1 /* 2 File: fs/xattr.c 3 4 Extended attribute handling. 5 6 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 7 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 8 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 */ 10 #include <linux/fs.h> 11 #include <linux/slab.h> 12 #include <linux/file.h> 13 #include <linux/xattr.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/evm.h> 18 #include <linux/syscalls.h> 19 #include <linux/export.h> 20 #include <linux/fsnotify.h> 21 #include <linux/audit.h> 22 #include <linux/vmalloc.h> 23 #include <linux/posix_acl_xattr.h> 24 25 #include <asm/uaccess.h> 26 27 /* 28 * Check permissions for extended attribute access. This is a bit complicated 29 * because different namespaces have very different rules. 30 */ 31 static int 32 xattr_permission(struct inode *inode, const char *name, int mask) 33 { 34 /* 35 * We can never set or remove an extended attribute on a read-only 36 * filesystem or on an immutable / append-only inode. 37 */ 38 if (mask & MAY_WRITE) { 39 if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 40 return -EPERM; 41 /* 42 * Updating an xattr will likely cause i_uid and i_gid 43 * to be writen back improperly if their true value is 44 * unknown to the vfs. 45 */ 46 if (HAS_UNMAPPED_ID(inode)) 47 return -EPERM; 48 } 49 50 /* 51 * No restriction for security.* and system.* from the VFS. Decision 52 * on these is left to the underlying filesystem / security module. 53 */ 54 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 55 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 56 return 0; 57 58 /* 59 * The trusted.* namespace can only be accessed by privileged users. 60 */ 61 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 62 if (!capable(CAP_SYS_ADMIN)) 63 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 64 return 0; 65 } 66 67 /* 68 * In the user.* namespace, only regular files and directories can have 69 * extended attributes. For sticky directories, only the owner and 70 * privileged users can write attributes. 71 */ 72 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 73 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 74 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 75 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 76 (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) 77 return -EPERM; 78 } 79 80 return inode_permission(inode, mask); 81 } 82 83 /** 84 * __vfs_setxattr_noperm - perform setxattr operation without performing 85 * permission checks. 86 * 87 * @dentry - object to perform setxattr on 88 * @name - xattr name to set 89 * @value - value to set @name to 90 * @size - size of @value 91 * @flags - flags to pass into filesystem operations 92 * 93 * returns the result of the internal setxattr or setsecurity operations. 94 * 95 * This function requires the caller to lock the inode's i_mutex before it 96 * is executed. It also assumes that the caller will make the appropriate 97 * permission checks. 98 */ 99 int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, 100 const void *value, size_t size, int flags) 101 { 102 struct inode *inode = dentry->d_inode; 103 int error = -EOPNOTSUPP; 104 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 105 XATTR_SECURITY_PREFIX_LEN); 106 107 if (issec) 108 inode->i_flags &= ~S_NOSEC; 109 if (inode->i_op->setxattr) { 110 error = inode->i_op->setxattr(dentry, inode, name, value, size, flags); 111 if (!error) { 112 fsnotify_xattr(dentry); 113 security_inode_post_setxattr(dentry, name, value, 114 size, flags); 115 } 116 } else if (issec) { 117 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 118 error = security_inode_setsecurity(inode, suffix, value, 119 size, flags); 120 if (!error) 121 