1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 File: fs/xattr.c 4 5 Extended attribute handling. 6 7 Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org> 8 Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com> 9 Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 */ 11 #include <linux/fs.h> 12 #include <linux/slab.h> 13 #include <linux/file.h> 14 #include <linux/xattr.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/security.h> 18 #include <linux/evm.h> 19 #include <linux/syscalls.h> 20 #include <linux/export.h> 21 #include <linux/fsnotify.h> 22 #include <linux/audit.h> 23 #include <linux/vmalloc.h> 24 #include <linux/posix_acl_xattr.h> 25 26 #include <linux/uaccess.h> 27 28 #include "internal.h" 29 30 static const char * 31 strcmp_prefix(const char *a, const char *a_prefix) 32 { 33 while (*a_prefix && *a == *a_prefix) { 34 a++; 35 a_prefix++; 36 } 37 return *a_prefix ? NULL : a; 38 } 39 40 /* 41 * In order to implement different sets of xattr operations for each xattr 42 * prefix, a filesystem should create a null-terminated array of struct 43 * xattr_handler (one for each prefix) and hang a pointer to it off of the 44 * s_xattr field of the superblock. 45 */ 46 #define for_each_xattr_handler(handlers, handler) \ 47 if (handlers) \ 48 for ((handler) = *(handlers)++; \ 49 (handler) != NULL; \ 50 (handler) = *(handlers)++) 51 52 /* 53 * Find the xattr_handler with the matching prefix. 54 */ 55 static const struct xattr_handler * 56 xattr_resolve_name(struct inode *inode, const char **name) 57 { 58 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 59 const struct xattr_handler *handler; 60 61 if (!(inode->i_opflags & IOP_XATTR)) { 62 if (unlikely(is_bad_inode(inode))) 63 return ERR_PTR(-EIO); 64 return ERR_PTR(-EOPNOTSUPP); 65 } 66 for_each_xattr_handler(handlers, handler) { 67 const char *n; 68 69 n = strcmp_prefix(*name, xattr_prefix(handler)); 70 if (n) { 71 if (!handler->prefix ^ !*n) { 72 if (*n) 73 continue; 74 return ERR_PTR(-EINVAL); 75 } 76 *name = n; 77 return handler; 78 } 79 } 80 return ERR_PTR(-EOPNOTSUPP); 81 } 82 83 /** 84 * may_write_xattr - check whether inode allows writing xattr 85 * @mnt_userns: User namespace of the mount the inode was found from 86 * @inode: the inode on which to set an xattr 87 * 88 * Check whether the inode allows writing xattrs. Specifically, we can never 89 * set or remove an extended attribute on a read-only filesystem or on an 90 * immutable / append-only inode. 91 * 92 * We also need to ensure that the inode has a mapping in the mount to 93 * not risk writing back invalid i_{g,u}id values. 94 * 95 * Return: On success zero is returned. On error a negative errno is returned. 96 */ 97 int may_write_xattr(struct user_namespace *mnt_userns, struct inode *inode) 98 { 99 if (IS_IMMUTABLE(inode)) 100 return -EPERM; 101 if (IS_APPEND(inode)) 102 return -EPERM; 103 if (HAS_UNMAPPED_ID(mnt_userns, inode)) 104 return -EPERM; 105 return 0; 106 } 107 108 /* 109 * Check permissions for extended attribute access. This is a bit complicated 110 * because different namespaces have very different rules. 111 */ 112 static int 113 xattr_permission(struct user_namespace *mnt_userns, struct inode *inode, 114 const char *name, int mask) 115 { 116 if (mask & MAY_WRITE) { 117 int ret; 118 119 ret = may_write_xattr(mnt_userns, inode); 120 if (ret) 121 return ret; 122 } 123 124 /* 125 * No restriction for security.* and system.* from the VFS. Decision 126 * on these is left to the underlying filesystem / security module. 127 */ 128 if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) || 129 !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) 130 return 0; 131 132 /* 133 * The trusted.* namespace can only be accessed by privileged users. 134 */ 135 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { 136 if (!capable(CAP_SYS_ADMIN)) 137 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 138 return 0; 139 } 140 141 /* 142 * In the user.