xref: /openbmc/linux/fs/xattr.c (revision 3c881e05c814c970e4f9577446a9d3461d134607)
1  // SPDX-License-Identifier: GPL-2.0-only
2  /*
3    File: fs/xattr.c
4  
5    Extended attribute handling.
6  
7    Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
8    Copyright (C) 2001 SGI - Silicon Graphics, Inc <linux-xfs@oss.sgi.com>
9    Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
10   */
11  #include <linux/fs.h>
12  #include <linux/slab.h>
13  #include <linux/file.h>
14  #include <linux/xattr.h>
15  #include <linux/mount.h>
16  #include <linux/namei.h>
17  #include <linux/security.h>
18  #include <linux/evm.h>
19  #include <linux/syscalls.h>
20  #include <linux/export.h>
21  #include <linux/fsnotify.h>
22  #include <linux/audit.h>
23  #include <linux/vmalloc.h>
24  #include <linux/posix_acl_xattr.h>
25  
26  #include <linux/uaccess.h>
27  
28  static const char *
29  strcmp_prefix(const char *a, const char *a_prefix)
30  {
31  	while (*a_prefix && *a == *a_prefix) {
32  		a++;
33  		a_prefix++;
34  	}
35  	return *a_prefix ? NULL : a;
36  }
37  
38  /*
39   * In order to implement different sets of xattr operations for each xattr
40   * prefix, a filesystem should create a null-terminated array of struct
41   * xattr_handler (one for each prefix) and hang a pointer to it off of the
42   * s_xattr field of the superblock.
43   */
44  #define for_each_xattr_handler(handlers, handler)		\
45  	if (handlers)						\
46  		for ((handler) = *(handlers)++;			\
47  			(handler) != NULL;			\
48  			(handler) = *(handlers)++)
49  
50  /*
51   * Find the xattr_handler with the matching prefix.
52   */
53  static const struct xattr_handler *
54  xattr_resolve_name(struct inode *inode, const char **name)
55  {
56  	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
57  	const struct xattr_handler *handler;
58  
59  	if (!(inode->i_opflags & IOP_XATTR)) {
60  		if (unlikely(is_bad_inode(inode)))
61  			return ERR_PTR(-EIO);
62  		return ERR_PTR(-EOPNOTSUPP);
63  	}
64  	for_each_xattr_handler(handlers, handler) {
65  		const char *n;
66  
67  		n = strcmp_prefix(*name, xattr_prefix(handler));
68  		if (n) {
69  			if (!handler->prefix ^ !*n) {
70  				if (*n)
71  					continue;
72  				return ERR_PTR(-EINVAL);
73  			}
74  			*name = n;
75  			return handler;
76  		}
77  	}
78  	return ERR_PTR(-EOPNOTSUPP);
79  }
80  
81  /*
82   * Check permissions for extended attribute access.  This is a bit complicated
83   * because different namespaces have very different rules.
84   */
85  static int
86  xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
87  		 const char *name, int mask)
88  {
89  	/*
90  	 * We can never set or remove an extended attribute on a read-only
91  	 * filesystem  or on an immutable / append-only inode.
92  	 */
93  	if (mask & MAY_WRITE) {
94  		if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
95  			return -EPERM;
96  		/*
97  		 * Updating an xattr will likely cause i_uid and i_gid
98  		 * to be writen back improperly if their true value is
99  		 * unknown to the vfs.
100  		 */
101  		if (HAS_UNMAPPED_ID(mnt_userns, inode))
102  			return -EPERM;
103  	}
104  
105  	/*
106  	 * No restriction for security.* and system.* from the VFS.  Decision
107  	 * on these is left to the underlying filesystem / security module.
108  	 */
109  	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
110  	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
111  		return 0;
112  
113  	/*
114  	 * The trusted.* namespace can only be accessed by privileged users.
115  	 */
116  	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
117  		if (!capable(CAP_SYS_ADMIN))
118  			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
119  		return 0;
120  	}
121  
122  	/*
123  	 * In the user.* namespace, only regular files and directories can have
124  	 * extended attributes. For sticky directories, only the owner and
125  	 * privileged users can write attributes.