fsnotify_xattr(dentry); 122 } 123 124 return error; 125 } 126 127 128 int 129 vfs_setxattr(struct dentry *dentry, const char *name, const void *value, 130 size_t size, int flags) 131 { 132 struct inode *inode = dentry->d_inode; 133 int error; 134 135 error = xattr_permission(inode, name, MAY_WRITE); 136 if (error) 137 return error; 138 139 inode_lock(inode); 140 error = security_inode_setxattr(dentry, name, value, size, flags); 141 if (error) 142 goto out; 143 144 error = __vfs_setxattr_noperm(dentry, name, value, size, flags); 145 146 out: 147 inode_unlock(inode); 148 return error; 149 } 150 EXPORT_SYMBOL_GPL(vfs_setxattr); 151 152 ssize_t 153 xattr_getsecurity(struct inode *inode, const char *name, void *value, 154 size_t size) 155 { 156 void *buffer = NULL; 157 ssize_t len; 158 159 if (!value || !size) { 160 len = security_inode_getsecurity(inode, name, &buffer, false); 161 goto out_noalloc; 162 } 163 164 len = security_inode_getsecurity(inode, name, &buffer, true); 165 if (len < 0) 166 return len; 167 if (size < len) { 168 len = -ERANGE; 169 goto out; 170 } 171 memcpy(value, buffer, len); 172 out: 173 security_release_secctx(buffer, len); 174 out_noalloc: 175 return len; 176 } 177 EXPORT_SYMBOL_GPL(xattr_getsecurity); 178 179 /* 180 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 181 * 182 * Allocate memory, if not already allocated, or re-allocate correct size, 183 * before retrieving the extended attribute. 184 * 185 * Returns the result of alloc, if failed, or the getxattr operation. 186 */ 187 ssize_t 188 vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, 189 size_t xattr_size, gfp_t flags) 190 { 191 struct inode *inode = dentry->d_inode; 192 char *value = *xattr_value; 193 int error; 194 195 error = xattr_permission(inode, name, MAY_READ); 196 if (error) 197 return error; 198 199 if (!inode->i_op->getxattr) 200 return -EOPNOTSUPP; 201 202 error = inode->i_op->getxattr(dentry, inode, name, NULL, 0); 203 if (error < 0) 204 return error; 205 206 if (!value || (error > xattr_size)) { 207 value = krealloc(*xattr_value, error + 1, flags); 208 if (!value) 209 return -ENOMEM; 210 memset(value, 0, error + 1); 211 } 212 213 error = inode->i_op->getxattr(dentry, inode, name, value, error); 214 *xattr_value = value; 215 return error; 216 } 217 218 ssize_t 219 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) 220 { 221 struct inode *inode = dentry->d_inode; 222 int error; 223 224 error = xattr_permission(inode, name, MAY_READ); 225 if (error) 226 return error; 227 228 error = security_inode_getxattr(dentry, name); 229 if (error) 230 return error; 231 232 if (!strncmp(name, XATTR_SECURITY_PREFIX, 233 XATTR_SECURITY_PREFIX_LEN)) { 234 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 235 int ret = xattr_getsecurity(inode, suffix, value, size); 236 /* 237 * Only overwrite the return value if a security module 238 * is actually active. 239 */ 240 if (ret == -EOPNOTSUPP) 241 goto nolsm; 242 return ret; 243 } 244 nolsm: 245 if (inode->i_op->getxattr) 246 error = inode->i_op->getxattr(dentry, inode, name, value, size); 247 else 248 error = -EOPNOTSUPP; 249 250 return error; 251 } 252 EXPORT_SYMBOL_GPL(vfs_getxattr); 253 254 ssize_t 255 vfs_listxattr(struct dentry *d, char *list, size_t size) 256 { 257 ssize_t error; 258 259 error = security_inode_listxattr(d); 260 if (error) 261 return error; 262 error = -EOPNOTSUPP; 263 if (d->d_inode->i_op->listxattr) { 264 error = d->d_inode->i_op->listxattr(d, list, size); 265 } else { 266 error = security_inode_listsecurity(d->d_inode, list, size); 267 if (size && error > size) 268 error = -ERANGE; 269 } 270 return error; 271 } 272 EXPORT_SYMBOL_GPL(vfs_listxattr); 273 274 int 275 vfs_removexattr(struct