* namespace, only regular files and directories can have 143 * extended attributes. For sticky directories, only the owner and 144 * privileged users can write attributes. 145 */ 146 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { 147 if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 148 return (mask & MAY_WRITE) ? -EPERM : -ENODATA; 149 if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && 150 (mask & MAY_WRITE) && 151 !inode_owner_or_capable(mnt_userns, inode)) 152 return -EPERM; 153 } 154 155 return inode_permission(mnt_userns, inode, mask); 156 } 157 158 /* 159 * Look for any handler that deals with the specified namespace. 160 */ 161 int 162 xattr_supported_namespace(struct inode *inode, const char *prefix) 163 { 164 const struct xattr_handler **handlers = inode->i_sb->s_xattr; 165 const struct xattr_handler *handler; 166 size_t preflen; 167 168 if (!(inode->i_opflags & IOP_XATTR)) { 169 if (unlikely(is_bad_inode(inode))) 170 return -EIO; 171 return -EOPNOTSUPP; 172 } 173 174 preflen = strlen(prefix); 175 176 for_each_xattr_handler(handlers, handler) { 177 if (!strncmp(xattr_prefix(handler), prefix, preflen)) 178 return 0; 179 } 180 181 return -EOPNOTSUPP; 182 } 183 EXPORT_SYMBOL(xattr_supported_namespace); 184 185 int 186 __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 187 struct inode *inode, const char *name, const void *value, 188 size_t size, int flags) 189 { 190 const struct xattr_handler *handler; 191 192 handler = xattr_resolve_name(inode, &name); 193 if (IS_ERR(handler)) 194 return PTR_ERR(handler); 195 if (!handler->set) 196 return -EOPNOTSUPP; 197 if (size == 0) 198 value = ""; /* empty EA, do not remove */ 199 return handler->set(handler, mnt_userns, dentry, inode, name, value, 200 size, flags); 201 } 202 EXPORT_SYMBOL(__vfs_setxattr); 203 204 /** 205 * __vfs_setxattr_noperm - perform setxattr operation without performing 206 * permission checks. 207 * 208 * @mnt_userns: user namespace of the mount the inode was found from 209 * @dentry: object to perform setxattr on 210 * @name: xattr name to set 211 * @value: value to set @name to 212 * @size: size of @value 213 * @flags: flags to pass into filesystem operations 214 * 215 * returns the result of the internal setxattr or setsecurity operations. 216 * 217 * This function requires the caller to lock the inode's i_mutex before it 218 * is executed. It also assumes that the caller will make the appropriate 219 * permission checks. 220 */ 221 int __vfs_setxattr_noperm(struct user_namespace *mnt_userns, 222 struct dentry *dentry, const char *name, 223 const void *value, size_t size, int flags) 224 { 225 struct inode *inode = dentry->d_inode; 226 int error = -EAGAIN; 227 int issec = !strncmp(name, XATTR_SECURITY_PREFIX, 228 XATTR_SECURITY_PREFIX_LEN); 229 230 if (issec) 231 inode->i_flags &= ~S_NOSEC; 232 if (inode->i_opflags & IOP_XATTR) { 233 error = __vfs_setxattr(mnt_userns, dentry, inode, name, value, 234 size, flags); 235 if (!error) { 236 fsnotify_xattr(dentry); 237 security_inode_post_setxattr(dentry, name, value, 238 size, flags); 239 } 240 } else { 241 if (unlikely(is_bad_inode(inode))) 242 return -EIO; 243 } 244 if (error == -EAGAIN) { 245 error = -EOPNOTSUPP; 246 247 if (issec) { 248 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 249 250 error = security_inode_setsecurity(inode, suffix, value, 251 size, flags); 252 if (!error) 253 fsnotify_xattr(dentry); 254 } 255 } 256 257 return error; 258 } 259 260 /** 261 * __vfs_setxattr_locked - set an extended attribute while holding the inode 262 * lock 263 * 264 * @mnt_userns: user namespace of the mount of the target inode 265 * @dentry: object to perform setxattr on 266 * @name: xattr name to set 267 * @value: value to set @name to 268 * @size: size of @value 269 * @flags: flags to pass into filesystem operations 270 * @delegated_inode: on return, will contain an inode pointer that 271 * a delegation was broken on, NULL if none. 272 */ 273 int 274 __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry, 275 const char *name, const void *value, size_t