126  	 */
127  	if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
128  		if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
129  			return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
130  		if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
131  		    (mask & MAY_WRITE) &&
132  		    !inode_owner_or_capable(mnt_userns, inode))
133  			return -EPERM;
134  	}
135  
136  	return inode_permission(mnt_userns, inode, mask);
137  }
138  
139  /*
140   * Look for any handler that deals with the specified namespace.
141   */
142  int
143  xattr_supported_namespace(struct inode *inode, const char *prefix)
144  {
145  	const struct xattr_handler **handlers = inode->i_sb->s_xattr;
146  	const struct xattr_handler *handler;
147  	size_t preflen;
148  
149  	if (!(inode->i_opflags & IOP_XATTR)) {
150  		if (unlikely(is_bad_inode(inode)))
151  			return -EIO;
152  		return -EOPNOTSUPP;
153  	}
154  
155  	preflen = strlen(prefix);
156  
157  	for_each_xattr_handler(handlers, handler) {
158  		if (!strncmp(xattr_prefix(handler), prefix, preflen))
159  			return 0;
160  	}
161  
162  	return -EOPNOTSUPP;
163  }
164  EXPORT_SYMBOL(xattr_supported_namespace);
165  
166  int
167  __vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
168  	       struct inode *inode, const char *name, const void *value,
169  	       size_t size, int flags)
170  {
171  	const struct xattr_handler *handler;
172  
173  	handler = xattr_resolve_name(inode, &name);
174  	if (IS_ERR(handler))
175  		return PTR_ERR(handler);
176  	if (!handler->set)
177  		return -EOPNOTSUPP;
178  	if (size == 0)
179  		value = "";  /* empty EA, do not remove */
180  	return handler->set(handler, mnt_userns, dentry, inode, name, value,
181  			    size, flags);
182  }
183  EXPORT_SYMBOL(__vfs_setxattr);
184  
185  /**
186   *  __vfs_setxattr_noperm - perform setxattr operation without performing
187   *  permission checks.
188   *
189   *  @mnt_userns: user namespace of the mount the inode was found from
190   *  @dentry: object to perform setxattr on
191   *  @name: xattr name to set
192   *  @value: value to set @name to
193   *  @size: size of @value
194   *  @flags: flags to pass into filesystem operations
195   *
196   *  returns the result of the internal setxattr or setsecurity operations.
197   *
198   *  This function requires the caller to lock the inode's i_mutex before it
199   *  is executed. It also assumes that the caller will make the appropriate
200   *  permission checks.
201   */
202  int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
203  			  struct dentry *dentry, const char *name,
204  			  const void *value, size_t size, int flags)
205  {
206  	struct inode *inode = dentry->d_inode;
207  	int error = -EAGAIN;
208  	int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
209  				   XATTR_SECURITY_PREFIX_LEN);
210  
211  	if (issec)
212  		inode->i_flags &= ~S_NOSEC;
213  	if (inode->i_opflags & IOP_XATTR) {
214  		error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
215  				       size, flags);
216  		if (!error) {
217  			fsnotify_xattr(dentry);
218  			security_inode_post_setxattr(dentry, name, value,
219  						     size, flags);
220  		}
221  	} else {
222  		if (unlikely(is_bad_inode(inode)))
223  			return -EIO;
224  	}
225  	if (error == -EAGAIN) {
226  		error = -EOPNOTSUPP;
227  
228  		if (issec) {
229  			const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
230  
231  			error = security_inode_setsecurity(inode, suffix, value,
232  							   size, flags);
233  			if (!error)
234  				fsnotify_xattr(dentry);
235  		}
236  	}
237  
238  	return error;
239  }
240  
241  /**
242   * __vfs_setxattr_locked - set an extended attribute while holding the inode
243   * lock
244   *
245   *  @mnt_userns: user namespace of the mount of the target inode
246   *  @dentry: object to perform setxattr on
247   *  @name: xattr name to set
248   *  @value: value to set @name to
249   *  @size: size of @value
250   *  @flags: flags to pass into filesystem operations
251   *  @delegated_inode: on return, will contain an inode pointer that
252   *  a delegation was broken on, NULL if none.