dentry *dentry, const char *name) 276 { 277 struct inode *inode = dentry->d_inode; 278 int error; 279 280 if (!inode->i_op->removexattr) 281 return -EOPNOTSUPP; 282 283 error = xattr_permission(inode, name, MAY_WRITE); 284 if (error) 285 return error; 286 287 inode_lock(inode); 288 error = security_inode_removexattr(dentry, name); 289 if (error) 290 goto out; 291 292 error = inode->i_op->removexattr(dentry, name); 293 294 if (!error) { 295 fsnotify_xattr(dentry); 296 evm_inode_post_removexattr(dentry, name); 297 } 298 299 out: 300 inode_unlock(inode); 301 return error; 302 } 303 EXPORT_SYMBOL_GPL(vfs_removexattr); 304 305 306 /* 307 * Extended attribute SET operations 308 */ 309 static long 310 setxattr(struct dentry *d, const char __user *name, const void __user *value, 311 size_t size, int flags) 312 { 313 int error; 314 void *kvalue = NULL; 315 char kname[XATTR_NAME_MAX + 1]; 316 317 if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) 318 return -EINVAL; 319 320 error = strncpy_from_user(kname, name, sizeof(kname)); 321 if (error == 0 || error == sizeof(kname)) 322 error = -ERANGE; 323 if (error < 0) 324 return error; 325 326 if (size) { 327 if (size > XATTR_SIZE_MAX) 328 return -E2BIG; 329 kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); 330 if (!kvalue) { 331 kvalue = vmalloc(size); 332 if (!kvalue) 333 return -ENOMEM; 334 } 335 if (copy_from_user(kvalue, value, size)) { 336 error = -EFAULT; 337 goto out; 338 } 339 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 340 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 341 posix_acl_fix_xattr_from_user(kvalue, size); 342 } 343 344 error = vfs_setxattr(d, kname, kvalue, size, flags); 345 out: 346 kvfree(kvalue); 347 348 return error; 349 } 350 351 static int path_setxattr(const char __user *pathname, 352 const char __user *name, const void __user *value, 353 size_t size, int flags, unsigned int lookup_flags) 354 { 355 struct path path; 356 int error; 357 retry: 358 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 359 if (error) 360 return error; 361 error = mnt_want_write(path.mnt); 362 if (!error) { 363 error = setxattr(path.dentry, name, value, size, flags); 364 mnt_drop_write(path.mnt); 365 } 366 path_put(&path); 367 if (retry_estale(error, lookup_flags)) { 368 lookup_flags |= LOOKUP_REVAL; 369 goto retry; 370 } 371 return error; 372 } 373 374 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 375 const char __user *, name, const void __user *, value, 376 size_t, size, int, flags) 377 { 378 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 379 } 380 381 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 382 const char __user *, name, const void __user *, value, 383 size_t, size, int, flags) 384 { 385 return path_setxattr(pathname, name, value, size, flags, 0); 386 } 387 388 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 389 const void __user *,value, size_t, size, int, flags) 390 { 391 struct fd f = fdget(fd); 392 int error = -EBADF; 393 394 if (!f.file) 395 return error; 396 audit_file(f.file); 397 error = mnt_want_write_file(f.file); 398 if (!error) { 399 error = setxattr(f.file->f_path.dentry, name, value, size, flags); 400 mnt_drop_write_file(f.file); 401 } 402 fdput(f); 403 return error; 404 } 405 406 /* 407 * Extended attribute GET operations 408 */ 409 static ssize_t 410 getxattr(struct dentry *d, const char __user *name, void __user *value, 411 size_t size) 412 { 413 ssize_t error; 414 void *kvalue = NULL; 415 char kname[XATTR_NAME_MAX + 1]; 416 417 error = strncpy_from_user(kname, name, sizeof(kname)); 418 if (error == 0 || error == sizeof(kname)) 419 error = -ERANGE; 420 if (error < 0) 421 return error; 422 423 if (size) { 424 if (size > XATTR_SIZE_MAX) 425 size = XATTR_SIZE_MAX; 426 kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 427 if (!kvalue) { 428 kvalue = vmalloc(size); 429 if (!kvalue) 430 return -ENOMEM; 431 } 432 } 433 434 error = vfs_getxattr(d, kname, kvalue, size); 435 if (error > 0) { 436 if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) || 437 (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0)) 438 posix_acl_fix_xattr_to_user(kvalue, size); 439 if (size && copy_to_user(value, kvalue, error)) 440 error = -EFAULT; 441 } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) { 442 /* The file system tried to returned a value bigger 443 than XATTR_SIZE_MAX bytes. Not possible. */ 444 error = -E2BIG; 445 } 446 447 kvfree(kvalue); 448 449 return error; 450 } 451 452 static ssize_t path_getxattr(const char __user *pathname, 453 const char __user *name, void __user *value, 454 size_t size, unsigned int lookup_flags) 455 { 456 struct path path; 457 ssize_t error; 458 retry: 459 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 460 if (error) 461 return error; 462 error = getxattr(path.dentry, name, value, size); 463 path_put(&path); 464 if (retry_estale(error, lookup_flags)) { 465 lookup_flags |= LOOKUP_REVAL; 466 goto retry; 467 } 468 return error; 469 } 470 471 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 472 const char __user *, name, void __user *, value, size_t, size) 473 { 474 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 475 } 476 477 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 478 const char __user *, name, void __user *, value, size_t, size) 479 { 480 return path_getxattr(pathname, name, value, size, 0); 481 } 482 483 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 484 void __user *, value, size_t, size) 485 { 486 struct fd f = fdget(fd); 487 ssize_t error = -EBADF; 488 489 if (!f.file) 490 return error; 491 audit_file(f.file); 492 error = getxattr(f.file->f_path.dentry, name, value, size); 493 fdput(f); 494 return error; 495 } 496 497 /* 498 * Extended attribute LIST operations 499 */ 500 static ssize_t 501 listxattr(struct dentry *d, char __user *list, size_t size) 502 { 503 ssize_t error; 504 char *klist = NULL; 505 506 if (size) { 507 if (size > XATTR_LIST_MAX) 508 size = XATTR_LIST_MAX; 509 klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); 510 if (!klist) { 511 klist = vmalloc(size); 512 if (!klist) 513 return -ENOMEM; 514 } 515 } 516 517 error = vfs_listxattr(d, klist, size); 518 if (error > 0) { 519 if (size && copy_to_user(list, klist, error)) 520 error = -EFAULT; 521 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 522 /* The file system tried to returned a list bigger 523 than XATTR_LIST_MAX bytes. Not possible. */ 524 error = -E2BIG; 525 } 526 527 kvfree(klist); 528 529 return error; 530 } 531 532 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 533 size_t size, unsigned int lookup_flags) 534 { 535 struct path path; 536 ssize_t error; 537 retry: 538 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 539 if (error) 540 return error; 541 error = listxattr(path.dentry, list, size); 542 path_put(&path); 543 if (retry_estale(error, lookup_flags)) { 544 lookup_flags |= LOOKUP_REVAL; 545 goto retry; 546 } 547 return error; 548 } 549 550 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 551 size_t, size) 552 { 553 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 554 } 555 556 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 557 size_t, size) 558 { 559 return path_listxattr(pathname, list, size, 0); 560 } 561 562 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 563 { 564 struct fd f = fdget(fd); 565 ssize_t error = -EBADF; 566 567 if (!f.file) 568 return error; 569 audit_file(f.file); 