size, 276 int flags, struct inode **delegated_inode) 277 { 278 struct inode *inode = dentry->d_inode; 279 int error; 280 281 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE); 282 if (error) 283 return error; 284 285 error = security_inode_setxattr(mnt_userns, dentry, name, value, size, 286 flags); 287 if (error) 288 goto out; 289 290 error = try_break_deleg(inode, delegated_inode); 291 if (error) 292 goto out; 293 294 error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value, 295 size, flags); 296 297 out: 298 return error; 299 } 300 EXPORT_SYMBOL_GPL(__vfs_setxattr_locked); 301 302 int 303 vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 304 const char *name, const void *value, size_t size, int flags) 305 { 306 struct inode *inode = dentry->d_inode; 307 struct inode *delegated_inode = NULL; 308 const void *orig_value = value; 309 int error; 310 311 if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { 312 error = cap_convert_nscap(mnt_userns, dentry, &value, size); 313 if (error < 0) 314 return error; 315 size = error; 316 } 317 318 retry_deleg: 319 inode_lock(inode); 320 error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size, 321 flags, &delegated_inode); 322 inode_unlock(inode); 323 324 if (delegated_inode) { 325 error = break_deleg_wait(&delegated_inode); 326 if (!error) 327 goto retry_deleg; 328 } 329 if (value != orig_value) 330 kfree(value); 331 332 return error; 333 } 334 EXPORT_SYMBOL_GPL(vfs_setxattr); 335 336 static ssize_t 337 xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode, 338 const char *name, void *value, size_t size) 339 { 340 void *buffer = NULL; 341 ssize_t len; 342 343 if (!value || !size) { 344 len = security_inode_getsecurity(mnt_userns, inode, name, 345 &buffer, false); 346 goto out_noalloc; 347 } 348 349 len = security_inode_getsecurity(mnt_userns, inode, name, &buffer, 350 true); 351 if (len < 0) 352 return len; 353 if (size < len) { 354 len = -ERANGE; 355 goto out; 356 } 357 memcpy(value, buffer, len); 358 out: 359 kfree(buffer); 360 out_noalloc: 361 return len; 362 } 363 364 /* 365 * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr 366 * 367 * Allocate memory, if not already allocated, or re-allocate correct size, 368 * before retrieving the extended attribute. 369 * 370 * Returns the result of alloc, if failed, or the getxattr operation. 371 */ 372 ssize_t 373 vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry, 374 const char *name, char **xattr_value, size_t xattr_size, 375 gfp_t flags) 376 { 377 const struct xattr_handler *handler; 378 struct inode *inode = dentry->d_inode; 379 char *value = *xattr_value; 380 int error; 381 382 error = xattr_permission(mnt_userns, inode, name, MAY_READ); 383 if (error) 384 return error; 385 386 handler = xattr_resolve_name(inode, &name); 387 if (IS_ERR(handler)) 388 return PTR_ERR(handler); 389 if (!handler->get) 390 return -EOPNOTSUPP; 391 error = handler->get(handler, dentry, inode, name, NULL, 0); 392 if (error < 0) 393 return error; 394 395 if (!value || (error > xattr_size)) { 396 value = krealloc(*xattr_value, error + 1, flags); 397 if (!value) 398 return -ENOMEM; 399 memset(value, 0, error + 1); 400 } 401 402 error = handler->get(handler, dentry, inode, name, value, error); 403 *xattr_value = value; 404 return error; 405 } 406 407 ssize_t 408 __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, 409 void *value, size_t size) 410 { 411 const struct xattr_handler *handler; 412 413 handler = xattr_resolve_name(inode, &name); 414 if (IS_ERR(handler)) 415 return PTR_ERR(handler); 416 if (!handler->get) 417 return -EOPNOTSUPP; 418 return handler->get(handler, dentry, inode, name, value, size); 419 } 420 EXPORT_SYMBOL(__vfs_getxattr); 421 422 ssize_t 423 vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 424 const char *name, void *value, size_t size) 425 { 426 struct inode *inode = dentry->d_inode; 427 int error; 428 429 error = xattr_permission(mnt_userns, inode, name, MAY_READ); 430 if (error) 431 return error; 432 433 error = security_inode_getxattr(dentry, name); 434 if (error) 435 return error; 436 437 if (!strncmp(name, XATTR_SECURITY_PREFIX, 438 XATTR_SECURITY_PREFIX_LEN)) { 439 const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 440 int ret = xattr_getsecurity(mnt_userns, inode, suffix, value, 441 size); 442 /* 443 * Only overwrite the return value if a security module 444 * is actually active. 