253   */
254  int
255  __vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
256  		      const char *name, const void *value, size_t size,
257  		      int flags, struct inode **delegated_inode)
258  {
259  	struct inode *inode = dentry->d_inode;
260  	int error;
261  
262  	error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
263  	if (error)
264  		return error;
265  
266  	error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
267  					flags);
268  	if (error)
269  		goto out;
270  
271  	error = try_break_deleg(inode, delegated_inode);
272  	if (error)
273  		goto out;
274  
275  	error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
276  				      size, flags);
277  
278  out:
279  	return error;
280  }
281  EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
282  
283  int
284  vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
285  	     const char *name, const void *value, size_t size, int flags)
286  {
287  	struct inode *inode = dentry->d_inode;
288  	struct inode *delegated_inode = NULL;
289  	const void  *orig_value = value;
290  	int error;
291  
292  	if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
293  		error = cap_convert_nscap(mnt_userns, dentry, &value, size);
294  		if (error < 0)
295  			return error;
296  		size = error;
297  	}
298  
299  retry_deleg:
300  	inode_lock(inode);
301  	error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
302  				      flags, &delegated_inode);
303  	inode_unlock(inode);
304  
305  	if (delegated_inode) {
306  		error = break_deleg_wait(&delegated_inode);
307  		if (!error)
308  			goto retry_deleg;
309  	}
310  	if (value != orig_value)
311  		kfree(value);
312  
313  	return error;
314  }
315  EXPORT_SYMBOL_GPL(vfs_setxattr);
316  
317  static ssize_t
318  xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
319  		  const char *name, void *value, size_t size)
320  {
321  	void *buffer = NULL;
322  	ssize_t len;
323  
324  	if (!value || !size) {
325  		len = security_inode_getsecurity(mnt_userns, inode, name,
326  						 &buffer, false);
327  		goto out_noalloc;
328  	}
329  
330  	len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
331  					 true);
332  	if (len < 0)
333  		return len;
334  	if (size < len) {
335  		len = -ERANGE;
336  		goto out;
337  	}
338  	memcpy(value, buffer, len);
339  out:
340  	kfree(buffer);
341  out_noalloc:
342  	return len;
343  }
344  
345  /*
346   * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
347   *
348   * Allocate memory, if not already allocated, or re-allocate correct size,
349   * before retrieving the extended attribute.
350   *
351   * Returns the result of alloc, if failed, or the getxattr operation.
352   */
353  ssize_t
354  vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
355  		   const char *name, char **xattr_value, size_t xattr_size,
356  		   gfp_t flags)
357  {
358  	const struct xattr_handler *handler;
359  	struct inode *inode = dentry->d_inode;
360  	char *value = *xattr_value;
361  	int error;
362  
363  	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
364  	if (error)
365  		return error;
366  
367  	handler = xattr_resolve_name(inode, &name);
368  	if (IS_ERR(handler))
369  		return PTR_ERR(handler);
370  	if (!handler->get)
371  		return -EOPNOTSUPP;
372  	error = handler->get(handler, dentry, inode, name, NULL, 0);
373  	if (error < 0)
374  		return error;
375  
376  	if (!value || (error > xattr_size)) {
377  		value = krealloc(*xattr_value, error + 1, flags);
378  		if (!value)
379  			return -ENOMEM;
380  		memset(value, 0, error + 1);
381  	}
382  
383  	error = handler->get(handler, dentry, inode, name, value, error);
384  	*xattr_value = value;
385  	return error;
386  }
387  
388  ssize_t
389  __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
390  	       void *value, size_t size)
391  {
392  	const struct xattr_handler *handler;
393  
394  	handler = xattr_resolve_name(inode, &name);
395  	if (IS_ERR(handler))
396  		return PTR_ERR(handler);
397  	if (!handler->get)
398  		return -EOPNOTSUPP;
399  	return handler->get(handler, dentry, inode, name, value, size);
400  }
401  EXPORT_SYMBOL(__vfs_getxattr);
402  
403  ssize_t
404  vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
405  	     const char *name, void *value, size_t size)
406  {
407  	struct inode *inode = dentry->d_inode;
408  	int error;
409  
410  	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
411  	if (error)
412  		return error;
413  
414  	error = security_inode_getxattr(dentry, name);
415  	if (error)
416  		return error;
417  
418  	if (!strncmp(name, XATTR_SECURITY_PREFIX,
419  				XATTR_SECURITY_PREFIX_LEN)) {
420  		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
421  		int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
422  					    size);
423  		/*
424  		 * Only overwrite the return value if a security module
425  		 * is actually active.