570 error = listxattr(f.file->f_path.dentry, list, size); 571 fdput(f); 572 return error; 573 } 574 575 /* 576 * Extended attribute REMOVE operations 577 */ 578 static long 579 removexattr(struct dentry *d, const char __user *name) 580 { 581 int error; 582 char kname[XATTR_NAME_MAX + 1]; 583 584 error = strncpy_from_user(kname, name, sizeof(kname)); 585 if (error == 0 || error == sizeof(kname)) 586 error = -ERANGE; 587 if (error < 0) 588 return error; 589 590 return vfs_removexattr(d, kname); 591 } 592 593 static int path_removexattr(const char __user *pathname, 594 const char __user *name, unsigned int lookup_flags) 595 { 596 struct path path; 597 int error; 598 retry: 599 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 600 if (error) 601 return error; 602 error = mnt_want_write(path.mnt); 603 if (!error) { 604 error = removexattr(path.dentry, name); 605 mnt_drop_write(path.mnt); 606 } 607 path_put(&path); 608 if (retry_estale(error, lookup_flags)) { 609 lookup_flags |= LOOKUP_REVAL; 610 goto retry; 611 } 612 return error; 613 } 614 615 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 616 const char __user *, name) 617 { 618 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 619 } 620 621 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 622 const char __user *, name) 623 { 624 return path_removexattr(pathname, name, 0); 625 } 626 627 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 628 { 629 struct fd f = fdget(fd); 630 int error = -EBADF; 631 632 if (!f.file) 633 return error; 634 audit_file(f.file); 635 error = mnt_want_write_file(f.file); 636 if (!error) { 637 error = removexattr(f.file->f_path.dentry, name); 638 mnt_drop_write_file(f.file); 639 } 640 fdput(f); 641 return error; 642 } 643 644 645 static const char * 646 strcmp_prefix(const char *a, const char *a_prefix) 647 { 648 while (*a_prefix && *a == *a_prefix) { 649 a++; 650 a_prefix++; 651 } 652 return *a_prefix ? NULL : a; 653 } 654 655 /* 656 * In order to implement different sets of xattr operations for each xattr 657 * prefix with the generic xattr API, a filesystem should create a 658 * null-terminated array of struct xattr_handler (one for each prefix) and 659 * hang a pointer to it off of the s_xattr field of the superblock. 660 * 661 * The generic_fooxattr() functions will use this list to dispatch xattr 662 * operations to the correct xattr_handler. 663 */ 664 #define for_each_xattr_handler(handlers, handler) \ 665 if (handlers) \ 666 for ((handler) = *(handlers)++; \ 667 (handler) != NULL; \ 668 (handler) = *(handlers)++) 669 670 /* 671 * Find the xattr_handler with the matching prefix. 672 */ 673 static const struct xattr_handler * 674 xattr_resolve_name(const struct xattr_handler **handlers, const char **name) 675 { 676 const struct xattr_handler *handler; 677 678 if (!*name) 679 return ERR_PTR(-EINVAL); 680 681 for_each_xattr_handler(handlers, handler) { 682 const char *n; 683 684 n = strcmp_prefix(*name, xattr_prefix(handler)); 685 if (n) { 686 if (!handler->prefix ^ !*n) { 687 if (*n) 688 continue; 689 return ERR_PTR(-EINVAL); 690 } 691 *name = n; 692 return handler; 693 } 694 } 695 return ERR_PTR(-EOPNOTSUPP); 696 } 697 698 /* 699 * Find the handler for the prefix and dispatch its get() operation. 