445 */ 446 if (ret == -EOPNOTSUPP) 447 goto nolsm; 448 return ret; 449 } 450 nolsm: 451 error = __vfs_getxattr(dentry, inode, name, value, size); 452 if (error > 0 && is_posix_acl_xattr(name)) 453 posix_acl_getxattr_idmapped_mnt(mnt_userns, inode, value, size); 454 return error; 455 } 456 EXPORT_SYMBOL_GPL(vfs_getxattr); 457 458 ssize_t 459 vfs_listxattr(struct dentry *dentry, char *list, size_t size) 460 { 461 struct inode *inode = d_inode(dentry); 462 ssize_t error; 463 464 error = security_inode_listxattr(dentry); 465 if (error) 466 return error; 467 if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) { 468 error = inode->i_op->listxattr(dentry, list, size); 469 } else { 470 error = security_inode_listsecurity(inode, list, size); 471 if (size && error > size) 472 error = -ERANGE; 473 } 474 return error; 475 } 476 EXPORT_SYMBOL_GPL(vfs_listxattr); 477 478 int 479 __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, 480 const char *name) 481 { 482 struct inode *inode = d_inode(dentry); 483 const struct xattr_handler *handler; 484 485 handler = xattr_resolve_name(inode, &name); 486 if (IS_ERR(handler)) 487 return PTR_ERR(handler); 488 if (!handler->set) 489 return -EOPNOTSUPP; 490 return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0, 491 XATTR_REPLACE); 492 } 493 EXPORT_SYMBOL(__vfs_removexattr); 494 495 /** 496 * __vfs_removexattr_locked - set an extended attribute while holding the inode 497 * lock 498 * 499 * @mnt_userns: user namespace of the mount of the target inode 500 * @dentry: object to perform setxattr on 501 * @name: name of xattr to remove 502 * @delegated_inode: on return, will contain an inode pointer that 503 * a delegation was broken on, NULL if none. 504 */ 505 int 506 __vfs_removexattr_locked(struct user_namespace *mnt_userns, 507 struct dentry *dentry, const char *name, 508 struct inode **delegated_inode) 509 { 510 struct inode *inode = dentry->d_inode; 511 int error; 512 513 error = xattr_permission(mnt_userns, inode, name, MAY_WRITE); 514 if (error) 515 return error; 516 517 error = security_inode_removexattr(mnt_userns, dentry, name); 518 if (error) 519 goto out; 520 521 error = try_break_deleg(inode, delegated_inode); 522 if (error) 523 goto out; 524 525 error = __vfs_removexattr(mnt_userns, dentry, name); 526 527 if (!error) { 528 fsnotify_xattr(dentry); 529 evm_inode_post_removexattr(dentry, name); 530 } 531 532 out: 533 return error; 534 } 535 EXPORT_SYMBOL_GPL(__vfs_removexattr_locked); 536 537 int 538 vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry, 539 const char *name) 540 { 541 struct inode *inode = dentry->d_inode; 542 struct inode *delegated_inode = NULL; 543 int error; 544 545 retry_deleg: 546 inode_lock(inode); 547 error = __vfs_removexattr_locked(mnt_userns, dentry, 548 name, &delegated_inode); 549 inode_unlock(inode); 550 551 if (delegated_inode) { 552 error = break_deleg_wait(&delegated_inode); 553 if (!error) 554 goto retry_deleg; 555 } 556 557 return error; 558 } 559 EXPORT_SYMBOL_GPL(vfs_removexattr); 560 561 /* 562 * Extended attribute SET operations 563 */ 564 565 int setxattr_copy(const char __user *name, struct xattr_ctx *ctx) 566 { 567 int error; 568 569 if (ctx->flags & ~(XATTR_CREATE|XATTR_REPLACE)) 570 return -EINVAL; 571 572 error = strncpy_from_user(ctx->kname->name, name, 573 sizeof(ctx->kname->name)); 574 if (error == 0 || error == sizeof(ctx->kname->name)) 575 return -ERANGE; 576 if (error < 0) 577 return error; 578 579 error = 0; 580 if (ctx->size) { 581 if (ctx->size > XATTR_SIZE_MAX) 582 return -E2BIG; 583 584 ctx->kvalue = vmemdup_user(ctx->cvalue, ctx->size); 585 if (IS_ERR(ctx->kvalue)) { 586 error = PTR_ERR(ctx->kvalue); 587 ctx->kvalue = NULL; 588 } 589 } 590 591 return error; 592 } 593 594 static void setxattr_convert(struct user_namespace *mnt_userns, 595 struct dentry *d, struct xattr_ctx *ctx) 596 { 597 if (ctx->size && is_posix_acl_xattr(ctx->kname->name)) 598 posix_acl_fix_xattr_from_user(ctx->kvalue, ctx->size); 599 } 600 601 int do_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry, 602 struct xattr_ctx *ctx) 603 { 604 setxattr_convert(mnt_userns, dentry, ctx); 605 return vfs_setxattr(mnt_userns, dentry, ctx->kname->name, 606 ctx->kvalue, ctx->size, ctx->flags); 607 } 608 609 static long 610 setxattr(struct user_namespace *mnt_userns, struct dentry *d, 611 const char __user *name, const void __user *value, size_t size, 612 int flags) 613 { 614 struct xattr_name kname; 615 struct xattr_ctx ctx = { 616 .cvalue = value, 617 .kvalue = NULL, 618 .size = size, 619 .kname = &kname, 620 .flags = flags, 621 }; 622 int error; 623 624 error = setxattr_copy(name, &ctx); 625 if (error) 626 return error; 627 628 error = do_setxattr(mnt_userns, d, &ctx); 629 630 kvfree(ctx.kvalue); 631 return error; 632 } 633 634 static int path_setxattr(const char __user *pathname, 635 const char __user *name, const void __user *value, 636 size_t size, int flags, unsigned int lookup_flags) 637 { 638 struct path path; 639 int error; 640 641 retry: 642 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 643 if (error) 644 return error; 645 error = mnt_want_write(path.mnt); 646 if (!error) { 647 error = setxattr(mnt_user_ns(path.mnt), path.dentry, name, 648 value, size, flags); 649 mnt_drop_write(path.mnt); 650 } 651 path_put(&path); 652 if (retry_estale(error, lookup_flags)) { 653 lookup_flags |= LOOKUP_REVAL; 654 goto retry; 655 } 656 return error; 657 } 658 659 SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 660 const char __user *, name, const void __user *, value, 661 size_t, size, int, flags) 662 { 663 return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 664 } 665 666 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 667 const char __user *, name, const void __user *, value, 668 size_t, size, int, flags) 669 { 670 return path_setxattr(pathname, name, value, size, flags, 0); 671 } 672 673 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 674 const void __user *,value, size_t, size, int, flags) 675 { 676 struct fd f = fdget(fd); 677 int error = -EBADF; 678 679 if (!f.file) 680 return error; 681 audit_file(f.file); 682 error = mnt_want_write_file(f.file); 683 if (!error) { 684 error = setxattr(file_mnt_user_ns(f.file), 685 f.file->f_path.dentry, name, 686 value, size, flags); 687 mnt_drop_write_file(f.file); 688 } 689 fdput(f); 690 return error; 691 } 692 693 /* 694 * Extended attribute GET operations 695 */ 696 ssize_t 697 do_getxattr(struct user_namespace *mnt_userns, struct dentry *d, 698 struct xattr_ctx *ctx) 699 { 700 ssize_t error; 701 char *kname = ctx->kname->name; 702 703 if (ctx->size) { 704 if (ctx->size > XATTR_SIZE_MAX) 705 ctx->size = XATTR_SIZE_MAX; 706 ctx->kvalue = kvzalloc(ctx->size, GFP_KERNEL); 707 if (!ctx->kvalue) 708 return -ENOMEM; 709 } 710 711 error = vfs_getxattr(mnt_userns, d, kname, ctx->kvalue, ctx->size); 712 if (error > 0) { 713 if (is_posix_acl_xattr(kname)) 714 posix_acl_fix_xattr_to_user(ctx->kvalue, error); 715 if (ctx->size && copy_to_user(ctx->value, ctx->kvalue, error)) 716 error = -EFAULT; 717 } else if (error == -ERANGE && ctx->size >= XATTR_SIZE_MAX) { 718 /* The file system tried to returned a value bigger 719 than XATTR_SIZE_MAX bytes. Not possible. */ 720 error = -E2BIG; 721 } 722 723 return error; 724 } 725 726 static ssize_t 727 getxattr(struct user_namespace *mnt_userns, struct dentry *d, 728 const char __user *name, void __user *value, size_t size) 729 { 730 ssize_t error; 731 struct xattr_name kname; 732 struct xattr_ctx ctx = { 733 .value = value, 734 .kvalue = NULL, 735 .size = size, 736 .kname = &kname, 737 .flags = 0, 738 }; 739 740 error = strncpy_from_user(kname.name, name, sizeof(kname.name)); 741 if (error == 0 || error == sizeof(kname.name)) 742 error = -ERANGE; 743 if (error < 0) 744 return error; 745 746 error = do_getxattr(mnt_userns, d, &ctx); 747 748 kvfree(ctx.kvalue); 749 return error; 750 } 751 752 static ssize_t path_getxattr(const char __user *pathname, 753 const char __user *name, void __user *value, 754 size_t size, unsigned int lookup_flags) 755 { 756 struct path path; 757 ssize_t error; 758 retry: 759 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 760 if (error) 761 return error; 762 error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size); 763 path_put(&path); 764 if (retry_estale(error, lookup_flags)) { 765 lookup_flags |= LOOKUP_REVAL; 766 goto retry; 767 } 768 return error; 769 } 770 771 SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 772 const char __user *, name, void __user *, value, size_t, size) 773 { 774 return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 775 } 776 777 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 778 const char __user *, name, void __user *, value, size_t, size) 779 { 780 return path_getxattr(pathname, name, value, size, 0); 781 } 782 783 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 784 void __user *, value, size_t, size) 785 { 786 struct fd f = fdget(fd); 787 ssize_t error = -EBADF; 788 789 if (!f.file) 790 return error; 791 audit_file(f.file); 792 error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry, 793 name, value, size); 794 fdput(f); 795 return error; 796 } 797 798 /* 799 * Extended attribute LIST operations 800 */ 801 static ssize_t 802 listxattr(struct dentry *d, char __user *list, size_t size) 803 { 804 ssize_t error; 805 char *klist = NULL; 806 807 if (size) { 808 if (size > XATTR_LIST_MAX) 809 size = XATTR_LIST_MAX; 810 klist = kvmalloc(size, GFP_KERNEL); 811 if (!klist) 812 return -ENOMEM; 813 } 814 815 error = vfs_listxattr(d, klist, size); 816 if (error > 0) { 817 if (size && copy_to_user(list, klist, error)) 818 error = -EFAULT; 819 } else if (error == -ERANGE && size >= XATTR_LIST_MAX) { 820 /* The file system tried to returned a list bigger 821 than XATTR_LIST_MAX bytes. Not possible. */ 822 error = -E2BIG; 823 } 824 825 kvfree(klist); 826 827 return error; 828 } 829 830 static ssize_t path_listxattr(const char __user *pathname, char __user *list, 831 size_t size, unsigned int lookup_flags) 832 { 833 struct path path; 834 ssize_t error; 835 retry: 836 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 837 if (error) 838 return error; 839 error = listxattr(path.dentry, list, size); 840 path_put(&path); 841 if (retry_estale(error, lookup_flags)) { 842 lookup_flags |= LOOKUP_REVAL; 843 goto retry; 844 } 845 return error; 846 } 847 848 SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 849 size_t, size) 850 { 851 return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 852 } 853 854 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 855 size_t, size) 856 { 857 return path_listxattr(pathname, list, size, 0); 858 } 859 860 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 861 { 862 struct fd f = fdget(fd); 863 ssize_t error = -EBADF; 864 865 if (!f.file) 866 return error; 867 audit_file(f.file); 868 error = listxattr(f.file->f_path.dentry, list, size); 869 fdput(f); 870 return error; 871 } 872 873 /* 874 * Extended attribute REMOVE operations 875 */ 876 static long 877 removexattr(struct user_namespace *mnt_userns, struct dentry *d, 878 const char __user *name) 879 { 880 int error; 881 char kname[XATTR_NAME_MAX + 1]; 882 883 error = strncpy_from_user(kname, name, sizeof(kname)); 884 if (error == 0 || error == sizeof(kname)) 885 error = -ERANGE; 886 if (error < 0) 887 return error; 888 889 return vfs_removexattr(mnt_userns, d, kname); 890 } 891 892 static int path_removexattr(const char __user *pathname, 893 const char __user *name, unsigned int lookup_flags) 894 { 895 struct path path; 896 int error; 897 retry: 898 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 