426  		 */
427  		if (ret == -EOPNOTSUPP)
428  			goto nolsm;
429  		return ret;
430  	}
431  nolsm:
432  	return __vfs_getxattr(dentry, inode, name, value, size);
433  }
434  EXPORT_SYMBOL_GPL(vfs_getxattr);
435  
436  ssize_t
437  vfs_listxattr(struct dentry *dentry, char *list, size_t size)
438  {
439  	struct inode *inode = d_inode(dentry);
440  	ssize_t error;
441  
442  	error = security_inode_listxattr(dentry);
443  	if (error)
444  		return error;
445  	if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
446  		error = inode->i_op->listxattr(dentry, list, size);
447  	} else {
448  		error = security_inode_listsecurity(inode, list, size);
449  		if (size && error > size)
450  			error = -ERANGE;
451  	}
452  	return error;
453  }
454  EXPORT_SYMBOL_GPL(vfs_listxattr);
455  
456  int
457  __vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
458  		  const char *name)
459  {
460  	struct inode *inode = d_inode(dentry);
461  	const struct xattr_handler *handler;
462  
463  	handler = xattr_resolve_name(inode, &name);
464  	if (IS_ERR(handler))
465  		return PTR_ERR(handler);
466  	if (!handler->set)
467  		return -EOPNOTSUPP;
468  	return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
469  			    XATTR_REPLACE);
470  }
471  EXPORT_SYMBOL(__vfs_removexattr);
472  
473  /**
474   * __vfs_removexattr_locked - set an extended attribute while holding the inode
475   * lock
476   *
477   *  @mnt_userns: user namespace of the mount of the target inode
478   *  @dentry: object to perform setxattr on
479   *  @name: name of xattr to remove
480   *  @delegated_inode: on return, will contain an inode pointer that
481   *  a delegation was broken on, NULL if none.
482   */
483  int
484  __vfs_removexattr_locked(struct user_namespace *mnt_userns,
485  			 struct dentry *dentry, const char *name,
486  			 struct inode **delegated_inode)
487  {
488  	struct inode *inode = dentry->d_inode;
489  	int error;
490  
491  	error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
492  	if (error)
493  		return error;
494  
495  	error = security_inode_removexattr(mnt_userns, dentry, name);
496  	if (error)
497  		goto out;
498  
499  	error = try_break_deleg(inode, delegated_inode);
500  	if (error)
501  		goto out;
502  
503  	error = __vfs_removexattr(mnt_userns, dentry, name);
504  
505  	if (!error) {
506  		fsnotify_xattr(dentry);
507  		evm_inode_post_removexattr(dentry, name);
508  	}
509  
510  out:
511  	return error;
512  }
513  EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
514  
515  int
516  vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
517  		const char *name)
518  {
519  	struct inode *inode = dentry->d_inode;
520  	struct inode *delegated_inode = NULL;
521  	int error;
522  
523  retry_deleg:
524  	inode_lock(inode);
525  	error = __vfs_removexattr_locked(mnt_userns, dentry,
526  					 name, &delegated_inode);
527  	inode_unlock(inode);
528  
529  	if (delegated_inode) {
530  		error = break_deleg_wait(&delegated_inode);
531  		if (!error)
532  			goto retry_deleg;
533  	}
534  
535  	return error;
536  }
537  EXPORT_SYMBOL_GPL(vfs_removexattr);
538  
539  /*
540   * Extended attribute SET operations
541   */
542  static long
543  setxattr(struct user_namespace *mnt_userns, struct dentry *d,
544  	 const char __user *name, const void __user *value, size_t size,
545  	 int flags)
546  {
547  	int error;
548  	void *kvalue = NULL;
549  	char kname[XATTR_NAME_MAX + 1];
550  
551  	if (flags & ~(XATTR_CREATE|XATTR_REPLACE))
552  		return -EINVAL;
553  
554  	error = strncpy_from_user(kname, name, sizeof(kname));
555  	if (error == 0 || error == sizeof(kname))
556  		error = -ERANGE;
557  	if (error < 0)
558  		return error;
559  
560  	if (size) {
561  		if (size > XATTR_SIZE_MAX)
562  			return -E2BIG;
563  		kvalue = kvmalloc(size, GFP_KERNEL);
564  		if (!kvalue)
565  			return -ENOMEM;
566  		if (copy_from_user(kvalue, value, size)) {
567  			error = -EFAULT;
568  			goto out;
569  		}
570  		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
571  		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
572  			posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
573  	}
574  
575  	error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