700 */ 701 ssize_t 702 generic_getxattr(struct dentry *dentry, struct inode *inode, 703 const char *name, void *buffer, size_t size) 704 { 705 const struct xattr_handler *handler; 706 707 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 708 if (IS_ERR(handler)) 709 return PTR_ERR(handler); 710 return handler->get(handler, dentry, inode, 711 name, buffer, size); 712 } 713 714 /* 715 * Combine the results of the list() operation from every xattr_handler in the 716 * list. 717 */ 718 ssize_t 719 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 720 { 721 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 722 unsigned int size = 0; 723 724 if (!buffer) { 725 for_each_xattr_handler(handlers, handler) { 726 if (!handler->name || 727 (handler->list && !handler->list(dentry))) 728 continue; 729 size += strlen(handler->name) + 1; 730 } 731 } else { 732 char *buf = buffer; 733 size_t len; 734 735 for_each_xattr_handler(handlers, handler) { 736 if (!handler->name || 737 (handler->list && !handler->list(dentry))) 738 continue; 739 len = strlen(handler->name); 740 if (len + 1 > buffer_size) 741 return -ERANGE; 742 memcpy(buf, handler->name, len + 1); 743 buf += len + 1; 744 buffer_size -= len + 1; 745 } 746 size = buf - buffer; 747 } 748 return size; 749 } 750 751 /* 752 * Find the handler for the prefix and dispatch its set() operation. 753 */ 754 int 755 generic_setxattr(struct dentry *dentry, struct inode *inode, const char *name, 756 const void *value, size_t size, int flags) 757 { 758 const struct xattr_handler *handler; 759 760 if (size == 0) 761 value = ""; /* empty EA, do not remove */ 762 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 763 if (IS_ERR(handler)) 764 return PTR_ERR(handler); 765 return handler->set(handler, dentry, inode, name, value, size, flags); 766 } 767 768 /* 769 * Find the handler for the prefix and dispatch its set() operation to remove 770 * any associated extended attribute. 771 */ 772 int 773 generic_removexattr(struct dentry *dentry, const char *name) 774 { 775 const struct xattr_handler *handler; 776 777 handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); 778 if (IS_ERR(handler)) 779 return PTR_ERR(handler); 780 return handler->set(handler, dentry, d_inode(dentry), name, NULL, 781 0, XATTR_REPLACE); 782 } 783 784 EXPORT_SYMBOL(generic_getxattr); 785 EXPORT_SYMBOL(generic_listxattr); 786 EXPORT_SYMBOL(generic_setxattr); 787 EXPORT_SYMBOL(generic_removexattr); 788 789 /** 790 * xattr_full_name - Compute full attribute name from suffix 791 * 792 * @handler: handler of the xattr_handler operation 793 * @name: name passed to the xattr_handler operation 794 * 795 * The get and set xattr handler operations are called with the remainder of 796 * the attribute name after skipping the handler's prefix: for example, "foo" 797 * is passed to the get operation of a handler with prefix "user." to get 798 * attribute "user.foo". The full name is still "there" in the name though. 799 * 800 * Note: the list xattr handler operation when called from the vfs is passed a 801 * NULL name; some file systems use this operation internally, with varying 802 * semantics. 803 */ 804 const char *xattr_full_name(const struct xattr_handler *handler, 805 const char *name) 806 { 807 size_t prefix_len = strlen(xattr_prefix(handler)); 808 809 return name - prefix_len; 810 } 811 EXPORT_SYMBOL(xattr_full_name); 812 813 /* 814 * Allocate new xattr and copy in the value; but leave the name to callers. 815 */ 816 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 817 { 818 struct simple_xattr *new_xattr; 819 size_t len; 820 821 /* wrap around? */ 822 len = sizeof(*new_xattr) + size; 823 if (len < sizeof(*new_xattr)) 824 return NULL; 825 826 new_xattr = kmalloc(len, GFP_KERNEL); 827 if (!new_xattr) 828 return NULL; 829 830 new_xattr->size = size; 831 memcpy(new_xattr->value, value, size); 832 return new_xattr; 833 } 834 835 /* 836 * xattr GET operation for in-memory/pseudo filesystems 837 */ 838 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 839 void *buffer, size_t size) 840 { 841 struct simple_xattr *xattr; 842 int ret = -ENODATA; 843 844 spin_lock(&xattrs->lock); 845 list_for_each_entry(xattr, &xattrs->head, list) { 846 if (strcmp(name, xattr->name)) 847 continue; 848 849 ret = xattr->size; 850 if (buffer) { 851 if (size < xattr->size) 852 ret = -ERANGE; 853 else 854 memcpy(buffer, xattr->value, xattr->size); 855 } 856 break; 857 } 858 spin_unlock(&xattrs->lock); 859 return ret; 860 } 861 862 /** 863 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems 864 * @xattrs: target simple_xattr list 865 * @name: name of the extended attribute 866 * @value: value of the xattr. If %NULL, will remove the attribute. 