065 	return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1066 }
1067 
1068 static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1069 			  const char *name)
1070 {
1071 	size_t len = strlen(name) + 1;
1072 	if (*buffer) {
1073 		if (*remaining_size < len)
1074 			return -ERANGE;
1075 		memcpy(*buffer, name, len);
1076 		*buffer += len;
1077 	}
1078 	*remaining_size -= len;
1079 	return 0;
1080 }
1081 
1082 /*
1083  * xattr LIST operation for in-memory/pseudo filesystems
1084  */
1085 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1086 			  char *buffer, size_t size)
1087 {
1088 	bool trusted = capable(CAP_SYS_ADMIN);
1089 	struct simple_xattr *xattr;
1090 	ssize_t remaining_size = size;
1091 	int err = 0;
1092 
1093 #ifdef CONFIG_FS_POSIX_ACL
1094 	if (IS_POSIXACL(inode)) {
1095 		if (inode->i_acl) {
1096 			err = xattr_list_one(&buffer, &remaining_size,
1097 					     XATTR_NAME_POSIX_ACL_ACCESS);
1098 			if (err)
1099 				return err;
1100 		}
1101 		if (inode->i_default_acl) {
1102 			err = xattr_list_one(&buffer, &remaining_size,
1103 					     XATTR_NAME_POSIX_ACL_DEFAULT);
1104 			if (err)
1105 				return err;
1106 		}
1107 	}
1108 #endif
1109 
1110 	spin_lock(&xattrs->lock);
1111 	list_for_each_entry(xattr, &xattrs->head, list) {
1112 		/* skip "trusted." attributes for unprivileged callers */
1113 		if (!trusted && xattr_is_trusted(xattr->name))
1114 			continue;
1115 
1116 		err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1117 		if (err)
1118 			break;
1119 	}
1120 	spin_unlock(&xattrs->lock);
1121 
1122 	return err ? err : size - remaining_size;
1123 }
1124 
1125 /*
1126  * Adds an extended attribute to the list
1127  */
1128 void simple_xattr_list_add(struct simple_xattrs *xattrs,
1129 			   struct simple_xattr *new_xattr)
1130 {
1131 	spin_lock(&xattrs->lock);
1132 	list_add(&new_xattr->list, &xattrs->head);
1133 	spin_unlock(&xattrs->lock);
1134 }
1135