576  out:
577  	kvfree(kvalue);
578  
579  	return error;
580  }
581  
582  static int path_setxattr(const char __user *pathname,
583  			 const char __user *name, const void __user *value,
584  			 size_t size, int flags, unsigned int lookup_flags)
585  {
586  	struct path path;
587  	int error;
588  
589  retry:
590  	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
591  	if (error)
592  		return error;
593  	error = mnt_want_write(path.mnt);
594  	if (!error) {
595  		error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
596  				 value, size, flags);
597  		mnt_drop_write(path.mnt);
598  	}
599  	path_put(&path);
600  	if (retry_estale(error, lookup_flags)) {
601  		lookup_flags |= LOOKUP_REVAL;
602  		goto retry;
603  	}
604  	return error;
605  }
606  
607  SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
608  		const char __user *, name, const void __user *, value,
609  		size_t, size, int, flags)
610  {
611  	return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW);
612  }
613  
614  SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
615  		const char __user *, name, const void __user *, value,
616  		size_t, size, int, flags)
617  {
618  	return path_setxattr(pathname, name, value, size, flags, 0);
619  }
620  
621  SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
622  		const void __user *,value, size_t, size, int, flags)
623  {
624  	struct fd f = fdget(fd);
625  	int error = -EBADF;
626  
627  	if (!f.file)
628  		return error;
629  	audit_file(f.file);
630  	error = mnt_want_write_file(f.file);
631  	if (!error) {
632  		error = setxattr(file_mnt_user_ns(f.file),
633  				 f.file->f_path.dentry, name,
634  				 value, size, flags);
635  		mnt_drop_write_file(f.file);
636  	}
637  	fdput(f);
638  	return error;
639  }
640  
641  /*
642   * Extended attribute GET operations
643   */
644  static ssize_t
645  getxattr(struct user_namespace *mnt_userns, struct dentry *d,
646  	 const char __user *name, void __user *value, size_t size)
647  {
648  	ssize_t error;
649  	void *kvalue = NULL;
650  	char kname[XATTR_NAME_MAX + 1];
651  
652  	error = strncpy_from_user(kname, name, sizeof(kname));
653  	if (error == 0 || error == sizeof(kname))
654  		error = -ERANGE;
655  	if (error < 0)
656  		return error;
657  
658  	if (size) {
659  		if (size > XATTR_SIZE_MAX)
660  			size = XATTR_SIZE_MAX;
661  		kvalue = kvzalloc(size, GFP_KERNEL);
662  		if (!kvalue)
663  			return -ENOMEM;
664  	}
665  
666  	error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
667  	if (error > 0) {
668  		if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
669  		    (strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
670  			posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
671  		if (size && copy_to_user(value, kvalue, error))
672  			error = -EFAULT;
673  	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
674  		/* The file system tried to returned a value bigger
675  		   than XATTR_SIZE_MAX bytes. Not possible. */
676  		error = -E2BIG;
677  	}
678  
679  	kvfree(kvalue);
680  
681  	return error;
682  }
683  
684  static ssize_t path_getxattr(const char __user *pathname,
685  			     const char __user *name, void __user *value,
686  			     size_t size, unsigned int lookup_flags)
687  {
688  	struct path path;
689  	ssize_t error;
690  retry:
691  	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
692  	if (error)
693  		return error;
694  	error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
695  	path_put(&path);
696  	if (retry_estale(error, lookup_flags)) {
697  		lookup_flags |= LOOKUP_REVAL;
698  		goto retry;
699  	}
700  	return error;
701  }
702  
703  SYSCALL_DEFINE4(getxattr, const char __user *, pathname,
704  		const char __user *, name, void __user *, value, size_t, size)
705  {
706  	return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW);
707  }
708  
709  SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
710  		const char __user *, name, void __user *, value, size_t, size)
711  {
712  	return path_getxattr(pathname, name, value, size, 0);
713  }
714  
715  SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
716  		void __user *, value, size_t, size)
717  {