899 if (error) 900 return error; 901 error = mnt_want_write(path.mnt); 902 if (!error) { 903 error = removexattr(mnt_user_ns(path.mnt), path.dentry, name); 904 mnt_drop_write(path.mnt); 905 } 906 path_put(&path); 907 if (retry_estale(error, lookup_flags)) { 908 lookup_flags |= LOOKUP_REVAL; 909 goto retry; 910 } 911 return error; 912 } 913 914 SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 915 const char __user *, name) 916 { 917 return path_removexattr(pathname, name, LOOKUP_FOLLOW); 918 } 919 920 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 921 const char __user *, name) 922 { 923 return path_removexattr(pathname, name, 0); 924 } 925 926 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) 927 { 928 struct fd f = fdget(fd); 929 int error = -EBADF; 930 931 if (!f.file) 932 return error; 933 audit_file(f.file); 934 error = mnt_want_write_file(f.file); 935 if (!error) { 936 error = removexattr(file_mnt_user_ns(f.file), 937 f.file->f_path.dentry, name); 938 mnt_drop_write_file(f.file); 939 } 940 fdput(f); 941 return error; 942 } 943 944 /* 945 * Combine the results of the list() operation from every xattr_handler in the 946 * list. 947 */ 948 ssize_t 949 generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) 950 { 951 const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr; 952 unsigned int size = 0; 953 954 if (!buffer) { 955 for_each_xattr_handler(handlers, handler) { 956 if (!handler->name || 957 (handler->list && !handler->list(dentry))) 958 continue; 959 size += strlen(handler->name) + 1; 960 } 961 } else { 962 char *buf = buffer; 963 size_t len; 964 965 for_each_xattr_handler(handlers, handler) { 966 if (!handler->name || 967 (handler->list && !handler->list(dentry))) 968 continue; 969 len = strlen(handler->name); 970 if (len + 1 > buffer_size) 971 return -ERANGE; 972 memcpy(buf, handler->name, len + 1); 973 buf += len + 1; 974 buffer_size -= len + 1; 975 } 976 size = buf - buffer; 977 } 978 return size; 979 } 980 EXPORT_SYMBOL(generic_listxattr); 981 982 /** 983 * xattr_full_name - Compute full attribute name from suffix 984 * 985 * @handler: handler of the xattr_handler operation 986 * @name: name passed to the xattr_handler operation 987 * 988 * The get and set xattr handler operations are called with the remainder of 989 * the attribute name after skipping the handler's prefix: for example, "foo" 990 * is passed to the get operation of a handler with prefix "user." to get 991 * attribute "user.foo". The full name is still "there" in the name though. 992 * 993 * Note: the list xattr handler operation when called from the vfs is passed a 994 * NULL name; some file systems use this operation internally, with varying 995 * semantics. 996 */ 997 const char *xattr_full_name(const struct xattr_handler *handler, 998 const char *name) 999 { 1000 size_t prefix_len = strlen(xattr_prefix(handler)); 1001 1002 return name - prefix_len; 1003 } 1004 EXPORT_SYMBOL(xattr_full_name); 1005 1006 /* 1007 * Allocate new xattr and copy in the value; but leave the name to callers. 1008 */ 1009 struct simple_xattr *simple_xattr_alloc(const void *value, size_t size) 1010 { 1011 struct simple_xattr *new_xattr; 1012 size_t len; 1013 1014 /* wrap around? */ 1015 len = sizeof(*new_xattr) + size; 1016 if (len < sizeof(*new_xattr)) 1017 return NULL; 1018 1019 new_xattr = kvmalloc(len, GFP_KERNEL); 1020 if (!new_xattr) 1021 return NULL; 1022 1023 new_xattr->size = size; 1024 memcpy(new_xattr->value, value, size); 1025 return new_xattr; 1026 } 1027 1028 /* 1029 * xattr GET operation for in-memory/pseudo filesystems 1030 */ 1031 int simple_xattr_get(struct simple_xattrs *xattrs, const char *name, 1032 void *buffer, size_t size) 1033 { 1034 struct simple_xattr *xattr; 1035 int ret = -ENODATA; 1036 1037 spin_lock(&xattrs->lock); 1038 list_for_each_entry(xattr, &xattrs->head, list) { 1039 if (strcmp(name, xattr->name)) 1040 continue; 1041 1042 ret = xattr->size; 1043 if (buffer) { 1044 if (size < xattr->size) 1045 ret = -ERANGE; 1046 else 1047 memcpy(buffer, xattr->value, xattr->size); 1048 } 1049 break; 1050 } 1051 spin_unlock(&xattrs->lock); 1052 return ret; 1053 } 1054 1055 /** 1056 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems 1057 * @xattrs: target simple_xattr list 1058 * @name: name of the extended attribute 1059 * @value: value of the xattr. If %NULL, will remove the attribute. 