867 * @size: size of the new xattr 868 * @flags: %XATTR_{CREATE|REPLACE} 869 * 870 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails 871 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; 872 * otherwise, fails with -ENODATA. 873 * 874 * Returns 0 on success, -errno on failure. 875 */ 876 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 877 const void *value, size_t size, int flags) 878 { 879 struct simple_xattr *xattr; 880 struct simple_xattr *new_xattr = NULL; 881 int err = 0; 882 883 /* value == NULL means remove */ 884 if (value) { 885 new_xattr = simple_xattr_alloc(value, size); 886 if (!new_xattr) 887 return -ENOMEM; 888 889 new_xattr->name = kstrdup(name, GFP_KERNEL); 890 if (!new_xattr->name) { 891 kfree(new_xattr); 892 return -ENOMEM; 893 } 894 } 895 896 spin_lock(&xattrs->lock); 897 list_for_each_entry(xattr, &xattrs->head, list) { 898 if (!strcmp(name, xattr->name)) { 899 if (flags & XATTR_CREATE) { 900 xattr = new_xattr; 901 err = -EEXIST; 902 } else if (new_xattr) { 903 list_replace(&xattr->list, &new_xattr->list); 904 } else { 905 list_del(&xattr->list); 906 } 907 goto out; 908 } 909 } 910 if (flags & XATTR_REPLACE) { 911 xattr = new_xattr; 912 err = -ENODATA; 913 } else { 914 list_add(&new_xattr->list, &xattrs->head); 915 xattr = NULL; 916 } 917 out: 918 spin_unlock(&xattrs->lock); 919 if (xattr) { 920 kfree(xattr->name); 921 kfree(xattr); 922 } 923 return err; 924 925 } 926 927 static bool xattr_is_trusted(const char *name) 928 { 929 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 930 } 931 932 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 933 const char *name) 934 { 935 size_t len = strlen(name) + 1; 936 if (*buffer) { 937 if (*remaining_size < len) 938 return -ERANGE; 939 memcpy(*buffer, name, len); 940 *buffer += len; 941 } 942 *remaining_size -= len; 943 return 0; 944 } 945 946 /* 947 * xattr LIST operation for in-memory/pseudo filesystems 948 */ 949 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 950 char *buffer, size_t size) 951 { 952 bool trusted = capable(CAP_SYS_ADMIN); 953 struct simple_xattr *xattr; 954 ssize_t remaining_size = size; 955 int err = 0; 956 957 #ifdef CONFIG_FS_POSIX_ACL 958 if (inode->i_acl) { 959 err = xattr_list_one(&buffer, &remaining_size, 960 XATTR_NAME_POSIX_ACL_ACCESS); 961 if (err) 962 return err; 963 } 964 if (inode->i_default_acl) { 965 err = xattr_list_one(&buffer, &remaining_size, 966 XATTR_NAME_POSIX_ACL_DEFAULT); 967 if (err) 968 return err; 969 } 970 #endif 971 972 spin_lock(&xattrs->lock); 973 list_for_each_entry(xattr, &xattrs->head, list) { 974 /* skip "trusted." attributes for unprivileged callers */ 975 if (!trusted && xattr_is_trusted(xattr->name)) 976 continue; 977 978 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 979 if (err) 980 break; 981 } 982 spin_unlock(&xattrs->lock); 983 984 return err ? err : size - remaining_size; 985 } 986 987 /* 988 * Adds an extended attribute to the list 989 */ 990 void simple_xattr_list_add(struct simple_xattrs *xattrs, 991 struct simple_xattr *new_xattr) 992 { 993 spin_lock(&xattrs->lock); 994 list_add(&new_xattr->list, &xattrs->head); 995 spin_unlock(&xattrs->lock); 996 } 997