718  	struct fd f = fdget(fd);
719  	ssize_t error = -EBADF;
720  
721  	if (!f.file)
722  		return error;
723  	audit_file(f.file);
724  	error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
725  			 name, value, size);
726  	fdput(f);
727  	return error;
728  }
729  
730  /*
731   * Extended attribute LIST operations
732   */
733  static ssize_t
734  listxattr(struct dentry *d, char __user *list, size_t size)
735  {
736  	ssize_t error;
737  	char *klist = NULL;
738  
739  	if (size) {
740  		if (size > XATTR_LIST_MAX)
741  			size = XATTR_LIST_MAX;
742  		klist = kvmalloc(size, GFP_KERNEL);
743  		if (!klist)
744  			return -ENOMEM;
745  	}
746  
747  	error = vfs_listxattr(d, klist, size);
748  	if (error > 0) {
749  		if (size && copy_to_user(list, klist, error))
750  			error = -EFAULT;
751  	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
752  		/* The file system tried to returned a list bigger
753  		   than XATTR_LIST_MAX bytes. Not possible. */
754  		error = -E2BIG;
755  	}
756  
757  	kvfree(klist);
758  
759  	return error;
760  }
761  
762  static ssize_t path_listxattr(const char __user *pathname, char __user *list,
763  			      size_t size, unsigned int lookup_flags)
764  {
765  	struct path path;
766  	ssize_t error;
767  retry:
768  	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
769  	if (error)
770  		return error;
771  	error = listxattr(path.dentry, list, size);
772  	path_put(&path);
773  	if (retry_estale(error, lookup_flags)) {
774  		lookup_flags |= LOOKUP_REVAL;
775  		goto retry;
776  	}
777  	return error;
778  }
779  
780  SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list,
781  		size_t, size)
782  {
783  	return path_listxattr(pathname, list, size, LOOKUP_FOLLOW);
784  }
785  
786  SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
787  		size_t, size)
788  {
789  	return path_listxattr(pathname, list, size, 0);
790  }
791  
792  SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
793  {
794  	struct fd f = fdget(fd);
795  	ssize_t error = -EBADF;
796  
797  	if (!f.file)
798  		return error;
799  	audit_file(f.file);
800  	error = listxattr(f.file->f_path.dentry, list, size);
801  	fdput(f);
802  	return error;
803  }
804  
805  /*
806   * Extended attribute REMOVE operations
807   */
808  static long
809  removexattr(struct user_namespace *mnt_userns, struct dentry *d,
810  	    const char __user *name)
811  {
812  	int error;
813  	char kname[XATTR_NAME_MAX + 1];
814  
815  	error = strncpy_from_user(kname, name, sizeof(kname));
816  	if (error == 0 || error == sizeof(kname))
817  		error = -ERANGE;
818  	if (error < 0)
819  		return error;
820  
821  	return vfs_removexattr(mnt_userns, d, kname);
822  }
823  
824  static int path_removexattr(const char __user *pathname,
825  			    const char __user *name, unsigned int lookup_flags)
826  {
827  	struct path path;
828  	int error;
829  retry:
830  	error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
831  	if (error)
832  		return error;
833  	error = mnt_want_write(path.mnt);
834  	if (!error) {
835  		error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
836  		mnt_drop_write(path.mnt);
837  	}
838  	path_put(&path);
839  	if (retry_estale(error, lookup_flags)) {
840  		lookup_flags |= LOOKUP_REVAL;
841  		goto retry;
842  	}
843  	return error;
844  }
845  
846  SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
847  		const char __user *, name)
848  {
849  	return path_removexattr(pathname, name, LOOKUP_FOLLOW);
850  }
851  
852  SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
853  		const char __user *, name)
854  {
855  	return path_removexattr(pathname, name, 0);
856  }
857  
858  SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
859  {
860  	struct fd f = fdget(fd);
861  	int error = -EBADF;
862  
863  	if (!f.file)
864  		return error;
865  	audit_file(f.file);
866  	error = mnt_want_write_file(f.file);
867  	if (!error) {
868  		error = removexattr(file_mnt_user_ns(f.file),
869  				    f.file->f_path.dentry, name);
870  		mnt_drop_write_file(f.file);
871  	}
872  	fdput(f);
873  	return error;
874  }
875  
876  /*
877   * Combine the results of the list() operation from every xattr_handler in the
878   * list.