1060 * @size: size of the new xattr 1061 * @flags: %XATTR_{CREATE|REPLACE} 1062 * @removed_size: returns size of the removed xattr, -1 if none removed 1063 * 1064 * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails 1065 * with -EEXIST. If %XATTR_REPLACE is set, the xattr should exist; 1066 * otherwise, fails with -ENODATA. 1067 * 1068 * Returns 0 on success, -errno on failure. 1069 */ 1070 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name, 1071 const void *value, size_t size, int flags, 1072 ssize_t *removed_size) 1073 { 1074 struct simple_xattr *xattr; 1075 struct simple_xattr *new_xattr = NULL; 1076 int err = 0; 1077 1078 if (removed_size) 1079 *removed_size = -1; 1080 1081 /* value == NULL means remove */ 1082 if (value) { 1083 new_xattr = simple_xattr_alloc(value, size); 1084 if (!new_xattr) 1085 return -ENOMEM; 1086 1087 new_xattr->name = kstrdup(name, GFP_KERNEL); 1088 if (!new_xattr->name) { 1089 kvfree(new_xattr); 1090 return -ENOMEM; 1091 } 1092 } 1093 1094 spin_lock(&xattrs->lock); 1095 list_for_each_entry(xattr, &xattrs->head, list) { 1096 if (!strcmp(name, xattr->name)) { 1097 if (flags & XATTR_CREATE) { 1098 xattr = new_xattr; 1099 err = -EEXIST; 1100 } else if (new_xattr) { 1101 list_replace(&xattr->list, &new_xattr->list); 1102 if (removed_size) 1103 *removed_size = xattr->size; 1104 } else { 1105 list_del(&xattr->list); 1106 if (removed_size) 1107 *removed_size = xattr->size; 1108 } 1109 goto out; 1110 } 1111 } 1112 if (flags & XATTR_REPLACE) { 1113 xattr = new_xattr; 1114 err = -ENODATA; 1115 } else { 1116 list_add(&new_xattr->list, &xattrs->head); 1117 xattr = NULL; 1118 } 1119 out: 1120 spin_unlock(&xattrs->lock); 1121 if (xattr) { 1122 kfree(xattr->name); 1123 kvfree(xattr); 1124 } 1125 return err; 1126 1127 } 1128 1129 static bool xattr_is_trusted(const char *name) 1130 { 1131 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1132 } 1133 1134 static int xattr_list_one(char **buffer, ssize_t *remaining_size, 1135 const char *name) 1136 { 1137 size_t len = strlen(name) + 1; 1138 if (*buffer) { 1139 if (*remaining_size < len) 1140 return -ERANGE; 1141 memcpy(*buffer, name, len); 1142 *buffer += len; 1143 } 1144 *remaining_size -= len; 1145 return 0; 1146 } 1147 1148 /* 1149 * xattr LIST operation for in-memory/pseudo filesystems 1150 */ 1151 ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, 1152 char *buffer, size_t size) 1153 { 1154 bool trusted = capable(CAP_SYS_ADMIN); 1155 struct simple_xattr *xattr; 1156 ssize_t remaining_size = size; 1157 int err = 0; 1158 1159 #ifdef CONFIG_FS_POSIX_ACL 1160 if (IS_POSIXACL(inode)) { 1161 if (inode->i_acl) { 1162 err = xattr_list_one(&buffer, &remaining_size, 1163 XATTR_NAME_POSIX_ACL_ACCESS); 1164 if (err) 1165 return err; 1166 } 1167 if (inode->i_default_acl) { 1168 err = xattr_list_one(&buffer, &remaining_size, 1169 XATTR_NAME_POSIX_ACL_DEFAULT); 1170 if (err) 1171 return err; 1172 } 1173 } 1174 #endif 1175 1176 spin_lock(&xattrs->lock); 1177 list_for_each_entry(xattr, &xattrs->head, list) { 1178 /* skip "trusted." attributes for unprivileged callers */ 1179 if (!trusted && xattr_is_trusted(xattr->name)) 1180 continue; 1181 1182 err = xattr_list_one(&buffer, &remaining_size, xattr->name); 1183 if (err) 1184 break; 1185 } 1186 spin_unlock(&xattrs->lock); 1187 1188 return err ? err : size - remaining_size; 1189 } 1190 1191 /* 1192 * Adds an extended attribute to the list 1193 */ 1194 void simple_xattr_list_add(struct simple_xattrs *xattrs, 1195 struct simple_xattr *new_xattr) 1196 { 1197 spin_lock(&xattrs->lock); 1198 list_add(&new_xattr->list, &xattrs->head); 1199 spin_unlock(&xattrs->lock); 1200 } 1201