879   */
880  ssize_t
881  generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
882  {
883  	const struct xattr_handler *handler, **handlers = dentry->d_sb->s_xattr;
884  	unsigned int size = 0;
885  
886  	if (!buffer) {
887  		for_each_xattr_handler(handlers, handler) {
888  			if (!handler->name ||
889  			    (handler->list && !handler->list(dentry)))
890  				continue;
891  			size += strlen(handler->name) + 1;
892  		}
893  	} else {
894  		char *buf = buffer;
895  		size_t len;
896  
897  		for_each_xattr_handler(handlers, handler) {
898  			if (!handler->name ||
899  			    (handler->list && !handler->list(dentry)))
900  				continue;
901  			len = strlen(handler->name);
902  			if (len + 1 > buffer_size)
903  				return -ERANGE;
904  			memcpy(buf, handler->name, len + 1);
905  			buf += len + 1;
906  			buffer_size -= len + 1;
907  		}
908  		size = buf - buffer;
909  	}
910  	return size;
911  }
912  EXPORT_SYMBOL(generic_listxattr);
913  
914  /**
915   * xattr_full_name  -  Compute full attribute name from suffix
916   *
917   * @handler:	handler of the xattr_handler operation
918   * @name:	name passed to the xattr_handler operation
919   *
920   * The get and set xattr handler operations are called with the remainder of
921   * the attribute name after skipping the handler's prefix: for example, "foo"
922   * is passed to the get operation of a handler with prefix "user." to get
923   * attribute "user.foo".  The full name is still "there" in the name though.
924   *
925   * Note: the list xattr handler operation when called from the vfs is passed a
926   * NULL name; some file systems use this operation internally, with varying
927   * semantics.
928   */
929  const char *xattr_full_name(const struct xattr_handler *handler,
930  			    const char *name)
931  {
932  	size_t prefix_len = strlen(xattr_prefix(handler));
933  
934  	return name - prefix_len;
935  }
936  EXPORT_SYMBOL(xattr_full_name);
937  
938  /*
939   * Allocate new xattr and copy in the value; but leave the name to callers.
940   */
941  struct simple_xattr *simple_xattr_alloc(const void *value, size_t size)
942  {
943  	struct simple_xattr *new_xattr;
944  	size_t len;
945  
946  	/* wrap around? */
947  	len = sizeof(*new_xattr) + size;
948  	if (len < sizeof(*new_xattr))
949  		return NULL;
950  
951  	new_xattr = kvmalloc(len, GFP_KERNEL);
952  	if (!new_xattr)
953  		return NULL;
954  
955  	new_xattr->size = size;
956  	memcpy(new_xattr->value, value, size);
957  	return new_xattr;
958  }
959  
960  /*
961   * xattr GET operation for in-memory/pseudo filesystems
962   */
963  int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
964  		     void *buffer, size_t size)
965  {
966  	struct simple_xattr *xattr;
967  	int ret = -ENODATA;
968  
969  	spin_lock(&xattrs->lock);
970  	list_for_each_entry(xattr, &xattrs->head, list) {
971  		if (strcmp(name, xattr->name))
972  			continue;
973  
974  		ret = xattr->size;
975  		if (buffer) {
976  			if (size < xattr->size)
977  				ret = -ERANGE;
978  			else
979  				memcpy(buffer, xattr->value, xattr->size);
980  		}
981  		break;
982  	}
983  	spin_unlock(&xattrs->lock);
984  	return ret;
985  }
986  
987  /**
988   * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
989   * @xattrs: target simple_xattr list
990   * @name: name of the extended attribute
991   * @value: value of the xattr. If %NULL, will remove the attribute.
992   * @size: size of the new xattr
993   * @flags: %XATTR_{CREATE|REPLACE}
994   * @removed_size: returns size of the removed xattr, -1 if none removed
995   *
996   * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
997   * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
998   * otherwise, fails with -ENODATA.
999   *
1000   * Returns 0 on success, -errno on failure.
1001   */
1002  int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
1003  		     const void *value, size_t size, int flags,
1004  		     ssize_t *removed_size)
1005  {
1006  	struct simple_xattr *xattr;
1007  	struct simple_xattr *new_xattr = NULL;
1008  	int err = 0;
1009  
1010  	if (removed_size)
1011  		*removed_size = -1;
1012  
1013  	/* value == NULL means remove */
1014  	if (value) {
1015  		new_xattr = simple_xattr_alloc(value, size);
1016  		if (!new_xattr)
1017  			return -ENOMEM;
1018  
1019  		new_xattr->name = kstrdup(name, GFP_KERNEL);
1020  		if (!new_xattr->name) {
1021  			kvfree(new_xattr);
1022  			return -ENOMEM;
1023  		}
1024  	}
1025  
1026  	spin_lock(&xattrs->lock);
1027  	list_for_each_entry(xattr, &xattrs->head, list) {
1028  		if (!strcmp(name, xattr->name)) {
1029  			if (flags & XATTR_CREATE) {
1030  				xattr = new_xattr;
1031  				err = -EEXIST;
1032  			} else if (new_xattr) {
1033  				list_replace(&xattr->list, &new_xattr->list);
1034  				if (removed_size)
1035  					*removed_size = xattr->size;
1036  			} else {
1037  				list_del(&xattr->list);
1038  				if (removed_size)
1039  					*removed_size = xattr->size;
1040  			}
1041  			goto out;
1042  		}
1043  	}
1044  	if (flags & XATTR_REPLACE) {
1045  		xattr = new_xattr;
1046  		err = -ENODATA;
1047  	} else {
1048  		list_add(&new_xattr->list, &xattrs->head);
1049  		xattr = NULL;
1050  	}
1051  out:
1052  	spin_unlock(&xattrs->lock);
1053  	if (xattr) {
1054  		kfree(xattr->name);
1055  		kvfree(xattr);
1056  	}
1057  	return err;
1058  
1059  }
1060  
1061  static bool xattr_is_trusted(const char *name)
1062  {
1063  	return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN);
1064  }
1065  
1066  static int xattr_list_one(char **buffer, ssize_t *remaining_size,
1067  			  const char *name)
1068  {
1069  	size_t len = strlen(name) + 1;
1070  	if (*buffer) {
1071  		if (*remaining_size < len)
1072  			return -ERANGE;
1073  		memcpy(*buffer, name, len);
1074  		*buffer += len;
1075  	}
1076  	*remaining_size -= len;
1077  	return 0;
1078  }
1079  
1080  /*
1081   * xattr LIST operation for in-memory/pseudo filesystems
1082   */
1083  ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
1084  			  char *buffer, size_t size)
1085  {
1086  	bool trusted = capable(CAP_SYS_ADMIN);
1087  	struct simple_xattr *xattr;
1088  	ssize_t remaining_size = size;
1089  	int err = 0;
1090  
1091  #ifdef CONFIG_FS_POSIX_ACL
1092  	if (IS_POSIXACL(inode)) {
1093  		if (inode->i_acl) {
1094  			err = xattr_list_one(&buffer, &remaining_size,
1095  					     XATTR_NAME_POSIX_ACL_ACCESS);
1096  			if (err)
1097  				return err;
1098  		}
1099  		if (inode->i_default_acl) {
1100  			err = xattr_list_one(&buffer, &remaining_size,
1101  					     XATTR_NAME_POSIX_ACL_DEFAULT);
1102  			if (err)
1103  				return err;
1104  		}
1105  	}
1106  #endif
1107  
1108  	spin_lock(&xattrs->lock);
1109  	list_for_each_entry(xattr, &xattrs->head, list) {
1110  		/* skip "trusted." attributes for unprivileged callers */
1111  		if (!trusted && xattr_is_trusted(xattr->name))
1112  			continue;
1113  
1114  		err = xattr_list_one(&buffer, &remaining_size, xattr->name);
1115  		if (err)
1116  			break;
1117  	}
1118  	spin_unlock(&xattrs->lock);
1119  
1120  	return err ? err : size - remaining_size;
1121  }
1122  
1123  /*
1124   * Adds an extended attribute to the list
1125   */
1126  void simple_xattr_list_add(struct simple_xattrs *xattrs,
1127  			   struct simple_xattr *new_xattr)
1128  {
1129  	spin_lock(&xattrs->lock);
1130  	list_add(&new_xattr->list, &xattrs->head);
1131  	spin_unlock(&xattrs->lock);
1132  }
1133